This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP AppSec India Conference 2008
OWASP AppSec India Conference 2008 - August 20th-21st 2008
Delhi Chapter invites you to (1) day of Conferences with theme as "Application Security - Trends and Challenges" and Technology from the world's most regarded application security leaders and experts, (1) day of extensive hands-on multi-tracked workshop, all to be held at Hotel Intercontinental EROS, New Delhi.
Event Fees:
INR. 5,000 (approx. USD 125) for 1 day of conference
INR. 10,000 (approx. USD 250) for 1-day hands-on workshop.
Event Sponsors
Please contact OWASP Delhi chapter board for sponsorship opportunities.
OWASP AppSec India Conference 2008 Schedule – August 20th - August 21st
| Day 1 – August 20th, 2008 | |||
|---|---|---|---|
| Track 1: | |||
| 08:15 hrs - 9:00 hrs | Registrations and Welcome Tea / Coffee | ||
| 09:15-10:15 | Introduction, OWASP Version 3.0 where we are.. where we are going
OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers | ||
| 10:30-11:30 | Logic Attacks and Inefficiencies of Robotic Detection
Robert "RSnake" Hansen CEO SecTheory |
Offensive Assessing Financial Apps
Daniel Cuthbert |
Web Intrusion Detection with ModSecurity
Ivan Ristic |
| 11:30-12:30 | Reverse Engineering .NET
Adam Boulton |
JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
Yiannis Pavlosoglou - Senior Director - Ounce Labs |
OWASP LIVE CD
Joshua Perrymon - CEO Packetfocus |
| 12:30-13:30 | Multidisciplinary Bank Attacks
Gunter Ollmann, Director Security Strategy, IBM Internet Security Systems |
OWASP CLASP
Pravir Chandra |
Shootout at the Blackbox Corral
Dinis Cruz & Larry Suto |
| 13:30-14:30 | Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs
Moderator: Mahi Dontamsetti | ||
| 14:30-15:30 | w3af, a framework to own the web - | Trends in Web Hacking: What's hot in 2008 Analysis of the Web Hacking Incidents Database (WHID) Ofer Shezaf, Breach |
Security in Agile Development
Dave Wichers, COO Aspect Security |
| 15:30-16:30 | OWASP Enterprise Security API (ESAPI) Project
Jeff Williams, CEO Aspect Security |
Next Generation Cross Site Scripting Worms
Arshan Dabirsiaghi, Director of Research Aspect Security |
"Threading the Needle:
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks." Arian Evans, Director of Operations WhiteHat Security |
| 16:30-17:30 | Shhhh Don’t Tell Anybody
Petko D. Petkov, a.k.a. pdp |
Secure PHP
Hans Zaunere, CEO NYCPHP |
Payment Card Data Security and the new Enterprise Java
Dr. B. V. Kumar & Mr. Abhay |
| 17:30-18:30 | Notes Security
Jian Hui Wang |
Mastering PCI Section 6.6
Taylor McKinley and Jacob West |
AppSec Techniques
JD Glaser, CEO NTO Objectives |
| 18:30 | Web Application Capture the Flag - Polytechnic University | ||
| 20:00 | Speaker/Attendee Reception | ||
| Day 2 – Sept 25th, 2008 | |||
| 8:00-10:00 | Breakfast @ Tech-Expo | ||
| 0900-10:00 | '"We have all the tools, policies, frameworks, documents, community support available what works... what does not?" ' Industry Panel: Arian J. Evans, Jeremiah Grossman, Gunter Ollmann, Ofer Shezaf, Moderator: Daniel Cuthbert | ||
| 10:00-11:00 | Practical Advanced Threat Modeling
John Steven |
Open Reverse Benchmarking Project
Marce Luck & Tom Stracener |
Building Usable Security
Zed Abbadi |
| 11:00-12:00 | Offshoring Application Development? Security is Still Your Problem
Rohyt Belani |
OWASP Orizon Project
Paolo Perego |
NIST SAMATE Static Analysis Tool Exposition (SATE)
Vadim Okun |
| 12:00-13:00 | The Art and Nature of Web Application Security
Mano Paul CEO Express Certifications |
Software Liability
Jack Danahy |
Cross-Site Scripting Filter Evasion
Alexios Fakos |
| 13:00-14:00 | OWASP Projects "Dinis Cruz & OWASP Project Leaders" | ||
| 14:00-15:00 | Projects with OWASP
Steve Malson |
OWASP Pantera Advances
Simon Roses Femerling |
Software-as-a-Service (SaaS)
James Landis |
| 15:00-16:00 | "Out of Band" Injection
Vijay Akasapu & Marshall Heilman |
OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
Christian Heinrich |
Caution, Java ahead
Jeremiah Grossman CTO WhiteHat Security |
| 16:00-17:00 | Input validation: the Good, the Bad and the Ugly | Flash Parameter Injection (FPI)
Ayal Yogev & Yuval Baror |
Learning the .Net Debugging API
Kevin Spett |
| 17:00-18:00 | Secure System Development Life Cycle (SSDLC) Methodology for SOA
Ken Huang |
Web Security Education using Open Source Tools
Prof. Li-Chiou Chen & Chienitng Lin |
Friend or Foe: Penetration Testing VS Source Code Analysis
Tom Ryan |
| 18:30 | Closing Remarks / CTF Awards / Raffles | ||
| 21:00 | Farewell dinner.. Go secure the world | ||
