| Thu, Mar 28
|
Technical Track
|
Deep-Dive Track
|
Management Track
|
Legal Track
|
|
| 07:00-08:30
|
Registration and Morning Snacks
Sponsored by HP
|
| 08:00-08:15
|
Welcome and Kick-off
Brad Carvalho, Mark Major
|
| 08:15-08:30
|
State of OWASP
Jim Manico
|
| 08:30-09:30
|
Keynote Address: Data Protection for the 21st Century
Neal Ziring, Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)
|
| 09:30-10:00
|
Coffee Break and Sponsor Expo
Sponsored by Aerstone
|
CTF Kick-off
Chris Rossi, Mark Major
|
| 10:00-10:45
|
DevFu: The inner ninja in every application developer
Danny Chrastil
|
SIP Based Cloud Instances
Gregory Disney-Leugers
|
Digital Bounty Hunters - Decoding Bug Bounty Programs
Jon Rose
|
Electronic Discovery for System Administrators
Russell Shumway
|
CTF
Sponsored by Aerstone
|
| 10:55-11:40
|
Adventures in Large Scale HTTP Header Abuse
Zachary Wolff
|
How Malware Attacks Web Applications
Casey Smith
|
Linking Security to Business Value in the Customer Service Industry
Dan Rojas
|
Legal Issues of Forensics in the Cloud
David Willson
|
| 11:40-12:40
|
Lunch and Sponsor Expo
Sponsored by Aerstone
|
| 12:40-13:25
|
Angry Cars: Hacking the "Car as Platform"
Aaron Weaver
|
Top Ten Web Application Defenses
Jim Manico
|
Using SaaS and the Cloud to Secure the SDLC
Andrew Earle
|
CISPA: Why Privacy Advocates Hate This Legislation
Maureen Donohue Feinroth
|
| 13:35-14:20
|
DevOps and Security: It's Happening. Right Now.
Helen Bravo
|
A Demo of and Preventing XSS in .NET Applications
Larry Conklin
|
Measuring Security Best Practices With OpenSAMM
Alan Jex
|
Crafting a Plan for When Security Fails
Robert Lelewski
|
| 14:30-15:15
|
Real World Cloud Application Security
Jason Chan
|
Data Mining a Mountain of Zero Day Vulnerabilities
Joe Brady
|
Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)
Jon McCoy
|
Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem
Tom Glanville
|
| 15:15-15:45
|
Coffee Break and Sponsor Expo
Sponsored by Aerstone
|
| 15:45-16:45
|
Moderated Panel Discussion
Aaron Weaver
David Willson
Dan Wilson
Neal Ziring
Moderator: Jim Manico
|
| 16:45-17:00
|
Closing Statements
Brad Carvalho, Mark Major
|
| 17:00-
|
Sponsor Raffles, Drawings, and Contests
|
CTF Wrap-Up
Chris Rossi, Mark Major
|
| 19:00-22:00+
|
After-party at Tarantula Billiards
Sponsored by AppliedTrust
Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)
|
Awards Ceremony at Tarantula (20:00)
|
|
|
|
| Fri, Mar 29
|
Training
|
Birds of a Feather: A
|
Birds of a Feather: B
|
Capture the Flag
|
|
| 09:00-9:45
|
Training: Secure Coding
Aaron Weaver
|
DevOps in Cloud environments (edit)
|
BoaF 1b (edit)
|
FLOSSHack: CTF VM
|
| 10:00-10:45
|
The modern threatscape: what have you seen? (edit)
|
BoaF 2b (edit)
|
| 10:45-11:15
|
Coffee Break
Sponsored by Aerstone
|
| 11:15-12:00
|
Access Control (edit)
|
BoaF 3b (edit)
|
FLOSSHack: CTF Scoreboard
|
| 12:15-13:00
|
COTS solutions for secure enterprise architectures (edit)
|
BoaF 4b (edit)
|
