This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Education Presentation
From OWASP
Revision as of 01:34, 7 March 2007 by Medelibero (talk | contribs) (→OWASP Conference Presentations)
This page provide a commented overview of the OWASP presentations available.
Please use the last line of the tables as template.
Presentions can be tracked through:
- the OWASP Presentations Category
- Past OWASP Conference agenda's
- From the chapter pages
Everybody is encouraged to link the presentations and add their findings on this page ! There are currently hundreds of presentations all over the OWASP web site. If you search google with “site:owasp.org filetype:ppt” there are 166 hits. “site:owasp.org filetype:pdf” returns 76. Feel free to “mine” them and add them to the overview.
OWASP Project Presentations
| Title | Comment | Level |
|---|---|---|
| The OWASP Testing Guide (Jeff Williams) | Overview of the OWASP Testing Guide | Novice |
| The OWASP Testing Guide v2 EUSecWest07 (Matteo Meucci, Alberto Revelli) | Presentation at EUSecWest07 | Intermediate |
| OWASP Project Overview | High level overview of projects and how OWASP works | Novice |
| The OWASP Application Security Metrics Project (Bob Austin) | Presentation on the Application Security Metrics project | Novice |
| OWASP CLASP Project (Pravir Chandra) | OWASP CLASP project presentation given at the 2006 European AppSec conference | Novice |
| Sprajax (Dan Cornell) | OWASP Sprajax presentation given at the 2006 Seattle AppSec conference | Intermediate |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert |
OWASP Conference Presentations
| Title | Comment | Level |
|---|---|---|
| How the Security Development Lifecycle(SDL) Improved Windows Vista (Michael Howard) | Michael Howard's talk on SDL from the OWASP Seattle AppSec Conference in 2006 | Intermediate |
| Bootstrapping the Application Assurance Process (Sebastien Deleersnyder) | Presentation given during the European 2006 AppSec conference on the application assurance process | Novice |
| Inline Approach for Secure SOAP Requests and Early Validation (Mohammad Ashiqur Rahaman, Maartin Rits and Andreas Schaad SAP Research, Sophia Antipolis, France) | Presentation given at the European 2006 AppSec conference about security and soap message structure issues | Intermediate |
| Web Application Firewalls:When Are They Useful? (Ivan Ristic) | Presentation about Web Application Firewalls | Novice |
| HTTP Message Splitting, Smuggling and Other Animals (Amit Klein) | A presentation about Message splitting other attacks around the HTTP protocol | Intermediate |
| Web Application Incident Response & Forensics: A Whole New Ball Game! (Rohyt Belani & Chuck Willis) | Talk about Web Application Security incident handling and forensics given at the OWASP 2006 Seattle AppSec conference | Intermediate |
| Can (Automated) Testing Tools Really Find the OWASP Top 10? (Erwin Geirnaert) | A talk about how automated testing tools stack up against the OWASP top 10 | Intermediate |
| RequestRodeo: Client Side Protection against Session Riding (Martin Johns / Justus Winter) | Presentation given about how Sessions can be hi-jacked, etc... | Novice |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert |
Web Application Security Presentations
| Title | Comment | Level |
|---|---|---|
| [Advanced SQL Injection (Victor Chapela) | Detailed methodology for analyzing applications for SQL injection vulnerabilities | Expert |
| [Advanced Topics on SQL Injection Protection (Sam NG) | 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. | Intermediate |
| [Attacking Web Services (Alex Stamos) | Web Services Introduction and Attacks | Intermediate |
| MMS Spoofing (Matteo Meucci) | A Case-study of a vulnerable web application | Intermediate |
| Ajax Security (Andrew van der Stock) | Presentation on Ajax security for OWASP AppSec Europe 2006 | Intermediate |
| Advanced Web Services Security & Hacking (Justin Derry) | Presentation given on Webservice security at the Seattle 2006 AppSec conference | Intermediate |
| Integration into the SDLC (Eoin Keary) | A presentation about why and how to integrate the SDLC. | Novice |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert |
Chapter Presentations
| Title | Comment | Level | Month | Chapter |
|---|---|---|---|---|
| XSS and XSS Worms (Sven Vetsch) | XSS and XSS Worms | Intermediate | Feb 2007 | Switzerland |
| OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
| WebGoat and Pantera presentation (Philippe Bogaerts) | WebGoat and Pantera presentation | Novice | Jan 2007 | Belgium |
| Security implications of AOP for secure software (Bart De Win) | Security implications of AOP for secure software | Expert | Jan 2007 | Belgium |
| testing for common security flaws (David Byrne) | testing for common security flaws | Intermediate | Nov 2006 | Denver |
| 40-ish slides on analyzing threats (Olli) | Analyzing Threats | Novice | Dec 2006 | Helsinki |
| Attacking the Application (Dave Ferguson) | Vulnerabilities, attacks and coding suggestions | Intermediate | Dec 2006 | Kansas City |
| Ajax Security Concerns (Rohini Sulatycki) | Ajax Security Concerns | Intermediate | Dec 2006 | Kansas City |
| Example (include link) | Fill in your comments | Novice/Intermediate/Expert | Mon Year | Chapter |
