This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
7th OWASP AppSec Conference - San Jose 2007/Agenda
From OWASP
The agenda for the conference is still under development and is subject to change.
The Web Services Security Track, which is the 3rd track on Day 1, is at the bottom of this page.
OWASP & WASC AppSec 2007 Conference Schedule - Nov 14-15 (San Jose 2007)
| Day 1 - Nov 14, 2007 | ||
|---|---|---|
| Track 1: | Track 2: | |
| 08:00-09:00 | Registration and Coffee | |
| 09:00-09:10 | Welcome to OWASP & WASC AppSec 2007 Conference: Dave Wichers, OWASP Conferences Chair and COO Aspect Security | |
| 09:10-10:00 | Keynote: eBay Application Security Program – Dave Cullinane, CISO - eBay and Michael Barrett, CISO - PayPal | |
| 10:00-10:30 | An Introduction to WASC and its projects – Jeremiah Grossman, CTO, WhiteHat Security | |
| 10:30-11:10 | OWASP State of the Union, Dinis Cruz, Chief OWASP Evangelist | |
| 11:10-11:30 | Break | |
| 11:30-12:30 | For my next trick... hacking Web 2.0 – Petko D. Petkov (AKA PDP Architect), Senior Security Researcher | TBD |
| 12:30-13:45 | Lunch | |
| 13:45-14:30 | CSRF: Danger, Detection, and Defenses – Introducing two new OWASP CSRF Tools, Dave Wichers, COO Aspect Security and OWASP Conferences Chair | WASC Distributed Open Proxy Honeypot Project, Ryan Barnett, WASC Open Proxy Honeypot Project Lead, Breach Security |
| 14:30-15:10 | Defeat Cross Site Request Forgery (CSRF) and JavaScript Hijacking without Recoding Applications, Guy Karlibach, Imperva | Dangers of Third Party Content, Tom Stripling, Senior Security Consultant - Security PS |
| 15:10-15:30 | Break | |
| 15:30-16:40 | OWASP Projects Overview, Dinis Cruz, Chief OWASP Evangelist | TBD |
| 16:40-17:00 | Break | |
| 17:00-18:00 | Panel: “Building an Effective Application Security Assurance Program”
Moderator: Brian Bertacini, Sr. Manager, AppSec Consulting Panelists: Jeff Williams - CEO Aspect Security, Andy Steingruebl - Principal Security Engineer PayPal, Gary Terrell, Adobe Systems, Scott Stender, iSEC Partners, Neil Daswani, Google | |
| 18:00-19:00 | Chapter Leads Meeting - With Dinis Cruz | |
| 19:00-21:00 | OWASP Social Gathering: Dinner and Drinks at Nearby Restaurant (TBD) | |
| ~01:00-??:?? | OWASP Band ??? | |
| Day 2 - Nov 15, 2007 | ||
| Track 1: | Track 2: | |
| 08:00-09:00 | Coffee | |
| 09:00-09:50 | Keynote: DTCC Application Security Program, Jim Routh, CISO for the Depository Trust and Clearing Corporation (DTCC) | |
| 09:50-10:50 | Using OWASP, Jeff Williams, OWASP Chair and CEO - Aspect Security | |
| 10:50-11:10 | Break | |
| 11:10-11:50 | Black Ops 2007: Design Reviewing the Web, Dan Kaminsky, Director of Penetration Testing, IOActive | Start Rolling with Rails Security, Corey Benninger, Principal Consultant, Intrepidus Group, Inc. |
| 11:50-12:30 | OWASP Enterprise Security API (ESAPI) – Jeff Williams, CEO Aspect Security and OWASP Chair | Securing Java Server Faces against the OWASP Top 10, David Chandler, Web Architect, Digital Insight |
| 12:30-13:45 | Lunch | |
| 13:45-14:30 | TBD | The MySpace Worm, by its author: Samy Kamkar |
| 14:30-15:20 | TBD | OWASP SpoC Project: Anti Samy - Picking a Fight with XSS, Arshan Dabirsiaghi, Application Security Engineer, Aspect Security |
| 15:20-15:40 | Break | |
| 15:40-16:40 | Panel: TBD
Moderator: TBD Panelists: TBD | |
| 16:40-17:00 | Conference Wrap Up - Dave Wichers, OWASP Conferences Chair | |
Nov 14: Track 3: Web Services Security
| Day 1 - Nov 14, 2007 | ||
|---|---|---|
| Track 3: Web Services Security | ||
| 11:10-11:30 | Break | |
| 11:30-12:30 | ".Net Web Services Hacking - Scan, Attacks and Defense, Sheeraj Shah, Blueinfy | |
| 12:30-13:45 | Lunch | |
| 13:45-14:30 | Centralized, Dynamic Web Services Security and Policy Management, Richard Salz, IBM | |
| 14:30-15:10 | Attacking XML Security, Brad Hill, Principal Security Consultant, iSEC Partners | |
| 15:10-15:30 | Break | |
| 15:30-16:40 | TBD | |
