OWASP NYC AppSec 2008 Conference
Last Update: 04/2/2008
OWASP NYC AppSec 2008 - October 7th - 10th 2008
In association with: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, ISACA, ISSA and Pace University
(2) days of Seminars and Techexpo from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at Pace University, located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 for 2 days of seminars, $675 for 1-day training classes and $1,350 for 2-day courses.
Conference Attendees can register online here
Conference Sponsors & Speakers can register online here or view Sponsorship Opportunities
OWASP NYC AppSec 2008 Conference Schedule – Oct 7th - 8th
| Day 1 – Oct 7, 2008 | |||
|---|---|---|---|
| Track 1: | Track 2: | Track 3: | |
| 08:00-09:30 | Registration Opens and Tech Expo | ||
| 09:30-10:30 | Industry Outlook - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy-EVP Citi, Jim Routh-CISO DTCC, Sunil Seshadri-CISO NYSE-Euronet (unconfirmed), Warren Axelrod-SVP Bank of America
Moderator - Mahi Dontamsetti | ||
| 10:30-11:30 | Logic Attacks and Inefficiencies of Robotic Detection
Robert "RSnake" Hansen |
Offensive Assessing Financial Apps
Daniel Cuthbert |
Web Intrusion Detection with ModSecurity
Ivan Ristic |
| 11:30-12:30 | Reverse Engineering .NET
Adam Boulton |
JBroFuzz 0.1 - 1.1: The History of Building a Java Fuzzer for Web Applications
Yiannis Pavlosoglou |
OWASP LABRAT
Joshua Perrymon |
| 12:30-13:30 | Black Art White Hat
Tom Brennan |
OWASP CLASP
Pravir Chandra |
.NET Ninja or Pirate?
Dinis Cruz |
| 13:30-14:30 | 1 HR BREAK / TECH EXPO / LUNCH BREAK | ||
| 14:30-15:30 | W3AF Web Application Attack and Audit Framework
Andres Riancho |
WASC Hacking Incidents
Ofer Shezaf |
OWASP CSRFTester Project
Dave Wichers |
| 15:30-16:30 | OWASP Enterprise Security API (ESAPI) Project
Jeff Williams |
Next Generation Cross Site Scripting Worms
Arshan Dabirsiaghi |
Application Security Forensics - Now What?
FBI Cybercrimes |
| 16:30-17:30 | Shhhh Don’t Tell Anybody
Petko D. Petkov, a.k.a. pdp |
Secure PHP
Hans Zaunere |
Payment Card Data Security and the new Enterprise Java
Dr. B. V. Kumar & Mr. Abhay |
| 17:30-18:30 | Notes Security
Jian Hui Wang |
Full Disclosure vs Non-disclosure vs Responsible Disclosure
Panel |
AppSec Techniques
JD Glaser |
| 18:30 | Web Application Capture the Flag (All Night – Bring it!!) | ||
| 20:00 | Tuesday Night Reception at NYC Famous Webster Hall | ||
| Day 2 – Oct 8, 2008 | |||
| 08:00-09:30 | Web Application Capture the Flag Results | ||
| 09:30-10:00 | Keynote: OWASP Foundation Board – “This thing, we have” | ||
| 10:00-11:00 | Practical Advanced Threat Modeling
John Steven |
Taking the Risk out of Web 2.0
Tom Stracener |
Building Usable Security
Zed Abbadi |
| 11:00-12:00 | Offshoring Application Development? Security is Still Your Problem
Rohyt Belani |
OWASP Orizon Project
Paolo Perego |
NIST SAMATE Static Analysis Tool Exposition (SATE)
Vadim Okun |
| 12:00-13:00 | AppSec Research
Mano Paul |
Software Liability
Jack Danahy |
Cross-Site Scripting Filter Evasion
Alexios Fakos |
| 13:00-14:00 | 1 HR BREAK / TECH EXPO / LUNCH BREAK | ||
| 14:00-15:00 | Projects with OWASP
Steve Malson |
OWASP Pantera Advances
Simon Roses Femerling |
Software-as-a-Service (SaaS)
James Landis |
| 15:00-16:00 | "Out of Band" Injection
Vijay Akasapu & Marshall Heilman |
OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
Christian Heinrich |
Caution, Java ahead
Jeremiah Grossman |
| 16:00-17:00 | Input validation: the Good, the Bad and the Ugly
Johan Peeters |
Flash Parameter Injection (FPI)
Adi Sharabani |
Learning the .Net Debugging API
Kevin Spett |
| 17:00-18:00 | Secure System Development Life Cycle (SSDLC) Methodology for SOA
Ken Huang |
Web Security Education using Open Source Tools
Prof. Li-Chiou Chen & Chienitng Lin |
TOPIC
SPEAKERS |
| 18:30 | TBD | ||
| 21:00 | Closing Remarks / Awards / Raffles | ||
Technology Expo - October 7th - 8th
Want to see the latest offerings from best of breed technology firms? For 2 days, Product/Service vendors worldwide will demonstrate their ability to conference attendees.
OWASP NYC AppSec 2008 Training Courses - October 9th and 10th 2008
| T1. Defensive Programming - 2-Days - $1350 |
|---|
| This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software Learn More Here
Instructor: Pravir Chandra, Project Lead OWASP CLASP Project, Principal Consultant, Cigital |
| T2. Secure Coding for Java EE - 2-Days - $1350 |
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
Instructor: This tutorial is provided by longtime OWASP contributor: |
| T3. Web Services and XML Security - 2-Days - $1350 |
| The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here
Instructor: Gunnar Peterson |
| T4. Advanced Web Application Security Testing - 2-Days - $1350 |
| Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here
Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com |
| T5. Leading the Development of Secure Applications 1-Day - Oct 9th - $675 |
| In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here
Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com |
| T6. Application Security Forensics - 1-Day - Oct 10th - $675 |
| How would you respond to a application security hack? This course will provide insight into the world or forensics with a focus on Web Application Security
Instructor: TBD |
| T7. Encryption Programming Using SKSML - 2-Days - $1350 |
| Application developers are increasingly required to protect sensitive data through encryption. While there are many libraries that can assist with cryptography, there are few to none that focus on encryption key management.
This class will introduce you to an OASIS standards protocol - Symmetric Key Services Markup Language (SKSML) - and show you how it can be used to securely encrypt sensitive data and manage encryption keys across the enterprise. Learn More Here Instructor: Arshad Noor, CTO, StrongAuth Inc. |
More Info: Submit a Talk - Sponsorship Opportunities
