This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Education Presentation
From OWASP
This page provide a commented overview of the OWASP presentations available.
Please use the last line of the tables as template.
Presentions can be tracked through:
- the OWASP Presentations Category
- Past OWASP Conference agenda's
- From the chapter pages
Everybody is encouraged to link the presentations and add their findings on this page ! There are currently hundreds of presentations all over the OWASP web site. If you search google with “site:owasp.org filetype:ppt” there are 166 hits. “site:owasp.org filetype:pdf” returns 76. Feel free to “mine” them and add them to the overview.
OWASP Education Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
Why WebAppSec Matters | This module explains why security should be considered when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
OWASP Top 10 Introduction and Remedies | This module explains the OWASP Top 10 web application vulnerabilities as part of the Education Project | Novice | 2007-11-01 |
Embed within SDLC | This module explains the complete approach of Web Application Security when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
Good Secure Development Practices | This module explains some good secure development practices when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
Testing for Vulnerabilities | This module explains application security testing when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
Good WebAppSec Resources | This module points you to some good web application security resources when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
OWASP Project Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
OWASP NY Keynote by Jeff also available in French | OWASP Overview presentation with slide "OWASP by the numbers" and slide with the sorry state of Tools (at best 45%) which caused some controverse | Novice | 2007-06-12 |
The OWASP Testing Guide (Jeff Williams) | Overview of the OWASP Testing Guide | Novice | 2007-01-23 |
The OWASP Testing Guide v2 EUSecWest07 (Matteo Meucci, Alberto Revelli) | Presentation at EUSecWest07 | Intermediate | 2007-03-01 |
OWASP Project Overview | High level overview of projects and how OWASP works | Novice | 2006-09-19 |
The OWASP Application Security Metrics Project (Bob Austin) | Presentation on the Application Security Metrics project | Novice | 2006-10-17 |
OWASP CLASP Project (Pravir Chandra) | OWASP CLASP project presentation given at the 2006 European AppSec conference | Novice | 2006-05-30 |
Sprajax (Dan Cornell) | OWASP Sprajax presentation given at the 2006 Seattle AppSec conference | Intermediate | 2006-10-17 |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
OWASP Conference Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
Mod Security Core Rule Set (Ofer Shezaf) | Ofer Shezaf's presentation on the Core Ruleset for the latest version of ModSecurity presented at 6th OWASP AppSec conference in Milan, Italy, in May 2007. | Intermediate | 2007-05-16 |
OWASP Testing Guide v2.1 (Matteo Meucci) | Matteo Meucci's presentation on the OWASP Testing Guide v2 at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
CLASP (Pravir Chandra) | Pravir Chandra's presentation on the upcoming 2007 update to CLASP presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Advanced Web Hacking (PDP) | PDPs presentation at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
XML Security Gateway Evaluation Criteria (Gunnar Peterson) | Gunnar Peterson's presentation about the new XML Security Gateway Evaluation Criteria project at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Testing Flash Applications (Stephano Di Paolo) | Stephano Di Paolo's presentation on how to test Flash applications presented at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
Overtaking Google Desktop (Yair Amit) | Yair Amit's presentation on XSS Flaws in Google Desktop that can be exploited through google.com presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
ACE Team Application Security from the Core (Simon Roses Femerling) | Simon Roses Femerling's presentation on the Microsoft ACE team's application security process at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Pantera (Simon Roses Femerling) | Simon Roses Femerling's presentation on the new OWASP tool Pantera at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Protecting Web applications from universal PDF XSS (Ivan Ristic) | Ivan Ristic's Universal XSS PDF presentation at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Software Security (Rudolph Araujo) | Rudolph Araujo's presentation on Application Security best practices at the 6th OWASP AppSec conference in Milan Italy, May 2007. | Intermediate | 2007-05-16 |
WebGoat v5 (Dave Wichers) | WebGoat v5 presentation by Dave Wichers at the 6th OWASP AppSec Conference in Milan, Italy, May 2007. | Intermediate | 2007-05-16 |
WebScarab NG (Dave Wichers) | Description of the new WebScarab-NG efforts presented by Dave Wichers at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
SANS SPSA Initiative (Dave Wichers) | Description of the SANS Secure Coding Exam Initiative presented by Dave Wichers at the 6th OWASP AppSec conference in Milan Italy, May 2007. | Novice | 2007-05-16 |
OWASP Italy Activities (Raoul Chiesa) | Raoul Chiesa's keynote for day 2 of the 6th OWASP AppSec conference on the state of application security in Italy including OWASP's activities in that country. | Novice | 2007-05-16 |
Security engineering in Vista (Alex Lucas) | Alex Lucas' from Microsoft's keynote presentation for Day 1 of the 6th OWASP AppSec conference in Milan on the benefits of Microsoft's SDL to the security of Vista. | Intermediate | 2007-05-16 |
How the Security Development Lifecycle(SDL) Improved Windows Vista (Michael Howard) | Michael Howard's talk on SDL from the OWASP Seattle AppSec Conference in 2006 | Intermediate | 2006-10-18 |
Bootstrapping the Application Assurance Process (Sebastien Deleersnyder) | Presentation given during the European 2006 AppSec conference on the application assurance process | Novice | 2006-05-30 |
Inline Approach for Secure SOAP Requests and Early Validation (Mohammad Ashiqur Rahaman, Maartin Rits and Andreas Schaad SAP Research, Sophia Antipolis, France) | Presentation given at the European 2006 AppSec conference about security and soap message structure issues | Intermediate | 2006-05-31 |
Web Application Firewalls:When Are They Useful? (Ivan Ristic) | Presentation about Web Application Firewalls | Novice | 2006-05-31 |
HTTP Message Splitting, Smuggling and Other Animals (Amit Klein) | A presentation about Message splitting other attacks around the HTTP protocol | Intermediate | 2006-05-31 |
Web Application Incident Response & Forensics: A Whole New Ball Game! (Rohyt Belani & Chuck Willis) | Talk about Web Application Security incident handling and forensics given at the OWASP 2006 Seattle AppSec conference | Intermediate | 2006-10-18 |
Can (Automated) Testing Tools Really Find the OWASP Top 10? (Erwin Geirnaert) | A talk about how automated testing tools stack up against the OWASP top 10 | Intermediate | 2006-05-30 |
RequestRodeo: Client Side Protection against Session Riding (Martin Johns / Justus Winter) | Presentation given about how Sessions can be hi-jacked, etc... | Novice | 2006-05-31 |
Security Testing through Automated Software Tests (Stephen de Vries) | Presentation given at the 2006 EuSec conference | Intermediate | 2006-05-31 |
In the Line of Fire: Defending Highly Visible Targets (Jeremy Poteet) | Conference given at the 2005 DC AppSec conference | Novice | 2005-10-1 |
Google Hacking and Web Application Worms (Matt Fisher) | Talk given at the 2005 DC AppSec conference | Novice | 2005-10-01 |
Establishing an Enterprise Application Security Program (Tony Canike) | Talk given at the 2005 DC AppSec Conference | Novice | 2005-10-01 |
Why AJAX Applications Are Far More Likely To Be Insecure (And What To Do About It) (Dave Wichers) | Dave's talk on AJAX given at the Seattle 2006 AppSec conference | Intermediate | 2006-10-01 |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
Web Application Security Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
Universal PDF XSS by Ivan Ristic | Protecting Web Applications from Universal PDF XSS | Intermediate | 2007-06-28 |
Identity Management Basics (Derek Brown) | Identity Management Basics | Novice | 2007-05-09 |
[Advanced SQL Injection (Victor Chapela) | Detailed methodology for analyzing applications for SQL injection vulnerabilities | Expert | 2005-11-04 |
[Advanced Topics on SQL Injection Protection (Sam NG) | 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. | Intermediate | 2006-02-27 |
[Attacking Web Services (Alex Stamos) | Web Services Introduction and Attacks | Intermediate | 2005-10-11 |
MMS Spoofing (Matteo Meucci) | A Case-study of a vulnerable web application | Intermediate | |
Ajax Security (Andrew van der Stock) | Presentation on Ajax security for OWASP AppSec Europe 2006 | Intermediate | 2006-05-30 |
Advanced Web Services Security & Hacking (Justin Derry) | Presentation given on Webservice security at the Seattle 2006 AppSec conference | Intermediate | 2006-10-18 |
Integration into the SDLC (Eoin Keary) | A presentation about why and how to integrate the SDLC. | Novice | 2005-04-09 |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | yyyy-mm-dd |
Chapter Presentations
Title | Comment | Level | Month (Mon-yyyy) | Chapter |
---|---|---|---|---|
Web Spam Techniques (Roberto Suggi Liverani) | OWASP New Zealand chapter presentation on Web Spam Techniques | Intermediate | April 2008 | New Zealand |
Xpath Injection Overview (Roberto Suggi Liverani) | OWASP New Zealand chapter presentation on Xpath Injection | Intermediate | February 2008 | New Zealand |
Dependability for Java Mobile Code (Pierre Parrend) | OWASP Swiss chapter presentation on Mobile Java Security | Expert | July 2007 | Switzerland |
Trust, Security and Usability (Roger Carhuatocto) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Tratamiento seguro de datos en aplicaciones in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Ataques DoS en aplicaciones Web (Jaime Blasco Bermejo) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Seguridad en entornos financierosPedro (Pedro Sánchez) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Brian Chess from Fortify shared what's going on with the Java Open Source review project at the June NoVA OWASP meeting | Java Open Review | Intermediate | June 2007 | Virginia (Northern Virginia) |
Brian Chess from Fortify, presentation to NoVA OWASP chapter in June 2007. | Bytecode injection | Expert | June 2007 | Virginia (Northern Virginia) |
Security at the VMM Layer by Ted Winograd | Security at the VMM Layer | Expert | June 2007 | Virginia (Northern Virginia) |
Evaluating and Tuning Web Application Firewalls (Barry Archer) | Presentation given at Kansas City June 2007 chapter meeting | Intermediate | June 2007 | Kansas City |
Microsoft Security Development Lifecycle for IT (Rob Labbé) | Presentation by Rob Labbe at Ottawa OWASP Chapter | Novice | May 2007 | Ottawa |
Application Denial of Service (Shaayy Cheen) | Is it Really That Easy? Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Fuzzing in Microsoft and FuzzGuru framework (John Neystadt) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Application Security, not just development (David Lewis) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Overtaking Google Desktop, Leveraging XSS to Raise Havoc (Yair Amit) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Unregister Attack in SIP (Anat Bremler-Barr, Ronit Halachmi-Bekel and Jussi Kangasharju) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Positive Security Model for Web Applications, Challenges and Promise (Ofer Shezaf) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
.NET Reverse Engineering (Erez Mettulla) | Presentation given at the Israel Mini Conference in May 2007 | Expert | May 2007 | Israel |
OWASP introduction (Ofer Shezaf) | 2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya | Intermediate | May 2007 | Israel |
Update on Internet Attack Statistics for Belgium in 2006 by Hilar Leoste (Zone-H) | Update on Internet Attack Statistics for Belgium in 2006 | Novice | May 2007 | Belgium |
Securing Web Services using XML Security Gateways by Tim Bond | Securing Web Services using XML Security Gateways | Intermediate | May 2007 | Virginia (Northern Virginia) |
Software Assurance in the Acquisition Process by Stan Wisseman | Software Assurance in the Acquisition Process | Intermediate | May 2007 | Virginia (Northern Virginia) |
Legal Aspects of (Web) Application Security by Jos Dumortier | Legal Aspects of (Web) Application Security | Intermediate | May 2007 | Belgium |
AppSec Research (University Leuven Belgium) | Formal absence of implementation bugs in web applications: a case study on indirect data sharing by Lieven Desmet | Expert | May 2007 | Belgium |
A Scanner Sparkly | A Scanner Sparkly, taken from the Phoenix OWASP presentations on Application Security Tools, May 2007 | Intermediate | May 2007 | Phoenix |
Grey Box Assessment Lessons Learned | "Grey Box Assessment Lessons Learned", taken from the Phoenix OWASP presentations, Application Security Tools, May 2007 | Intermediate | May 2007 | Phoenix |
OWASP Update and OWASP BeLux Board Presentation (Seba) | OWASP Update and OWASP BeLux Board Presentation | Novice | May 2007 | Belgium |
Metics- What can we measure (Zed Abbadi) | 19 April NoVa chapter meeting presentation on Security Metrics | Novice | April 2007 | Virginia (Northern Virginia) |
Web Services Hacking and Hardening (Adam Vincent) | 3/8/07 NoVA chapter meeting, Adam Vincent from Layer7 | Expert | March 2007 | Virginia (Northern Virginia) |
OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
XSS Worms (Sven Vetsch) | XSS Worms | Intermediate | Feb 2007 | Switzerland |
OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
WebGoat and Pantera presentation (Philippe Bogaerts) | WebGoat and Pantera presentation | Novice | Jan 2007 | Belgium |
Security implications of AOP for secure software (Bart De Win) | Security implications of AOP for secure software | Expert | Jan 2007 | Belgium |
testing for common security flaws (David Byrne) | testing for common security flaws | Intermediate | Nov 2006 | Denver |
40-ish slides on analyzing threats (Olli) | Analyzing Threats | Novice | Dec 2006 | Helsinki |
Attacking the Application (Dave Ferguson) | Vulnerabilities, attacks and coding suggestions | Intermediate | Dec 2006 | Kansas City |
Ajax Security Concerns (Rohini Sulatycki) | Ajax Security Concerns | Intermediate | Dec 2006 | Kansas City |
Anatomy of 2 Web Application Testing (Matteo Meucci) | Anatomy of 2 Web Application Testing | Intermediate | Mar 2006 | Italy |
Example (include link) | Fill in your comments | Novice/Intermediate/Expert | Mon Year | Chapter |