This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP NYC AppSec 2008 Conference/altspeaker
Alternative Speaker Wiki Submission The below is a list of speaker names, bios and abstracts for the 2008 event
(These are in no order)
1. Joe White - PCI
2. Joe J (DHS) - ?
3. Kenneth R. van Wyk - ?
4. Andy Steingruebl - Paypal
5. Blake Cornell - XSS/MITM
6. Andre M. DiMino Shadowserver Research
7. Garth Bruen knujon Research
8. David Stern, NYC using OWASP NYC
9.
<add as required>
2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th
| Day 1 – Sept 24th, 2008 | |||
|---|---|---|---|
| Track 1: | Track 2: | Track 3: | |
| 08:00-09:30 | Doors Open for Badge Registration, Capture the Flag Sign-Up & Exhibit/Sponsor Area | ||
| 09:15-10:15 | Introduction, OWASP Version 3.0 where we are.. where we are going
OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers | ||
| 10:30-11:30 | Logic Attacks and Inefficiencies of Robotic Detection
Robert "RSnake" Hansen CEO SecTheory |
Offensive Assessing Financial Apps | Web Intrusion Detection with ModSecurity
Ivan Ristic |
| 11:30-12:30 | Reverse Engineering .NET
Adam Boulton |
JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
Yiannis Pavlosoglou - Senior Director - Ounce Labs |
OWASP LIVE CD
Joshua Perrymon - CEO Packetfocus |
| 12:30-13:30 | Multidisciplinary Bank Attacks
Gunter Ollmann, Director Security Strategy, IBM Internet Security Systems |
OWASP CLASP
Pravir Chandra |
Shootout at the Blackbox Corral
Dinis Cruz & Larry Suto |
| 13:30-14:30 | Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs
Moderator: Mahi Dontamsetti | ||
| 14:30-15:30 | w3af, a framework to own the web - | Trends in Web Hacking: What's hot in 2008 Analysis of the Web Hacking Incidents Database (WHID) Ofer Shezaf, Breach |
Security in Agile Development
Dave Wichers, COO Aspect Security |
| 15:30-16:30 | OWASP Enterprise Security API (ESAPI) Project
Jeff Williams, CEO Aspect Security |
Next Generation Cross Site Scripting Worms
Arshan Dabirsiaghi, Director of Research Aspect Security |
"Threading the Needle:
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks." Arian Evans, Director of Operations WhiteHat Security |
| 16:30-17:30 | Shhhh Don’t Tell Anybody
Petko D. Petkov, a.k.a. pdp |
Secure PHP
Hans Zaunere, CEO NYCPHP |
Payment Card Data Security and the new Enterprise Java |
| 17:30-18:30 | Notes Security
Jian Hui Wang |
Mastering PCI Section 6.6
Taylor McKinley and Jacob West |
AppSec Techniques
JD Glaser, CEO NTO Objectives |
| 18:30 | Capture the Flag - Polytechnic University & OWASP Chapter Leader Meeting - | ||
| 20:00 | Speaker/Attendee Reception | ||
| Day 2 – Sept 25th, 2008 | |||
| 8:00-10:00 | Breakfast @ Tech-Expo | ||
| 0900-10:00 | Prof. Howard A. Schmidt, CISSP, CISM (Hon.) |
Current (ISC)² Security Strategist and Former White House Cyber Security Advisor | ||
| 10:00-11:00 | Practical Advanced Threat Modeling
John Steven |
Open Reverse Benchmarking Project
Marce Luck & Tom Stracener |
Building Usable Security
Zed Abbadi |
| 11:00-12:00 | Offshoring Application Development? Security is Still Your Problem
Rohyt Belani |
OWASP Orizon Project
Paolo Perego |
NIST SAMATE Static Analysis Tool Exposition (SATE)
Vadim Okun |
| 12:00-13:00 | Wild Wild Web on Security Planet | Software Liability
Jack Danahy |
Cross-Site Scripting Filter Evasion
Alexios Fakos |
| 13:00-14:00 | OWASP Projects "Dinis Cruz & OWASP Project Leaders" | ||
| 14:00-15:00 | Projects with OWASP
Steve Malson |
OWASP Pantera Advances
Simon Roses Femerling |
Software-as-a-Service (SaaS)
James Landis |
| 15:00-16:00 | "Out of Band" Injection
Vijay Akasapu & Marshall Heilman |
OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
Christian Heinrich |
Caution, Java ahead
Jeremiah Grossman CTO WhiteHat Security |
| 16:00-17:00 | Input validation: the Good, the Bad and the Ugly | Flash Parameter Injection (FPI)
Ayal Yogev & Yuval Baror |
Learning the .Net Debugging API
Kevin Spett |
| 17:00-18:00 | Secure System Development Life Cycle (SSDLC) Methodology for SOA
Ken Huang |
Web Security Education using Open Source Tools
Prof. Li-Chiou Chen & Chienitng Lin |
Friend or Foe: Penetration Testing VS Source Code Analysis
Tom Ryan |
| 18:30 | Closing Remarks / CTF Awards / Raffles | ||
| 21:00 | Farewell dinner.. Go secure the world | ||
