This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP NYC AppSec 2008 Conference
2008 OWASP USA, NYC
Last Update: 07/21/2008
Platinum Sponsor 2/3 - - -
Gold, Silver & Other Sponsors - - - - - - - - - - - - -
-
~
In association with: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, ISACA, ISSA and Pace University you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at Pace University, located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 Members / $400 Non-Members / $200 for Students for 2 days of hands on training classes are also available.
To Get more involved and discuss this upcoming event click here for forums or visit other OWASP member offers
2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th
Day 1 – Sept 24th, 2008 | |||||||||
---|---|---|---|---|---|---|---|---|---|
Track 1: | Track 2: | Track 3: | |||||||
07:30-10:00 | Doors Open for Attendee/Speaker Registration & Exhibit/Sponsor Area | ||||||||
09:00-09:45 | OWASP Version 3.0 who we are, where we are.. where we are going
OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder, Paolo Perego, Kate Hartmann & Alison Shrader | ||||||||
10:00-10:45 | Analysis of the Web Hacking Incidents Database (WHID) | Web Application Security Road Map |
DHS Software Assurance Initiatives | ||||||
11:00-11:45 | Web Security Education using Open Source Tools
Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ |
Http Bot Research | MalSpam Research | ||||||
12:00-13:00 | Capture the Flag Sign-Up
LUNCH - Provided by event sponsors @ TechExpo | ||||||||
12:00-12:30 | Cross-Site Scripting Filter Evasion
Alexios Fakos |
Framework-level Threat Analysis: Adding Science to the Art of Source-code review
Nishchal Bhalla |
Automated Web-based Malware Behavioral Analysis | ||||||
13:00-13:45 | Offensive Assessing Financial Applications | WAF ModSecurity | How the City of New York Uses Layer8 and OWASP to Secure Web Applications | ||||||
14:00-14:45 | Logic Attacks and Inefficiencies of Robotic Detection
Robert "RSnake" Hansen, CEO SecTheory |
Reverse Engineering .NET | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web | ||||||
15:00-15:45 | Industry Outlook Panel: Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik SVP, RBS,Jennifer Bayuk Infosec Consultant & Philip Venables CISO, Goldman Sachs
Mahi Dontamsetti Moderator |
Wild Wild Web on Security Planet
Mano Paul CEO Express Certifications |
Multidisciplinary Bank Attacks
Gunter Ollmann | ||||||
16:00-16:45 | OWASP Enterprise Security API (ESAPI) Project
Jeff Williams & Jim Manico |
Shootout @ Blackbox Corral
Larry Suto |
Case Studies: Exploiting application testing tool deficiencies via "out of band" injection | ||||||
17:00-17:45 | Threading the Needle:
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks Arian Evans |
Shhhh Don’t Tell Anybody | W3AF Open Source App Scanner
Andres Riancho | ||||||
18:00-18:45 | OWASP Live CD | Coding Secure w/PHP | Payment Card Data Security and the new Enterprise Java
Dr. B. V. Kumar & Mr. Abhay Bhargav | ||||||
20:00-23:00 | OWASP NYC AppSec 2008 VIP Party
Location: TBD | ||||||||
Day 2 – Sept 25th, 2008 | |||||||||
08:00-10:00 | BREAKFAST - Provided by event sponsors @ TechExpo | ||||||||
08:00-08:45 | State of the Union
Prof. Howard A. Schmidt, CISSP, CISM (Hon.) Current (ISC)² Security Strategist and Former White House Cyber Security Advisor |
Best Practices Guide: Web Application Firewalls
Dr. Georg Hess |
The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
| ||||||
09:00-09:45 | Good vs. Evil JavaScript | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth | OWASP Web Services Top Ten | ||||||
10:00-10:45 | OWASP Update
Dinis Cruz/Jeff Williams + Surprise Guest |
Help Wanted 7 Things You Need to Know APPSEC/INFOSEC Employment | APPSEC Analyst w/ Forrester Research | ||||||
11:00-11:45 | CLASP (Comprehensive, Lightweight Application Security Process)
Pravir Chandra |
Next Generation Cross Site Scripting Worms | Secure Software Impact | ||||||
12:00-12:45 | Security in Agile Development | Security of Software-as-a-Service (SaaS) | Open Reverse Benchmarking Project
Marce Luck & Tom Stracener | ||||||
12:00-13:00 | Capture the Flag Status
LUNCH - Provided @ TechExpo | ||||||||
13:00-13:45 | Security Research Report | Pantera Advances | Lotus Notes Insecurity
Jian Hui Wang | ||||||
14:00-14:45 | Practical Advanced Threat Modeling
John Steven |
Owasp Orizon
Paolo Perego |
Building Usable Security | ||||||
15:00-15:45 | Input validation: the Good, the Bad and the Ugly
Johan Peeters |
Off-shoring Application Development? Security is Still Your Problem
Rohyt Belani |
NIST SAMATE Static Analysis Tool Exposition (SATE)
Vadim Okun | ||||||
16:00-16:45 | Vulnerabilities in application interpreters and runtimes
Erik Cabetas |
Flash Parameter Injection (FPI)
Ayal Yogev & Adi Sharabani |
Mastering PCI Section 6.6 | ||||||
17:00-17:45 | Wizdom of Crowds / CTF Awards & Raffles | ||||||||
18:30-19:30 | OWASP Foundation, Chapter Leader Meeting |
Technology Pavilion - September 24th and 25th
Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th. 2 full days of exhibits by service providers and manufacturers from around the world.
Do you want to preview the event space Click Here
OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008
T1. Defensive Programming - 2-Days - $1350 |
---|
This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software Learn More Here |
T2. Secure Coding for Java EE - 2-Days - $1350 |
---|
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
Instructor: This tutorial is provided by longtime OWASP contributor: |
T3. Web Services and XML Security - 2-Days - $1350 |
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here |
T4. Advanced Web Application Security Testing - 2-Days - $1350 |
Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here
Instructor: This tutorial is provided by longtime OWASP contributor: |
T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675 |
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here
Instructor: This tutorial is provided by longtime OWASP contributor: |
T8. Writing Secure Code ASP.NET - 2-Days - $1350 |
---|
Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. Learn More Here
The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Conlultant, Alex Smolen. |
HOTELS / TRAVEL
Hotels in the area of the event
New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html
New York City Subway & walking directions: http://www.hopstop.com/?city=newyork
New York Sights & Sounds - SightsSounds
New York City Travel Guide - http://www.nytoday.com/
New York City Attractions - http://www.nycvisit.com
New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/
New York City local news: http://www.ny1news.com
EVENT SPONSORSHIP
The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.Sponsorship Opportunities- Register online: click here