This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
MRB Scratchpad
From OWASP
Revision as of 20:13, 22 September 2010 by Mark.bristow (talk | contribs)
Registration | Hotel | Walter E. Washington Convention Center
Back to Conference Page
Training 11/08
| Traning Day 1 - Nov 8th 2010 | |||||
| Room TBD | Room TBD | Room TBD | Room TBD | Room TBD | |
| 09:00-12:00 | Day 1: Class Instructor |
Day 1: Class Instructor |
Class Instructor |
Class Instructor |
Class Instructor |
| 12:00-13:00 | Lunch | ||||
| 13:00-17:00 | Class Instructor |
Class Instructor |
Class Instructor |
Class Instructor |
Class Instructor |
Training 11/09
| Training Day 2 - Nov 9th 2010 | |||||
| Room TBD | Room TBD | Room TBD | Room TBD | Room TBD | |
| 09:00-12:00 | Day 2: Class Instructor |
Day 2: Class Instructor |
Class Instructor |
Class Instructor |
Class Instructor |
| 12:00-13:00 | Lunch | ||||
| 13:00-17:00 | Class Instructor |
Class Instructor |
Class Instructor |
Class Instructor |
Class Instructor |
Plenary 11/10
| Plenary Day 1 - Nov 10th 2010 | ||||
| Offense (TBD) | Defense (TBD) | OWASP (TBD) | Government (TBD) | |
| 07:30-08:50 | Registration | |||
| 08:50-09:00 | Welcome and Opening Remarks | |||
| 09:00-10:00 | Keynote: Neal Ziring National Secuirty Agency Video | Slides | |||
| 10:00-10:30 | All about OWASP OWASP Board Video | Slides | |||
| 10:30-10:45 | Coffee Break | |||
| 10:45-11:35 | Python Basics for Web App Pentesters Justin Searle Video | Slides |
Drive By Downloads: How To Avoid Getting A Cap Popped In Your App Neil Daswani Video | Slides |
Don’t Judge a Website by its GUI – Read the Label! Jeff Williams Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
| 11:35-11:45 | Break | |||
| 11:45-12:35 | White and Black box testing of Lotus Domino Applications Ari Elias-bachrach and Casey Pike Video | Slides |
Protecting Federal Government from Web 2.0 Application Security Risks Sarbari Gupta Video | Slides |
The Secure Coding Practices Quick Reference Guide Keith Turpin Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
| 12:35-1:35 | Lunch | |||
| 1:35-2:25 | Pen Testing with Iron Andrew Wilson Video | Slides |
Providing application-level assurance through DNSSEC Suresh Krishnaswamy, Wes Hardaker and Russ Mundy Video | Slides |
OWASP ESAPI SwingSet Fabio Cerullo Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
| 2:25-2:35 | Break | |||
| 2:35-3:25 | Hacking Oracle From Web Apps Sumit Siddharth Video | Slides |
GuardRails: A (Nearly) Painless Solution to Insecure Web Applications Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri Video | Slides |
Solving Real World Problems with ESAPI Chris Schmidt Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
| 3:25-3:40 | Coffee Break | |||
| 3:40-4:30 | wXf: Web Exploitation Framework Ken Johnson and Seth Law Video | Slides] |
The Strengths of Combining Code Review with Application Penetration Testing Dave Wichers Video | Slides |
OWASP ModSecurity Core Rule Set Ryan Barnett Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
| 4:30-4:40 | Break | |||
| 4:40-5:30 | Pen-Test Panel Video | Slides |
Botnet Resistant Coding: Protecting Your Users from Script Kiddies Fabian Rothschild and Peter Greko Video | Slides |
Attack Detection and Prevention with OWASP AppSensor Colin Watson Video|Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides |
| 5:30-5:40 | Break | |||
| 5:40-6:30 | A new approach to preventing injection attacks on the Web Application Stack Ahmed Masud Video | Slides |
Open Source Web Entry Firewall Ivan Buetler Video | Slides |
Hosted by DHS, DoD, NIST and NSA Video | Slides | |
| 6:30-8:30 | Cocktails and hors d'oeuvres in the EXPO Room (TBD) | |||
Plenary 11/11
| Plenary Day 2 - Nov 11th 2010 | |||||
| Process (146A) | Attack & Defend (146B) | Metrics (146C) | Compliance (152A) | ||
| 8:00-9:00 | Registration & Coffee sponsored by
| ||||
| 9:00-9:45 | The Big Picture: Web Risks and Assessments Beyond Scanning Matt Fisher
|
Securing the Core JEE Patterns Rohit Sethi/Krishna Raja Video | |
The Web Hacking Incidents Database Ryan C. Barnett |
Business Logic Automatons: Friend or Foe? Amichai Shulman | |
| 9:45-9:50 | Break | ||||
| 9:50-10:35 | Scalable Application Assessments in the Enterprise Tom Parker/Lars Ewe
|
Malicious Developers and Enterprise Java Rootkits Jeff Williams Video | Slides |
[[Application security metrics from the organization on down to the | SCAP: Automating our way out of the Vulnerability Wheel of Pain Ed Bellis | |
| 10:35-10:40 | Break | ||||
| 10:40-11:25 | Secure Software Updates: Update Like Conficker Jeremy Allen Video | Slides |
Unicode Transformations: Finding Elusive Vulnerabilities Chris Weber |
OWASP Top 10 - 2010 Release |
Secure SDLC: The Good, The Bad, and The Ugly Joey Peloquin Video |
Slides |
| 11:25-12:30 | Hosted Lunch | ||||
| 12:30-1:15 | Improving application security after an incident Cory Scott Video | Slides |
The 10 least-likely and most dangerous people on the Internet Robert Hansen |
Hacking by Numbers Tom Brennan Video | |
Federal CISO Panel Video | |
| 1:15-1:20 | Break | ||||
| 1:20-2:05 | Deploying Secure Web Applications with OWASP Resources Sebastien Deleersnyder / Fabio Cerullo |
Automated vs. Manual Security: You can't filter The Stupid David Byrne/Charles Henderson |
Building an in-house application security assessment team Keith | ||
| 2:05-2:20 | Coffee break sponsored by
| ||||
| 2:20-3:05 | OWASP O2 Platform - Open Platform for automating
application security knowledge and workflows Dinis Cruz Video | |
[[Injectable Exploits: Two New Tools for Pwning Web Apps and
Browsers]] Slides |
The OWASP Security Spending Benchmarks Project Dr. Boaz Gelbord Video | Slides |
Promoting Application Security within Federal Government Sarbari Gupta | |
| 3:05-3:10 | Break | ||||
| 3:10-3:55 | [[Custom Intrusion Detection Techniques for Monitoring Web
Applications]] |
[[Manipulating Web Application Interfaces, a new approach to input
validation]] |
SANS Dshield Webhoneypot Project Jason Lam Video | |
[[Techniques in Attacking and Defending XML/Web
Services]] | |
| 3:55-4:00 | Break | ||||
| 4:00-4:15 | Closing Remarks (146B) Mark Bristow, Rex Booth, Doug Wilson Video | | ||||
