This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSec US 2010, CA"
From OWASP
m (but most of all SAMMY is not my hero) |
m (adding the summary for the talk by InGuardians) |
||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
| − | [[Image:Appsec banner.png| | + | [[Image:Appsec banner.png|468x60px|AppSec USA 2010 Banner]] |
==== Welcome ==== | ==== Welcome ==== | ||
| − | {| | + | {| class="FCK__ShowTableBorders" border="0" width="100%" align="center" |
|- | |- | ||
| − | | | + | | style="width: 25%; background: rgb(240,230,140)" align="center" | [http://www.appsecusa.org/travel-and-venue.html Travel and Venue] |
| − | | | + | | style="width: 25%; background: rgb(240,230,140)" align="center" | [http://www.appsecusa.org/become-a-sponsor.html Sponsor Information] |
| − | | | + | | style="width: 25%; background: rgb(240,230,140)" align="center" | [http://www.appsecusa.org/volunteer-opportunities.html Volunteer Opportunities] |
| − | | | + | | style="width: 25%; background: rgb(255,215,0)" align="center" | [http://www.appsecusa.org/register-now.html REGISTER NOW] |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| + | | style="background: rgb(238,235,226); color: black" colspan="4" align="left" | | ||
| + | <br>For complete information, please visit [http://www.appsecusa.org AppSec US 2010 Website] <br> | ||
| + | |||
|} | |} | ||
| − | {| style="width: 100% | + | {| style="width: 100%" class="FCK__ShowTableBorders" |
|- | |- | ||
| − | | style="width: 100%; color: rgb(0, 0, 0) | + | | style="width: 100%; color: rgb(0,0,0)" | |
| − | {| style="background: none repeat | + | {| style="width: 100%; background: none transparent scroll repeat 0% 0%; -moz-background-inline-policy: continuous" class="FCK__ShowTableBorders" |
|- | |- | ||
| − | | style="width: 95%; color: rgb(0, 0, 0) | + | | style="width: 95%; color: rgb(0,0,0)" | |
| − | '''Latest Updates:''' | + | '''Latest Updates:''' |
| − | '''Training and conference agenda available''' | + | '''Training and conference agenda available''' |
'''Register now!''' Early-bird rates extended till July 31. | '''Register now!''' Early-bird rates extended till July 31. | ||
| − | '''<br>''' | + | '''<br>''' |
|} | |} | ||
| − | <!-- Twitter Box --> | + | <!-- Twitter Box --> |
| − | | style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; | + | | style="border-bottom: rgb(204,204,204) 0px solid; border-left: rgb(204,204,204) 0px solid; width: 100%; color: rgb(0,0,0); font-size: 95%; border-top: rgb(204,204,204) 0px solid; border-right: rgb(204,204,204) 0px solid" | <!-- DON'T REMOVE ME, I'M STRUCTURAL |
{| | {| | ||
| Line 45: | Line 43: | ||
Use the '''[https://twitter.com/appsec2010 #AppSec2010]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?) | Use the '''[https://twitter.com/appsec2010 #AppSec2010]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?) | ||
| − | '''@AppSec2010 Twitter Feed ([https://twitter.com/appsec2010 follow us on Twitter!])''' <twitter>appec2010</twitter>--> | + | '''@AppSec2010 Twitter Feed ([https://twitter.com/appsec2010 follow us on Twitter!])''' <twitter>appec2010</twitter>--> |
| − | | style="width: 110px | + | | style="width: 110px; color: rgb(0,0,0); font-size: 95%" | |
|} | |} | ||
| − | <!-- End Banner --> | + | <!-- End Banner --> |
| − | ==== Training | + | ==== Training September 7th & 8th ==== |
| − | {| border="0" align="center | + | {| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center" |
|- | |- | ||
| − | ! | + | ! style="background: rgb(64,88,160); color: white" align="center" | T1. Web Security Testing - 2-Days - $1350 |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | This course is a deep dive into the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to common web application vulnerabilities, testing techniques and tools by a professional security tester. |
| − | The course includes a guided penetration test in which the students will execute security test with the help of the instructor. | + | The course includes a guided penetration test in which the students will execute security test with the help of the instructor. |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | Instructor: Joe Basirico, Security Innovation |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | [[Learn More About the Web Security Testing Class]] |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register] |
|} | |} | ||
| − | {| border="0" align="center | + | {| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center" |
|- | |- | ||
| − | ! | + | ! style="background: rgb(64,88,160); color: white" align="center" | T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350 |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | This two-day class will cover common Web 2.0 and AJAX security threats, vulnerabilities, and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities. |
| − | Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them. | + | Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them. |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | Instructor: Dave Wichers: [[Image:100px-Aspect Security Logo.jpg]] |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | [[Learn More about the Building Secure Ajax and Web 2.0 Applications Class]] |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register] |
| − | |||
|- | |- | ||
| − | ! | + | ! style="background: rgb(64,88,160); color: white" align="center" | T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350 |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | |
| − | + | This course will focus on using open source tools to perform web application assessments. The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-‐WTF). | |
| + | |||
| + | Day one will take students through the steps and open source tools used to assess application for vulnerabilities.<br> | ||
| + | |||
| + | Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks. The latest tools and techniques will be used throughout the course, including several tools developed by the trainers themselves. | ||
| + | |||
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | Instructor: Justin Serle, InGuardians |
| − | |||
|- | |- | ||
| − | + | | style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register] | |
|- | |- | ||
| − | + | ! style="background: rgb(64,88,160); color: white" align="center" | T4. Application Security Leadership Essentials - 2-Days - $1350 | |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans. |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | Instructor: Jeff Williams: [[Image:100px-Aspect Security Logo.jpg]] |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | [[Learn More about the Application Security Leadership Essentials Class]] |
| − | |||
|- | |- | ||
| − | + | | style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register] | |
|- | |- | ||
| − | + | ! style="background: rgb(64,88,160); color: white" align="center" | T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675 | |
| − | |||
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | Summary |
| + | Instructor: Dan Cornell: [[Image:AppSecDC2009-Sponsor-denim.gif]] | ||
| + | |- | ||
| + | | style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register] | ||
|} | |} | ||
| − | {| border="0" align="center | + | {| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center" |
|- | |- | ||
| − | ! | + | ! style="background: rgb(64,88,160); color: white" align="center" | T6. Live CD 1-Day - Sept 8th- $675 |
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | Summary |
| − | Instructor: Matt Tesauro: [[Image:TrustwaveLogo.jpg]] | + | Instructor: Matt Tesauro: [[Image:TrustwaveLogo.jpg]] |
| + | |||
|- | |- | ||
| − | | style="background: | + | | style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register] |
| − | |||
|} | |} | ||
| − | <br> | + | <br> |
==== September 9th ==== | ==== September 9th ==== | ||
| − | {| border="0" align="center | + | {| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center" |
|- | |- | ||
| − | | | + | | style="background: rgb(64,88,160); color: white" colspan="4" align="center" | '''Conference Day 1 - September 9th, 2010''' |
| − | <br> | + | <br> |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | <br> |
| − | | style="width: 30%; background: | + | | style="width: 30%; background: rgb(188,133,122)" | Track 1 - Crystal Cove Auditorium |
| − | | style="width: 30%; background: | + | | style="width: 30%; background: rgb(188,165,122)" | Track 2 - Pacific Ballroom |
| − | | style="width: 30%; background: | + | | style="width: 30%; background: rgb(153,255,153)" | Track 3 - Doheny Beach |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 07:30-08:30 |
| − | | | + | | style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Registration and Breakfast + Coffee |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 08:30-08:45 |
| − | | | + | | style="width: 80%; background: rgb(242,242,242)" colspan="3" align="center" | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 08:45-9:30 |
| − | | | + | | style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Jeff Williams (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 9:30-10:15 |
| − | | | + | | style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Chenxi Wang (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 10:15-10:35 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF kick-off (Emerald Bay) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 10:35-11:20 |
| − | | | + | | style="width: 30%; background: rgb(188,133,122)" align="left" | How I met your Girlfriend, ''Samy Kamkar''<br> |
| − | | | + | | style="width: 30%; background: rgb(188,165,122)" align="left" | Solving Real-World Problems with an Enterprise Security API (ESAPI), ''Chris Schmidt, ServiceMagic''<br> |
| − | | | + | | style="width: 30%; background: rgb(153,255,153)" align="left" | Microsoft Security Development Lifecycle for Agile Development, ''Nick Coblentz, AT&T'' |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 11:20-11:30 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 11:30-12:15 |
| − | | | + | | style="width: 30%; background: rgb(188,133,122)" align="left" | State of SL on the Internet - 2010 Survey, Results and Conclusions, ''Ivan Ristic, Qualys''<br> |
| − | <br> | + | <br> |
| − | | | + | | style="width: 30%; background: rgb(188,165,122)" align="left" | Into the Rabbit Hole: Execution Flow-based Web Application Testing, ''Rafal Los, Hewlett-Packard''<br> |
| − | <br> | + | <br> |
| − | | | + | | style="width: 30%; background: rgb(153,255,153)" align="left" | Threat Modeling Best Practices, Robert Zigweid, IOActive<br> |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 12:15-13:15 |
| − | | | + | | style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Lunch - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 13:30-14:15 |
| − | | | + | | style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Bill Cheswick (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 14:15-14:25 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 14:25-15:10 |
| − | | | + | | style="width: 30%; background: rgb(188,133,122)" align="left" | P0w3d for Botnet CnC, ''Gunter Ollmann, Damballa''<br> |
| − | | | + | | style="width: 30%; background: rgb(188,165,122)" align="left" | Cloud Computing, A Weapon of Mass Destruction?, ''David Bryan''<br> |
| − | | | + | | style="width: 30%; background: rgb(153,255,153)" align="left" | The Secure Coding Practices Quick Reference Guide, ''Keith Turpin, Boeing'' |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 15:10-15:30 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee Break - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 15:30-16:15 |
| − | | | + | | style="width: 30%; background: rgb(188,133,122)" align="left" | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, ''Dan Cornell, Denim Group''<br> |
| − | | | + | | style="width: 30%; background: rgb(188,165,122)" align="left" | Assessing, Testing and Validating Flash Content, ''Peleus Uhley, Adobe''<br> |
| − | | | + | | style="width: 30%; background: rgb(153,255,153)" align="left" | OWASP State of the Union, ''Tom Brennan, OWASP'' |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 16:15-16:25 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 16:25-17:10 |
| − | | | + | | style="width: 90%; background: rgb(242,242,242)" colspan="3" align="center" | Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz |
|} | |} | ||
==== September 10th ==== | ==== September 10th ==== | ||
| − | {| border="0" align="center | + | {| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center" |
|- | |- | ||
| − | | | + | | style="background: rgb(64,88,160); color: white" colspan="4" align="center" | '''Conference Day 2 - September 10th, 2010''' |
| − | <br> | + | <br> |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | <br> |
| − | | style="width: 30%; background: | + | | style="width: 30%; background: rgb(188,133,122)" | Track 1 - Crystal Cove Auditorium |
| − | | style="width: 30%; background: | + | | style="width: 30%; background: rgb(188,165,122)" | Track 2 - Pacific Ballroom |
| − | | style="width: 30%; background: | + | | style="width: 30%; background: rgb(153,255,153)" | Track 3 - Doheny Beach |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 08:00-09:00 |
| − | | | + | | style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 09:00-09:15 |
| − | | | + | | style="width: 80%; background: rgb(242,242,242)" colspan="3" align="center" | Announcements (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 09:15-10:00 |
| − | | | + | | style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: David Rice (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 10:00-10:10 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF (Emerald Bay) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 10:10-10:55 |
| − | | | + | | style="width: 30%; background: rgb(188,133,122)" align="left" | Security Architecting Applications for the Cloud, ''Alex Stamos, iSEC Partners''<br> |
| − | | | + | | style="width: 30%; background: rgb(188,165,122)" align="left" | Unraveling Cross-Technology, Cross-Domain Trust Relations, ''Peleus Uhley, Adobe''<br> |
| − | | | + | | style="width: 30%; background: rgb(153,255,153)" align="left" | Real Time Application Defenses - The Reality of AppSensor & ESAPI, ''Michael Coates, Mozilla,'' |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 10:55-11:15 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 11:15-12:00 |
| − | | | + | | style="width: 30%; background: rgb(188,133,122)" align="left" | Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, ''Ed Adams, Security Innovation''<br> |
| − | <br> | + | <br> |
| − | | | + | | style="width: 30%; background: rgb(188,165,122)" align="left" | Session Management Security tips and Tricks, ''Lars Ewe, Cenzic''<br> |
| − | <br> | + | <br> |
| − | | | + | | style="width: 30%; background: rgb(153,255,153)" align="left" | The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, ''Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs''<br> |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 12:00-13:15 |
| − | | | + | | style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Lunch - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 13:14-14:00 |
| − | | | + | | style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: HD Moore (Crystal Cove Auditorium) |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 14:04-14:50 |
| − | | | + | | style="width: 30%; background: rgb(188,133,122)" align="left" | Panal Discussion: Vulnerability Lifecycle for Software Vendors, ''Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver''<br> |
| − | | | + | | style="width: 30%; background: rgb(188,165,122)" align="left" | Agile + Security = FAIL, ''Adrian Lane''<br> |
| − | | | + | | style="width: 30%; background: rgb(153,255,153)" align="left" | Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, ''Aditya K. Sood, Armorize Technologies'' |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 14:50-15:10 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee Break - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 15:10-15:55 |
| − | | | + | | style="width: 30%; background: rgb(188,133,122)" align="left" | Exploiting Networks through Database Weaknesses, ''Scott Sutherland, NetSPI''<br> |
| − | | | + | | style="width: 30%; background: rgb(188,165,122)" align="left" | Defining the Identiy Management Framework, ''Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy''<br> |
| − | | | + | | style="width: 30%; background: rgb(153,255,153)" align="left" | ''TBD'' |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 15:55-16:05 |
| − | | | + | | style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF |
|- | |- | ||
| − | | style="width: 10%; background: | + | | style="width: 10%; background: rgb(123,138,189)" | 16:05-16:50 |
| − | | | + | | style="width: 90%; background: rgb(242,242,242)" colspan="3" align="center" | Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes |
|} | |} | ||
| + | <br> | ||
==== Sponsors ==== | ==== Sponsors ==== | ||
| Line 277: | Line 280: | ||
| | ||
| − | {| | + | {| style="background: none transparent scroll repeat 0% 0%; color: white; -moz-background-inline-policy: continuous" class="FCK__ShowTableBorders" border="0" cellspacing="10" align="center" |
|- | |- | ||
| | | | ||
| − | == Platinum Sponsors | + | == Platinum Sponsors == |
| | | | ||
| Line 290: | Line 293: | ||
|- | |- | ||
| | | | ||
| − | == Gold Sponsors | + | == Gold Sponsors == |
| [[Image:Ibmneg blurgb.jpg]] | | [[Image:Ibmneg blurgb.jpg]] | ||
| Line 299: | Line 302: | ||
|- | |- | ||
| | | | ||
| − | == Silver Sponsors | + | == Silver Sponsors == |
| [[Image:AppSecDC2009-Sponsor-fishnet.gif]] | | [[Image:AppSecDC2009-Sponsor-fishnet.gif]] | ||
| [[Image:Acunetix logo 200.png]] | | [[Image:Acunetix logo 200.png]] | ||
| − | | [[Image:Barracuda Color Logo.jpg]] | + | | [[Image:Barracuda Color Logo.jpg]] |
| [[Image:Cenziclogo.png]] | | [[Image:Cenziclogo.png]] | ||
|- | |- | ||
| − | | [[Image:Cigital-hor-color.JPG|120px]] | + | | [[Image:Cigital-hor-color.JPG|120px]] |
| − | | [[Image:Fujitsu-red-opt-b-150x56.gif]] | + | | [[Image:Fujitsu-red-opt-b-150x56.gif]] |
| − | | [[Image: | + | | [[Image:Netspi logo.png]] |
| | | | ||
|- | |- | ||
| Line 331: | Line 334: | ||
|- | |- | ||
| | | | ||
| − | === Organizational Sponsors | + | === Organizational Sponsors === |
| [[Image:Isc2 logo.gif|120px]] | | [[Image:Isc2 logo.gif|120px]] | ||
| Line 339: | Line 342: | ||
|- | |- | ||
| | | | ||
| − | === Reception Sponsors | + | === Reception Sponsors === |
| | | | ||
|- | |- | ||
| | | | ||
| − | === Coffee Sponsors | + | === Coffee Sponsors === |
| | | | ||
| Line 350: | Line 353: | ||
|} | |} | ||
| − | ==== REGISTER NOW ==== | + | ==== REGISTER NOW ==== |
| − | Click [http://www.appsecusa.org/register-now.html here] for registration information. | + | Click [http://www.appsecusa.org/register-now.html here] for registration information. <br> |
| − | <br> | ||
| − | [http://www.appsecusa.org/register-now.html http://www.appsecusa.org/register-now.html] | + | [http://www.appsecusa.org/register-now.html http://www.appsecusa.org/register-now.html] |
| − | <headertabs /> | + | <headertabs /> |
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_USA]] | [[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_USA]] | ||
Revision as of 00:33, 20 July 2010
Welcome
| Travel and Venue | Sponsor Information | Volunteer Opportunities | REGISTER NOW |
|
| |||
|
Training September 7th & 8th
| T1. Web Security Testing - 2-Days - $1350 |
|---|
| This course is a deep dive into the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to common web application vulnerabilities, testing techniques and tools by a professional security tester.
The course includes a guided penetration test in which the students will execute security test with the help of the instructor. |
| Instructor: Joe Basirico, Security Innovation |
| Learn More About the Web Security Testing Class |
| Click here to register |
| T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350 |
|---|
| This two-day class will cover common Web 2.0 and AJAX security threats, vulnerabilities, and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities.
Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them. |
Instructor: Dave Wichers: 
|
| Learn More about the Building Secure Ajax and Web 2.0 Applications Class |
| Click here to register |
| T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350 |
|
This course will focus on using open source tools to perform web application assessments. The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-‐WTF). Day one will take students through the steps and open source tools used to assess application for vulnerabilities. Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks. The latest tools and techniques will be used throughout the course, including several tools developed by the trainers themselves. |
| Instructor: Justin Serle, InGuardians |
| Click here to register |
| T4. Application Security Leadership Essentials - 2-Days - $1350 |
| In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans. |
| Instructor: Jeff Williams:
|
| Learn More about the Application Security Leadership Essentials Class |
| Click here to register |
| T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675 |
| Summary
Instructor: Dan Cornell: |
| Click here to register |
| T6. Live CD 1-Day - Sept 8th- $675 |
|---|
| Summary
Instructor: Matt Tesauro: File:TrustwaveLogo.jpg |
| Click here to register |
September 9th
| Conference Day 1 - September 9th, 2010
| |||
| |
Track 1 - Crystal Cove Auditorium | Track 2 - Pacific Ballroom | Track 3 - Doheny Beach |
| 07:30-08:30 | Registration and Breakfast + Coffee | ||
| 08:30-08:45 | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium) | ||
| 08:45-9:30 | Keynote: Jeff Williams (Crystal Cove Auditorium) | ||
| 9:30-10:15 | Keynote: Chenxi Wang (Crystal Cove Auditorium) | ||
| 10:15-10:35 | Break - Expo - CTF kick-off (Emerald Bay) | ||
| 10:35-11:20 | How I met your Girlfriend, Samy Kamkar |
Solving Real-World Problems with an Enterprise Security API (ESAPI), Chris Schmidt, ServiceMagic |
Microsoft Security Development Lifecycle for Agile Development, Nick Coblentz, AT&T |
| 11:20-11:30 | Break - Expo - CTF | ||
| 11:30-12:15 | State of SL on the Internet - 2010 Survey, Results and Conclusions, Ivan Ristic, Qualys
|
Into the Rabbit Hole: Execution Flow-based Web Application Testing, Rafal Los, Hewlett-Packard
|
Threat Modeling Best Practices, Robert Zigweid, IOActive |
| 12:15-13:15 | Lunch - Expo - CTF | ||
| 13:30-14:15 | Keynote: Bill Cheswick (Crystal Cove Auditorium) | ||
| 14:15-14:25 | Break - Expo - CTF | ||
| 14:25-15:10 | P0w3d for Botnet CnC, Gunter Ollmann, Damballa |
Cloud Computing, A Weapon of Mass Destruction?, David Bryan |
The Secure Coding Practices Quick Reference Guide, Keith Turpin, Boeing |
| 15:10-15:30 | Coffee Break - Expo - CTF | ||
| 15:30-16:15 | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, Dan Cornell, Denim Group |
Assessing, Testing and Validating Flash Content, Peleus Uhley, Adobe |
OWASP State of the Union, Tom Brennan, OWASP |
| 16:15-16:25 | Break - Expo - CTF | ||
| 16:25-17:10 | Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz | ||
September 10th
| Conference Day 2 - September 10th, 2010
| |||
| |
Track 1 - Crystal Cove Auditorium | Track 2 - Pacific Ballroom | Track 3 - Doheny Beach |
| 08:00-09:00 | Coffee - Expo - CTF | ||
| 09:00-09:15 | Announcements (Crystal Cove Auditorium) | ||
| 09:15-10:00 | Keynote: David Rice (Crystal Cove Auditorium) | ||
| 10:00-10:10 | Break - Expo - CTF (Emerald Bay) | ||
| 10:10-10:55 | Security Architecting Applications for the Cloud, Alex Stamos, iSEC Partners |
Unraveling Cross-Technology, Cross-Domain Trust Relations, Peleus Uhley, Adobe |
Real Time Application Defenses - The Reality of AppSensor & ESAPI, Michael Coates, Mozilla, |
| 10:55-11:15 | Break - Expo - CTF | ||
| 11:15-12:00 | Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, Ed Adams, Security Innovation
|
Session Management Security tips and Tricks, Lars Ewe, Cenzic
|
The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs |
| 12:00-13:15 | Lunch - Expo - CTF | ||
| 13:14-14:00 | Keynote: HD Moore (Crystal Cove Auditorium) | ||
| 14:04-14:50 | Panal Discussion: Vulnerability Lifecycle for Software Vendors, Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver |
Agile + Security = FAIL, Adrian Lane |
Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, Aditya K. Sood, Armorize Technologies |
| 14:50-15:10 | Coffee Break - Expo - CTF | ||
| 15:10-15:55 | Exploiting Networks through Database Weaknesses, Scott Sutherland, NetSPI |
Defining the Identiy Management Framework, Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy |
TBD |
| 15:55-16:05 | Break - Expo - CTF | ||
| 16:05-16:50 | Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes | ||
Sponsors
We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our List of Sponsorship Opportunities (or PDF).
Please contact Kate Hartmann for more information.
Slots are going fast so contact us to sponsor today!
Platinum Sponsors |
[File:Qualys-468-60.png] | |||
Gold Sponsors |
|
|
||
Silver Sponsors |
|
|
|
|
|
|
|
||
Organizational Sponsors |
|
|||
Reception Sponsors |
||||
Coffee Sponsors |
REGISTER NOW
Click here for registration information.
