This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

AppSec US 2010, CA

From OWASP
Revision as of 08:37, 17 July 2010 by Tin Zaw (talk | contribs)

Jump to: navigation, search


AppSec USA 2010 Banner

UC Irvine Conference Center | CLICK HERE TO REGISTER

Welcome



AppSec US 2010 Website



Travel and Venue Sponsor Information Volunteer Opportunities 
16:25-17:10 Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz

Register now!

https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=3c8f8c26-a4b3-40d6-9daa-1f541ea0ccc2

OWASP member registration $325 Non-member registration $375 Student registration (ID required at conference) $250

Early-bird rates available till July 31.




Training

T1. Web Security Testing - 2-Days - $1350
This course is a deep dive into the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to common web application vulnerabilities, testing techniques and tools by a professional security tester.

The course includes a guided penetration test in which the students will execute security test with the help of the instructor.

Instructor: Joe Basirico, Security Innovation
Learn More About the Web Security Testing Class
T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350
This two-day class will cover common Web 2.0 and AJAX security threats, vulnerabilities, and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities.

Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them.

Instructor: Dave Wichers: 100px-Aspect Security Logo.jpg
Learn More about the Building Secure Ajax and Web 2.0 Applications Class
T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350
Summary

Instructor: Justin Serle, InGuardians

T4. Application Security Leadership Essentials - 2-Days - $1350
In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.
Instructor: Jeff Williams: 100px-Aspect Security Logo.jpg
Learn More about the Application Security Leadership Essentials Class
T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675
Summary

Instructor: Dan Cornell: AppSecDC2009-Sponsor-denim.gif

T6. Live CD 1-Day - Sept 8th- $675
Summary

Instructor: Matt Tesauro: File:TrustwaveLogo.jpg


September 9th

Conference Day 1 - September 9th, 2010



Track 1 - Crystal Cove Auditorium Track 2 - Pacific Ballroom Track 3 - Doheny Beach
07:30-08:30 Registration and Breakfast + Coffee
08:30-08:45 Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium)
08:45-9:30 Keynote: Jeff Williams (Crystal Cove Auditorium)
9:30-10:15 Keynote: Chenxi Wang (Crystal Cove Auditorium)
10:15-10:35 Break - Expo - CTF kick-off (Emerald Bay)
10:35-11:20 How I met your Girlfriend, Sammy Kamkar
Solving Real-World Problems with an Enterprise Security API (ESAPI), Chris Schmidt, ServiceMagic
Microsoft Security Development Lifecycle for Agile Development, Nick Coblentz, AT&T
11:20-11:30 Break - Expo - CTF
11:30-12:15 State of SL on the Internet - 2010 Survey, Results and Conclusions, Ivan Ristic, Qualys


Into the Rabbit Hole: Execution Flow-based Web Application Testing, Rafal Los, Hewlett-Packard


Threat Modeling Best Practices, Robert Zigweid, IOActive
12:15-13:15 Lunch - Expo - CTF
13:30-14:15 Keynote: Bill Cheswick (Crystal Cove Auditorium)
14:15-14:25 Break - Expo - CTF
14:25-15:10 P0w3d for Botnet CnC, Gunter Ollmann, Damballa
Cloud Computing, A Weapon of Mass Destruction?, David Bryan
The Secure Coding Practices Quick Reference Guide, Keith Turpin, Boeing
15:10-15:30 Coffee Break - Expo - CTF
15:30-16:15 Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, Dan Cornell, Denim Group
Assessing, Testing and Validating Flash Content, Peleus Uhley, Adobe
OWASP State of the Union, Tom Brennan, OWASP
16:15-16:25 Break - Expo - CTF
16:25-17:10 Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz

September 10th

Conference Day 2 - September 10th, 2010



Track 1 - Crystal Cove Auditorium Track 2 - Pacific Ballroom Track 3 - Doheny Beach
08:00-09:00 Coffee - Expo - CTF
09:00-09:15 Announcements (Crystal Cove Auditorium)
09:15-10:00 Keynote: David Rice (Crystal Cove Auditorium)
10:00-10:10 Break - Expo - CTF (Emerald Bay)
10:10-10:55 Security Architecting Applications for the Cloud, Alex Stamos, iSEC Partners
Unraveling Cross-Technology, Cross-Domain Trust Relations, Peleus Uhley, Adobe
Real Time Application Defenses - The Reality of AppSensor & ESAPI, Michael Coates, Mozilla,
10:55-11:15 Break - Expo - CTF
11:15-12:00 Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, Ed Adams, Security Innovation


Session Management Security tips and Tricks, Lars Ewe, Cenzic


The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs
12:00-13:15 Lunch - Expo - CTF
13:14-14:00 Keynote: HD Moore (Crystal Cove Auditorium)
14:04-14:50 Panal Discussion: Vulnerability Lifecycle for Software Vendors, Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver
Agile + Security = FAIL, Adrian Lane
Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, Aditya K. Sood, Armorize Technologies
14:50-15:10 Coffee Break - Expo - CTF
15:10-15:55 Exploiting Networks through Database Weaknesses, Scott Sutherland, NetSPI
Defining the Identiy Management Framework, Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy
TBD
15:55-16:05 Break - Expo - CTF
16:05-16:50 Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes

Registration

Registration Now Open!

CLICK HERE TO REGISTER

OWASP Membership ($50 annual membership fee) gets you a discount of $50.

$375 Until 7/31/2010 Non-Members After 7/31/2010 - $445
$325 Until 7/31/2010 OWASP Members After 7/31/2010 - $395
$250 Students with valid Student ID
$375 Until 7/31/2010 New Registration Option! Become an OWASP Member and attend the event!
$1350 2-Day Training Course
$675 1-Day Training Course

Who Should Attend AppSec USA 2010:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security


For student discount, attendees must present proof of enrollment when picking up your badge.

Volunteer

Volunteers Needed!

Get involved!

We will take all the help we can get to pull off the best Web Application Security Conference of the year! Volunteers get free admission and invitation to the VIP event. This is your chance to rub elbows with the big players and mingle with potential networking contacts or even future employers!


Please contact neil(at)owasp.org to volunteer for a specific area:

  • Security
  • Speakers and Trainers
  • Vendors
  • Facilities

More opportunities and areas will be added as time goes on. Our File:Volunteer Sheet.doc can be downloaded which outlines some of the responsibilities and available positions. Note: this document references the the DC conference last year, this is just for a general guideline. Updated document coming soon.



Venue

UC Irvine Conference Center Center

AppSec USA 20010 will be taking place at the UC Irvine Conference Center in Irvine, CA.


Hotel

Hyatt main.gif

We have reached a deal with Hyatt Regency of Irvine. The standard room rate will be $109. The hotel will be offering a shuttle service to and from both the UC Irvine campus as well as the John Wayne Airport!

Space is limited so be sure to book sooner than later. Please use this link to reserve a room https://resweb.passkey.com/go/owasp2010

UC Irvine also has special arrangements with local  hotels here

Sponsors

Sponsors

We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our List of Sponsorship Opportunities (or PDF).

Please contact Kate Hartmann for more information.

Slots are going fast so contact us to sponsor today!

    

Platinum Sponsors

[File:Qualys-468-60.png]
 

Gold Sponsors

Ibmneg blurgb.jpg Fortify logo AppSec Research 2010.png
 

Silver Sponsors

AppSecDC2009-Sponsor-fishnet.gif Acunetix logo 200.png Barracuda Color Logo.jpg
 
 

Organizational Sponsors

Isc2 logo.gif
 

Reception Sponsors

Coffee Sponsors

Travel

Traveling to the OC Metro Area