This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Colorado Planning 2009
Planning Schedule for CO Chapters 2009
OWASP Speaker Agreement
Day 1 – Sept 24th, 2008 | |||||||||
---|---|---|---|---|---|---|---|---|---|
Track 1: BALLROOM | Track 2: SKYLINE | Track 3: TIMESQUARE | |||||||
07:30-08:50 | Doors Open for Attendee/Speaker Registration
avoid lines come early get your caffeine fix and use free wifi | ||||||||
09:00-09:45 | OWASP Version 3.0 who we are, how we got here and where we are going?
OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder, Paulo Coimbra, Kate Hartmann, Alison Shrader & all local chapter leaders | ||||||||
10:00-10:45 | Analysis of the Web Hacking Incidents Database (WHID) | Web Application Security Road Map |
DHS Software Assurance Initiatives | ||||||
11:00-11:45 | Http Bot Research | OWASP "Google Hacking" Project | MalSpam Research | ||||||
12:00-13:00 | Capture the Flag Sign-Up
LUNCH - Provided by event sponsors @ TechExpo | ||||||||
12:00-12:45 | Get Rich or Die Trying - Making Money on The Web, The Black Hat Way | Framework-level Threat Analysis: Adding Science to the Art of Source-code review | Automated Web-based Malware Behavioral Analysis | ||||||
13:00-13:45 | New 0-Day Browser Exploits: Clickjacking - yea, this is bad... | WAF ModSecurity | Using Layer 8 and OWASP to Secure Web Applications | ||||||
14:00-14:45 | Industry Outlook Panel: Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik SVP, RBS,Jennifer Bayuk Infosec Consultant & Philip Venables CISO, Goldman Sachs, Carlos Recalde SVP, Lehman Brothers, Tom King CISO, Barclays Capital, Mahi Dontamsetti Moderator |
Security Assessing Java RMI | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web | ||||||
15:00-15:45 | OWASP Testing Guide - Offensive Assessing Financial Applications | Flash Parameter Injection (FPI)
Ayal Yogev & Adi Sharabani |
w3af - A Framework to own the web
Andres Riancho | ||||||
16:00-16:45 | OWASP Enterprise Security API (ESAPI) Project | Cross-Site Scripting Filter Evasion
Alexios Fakos |
Case Studies: Exploiting application testing tool deficiencies via "out of band" injection | ||||||
17:00-17:45 | Threading the Needle:
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks Arian Evans |
Mastering PCI Section 6.6 | Multidisciplinary Bank Attacks
Gunter Ollmann | ||||||
18:00-18:45 | OWASP Live CD | Coding Secure w/PHP | Payment Card Data Security and the new Enterprise Java | ||||||
19:00-20:00 | OWASP Chapter Leader / Project Leader working session OWSAP Board/Chapter Leaders | (ISC)2 Cocktail Hour all welcome to attend for special announcement presented by: W. Hord Tipton, Executive Director of (ISC)2 |
Technology Movie Night Sneakers, WarGames, HackersArePeopleToo, TigerTeam from 19:00 - 23:00 | ||||||
20:00-23:00+ | OWASP Event Party/Reception Event badge required for admission Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes. Location: HOTEL BALLROOM</b>
| ||||||||
Day 2 – Sept 25th, 2008 | |||||||||
08:00-10:00 | BREAKFAST - Provided by event sponsors @ TechExpo | ||||||||
08:00-08:45 | Software Development: The Last Security Frontier
W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)² |
Best Practices Guide: Web Application Firewalls
Alexander Meisel |
The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis | ||||||
09:00-09:45 | OWASP Web Services Top Ten | Tiger Team - APPSEC Projects | OpenSource Tools Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ | ||||||
10:00-10:45 | Building a tool for Security consultants: A story of a customized source code scanner
Dinis Cruz |
"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment | Industry Analyst with Forrester Research | ||||||
11:00-11:45 | CLASP (Comprehensive, Lightweight Application Security Process)
Pravir Chandra |
Security in Agile Development | Secure Software Impact | ||||||
12:00-12:45 | Next Generation Cross Site Scripting Worms | Security of Software-as-a-Service (SaaS) | Open Reverse Benchmarking Project
Marce Luck & Tom Stracener | ||||||
12:00-13:00 | Capture the Flag Status
LUNCH - Provided @ TechExpo | ||||||||
13:00-13:45 | NIST SAMATE Static Analysis Tool Exposition (SATE) | Lotus Notes/Domino Web Application Security | Shootout @ Blackbox Corral
Larry Suto | ||||||
14:00-14:45 | Practical Advanced Threat Modeling
John Steven |
The Owasp Orizon Project: towards version 1.0 | Building Usable Security | ||||||
15:00-15:45 | Off-shoring Application Development? Security is Still Your Problem
Rohyt Belani |
OWASP EU Summit Portugal
Dinis Cruz |
Code Secrets | ||||||
16:00-16:45 | Vulnerabilities in application interpreters and runtimes
Erik Cabetas |
Detecting User Disposition - Polar Bears in a Whiteout Robert "RSnake" Hansen | Corruption Dave Aitel | ||||||
17:00-17:45 | Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles | ||||||||
18:30-19:30 | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better! |