This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Front Range OWASP Conference 2010"

From OWASP
Jump to: navigation, search
m (closed CFP)
m (linked grossman to whitehatsec as problems were reported with blip version)
 
(111 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
__NOTOC__  
 
__NOTOC__  
  
<!-- [[Image:FROC2010_logo.PNG]] -->
+
<!-- [http://froc2010.eventbrite.com/ Registration is NOW OPEN] -->
<!-- [http://www.dcconvention.com/ Walter E. Washington Convention Center] | [http://guest.cvent.com/i.aspx?4W,M3,26bc4c77-e1ef-4bad-be46-eb7b0124276c Registration] -->
+
FROC2010 was a major success! The [http://www.surveymonkey.com/sr.aspx?sm=Fn2UBK3eyju0z2k3B8XpvHvs9s_2bdRO1BS428Of_2f9ZA0_3d survey results]are now posted.
 +
 
 +
'''Looking for the presentations and videos?  They are [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Agenda here]'''
  
 
<br> <!-- Header -->
 
<br> <!-- Header -->
 
====Welcome====   
 
====Welcome====   
[[Image:Froc2010_sm.png‎]]
+
[[Image:Froc2010_sm.png|200px]]
 
'''Welcome to FROC 2010, the third annual Front Range OWASP Application Security Conference!'''
 
'''Welcome to FROC 2010, the third annual Front Range OWASP Application Security Conference!'''
  
Line 17: Line 19:
 
====Registration====
 
====Registration====
  
The Registration Site will be up soon.  Due to the hard work of our organizers and the gracious support of our sponsors, FROC was a free event in 2008 and 2009.  This year, due to challenging economic conditions, we unfortunately are unable to continue this tradition.  The ticket price will be set when the registration site goes live, and will likely be between $25 and $50 USD.
+
<!-- [http://froc2010.eventbrite.com Registration is now open!] -->
 +
 
 +
Due to the hard work of our organizers and the gracious support of our sponsors, FROC was a free event in 2008 and 2009.  This year, thanks to the generosity of our [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010#tab=Conference_Sponsors sponsors] we are offering tickets to the event on a DONATION basis.  Pay whatever you or your company can afford.
 +
 
 +
<!-- Click [http://froc2010.eventbrite.com HERE] to register now. -->
 +
 
 +
====Agenda====
 +
 
 +
==Agenda and Presentations: 2 June 2010==
 +
 
 +
The agenda follows the successful OWASP conference multi track format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing panel discussions back in the main auditorium.
 +
 
 +
{| style="width:80%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#4058A0; color:white" | June 2, 2010
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 07:30-08:30 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Registration and Continental Breakfast in the Sponsor Expo Room
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 08:30-08:35 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Welcome to FROC 2010 Conference
 +
''David Campbell, OWASP Denver''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 08:35-09:35 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Keynote: [[FROC2010_Abstract_Chess|"Watching Software Run: Software Security Beyond Defect Elimination"]]
 +
''Brian Chess, Fortify Software''
 +
 
 +
[https://docs.google.com/a/owasp.org/leaf?id=0B_-vbfka88vFNjMxYTcwY2ItNjgxNy00ZjMzLTkwMTUtN2IyMzA4MmE3OWVl&sort=name&layout=list&num=50 Presentation] [http://blip.tv/file/3710067 Video]
 +
 
 +
<!-- [http://video.google.com/videoplay?docid=2875886330538461390 Video] -->
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 09:35-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP: State of the Union
 +
''Tom Brennan, OWASP Board - [http://www.owasp.org/index.php/User:Brennan BIO]''
 +
 
 +
[http://blip.tv/file/3710155 Video]
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 10:00-10:20 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Cloud Security Alliance: State of the Union
 +
''Randy Barr, Cloud Security Alliance''
 +
 
 +
[http://blip.tv/file/3710535 Video]
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 10:20-10:30 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
 +
|-
 +
| style="width:10%; background:#7B8ABD" | || style="width:22%; background:#BC857A" | '''AppSec/Technical Track: Room 1'''
 +
| style="width:22%; background:#BCA57A" | '''Cloud/Mobile/Emerging Track: Room 2'''
 +
| style="width:22%; background:#C6E2FF" | '''Management / Exec Track: Room 3'''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 10:30-11:15 || style="width:22%; background:#BC857A" align="left" | "[[FROC2010_Abstract_Grossman|2010: Web Hacking Odyssey - The Top Hacks of the Year]]"
 +
''Jeremiah Grossman''
 +
 
 +
[https://docs.google.com/fileview?id=0B_-vbfka88vFZTIwOWY3NjctZTY1OC00YTRjLThjNGUtMDIwZTk3MmVhN2Zi&hl=en Presentation] <!-- [http://blip.tv/file/3711213 Video] --> [https://whitehatsec.market2lead.com/go/whitehatsec/WebEx_odyssey0310 Video] Note the blip version seems broken, so linked to WhiteHatSec webex.
 +
 
 +
<!-- [http://video.google.com/videoplay?docid=-8396241750899139680 Video] -->
 +
| style="width:22%; background:#BCA57A" align="left" | [[FROC2010_Abstract_McClellan|"Building a Secure, Compliant Cloud for the Enterprise"]]
 +
''Matt Ferrari, Hosting.com''
 +
 
 +
| style="width:22%; background:#C6E2FF" align="left" | [[FROC2010_Abstract_Byrne|"Anatomy of a Logic Flaw"]]
 +
''David Byrne and Charles Henderson, Trustwave''
 +
 
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 11:15-12:00 || style="width:22%; background:#BC857A" align="left" | "[[FROC2010_Abstract_Zusman|Advanced MITM Techniques for Security Testers]]"
 +
''Mike Zusman, Raj Umadas and Aaron Rhodes, Intrepidus Group''
 +
 
 +
[https://docs.google.com/fileview?id=0B_-vbfka88vFMmRlODIyOWItMTQwMS00ZjMzLWFkYWMtYjc4YzZiOGVjY2U1&hl=en Presentation]
 +
 
 +
<!-- [http://video.google.com/videoplay?docid=-8396241750899139680 Video] -->
 +
| style="width:22%; background:#BCA57A" align="left" | [[FROC2010_Abstract_Nickerson|"YOU are the weakest link"]]
 +
''Chris Nickerson, Lares Consulting''
 +
 
 +
[https://docs.google.com/fileview?id=0B_-vbfka88vFMWIyNjc2MWUtYjc2NS00MjExLTg3NGYtNWFmN2RjMjFmNTI4&hl=en Presentation]
 +
 
 +
| style="width:22%; background:#C6E2FF" align="left" | [[FROC2010_Abstract_Whaley|"Effectively marketing security as a win for both the business and the customer"]]
 +
''Ben Whaley, Applied Trust Engineering and Jeff Smith, Rally Software''
 +
 
 +
[https://docs.google.com/present/edit?id=0Af-vbfka88vFZGRrcjYycXZfMzI5Z3c0OWQ2Y2M&hl=en Presentation]
 +
 
 +
  |-
 +
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
 +
|-
 +
 
 +
| style="width:10%; background:#7B8ABD" | 13:00-13:50 || style="width:22%; background:#BC857A" align="left" | "[[FROC2010_Abstract_Wheeler|Vulnerabilities in Secure Code: Now and Beyond]]"
 +
''Alex Wheeler and Ryan Smith, Accuvant''
 +
 
 +
[http://blip.tv/file/3713199 Video]
 +
 
 +
<!-- [http://video.google.com/videoplay?docid=-8396241750899139680 Video] -->
 +
| style="width:22%; background:#BCA57A" align="left" | [[FROC2010_Abstract_Roberts|"Real life CSI – Data Mining and Intelligence Gathering for the masses"]]
 +
''Chris Roberts, Cyopsis''
 +
 
 +
[https://docs.google.com/fileview?id=0B_-vbfka88vFNWJhN2I3NzMtOTI2Mi00YWEzLWI1YzgtOTlkNTQ4YWU5YTEx&hl=en Presentation]
 +
 
 +
| style="width:22%; background:#C6E2FF" align="left" | [[FROC2010_Abstract_Dickson|"The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise"]]
 +
''John Dickson, Denim Group''
 +
 
 +
[https://docs.google.com/fileview?id=0B_-vbfka88vFMjk5MDY0MDMtYjdmYy00MWU5LTgyMDQtNTUwZjZmYTM3NjAx&hl=en Presentation]
 +
 
 +
|-
 +
 
 +
| style="width:10%; background:#7B8ABD" | 13:50-14:40 || style="width:22%; background:#BC857A" align="left" | "[[FROC2010_Abstract_Byrne2|Beware of Serialized GUI Objects Bearing Data]]"
 +
''David Byrne and Rohini Sulatycki, Trustwave''
 +
 
 +
[http://blip.tv/file/3713260 Video]
 +
 
 +
<!-- [http://video.google.com/videoplay?docid=-8396241750899139680 Video] -->
 +
| style="width:22%; background:#BCA57A" align="left" | [[FROC2010_Abstract_Zusman2|"What's Old Is New Again: An Overview of Mobile Application Security"]]
 +
''Zach Lanier and Mike Zusman, Intrepidus Group''
 +
 
 +
| style="width:22%; background:#C6E2FF" align="left" | [[FROC2010_Abstract_Goldschmidt|"Fundamental Practices and Tools to implement a security development lifecycle"]]
 +
''Cassio Goldschmidt, Symantec''
 +
 
 +
[https://docs.google.com/fileview?id=0B_-vbfka88vFYWY0YzZkZjEtYzc4My00ZTk2LWFmYWQtYjViYTdkZDcxNThm&hl=en Presentation]
 +
|-
 +
 
 +
| style="width:10%; background:#7B8ABD" | 14:40-15:00 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | BREAK
 +
|-
 +
 
 +
| style="width:10%; background:#7B8ABD" | 15:00-15:50 || style="width:22%; background:#BC857A" align="left" | "[[FROC2010_Abstract_Schmidt|Solving Real-World Problems with an  Enterprise Security API]]"
 +
''Chris Schmidt''
 +
 
 +
[https://docs.google.com/fileview?id=0B_-vbfka88vFNjM5NzZmODQtZTQ1OS00NTYxLWJmOWQtNzE3OWY4OWZkOGMw&hl=en Presentation] [http://blip.tv/file/3713316 Video]
 +
 
 +
<!-- [http://video.google.com/videoplay?docid=-8396241750899139680 Video] -->
 +
| style="width:22%; background:#BCA57A" align="left" | [[FROC2010_Abstract_Tucker|"Cloudy with a chance of hack"]]
 +
''Lars Ewe, Cenzic''
 +
 
 +
[https://docs.google.com/present/edit?id=0Af-vbfka88vFZGRrcjYycXZfMjUyZDQ3enN6ZmI&hl=en Presentation]
 +
 
 +
| style="width:22%; background:#C6E2FF" align="left" | [[FROC2010_Abstract_Cornell|"Application Security Program Management with Vulnerability Manager"]]
 +
''Bryan Beverly, Denim Group''
 +
 
 +
[https://docs.google.com/fileview?id=0B_-vbfka88vFNTY3OGUwMGItMmQyMi00YWRmLWJkMzgtMTZhNDNlZjJiNWJm&hl=en Presentation]
 +
 
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 15:50-16:30 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Panel Discussion: Topic: ''"Security successes are like Six legged calves: unnatural, but they happen."''  Moderator: John Dickson, Denim Group.
 +
Panelists: Randy Barr, CSO @ Qualys. Jeremiah Grossman, CTO @ WhiteHat Security, Chris Nickerson, Principal @ Lares Consulting, Andy Lewis, CSO @ New Frontier Media
 +
|-
 +
 
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Wrap up, vendor raffles, CTF awards, FREE BEER!
 +
|-
 +
 
 +
|}
  
  
Line 23: Line 162:
 
[[Image:Denver_mountains.JPG]]
 
[[Image:Denver_mountains.JPG]]
  
This year, the conference will again be held at the [http://maps.google.com/maps?hl=en&ie=UTF8&cid=0,0,17887458453474608109&fb=1&split=1&gl=us&dq=Tivoli+Student+Union+in+downtown+Denver,+CO&daddr=900+Auraria+Pkwy+%23+325E,+Denver,+CO+80204&geocode=2315206160437382962,39.746366,-105.007463&ei=jKOsSeKrM5O5twfLh4GDBg&z=16 Tivoli Student Union] in downtown 900 Auraria Pkwy # 325E
+
This year, the conference will again be held at University of Colorado, Denver. However, instead of the Tivoli Student Union, this year the event will be hosted at the North Classroom building (Atrium UCD).
Denver, CO 80204 (303) 556-6330
+
 
 +
[[File:Froc map.GIF|thumb|left]]
  
=====Accommodations=====
+
[http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=1200+Larimer+Street,+Denver,+CO&sll=37.0625,-95.677068&sspn=37.188995,62.226563&ie=UTF8&hq=&hnear=1200+Larimer+St,+Denver,+Colorado+80204&z=16&iwloc=A Google Map of the Venue: 1200 Larimer St., Denver CO 80204]
TBD
+
 
<!--
+
=====Accomodation=====
OWASP has negotiated discounted rates with the Hotel Teatro.  Rooms under the FROC rate are $189/night and include courtesy Cadillac Escalade transportation to and from Auraria Campus. To reserve a room, contact Hotel Teatro at +1.303.228.1100 and mention FROC. The discounted rate will be available until Monday, March 2. -->
+
OWASP has negotiated discounted rates with the uber-pimpin [http://www.hotelteatro.com/ Hotel Teatro].  Rooms under the FROC rate are $159/night and include courtesy Cadillac Escalade transportation to and from Auraria Campus. To reserve a room, contact Hotel Teatro at +1.303.228.1100 and mention FROC or use the [https://reservations.ihotelier.com/crs/g_reservation.cfm?groupID=464765&hotelID=14708 iHotelier.com link here].
  
 
=====How to get to the venue?=====
 
=====How to get to the venue?=====
See the [http://maps.google.com/maps?hl=en&ie=UTF8&cid=0,0,17887458453474608109&fb=1&split=1&gl=us&dq=Tivoli+Student+Union+in+downtown+Denver,+CO&daddr=900+Auraria+Pkwy+%23+325E,+Denver,+CO+80204&geocode=2315206160437382962,39.746366,-105.007463&ei=jKOsSeKrM5O5twfLh4GDBg&z=16 Map].
 
  
 
*By taxi: taxi from the airport to venue is about $50 USD
 
*By taxi: taxi from the airport to venue is about $50 USD
  
*From hotel: TBD <!-- transport from the conference hotel (Hotel Teatro) by limo is free -->
+
*From hotel: transport from the conference hotel (Hotel Teatro) by limo is free
  
*By car: there is plenty of parking at the Tivoli.  Parking validation will be provided for registered FROC participants.
+
*By car: there is plenty of parking at the UCD.  Attendees should park at the Tivoli lot (as in past years) and it is a short walk to the North Classroom buildings.  Parking validation will be provided for registered FROC participants.
  
  
 +
<!--
 
====Call for Presentations====
 
====Call for Presentations====
The [[Front_Range_OWASP_Conference_2010_CFP|call for presentations]] closed 31 March 2010.  We are no longer accepting proposals for presentations.  If you have already submitted a presentation you can, however update your abstract or submit additional information to clarify your proposal.
+
The [[Front_Range_OWASP_Conference_2010_CFP|call for presentations]] closed 31 March 2010.  We are no longer accepting proposals for presentations.  If you have already submitted a presentation you can, however update your abstract or submit additional information to clarify your proposal. -->
  
 
<!-- ===[[SnowFROC Tentative Schedule]]=== -->
 
<!-- ===[[SnowFROC Tentative Schedule]]=== -->
Line 136: Line 276:
 
====Capture the Flag (CTF)====
 
====Capture the Flag (CTF)====
  
This year FROC will again be hosting a capture the flag game / contest throughout the day. If you are interested in volunteering to assist with the CTF please contact eduprey at owasp dot org.  
+
A capture the flag contest was held, with challenges in the categories of network, forensics, and web applications.  The winner received a new iPad. Second and third place received an iPod shuffle.
  
<!-- CTF is OPEN!
+
The team that won the contest consisted of four members of the Denver Defcon group, dc303 (http://dc303.org).  This group also plays in the annual Defcon CTF competition (with about 20 other folks from the Denver area).  If you are interested in joining them for future CTF competitions (local and abroad), contact mantis1 at gmail.com.
  
If you are attending FROC, join WiFi network "Auraria Campus" and browse to [http://ctf.technowarfare.com the CTF main page].  If you need help, email edupreyATowasp.org or visit the CTF lounge upstairs from the vendor area.
+
Second place went to Matthew Rowley (playing on his own)
  
This year FROC will be hosting a capture the flag game / contest throughout the day. The CTF consists of a LAMP web server target and a scoreboard.
+
Final scores:
 
+
{| border="3"
Your job as a player is to successfully attack the small vulnerable web applications we provide to obtain hidden codes (called "flags".)  Enter a flag into the scoreboard and you're credited with the point value for that challenge.
+
|Rank||Name||Score||Comments
 
+
|-
An entrant can be a team or an individual.  Small prizes will be given for the top three finishing entrants, but the greatest prize, of course, is bragging rights.  Winners will be announced (and prizes awarded) at the end of the conference as part of the conference wrap-up.
+
|'''1'''||'''mantis'''||'''4500'''||
 
+
|-
Thanks to:
+
|'''2'''||'''Matthew Rowley'''||'''2850'''||'''(wuntee)'''
 
+
|-
*IBM for sponsoring this event and providing technical support.
+
|'''3'''||'''jgimer'''||'''2300'''||
*Dan Guido and the rest of the team of students from Polytechnic University for developing the code the contest is based on. (this CTF is a modified version of the one they presented at OWASP NYC 2008)
+
|-
 
+
|4||jsouza||2200||
===CTF Rules===
+
|-
 
+
|5||CSURams||1800||
1. Don't attack other players.  The contest is about finding and exploiting vulnerabilities in the applications provided.  (yes, attacking application users is a real-world threat -- victims will be provided in the challenges where attacking a user is required.)
+
|-
 
+
|6||quincymagoo||1200||
2. Don't attack the infrastructure.  Networks, routers, and the scoreboard are all off-limits as targets of attack.
+
|-
 
+
|7||skehoe||700||
Anyone discovered breaking these rules will earn banning, forfeiture of all points, and very bad karma.
+
|-
 +
|8||jtevans||700||
 +
|-
 +
|9||igctf||700||
 +
|-
 +
|10||kdavis||700||
 +
|}
  
-->
 
  
 
====Conference Committee====
 
====Conference Committee====
Line 190: Line 335:
 
====Conference Sponsors====
 
====Conference Sponsors====
  
 +
[[File:Sponsors.PNG]]
 +
 +
The following organizations are proud sponsors of this conference:
 
<!--  
 
<!--  
The following organizations are proud sponsors of this conference:
 
 
*Accuvant
 
*Accuvant
 
*Breach
 
*Breach
Line 204: Line 351:
 
*WhiteHat Security -->
 
*WhiteHat Security -->
  
If you are interested in sponsoring this OWASP event, please contact Kathy Thaxton at kthaxton at owasp dot org.
+
*[http://www.accuvant.com/ Accuvant]
 +
*[http://www.denimgroup.com/ Denim Group]
 +
*[http://www.fortify.com/ Fortify Software]
 +
*[http://www.hosting.com/ Hosting.com]
 +
*[http://www.whitehatsec.com/home/index.html Whitehat Security]
 +
 
 +
 
 +
If you are interested in sponsoring next year's Front Range OWASP Conference, please contact Kathy Thaxton at kthaxton at owasp dot org.
 +
 
 +
Logistics information for sponsors is available [[FROC2010 Sponsor Info|here]]
  
 
More information about conference sponsorship is available [[OWASP AppSec Conference Sponsors | here]].
 
More information about conference sponsorship is available [[OWASP AppSec Conference Sponsors | here]].
  
 
[[Category:OWASP AppSec Conference]]
 
[[Category:OWASP AppSec Conference]]
 +
 +
 +
====Twitter Feed====
 +
{|
 +
|-
 +
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
 +
Use the '''[http://search.twitter.com/search?q=%23FROC #FROC]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)
 +
 +
'''@OWASP303 Twitter Feed ([http://twitter.com/OWASP303 follow us on Twitter!])'''
 +
<twitter>55021150</twitter>
 +
 +
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 +
|}
  
  

Latest revision as of 18:20, 19 July 2010


FROC2010 was a major success! The survey resultsare now posted.

Looking for the presentations and videos? They are here


Welcome

Froc2010 sm.png Welcome to FROC 2010, the third annual Front Range OWASP Application Security Conference!

After successful FROC's in June of 2008, and March of 2009, we are back in Denver, Colorado USA on Wednesday the 2nd of June 2010!

This year we again present a full day, multi-track event, which will provide valuable information for managers and executives as well as developers and engineers.

In 2009, we attracted a packed venue with our great AppSec speakers, and we hope to achieve the same again in 2010. This year we are organizing the conference with the support of our colleagues at the Cloud Security Alliance, and will feature an AppSec track as well as a CloudSec/VirtSec track.

Registration

Due to the hard work of our organizers and the gracious support of our sponsors, FROC was a free event in 2008 and 2009. This year, thanks to the generosity of our sponsors we are offering tickets to the event on a DONATION basis. Pay whatever you or your company can afford.


Agenda

Agenda and Presentations: 2 June 2010

The agenda follows the successful OWASP conference multi track format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing panel discussions back in the main auditorium.

June 2, 2010
07:30-08:30 Registration and Continental Breakfast in the Sponsor Expo Room
08:30-08:35 Welcome to FROC 2010 Conference

David Campbell, OWASP Denver

08:35-09:35 Keynote: "Watching Software Run: Software Security Beyond Defect Elimination"

Brian Chess, Fortify Software

Presentation Video

09:35-10:00 OWASP: State of the Union

Tom Brennan, OWASP Board - BIO

Video

10:00-10:20 Cloud Security Alliance: State of the Union

Randy Barr, Cloud Security Alliance

Video

10:20-10:30 Break - Expo - CTF
AppSec/Technical Track: Room 1 Cloud/Mobile/Emerging Track: Room 2 Management / Exec Track: Room 3
10:30-11:15 "2010: Web Hacking Odyssey - The Top Hacks of the Year"

Jeremiah Grossman

Presentation Video Note the blip version seems broken, so linked to WhiteHatSec webex.

"Building a Secure, Compliant Cloud for the Enterprise"

Matt Ferrari, Hosting.com

"Anatomy of a Logic Flaw"

David Byrne and Charles Henderson, Trustwave

11:15-12:00 "Advanced MITM Techniques for Security Testers"

Mike Zusman, Raj Umadas and Aaron Rhodes, Intrepidus Group

Presentation

"YOU are the weakest link"

Chris Nickerson, Lares Consulting

Presentation

"Effectively marketing security as a win for both the business and the customer"

Ben Whaley, Applied Trust Engineering and Jeff Smith, Rally Software

Presentation

12:00-13:00 Lunch - Expo - CTF
13:00-13:50 "Vulnerabilities in Secure Code: Now and Beyond"

Alex Wheeler and Ryan Smith, Accuvant

Video

"Real life CSI – Data Mining and Intelligence Gathering for the masses"

Chris Roberts, Cyopsis

Presentation

"The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise"

John Dickson, Denim Group

Presentation

13:50-14:40 "Beware of Serialized GUI Objects Bearing Data"

David Byrne and Rohini Sulatycki, Trustwave

Video

"What's Old Is New Again: An Overview of Mobile Application Security"

Zach Lanier and Mike Zusman, Intrepidus Group

"Fundamental Practices and Tools to implement a security development lifecycle"

Cassio Goldschmidt, Symantec

Presentation

14:40-15:00 BREAK
15:00-15:50 "Solving Real-World Problems with an Enterprise Security API"

Chris Schmidt

Presentation Video

"Cloudy with a chance of hack"

Lars Ewe, Cenzic

Presentation

"Application Security Program Management with Vulnerability Manager"

Bryan Beverly, Denim Group

Presentation

15:50-16:30 Panel Discussion: Topic: "Security successes are like Six legged calves: unnatural, but they happen." Moderator: John Dickson, Denim Group.

Panelists: Randy Barr, CSO @ Qualys. Jeremiah Grossman, CTO @ WhiteHat Security, Chris Nickerson, Principal @ Lares Consulting, Andy Lewis, CSO @ New Frontier Media

16:30-17:30 Wrap up, vendor raffles, CTF awards, FREE BEER!


Logistics

Denver mountains.JPG

This year, the conference will again be held at University of Colorado, Denver. However, instead of the Tivoli Student Union, this year the event will be hosted at the North Classroom building (Atrium UCD).

Froc map.GIF

Google Map of the Venue: 1200 Larimer St., Denver CO 80204

Accomodation

OWASP has negotiated discounted rates with the uber-pimpin Hotel Teatro. Rooms under the FROC rate are $159/night and include courtesy Cadillac Escalade transportation to and from Auraria Campus. To reserve a room, contact Hotel Teatro at +1.303.228.1100 and mention FROC or use the iHotelier.com link here.

How to get to the venue?
  • By taxi: taxi from the airport to venue is about $50 USD
  • From hotel: transport from the conference hotel (Hotel Teatro) by limo is free
  • By car: there is plenty of parking at the UCD. Attendees should park at the Tivoli lot (as in past years) and it is a short walk to the North Classroom buildings. Parking validation will be provided for registered FROC participants.




Capture the Flag (CTF)

A capture the flag contest was held, with challenges in the categories of network, forensics, and web applications. The winner received a new iPad. Second and third place received an iPod shuffle.

The team that won the contest consisted of four members of the Denver Defcon group, dc303 (http://dc303.org). This group also plays in the annual Defcon CTF competition (with about 20 other folks from the Denver area). If you are interested in joining them for future CTF competitions (local and abroad), contact mantis1 at gmail.com.

Second place went to Matthew Rowley (playing on his own)

Final scores:

Rank Name Score Comments
1 mantis 4500
2 Matthew Rowley 2850 (wuntee)
3 jgimer 2300
4 jsouza 2200
5 CSURams 1800
6 quincymagoo 1200
7 skehoe 700
8 jtevans 700
9 igctf 700
10 kdavis 700


Conference Committee

FROC 2010 Planning Committee Chair: Kathy Thaxton - kthaxton at owasp dot org

Presentation Selection Committee:

  • Mark Bristow - OWASP Global Conference Committee
  • David Campbell - OWASP Denver
  • Eric Duprey - OWASP Denver
  • Chris Hoff - Cloud Security Alliance
  • Eoin Keary - Chair, OWASP Global Conference Committee
  • Michael Sutton - Cloud Security Alliance
  • Jim Reavis - Cloud Security Alliance


Colorado Chapter Hosts:

  • David Campbell - OWASP Denver - dcampbell at owasp dot org
  • Eric Duprey - OWASP Denver - eduprey at owasp dot org


Vendor Exhibition POC: Kathy Thaxton - kthaxton at owasp dot org


Capture the Flag POC: Eric Duprey - eduprey at owasp dot org


Conference Sponsors

Sponsors.PNG

The following organizations are proud sponsors of this conference:


If you are interested in sponsoring next year's Front Range OWASP Conference, please contact Kathy Thaxton at kthaxton at owasp dot org.

Logistics information for sponsors is available here

More information about conference sponsorship is available here.


Twitter Feed

Use the #FROC hashtag for your tweets (What are hashtags?)

@OWASP303 Twitter Feed (follow us on Twitter!) <twitter>55021150</twitter>