This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2009

Revision as of 12:54, 6 August 2009 by KateHartmann (talk | contribs)

Jump to: navigation, search


Walter E. Washington Convention Center | Registration


We are pleased to announce that the OWASP DC chapter will host the OWASP AppSec 2009 conference in Washington, DC. The AppSec DC OWASP Conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 600-700 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

AppSec DC 2009 will be held at the Walter E. Washington Convention Center (801 Mount Vernon Place NW Washington, DC 20001) on November 12th and 13th 2009 and will be preceded by OWASP training opportunities on November 10th and 11th. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit). Supporting these events drives the funding for research grants, tools and documents, local chapters, and more.

You can register for the conference here


Use the #AppSecDC hashtag for your tweets (What are hashtags?)

@AppSecDC09 Twitter Feed (follow us on Twitter!) <twitter>34534108</twitter>


Registration is now open!

You can register here

Current pricing reflects an "Early Bird" discount of $50 off the at the door price of $395.

OWASP membership ($50 annual membership fee) gets you a discount of $50.

$345 General Public
$295 OWASP Members
$195 Students

For student discount, attendees must present proof of enrollment when picking up your badge.


Volunteers Needed!

Get involved!

We will take all the help we can get to pull off the best Web Application Security Conference of the year!

Please contact the appropriate arch-minion to volunteer for a specific area:

More opportunities and areas will be added as time goes on.

Or, you can email the organizers at mark.bristow(at), doug.wilson(at) or rex.booth(at)

Or email appsec_us_09(at) or sign up for the mailing list!


Walter E. Washington Convention Center

AppSec DC 2009 will be taking place at the Walter E. Washington Convention Center in downtown Washington DC.

The convention center is located over the Mount Vernon Square/Convention Center Metro stop on the Green and Yellow lines of the DC Metro, and only a few blocks from our convention hotel, the Grand Hyatt Washington (reserve rooms here).


Grand Hyatt Washington DC

We've partnered with the Grand Hyatt Washington to bring you luxury accommodations at a reasonable price for your stay during our conference.

The Grand Hyatt is only a few blocks from the DC Convention Center and adjacent to a wide variety of restaurants and night life in downtown DC.

Our convention rate for reservations can also be applied shortly before or after the conference, if you wish to stay longer and enjoy the Washington DC Metropolitan Area.

You can register for a room at our convention rate of $209/night here.

The Grand Hyatt Washington is one block from the Metro Center metro station, and three blocks from the Gallery Place/Chinatown metro station.



We are currently soliciting sponsors for the AppSec DC Conference. Please refer to our sponsorship opportunities for details.

Slots are going fast so contact us to sponsor today! Sponsorships will be announced soon


Talks at AppSec DC

Tom Eston and Kevin Johnson: Social Zombies: Your Friends Want to Eat Your Brains

Lars Ewe: Dev Issues Within AJAX Apps

Joe McCray: Advanced SQL Injection

Matt Fisher: The Big Picture: Web Risks and Assessments Beyond Scanning

Chris Wysopal: AppSec Metrics

Jeff Williams: OWASP ESAPI

Ed Bellis: SCAP

Tom Brennan: Application Security Statistics

Robert Auger: Transparent Proxy Abuse

John Steven: Threat Modeling

Cory Scott: Improving App sec after an incident


Traveling to the DC Metro Area

The Washington DC Area is serviced by three airports -- Reagan National (DCA), Dulles (IAD), and Thurgood Marshall Baltimore/Washington International (BWI). All currently have available transportation to downtown DC via public transportation, shuttles, or cab.

Washington DC is also serviced by Amtrak, VRE, and MARC train lines, which arrive in Union Station, a few metro stops or a short cab ride away from the convention center and the Grand Hyatt.

If you live in the DC Metropolitan area, we suggest taking Metro to the event. The convention center is located over the Mount Vernon Square/Convention Center Metro stop on the Green and Yellow lines of the DC Metro.


There are a total of five classrooms over two days or 10 training days available at the conference. Two classrooms hold 30 students and the other three have a capacity of 24 students. We are working to confirm our selected trainers so check back soon for some great classes!

2 Day Training: November 10 and November 11

Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework

Java EE Secure Code Review

1 Day Training November 10

Threat Modeling Express

Web 2.0 Security - SOA, Web Services, and SML

Secure Coding for .Net

1 Day Training November 11

WebAppSec.php: Developing Secure Web Applications

Web applications are the new frontier of wide‐spread security breaches. This tutorial will guide through development practices to ensure the security and integrity of web applications, in turn protecting user data and the infrastructure the application runs on. Several attack types will be reviewed, along with how the proper development practices can mitigate their damage. Although the tutorial targets the security of PHP‐based applications, much of the content is applicable to other programming languages as well.

Instructor: Robert Zakon: Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy, over 15 years ago. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non‐profits and government agencies on technology, information, and security architectures and infrastructures. He has presented at numerous conferences and taught a handful of courses and tutorials. Robert is a former Principal Engineer with MITRE's Information Security Center, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at where a full vitae is available.

Applying the OWASP Testing Guide with the OWASP Live CD

Leader and Manager Training