OWASP AppSec DC 2009
Registration is now open!
You can register here
Current pricing reflects an "Early Bird" discount of $50 off the at the door price of $395.
OWASP membership ($50 annual membership fee) gets you a discount of $50.
For student discount, attendees must present proof of enrollment when picking up your badge.
We will take all the help we can get to pull off the best Web Application Security Conference of the year!
Please contact the appropriate arch-minion to volunteer for a specific area:
- Security -- Angel Contreras
- Speakers and Trainers -- Wade Woolwine and Jeremy Long
- Vendors -- Dave Sachdev
- Facilities -- Doug Wilson and Barry Austin
More opportunities and areas will be added as time goes on.
Or, you can email the organizers at mark.bristow(at)owasp.org, doug.wilson(at)owasp.org or rex.booth(at)owasp.org
Or email appsec_us_09(at)lists.owasp.org or sign up for the mailing list!
Walter E. Washington Convention Center
AppSec DC 2009 will be taking place at the Walter E. Washington Convention Center in downtown Washington DC.
The convention center is located over the Mount Vernon Square/Convention Center Metro stop on the Green and Yellow lines of the DC Metro, and only a few blocks from our convention hotel, the Grand Hyatt Washington (reserve rooms here).
Grand Hyatt Washington DC
We've partnered with the Grand Hyatt Washington to bring you luxury accommodations at a reasonable price for your stay during our conference.
The Grand Hyatt is only a few blocks from the DC Convention Center and adjacent to a wide variety of restaurants and night life in downtown DC.
Our convention rate for reservations can also be applied shortly before or after the conference, if you wish to stay longer and enjoy the Washington DC Metropolitan Area.
You can register for a room at our convention rate of $209/night here.
We are currently soliciting sponsors for the AppSec DC Conference. Please refer to our sponsorship opportunities for details.
Slots are going fast so contact us to sponsor today! Sponsorships will be announced soon
Talks at AppSec DC
Tom Eston and Kevin Johnson: Social Zombies: Your Friends Want to Eat Your Brains
Lars Ewe: Dev Issues Within AJAX Apps
Joe McCray: Advanced SQL Injection
Matt Fisher: The Big Picture: Web Risks and Assessments Beyond Scanning
Chris Wysopal: AppSec Metrics
Jeff Williams: OWASP ESAPI
Ed Bellis: SCAP
Tom Brennan: Application Security Statistics
Robert Auger: Transparent Proxy Abuse
John Steven: Threat Modeling
Cory Scott: Improving App sec after an incident
Traveling to the DC Metro Area
The Washington DC Area is serviced by three airports -- Reagan National (DCA), Dulles (IAD), and Thurgood Marshall Baltimore/Washington International (BWI). All currently have available transportation to downtown DC via public transportation, shuttles, or cab.
If you live in the DC Metropolitan area, we suggest taking Metro to the event. The convention center is located over the Mount Vernon Square/Convention Center Metro stop on the Green and Yellow lines of the DC Metro.
There are a total of five classrooms over two days or 10 training days available at the conference. Two classrooms hold 30 students and the other three have a capacity of 24 students. We are working to confirm our selected trainers so check back soon for some great classes!
2 Day Training: November 10 and November 11
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
This course will focus on using open source tools to perform web application assessments. The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF). Day one will take students through the steps and open source tools used to assess applications for vulnerabilities. Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks. The latest tools and techniques will be use throughout the course, including several tools developed by the trainers themselves.
Instructor: Justin Searle: Justin Searle, a Senior Security Analyst with InGuardians, specializes in penetration testing and security architecture. Previously, Justin served as JetBlue Airway’s IT Security Architect and has provided top-tier support for the largest supercomputers in the world. In his rapidly dwindling spare time, Justin co-leads prominent open source projects including The Middler, Samurai Web Testing Framework, BASE, and the social networking pentest tools: Yokoso! and Laudnum.
Java EE Secure Code Review
1 Day Training November 10
Threat Modeling Express
Web 2.0 Security - SOA, Web Services, and SML
Secure Coding for .Net
1 Day Training November 11
WebAppSec.php: Developing Secure Web Applications
Web applications are the new frontier of wide‐spread security breaches. This tutorial will guide through development practices to ensure the security and integrity of web applications, in turn protecting user data and the infrastructure the application runs on. Several attack types will be reviewed, along with how the proper development practices can mitigate their damage. Although the tutorial targets the security of PHP‐based applications, much of the content is applicable to other programming languages as well.
Instructor: Robert Zakon: Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy, over 15 years ago. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non‐profits and government agencies on technology, information, and security architectures and infrastructures. He has presented at numerous conferences and taught a handful of courses and tutorials. Robert is a former Principal Engineer with MITRE's Information Security Center, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at www.Zakon.org where a full vitae is available.
Applying the OWASP Testing Guide with the OWASP Live CD
Leader and Manager Training - Leading the Development of Secure Applications
Managing a project to create a secure application takes the right combination of activities, teams, and supporting technology. This engaging course leads you through a set of proven, practical activities that result in demonstrable security.
Instructor: Dave Wichers: Aspect's instructors are professional software developers who have dedicated their career to application security. Our instructors spend the majority of their time working with clients to secure critical web applications using a wide variety of web application technology. This practical experience allows our instructors to have interesting discussions about real-world problems that drive home the lessons being taught.