This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2009 Schedule"

From OWASP
Jump to: navigation, search
(Back to Conference Page)
(Back to Conference Page)
Line 9: Line 9:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" |    
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" |    
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room 1'''  
+
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room 154A'''  
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room 2'''  
+
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room 149B'''  
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 3'''  
+
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 149A'''  
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 4'''
+
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 154B'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room 5'''
+
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room 155'''
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
Line 38: Line 38:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" |    
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" |    
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room 1'''  
+
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room 154A'''  
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room 2'''  
+
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room 149B'''  
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 3'''  
+
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 149A'''  
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 4'''
+
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 154B'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room 5'''
+
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room 155'''
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
Line 48: Line 48:
 
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 2:<br>Java EE Secure Code Review<br>Sahba Kazerooni
 
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 2:<br>Java EE Secure Code Review<br>Sahba Kazerooni
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" |
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" |
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
Line 58: Line 58:
 
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni
 
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" |
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]<!-- Day 2 -->
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | <!-- Day 2 -->
 
|}
 
|}
 
====Talks 11/12====  
 
====Talks 11/12====  

Revision as of 14:44, 27 October 2009


Back to Conference Page

Please note, speaking times are not final, check back regularly for updates.

Training 11/10

Day 1 - Nov 10th 2009
  Room 154A Room 149B Room 149A Room 154B Room 155
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Day 1:
Java EE Secure Code Review
Sahba Kazerooni
Threat Modeling Express
Krishna Raja
Foundations of Web Services and XML Security
Dave Wichers
Aspect Security
Live CD
Matt Tesauro
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Java EE Secure Code Review
Sahba Kazerooni
Threat Modeling Express
Krishna Raja
Foundations of Web Services and XML Security
Dave Wichers
Aspect Security
Live CD
Matt Tesauro

Training 11/11

Day 2 - Nov 11th 2009
  Room 154A Room 149B Room 149A Room 154B Room 155
09:00-12:00 Day 2:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Day 2:
Java EE Secure Code Review
Sahba Kazerooni
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
Leader and Manager Training - Leading the Development of Secure Applications
John Pavone
Aspect Security
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Java EE Secure Code Review
Sahba Kazerooni
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
Leader and Manager Training - Leading the Development of Secure Applications
John Pavone
Aspect Security

Talks 11/12

Day 1 - Nov 12th 2009
  OWASP Tools SDLC Web 2.0
07:30-08:45 Registration
08:45-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Joe Jarzombek
10:00-10:30 Coffee Break & Room Change
10:30-11:30 OWASP ESAPI
Jeff Williams
Clubbing WebApps with a Botnet
Gunter Ollmann
Enterprise Application Security - GE's approach to solving root cause
Darren Challey
Understanding the Implications of Cloud Computing on Application Security
Dennis Hurst
11:30-12:30 Software Assurance Maturity Model (SAMM)
Pravir Chandra
The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security
Jacob West
Software Development The Next Security Frontier
Jim Molini
Transparent Proxy Abuse
Robert Auger
12:30-13:30 DISA's Application Security and Development STIG: How OWASP Can Help You
Jason Li
OWASP ModSecurity Core Rule Set Project
Ryan C. Barnett
The essential role of infosec in secure software development
Kenneth R. van Wyk
Development Issues Within AJAX Applications: How to Divert Threats
Lars Ewe
13:30-14:30 Lunch
14:30-15:30 Defend Yourself: Integrating Real Time Defenses into Online Applications
Michael Coates
Finding the Hotspots: Web-security testing with the Watcher tool
Chris Weber
SDLC Panel
 
Pravir Chandra
Dan Cornell
Michael Craigue
Dennis Hurst
Joey Peloquin
David Rook
Keith Turpin
Social Zombies: Your Friends Want to Eat Your Brains
Tom Eston/Kevin Johnson
15:30-16:30 The ESAPI Web Application Firewall
Arshan Dabirsiaghi
One Click Ownage
Ferruh Mavituna
Cloudy with a chance of 0-day
Jon Rose/Tom Leavey
Web Application Security Scanner Evaluation Criteria
Brian Shura
16:30-17:30 OWASP Live CD: An open environment for Web Application Security
Matt Tesauro / Brad Causey
Learning by Breaking: A New Project Insecure Web Apps
Chuck Willis
Vulnerability Management in an Application Security World
Dan Cornell
Attacking WCF Web Services
Brian Holyfield
Synergy! A world where the tools communicate

Josh Abraham

17:30-18:30 The Entrepreneur's Guide to Career Management
Lee Kushner
Advanced SSL: The good, the bad, and the ugly
Michael Coates
Threat Modeling
John Steven
When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies
Rafal Los
User input piercing for Cross Site Scripting Attacks
Matias Blanco
19:00-???? Reception

Talks 11/13

Day 2 - Nov 13th 2009
  Attack & Defend Process Metrics Compliance
07:30-09:00 Registration
09:00-10:00 Keynote: TBA
10:00-10:30 Coffee Break & Room Change
10:30-11:30 Securing the Core JEE Patterns
Rohit Sethi/Krishna Raja
The Big Picture: Web Risks and Assessments Beyond Scanning
Matt Fisher
The Web Hacking Incidents Database
Ryan C. Barnett
Business Logic Automatons: Friend or Foe?
Ofer Shezaf
11:30-12:30 Unicode Transformations: Finding Elusive Vulnerabilities
Chris Weber
Scalable Application Assessments in the Enterprise
Tom Parker/Lars Ewe
Application security metrics from the organization on down to the vulnerabilities
Chris Wysopal
SCAP: Automating our way out of the Vulnerability Wheel of Pain
Ed Bellis
12:30-13:30 Malicious Developers and Enterprise Java Rootkits
Jeff Williams
Secure Software Updates: Update Like Conficker
Jeremy Allen
OWASP Top 10 - 2010
Dave Wichers
Secure SDLC: The Good, The Bad, and The Ugly
Joey Peloquin
13:30-14:30 Lunch
14:30-15:30 The 10 least-likely and most dangerous people on the Internet
Robert Hansen
Improving application security after an incident
Cory Scott
Hacking by Numbers
Tom Brennan
Federal CISO Panel
15:30-16:30 Automated vs. Manual Security: You can't filter The Stupid
David Byrne/Charles Henderson
Custom Intrusion Detection Techniques for Monitoring Web Applications
Matthew Olney
Building an in-house application security assessment team
Keith Turpin
16:30-17:30 Advanced SQL Injection
Joe McCray
TBD The OWASP Security Spending Benchmarks Project
Dr. Boaz Gelbord
Promoting Application Security within Federal Government
Sarbari Gupta
17:30-18:30 Manipulating Web Application Interfaces, a new approach to input validation
Felipe Moreno-Strauch
Deploying Secure Web Applications with OWASP Resources
Kuai Hinojosa
SANS Dshield Webhoneypot Project
Jason Lam
Techniques in Attacking and Defending XML/Web Services
Mamoon Yunus/Jason Macy
Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
Kevin Johnson, Justin Searle, Frank DiMaggio
18:30-19:00 Closing Remarks

Back to Conference Page