This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec DC 2012"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
{{:OWASP AppSec DC 2012 Header}}
 
{{:OWASP AppSec DC 2012 Header}}
  
====Welcome==== 
+
=Welcome=  
  
 
{| style="width: 100%;"
 
{| style="width: 100%;"
Line 54: Line 54:
 
<!-- End Banner -->  
 
<!-- End Banner -->  
  
====CFP====
+
=CFP=
  
 
In accordance with the broader OWASP mission stemming from the 2011 OWASP Global Summit, AppSec DC is working to reflect the move of OWASP towards embracing all facets of Application Security, and not restricting it's content to strictly to the realm of web applications. Therefore we invite all practitioners of application security and those who work with or interact with all facets of application security to submit papers and participate in the conference.
 
In accordance with the broader OWASP mission stemming from the 2011 OWASP Global Summit, AppSec DC is working to reflect the move of OWASP towards embracing all facets of Application Security, and not restricting it's content to strictly to the realm of web applications. Therefore we invite all practitioners of application security and those who work with or interact with all facets of application security to submit papers and participate in the conference.
Line 76: Line 76:
 
Additional information can be found in the [[OWASP AppSec DC 2012 - FAQ|Conference FAQ]].   
 
Additional information can be found in the [[OWASP AppSec DC 2012 - FAQ|Conference FAQ]].   
  
==== Registration  ====
+
= Registration  =
  
 
''' Registration is not available yet for the April 2012 Conference.''' <br>  
 
''' Registration is not available yet for the April 2012 Conference.''' <br>  
Line 139: Line 139:
 
<br>
 
<br>
  
==== Volunteer  ====
+
= Volunteer  =
  
 
== Volunteers Needed!  ==
 
== Volunteers Needed!  ==
Line 151: Line 151:
 
To volunteer please email [mailto:[email protected] [email protected]]
 
To volunteer please email [mailto:[email protected] [email protected]]
  
==== Schedule  ====
+
= Schedule  =
  
 
{{:OWASP AppSec DC 2012 Schedule}}
 
{{:OWASP AppSec DC 2012 Schedule}}
  
==== Training  ====
+
= Training  =
  
 
== Training  ==
 
== Training  ==
Line 175: Line 175:
 
TBD
 
TBD
  
==== Contests  ====
+
= Contests  =
  
 
== OWASP Member Door Prizes! ==
 
== OWASP Member Door Prizes! ==
Line 186: Line 186:
 
TBD
 
TBD
  
==== Venue  ====
+
= Venue  =
  
 
== Walter E. Washington Convention Center  ==
 
== Walter E. Washington Convention Center  ==
Line 196: Line 196:
 
[http://www.dcconvention.com/ http://www.owasp.org/images/8/85/Screen_shot_2009-10-03_at_12.55.55_PM.png]
 
[http://www.dcconvention.com/ http://www.owasp.org/images/8/85/Screen_shot_2009-10-03_at_12.55.55_PM.png]
  
==== Hotel  ====
+
= Hotel  =
  
 
Hotel contracts are TBD
 
Hotel contracts are TBD
  
==== Sponsors  ====
+
=Sponsors  =
  
 
== Sponsors  ==
 
== Sponsors  ==
Line 210: Line 210:
 
<!-- Slots are going fast so contact us to sponsor today! -->
 
<!-- Slots are going fast so contact us to sponsor today! -->
  
==== Travel  ====
+
= Travel  =
  
 
== Traveling to the DC Metro Area  ==
 
== Traveling to the DC Metro Area  ==
Line 220: Line 220:
 
If you live in the DC Metropolitan area, we suggest taking [http://www.wmata.com Metro] to the event. The convention center is located over the [http://www.wmata.com/rail/station_detail.cfm?station_id=70 Mount Vernon Square/Convention Center Metro stop] on the Green and Yellow lines of the [http://www.wmata.com DC Metro].  
 
If you live in the DC Metropolitan area, we suggest taking [http://www.wmata.com Metro] to the event. The convention center is located over the [http://www.wmata.com/rail/station_detail.cfm?station_id=70 Mount Vernon Square/Convention Center Metro stop] on the Green and Yellow lines of the [http://www.wmata.com DC Metro].  
  
==== Conference Committee ====
+
= Conference Committee =
  
 
===Organizers===  
 
===Organizers===  
Line 247: Line 247:
 
* Sponsorships ([mailto:[email protected] [email protected]])
 
* Sponsorships ([mailto:[email protected] [email protected]])
  
====FAQ====
+
=FAQ=
 
{{:OWASP AppSec DC 2012 - FAQ}}
 
{{:OWASP AppSec DC 2012 - FAQ}}
  

Revision as of 17:22, 12 December 2011


AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

We are pleased to announce that the OWASP DC chapter will host the OWASP AppSecDC 2012 conference in Washington, DC. The AppSecDC conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 600-700 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

AppSecDC 2012 will be held at the Walter E. Washington Convention Center (801 Mount Vernon Place NW Washington, DC 20001) on April 2nd through 5th 2012.

Who Should Attend AppSec DC:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security

Conference FAQ




Threestarforsite.png

Use the #ASDC12 hashtag for your tweets for AppSec DC (What are hashtags?)

@AppSecDC Twitter Feed (follow us on Twitter!) <twitter>34534108</twitter>

In accordance with the broader OWASP mission stemming from the 2011 OWASP Global Summit, AppSec DC is working to reflect the move of OWASP towards embracing all facets of Application Security, and not restricting it's content to strictly to the realm of web applications. Therefore we invite all practitioners of application security and those who work with or interact with all facets of application security to submit papers and participate in the conference.

The AppSec DC 2012 Content Committee is seeking presentations in the following subject areas:

  • OWASP Projects
  • Research in Application Security Defense (Defense & Countermeasures)
  • Research in Application Security Offense (Vulnerabilities & Exploits)
  • Web Application Security
  • Critical Infrastructure Security
  • Mobile Security
  • Government Initiatives & Government Case Studies
  • Effective Case studies in Policy, Governance, Architecture or Life Cycle
  • and other application security topics

Submit papers to http://cfp.appsecdc.org. Submission deadline is January 15th 2012. Inquires can be made to cfpATappsecdcDOTorg.

To submit a paper, you will have to sign up for an EasyChair account at https://www.easychair.org/account/signup.cgi.

Additional information can be found in the Conference FAQ.

Registration is not available yet for the April 2012 Conference.


Group Discounts

  • 10% off for groups of 10-19
  • 20% off for groups of 20-29
  • 30% off for groups of 30 or more

Who Should Attend AppSec DC 2012

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security
  • Anyone interested in learning about or promoting Web Application Security


Volunteers Needed!

Get involved!

We will take all the help we can get to pull off the best Web Application Security Conference of the year!

More opportunities and areas will be added as time goes on. Our Volunteer Guide can be downloaded which outlines some of the responsibilities and available positions.

To volunteer please email [email protected]

Plenary Day 1 - 4/4/2012
Offense & Tools
Room 201
Case Studies
Room 202A
IoMT
Room 202B
Interrogate!
Room 206
7:30 AM - 8:50 AM Registration
8:50 AM - 9:00 AM Welcome and Opening Remarks
Room 202A
9:00 AM - 10:00 AM Keynote: Dan Geer
Room 202A
10:00 AM - 10:45 AM OWASP Board
Room 202A
10:45 AM - 11:00 AM Coffee Break
11:00 AM - 11:50 AM DOMJacking - Attack, Exploit and Defense
video | slides

Shreeraj Shah
The Unfortunate Reality of Insecure Libraries
video | slides

Jeff Williams and Arshan Dabirsiaghi
Python Basics for Web App Pentesters - Part 2
video | slides

Justin Searle
Integrating Application Security into your Lifecycle and Procurement
video | slides

Moderator: Jim Manico
11:50 AM - 12:00 PM Coffee Break
12:00 PM - 12:50 PM Attacking CAPTCHAs for Fun and Profit
video | slides

Gursev Singh Kalra
GoatDroid
video | slides

Jack Manino
Security is Dead. Long Live Rugged DevOps: IT at Ludicrous Speed
video | slides

Joshua Corman
12:50 PM - 2:30 PM No-Host Lunch
2:30 PM - 3:20 PM Hacking .NET(C#) Applications: The Black Arts
video | slides

Jon McCoy
Security at scale: Web application security in a continuous deployment environment
video | slides

Zane Lackey
The "Easy" Button for Your Web Application Security Career
video | slides

Salvador Grec
Risk Analysis and Measurement with CWRAF
video | slides

Joe Jarzombek, Bob Martin, Walter Houser and Tom Brennan
3:20 PM - 3:30 PM Coffee Break
3:30 PM - 4:20 PM OWASP Broken Web Applications (OWASP BWA) 1.0 Release
video | slides

Chuck Willis
Security Is Like An Onion, That's Why It Makes You Cry
video | slides

Michele Chubirka
Anatomy of a Logic Flaw
video | slides

Charles Henderson and David Byrne
4:20 PM - 4:30 PM Coffee Break
4:30 PM - 5:20 PM New and Improved Hacking Oracle from Web
video | slides

Sumit Siddharth
State of Web Security
video | slides

Robert Rowley
Old Webshells, New Tricks -- How Persistent Threats have revived an old idea, and how you can detect them.
video | slides

Ryan Kazanciyan
Fed Panel
video | slides

Moderator: Rex Booth

Ron Ross, Joe Jarzombek, Kris Britton & Darren Death

5:20 PM - 5:30 PM Coffee Break
5:30 PM - 6:20 PM Unraveling some of the Mysteries around DOM-based XSS
video | slides

Dave Wichers
2012 Global Security Report
video | slides

Tom Brennan and Nick Percoco
Survivable Software for Cyber-Physical Systems
video | slides

Karen Mercedes Goertzel
6:20 PM Networking Opportunity in Room 207AB sponsored by: SPL-LOGO-MED.png


Plenary Day 2 - 4/5/2012
Critical Infrastructure
Room 201
Defend!
Room 202A
On the Go
Room 202B
SDLC
Room 206
7:30 AM - 9:00 AM Registration
9:00 AM - 9:50 AM Pentesting Smart Grid Web Apps
video | slides

Justin Searle
Friends don't let friends store passwords in source code
video | slides

Neil Matatall
Smart Bombs: Mobile Vulnerability and Exploitation
video | slides

Kevin Johnson, John Sawyer and Tom Eston
Overcoming the Quality vs. Quantity Problem in Software Security Testing
video | slides

Rafal Los
Web Application Defense with Bayesian Attack Analysis
video | slides

Ryan Barnett
9:50 AM - 10:00 AM Coffee Break
10:00 AM - 10:50 AM Vulnerabilities in Industrial Control Systems
video | slides

Kevin Hemsly
Access Control Designs and Pitfalls
video | slides

Jim Manico
Software Security Goes Mobile
video | slides

Jacob West
Baking In Security, Sweet, Secure, Cupcakes
video | slides

Ken Johnson and Matt Ahrens
10:50 AM - 11:00 AM Coffee Break
11:00 AM - 11:50 AM AMI Security
video | slides

John Sawyer and Don Weber
SharePoint Security 101
video | slides

Rob Rachwald, Amichai Shulman and Noa Bar-Yosef
Behind Enemy Lines - Practical& Triage Approaches to Mobile Security Abroad - 2012 Edition
video | slides

Justin Morehouse
Understanding IAST - More Context, Better Analysis
video | slides

Jeff Williams
11:50 AM - 1:30 PM No-Host Lunch
1:30 PM - 2:20 PM Project Basecamp: News from Camp 4
video | slides

Reid Wightman
Enterprise Security API (ESAPI) for C Plus Plus
video | slides

Dan Amodio
Whack-a-Mobile II: Mobile App Pen Testing with the MobiSec Live Environment
video | slides

Kevin Johnson and Tony Delagrange
Proactive risk mitigation within the Software Development Lifecycle (SDLC)
video | slides

Joe White
2:20 PM - 2:30 PM Coffee Break
2:30 PM - 3:20 PM Real world backdoors on industrial devices
video | slides

Ruben Santamarta
Dynamic DAST/WAF Integration
video | slides

Ryan Barnett
An In-Depth Introduction to the Android Permissions Model, and How to Secure Multi-Component Applications
video | slides

Jeff Six
Teaching an Old Dog New Tricks: Securing Development with PMD
video | slides

Joe Hemler
3:20 PM - 3:30 PM Coffee Break
3:30 PM - 4:20 PM Denial of Surface.
video | slides

Eireann Leverett
Cloud-based dWAF: A Real World Deployment Case Study
video | slides

Alexander Meisel
Android in the Healthcare Workplace: A Case Study
video | slides

Thomas Richards
What can an Acquirer do to prevent developers from make dangerous software errors?
No video avail | slides

Michele Moss and Don Davidson
4:20 PM - 4:30 PM Coffee Break
4:30 PM - 5:20 PM Securing Critical Infrastructure
video | slides

Francis Cianfrocca and Bob Lam
Using PHPIDS to Understand Attacks Trends
video | slides

Salvador Grec
Mobile Application Security - Who, how and why
video | slides

Mike Park and Charles Henderson
Private information Protection in Cloud Computing _ Laws, Compliance and Cloud Security Misconceptions
video | slides

Mikhail Utin and Daniil Utin
5:20 PM Closing Remarks
Room 202A


Training

Call for papers is now OPEN until December 15th 2011. Submit proposals to http://training.appsecdc.org

OWASP strives to provide world class training for a variety of skill levels and interests at its conferences. From the novice to the expert, developers to managers, there is a training course at AppSec DC for you! Classes will begin at 9 AM each day and run until 5 PM (Daily schedule set by the trainer). Morning refreshments and lunch will be provided. Check each course for the required materials.

2 Day Training

TBD

1 Day Training

TBD

OWASP Member Door Prizes!

Are you an OWASP Member? At AppSecDC we will be giving away some amazing door prizes to some randomly selected OWASP members in attendance. You HAVE to be an OWASP member to be elligable, but if your not, you can easily add the $50 annual membership to your conference ticket and recieve $50 off admission. That's right, FREE OWASP MEMBERSHIP when combined with AppSec DC Registration! So remember to Register today with your OWASP membership!

This years contests vary in length, challenges, objectives and the skill-set of the participants. The goal of this year's ASDC challenges are to include application security folks of all backgrounds from developers to ninjas and to do so in a fun environment that keeps contestants scratching their heads. Contestants have the option of either participating in a more relaxed environment with shorter contest length or going for the more intense route. Contests consist of:

TBD

Walter E. Washington Convention Center

AppSec DC 2012 will be taking place at the Walter E. Washington Convention Center in downtown Washington DC.

The convention center is located over the Mount Vernon Square/Convention Center Metro stop on the Green and Yellow lines of the DC Metro, and only a few blocks from our convention hotel, the Grand Hyatt Washington (reserve rooms here).

Screen_shot_2009-10-03_at_12.55.55_PM.png

Hotel contracts are TBD

Sponsors

We are currently soliciting sponsors for the AppSec DC Conference.

Please contact us at [email protected] for sponsorship opportunities.


Traveling to the DC Metro Area

The Washington DC Area is serviced by three airports -- Reagan National (DCA), Dulles (IAD), and Thurgood Marshall Baltimore/Washington International (BWI). All currently have available transportation to downtown DC via public transportation, shuttles, or cab.

Washington DC is also serviced by Amtrak, VRE, and MARC train lines, which arrive in Union Station, a few metro stops or a short cab ride away from the convention center and the Grand Hyatt.

If you live in the DC Metropolitan area, we suggest taking Metro to the event. The convention center is located over the Mount Vernon Square/Convention Center Metro stop on the Green and Yellow lines of the DC Metro.

Organizers

Mail List: [email protected]

Arch-Minions

Mail List: [email protected]

Q. What will it cost?

A. Ticketing prices are on the main page. Prices for 2012 have not been announced yet.

Call For Papers

Q. What is the Open Web & Application Security Project (OWASP)?

The Open Web & Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work with your support.


Q. How many speaking slots are there?

The schedule for AppSec DC will largely be based on the number of quality presentations we receive. While we have an outline for the conference schedule we cannot solidify it until the CFP has completed. In addition to the primary slots we will be selecting a small number of alternate presenters who will receive a free pass to the conference in return for being ready to present if there is a cancellation.


Q. What are the submission deadlines?

The dates for CFP are from October 11th to until January 15th. Some speaker selections may be made before the end of CFP.


Q: Who is allowed to submit presentations?

A: Original authors of presentations may submit presentations for consideration. Third party representatives such as PR firms or Speaker Representatives MAY NOT submit materials on behalf of a potential speaker.


Q: Why aren't Third Parties such as PR Firms allowed to submit presentations?

A: Due to potential copyright and intellectual property liability issues as well as the need for OWASP to have direct contact with potential and selected presenters to expedite selection and deliverable materials, we require that only original authors of presentations submit for the Call for Papers. Third party representatives such as PR firms or Speaker Representatives MAY NOT submit materials on behalf of a potential speaker.


Q: How long will I have to wait before I am notified if I have been accepted or denied?

A: Due to the overwhelming response from the community the planning committee needs more time to sift through all of the proposals that we received. We feel that it is better to give each presentation a complete review rather then meet a somewhat arbitrary deadline. Originally we promised that we would respond to speakers within 15 business days of the CFP closing. We do reserve the right to select outstanding presentations prior to the date that CFP closes.


Q. Is there an honorarium for presenters?

No. OWASP is committed to making its conferences available to the widest possible audience. In order to do this OWASP keeps the entrance fees as low as possible to make the conference accessible. As a result we are unable to provide a monetary honorarium but we welcome our speakers as our guests to the conference where they can network with other security professionals.


Q: I have been accepted. What are the materials that I have to turn in and what are the deadlines?

A: The following is a list of materials that are required from each accepted presentation. Failure to proceed these materials by the deadlines set forth for the event the presentation was accepted for will result in of acceptance.

  • A confirmed Speaker Agreement
  • Presentation in PowerPoint or Keynote format using the OWASP Template
  • Detailed Bibliography of resources, co-authors, etc.
  • Optional White Paper for inclusion on CD


Q: Do I have to submit a White Paper?

A: No. We would certainly appreciate any White Papers that can be included on the conference CD but they are not required. If you have written an existing white paper to go along with your presentation, please submit it with your CFP submission. Submissions with attached White Papers will receive additional consideration.


Q: What if I have a co-author who is not presenting. How do I cite the person(s)?

A: All co-authors and works that have been used should be cited in a detailed bibliography that will be published on the Conference CD.


Q: I have been accepted and would like to add co-presenters. Can I still do this?

A: No. Co-presenters should have been added at the time that the Presentation was submitted. They may attend the conference and present if they pay the full conference fee.


Q: My PR company/friends/co-workers/family would like to come see me give my presentation. Will they be allowed in for free?

A: No. All guests of speakers must be registered and paid in full in order to receive admission to the conference.


Q: My company wants to donate and support OWASP as a 501(3)c non-profit in exchange for resources at the Expo, what is the cost?

A: Sponsorship information can be found here.


Q. I have more questions

A: Email info(at)appsecdc.org concerning this event.



Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg



Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg