This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec Europe 2007 - Italy/Agenda"
From OWASP
(→6th OWASP AppSec Conference Schedule - May 16-17 (Milan 2007)) |
(→6th OWASP AppSec Conference Schedule - May 16-17 (Milan 2007)) |
||
| Line 34: | Line 34: | ||
| style="width:10%; background:#7B8ABD" | 09:10-10:00 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: The Benefits of the SDL initiative to Microsoft and its Customers – Alex Lucas, Senior Security Engineer, Microsoft | | style="width:10%; background:#7B8ABD" | 09:10-10:00 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: The Benefits of the SDL initiative to Microsoft and its Customers – Alex Lucas, Senior Security Engineer, Microsoft | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 10:00-11:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | OWASP 2.0 - Enabling organizations to develop, maintain, and acquire applications they can trust, Dinis Cruz, OWASP | + | | style="width:10%; background:#7B8ABD" | 10:00-11:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | OWASP 2.0 - Enabling organizations to develop, maintain, and acquire applications they can trust, Dinis Cruz, OWASP Chief Evangelist |
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 11:10-11:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 11:10-11:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
| Line 43: | Line 43: | ||
| style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch | | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 13:45-15:00 || style="width:40%; background:#BC857A" align="left" | Update on the OWASP XML Security Gateway evaluation criteria project, Gunnar Peterson, Arctec Group (30 min) | + | | style="width:10%; background:#7B8ABD" | 13:45-15:00 || style="width:40%; background:#BC857A" align="left" | Presentation #1: Update on the OWASP XML Security Gateway evaluation criteria project, Gunnar Peterson, Arctec Group (30 min) |
| + | |||
& | & | ||
| − | Presentation #2: | + | |
| − | | style="width:40%; background:#BCA57A" align="left" | XSS Tunneling, Ferruh Mavituna, Security Engineer, Portcullis Computer Security, OWASP Turkey Chapter Leader ( | + | Presentation #2: The SANS Secure Programming Skills Assessement Initiative, Dave Wichers, COO Aspect Security and OWASP Conferences Chair (40 min) |
| + | | style="width:40%; background:#BCA57A" align="left" | Presentation #1: XSS Tunneling, Ferruh Mavituna, Security Engineer, Portcullis Computer Security, OWASP Turkey Chapter Leader (35 min) | ||
| + | |||
& | & | ||
| − | Presentation #2: | + | |
| + | Presentation #2: Overtaking Google Desktop - A Security Analysis, Danny Allan and Adi Sharabani, Watchfire (35 min) | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 15:00-15:20 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 15:00-15:20 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 15:20-16:30 || style="width:40%; background:#BC857A" align="left" | OWASP WebGoat and WebScarab – the Autumn of Code 2006 Releases – Dave Wichers, COO, Aspect Security and OWASP Conferences Chair | | style="width:10%; background:#7B8ABD" | 15:20-16:30 || style="width:40%; background:#BC857A" align="left" | OWASP WebGoat and WebScarab – the Autumn of Code 2006 Releases – Dave Wichers, COO, Aspect Security and OWASP Conferences Chair | ||
| − | | style="width:40%; background:#BCA57A" align="left" | | + | | style="width:40%; background:#BCA57A" align="left" | Presentation #1: The Darker Side of AJAX, Brian Chess, Chief Scientist, Fortify Software (35 min) |
| + | |||
| + | & | ||
| + | |||
| + | Presentation #2: Advance Web Hacking Revealed, Petko D. Petkov (AKA PDP Architect), Senior Security Researcher (40 min) | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 16:30-16:50 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 16:30-16:50 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
| Line 72: | Line 80: | ||
| style="width:10%; background:#7B8ABD" | 09:00-09:50 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: Raoul Chiesa – CTO, ISECOM - The security level of Web Applications in Italy: data and stats from everyday experiences. | | style="width:10%; background:#7B8ABD" | 09:00-09:50 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: Raoul Chiesa – CTO, ISECOM - The security level of Web Applications in Italy: data and stats from everyday experiences. | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 09:50-10:50 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Protecting Web Applications from Universal PDF XSS: A discussion of how weird the web application security world has become – Ivan Ristic, Chief Evangelist, Breach | + | | style="width:10%; background:#7B8ABD" | 09:50-10:50 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Protecting Web Applications from Universal PDF XSS: A discussion of how weird the web application security world has become – Ivan Ristic, Chief Evangelist, Breach Security |
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 10:50-11:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 10:50-11:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 11:10-12:30 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 11:10-12:30 || style="width:40%; background:#BC857A" align="left" | Presentation #1: Microsoft ACE Team – Application Security from the Core, Simon Roses Femerling – Security Technologist - Microsoft (40 min) |
| − | + | ||
| − | | style="width:40%; background:#BCA57A" align="left" | Testing | + | & |
| + | |||
| + | Presentation #2: Making Source Code Analysis Part of the Security Review Process, Brian Chess, Chief Scientist, Fortify Software (35 min) | ||
| + | | style="width:40%; background:#BCA57A" align="left" | Refereed Paper #1 of 3: The OWASP Testing Guide version 2, Matteo Meucci, OWASP Italy (40 min) | ||
& | & | ||
| − | + | Testing Flash Applications: A new attack vector for XSS and XSFlashing, Stefano di Paola (35 min) | |
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch | | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 13:45-15:10 || style="width:40%; background:#BC857A" align="left" | A whirlwind tour of the OWASP tools and projects, Dinis Cruz, OWASP Chief Evangelist and .Net | + | | style="width:10%; background:#7B8ABD" | 13:45-15:10 || style="width:40%; background:#BC857A" align="left" | A whirlwind tour of the OWASP tools and projects, Dinis Cruz, OWASP Chief Evangelist and .Net Project Lead |
| style="width:40%; background:#BCA57A" align="left" | Refereed Papers #2 & #3 | | style="width:40%; background:#BCA57A" align="left" | Refereed Papers #2 & #3 | ||
| − | 2) Software Security - The bigger picture, Rudolph Araujo | + | 2) Software Security - The bigger picture, Rudolph Araujo (40 min) |
& | & | ||
| − | 3) Generic Detection of Application Layer Attacks: ModSecurity Core Rule Set<br>Ofer Shezaf, OWASP | + | 3) Generic Detection of Application Layer Attacks: ModSecurity Core Rule Set<br>Ofer Shezaf, OWASP Isreal Chapter Leader, CTO, Breach Security (40 min) |
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 15:10-15:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 15:10-15:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
Revision as of 15:39, 23 April 2007
OWASP Milan Training Courses - May 15th 2007
The tutorials and the conference itself were held at Marriott in Milan.
| T1. Foundations of Web Application Security - One Day Course - Parini Room |
|---|
| This powerful one day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities into their code. Read more here! |
| T2. WebServices and XML Security - One Day Course - Raffaello Room |
| Many enterprises are currently developing new Web Services and/or adding and acquiring Web Services functionality into existing applications -- now is the time to build security into the system! Read more here! |
| T3. Advanced ASP.NET Exploits and Countermeasures - One Day Course - Porta Room |
| In this one day course you will push ASP.NET to the limit and will be shown how ASP.NET applications and environments can be exploited by skilled attackers. Advanced exploitation techniques will be presented together with low-level technical analysis of the .NET Framework. You will also learn advanced defense techniques such as: Building an ASP.NET Security Protection layer (also called a Web Application Firewall) and Real time patching of vulnerabilities in the target application, the .NET Framework or the CLR. Read more here! |
6th OWASP AppSec Conference Schedule - May 16-17 (Milan 2007)
| Day 1 - May 16, 2007 | ||
|---|---|---|
| Track 1: Manzoni Room | Track 2: Parini Room | |
| 08:00-09:00 | Registration and Coffee | |
| 09:00-09:10 | Welcome to 6th OWASP AppSec Conference: Dave Wichers, OWASP Conferences Chair | |
| 09:10-10:00 | Keynote: The Benefits of the SDL initiative to Microsoft and its Customers – Alex Lucas, Senior Security Engineer, Microsoft | |
| 10:00-11:10 | OWASP 2.0 - Enabling organizations to develop, maintain, and acquire applications they can trust, Dinis Cruz, OWASP Chief Evangelist | |
| 11:10-11:30 | Break | |
| 11:30-12:30 | OWASP CLASP Project, Pravir Chandra, Security Engineer, Cigital | OWASP PANTERA – Dissecting Web Applications – Simon Roses Femerling – Security Technologist - Microsoft |
| 12:30-13:45 | Lunch | |
| 13:45-15:00 | Presentation #1: Update on the OWASP XML Security Gateway evaluation criteria project, Gunnar Peterson, Arctec Group (30 min)
& Presentation #2: The SANS Secure Programming Skills Assessement Initiative, Dave Wichers, COO Aspect Security and OWASP Conferences Chair (40 min) |
Presentation #1: XSS Tunneling, Ferruh Mavituna, Security Engineer, Portcullis Computer Security, OWASP Turkey Chapter Leader (35 min)
& Presentation #2: Overtaking Google Desktop - A Security Analysis, Danny Allan and Adi Sharabani, Watchfire (35 min) |
| 15:00-15:20 | Break | |
| 15:20-16:30 | OWASP WebGoat and WebScarab – the Autumn of Code 2006 Releases – Dave Wichers, COO, Aspect Security and OWASP Conferences Chair | Presentation #1: The Darker Side of AJAX, Brian Chess, Chief Scientist, Fortify Software (35 min)
& Presentation #2: Advance Web Hacking Revealed, Petko D. Petkov (AKA PDP Architect), Senior Security Researcher (40 min) |
| 16:30-16:50 | Break | |
| 16:50-18:00 | Panel: "Public site vulnerability research - good or evil?”
Moderator: TBD Panelists: TBD | |
| 19:00-21:00 | Social Gathering: Dinner and Drinks at Nearby Facility. | |
| Day 2 - May 17, 2007 | ||
| Track 1: Manzoni Room | Track 2: Parini Room | |
| 08:00-09:00 | Coffee | |
| 09:00-09:50 | Keynote: Raoul Chiesa – CTO, ISECOM - The security level of Web Applications in Italy: data and stats from everyday experiences. | |
| 09:50-10:50 | Protecting Web Applications from Universal PDF XSS: A discussion of how weird the web application security world has become – Ivan Ristic, Chief Evangelist, Breach Security | |
| 10:50-11:10 | Break | |
| 11:10-12:30 | Presentation #1: Microsoft ACE Team – Application Security from the Core, Simon Roses Femerling – Security Technologist - Microsoft (40 min)
& Presentation #2: Making Source Code Analysis Part of the Security Review Process, Brian Chess, Chief Scientist, Fortify Software (35 min) |
Refereed Paper #1 of 3: The OWASP Testing Guide version 2, Matteo Meucci, OWASP Italy (40 min)
& Testing Flash Applications: A new attack vector for XSS and XSFlashing, Stefano di Paola (35 min) |
| 12:30-13:45 | Lunch | |
| 13:45-15:10 | A whirlwind tour of the OWASP tools and projects, Dinis Cruz, OWASP Chief Evangelist and .Net Project Lead | Refereed Papers #2 & #3
2) Software Security - The bigger picture, Rudolph Araujo (40 min) & 3) Generic Detection of Application Layer Attacks: ModSecurity Core Rule Set |
| 15:10-15:30 | Break | |
| 15:30-16:30 | Panel: “What is needed to fix web app sec vulnerabilities once and for all?”
Moderator: Gunnar Peterson – Arctec Group Panelists: Dave Wichers, Aspect Security and others TBD | |
| 16:30-16:50 | Break | |
| 16:50-17:30 | Conference Wrap Up - Dave Wichers, OWASP Conferences Chair | |
