This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec Europe 2008 - Belgium/Agenda"
From OWASP
| Line 45: | Line 45: | ||
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee | | style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 09:00-09:05 || colspan="2" style="width:80%; background:#F2F2F2" align=" | + | | style="width:10%; background:#7B8ABD" | 09:00-09:05 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Welcome to OWASP AppSec 2008 Conference |
| + | ''Dave Wichers'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 09:05-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align=" | + | | style="width:10%; background:#7B8ABD" | 09:05-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: The Great Information Security Scrap Yard Challenge |
| + | ''Mark Curphey'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align=" | + | | style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Owasp State of the Union |
| + | ''Dinis Cruz'' | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | The OWASP ESAPI project |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Dave Wichers'' |
| + | | style="width:40%; background:#BCA57A" align="left" | The Web Hacking Incidents Database Project | ||
| + | ''Ofer Shezaf'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 11:20-12:00 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 11:20-12:00 || style="width:40%; background:#BC857A" align="left" | WAFs and WAFEC2 |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Ivan Ristic'' |
| + | | style="width:40%; background:#BCA57A" align="left" | HTML5 security | ||
| + | ''Thomas Rössler'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:40%; background:#BC857A" align="left" | The OWASP Orizon Project internals |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Paolo Perego'' |
| + | | style="width:40%; background:#BCA57A" align="left" | Remo presentation (Input Validation) | ||
| + | ''Christian Folini'' | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 12:30-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch | | style="width:10%; background:#7B8ABD" | 12:30-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 14:00-14:40 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 14:00-14:40 || style="width:40%; background:#BC857A" align="left" | How Data Privacy affects Applications and Databases |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Dirk De Maeyer'' |
| + | | style="width:40%; background:#BCA57A" align="left" | refereed papers track | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 14:40-15:20 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 14:40-15:20 || style="width:40%; background:#BC857A" align="left" | NTLM Relay Attacks |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Eric Rachner'' |
| + | | style="width:40%; background:#BCA57A" align="left" | refereed papers track | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 15:20-15:50 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 15:20-15:50 || style="width:40%; background:#BC857A" align="left" | Security in Agile Development |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Dave Wichers'' |
| + | | style="width:40%; background:#BCA57A" align="left" | refereed papers track | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 15:50-16:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 15:50-16:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 16:10-17:00 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 16:10-17:00 || style="width:40%; background:#BC857A" align="left" | Client-side security |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''pdp'' |
| + | | style="width:40%; background:#BCA57A" align="left" | refereed papers track | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Panel: “tbd” | | style="width:10%; background:#7B8ABD" | 17:00-18:00 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Panel: “tbd” | ||
Moderator:tbd | Moderator:tbd | ||
| − | |||
Panelists: tbd | Panelists: tbd | ||
|- | |- | ||
| Line 94: | Line 106: | ||
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Coffee | | style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Coffee | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 09:00-9:40 || colspan="2" style="width:80%; background:#F2F2F2" align=" | + | | style="width:10%; background:#7B8ABD" | 09:00-9:40 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: Software Security |
| + | ''Gary McGraw'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 9:40-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align=" | + | | style="width:10%; background:#7B8ABD" | 9:40-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Tour of OWASP projects |
| + | ''Dinis Cruz and Dave Wichers'' | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | Graph Analysis for WebApps: From Nodes to Edges |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Simon Roses Femerling'' |
| + | | style="width:40%; background:#BCA57A" align="left" | The OWASP Education Project | ||
| + | ''Martin Knobloch'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 11:20-12:00 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 11:20-12:00 || style="width:40%; background:#BC857A" align="left" | Dynamic Taint Propagation: Finding Vulnerabilities Without Attacking |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Brian Chess'' |
| + | | style="width:40%; background:#BCA57A" align="left" | Threat Modeling for Application Designers & Architects | ||
| + | ''Shay Zalalichin'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:40%; background:#BC857A" align="left" | Scanstud: Evaluating static analysis tools |
| + | ''Martin Johns'' | ||
| style="width:40%; background:#BCA57A" align="left" | tbd | | style="width:40%; background:#BCA57A" align="left" | tbd | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 12:30-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch | | style="width:10%; background:#7B8ABD" | 12:30-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 14:00-14:40 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 14:00-14:40 || style="width:40%; background:#BC857A" align="left" | Best Practices Using Web Application Firewalls |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Alexander Meisel'' |
| + | | style="width:40%; background:#BCA57A" align="left" | Google-Hacking and Google-Shielding | ||
| + | ''Amichai Shulman'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 14:40-15:20 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 14:40-15:20 || style="width:40%; background:#BC857A" align="left" | The OWASP Anti-Samy project |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Jason Li'' |
| + | | style="width:40%; background:#BCA57A" align="left" | The Law of Conservation of Bugs | ||
| + | ''Gunnar Peterson'' | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 15:20-15:50 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 15:20-15:50 || style="width:40%; background:#BC857A" align="left" | Input validation: the Good, the Bad and the Ugly |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Johan Peeters'' |
| + | | style="width:40%; background:#BCA57A" align="left" | Security framework is not in the code | ||
| + | ''Sam Reghenzi'' | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 15:50-16:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | | style="width:10%; background:#7B8ABD" | 15:50-16:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break | ||
|- | |- | ||
| − | | style="width:10%; background:#7B8ABD" | 16:10-17:00 || style="width:40%; background:#BC857A" align="left" | | + | | style="width:10%; background:#7B8ABD" | 16:10-17:00 || style="width:40%; background:#BC857A" align="left" | Exploiting Online Games |
| − | | style="width:40%; background:#BCA57A" align="left" | | + | ''Gary McGraw'' |
| + | | style="width:40%; background:#BCA57A" align="left" | SHIELDS: metrics, tools and Internet services to improve security in application developments | ||
| + | ''Eva Coscia'' | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || style="width:40%; background:#F2F2F2" align="left" | Panel: Responsible "tbd" | | style="width:10%; background:#7B8ABD" | 17:00-18:00 || style="width:40%; background:#F2F2F2" align="left" | Panel: Responsible "tbd" | ||
| Line 131: | Line 158: | ||
| style="width:40%; background:#F2F2F2" align="left" | Panel: "tbd" | | style="width:40%; background:#F2F2F2" align="left" | Panel: "tbd" | ||
Moderator: tbd | Moderator: tbd | ||
| − | |||
Panelists: tbd | Panelists: tbd | ||
|- | |- | ||
Revision as of 09:19, 30 March 2008
The agenda for the conference is still under development and is subject to change.
OWASP AppSec 2008 Tutorials - May 19-20 2008
The tutorials and the conference itself wil be held in tbd.
| T1. Building and Testing Secure Web Applications |
|---|
| This powerful two-day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how easily application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities into their code. Read more here! |
| T2. tbd |
| tbd Read more here! |
| T3. tbd |
| tbd Read more here! |
| T4. Web Services and XML Security (to be confirmed) |
| Many enterprises are currently developing new Web Services and/or adding and acquiring Web Services functionality into existing applications -- now is the time to build security into the system! Read more here! |
| T5. Open Source ModSecurity Training |
| ModSecurity is currently the most widely deployed web application firewall (WAF) product. This two-day class is for those people who want to learn how to build, deploy, and use ModSecurity in the most effective manner. The course will cover the open source ModSecurity Console, which helps manage alerts on suspicious web activity targeting your web servers. The course also provides an in-depth look at the extremely powerful ModSecurity Rules Language. Read more here! |
Technology Expo - May 21-22
Product vendors will demonstrate their application security products to conference attendees for the first time in Europe at this OWASP Conference. The focus of this expo will be on the technical details of the technologies they are offering in the market to help organizations deal with their application security issues.
Breach Security Cocktail Party - May 20, evening (location to be announced)
OWASP AppSec 2008 Conference Schedule - May 21-23 (Belgium 2008)
| Day 1 - May 21, 2008 | ||
|---|---|---|
| Track 1: | Track 2: | |
| 08:00-09:00 | Registration and Coffee | |
| 09:00-09:05 | Welcome to OWASP AppSec 2008 Conference
Dave Wichers | |
| 09:05-09:45 | Keynote: The Great Information Security Scrap Yard Challenge
Mark Curphey | |
| 09:45-10:20 | Owasp State of the Union
Dinis Cruz | |
| 10:20-10:40 | Break | |
| 10:40-11:20 | The OWASP ESAPI project
Dave Wichers |
The Web Hacking Incidents Database Project
Ofer Shezaf |
| 11:20-12:00 | WAFs and WAFEC2
Ivan Ristic |
HTML5 security
Thomas Rössler |
| 12:00-12:30 | The OWASP Orizon Project internals
Paolo Perego |
Remo presentation (Input Validation)
Christian Folini |
| 12:30-14:00 | Lunch | |
| 14:00-14:40 | How Data Privacy affects Applications and Databases
Dirk De Maeyer |
refereed papers track |
| 14:40-15:20 | NTLM Relay Attacks
Eric Rachner |
refereed papers track |
| 15:20-15:50 | Security in Agile Development
Dave Wichers |
refereed papers track |
| 15:50-16:10 | Break | |
| 16:10-17:00 | Client-side security
pdp |
refereed papers track |
| 17:00-18:00 | Panel: “tbd”
Moderator:tbd Panelists: tbd | |
| 18:00-19:00 | OWASP Leader Meeting - Organized by Matteo Meucci | |
| 19:00-21:00 | OWASP Social Gathering: Dinner and Drinks at tbd | |
| Day 2 - May 22, 2008 | ||
| Track 1: | Track 2: | |
| 08:00-09:00 | Coffee | |
| 09:00-9:40 | Keynote: Software Security
Gary McGraw | |
| 9:40-10:20 | Tour of OWASP projects
Dinis Cruz and Dave Wichers | |
| 10:20-10:40 | Break | |
| 10:40-11:20 | Graph Analysis for WebApps: From Nodes to Edges
Simon Roses Femerling |
The OWASP Education Project
Martin Knobloch |
| 11:20-12:00 | Dynamic Taint Propagation: Finding Vulnerabilities Without Attacking
Brian Chess |
Threat Modeling for Application Designers & Architects
Shay Zalalichin |
| 12:00-12:30 | Scanstud: Evaluating static analysis tools
Martin Johns |
tbd |
| 12:30-14:00 | Lunch | |
| 14:00-14:40 | Best Practices Using Web Application Firewalls
Alexander Meisel |
Google-Hacking and Google-Shielding
Amichai Shulman |
| 14:40-15:20 | The OWASP Anti-Samy project
Jason Li |
The Law of Conservation of Bugs
Gunnar Peterson |
| 15:20-15:50 | Input validation: the Good, the Bad and the Ugly
Johan Peeters |
Security framework is not in the code
Sam Reghenzi |
| 15:50-16:10 | Break | |
| 16:10-17:00 | Exploiting Online Games
Gary McGraw |
SHIELDS: metrics, tools and Internet services to improve security in application developments
Eva Coscia |
| 17:00-18:00 | Panel: Responsible "tbd"
Moderator: tbd Panelists: tbd |
Panel: "tbd"
Moderator: tbd Panelists: tbd |
| 18:00-18:10 | Conference Wrap Up - Dave Wichers, OWASP Conferences Chair | |
| 18:30-20:30 | Cocktail Party (tbd?) | |
