This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP AppSec Iberia 2009

From OWASP
Revision as of 12:52, 26 November 2009 by Pontocom (talk | contribs)

Jump to: navigation, search

1st. Iberic Web Application Security Conference (IBWAS09)

Ibwas09 logo.png

Escuela Universitaria de Ingeniería Técnica de Telecomunicación, Universidad Politécnica de Madrid | Registration

www.ibwas.com (official web-site)


Welcome

IBWAS09, the Iberic Web Application Security conference will be held in Madrid (Spain), on the 10th and 11th December 2009.

The conference will take place at the Escuela Universitaria de Ingeniería Técnica de Telecomunicación, Universidad Politécnica de Madrid. The location details can be found here.

Conference proceedings will be published by Springer in the Communications in Computer and Information Science (CCIS) series.

This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

In addition to the technical issues of the conference programme, our website provides you with tourist information on the city of Madrid, unique for its cultural and historical richness, lovely surroundings and other nice places to visit around the city.

In this conference we will have two acclaimed keynote speakers. The first one is Bruce Schneier, an internationally renowned security technologist and author. The second is Inspector Jorge Martín from the High Tech Crime Unit of the Spanish National Police.

Who Should Attend IBWAS09:

  • Academics
  • Researchers
  • Lifelong learning educators
  • Technical staff
  • Secondary, vocational, or tertiary educators
  • Professionals from the private and public sector
  • Technologists and Scientifics
  • School counsellors, principals and teachers
  • Education policy development representatives
  • General personnel from vocational sectors
  • Student counsellors
  • Career/employment officers
  • Education advisers
  • Student Unions
  • Bridging program lecturers & support staff
  • Library personnel
  • International support and services staff
  • Open learning specialists
  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security

...and any person interested in Web Application and Services Security and Information Security in general.

We look forward to seeing you in Madrid!


Ibwas09-logo-main.png

Use the #ibwas09 hashtag for your tweets (What are hashtags?)

@ibwas09 Twitter Feed (follow us on Twitter!) <twitter>5975132290</twitter>

Organization and Program Committee

IBWAS09 Chairs and Organization

Vicente Aguilera Díaz, Internet Security Auditors, OWASP Spain, Spain
Carlos Serrão, ISCTE-IUL Instituto Universitário de Lisboa, OWASP Portugal, Portugal
Fabio Cerullo, OWASP Global Education Commitie, OWASP Ireland, Ireland

IBWAS09 Program Committee

André Zúquete, Universidade De Aveiro, Portugal
Candelaria Hernández-Goya, Universidad De La Laguna, Spain
Carlos Costa, Universidade De Aveiro, Portugal
Carlos Ribeiro, Instituto Superior Técnico, Portugal
Eduardo Neves, OWASP Education Committee, OWASP Brazil, Brazil
Francesc Rovirosa i Raduà, Universitat Oberta de Catalunya (UOC), Spain
Gonzalo Álvarez Marañón, Consejo Superior de Investigaciones Científicas (CSIC), Spain
Isaac Agudo, University of Malaga, Spain
Jaime Delgado, Universitat Politecnica De Catalunya, Spain
Javier Hernando, Universitat Politecnica De Catalunya, Spain
Javier Rodríguez Saeta, Barcelona Digital, Spain
Joaquim Castro Ferreira, Universidade de Lisboa, Portugal
Joaquim Marques, Instituto Politécnico de Castelo Branco, Portugal
Jorge Dávila Muro, Universidad Politécnica de Madrid (UPM), Spain
Jorge E. López de Vergara, Universidad Autónoma de Madrid, Spain
José Carlos Metrôlho, Instituto Politécnico de Castelo Branco, Portugal
José Luis Oliveira, Universidade De Aveiro, Portugal
Kuai Hinojosa, OWASP Global Education Committee, New York University, United States
Leonardo Chiariglione, Cedeo, Italy
Leonardo Lemes, Unisinos, Brasil
Manuel Sequeira, ISCTE-IUL Instituto Universitário de Lisboa, Portugal
Marco Vieira, Universidade de Coimbra, Portugal
Mariemma I. Yagüe, University of Málaga, Spain
Miguel Correia, Universidade de Lisboa, Portugal
Miguel Dias, Microsoft, Portugal
Nuno Neves, Universidade de Lisboa, Portugal
Osvaldo Santos, Instituto Politécnico de Castelo Branco, Portugal
Panos Kudumakis, Queen Mary University of London, United Kingdom
Paulo Sousa, Universidade de Lisboa, Portugal
Rodrigo Roman, University of Malaga, Spain
Rui Cruz, Instituto Superior Técnico, Portugal
Rui Marinheiro, ISCTE-IUL Instituto Universitário de Lisboa, Portugal
Sérgio Lopes, Universidade do Minho, Portugal
Tiejun Huang, Pekin University, China
Víctor Villagrá, Universidad Politécnica de Madrid (UPM), Spain
Vitor Filipe, Universidade de Trás-os-Montes e Alto Douro, Portugal
Vitor Santos, Microsoft, Portugal
Vitor Torres, Universitat Pompeu Fabra, Spain
Wagner Elias, OWASP Brazil Chapter Leader, Brazil

Registration

Registration is now open!

You can register here

OWASP Membership ($50 annual membership fee) gets you a discount of $50.

$395 General Public
$345 OWASP Members
$195 Students
$1350 2-Day Training Course
$675 1-Day Training Course

Agenda/Schedule

The conference schedule has been moved here

Speakers

Keynote Speakers

Bruce Schneier

Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.

His first bestseller, Applied Cryptography, explained how the arcane science of secret codes actually works, and was described by Wired as "the book the National Security Agency wanted never to be published." His book on computer and network security, Secrets and Lies, was called by Fortune "[a] jewel box of little surprises you can actually use." Beyond Fear tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security. His current book, Schneier on Security, offers insight into everything from the risk of identity theft (vastly overrated) to the long-range security threat of unchecked presidential power and the surprisingly simple way to tamper-proof elections.

Regularly quoted in the media, he has testified on security before the United States Congress on several occasions and has written articles and op eds for many major publications, including The New York Times, The Guardian, Forbes, Wired, Nature, The Bulletin of the Atomic Scientists, The Sydney Morning Herald, The Boston Globe, The San Francisco Chronicle, and The Washington Post.

Schneier also publishes a free monthly newsletter, Crypto-Gram, with over 150,000 readers. In its ten years of regular publication, Crypto-Gram has become one of the most widely read forums for free-wheeling discussions, pointed critiques, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news.

Schneier is the Chief Security Technology Officer of BT.

Jorge Martín

Jorge Martín is an inspector of the Spanish National Police, and currently the Head of the Logical Security Group from the High-Tech Crime Unit in the Comisaria General de Policía Judicial.

He his a Computer Systems Technical Engineer and since five years now dedicates himself to police investigation in the technological area, focusing his activity on crimes related to intrusions, different types of attacks, malware creation and dissemination and other related issues. He has also a large experience on the filed of computer forensics.

He has participated on different courses and conferences, both in Spain and abroad. Regularly participates on training initiatives with other law enforcement forces on different countries, several Interpol projects about technological investigation techniques and on different European Union studies on the obtaining and manipulation of digital evidences.

Panel Speakers

Justin Clarke

Title: SQL Injection - how far does the rabbit hole go?

Abstract: SQL Injection has been around for over 10 years, and yet it is still to this day not truly understood by many security professionals and developers. With the recent mass attacks against sites across the world, and well publicised data breaches with SQL Injection as a component, it has again come to the fore of vulnerabilities under the spotlight, however many consider it to only be a data access issue, or parameterized queries to be a panacea. This talk explores the deeper, darker areas of SQL Injection, hybrid attacks, SQL Injection worms, and exploiting database functionality. Explore what kinds of things we can expect in future.

Bio: Justin Clarke is a co-founder and Director at Gotham Digital Science, based in the United Kingdom. He has over twelve years of experience in assessing the security of networks, web applications, and wireless networks for large financial, retail, technology and government clients in the United States, the United Kingdom and New Zealand. Justin is the lead author and technical editor of "SQL Injection Attacks and Defense" (Syngress 2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O¹Reilly 2005), and a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O'Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, BruCON, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP.

Dinis Cruz

Title: OWASP O2 Platform - Open Platform for automating application security knowledge and workflows

Abstract: In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC.

Bio: Dinis Cruz is the Chief OWASP Evangelist and a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development. Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications. Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]). Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG . His latest course is the two day training course [Advanced Asp.Net Exploits and Countermeasures, which was delivered at the Black Hat 2006 conference and will be presented on the fortcomming [OWASP AppSec Conference] in Seattle.

Luis Corrons

Title:

Abstract: The growth and complexity of the underground cybercrime economy has grown significantly over the past couple of years due to a variety of factors including the rise of social media tools, the global economic slowdown, and an increase in the total number of internet users. For the past 3 years, PandaLabs has monitored the ever-evolving cybercrime economy to discover its tactics, tools, participants, motivations and victims to understand the full extent of criminal activities and ultimately bring an end to the offenses. In October of 2008, PandaLabs published findings from a comprehensive study on the rogueware economy which concluded that the cybercriminals behind fake antivirus software applications were generating upwards of $15 million per month. In July of 2009, it released a follow-on study that proved monthly earnings had more than doubled to approximately $34 million through rougeware attacks distributed via Facebook, MySpace, Twitter, Digg and targeted Blackhat SEO. This session will reveal the latest results from PandaLabs’ ongoing study of the cybercrime economy by illustrating the latest malware strategies used by criminals, examining the changes in their attack strategies over time. The goal of this presentation is to raise the awareness of this growing underground economy.

Bio: Luis Corrons has been working for Panda Security since 1999. He started in the technical support department, helping home and corporative users with virus incidents. A year later, he joined the international technical support team assisting Panda's technical support belonging to their partners distributed over 50 countries around the world. In 2002, he became PandaLabs' director as well as malware alerts coordinator in worldwide infection situations, dealing with worm such as Klez, SQLSlammer, Sobig, Blaster. Sasser, Mydoom, etc. During this time, he has coordinated several automated projects related with malware, such as the automatic analisys and response system, and the malware automatic information system. He's a speaker in several security conferences such as RSA, Virus Bulletin, SecurityBSides, RAID, etc.

Marc Chisinevski

Title: The OWASP Logging Project

Abstract: The goals of the Logging Project are:

  • To provide tools for software developers in order to help them define and provide meaningful logs
  • To provide code audit tools to ensure that log messages are consistent and complete (content, format, timestamps)
  • To facilitate the integration of logs from different sources
  • To facilitate attack reconstruction
  • To facilitate information sharing around security events

The talk will explore these areas, as well as provide details on existing tools and on related OWASP projects. Research directions for the future will also be discussed. A teaser for the presentation (with sound) can be found here: http://animoto.com/play/zel3bnvPCde7tcqBG3e9Cw

Bio: Marc Chisinevski has worked in web application development and security since 2000. Outside his current position as security manager, he is the project lead for the OWASP Logging Project. He is a Certified Information System Security Professional (CISSP) and is active in the opensource community (Asset, inventory and risk management project at http://sourceforge.net/projects/assetmng/). Experienced in malware analysis, Marc also takes part in reverse engineering challenges (http://lists.immunitysec.com/pipermail/dailydave/2009-September/005889.html).

Simon Roses

Title: Microsoft Infosec Team: Security Tools Roadmap

Abstract: The Microsoft IT’s Information Security (InfoSec) group is responsible for information security risk management at Microsoft. We concentrate on the data protection of Microsoft assets, business and enterprise. Our mission is to enable secure and reliable business for Microsoft and its customers. We are an experienced group of IT professionals including architects, developers, program managers and managers. This talk will present different technologies developed by Infosec to protect Microsoft and released for free, such as CAT.NET, SPIDER, SDR, TAM and SRE and how they fit into SDL (Security Development Lifecycle).

Bio: Simon Roses Femerling works at ACE Services from Microsoft providing security services across Europe. Former PriceWaterhouseCoopers and @Stake. He has many years of security experience where he has authored and cooperated in several security Open Source projects and advisories as OWASP Pantera. Mr Roses is natural from Mallorca Island in the Mediterranean Sea. He holds a postgraduate in E-Commerce from Harvard University and a B.S. from Suffolk University at Boston, Massachusetts and a frequent speaker at security industry events including RSA, OWASP, DeepSec and Microsoft Security Technets.

Dave Harper

Title: Empirical Software Security Assurance

Abstract: By now everyone knows that security must be built in to software; it cannot be bolted on. For more than a decade, scientists, visionaries, and pundits have put forth a multitude of techniques and methodologies for building secure software, but there has been little to recommend one approach over another or to define the boundary between ideas that merely look good on paper and ideas that actually get results. The alchemists and wizards have put on a good show, but it's time to look at the real empirical evidence. This talk examines software security assurance as it is practiced today. We will discuss popular methodologies and then, based on in-depth interviews with leading enterprises such as Adobe, EMC, Google, Microsoft, QUALCOMM, Wells Fargo, and Depository Trust Clearing Corporation (DTCC), we present a set of benchmarks for developing and growing an enterprise-wide software security initiative, including but not limited to integration into the software development lifecycle (SDLC). While all initiatives are unique, we find that the leaders share a tremendous amount of common ground and wrestle with many of the same problems. Their lessons can be applied in order to build a new effort from scratch or to expand the reach of existing security capabilities.

Bio: David Harper is the EMEA Services Director for Foritfy Software, the market leader in the fast-growing area of Software Security Assurance (SSA). SSA gives organizations the power to ensure that their entire software portfolio -- whether develop internally or acquired through 3rd parties -- is secure and free of vulnerabilities that can be exploited by cyber attackers to steal valuable data and cause mayhem. David is responsible for helping Fortify’s European Customers establish Software Security Assurance programs to systematically reduce application risk. David has extensive experience of defining and implementing Secure Development Life-cycles, whether in response to a security breach or as part of a PCI or other compliance initiative. David has also worked as security consultant on large e-commerce web-sites. Prior to joining Fortify, David held consultancy positions at Macrovision and Entrust Technologies. David has over 20 years experience in application development and security and is a graduate of Bristol University.

Raul Siles

Title: Assessing and Exploiting Web Applications with the open-source Samurai Web Testing Framework

Abstract: The Samurai Web Testing Framework (WTF) is an open-source LiveCD focused on web application security testing. It includes an extensive collection of pre-installed and pre-configured top penetration testing and security analysis tools, becoming the perfect environment for assessing and exploiting web applications. The tools categorization guides the analyst through the web-app penetration testing methodology, from reconnaissance, to mapping, discovery and exploitation. This talk describes the actively developed Samurai WTF distribution, its tool set, including the recently created Samurai WTF Firefox add-ons collection (to convert the browser in the ultimate pentesting tool), the advanced features provided by the integration of multiple attack tools, plus the new tool update capabilities.

Bio: Raul Siles is a founder and senior security analyst with Taddong. His more than 10 years expertise performing advanced security services and solutions in various worldwide industries include security architecture design and reviews, penetration tests, incident handling, forensic analysis, security assessments, and information security research in new technologies, such as, web applications, wireless, honeynets, virtualization, and VoIP. Raul is one of the few individuals who have earned the GIAC Security Expert (GSE) designation. He is a SANS Institute author and instructor of penetration testing courses, a regular speaker at security conferences, author of security books and articles, and contributes to research and open-source projects. He loves security challenges and is member of international organizations, such as the Honeynet Project, or handler of the Internet Storm Center (ISC).

Miguel Almeida

Title: Authentication: choosing a method that fits

Abstract: Through the last five years, we, in the security field, have been witnessing an increase in the number of attacks to (web) application user's credentials, and the refinement and sophistication these attacks have been gaining. There are currently several methods and mechanisms to increase the strength of the authentication process for web applications. To improve the user authentication process, but also to improve the transaction authentication. As an example, one can think of adding one-time password tokens, or digital certificates, EMV cards, or even SMS one-time codes. However, none of these methods comes for free, nor do they provide perfect security. Also, one must consider usability penalties, mobility constraints, and, of course, the direct costs of the gadgets. Moreover, there's evidence that not all kinds of attacks can be stopped by even the most sophisticated of these methods. So, where do we stand? What should we choose? What kind of gadgets should we use for our business critical app, how much will they increase the costs and reduce the risk, and, last but not least, what kind of attacks we’ll be unable to stop anyway? This presentation will focus on ways to figure out how to evaluate the pros and cons of adding these improvements, given the current threats.

Bio: Miguel Almeida is an independent computer and network security professional. He has been testing, reviewing and advising on information security for the last ten years. His work has been focused on financial institutions and it has included engagements where, for a broad view of information security, the technical side as well as the organizational and procedural sides have been analyzed. Before becoming an independent consultant, Miguel was working with Deloitte and KPMG, where he was responsible for the information security practices in these companies. He was Senior Manager at Deloitte and, before, he was a Manager at KPMG. His academic studies include Computer Engineering at Instituto Superior Técnico and he is a Microsoft Certified Professional [on Windows security].

Daniele Catteddu

Title: Cloud Computing: Benefits, risks and recommendations for information security

Abstract: The presentation “Cloud Computing: Benefits, risks and recommendations for information security” will cover some the most relevant information security implications of cloud computing from the technical, policy and legal perspective. Information security benefit and top risks will be outlined and most importantly, concrete recommendations for how to address the risks and maximise the benefits for users will be given.

Bio: Daniele Catteddu, CISM, CISA, is an risk management expert at ENISA where is following various activities in the context of the Emerging and Future Risks programme. Recently he has also contribute in the development and testing of information security practices for SMEs. Before joining ENISA, Daniele was working as Information Security consultant mainly in the banking and financial sector. He is a speaker in various Information Security conferences and editor of the recently published report: Cloud Computing: Benefits, risks and recommendations for information security.

Kuai Hinojosa

Title: Deploying Secure Web Applications with OWASP Resources

Abstract: Universities are key to making application security visible and the need to educate software developers about application security as an aspect of proper software development has never been more important. In this presentation I will share how OWASP resources can be used by universities to develop, test and deploy secure web applications. I will discuss challenges that Universities currently face integrating a pplication security best practices, describe how OWASP tools and resources are currently used at New York University to test for most common web application flaws. I will introduce projects such as the OWASP Enterprise Security API which can be used to mitigate most common flaws in web applications and share initiatives the OWASP Global Education Committee is currently working on.

Bio: Kuai Hinojosa has been developing and securing web applications for about 12 years. He previously worked in the banking industry as a database security administrator for the 5th largest bank in the U.S. where he worked in a small team developing applications that protected company's assets. He now works for New York University as a Web Applications Specialist where he continues to use web application development and application security experience to protect university resources. In his spare time Kuai volunteers his time preaching the application security gospel and leading the Minneapolis OWASP chapter. Kuai is a member of the OWASP (Open Web Application Security Project) Global Education Committee.

Fabio E Cerullo

Title: OWASP TOP 10 2009

Abstract: The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and many more. The OWASP Top 10 was initially released in 2003 and minor updates were made in 2004, 2007, and this 2010 release. We encourage you to use the Top 10 to get your organization started with application security. Developers can learn from the mistakes of other organizations. Executives can start thinking about how to manage the risk that software applications create in their enterprise.

Bio: Fabio E Cerullo is currently working as an IT Security Specialist of AIB Bank in Dublin, Ireland. He has obtained the Certified Information Systems Security Professional (CISSP) certification in December 2006 which he holds in good standing. Prior to joining AIB, he worked as a Security Engineer at Symantec Security Response European Headquarters. Security Response provides customers with world-class analysis and protection from viruses, blended threats, security risks and vulnerabilities. While at Symantec, he also collaborated developing traning materials and workshops for parents and teachers around Internet Safety. Before moving to Ireland, he worked in different software development and training activities with an emphasis in secure software development back in his native Argentina. He holds a Msc in Information Technology from the Catholic University of Buenos Aires, Argentina.

Paulo Querido

Title:

Abstract:

Bio:

Martin Knobloch

Title: Threat Modelling

Abstract:

Bio:

?

Title:

Abstract:

Bio:


Venue

IBWAS09 will be taking place at the Escuela Universitaria de Ingeniería Técnica de Telecomunicación, Universidad Politécnica de Madrid in Madrid, Spain.

Location

Carretera de Valencia, Km 7
28031 Madrid
Tlf: 91 336 78 42
Fax: 91 331 92 29

Find the location on Google Maps.

How to get there?

Car: from Autovía de Valencia A3 and from M40
Bus: Urbanos: E - 63 - 145 - 54 - 58 - 103 - 142 – 143 , Interurbanos: 311A, 313A, 331, 332A and 337
Metro: Line 1, station Sierra de Guadalupe
Train: C-1, C-2 and C-7. Line: Atocha-Alcalá de Henares. Estación de Vallecas

Hotels

Sponsors

Sponsors

We are currently soliciting sponsors for the IBWAS09 Conference. Please refer to our sponsorship opportunities for details.

Slots are going fast so [[email protected] contact us] to sponsor today!

Sponsors

File:Http://www.ibwas.com/site/so files/pasted-graphic.jpg File:Http://www.ibwas.com/site/so files/isc2.png File:Http://www.ibwas.com/site/so files/www.euitt.upm.es.png
 

Gold Sponsors

AppSecDC2009-Sponsor-aod.gif AppSecDC2009-Sponsor-securicon.gif Ibmneg blurgb.jpg
 

Silver Sponsors

AppSecDC2009-Sponsor-aspect.gif AppSecDC2009-Sponsor-cenzic.gif Cigital OWASP.GIF
AppSecDC2009-Sponsor-core.gif AppSecDC2009-Sponsor-cross.gif AppSecDC2009-Sponsor-fishnet.gif
AppSecDC2009-Sponsor-gt.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2009-Sponsor-tenable.gif
AppSecDC2009-Sponsor-veracode.gif AppSecDC2009-Sponsor-whitehat.gif
 
 
 

Organizational Sponsors

AppSecDC2009-Sponsor-issa.gif Sponsor-isc2.gif
 

Reception Sponsors

AppSecDC2009-Sponsor-cenzic.gif

Coffee Sponsors

AppSecDC2009-Sponsor-fyrm.gif AppSecDC2009-Sponsor-denim.gif

Media