This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec NYC 2004"
(→Speaker Bios and Talk Summaries) |
(→OWASP Application Security 2004 in NYC) |
||
(24 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
== OWASP Application Security 2004 in NYC == | == OWASP Application Security 2004 in NYC == | ||
− | The OWASP Application Security Conference (AppSec) 2004 was a huge success. Thanks to all the presenters and participants for a very interesting weekend. | + | The OWASP Application Security Conference (AppSec) 2004 was a huge success. Thanks to all the presenters and participants for a very interesting weekend. |
== Day One Agenda == | == Day One Agenda == | ||
Line 10: | Line 10: | ||
| align="center" | '''Time''' || '''Title''' | | align="center" | '''Time''' || '''Title''' | ||
|- | |- | ||
− | | align="right" | 9.00 - 10.00 AM || '''Welcome to AppSec 2004''' - Mark Curphey, OWASP Founder/ Consulting Director Foundstone | + | | align="right" | 9.00 - 10.00 AM || '''[[Media: AppSec2004-Mark_Curphey-OWASP_Opening_Address.ppt|Welcome to AppSec 2004]]''' - Mark Curphey, OWASP Founder/ Consulting Director Foundstone |
|- | |- | ||
− | | align="right" | 10.00 - 10.40 AM || '''KeyNote''' - Teaching Developers to Fish! - Denis Verdon, Head of CISG, Fidelity National Financial | + | | align="right" | 10.00 - 10.40 AM || '''KeyNote''' - [[Media: AppSec2004-Denis_Verdon-Teaching_Developers_To_Fish.ppt|Teaching Developers to Fish!]] - Denis Verdon, Head of CISG, Fidelity National Financial |
|- | |- | ||
| align="right" | 10.40 - 11.00 AM || '''Break''' | | align="right" | 10.40 - 11.00 AM || '''Break''' | ||
|- | |- | ||
− | | align="right" | 11.00 - 11.40 PM || '''Software Security Metrics''' - Jack Danahy, President - Ounce Labs, Inc. | + | | align="right" | 11.00 - 11.40 PM || '''[[Media: AppSec2004-Jack_Danahy-Application_Security_Metrics.ppt|Software Security Metrics]]''' - Jack Danahy, President - Ounce Labs, Inc. |
|- | |- | ||
| align="right" | 11.40 - 11.50 PM || '''Break''' | | align="right" | 11.40 - 11.50 PM || '''Break''' | ||
|- | |- | ||
− | | align="right" | 11.50 - 12.30 PM || '''OWASP Projects''' - ISO7799 - Stan Guzik, Chief Technology Officer, Immediatech Corp | + | | align="right" | 11.50 - 12.30 PM || '''OWASP Projects''' - [[Media: AppSec2004-Stan_Guzik-ISO17799.ppt|ISO7799]] - Stan Guzik, Chief Technology Officer, Immediatech Corp |
|- | |- | ||
| align="right" | 12.30 - 1.30 PM || '''Lunch''' | | align="right" | 12.30 - 1.30 PM || '''Lunch''' | ||
|- | |- | ||
− | | align="right" | 1.00 - 1.40 PM || '''OWASP Projects''' - Testing Guide/SDLC - Mark Curphey, OWASP Founder/ Consulting Director Foundstone | + | | align="right" | 1.00 - 1.40 PM || '''OWASP Projects''' - [[Media: AppSec2004-Mark_Curphey-OWASP_Testing_Security.ppt|Testing Guide/SDLC]] - Mark Curphey, OWASP Founder/ Consulting Director Foundstone |
|- | |- | ||
| align="right" | 1.40 - 1.50 PM || '''Break''' | | align="right" | 1.40 - 1.50 PM || '''Break''' | ||
|- | |- | ||
− | | align="right" | 1.50 - 2.15 PM || '''OWASP Projects''' - WebGoat - Bruce Mayhew, Aspect Security | + | | align="right" | 1.50 - 2.15 PM || '''OWASP Projects''' - [[Media:AppSec2004-Bruce_Mayhew-WebGoat3.ppt|WebGoat]] - Bruce Mayhew, Aspect Security |
|- | |- | ||
− | | align="right" | 2.20 - 3.00 PM || '''Discussion''' - What do you want OWASP to accomplish this year? Jeff Williams, OWASP Chair, CIO Aspect Security | + | | align="right" | 2.20 - 3.00 PM || '''Discussion''' - [[Media: AppSec2004-Jeff_Williams-OWASP_Roadmap.ppt |What do you want OWASP to accomplish this year?]] Jeff Williams, OWASP Chair, CIO Aspect Security |
|- | |- | ||
| align="right" | 3.00 - 3.10 PM || '''Break''' | | align="right" | 3.00 - 3.10 PM || '''Break''' | ||
|- | |- | ||
− | | align="right" | 3.10 - 3.40 PM || '''Input validation where and how?''' Jeff Williams, OWASP Chair, CIO Aspect Security | + | | align="right" | 3.10 - 3.40 PM || '''[[Media: AppSec2004-Jeff_Williams-Input_Validation.ppt|Input validation where and how?]]''' Jeff Williams, OWASP Chair, CIO Aspect Security |
|- | |- | ||
| align="right" | 3.40 - 3.50 PM || '''Break''' | | align="right" | 3.40 - 3.50 PM || '''Break''' | ||
Line 46: | Line 46: | ||
| align="right" | 5.15 - 6.15 PM || '''Coffee/Social''' | | align="right" | 5.15 - 6.15 PM || '''Coffee/Social''' | ||
|} | |} | ||
− | |||
== Day Two Agenda == | == Day Two Agenda == | ||
Line 55: | Line 54: | ||
| align="center" | '''Time''' || '''Title''' | | align="center" | '''Time''' || '''Title''' | ||
|- | |- | ||
− | | align="right" | 9.00 - 9.40 AM || '''Beyond Best Practices''' - Dave Aitel, Immunity | + | | align="right" | 9.00 - 9.40 AM || '''[[Media: AppSec2004-Dave_Aitel-Beyond_Best_Practices.ppt|Beyond Best Practices]]''' - Dave Aitel, Immunity |
|- | |- | ||
| align="right" | 9.40 - 9.50 AM || '''Break''' | | align="right" | 9.40 - 9.50 AM || '''Break''' | ||
|- | |- | ||
− | | align="right" | 9.50 - 10.30 AM || '''Application Security Careers''' | + | | align="right" | 9.50 - 10.30 AM || '''[[Media: AppSec2004-Jeff_Combs-AppSec_Careers.ppt|Application Security Careers]]''' |
|- | |- | ||
| align="right" | 10.30 - 10.40 PM || '''Break''' | | align="right" | 10.30 - 10.40 PM || '''Break''' | ||
|- | |- | ||
− | | align="right" | 10.40 - 11.10 PM || '''Emerging Trends in Software Security''' - John Viega, Founder and Chief Scientist of Secure Software | + | | align="right" | 10.40 - 11.10 PM || '''[[Media: AppSec2004-John_Viega-Emerging_Trends_In_AppSec.ppt|Emerging Trends in Software Security]]''' - John Viega, Founder and Chief Scientist of Secure Software |
|- | |- | ||
| align="right" | 11.10 - 11.50 PM || '''Discussion: Finding Application Vulnerabilities. Comparing approaches''' | | align="right" | 11.10 - 11.50 PM || '''Discussion: Finding Application Vulnerabilities. Comparing approaches''' | ||
Line 71: | Line 70: | ||
| align="right" | 12.30 - 1.30 PM || '''Lunch''' | | align="right" | 12.30 - 1.30 PM || '''Lunch''' | ||
|- | |- | ||
− | | align="right" | 1.30 - 2.00 PM || '''Full Trust Asp.Net Insecurity''' - Dinis Cruz | + | | align="right" | 1.30 - 2.00 PM || '''Full Trust Asp.Net Insecurity, [[Media: AppSec2004-Dinis_Cruz-Full_Trust_Asp.Net_Security_Issues.ppt|PPTs]], [[Media: AppSec2004-Dinis_Cruz-Full_Trust_Videos.zip | videos]]''' - Dinis Cruz |
|- | |- | ||
− | | align="right" | 2.00 - 2.30 PM || '''Security Considerations in the System Development Life Cycle...''' - George Capehart, Founding Member of Capehart Associates LLC | + | | align="right" | 2.00 - 2.30 PM || '''[[Media: AppSec2004-George_Capehart-Web_Services_In_SDLC.ppt|Security Considerations in the System Development Life Cycle]]...''' - George Capehart, Founding Member of Capehart Associates LLC |
|- | |- | ||
| align="right" | 2.30 - 2.40 PM || '''Break''' | | align="right" | 2.30 - 2.40 PM || '''Break''' | ||
|- | |- | ||
− | | align="right" | 2.40 - 3.10 PM || '''Advanced Google Hacking''' - Kartik Trivedi, Senior Consultant/Lead Instructor - Foundstone | + | | align="right" | 2.40 - 3.10 PM || '''[[Media: AppSec2004-Kartik_Trivedi-Advanced_Google_Hacking.ppt|Advanced Google Hacking]]''' - Kartik Trivedi, Senior Consultant/Lead Instructor - Foundstone |
|- | |- | ||
| align="right" | 3.10 - 3.30 PM || '''Stevens Institute of Technology Address''' | | align="right" | 3.10 - 3.30 PM || '''Stevens Institute of Technology Address''' | ||
|- | |- | ||
− | | align="right" | 3.30 - 4.00 PM || '''Application Security and Academia''' - Andreas Fuchsberger, Information Security Group, Royal Holloway, University of London | + | | align="right" | 3.30 - 4.00 PM || '''[[Media:AppSec2004-Andreas_Fuchsberger-Building_Better_Programmers.ppt|Application Security and Academia]]''' - Andreas Fuchsberger, Information Security Group, Royal Holloway, University of London |
|- | |- | ||
| align="right" | 4.00 - 4.30 PM || '''Conference Wrap Up''' | | align="right" | 4.00 - 4.30 PM || '''Conference Wrap Up''' | ||
|} | |} | ||
− | |||
== Speaker Bios and Talk Summaries == | == Speaker Bios and Talk Summaries == | ||
Line 96: | Line 94: | ||
− | '''Mark Curphey''' - Mark has a Masters Degree in Information Security from Royal Holloway, University of London. He works for Foundstone as a consulting Director specializing in strategic application security work and was previously a Director for Information Security at Charles Schwab in San Francisco and ran the consulting teams on the East Coast out of Atlanta. He has held various positions with international investment banks in Europe and North America. In his spare time he enjoys his family (wife Cara, Son Jack (aged 3 years) and daughter Hana (aged 10 months)) and driving fast cars. [mailto:[email protected] [email protected]] | + | '''Mark Curphey''' - Mark has a Masters Degree in Information Security from [http://isg.rhul.ac.uk/ Royal Holloway, University of London]. He works for [http://www.foundstone.com/ Foundstone] as a consulting Director specializing in strategic application security work and was previously a Director for Information Security at [http://www.schab.com/ Charles Schwab] in San Francisco and ran the consulting teams on the East Coast out of Atlanta. He has held various positions with international investment banks in Europe and North America. In his spare time he enjoys his family (wife Cara, Son Jack (aged 3 years) and daughter Hana (aged 10 months)) and driving fast cars. [mailto:[email protected] [email protected]] |
Line 111: | Line 109: | ||
− | '''Stan Guzik''' - Stan, CISSP, MCP is the CTO for Immediatech Corp. His primary focus is on developing secure Internet based document management technologies targeting the financial markets. His areas of expertise include information security, information systems, SDLC, document management, and workflow. Previously Stan has held senior web application architecture positions for consulting companies specializing in web application development. In addition to holding a number of industry related certificates Stan also holds a Masters of Science in Information Systems from Stevens Institute of Technology. [mailto:[email protected] [email protected]] | + | '''Stan Guzik''' - Stan, CISSP, MCP is the CTO for Immediatech Corp. His primary focus is on developing secure Internet based document management technologies targeting the financial markets. His areas of expertise include information security, information systems, SDLC, document management, and workflow. Previously Stan has held senior web application architecture positions for consulting companies specializing in web application development. In addition to holding a number of industry related certificates Stan also holds a Masters of Science in Information Systems from [http://www.stevens.edu/ Stevens Institute of Technology]. [mailto:[email protected] [email protected]] |
Line 123: | Line 121: | ||
− | '''Jeff Williams''' - Jeff heads up the Top Ten project for OWASP and designed the original WebGoat architecture. Jeff is the founder and CEO of Aspect Security, Inc., an application security consulting company providing security code review, penetration testing, secure development training, and security engineering services. Jeff is an expert in computer security, an avid mountain biker, a lawyer, boomerang designer, and a firm believer in strong AI. [mailto:[email protected] [email protected]] | + | '''Jeff Williams''' - Jeff heads up the Top Ten project for OWASP and designed the original WebGoat architecture. Jeff is the founder and CEO of [http://www.aspectsecurity.com Aspect Security], Inc., an application security consulting company providing security code review, penetration testing, secure development training, and security engineering services. Jeff is an expert in computer security, an avid mountain biker, a lawyer, boomerang designer, and a firm believer in strong AI. [mailto:[email protected] [email protected]] |
Latest revision as of 19:58, 20 January 2009
OWASP Application Security 2004 in NYC
The OWASP Application Security Conference (AppSec) 2004 was a huge success. Thanks to all the presenters and participants for a very interesting weekend.
Day One Agenda
Saturday, June 19th, 2004
Time | Title |
9.00 - 10.00 AM | Welcome to AppSec 2004 - Mark Curphey, OWASP Founder/ Consulting Director Foundstone |
10.00 - 10.40 AM | KeyNote - Teaching Developers to Fish! - Denis Verdon, Head of CISG, Fidelity National Financial |
10.40 - 11.00 AM | Break |
11.00 - 11.40 PM | Software Security Metrics - Jack Danahy, President - Ounce Labs, Inc. |
11.40 - 11.50 PM | Break |
11.50 - 12.30 PM | OWASP Projects - ISO7799 - Stan Guzik, Chief Technology Officer, Immediatech Corp |
12.30 - 1.30 PM | Lunch |
1.00 - 1.40 PM | OWASP Projects - Testing Guide/SDLC - Mark Curphey, OWASP Founder/ Consulting Director Foundstone |
1.40 - 1.50 PM | Break |
1.50 - 2.15 PM | OWASP Projects - WebGoat - Bruce Mayhew, Aspect Security |
2.20 - 3.00 PM | Discussion - What do you want OWASP to accomplish this year? Jeff Williams, OWASP Chair, CIO Aspect Security |
3.00 - 3.10 PM | Break |
3.10 - 3.40 PM | Input validation where and how? Jeff Williams, OWASP Chair, CIO Aspect Security |
3.40 - 3.50 PM | Break |
3.50 - 4.20 PM | OASIS WAS-XML - Mark Curphey, OWASP Founder/ Consulting Director Foundstone |
4.20 - 4.30PM | Break |
4.30 - 5.15 PM | Discussion - Market Trends: Where is AppSec going? Jeff Williams, OWASP Chair, CIO Aspect Security |
5.15 - 6.15 PM | Coffee/Social |
Day Two Agenda
Sunday, June 20th, 2004
Time | Title |
9.00 - 9.40 AM | Beyond Best Practices - Dave Aitel, Immunity |
9.40 - 9.50 AM | Break |
9.50 - 10.30 AM | Application Security Careers |
10.30 - 10.40 PM | Break |
10.40 - 11.10 PM | Emerging Trends in Software Security - John Viega, Founder and Chief Scientist of Secure Software |
11.10 - 11.50 PM | Discussion: Finding Application Vulnerabilities. Comparing approaches |
11.50 - 12.30 PM | OWASP Project - oPortal - David Raphael |
12.30 - 1.30 PM | Lunch |
1.30 - 2.00 PM | Full Trust Asp.Net Insecurity, PPTs, videos - Dinis Cruz |
2.00 - 2.30 PM | Security Considerations in the System Development Life Cycle... - George Capehart, Founding Member of Capehart Associates LLC |
2.30 - 2.40 PM | Break |
2.40 - 3.10 PM | Advanced Google Hacking - Kartik Trivedi, Senior Consultant/Lead Instructor - Foundstone |
3.10 - 3.30 PM | Stevens Institute of Technology Address |
3.30 - 4.00 PM | Application Security and Academia - Andreas Fuchsberger, Information Security Group, Royal Holloway, University of London |
4.00 - 4.30 PM | Conference Wrap Up |
Speaker Bios and Talk Summaries
Denis Verdon - Head of CISG, Fidelity National Financial - Denis has 21 years experience in Information Security and IT in the Financial Services industry, much of which gained while working both as a senior security executive and as a consultant to senior security executives at Global 200 companies across 19 countries. Originally from a network design and engineering background, he has held senior positions at Price Waterhouse as European practice leader for Ethical Hacking, Ernst and Young International and as head of information security and risk management at Instinet. [email protected]
OWASP Project - oPortal -There are many different approaches to Portal architectures throughout the community. We at OWASP created a web framework for developing robust, secure, and feature rich web components. This presentation will go over the motivations and strategies behind the OWASP Portal software - oPortal. It will also review the various things we feel don't work well in large portals.
|