OWASP Minneapolis St Paul 2008 Conference
OWASP & FLOSS Application Security Mini-Conference 2008 - October 21, 2008
The Minneapolis - Saint Paul Chapter invites you to a one-day mini-conference at the University of Minnesota's St. Paul Student Center.
The cost of the conference is $25, which includes lunch.
|08:00-09:00||Registration Opens and Tech Expo|
|09:00-10:00||Introduction, OWASP conference|
Anil Kumar Revuru
Anil Kumar Revuru currently works for Microsoft as a Security Technologist where he is responsible for architecting security tools. In his previous life at Microsoft, Anil was conducting security design reviews, threat modeling, and application and source-code assessments. Previously as a Security Consultant for a security services vendor, he helped Fortune 100 clients evaluate the security of their software products and applications. He has authored security tools and has presented courses internally at Microsoft.
Anil holds a Diploma in Mechanical Engineering from JNTU Hyderabad. Anil displayed expert proficiency in the substantive and technical areas of design and development, He also made significant contribution to the security development of products at V-Empower Inc. After joining in Microsoft, he worked towards finding security weaknesses and providing necessary countermeasures to application teams. He excelled in his abilities by developing security tools such as Microsoft Threat Analysis and Modeling Tool used for application threat modeling
Topic: Microsoft Connected Information Security Framework (CISF) and Tools Description: The Connected Information Security Group, part of Microsoft internal Information Security organization are working on a technology framework and set of applications to support corporate information security management programs. The Microsoft corporate Information Security Organization (and a few 'early adopter' customers) will be dog-fooding early prototypes in late 2008/early 2009. This presentation provides a short overview of the problem space and current thinking on our approach to solving it.
We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review.
Bio: Elliott has over 25 years of information technology experience and has worked in the security field for over 10 years. He is currently Director of Security Architecture for the Depository Trust and Clearing Corporation (DTCC), where he has created a number of innovative solutions in the areas of security monitoring and security architecture. He also provides consulting to the organization on critical security issues. Prior to this, Mr. Glazer was Vice President for Security Solutions at American Express, leading many large and small solutions for the Internet, Security, Privacy, and Customer Servicing. Previous to this, Elliott held leadership positions at Citigroup, Sprint International, and BT Dialcom in software development and operations. He has led architecture, development, and operations organizations including an enterprise architecture group, Internet software development, and distrbitured operations among others.
Information Security Architecture Layers and Key Processes
Bio: Corey is a Principal Consultant with the Intrepidus Group, specializing in web and mobile application security. He has performed code reviews and conducted application penetration tests for numerous Fortune 500 clients.
Prior to joining Intrepidus Group’s professional services team, Corey served as a Senior Consultant and Trainer at Foundstone.
Corey is a polished public speaker and has been invited to speak at leading conferences like Black Hat, OWASP AppSec, NYCBSDCon, Secure Development World and Infragard. In addition, his expert opinion has been published in industry publications like eWeek. He has also published several whitepapers on cutting edge security issues, like vulnerabilities in AJAX, and the security implications of web browser data caching. He is the co-founder and leader of the OWASP Mobile Security Project, a consortium of mobile security developers and experts.
Corey has an undergraduate degree from Boston University. He is a Certified Information Systems Security Professional (CISSP).
Topic: Exploring the how poor application security mixed with a phishing is leading to a costly cocktail of disaster. This talk will go over real world examples of phishing attacks that have taken advantage of cross site scripting flaws, SQL injection vulnerabilities, session fixation attacks, and others web application flaws. Learn what phishers are doing to take their attacks to the next level by chaining multiple vulnerabilities together. The presentation will also share resources that help to track phishing trends and research
|14:00 - ?||
Happy hour and networking opps
Parking & Transportation
Public Parking: http://www1.umn.edu/pts/publicparking.htm
Map of St. Paul Campus Parking (PDF): http://www1.umn.edu/pts/maps/spcont.pdf
Campus Connector Shuttle: http://www1.umn.edu/pts/shuttle.htm
Metro Bus information: http://www1.umn.edu/pts/metrobuses.htm
Thank You To Our Sponsors
Conference space provided courtesy of the University of Minnesota Office of Information Technology University of Minnesota