Difference between revisions of "OWASP NYC AppSec 2008 Conference"

Latest revision as of 16:02, 31 March 2009

Introduction

This event was a great success, drawing together professionals from all around the world. Please see the agenda below for copies of the presentations and videos of all the talks!!

Conference Description: This vendor agnostic conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, NYC ISACA, NYC ISSA and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown.

SEE BELOW FOR VIDEO AND SLIDES - CLICK HERE FOR PHOTOS

Join the OWASP Linked'In Group

- - -

For Previous OWASP Conference Video CLICK HERE

2008 OWASP USA, NYC Conference Schedule – FULL VIDEO 50+ Speakers see below

Day 1 – Sept 24th, 2008
	Track 1: BALLROOM	Track 2: SKYLINE	Track 3: TIMESQUARE
07:30-08:50	Doors Open for Attendee/Speaker Registration avoid lines come early get your caffeine fix and use free wifi
09:00-09:45	OWASP Version 3.0 who we are, how we got here and where we are going? OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder EmbedVideo does not recognize the video service "googlevideo". Dave Wicher's Slides / Jeff William's Slides / Dinis Cruz's Slides
10:00-10:45	Analysis of the Web Hacking Incidents Database (WHID) Ofer Shezaf VIDEO / SLIDES	Web Application Security Road Map Joe White VIDEO / SLIDES	DHS Software Assurance Initiatives Stan Wisseman & Joe Jarzombek VIDEO / SLIDES
11:00-11:45	Http Bot Research Andre M. DiMino - ShadowServer Foundation VIDEO / SLIDES	OWASP "Google Hacking" Project Christian Heinrich VIDEO / SLIDES	MalSpam Research Garth Bruen VIDEO / SLIDES
12:00-13:00	Capture the Flag Sign-Up LUNCH - Provided by event sponsors @ TechExpo
12:00-12:45	Get Rich or Die Trying - Making Money on The Web, The Black Hat Way Trey Ford, Tom Brennan, Jeremiah Grossman VIDEO / SLIDES	Framework-level Threat Analysis: Adding Science to the Art of Source-code review Rohit Sethi & Sahba Kazerooni VIDEO / SLIDES	Automated Web-based Malware Behavioral Analysis Tyler Hudak VIDEO / SLIDES
13:00-13:45	New 0-Day Browser Exploits: Clickjacking - yea, this is bad... Jeremiah Grossman & Robert "RSnake" Hansen VIDEO / SLIDES	Web Intrusion Detection with ModSecurity Ivan Ristic VIDEO / SLIDES	Using Layer 8 and OWASP to Secure Web Applications David Stern & Roman Garber VIDEO / SLIDES
14:00-14:45	Application Security Industry Outlook Panel: Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Joe Bernik SVP, RBS Americas, Jennifer Bayuk Infosec Consultant, Philip Venables CISO, Goldman Sachs, Carlos Recalde SVP, Lehman Brothers, Moderator: Mahi Dontamsetti VIDEO / SLIDES	Security Assessing Java RMI Adam Boulton VIDEO / SLIDES	JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web Yiannis Pavlosoglou VIDEO / SLIDES
15:00-15:45	OWASP Testing Guide - Offensive Assessing Financial Applications Daniel Cuthbert VIDEO / SLIDES	Flash Parameter Injection (FPI) Ayal Yogev & Adi Sharabani VIDEO / SLIDES / PAPER	w3af - A Framework to own the web Andrés Riancho VIDEO / VIDEO
16:00-16:45	OWASP Enterprise Security API (ESAPI) Project Jeff Williams VIDEO / SLIDES	Cross-Site Scripting Filter Evasion Alexios Fakos VIDEO / SLIDES	Multidisciplinary Bank Attacks Gunter Ollmann VIDEO / SLIDES
17:00-17:45	Open Discussion On Application Security Joe Bernik & Steve Antoniewicz VIDEO / SLIDES	Mastering PCI Section 6.6 Taylor McKinley and Jacob West VIDEO / SLIDES	Case Studies: Exploiting application testing tool deficiencies via "out of band" injection Vijay Akasapu & Marshall Heilman VIDEO / SLIDES
18:00-18:45	Spearfishing and the OWASP Live CD Joshua Perrymon VIDEO / SLIDES	Phundamental Security - Coding Secure w/PHP Hans Zaunere VIDEO / SLIDES	Payment Card Data Security and the new Enterprise Java Dr. B. V. Kumar & Mr. Abhay Bhargav VIDEO / SLIDES
19:00-20:00	OWASP Chapter Leader / Project Leader working session OWSAP Board/Chapter Leaders	(ISC)2 Cocktail Hour All welcome to attend for a special announcement presented by: W. Hord Tipton, Executive Director of (ISC)2	Technology Movie Night Sneakers, WarGames, HackersArePeopleToo, TigerTeam from 19:00 - 23:00
20:00-23:00+	OWASP Event Party/Reception Event badge required for admission Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes. Location: HOTEL BALLROOM
Day 2 – Sept 25th, 2008
08:00-10:00	BREAKFAST - Provided by event sponsors @ TechExpo
08:00-08:45	Software Development and Management: The Last Security Frontier W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)² VIDEO / SLIDES	Best Practices Guide for Web Application Firewalls Alexander Meisel VIDEO / SLIDES	The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis Thomas Ryan VIDEO / SLIDES
09:00-09:45	OWASP Web Services Top Ten Gunnar Peterson VIDEO / SLIDES	Red And Tiger Team Application Security Projects Chris Nickerson VIDEO / SLIDES	OpenSource Tools Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ VIDEO / SLIDES
10:00-10:45	Building a tool for Security consultants: A story of a customized source code scanner Dinis Cruz VIDEO / SLIDES	"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment Lee Kushner VIDEO / SLIDES	Industry Analysis with Forrester Research Chenxi Wang VIDEO / SLIDES
11:00-11:45	Software Assurance Maturity Model (SAMM) Pravir Chandra VIDEO / SLIDES	Security in Agile Development Dave Wichers VIDEO / SLIDES	Secure Software Impact Jack Danahy VIDEO / SLIDES
12:00-12:45	Next Generation Cross Site Scripting Worms Arshan Dabirsiaghi VIDEO / SLIDES	Security of Software-as-a-Service (SaaS) James Landis VIDEO / SLIDES	Open Reverse Benchmarking Project Marce Luck & Tom Stracener VIDEO / SLIDES
12:00-13:00	Capture the Flag Status LUNCH - Provided @ TechExpo
13:00-13:45	NIST and SAMATE Static Analysis Tool Exposition (SATE) Vadim Okun VIDEO / SLIDES	Lotus Notes/Domino Web Application Security Jian Hui Wang VIDEO / SLIDES	Shootout @ Blackbox Corral Larry Suto VIDEO / SLIDES
14:00-14:45	Practical Advanced Threat Modeling John Steven VIDEO / SLIDES	The OWASP Orizon Project: towards version 1.0 Paolo Perego VIDEO / SLIDES	Building Usable Security Zed Abbadi VIDEO / SLIDES
15:00-15:45	Off-shoring Application Development? Security is Still Your Problem Rohyt Belani VIDEO / SLIDES	OWASP EU Summit Portugal Dinis Cruz VIDEO / SLIDES	A Security Architecture Case Study Johan Peeters VIDEO / SLIDES
16:00-16:45	Vulnerabilities in application interpreters and runtimes Erik Cabetas VIDEO / SLIDES	Cryptography For Penetration Testers Chris Eng VIDEO / SLIDES	Memory Corruption and Buffer Overflows Dave Aitel VIDEO / SLIDES
17:00-17:45	Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles EmbedVideo does not recognize the video service "googlevideo". VIDEO
18:30-19:30	OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!

So did you like the content? Lets us know.. Contact Us

EVENT SPONSORS

Diamond Sponsor -

Platinum Sponsor -

-

-

Gold, Silver, Expo & Other Sponsors - - - - - - - - - - - - - - - - - - - - -

Sponsorship Opportunities

CPE Credits

Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.

The CISM cpe policy (www.isaca.org/cismcpepolicy) states:

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"

Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC

Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows: Training Courses: September 22-23, 2008 • 16 CPE units for 2 days of training (Monday - Tuesday) • 8 CPE units for 1 day of training (Monday or Tuesday Only) Conferences: September 24-25, 2008 Earn 1 CPE per hour of conference attendance

OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008

All classes begin at 9AM and end at 5:30PM

T1. Defensive Programming - 2-Days - $1350
This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. Learn More Here Instructor: Jason Rouse, Technical Manager,

T2. Secure Coding for Java EE - 2-Days - $1350
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including: Java EE security overview, All coding examples and recommendations are specifically focused on Java and Java servers, and 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class. Learn More Here Instructor: Dave Wichers:
T3. Web Services and XML Security - 2-Days - $1350
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here Instructor: Gunnar Peterson
T4. Advanced Web Application Security Testing - 2-Days - $1350
Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here Instructor: Eric Sheridan:
T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here Instructor: John Pavone:

T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. Learn More Here Instructor: Arshan Dabirsiaghi:

T8. Secure Coding for .NET - 2-Days - $1350

This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of .NET focused content, including:

.NET security overview,
All coding examples and recommendations are specifically focused on C#.NET and/or VB.NET and IIS servers, and
3 additional hands on coding labs where the students find and then fix security vulnerabilities in a .NET application developed for the class. Both C# and VB.NET versions of the hands on coding labs are available.

Learn More Here

Instructor: Jerry Hoff:

HOTELS / TRAVEL

Park Central Hotel

Hotels close to the venue

What is around APPSEC2008 - Area Attractions

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

Difference between revisions of "OWASP NYC AppSec 2008 Conference"

Latest revision as of 16:02, 31 March 2009

Introduction

SEE BELOW FOR VIDEO AND SLIDES - CLICK HERE FOR PHOTOS

2008 OWASP USA, NYC Conference Schedule – FULL VIDEO 50+ Speakers see below

Day 1 – Sept 24th, 2008

Day 2 – Sept 25th, 2008

EVENT SPONSORS

CPE Credits

OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008

HOTELS / TRAVEL

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 1: / Line 1: @@
 __NOTOC__
-= 2008 OWASP USA, NYC =
+== Introduction ==
-Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
+This event was a great success, drawing together professionals from all around the world. Please see the agenda below for copies of the presentations and videos of all the talks!!
-<br>
-This conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net NYC ISACA], [http://www.nymissa.org NYC ISSA] and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown. <br>
-<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/6/61/Banner2_irfan.jpg]</center>
-<center>Scroll down to see event agenda and training options</center>
-<b>When/Where</b><br>
-Sept 22nd - 25th 2008<br>
-<u><b>[http://www.parkcentralny.com/location/location.cfm The Park Central Hotel - 870 Seventh Avenue at 56th Street New York, NY 10019-4038]</b></u>
-<b>How Much?</b><br>
+Conference Description: This vendor agnostic conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net NYC ISACA], [http://www.nymissa.org NYC ISSA] and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown.
-Seminar Fees: $350 [https://www.owasp.org/index.php/Membership#Categories_of_Membership OWASP Members] / $400 Non-Members (includes 1 year OWASP individual membership) / $200 for Students (with student ID).  [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference#OWASP_NYC_AppSec_2008_Training_Courses_-_September_22nd_and_23rd.2C_2008 2 days of hands on training classes] are also available.
-<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center><br>
-<hr>
-<center>[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg]<br>
-<br>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Platinum Sponsor]  - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif]  - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] -  [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center><br>
-[http://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Gold, Silver & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.foundstone.com/us/education-overview.asp http://www.owasp.org/images/2/26/Foundstone.jpg] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.denimgroup.com http://www.owasp.org/images/5/56/Denimgroup.jpg] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] -
-[http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.arctecgroup.net http://www.owasp.org/images/b/bf/Arctec.jpg] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
-[http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] -
-[http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
-[http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg]
 <br>
-<center>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities] -- [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration] -- [http://www.owasp.org/index.php/Member_Offers Other OWASP Member Offers] </center>
+<h2>SEE BELOW FOR VIDEO AND SLIDES - [http://www.flickr.com/photos/32167431@N06/tags/2008appsecusnewyork CLICK HERE FOR PHOTOS]</h2>
+<center> [http://www.linkedin.com/e/gis/36874 Join the OWASP Linked'In Group]
+- - -
+[https://www.owasp.org/index.php/Category:OWASP_Video For Previous OWASP Conference Video CLICK HERE]</center>
 <hr>
-<br>
+== 2008 OWASP USA, NYC Conference Schedule – FULL VIDEO 50+ Speakers see below ==
+{| style="width:80%" border="0" align="center"
+ ! colspan="4" align="center" style="background:#4058A0; color:white" |
-== 2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th ==
+<h2>Day 1 – Sept 24th, 2008 </h2>
-<center><h2>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/speakeragreement OWASP Speaker Agreement]</h2></center>
-{| style="width:80%" border="0" align="center"
- ! colspan="4" align="center" style="background:#4058A0; color:white" | <h2>Day 1 – Sept 24th, 2008 </h2>
   |-
   | style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1: BALLROOM
@@ Line 41: / Line 24: @@
 ''avoid lines come early get your caffeine fix and use free wifi''
 |-
-  | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Version 3.0 who we are, how we got here and where we are going?
+  | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | '''OWASP Version 3.0 who we are, how we got here and where we are going?'''<br>
-''OWASP Foundation: [http://www.owasp.org/index.php/Contact Jeff Williams], [http://www.owasp.org/index.php/Contact Dinis Cruz], [http://www.owasp.org/index.php/Contact Dave Wichers], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.owasp.org/index.php/Contact Sebastien Deleersnyder], [http://www.owasp.org/index.php/Contact Paulo Coimbra], [http://www.owasp.org/index.php/Contact Kate Hartmann], [http://www.owasp.org/index.php/Contact Alison Shrader] & [http://www.owasp.org/index.php/Category:OWASP_Chapter#Chapter_Support_Materials all local chapter leaders]
+''OWASP Foundation: [[Contact | Jeff Williams]], [[Contact | Dinis Cruz]], [[Contact | Dave Wichers]], [[Contact | Tom Brennan]], [[Contact | Sebastien Deleersnyder]]'' <br>
-''
+<center>{{#ev:googlevideo|-228977859802026041}}</center> <br>
+[http://www.owasp.org/images/b/b7/AppSecNYC08-Delivering_AppSec_Info.ppt Dave Wicher's Slides] / Jeff William's Slides / Dinis Cruz's Slides
 |-
-| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" |  [http://www.owasp.org/index.php/AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 Analysis of the Web Hacking Incidents Database (WHID)]
+| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="center" |  '''[[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 | Analysis of the Web Hacking Incidents Database (WHID)]]''' <br>
-''[http://blog.shezaf.com Ofer Shezaf]''
+''[http://blog.shezaf.com Ofer Shezaf]''<br>
-  | style="width:30%; background:#BCA57A" align="left" | [http://www.webappsecroadmap.com Web Application Security Road Map]  <br>
+[http://video.google.com/videoplay?docid=1130960689238372157&hl=en VIDEO] / SLIDES
-''[http://joesecurity.blogspot.com Joe White]''
+  | style="width:30%; background:#BCA57A" align="center" |
-| style="width:30%; background:#99FF99" align="left" |[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]
+'''[http://www.webappsecroadmap.com Web Application Security Road Map]'''<br>
-''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''
+''[http://joesecurity.blogspot.com Joe White]''<br>
+[http://video.google.com/videoplay?docid=-237406228011458703&hl=en VIDEO] / [https://sites.google.com/a/webappsecroadmap.com/main/announcements/owasp-appsec-2008-presentation-has-been-uploaded SLIDES]
+| style="width:30%; background:#99FF99" align="center" |
+'''[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]'''<br>
+''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''<br>
+[http://video.google.com/videoplay?docid=-6505795148329572484&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | Http Bot Research
+| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="center" |
-''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''
+'''Http Bot Research'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | OWASP "Google Hacking" Project
+''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''<br>
-''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''
+[http://video.google.com/videoplay?docid=1400503643786264015&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | MalSpam Research
+  | style="width:30%; background:#BCA57A" align="center" |
-'' [http://www.knujon.com/bios.html Garth Bruen]''
+'''OWASP "Google Hacking" Project'''<br>
+''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''<br>
+[http://video.google.com/videoplay?docid=5419982525671711780&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''MalSpam Research'''<br>
+'' [http://www.knujon.com/bios.html Garth Bruen]''<br>
+[http://video.google.com/videoplay?docid=-8813268235790993111&hl=en VIDEO] / SLIDES
 |-
-  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" |  [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Sign-Up
+  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Sign-Up
 ''LUNCH - Provided by event sponsors @ TechExpo''
 |-
-| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="left" | Get Rich or Die Trying - Making Money on The Web, The Black Hat Way
+| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="center" |
-''[http://www.linkedin.com/in/treyford Trey Ford], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.linkedin.com/pub/0/205/77a Jeremiah Grossman]''
+'''Get Rich or Die Trying - Making Money on The Web, The Black Hat Way'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | Framework-level Threat Analysis: Adding Science to the Art of Source-code review
+''[http://www.linkedin.com/in/treyford Trey Ford], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.linkedin.com/pub/0/205/77a Jeremiah Grossman]''<br>
-''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-rohit-sethi Rohit Sethi] & [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni Sahba Kazerooni]''
+[http://video.google.com/videoplay?docid=-7209323310151363553&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | Automated Web-based Malware Behavioral Analysis
+  | style="width:30%; background:#BCA57A" align="center" |
-''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''
+'''Framework-level Threat Analysis: Adding Science to the Art of Source-code review'''<br>
+''[[OWASP_NYC_AppSec_2008_Conference-rohit-sethi | Rohit Sethi]] & [[OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni | Sahba Kazerooni]]''<br>
+[http://video.google.com/videoplay?docid=8935251380629216945&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''Automated Web-based Malware Behavioral Analysis'''<br>
+''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''<br>
+[http://video.google.com/videoplay?docid=4204600308807371535&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | New 0-Day Browser Exploits: Clickjacking - yea, this is bad...
+| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="center" |
-''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''
+'''[http://blogs.adobe.com/psirt/2008/09/thanks_to_jeremiah_grossman_an.html New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity
+''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''<br>
-''[http://www.breach.com/company/executive-team/ Ivan Ristic]''
+[http://video.google.com/videoplay?docid=-5747622209791380934&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | Using Layer 8 and OWASP to Secure Web Applications
+  | style="width:30%; background:#BCA57A" align="center" |
-''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''
+'''Web Intrusion Detection with ModSecurity'''<br>
+''[http://www.breach.com/company/executive-team/ Ivan Ristic]''<br>
+[http://video.google.com/videoplay?docid=-7391448618249578180&hl=en VIDEO] / [[Media:OWASP_NYC_2008-Web_Intrusion_Detection_with_ModSecurity.pdf|SLIDES]]
+| style="width:30%; background:#99FF99" align="center" |
+'''Using Layer 8 and OWASP to Secure Web Applications'''<br>
+''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''<br>
+[http://video.google.com/videoplay?docid=-3883297889781954509&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Industry Outlook Panel: ''[http://www.linkedin.com/in/markclancy Mark Clancy] EVP CitiGroup, [http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, [http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, [http://www.linkedin.com/pub/0/1ba/4a9 Warren Axelrod] SVP Bank of America, [http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS,[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant & [http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, [http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers, [http://www.linkedin.com/pub/5/658/872 Tom King] CISO, Barclays Capital, <br> [http://www.linkedin.com/in/mahidontamsetti   Mahi Dontamsetti] Moderator''
+| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="center" | '''Application Security Industry Outlook Panel:'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Security_Assessing_Java_RMI Security Assessing Java RMI]
+''[http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, <br>
-''[http://www.linkedin.com/in/adamboulton Adam Boulton]''
+[http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, <br>
-| style="width:30%; background:#99FF99" align="left" | JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
+[http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS Americas,<br>
-''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou]''
+[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant,<br>
+[http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, <br>
+[http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers, <br>
+Moderator: [http://www.linkedin.com/in/mahidontamsetti   Mahi Dontamsetti]''<br>
+[http://video.google.com/videoplay?docid=-7051719323294878516&hl=en VIDEO] / SLIDES
+  | style="width:30%; background:#BCA57A" align="center" |
+'''[http://www.owasp.org/index.php/Security_Assessing_Java_RMI Security Assessing Java RMI] '''<br>
+''[http://www.linkedin.com/in/adamboulton Adam Boulton]''<br>
+[http://video.google.com/videoplay?docid=1673714450539106400&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web'''<br>
+''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou | Yiannis Pavlosoglou]]''<br>
+[http://video.google.com/videoplay?docid=-1551704659206071145&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" |OWASP Testing Guide - Offensive Assessing Financial Applications
+| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="center" |
-'' [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
+'''OWASP Testing Guide - Offensive Assessing Financial Applications'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
+'' [[OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert | Daniel Cuthbert]]''<br>
-''Ayal Yogev & Adi Sharabani''
+[http://video.google.com/videoplay?docid=-3228312539505217121&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" |[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af - A Framework to own the web]
+  | style="width:30%; background:#BCA57A" align="center" |
-''Andres Riancho''
+'''Flash Parameter Injection (FPI)'''<br>
+''Ayal Yogev & Adi Sharabani''<br>
+[http://video.google.com/videoplay?docid=7818654218575619118&hl=en VIDEO] / [http://blog.watchfire.com/FPI.ppt SLIDES] / [http://blog.watchfire.com/FPI.pdf PAPER]
+| style="width:30%; background:#99FF99" align="center" |
+'''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho | w3af - A Framework to own the web]]'''<br>
+''[http://www.bonsai-sec.com/ Andrés Riancho]''<br>
+[http://video.google.com/videoplay?docid=4354579888802327250&hl=en VIDEO] / VIDEO
 |-
-| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API [http://www.owasp.org/index.php/ESAPI (ESAPI) Project]
+| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="center" |
-'' [http://www.aspectsecurity.com/management.htm Jeff Williams]''
+'''OWASP Enterprise Security API [[ESAPI | (ESAPI) Project]]'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | Cross-Site Scripting Filter Evasion
+'' [http://www.aspectsecurity.com/management.htm Jeff Williams]''<br>
-''Alexios Fakos''
+[http://video.google.com/videoplay?docid=-2912157383449643073&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
+  | style="width:30%; background:#BCA57A" align="center" |
-''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''
+'''Cross-Site Scripting Filter Evasion'''<br>
+''Alexios Fakos''<br>
+[http://video.google.com/videoplay?docid=-6974576754943514571&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann | Multidisciplinary Bank Attacks]]'''<br>
+''Gunter Ollmann''<br>
+[http://video.google.com/videoplay?docid=3041861094296331549&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="left" | Threading the Needle:
+| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="center" |
-Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks
+'''Open Discussion On Application Security'''<br>
-'' [http://www.linkedin.com/in/arianevans Arian Evans]''
+''Joe Bernik & Steve Antoniewicz''<br>
-  | style="width:30%; background:#BCA57A" align="left" | Mastering PCI Section 6.6
+[http://video.google.com/videoplay?docid=6718671647859572098&hl=en VIDEO] / SLIDES
-''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''
+  | style="width:30%; background:#BCA57A" align="center" |
-| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
+'''Mastering PCI Section 6.6'''<br>
-''Gunter Ollmann''
+''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''<br>
+[http://video.google.com/videoplay?docid=-2544477786674220116&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''Case Studies: Exploiting application testing tool deficiencies via "out of band" injection'''<br>
+''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''<br>
+[http://video.google.com/videoplay?docid=7623989457736720764&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP Live CD]
+| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="center" |
-'' [http://www.linkedin.com/in/packetfocus Joshua Perrymon]''
+'''[http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project Spearfishing and the OWASP Live CD]'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | Coding Secure w/PHP
+''[http://www.linkedin.com/in/packetfocus Joshua Perrymon]''<br>
-''[http://www.linkedin.com/in/zaunere Hans Zaunere]''
+[http://video.google.com/videoplay?docid=-4419524791864555496&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Payment_Card_Data_Security_and_the_new_Enterprise_Java Payment Card Data Security and the new Enterprise Java]
+  | style="width:30%; background:#BCA57A" align="center" |
-''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar Dr. B. V. Kumar] & [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav Mr. Abhay Bhargav]''
+'''Phundamental Security - Coding Secure w/PHP'''<br>
+''[http://www.linkedin.com/in/zaunere Hans Zaunere]''<br>
+[http://video.google.com/videoplay?docid=3477751371038020741&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''[[Payment_Card_Data_Security_and_the_new_Enterprise_Java | Payment Card Data Security and the new Enterprise Java]]'''<br>
+''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar | Dr. B. V. Kumar]] & [[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav | Mr. Abhay Bhargav]]''<br>
+[http://video.google.com/videoplay?docid=4488848043144792234&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 19:00-20:00 || style="width:30%; background:#BC857A" align="left" | OWASP Chapter Leader / Project Leader working session
+| style="width:10%; background:#7B8ABD" | 19:00-20:00 || style="width:30%; background:#BC857A" align="center" |
-  | style="width:30%; background:#BCA57A" align="left" | <b>(ISC)2 Cocktail Hour</b> all welcome to attend for special announcement <br> presented by: [https://www.isc2.org/cgi-bin/content.cgi?page=351 W. Hord Tipton, Executive Director of (ISC)2]
+'''OWASP Chapter Leader / Project Leader working session'''<br>
-| style="width:30%; background:#99FF99" align="left" | Technology Movie Night ''[http://www.youtube.com/watch?v=LlKDkTbUFhU&feature=related Sneakers], [http://www.youtube.com/watch?v=tAcEzhQ7oqA WarGames], [http://hackersarepeopletoo.com HackersArePeopleToo], [http://www.youtube.com/watch?v=4Be-ZzcXVLw TigerTeam]'' from 19:00 - 23:00
+''OWSAP Board/Chapter Leaders''
+  | style="width:30%; background:#BCA57A" align="center" |
+'''(ISC)2 Cocktail Hour'''<br>
+All welcome to attend for a special announcement presented by:<br>
+[https://www.isc2.org/cgi-bin/content.cgi?page=351 W. Hord Tipton, Executive Director of (ISC)2]
+| style="width:30%; background:#99FF99" align="center" |
+'''Technology Movie Night'''<br>
+''[http://www.youtube.com/watch?v=LlKDkTbUFhU&feature=related Sneakers], [http://www.youtube.com/watch?v=tAcEzhQ7oqA WarGames], [http://hackersarepeopletoo.com HackersArePeopleToo], [http://www.youtube.com/watch?v=4Be-ZzcXVLw TigerTeam]'' <br>
+from 19:00 - 23:00
 |-
-  | style="width:10%; background:#7B8ABD" | 20:00-23:00+ || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Event Party/Reception <br>Event badge required for admission <br>[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.] <br>''Location: HOTEL BALLROOM''</b>
+  | style="width:10%; background:#7B8ABD" | 20:00-23:00+ || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Event Party/Reception <br>Event badge required for admission <br>[[OWASP_NYC_AppSec_2008_Conference/ctf | Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.]] <br>''Location: HOTEL BALLROOM''
 <br>
 |-
@@ Line 127: / Line 176: @@
 |-
-| style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="left" | Software Development: The Last Security Frontier
+| style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="center" |
-''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior
+'''Software Development and Management: The Last Security Frontier'''<br>
-Executive Director and member of the Board of Directors, (ISC)²''
+''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²''<br>
-  | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls Best Practices Guide: Web Application Firewalls]
+[http://video.google.com/videoplay?docid=-4023599059084294937&hl=en VIDEO] / SLIDES
-''Alexander Meisel''
+  | style="width:30%; background:#BCA57A" align="center" |
-| style="width:30%; background:#99FF99" align="left" | The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
+'''[[AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls | Best Practices Guide for Web Application Firewalls]]'''<br>
-''[http://www.linkedin.com/in/tommyryan Thomas Ryan]'' & ''[http://www.linkedin.com/in/steveantoniewicz Steve Antoniewicz]''
+''Alexander Meisel''<br>
+[http://video.google.com/videoplay?docid=-2977259539412442033&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
+'''<br>
+''[http://www.linkedin.com/in/tommyryan Thomas Ryan]''<br>
+[http://video.google.com/videoplay?docid=-442445248884665643&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="left" | OWASP Web Services Top Ten
+| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="center" |
-''[http://1raindrop.typepad.com Gunnar Peterson]''
+'''OWASP Web Services Top Ten'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | [http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html Tiger Team - APPSEC Projects]
+''[http://1raindrop.typepad.com Gunnar Peterson]''<br>
-''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''
+[http://video.google.com/videoplay?docid=5680040858618100893&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | OpenSource Tools ''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''
+  | style="width:30%; background:#BCA57A" align="center" |
+'''[http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html  Red And Tiger Team Application Security Projects]'''<br>
+''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''<br>
+[http://video.google.com/videoplay?docid=-1638710543904774703&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''OpenSource Tools'''<br>
+''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''<br>
+[http://video.google.com/videoplay?docid=6174945058170583976&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="left" | Building a tool for Security consultants: A story of a customized source code scanner
+| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="center" |
-''Dinis Cruz''
+'''Building a tool for Security consultants: A story of a customized source code scanner'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | "Help Wanted" [http://www.infosecleaders.com/survey 7 Things You Need to Know APPSEC/INFOSEC Employment]
+''Dinis Cruz''<br>
-''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''
+[http://video.google.com/videoplay?docid=5269154656993046978&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | Industry Analyst with Forrester Research
+  | style="width:30%; background:#BCA57A" align="center" |
-''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''
+'''"Help Wanted" [http://www.infosecleaders.com/survey 7 Things You Need to Know APPSEC/INFOSEC Employment]'''<br>
+''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''<br>
+[http://video.google.com/videoplay?docid=5330096815878108179&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''Industry Analysis with Forrester Research'''<br>
+''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''<br>
+[http://video.google.com/videoplay?docid=1391450504589087806&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project CLASP (Comprehensive, Lightweight Application Security Process)]
+| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="center" |
-''Pravir Chandra''
+'''Software Assurance Maturity Model (SAMM)'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | Security in Agile Development
+''Pravir Chandra''<br>
-''[http://www.owasp.org/index.php/User:Wichers Dave Wichers]''
+[http://video.google.com/videoplay?docid=-7453282550277559385&hl=en VIDEO] / [https://www.owasp.org/images/2/2e/OWASP_CLASP_SAMM.ppt SLIDES]
-| style="width:30%; background:#99FF99" align="left" | Secure Software Impact
+  | style="width:30%; background:#BCA57A" align="CENTER" |
-''[http://ouncelabs.com/company/team.asp Jack Danahy]''
+'''Security in Agile Development'''<br>
+''[[User:Wichers | Dave Wichers]]''<br>
+[http://video.google.com/videoplay?docid=-8287209466278543377&hl=en VIDEO] / [http://www.owasp.org/images/a/a3/AppSecNYC08-Agile_and_Secure.ppt SLIDES]
+| style="width:30%; background:#99FF99" align="center" |
+'''Secure Software Impact'''<br>
+''[http://ouncelabs.com/company/team.asp Jack Danahy]''<br>
+[http://video.google.com/videoplay?docid=-3851913297265683210&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="left" | Next Generation Cross Site Scripting Worms
+| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="center" |
-''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''
+'''Next Generation Cross Site Scripting Worms '''<br>
-  | style="width:30%; background:#BCA57A" align="left" | Security of Software-as-a-Service (SaaS)
+''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''<br>
-''[http://www.linkedin.com/pub/6/372/45a James Landis]''
+[http://video.google.com/videoplay?docid=-2782535918275323123&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | [http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]
+  | style="width:30%; background:#BCA57A" align="center" |
-''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''
+'''Security of Software-as-a-Service (SaaS)'''<br>
+''[http://www.linkedin.com/pub/6/372/45a James Landis]''<br>
+[http://video.google.com/videoplay?docid=-513622114181563795&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''[http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]'''<br>
+''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''<br>
+[http://video.google.com/videoplay?docid=4352770935920515328&hl=en VIDEO] / SLIDES
 |-
-  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference/ctf Capture the Flag] Status
+  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Status
 ''LUNCH - Provided @ TechExpo''
 |-
-| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | [[NIST SAMATE Static Analysis Tool Exposition (SATE)]]
+| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="center" |
-''[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-vadim-okun Vadim Okun]''
+'''[[NIST SAMATE Static Analysis Tool Exposition (SATE) | NIST and SAMATE Static Analysis Tool Exposition (SATE)]]'''<br>
-| style="width:30%; background:#BCA57A" align="left" | [https://www.owasp.org/index.php/User_talk:Jian Lotus Notes/Domino Web Application Security]
+''[[OWASP_NYC_AppSec_2008_Conference-vadim-okun | Vadim Okun]]''<br>
-''[https://www.owasp.org/index.php/User_talk:Jian Jian Hui Wang]''
+[http://video.google.com/videoplay?docid=-7567012344169452280&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | Shootout @ Blackbox Corral
+| style="width:30%; background:#BCA57A" align="center" |
-''Larry Suto ''
+'''[[User_talk:Jian | Lotus Notes/Domino Web Application Security]]'''<br>
+''[[User_talk:Jian | Jian Hui Wang]]''<br>
+[http://video.google.com/videoplay?docid=8645149711234878540&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''Shootout @ Blackbox Corral'''<br>
+''Larry Suto''<br>
+[http://video.google.com/videoplay?docid=-1565567642122481539&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
+| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="center" |
-''John Steven''
+'''Practical Advanced Threat Modeling'''<br>
- | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project The Owasp Orizon Project: towards version 1.0]
+''John Steven''<br>
-[https://www.owasp.org/index.php/User:Thesp0nge Paolo Perego]
+[http://video.google.com/videoplay?docid=-734106766899160289&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | [http://www.owasp.org/index.php/Building_Usable_Security Building Usable Security]
+| style="width:30%; background:#BCA57A" align="center" |
-[http://www.owasp.org/index.php/Zed_Abbadi Zed Abbadi]
+'''[http://www.owasp.org/index.php/Category:OWASP_Orizon_Project The OWASP Orizon Project: towards version 1.0]'''<br>
+''[[User:Thesp0nge | Paolo Perego]]''<br>
+[http://video.google.com/videoplay?docid=-9104434795648450379&hl=en VIDEO] / [http://www.owasp.org/index.php/Image:The_Owasp_Orizon_Project_Towards_version_1.0_v1.0.ppt#file SLIDES]
+| style="width:30%; background:#99FF99" align="center" |
+'''[[Building_Usable_Security | Building Usable Security]]'''<br>
+''[[Zed_Abbadi | Zed Abbadi]]''<br>
+[http://video.google.com/videoplay?docid=8782541141810029760&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="left" | Off-shoring Application Development? Security is Still Your Problem
+| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="center" |
-''Rohyt Belani''
+'''Off-shoring Application Development? Security is Still Your Problem'''<br>
- | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/OWASP_EU_Summit_2008 OWASP EU Summit Portugal]
+''Rohyt Belani''<br>
-''Dinis Cruz''
+[http://video.google.com/videoplay?docid=1042293104444687505&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | Code Secrets
+| style="width:30%; background:#BCA57A" align="center" |
-''[http://johanpeeters.com Johan Peeters]''
+'''[[OWASP_EU_Summit_2008 | OWASP EU Summit Portugal]]'''<br>
+''Dinis Cruz''<br>
+[http://video.google.com/videoplay?docid=-7044581008789784268&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''A Security Architecture Case Study'''<br>
+''[http://johanpeeters.com Johan Peeters]''<br>
+[http://video.google.com/videoplay?docid=-4553372140069628300&hl=en VIDEO] / SLIDES
 |-
-| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="left" | Vulnerabilities in application interpreters and runtimes
+| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="center" |
-''Erik Cabetas''
+'''Vulnerabilities in application interpreters and runtimes'''<br>
-  | style="width:30%; background:#BCA57A" align="left" | Detecting User Disposition - Polar Bears in a Whiteout [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''
+''Erik Cabetas''<br>
+[http://video.google.com/videoplay?docid=7859413573034669384&hl=en VIDEO] / SLIDES
-| style="width:30%; background:#99FF99" align="left" | Special Guest
+  | style="width:30%; background:#BCA57A" align="center" |
+'''Cryptography For Penetration Testers'''<br>
+''Chris Eng''<br>
+[http://video.google.com/videoplay?docid=-5187022592682372937&hl=en VIDEO] / SLIDES
+| style="width:30%; background:#99FF99" align="center" |
+'''Memory Corruption and Buffer Overflows'''<br>
+''[http://www.immunitysec.com Dave Aitel]''<br>
+[http://video.google.com/videoplay?docid=-1012125050474412771&hl=en VIDEO] / SLIDES
 |-
   | style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" |  '''Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles'''
+<center>{{#ev:googlevideo|8211027328063203438}}</center> <br>
+[http://video.google.com/videoplay?docid=8211027328063203438&hl=en VIDEO]
 |-
-  | style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!
+ | style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!
 |}
+<br>
+<center><b> So did you like the content? Lets us know.. [http://www.owasp.org/index.php/Contact Contact Us] </b></center>
+<br>
-<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 http://www.owasp.org/images/7/7f/Register.gif]</center>
+== EVENT SPONSORS ==
-== Technology Pavilion - September 24th and 25th  ==
-Want to see the latest offerings from technology product and service firms worldwide? Stop by the Technology Pavilion/TechExpo on September 24th and 25th.
-Do you want to preview the event space [http://www.parkcentralny.com/meetings/floor_plans.cfm Click Here]
+<hr>
+<center>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg]<br>
+<br>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Platinum Sponsor]  - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif]  - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] -  [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center><br>
+[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Gold, Silver, Expo & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.denimgroup.com http://www.owasp.org/images/5/56/Denimgroup.jpg] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] -
+[http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
+[http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] -
+[http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
+[http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg] - [http://www.symantec.com https://www.owasp.org/images/2/26/New_Symantec_Logo.jpg] - [http://www.prevalent.net https://www.owasp.org/images/4/47/Prev_Logo_with_Tag_Line.jpg] - [http://www.mclabs.com https://www.owasp.org/images/9/91/MicroTek.jpg] - [http://www.protiviti.com https://www.owasp.org/images/c/cf/Protiviti.jpg]
+<br>
+<center>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Sponsorship Opportunities]</center>
 <hr>
@@ Line 280: / Line 393: @@
   {| style="width:80%" border="0" align="center"
-  ! align="center" style="background:#4058A0; color:white" | T8. Writing Secure Code  ASP.NET - 2-Days - $1350
+  ! align="center" style="background:#4058A0; color:white" | T8. Secure Coding for .NET - 2-Days - $1350
   |-
-  | style="background:#F2F2F2" | Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. [[:Category:OWASP_AppSec_Conference_Training#T8._Writing_Secure_Code_ASP.NET_-_Sep_22-23.2C_2008 | Learn More Here]]
+  | style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of .NET focused content, including:
+# .NET security overview,
+# All coding examples and recommendations are specifically focused on C#.NET and/or VB.NET and IIS servers, and
+# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a .NET application developed for the class. Both C# and VB.NET versions of the hands on coding labs are available.
+[[:Category:OWASP_AppSec_Conference_Training#T8._Writing_Secure_Code_ASP.NET_-_Sep_22-23.2C_2008 | Learn More Here]]
-The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Consultant, Alex Smolen. [http://www.foundstone.com/us/education-overview.asp https://www.owasp.org/images/2/26/Foundstone.jpg]
+Instructor: Jerry Hoff: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
 |}
-<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>
 <h2> HOTELS / TRAVEL </h2>
-[http://www.parkcentralny.com Park Central Hotel] - # 800.346.1359 / 212.247.8000  ROOM BLOCK # 41258 $549.00 per night.
+[http://www.parkcentralny.com Park Central Hotel]
-Seventh Avenue at 56th Street, New York, NY 10019-4038
 [http://maps.google.com/maps?near=7th+Ave+%26+W+56th+St,+New+York,+NY&geocode=&q=hotels&f=l&sll=40.766339,-73.980539&sspn=0.007654,0.02223&ie=UTF8&ll=40.764681,-73.980668&spn=0.007655,0.02223&z=16 Hotels close to the venue]
@@ Line 309: / Line 425: @@
 New York City local news: http://www.ny1news.com
-<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.
-<b>[https://www.owasp.org/images/6/66/NY_Sponsorship_Form_update_%282%29.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]</b>