Revision as of 19:59, 12 September 2008 (view source) Aspectmichelle (talk | contribs) (→‎[http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008]) ← Older edit		Revision as of 21:09, 12 September 2008 (view source) Brennan (talk | contribs) Newer edit →
Line 72:		Line 72:
	''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''		''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''
	|-		|-
−	| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | New Exploit Techniques	+	| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | New 0-Day Browser Exploits Clickjacking - yea, this is bad...
	''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''		''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''
	| style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity		| style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity

---

Revision as of 21:09, 12 September 2008

2008 OWASP USA, NYC

Last Update: 09/12/2008
OWASP Foundation is excited to announce a change of venue for our NYC AppSec 2008 Conference as of 9/11/2008 from downtown NYC to midtown. This was required due to the growing size of the conference and space limitations at our former venue. The prestigious Park Central New York Hotel (www.parkcentralny.com) will now host the largest OWASP AppSec Conference on record. Centrally located in the heart of New York City, this landmark choice of Midtown Manhattan hotels is just blocks from the Theater District, Central Park, Rockefeller Center, and numerous fine restaurants. Relocation to this modern venue enables OWASP to offer conference attendees additional seating space, onsite accommodations, and access to the best of what New York City has to offer.

Scroll down to see event agenda and training options

This conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, NYC ISACA, NYC ISSA and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown.

When:
Sept 22nd - 25th 2008

Where:
The Park Central Hotel - 870 Seventh Avenue at 56th Street New York, NY 10019-4038

How Much?
Seminar Fees: $350 OWASP Members / $400 Non-Members (includes 1 year OWASP individual membership) / $200 for Students (with student ID). 2 days of hands on training classes are also available.

---

Diamond Sponsor -

Platinum Sponsor - - -

Gold, Silver & Other Sponsors - - - - - - - - - - - - - - - - - - ~

Sponsorship Opportunities -- Press Registration -- Other OWASP Member Offers

---

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th

OWASP Speaker Agreement

Day 1 – Sept 24th, 2008
	Track 1: BALLROOM	Track 2: SKYLINE	Track 3: TIMESQUARE
07:30-08:50	Doors Open for Attendee/Speaker Registration avoid lines come early get your caffeine fix and use free wifi
09:00-09:45	OWASP Version 3.0 who we are, how we got here and where we are going? OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder, Paulo Coimbra, Kate Hartmann, Alison Shrader & all local chapter leaders
10:00-10:45	Analysis of the Web Hacking Incidents Database (WHID) Ofer Shezaf	Web Application Security Road Map Joe White	DHS Software Assurance Initiatives Stan Wisseman & Joe Jarzombek
11:00-11:45	Http Bot Research Andre M. DiMino - ShadowServer Foundation	OWASP "Google Hacking" Project Christian Heinrich	MalSpam Research Garth Bruen
12:00-13:00	Capture the Flag Sign-Up LUNCH - Provided by event sponsors @ TechExpo
12:00-12:45	Get Rich or Die Trying - Making Money on The Web, The Black Hat Way Trey Ford, Tom Brennan, Jeremiah Grossman	Framework-level Threat Analysis: Adding Science to the Art of Source-code review Rohit Sethi & Sahba Kazerooni	Automated Web-based Malware Behavioral Analysis Tyler Hudak
13:00-13:45	New 0-Day Browser Exploits Clickjacking - yea, this is bad... Jeremiah Grossman & Robert "RSnake" Hansen	WAF ModSecurity Ivan Ristic	Using Layer 8 and OWASP to Secure Web Applications David Stern & Roman Garber
14:00-14:45	Industry Outlook Panel: Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik SVP, RBS,Jennifer Bayuk Infosec Consultant & Philip Venables CISO, Goldman Sachs, Carlos Recalde SVP, Lehman Brothers, Tom King CISO, Barclays Capital, Mahi Dontamsetti Moderator	Security Assessing Java RMI Adam Boulton	JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web Yiannis Pavlosoglou
15:00-15:45	OWASP Testing Guide - Offensive Assessing Financial Applications Daniel Cuthbert	Wild Wild Web on Security Planet Mano Paul	Multidisciplinary Bank Attacks Gunter Ollmann
16:00-16:45	OWASP Enterprise Security API (ESAPI) Project Jeff Williams	Cross-Site Scripting Filter Evasion Alexios Fakos	Case Studies: Exploiting application testing tool deficiencies via "out of band" injection Vijay Akasapu & Marshall Heilman
17:00-17:45	Threading the Needle: Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks Arian Evans	Mastering PCI Section 6.6 Taylor McKinley and Jacob West	w3af - A Framework to own the web Andres Riancho
18:00-18:45	OWASP Live CD Joshua Perrymon	Coding Secure w/PHP Hans Zaunere	Payment Card Data Security and the new Enterprise Java Dr. B. V. Kumar & Mr. Abhay Bhargav
19:00-19:30	Party Set-Up BallRoom	(ISC)2 Pre-Party event, all welcome to attend for special announcement presented by: W. Hord Tipton, Executive Director of (ISC)2	Technology Movie Night Sneakers, WarGames, HackersArePeopleToo, TigerTeam from 19:00 - 22:00
19:30-22:00+	OWASP Event Party/Reception Event badge required for admission Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes. Location: HOTEL BALLROOM
Day 2 – Sept 25th, 2008
08:00-10:00	BREAKFAST - Provided by event sponsors @ TechExpo
08:00-08:45	Software Development: The Last Security Frontier W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²	Best Practices Guide: Web Application Firewalls Alexander Meisel	The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis Thomas Ryan & Steve Antoniewicz
09:00-09:45	OWASP Web Services Top Ten Gunnar Peterson	Tiger Team - APPSEC Projects Chris Nickerson	OpenSource Tools Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ
10:00-10:45	Building a tool for Security consultants: A story of a customized source code scanner Dinis Cruz	"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment Lee Kushner	Industry Analyst with Forrester Research Chenxi Wang
11:00-11:45	CLASP (Comprehensive, Lightweight Application Security Process) Pravir Chandra	Security in Agile Development Dave Wichers	Secure Software Impact Jack Danahy
12:00-12:45	Next Generation Cross Site Scripting Worms Arshan Dabirsiaghi	Security of Software-as-a-Service (SaaS) James Landis	Open Reverse Benchmarking Project Marce Luck & Tom Stracener
12:00-13:00	Capture the Flag Status LUNCH - Provided @ TechExpo
13:00-13:45	NIST SAMATE Static Analysis Tool Exposition (SATE) Vadim Okun	Lotus Notes/Domino Web Application Security Jian Hui Wang	Shootout @ Blackbox Corral Larry Suto
14:00-14:45	Practical Advanced Threat Modeling John Steven	The Owasp Orizon Project: towards version 1.0 Paolo Perego	Building Usable Security Zed Abbadi
15:00-15:45	Off-shoring Application Development? Security is Still Your Problem Rohyt Belani	OWASP EU Summit Portugal Dinis Cruz	Code Secrets Johan Peeters
16:00-16:45	Vulnerabilities in application interpreters and runtimes Erik Cabetas	Flash Parameter Injection (FPI) Ayal Yogev & Adi Sharabani	Special Guest
17:00-17:45	Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles
18:30-19:30	OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!

Technology Pavilion - September 24th and 25th

Want to see the latest offerings from technology product and service firms worldwide? Stop by the Technology Pavilion/TechExpo on September 24th and 25th.

Do you want to preview the event space Click Here

---

CPE Credits

Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.

The CISM cpe policy (www.isaca.org/cismcpepolicy) states:

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"

Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC

Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows: Training Courses: September 22-23, 2008 • 16 CPE units for 2 days of training (Monday - Tuesday) • 8 CPE units for 1 day of training (Monday or Tuesday Only) Conferences: September 24-25, 2008 Earn 1 CPE per hour of conference attendance

OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008

All classes begin at 9AM and end at 5:30PM

T1. Defensive Programming - 2-Days - $1350

This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software Learn More Here Instructor: Jason Rouse, Technical Manager,

T2. Secure Coding for Java EE - 2-Days - $1350
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including: Java EE security overview, All coding examples and recommendations are specifically focused on Java and Java servers, and 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class. Learn More Here Instructor: Dave Wichers:
T3. Web Services and XML Security - 2-Days - $1350
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here Instructor: Gunnar Peterson
T4. Advanced Web Application Security Testing - 2-Days - $1350
Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here Instructor: Eric Sheridan:
T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here Instructor: John Pavone:

T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. Learn More Here Instructor: Arshan Dabirsiaghi:

T8. Writing Secure Code ASP.NET - 2-Days - $1350

Understand the key security features of the .NET platform, the common web security pitfalls developers make, and how to build secure and reliable web applications using ASP.NET. Students are lead through hands on code examples that highlight issues and prescribe solutions. Learn More Here The instructors are Foundstone's Technical Director, Rudolph Araujo and Foundstone's Professional Services Consultant, Alex Smolen.

HOTELS / TRAVEL

Park Central Hotel - # 800.346.1359 / 212.247.8000 ROOM BLOCK # 41258 $549.00 per night. 870 Seventh Avenue at 56th Street, New York, NY 10019-4038

Hotels close to the venue

What is around APPSEC2008 - Area Attractions

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

EVENT SPONSORSHIP

The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

Sponsorship Opportunities- Register online: click here