This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP NYC AppSec 2008 Conference"

From OWASP
Jump to: navigation, search
m (OWASP NYC AppSec 2008 - September 22th-25th 2008)
Line 3: Line 3:
 
= OWASP NYC AppSec 2008 - September 22th-25th 2008 =
 
= OWASP NYC AppSec 2008 - September 22th-25th 2008 =
 
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
 
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
In association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University] your invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at <b>[http://www.pace.edu/page.cfm?doc_id=16157 Pace University]</b>, located in downtown New York City at <b>One Pace Plaza New York, NY 10038.</b> Event Fees: $350 for 2 days of seminars, $675 for 1-day training classes and $1,350 for 2-day courses. [http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif] - do you want to preview the event space [http://www.flickr.com/photos/[email protected]/sets/72157604662279903/detail Click Here]
+
In association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University] you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at <b>[http://www.pace.edu/page.cfm?doc_id=16157 Pace University]</b>, located in downtown New York City at <b>One Pace Plaza New York, NY 10038.</b> Event Fees: $350 for 2 days of seminars, $675 for 1-day training classes and $1,350 for 2-day courses. [http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif] - do you want to preview the event space [http://www.flickr.com/photos/[email protected]/sets/72157604662279903/detail Click Here]
 
<hr>
 
<hr>
 
[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Diamond Sponsor] - [http://www.imperva.com https://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg]<br>
 
[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Diamond Sponsor] - [http://www.imperva.com https://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg]<br>

Revision as of 15:27, 5 May 2008

NYC08 468x60 72 newdates.gif

OWASP NYC AppSec 2008 - September 22th-25th 2008

Last Update: 05/5/2008 In association with: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, ISACA, ISSA and Pace University you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at Pace University, located in downtown New York City at One Pace Plaza New York, NY 10038. Event Fees: $350 for 2 days of seminars, $675 for 1-day training classes and $1,350 for 2-day courses. Register.gif - do you want to preview the event space Click Here


Diamond Sponsor - Imperva_2color_RGB.jpg

Platinum Sponsor - CenzicLogo_RGB.gif

Gold & Silver Sponsors -Accessit.JPG - Fortify.jpg - Aspect_logo.gif - Cigital_OWASP.GIF - OunceLabs_logo.jpg


Sponsorship Opportunities

OWASP NYC AppSec 2008 Conference Schedule – Sept 24th - Sept 25th

Day 1 – Sept 24th, 2008
Track 1: Track 2: Track 3:
08:00-09:30 Registration Opens and Tech Expo
09:30-10:30 Industry Panel - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy-EVP Citi, Jim Routh-CISO DTCC, Sunil Seshadri-CISO NYSE-Euronet, Warren Axelrod-SVP Bank of America, Joe Bernik-Royal Bank of Scotland, Philip Venables Managing Director and Chief Information Risk Officer, Goldman, Sachs & Co., USA - Moderator: Mahi Dontamsetti
10:30-11:30 Logic Attacks and Inefficiencies of Robotic Detection

Robert "RSnake" Hansen

Offensive Assessing Financial Apps

Daniel Cuthbert

Web Intrusion Detection with ModSecurity

Ivan Ristic

11:30-12:30 Reverse Engineering .NET

Adam Boulton

JBroFuzz 0.1 - 1.1: The History of Building a Java Fuzzer for Web Applications

Yiannis Pavlosoglou

OWASP LABRAT

Joshua Perrymon

12:30-13:30 Multidisciplinary Bank Attacks

Gunter Ollmann

OWASP CLASP

Pravir Chandra

Shootout at the Blackbox Corral

Dinis Cruz & Larry Suto

13:30-14:30 1 HR BREAK / TECH EXPO / LUNCH BREAK
14:30-15:30 W3AF Web Application Attack and Audit Framework

Andres Riancho

WASC Hacking Incidents

Ofer Shezaf

Security in Agile Development

Dave Wichers

15:30-16:30 OWASP Enterprise Security API (ESAPI) Project

Jeff Williams

Next Generation Cross Site Scripting Worms

Arshan Dabirsiaghi

"Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks." Arian Evans

16:30-17:30 Shhhh Don’t Tell Anybody

Petko D. Petkov, a.k.a. pdp

Secure PHP

Hans Zaunere

Payment Card Data Security and the new Enterprise Java

Dr. B. V. Kumar & Mr. Abhay

17:30-18:30 Notes Security

Jian Hui Wang

Mastering PCI Section 6.6

Taylor McKinley and Jacob West

AppSec Techniques

JD Glaser

18:30 Web Application Capture the Flag (All Night – Bring it!!)
20:00 V.I.P Reception
Day 2 – Sept 25th, 2008
08:00-09:00 Keynote: OWASP Version 3.0 where we are.. where we are going – Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder, Dave Wichers
09:15-10:00 '"We have all the tools, policies, frameworks, documents, community support available what works... what does not?" ' Industry Panel: <TBD>, <TBD>, <TBD>, <TBD>, <TBD> Moderator:Daniel Cuthbert
10:00-11:00 Practical Advanced Threat Modeling

John Steven

Open Reverse Benchmarking Project

Marce Luck & Tom Stracener

Building Usable Security

Zed Abbadi

11:00-12:00 Offshoring Application Development? Security is Still Your Problem

Rohyt Belani

OWASP Orizon Project

Paolo Perego

NIST SAMATE Static Analysis Tool Exposition (SATE)

Vadim Okun

12:00-13:00 AppSec Research

Mano Paul

Software Liability

Jack Danahy

Cross-Site Scripting Filter Evasion

Alexios Fakos

13:00-14:00 1 HR BREAK / TECH EXPO / LUNCH BREAK
14:00-15:00 Projects with OWASP

Steve Malson

OWASP Pantera Advances

Simon Roses Femerling

Software-as-a-Service (SaaS)

James Landis

15:00-16:00 "Out of Band" Injection

Vijay Akasapu & Marshall Heilman

OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth

Christian Heinrich

Caution, Java ahead

Jeremiah Grossman

16:00-17:00 Input validation: the Good, the Bad and the Ugly

Johan Peeters

Flash Parameter Injection (FPI)

Adi Sharabani

Learning the .Net Debugging API

Kevin Spett

17:00-18:00 Secure System Development Life Cycle (SSDLC) Methodology for SOA

Ken Huang

Web Security Education using Open Source Tools

Prof. Li-Chiou Chen & Chienitng Lin

Friend or Foe: Penetration Testing VS Source Code Analysis

Tom Ryan

18:30 Closing Remarks / CTF Awards / Raffles
21:00 Farewell dinner.. Go secure the world
Register.gif

Technology Pavilion - September 24th and 25th

Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On October 7th and 8th there will be 2 full days of exhibits by service providers and manufacturers from around the world.


OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008

T1. Defensive Programming - 2-Days - $1350
This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software Learn More Here

Instructor: Pravir Chandra, Project Lead OWASP CLASP Project, Principal Consultant, Cigital_OWASP.GIF

T2. Secure Coding for Java EE - 2-Days - $1350
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
  1. Java EE security overview,
  2. All coding examples and recommendations are specifically focused on Java and Java servers, and
  3. 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

Learn More Here

Instructor: This tutorial is provided by longtime OWASP contributor: Aspect_logo.gif

T3. Web Services and XML Security - 2-Days - $1350
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here

Instructor: Gunnar Peterson Arctec.jpg

T4. Advanced Web Application Security Testing - 2-Days - $1350
Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here

Instructor: This tutorial is provided by longtime OWASP contributor: Aspect_logo.gif

T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here

Instructor: This tutorial is provided by longtime OWASP contributor: Aspect_logo.gif

T6. Application Security Forensics - 1-Day - Sep 23rd - $675
Web application forensics and incident response, requires a solid understanding of web application, security issues – this 1 day class will provide you with a crashcourse on chain of custody and issues related to dealing with a breach
T7. Encryption Programming Using SKSML - 2-Days - $1350
Application developers are increasingly required to protect sensitive data through encryption. While there are many libraries that can assist with cryptography, there are few to none that focus on encryption key management.

This class will introduce you to an OASIS standards protocol - Symmetric Key Services Markup Language (SKSML) - and show you how it can be used to securely encrypt sensitive data and manage encryption keys across the enterprise. Learn More Here

Instructor: Arshad Noor, CTO, StrongAuth Inc. StrongAuth.jpg

Register.gif

HOTELS / TRAVEL

Hotel's in the area of the event

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

EVENT SPONSORSHIP

The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

Sponsorship Opportunities- Register online: click here