This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

SnowFROC09 Planning Page

Revision as of 17:33, 5 September 2008 by Andylew (talk | contribs) (Who, What, Where, When, How Much?)

Jump to: navigation, search

Front Range Web Application Security Summit Planning - SnowFROC09

Who, What, Where, When, How Much?

The speakers below will be presenting at the Tivoli (again) on March 5th, 2009. This is a (Cost TBD) event - (coverage ammount/percentage) expenses may be covered by our sponsors. Registration will be at as soon as the site has been built.

SnowFROC09 Proposed Schedule – March 5th 2009

  • PLEASE NOTE - this is for PLANNING purposes only - speaker times/dates/topics may change so please check back from time-to-time.
(March 5th 2008)
(Maybe Tech) Track: (Maybe Management) Track:
08:00-09:00 Registration Opens and Tech Expo
09:00-9:30 Opening Keynote - (Somebody from Somewhere Discussing Something in a MOTIVATED Fashion)
9:40-10:40 (Some crazy universally-compelling topic - (Hopefully) Jeremiah Grossman, CTO & Founder of WhiteHat Security
10:50-11:50 (Some other crazy universally-compelling topic) - (Some compelling speaker)
13:00-14:15 (Crazy Tech Topic) (Security Savant who can keep people awake after lunch) (Crazy Management Topic)

(Management Savant who can keep people awake after lunch)

14:30-15:30 (Leveraging iTunes™ for pen-testing) (The Other Security Savant who can keep people awake, plus some keep-awake tunes) (Enthralling Management Topic) (The Other Management Savant)
15:40-16:00 Raffles & Awards
16:00-16:45 After-conference refreshments (on the slopes?)
17:00+ (tbd) Reception/after-conference mixer

The purpose of this page is to provide a workspace for Denver/Boulder OWASP members to collaborate and plan the upcoming SnowFROC09 (Snow Front Range Web Application Security Summit. It is almost official, and we almost have the meeting space reservation to prove it! Date: March 5th, 2009 Location: TBD - probably on the Auraria Campus in Downtown Denver again 900 Auraria Parkway Denver, CO 80204

Call For Papers

We will be seeking presentations AND logo ideas. A Call For Papers has been issued. The deadline for submissions is tbd, and speakers who are selected will be notified in good time. Please download the Call for Papers here (OBSOLETE)

Mission Statement

The purpose of the Front Range Web Application Security Summit is to provide a one-day workshop/conference during which individuals and organizations interested in Web Application Security can congregate to transfer knowledge, increase awareness of application layer security in the enterprise, and meet other like minded individuals.

Guiding Principles
No vendor soap boxes
Open, friendly environment
High quality content, professional delivery

Planner Contact Info

Project Manager: Niki Nicholls (niki at ambassadorservices D0T com)

Project Leads:

Overall planning and coordination: Kathy Thaxton kthaxton at businesspartnersolutions d0t c0m

Tech track lead: tbd (probably David Campbell (dcampbell at owasp dot org)

Management track lead: tbd

Project Planning Site (Basecamp login required)

Panel Discussion Topics

These are preliminary ideas; PLEASE FEEL FREE TO CONTRIBUTE by logging in to the wiki... It seems likely that only one or two will be able to get in-depth discussion; the remainder may be subject to a "Lightning round."

  1. Biggest problem incorporating security into the SDLC and how/if it was overcome
  2. Cost-justification strategies - how did you sell this?
  3. If there was one thing you'd do differently...
  4. The secret to motivating developers, testers, and QA'ers to adopt secure coding practices...
  5. Was a launch really postponed due to security concerns? What's the rest of the story?
  6. What are the best resources or references for succeeding in this area?
  7. What do you look for when hiring someone or engaging a company to participate with your SDLC
  8. What's your favorite story about how your Security Ops or Management team REDUCED your overall security in the name of security?
  9. At what point should security be introduced into the SDLC?
  10. What are some of the ways the group has seen security tools used internally and externally?
  11. How much time is really needed for manual testing?
  12. How do I budget for security testing (manual or otherwise) on applications?

Speaker Bios and Presentation Summaries

Attilla D. Hun "pwning a continent"

Alexandar D. Great "pwning the Alps - lessons learned"

Back to OWASP Denver

Back to OWASP Boulder