OWASP AppSec DC 2009 Schedule

From OWASP

Back to Conference Page

Training 11/10
Training 11/11
Talks 11/12
Talks 11/13

Day 1 - Nov 10th 2009
	Room 154A	Room 149B	Room 149A	Room 154B	Room 155
09:00-12:00	Day 1: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle	Day 1: Java EE Secure Code Review Sahba Kazerooni Security Compass	Threat Modeling Express Krishna Raja Security Compass	Foundations of Web Services and XML Security Dave Wichers Aspect Security	Live CD Matt Tesauro
12:00-13:00	Lunch
13:00-17:00	Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle	Java EE Secure Code Review Sahba Kazerooni Security Compass	Threat Modeling Express Krishna Raja Security Compass	Foundations of Web Services and XML Security Dave Wichers Aspect Security	Live CD Matt Tesauro

Back to Conference Page

Retrieved from "http://www.owasp.org/index.php/OWASP_AppSec_DC_2009_Schedule"

Day 1 - Nov 12th 2009
	OWASP (146A)	Tools (146B)	Web 2.0 (146C)	SDLC (152A)
07:30-08:50	Registration
08:50-09:00	Welcome and Opening Remarks
09:00-10:00	Keynote: Joe Jarzombek Video \| Slides
10:00-10:30	All about OWASP OWASP Board Video \| Slides
10:30-10:45	Coffee Break sponsored by
10:45-11:30	OWASP ESAPI Jeff Williams Video \| Slides	Clubbing WebApps with a Botnet Gunter Ollmann Video \| Slides	Understanding the Implications of Cloud Computing on Application Security Dennis Hurst Video \| Slides	Enterprise Application Security - GE's approach to solving root cause Darren Challey Video \| Slides
11:30-12:30	Hosted Lunch
12:30-1:15	Software Assurance Maturity Model (SAMM) Pravir Chandra Video \| Slides	The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security Jacob West Video \| Slides	Transparent Proxy Abuse Robert Auger Video \| Slides	Software Development The Next Security Frontier Jim Molini Video \| Slides
1:15-1:20	Break
1:20-2:05	DISA's Application Security and Development STIG: How OWASP Can Help You Jason Li Video \| Slides	OWASP ModSecurity Core Rule Set Project Ryan C. Barnett Video \| Slides	Development Issues Within AJAX Applications: How to Divert Threats Lars Ewe Video \| Slides	Secure SDLC Panel: Real answers from real experience Panelists: Dan Cornell Michael Craigue Dennis Hurst Joey Peloquin Keith Turpin Moderator: Pravir Chandra Video \| Slides
2:05-2:10	Break
2:10-2:55	Defend Yourself: Integrating Real Time Defenses into Online Applications Michael Coates Video \| Slides	Finding the Hotspots: Web-security testing with the Watcher tool Chris Weber Video \| Slides	Social Zombies: Your Friends Want to Eat Your Brains Tom Eston/Kevin Johnson Video \| Slides
2:55-3:10	Coffee Break sponsored by
3:10-3:55	The ESAPI Web Application Firewall Arshan Dabirsiaghi Video \| Slides	One Click Ownage Ferruh Mavituna Video \| Slides	Cloudy with a chance of 0-day Jon Rose/Tom Leavey Video \| Slides	The essential role of infosec in secure software development Kenneth R. van Wyk Video \| Slides
		Web Application Security Scanner Evaluation Criteria Brian Shura Video \| Slides
3:55-4:00	Break
4:00-4:45	OWASP Live CD: An open environment for Web Application Security Matt Tesauro / Brad Causey Video \| Slides	Learning by Breaking: A New Project Insecure Web Apps Chuck Willis Video \| Slides	Attacking WCF Web Services Brian Holyfield Video \| Slides	Vulnerability Management in an Application Security World Dan Cornell Video \| Slides
		Synergy! A world where the tools communicate Josh Abraham Video \| Slides
4:45-4:50	Break
4:50-5:55	The Entrepreneur's Guide to Career Management Lee Kushner Video \| Slides	Advanced SSL: The good, the bad, and the ugly Michael Coates Video \| Slides	When Web 2.0 Attacks - Understanding Security Implications of AJAX Flash and Highly Interactive Technologies Rafal Los Video \| Slides	Threat Modeling John Steven Video \| Slides
		User input piercing for Cross Site Scripting Attacks Matias Blanco Video \| Slides
6:00-8:00	Cocktails and hors d'oeuvres in the EXPO Room (151) Sponsored by

Day 2 - Nov 13th 2009
	Process (146A)	Attack & Defend (146B)	Metrics (146C)	Compliance (152A)
8:00-9:00	Registration & Coffee sponsored by
9:00-9:45	The Big Picture: Web Risks and Assessments Beyond Scanning Matt Fisher Video \| Slides	Securing the Core JEE Patterns Rohit Sethi/Krishna Raja Video \| Slides	The Web Hacking Incidents Database Ryan C. Barnett Video \| Slides	Business Logic Automatons: Friend or Foe? Amichai Shulman Video \| Slides
9:45-9:50	Break
9:50-10:35	Scalable Application Assessments in the Enterprise Tom Parker/Lars Ewe Video \| Slides	Malicious Developers and Enterprise Java Rootkits Jeff Williams Video \| Slides	Application security metrics from the organization on down to the vulnerabilities Chris Wysopal Video \| Slides	SCAP: Automating our way out of the Vulnerability Wheel of Pain Ed Bellis Video \| Slides
10:35-10:40	Break
10:40-11:25	Secure Software Updates: Update Like Conficker Jeremy Allen Video \| Slides	Unicode Transformations: Finding Elusive Vulnerabilities Chris Weber Video \| Slides	OWASP Top 10 - 2010 Release Candidate Dave Wichers Video \| Slides	Secure SDLC: The Good, The Bad, and The Ugly Joey Peloquin Video \| Slides
11:25-12:30	Hosted Lunch
12:30-1:15	Improving application security after an incident Cory Scott Video \| Slides	The 10 least-likely and most dangerous people on the Internet Robert Hansen Video \| Slides	Hacking by Numbers Tom Brennan Video \| Slides	Federal CISO Panel Video
1:15-1:20	Break
1:20-2:05	Deploying Secure Web Applications with OWASP Resources Sebastien Deleersnyder / Fabio Cerullo Video \| Slides	Automated vs. Manual Security: You can't filter The Stupid David Byrne/Charles Henderson Video \| Slides	Building an in-house application security assessment team Keith Turpin Video \| Slides
2:05-2:20	Coffee break sponsored by
2:20-3:05	OWASP O2 Platform - Open Platform for automating application security knowledge and workflows Dinis Cruz Video \| Slides	Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers Kevin Johnson, Justin Searle, Frank DiMaggio Video \| Slides	The OWASP Security Spending Benchmarks Project Dr. Boaz Gelbord Video \| Slides	Promoting Application Security within Federal Government Sarbari Gupta Video \| Slides
3:05-3:10	Break
3:10-3:55	Custom Intrusion Detection Techniques for Monitoring Web Applications Matthew Olney Video \| Slides	Manipulating Web Application Interfaces, a new approach to input validation Felipe Moreno-Strauch Video \| Slides	SANS Dshield Webhoneypot Project Jason Lam Video \| Slides	Techniques in Attacking and Defending XML/Web Services Mamoon Yunus/Jason Macy Video \| Slides
3:55-4:00	Break
4:00-4:15	Closing Remarks (146B) Mark Bristow, Rex Booth, Doug Wilson Video \| Slides

OWASP AppSec DC 2009 Schedule

From OWASP

Back to Conference Page

Back to Conference Page

Views

Personal tools

search

Navigation

Reference

Language

Toolbox

Day 2 - Nov 11th 2009
	Room 154A	Room 149B	Room 149A	Room 154B
09:00-12:00	Day 2: Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle	Day 2: Java EE Secure Code Review Sahba Kazerooni Security Compass	WebAppSec.php: Developing Secure Web Applications Robert Zakon	Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security
12:00-13:00	Lunch
13:00-17:00	Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework Justin Searle	Java EE Secure Code Review Sahba Kazerooni Security Compass	WebAppSec.php: Developing Secure Web Applications Robert Zakon	Leader and Manager Training - Leading the Development of Secure Applications John Pavone Aspect Security