AppSecDC Schedule 09

 Day 1 - Nov 12th 2009  OWASP Tools SDLC Web 2.0 07:30-09:00 Registration 08:45-09:00 Welcome and Opening Remarks 09:00-10:00 Keynote: Joe Jarzombek 10:30-10:30 Coffee Break & Room Change 10:30-11:30 OWASP ESAPI Jeff Williams <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Manipulating Web Application Interfaces, a new approach to input validation Felipe Moreno-Strauch <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">Development Issues Within AJAX Applications: How to Divert Threats Lars Ewe <td height="120" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Understanding the Implications of Cloud Computing on Application Security Dennis Hurst <td height="120" bgcolor="#7B8ABD" width="67" valign="middle">11:30-12:30 <td height="120" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">Software Assurance Maturity Model (SAMM) Pravir Chandra <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security Jacob West <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200"> Enterprise Application Security - GE's approach to solving root cause Darren Challey <td height="120" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Transparent Proxy Abuse Robert Auger <td height="120" bgcolor="#7B8ABD" width="67" valign="middle">12:30-13:30 <td height="120" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">DISA's Application Security and Development STIG: How OWASP Can Help You Jason Li <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">OWASP ModSecurity Core Rule Set Project Ryan C. Barnett <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">The essential role of infosec in secure software development Kenneth R. van Wyk <td height="120" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Fracturing Flex For Fun- An Alliterative Attackers Approach Jon Rose/Kevin Stadmeyer <td height="60" bgcolor="#7B8ABD" width="67" valign="middle">13:30-14:30 <td height="60" colspan="4" align="center" bgcolor="#909090" valign="middle">Lunch <td height="120" bgcolor="#7B8ABD" width="67" valign="middle">14:30-15:30 <td height="60" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200"> Defend Yourself: Integrating Real Time Defenses into Online Applications Michael Coates <td height="60" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Finding the Hotspots: Web-security testing with the Watcher tool Chris Weber <td height="120" rowspan="3" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200"> SDLC Panel <td height="120" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Social Zombies: Your Friends Want to Eat Your Brains Tom Eston/Kevin Johnson <td height="120" rowspan="2" bgcolor="#7B8ABD" width="67" valign="middle">15:30-16:30 <td height="120" rowspan="2" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">The ESAPI Web Application Firewall Arshan Dabirsiaghi <td height="60" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">One Click Ownage Ferruh Mavituna <td height="120" rowspan="2" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Cloudy with a chance of 0-day Jon Rose/Tom Leavey <td height="60" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Web Application Security Scanner Evaluation Criteria Brian Shura <td height="120" rowspan="2" bgcolor="#7B8ABD" width="67" valign="middle">16:30-17:30 <td height="120" rowspan="2" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">OWASP Live CD: An open environment for Web Application Security Matt Tesauro / Brad Causey <td height="60" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Learning by Breaking: A New Project Insecure Web Apps Chuck Willis <td height="120" rowspan="2" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">Vulnerability Management in an Application Security World Dan Cornell <td height="120" rowspan="2" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Attacking WCF Web Services Brian Holyfield <td height="60" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Synergy! - A world where the tools communicate Josh Abraham <td height="120" rowspan="2" bgcolor="#7B8ABD" width="67" valign="middle">17:30-18:30 <td height="120" rowspan="2" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">The Entrepreneur's Guide to Career Management Lee Kushner <td height="60" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Advanced SSL: The good, the bad, and the ugly Michael Coats <td height="120" rowspan="2" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">Threat Modeling John Steven <td height="120" rowspan="2" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies Rafal Los <td height="60" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">User input piercing for Cross Site Scripting Attacks Matias Blanco <td height="60" bgcolor="#7B8ABD" width="67" valign="middle">19:00-???? <td height="60" colspan="4" align="center" bgcolor="#c0c0c0" valign="middle">Reception

<td height="60" colspan="5"> <td height="60" colspan="5" align="center" style="background:#4058A0; color:white"> Day 2 - Nov 13th 2009 <td height="40" bgcolor="#7B8ABD" width="67" valign="middle"> <td height="40" align="center" bgcolor="#c0a0a0" valign="middle" width="200">Attack & Defend <td height="40" align="center" bgcolor="#FFDF80" valign="middle" width="200">Process <td height="40" align="center" bgcolor="#a0c0e0" valign="middle" width="200">Metrics <td height="40" align="center" bgcolor="#B3FF99" valign="middle" width="200">Compliance <td bgcolor="#7B8ABD" width="67" valign="middle">07:30-09:00 <td colspan="4" align="center" bgcolor="#909090" valign="middle">Registration <td bgcolor="#7B8ABD" width="67" valign="middle">09:00-10:00 <td height="60" colspan="4" align="center" bgcolor="#e0e0e0" valign="middle">Keynote: TBA <td bgcolor="#7B8ABD" width="67" valign="middle">10:30-10:30 <td height="30" colspan="4" align="center" bgcolor="#909090" valign="middle">Coffee Break & Room Change <td bgcolor="#7B8ABD" width="67" valign="middle">10:30-11:30 <td height="120" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">Securing the Core JEE Patterns Rohit Sethi/Krishna Raja <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">The Big Picture: Web Risks and Assessments Beyond Scanning Matt Fisher <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">The Web Hacking Incidents Database Ryan C. Barnett <td height="120" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Business Logic Automatons: Friend or Foe? Ofer Shezaf <td height="120" bgcolor="#7B8ABD" width="67" valign="middle">11:30-12:30 <td height="120" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">Unicode Transformations: Finding Elusive Vulnerabilities Chris Weber <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Scalable Application Assessments in the Enterprise Tom Parker/Lars Ewe <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">Application security metrics from the organization on down to the vulnerabilities Chris Wysopal <td height="120" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">SCAP: Automating our way out of the Vulnerability Wheel of Pain Ed Bellis <td height="120" bgcolor="#7B8ABD" width="67" valign="middle">12:30-13:30 <td height="120" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">Fox in the Henhouse: Java Rootkits Jeff Williams <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Secure Software Updates: Update Like Conficker Jeremy Allen <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">OWASP Top 10 2009 Dave Wichers <td height="120" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Secure SDLC: The Good, The Bad, and The Ugly Joey Peloquin <td height="60" bgcolor="#7B8ABD" width="67" valign="middle">13:30-14:30 <td height="60" colspan="4" align="center" bgcolor="#909090" valign="middle">Lunch <td height="120" bgcolor="#7B8ABD" width="67" valign="middle">14:30-15:30 <td height="120" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">TBA Robert Hansen <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Improving application security after an incident Cory Scott <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">Hacking by Numbers Tom Brennan <td height="120" rowspan="2" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Federal CIO Pannel <td height="120" bgcolor="#7B8ABD" width="67" valign="middle">15:30-16:30 <td height="120" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">Automated vs. Manual Security: You can't filter The Stupid David Byrne/Charles Henderson <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Custom Intrusion Detection Techniques for Monitoring Web Applications Matthew Olney <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">Building an in-house application security assessment team Keith Turpin <td height="120" bgcolor="#7B8ABD" width="67" valign="middle">16:30-17:30 <td height="120" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">Advanced SQL Injection Joe McCray <td height="120" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Is your organization secured against internal threats? Lars Ewe <td height="120" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">The OWASP Security Spending Benchmarks Project Dr. Boaz Gelbord <td height="120" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Promoting Application Security within Federal Government Sarbari Gupta <td height="120" rowspan="2" bgcolor="#7B8ABD" width="67" valign="middle">17:30-18:30 <td height="60" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">Clubbing WebApps with a Botnet Gunter Ollmann <td height="120" rowspan="2" align="center" bgcolor="#FFDF80" width="200" valign="middle" width="200">Deploying Secure Web Applications with OWASP Resources Kuai Hinojosa <td height="120" rowspan="2" align="center" bgcolor="#a0c0e0" width="200" valign="middle" width="200">SANS Dshield Webhoneypot Project Jason Lam <td height="120" rowspan="2" align="center" bgcolor="#B3FF99" width="200" valign="middle" width="200">Techniques in Attacking and Defending XML/Web Services Mamoon Yunus/Jason Macy <td height="60" align="center" bgcolor="#c0a0a0" width="200" valign="middle" width="200">Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers Kevin Johnson, Justin Searle, Frank DiMaggio <td height="60" bgcolor="#7B8ABD" width="67" valign="middle">18:30-19:00 <td height="60" colspan="4" align="center" bgcolor="#c0c0c0" valign="middle">Closing Remarks