OWASP NYC AppSec 2008 Conference

Introduction
This event was a great success, drawing together over 600 people from all around the world. Please see the agenda below for copies of the presentations and videos of all the talks!!

Conference Description: This vendor agnostic conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, NYC ISACA, NYC ISSA and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown. SEE BELOW FOR VIDEO AND SLIDES - CLICK HERE FOR PHOTOS Join the OWASP Linked'In Group

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th VIDEOS
''' So did you like the content? Lets us know.. Contact Us '''

CPE Credits
Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.

The CISM cpe policy (www.isaca.org/cismcpepolicy) states:

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"

Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC

Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows: Training Courses: September 22-23, 2008 •	16 CPE units for 2 days of training (Monday - Tuesday) •	8 CPE units for 1 day of training (Monday or Tuesday Only) Conferences: September 24-25, 2008 Earn 1 CPE per hour of conference attendance

OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008
All classes begin at 9AM and end at 5:30PM

{| style="width:80%" border="0" align="center" ! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350 |- | style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. Learn More Here

Instructor: Jason Rouse, Technical Manager, http://www.owasp.org/images/b/be/Cigital_OWASP.GIF''' |- {| style="width:80%" border="0" align="center" ! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350 |- | style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
 * 1) Java EE security overview,
 * 2) All coding examples and recommendations are specifically focused on Java and Java servers, and
 * 3) 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

Learn More Here

Instructor: Dave Wichers: http://www.owasp.org/images/d/d1/Aspect_logo.gif ''' |- ! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350 |- | style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here

Instructor: Gunnar Peterson''' https://www.owasp.org/images/b/bf/Arctec.jpg |- ! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350 |- | style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here

Instructor: Eric Sheridan: http://www.owasp.org/images/d/d1/Aspect_logo.gif''' |- ! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675 |- | style="background:#F2F2F2" | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here Instructor: John Pavone: http://www.owasp.org/images/d/d1/Aspect_logo.gif''' {| style="width:80%" border="0" align="center" ! align="center" style="background:#4058A0; color:white" | T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675 |- | style="background:#F2F2F2" | Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. Learn More Here Instructor: Arshan Dabirsiaghi: http://www.owasp.org/images/d/d1/Aspect_logo.gif'''

HOTELS / TRAVEL Park Central Hotel Hotels close to the venue

What is around APPSEC2008 - Area Attractions

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com

EVENT SPONSORSHIP The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.

This vendor agnostic conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, NYC ISACA, NYC ISSA and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown.

Diamond Sponsor - http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg Platinum Sponsor - https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif  - http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif -  https://www.owasp.org/images/4/47/Ibm.jpg Gold, Silver, Expo & Other Sponsors - http://www.owasp.org/images/4/45/Isc2logo.gif - http://www.owasp.org/images/7/7e/50px-F5_50px.jpg - http://www.owasp.org/images/d/d1/Aspect_logo.gif - https://www.owasp.org/images/a/ae/Qualys.gif - https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg - https://www.owasp.org/images/a/ac/Fortify.jpg - https://www.owasp.org/images/b/be/Cigital_OWASP.GIF - https://www.owasp.org/images/e/eb/Acuneti.gif - http://www.owasp.org/images/5/56/Denimgroup.jpg - https://www.owasp.org/images/6/6d/Accessit.JPG - https://www.owasp.org/images/4/4a/Fishnet_security.png - https://www.owasp.org/images/8/8b/Airtight.gif - https://www.owasp.org/images/d/dc/AOD_Logo.gif - https://www.owasp.org/images/0/0d/Security_university.jpg - https://www.owasp.org/images/9/9c/Breach_logo.gif - https://www.owasp.org/images/c/ce/Armorize_Logo.png -https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg - https://www.owasp.org/images/2/26/New_Symantec_Logo.jpg - https://www.owasp.org/images/4/47/Prev_Logo_with_Tag_Line.jpg - https://www.owasp.org/images/9/91/MicroTek.jpg - https://www.owasp.org/images/c/cf/Protiviti.jpg Sponsorship Opportunities