Mrb Scratchpad

  Day 1 - Nov 12th 2009  OWASP Tools SDLC Web 2.0 07:30-08:50 Registration 09:00-09:50 Welcome and Opening Remarks 10:00-10:50 Keynote: Joe Jarzombek 11:00-11:50 OWASP ESAPI Jeff Williams Manipulating Web Application Interfaces, a new approach to input validation Felipe Moreno-Strauch <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">Development Issues Within AJAX Applications: How to Divert Threats Lars Ewe <td height="120" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">Understanding the Implications of Cloud Computing on Application Security Dennis Hurst <td height="120" bgcolor="#666699" width="67" valign="middle">12:00-13:00 <td height="120" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">Software Assurance Maturity Model (SAMM) Pravir Chandra <td height="120" align="center" bgcolor="#808000" width="200" valign="middle" width="200">The Case of Promiscuous Parameters and other Ongoing Capers in Web Security Jacob West <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence Darren Challey <td height="120" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">Transparent Proxy Abuse Robert Auger <td height="120" bgcolor="#666699" width="67" valign="middle">12:00-12:50 <td height="120" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">DISA's Application Security and Development STIG: How OWASP Can Help You Jason Li <td height="120" align="center" bgcolor="#808000" width="200" valign="middle" width="200">OWASP ModSecurity Core Rule Set Project Ryan C. Barnett <td height="120" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">The essential role of infosec in secure software development Kenneth R. van Wyk <td height="120" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">Fracturing Flex For Fun- An Alliterative Attackers Approach Jon Rose/Kevin Stadmeyer <td height="60" bgcolor="#666699" width="67" valign="middle">13:00-13:50 <td height="60" colspan="4" align="center" bgcolor="#c0c0c0" valign="middle">Lunch <td height="120" bgcolor="#666699" width="67" valign="middle">13:00-13:50 <td height="60" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200"> Defend Yourself: Integrating Real Time Defenses into Online Applications Michael Coates <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">Finding the Hotspots: Web-security testing with the Watcher tool Chris Weber <td height="120" rowspan="3" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">SDLC Pannel <td height="120" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">Social Zombies: Your Friends Want to Eat Your Brains Tom Eston/Kevin Johnson <td height="120" rowspan="2" bgcolor="#666699" width="67" valign="middle">14:00-14:50 <td height="120" rowspan="2" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">The ESAPI Web Application Firewall Arshan Dabirsiaghi <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">One Click Ownage Ferruh Mavituna <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">Cloudy with a chance of 0-day Jon Rose/Tom Leavey <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">Web Application Security Scanner Evaluation Criteria Brian Shura <td height="120" rowspan="2" bgcolor="#666699" width="67" valign="middle">15:00-15:50 <td height="120" rowspan="2" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">OWASP Live CD: An open environment for Web Application Security Matt Tesauro / Brad Causey <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">Learning by Breaking: A New Project Insecure Web Apps Chuck Willis <td height="120" rowspan="2" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">Vulnerability Management in an Application Security World Dan Cornell <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">Attacking WCF Web Services Brian Holyfield <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">Synergy! - A world where the tools communicate Josh Abraham <td height="120" rowspan="2" bgcolor="#666699" width="67" valign="middle">16:00-16:50 <td height="120" rowspan="2" align="center" bgcolor="#ff0000" width="200" valign="middle" width="200">The Entrepreneur's Guide to Career Management Lee Kushner <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">Advanced SSL: The good, the bad, and the ugly Michael Coats <td height="120" rowspan="2" align="center" bgcolor="#ccffcc" width="200" valign="middle" width="200">Threat Modeling John Steven <td height="120" rowspan="2" align="center" bgcolor="#ff6600" width="200" valign="middle" width="200">When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies Rafal Los <td height="60" align="center" bgcolor="#808000" width="200" valign="middle" width="200">User input piercing for Cross Site Scripting Attacks Matias Blanco <td height="60" bgcolor="#666699" width="67" valign="middle">18:00-???? <td height="60" colspan="4" align="center" bgcolor="#c0c0c0" valign="middle">Reception (TBD)