SnowFROC09 Planning Page

Who, What, Where, When, How Much?
The speakers below will be presenting at (Location TBD) on (Day TBD). This is a (Cost TBD) event - (coverage ammount/percentage) expenses will be covered by our sponsors. Registration will be at www.snowfroc.com as soon as the site has been built.

SnowFROC09 Proposed Schedule – March 5th 2009

 * PLEASE NOTE - this is for PLANNING purposes only - speaker times/dates/topics may change so please check back from time-to-time.

The purpose of this page is to provide a workspace for Denver/Boulder OWASP members to collaborate and plan the upcoming SnowFROC09 (Snow Front Range Web Application Security Summit. It is almost official, and we almost have the meeting space reservation to prove it! Date: March 5th, 2009 Location:  TBD - probably on the Auraria Campus in Downtown Denver again 900 Auraria Parkway Denver, CO 80204

Call For Papers
We will be seeking presentations AND logo ideas. A Call For Papers has been issued. The deadline for submissions is tbd, and speakers who are selected will be notified in good time. Please download the Call for Papers here (OBSOLETE)

Mission Statement
The purpose of the Front Range Web Application Security Summit is to provide a one-day workshop/conference during which individuals and organizations interested in Web Application Security can congregate to transfer knowledge, increase awareness of application layer security in the enterprise, and meet other like minded individuals.


 * Guiding Principles
 * No vendor soap boxes
 * Open, friendly environment
 * High quality content, professional delivery

Planner Contact Info
Project Manager: Niki Nicholls (niki at ambassadorservices D0T com)

Project Leads:

Overall planning and coordination: Kathy Thaxton kthaxton at businesspartnersolutions d0t c0m

Tech track lead: tbd (probably David Campbell (dcampbell at owasp dot org)

Management track lead: tbd

Project Planning Site (Basecamp login required)

Panel Discussion Topics
These are preliminary ideas; PLEASE FEEL FREE TO CONTRIBUTE by logging in to the wiki... It seems likely that only one or two will be able to get in-depth discussion; the remainder may be subject to a "Lightning round."


 * 1) Biggest problem incorporating security into the SDLC and how/if it was overcome
 * 2) Cost-justification strategies - how did you sell this?
 * 3) If there was one thing you'd do differently...
 * 4) The secret to motivating developers, testers, and QA'ers to adopt secure coding practices...
 * 5) Was a launch really postponed due to security concerns?  What's the rest of the story?
 * 6) What are the best resources or references for succeeding in this area?
 * 7) What do you look for when hiring someone or engaging a company to participate with your SDLC
 * 8) What's your favorite story about how your Security Ops or Management team REDUCED your overall security in the name of security?
 * 9) At what point should security be introduced into the SDLC?
 * 10) What are some of the ways the group has seen security tools used internally and externally?
 * 11) How much time is really needed for manual testing?
 * 12) How do I budget for security testing (manual or otherwise) on applications?

Alexandar D. Great "pwning the Alps - lessons learned"
Back to OWASP Denver

Back to OWASP Boulder