This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec Europe 2009 - Poland ag

Jump to: navigation, search
Day 1 - May 13, 2009
Track 1: Alfa 1 Track 2: Alfa 2 Track 3: Room 3
08:00-08:50 Registration and Coffee
08:50-09:00 Welcome to OWASP AppSec 2009 Conference

Sebastien Deleersnyder, OWASP Foundation

09:00-10:00 Keynote

Ross Anderson, Professor in Security Engineering, University of Cambridge

10:00-10:45 OWASP State of the Union

Dinis Cruz & Sebastien Deleersnyder, OWASP Foundation

10:45-11:05 Break - Expo CTF Kick-Off


11:05-11:50 OWASP Live CD: An open environment for Web Application Security

Matt Tesauro, Texas Education Agency

Advanced SQL injection exploitation to operating system full control

Bernardo Damele Assumpcao Guimaraes, lead developer of sqlmap

Mirage: building an application model made easy (OWASP Orizon v 1.2)

Paolo Perego, Spike Reply

11:55-12:40 OWASP Application Security Verification Standard (ASVS) Project

Dave Wichers, Aspect Security

Tracking the effectiveness of an SDL program: lessons from the gym

Cassio Goldschmidt, Symantec Corporation

I thought you were my friend Evil Markup, browser issues and other obscurities

Mario Heiderich, Business-IN

12:40-14:00 Lunch - Expo - CTF
14:00-14:45 Threat Modeling

John Steven, Cigital

Web Application Harvesting

Esteban Ribičić, tbd

Maturing Beyond Application Security Puberty

Roger Thornton, Fortify

14:50-15:35 Exploiting Web 2.0 – Next Generation Vulnerabilities

Shreeraj Shah, Blueinfy

xx When Security Isn’t Free: The Myth of Open Source Security

Rob Rachwald, Fortify

15:35-15:55 Break - Expo - CTF
15:55-16:40 The Software Assurance Maturity Model (SAMM)

Pravir Chandra, Cognosticus

O2 - Advanced Source Code Analysis Toolkit

Dinis Cruz, Ounce Labs

The Truth about Web Application Firewalls: What the vendors do not want you to know

Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity

16:45-17:45 Panel: tbd

tbd Moderator: tbd - Panelists: tbd

Day 2 - May 14, 2009
Track 1: Alfa 1 Track 2: Alfa 2 Track 3: Room 3
08:00-09:00 Registration and Coffee
09:00-09:00 Fixing Internet Security by Hacking the Business Climate

Bruce Schneier, Chief Security Technology Officer, BT

10:00-10:45 OWASP Projects

Dave Wichers, OWASP Foundation

10:45-11:05 Break - Expo - CTF
11:05-11:50 OWASP "Google Hacking" Project

Christian Heinrich, OWASP "Google Hacking" Project Lead

Deploying Secure Web Applications with OWASP Resources

Kuai Hinojosa, New York University

Beyond security principles approximation in software architectures

Bart De Win, Ascure

11:55-12:40 OWASP Enterprise Security API (ESAPI) Project

Dave Wichers, Aspect Security

w3af, A framework to 0wn the web

Andrés Riancho, Bonsai Information Security

Brain's hardwiring and its impact on software development and secure software

Alexandru Bolboaca & Maria Diaconu, Mosaic Works

12:40-14:00 Lunch - Expo - CTF
14:00-14:45 OWASP ROI: Optimize Security Spending using OWASP

Matt Tesauro, Texas Education Agency

CSRF: the nightmare becomes reality?

Lieven Desmet, University Leuven

The Bank in the Browser - Defending web infrastructures from banking malware

Giorgio Fedon, Minded Security

14:50-15:35 HTTP Parameter Pollution

Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity

OWASP Source Code Flaws Top 10 Project

Paolo Perego, Spike Reply

Business Logic Attacks: Bots and Bats

Eldad Chai, Imperva

15:35-15:55 Break - Expo - CTF
15:55-16:40 Factoring malware and organized crime in to Web application security

Gunter Ollmann, Damballa

Real Time Defenses against Application Worms and Malicious Attackers, Michael Coates, Aspect Security Can an accessible web application be secure? Assessment issues for security testers, developers and auditors

Colin Watson, Watson Hall Ltd

16:45-17:45 Panel discussion

Moderator: tbd, Panelists: tbd

17:45-18:00 Conference Wrap-Up & CTF Awards

Dave Wichers, OWASP Foundation