Difference between revisions of "2010 BASC Speakers"

From OWASP
Jump to: navigation, search
Line 7: Line 7:
  
 
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.
 
Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a [http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html top innovators of IT] for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded [http://rugedsoftware.org RuggedSoftware.org] – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.
 +
 +
 +
=== Ming Chow (Tufts University, CS Department) ===
 +
'''HTML5  Security'''
 +
The power of HTML5 allows developers to create
 +
web applications not just structured content, but its new features has increased the attack surface.  It has been demonstrated that the HTML5 offline application cache can be abused. The support for file-based client-side databases will open up the opportunity for SQL injection attack on client machines.
 +
 +
=== Andrew Gronosky ===
 +
'''A Crumple Zone for Service-Oriented Architectures'''
 +
We present a new architectural construct analogous to the crumple zone in an automobile.  It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design
 +
for Java RMI based services and compare it with  web application firewalls.
 +
 +
=== Joshua "Jabra" Abraham, Will Vandevanter (Rapid7) ===
 +
'''Hacking SAP BusinessObjects'''
 +
BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a  BusinessObjects server using vulnerabilities that we have found during our research.
 +
 +
=== Christien Rioux (SOURCE Conference) ===
 +
'''The Exploit Arms Race'''
 +
As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time
 +
Stack Checking, DEP and ASLR, from attacks like trampolining,
 +
return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.
 +
 +
=== Paul Schofield (Imperva) ===
 +
'''Business Logic Attacks – BATs and BLBs'''
 +
Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. . Concluding this session we will discuss  "virtual patching" using a web application firewall, rather than fixing the application code.
  
 
=== To Be Determined ===  
 
=== To Be Determined ===  
Line 13: Line 38:
 
{{2010 BASC:Section Template | Conference Organizers}}
 
{{2010 BASC:Section Template | Conference Organizers}}
 
* Conference Organizer
 
* Conference Organizer
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairman
+
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson
 
* Program Committee:  
 
* Program Committee:  
 
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]
 
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]
 
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]
 
** [mailto:zach.lanier@something.somewhere.com Zach Lanier]
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairman
+
** [mailto:jim.weiler@owasp.org Jim Weiler], Chairperson
 
* Sponsorship Committee:  
 
* Sponsorship Committee:  
** [mailto:mark.arnold@something.somewhere.com Mark Arnold], Chairman
+
** [mailto:mark.arnold@something.somewhere.com Mark Arnold]
 
* Website Editor  
 
* Website Editor  
 
** [mailto:neil.smithline@owasp.org Neil Smithline]
 
** [mailto:neil.smithline@owasp.org Neil Smithline]
  
 
{{2010_BASC:Footer_Template | Speakers}}
 
{{2010_BASC:Footer_Template | Speakers}}

Revision as of 11:58, 15 November 2010

Platinum Sponsors (Listed Alphabetically)
  CORE Security Rapid7  
SafeLight Security
  Security Innovation SOURCE  


We kindly thank our sponsors for their support. Please help us keep future BASCs free by viewing and visiting all of our sponsors.

Contents

Speakers

We would like to thank our speakers for donating their time and effort to help make this conference successful and free.

Josh Corman

Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman’s research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics.

Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a top innovators of IT for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded RuggedSoftware.org – a value based initiative to raise awareness and usher in an era of secure digital infrastructure.


Ming Chow (Tufts University, CS Department)

HTML5 Security The power of HTML5 allows developers to create web applications not just structured content, but its new features has increased the attack surface. It has been demonstrated that the HTML5 offline application cache can be abused. The support for file-based client-side databases will open up the opportunity for SQL injection attack on client machines.

Andrew Gronosky

A Crumple Zone for Service-Oriented Architectures We present a new architectural construct analogous to the crumple zone in an automobile. It consists of a layer of intelligent service proxies that work together to provide both signature-based and non-signature based defenses. We present our initial design for Java RMI based services and compare it with web application firewalls.

Joshua "Jabra" Abraham, Will Vandevanter (Rapid7)

Hacking SAP BusinessObjects BusinessObjects is a very widely deployed business intelligence tool. In this presentation we will present the entire lifecycle of attacking a BusinessObjects server using vulnerabilities that we have found during our research.

Christien Rioux (SOURCE Conference)

The Exploit Arms Race As defenses have become more sophisticated, so have the attacks required to circumvent them. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time Stack Checking, DEP and ASLR, from attacks like trampolining, return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for attacking and defending software.

Paul Schofield (Imperva)

Business Logic Attacks – BATs and BLBs Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. . Concluding this session we will discuss "virtual patching" using a web application firewall, rather than fixing the application code.

To Be Determined

Lots of interesting facts about this really good speaker. By the time you are done reading this you will be OOO-ing and AHH-ing without control. You'll be so impressed that you will flip head-over-heel.

Conference Organizers



We kindly thank our sponsors for their support.
Please help us keep future BASCs free by viewing and visiting all of our sponsors.

Gold Sponsors
Auric Systems International Fortify Palo Alto Networks WhiteHat Security

You can find out more about this conference at the BASC homepage: http://www.owasp.org/index.php/2010_BASC_Homepage.
Conference Organizer: Jim Weiler