Difference between revisions of "7th OWASP AppSec Conference - San Jose 2007/Agenda"

From OWASP
Jump to: navigation, search
(OWASP & WASC AppSec 2007 Conference Schedule - Nov 14-15 (San Jose 2007))
Line 77: Line 77:
 
  | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch
 
  | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 13:45-14:30 || style="width:40%; background:#BC857A" align="left" | Website Vulnerability Statistics, Arian Evans (Director of Operations, WhiteHat Security)
+
  | style="width:10%; background:#7B8ABD" | 13:45-14:30 || style="width:40%; background:#BC857A" align="left" | The MySpace Worm, by its author: Samy Kamkar
  | style="width:40%; background:#BCA57A" align="left" | The MySpace Worm, by its author: Samy Kamkar
+
  | style="width:40%; background:#BCA57A" align="left" | .Net Web Services Hacking - Scan, Attacks and Defense, Sheeraj Shah, Blueinfy
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 14:30-15:20 || style="width:40%; background:#BC857A" align="left" | TBD
+
  | style="width:10%; background:#7B8ABD" | 14:30-15:20 || style="width:40%; background:#BC857A" align="left" | OWASP SpoC Project: Anti Samy - Picking a Fight with XSS, Arshan Dabirsiaghi, Application Security Engineer, Aspect Security
  | style="width:40%; background:#BCA57A" align="left" | OWASP SpoC Project: Anti Samy - Picking a Fight with XSS, Arshan Dabirsiaghi, Application Security Engineer, Aspect Security
+
  | style="width:40%; background:#BCA57A" align="left" | Website Vulnerability Statistics, Arian Evans (Director of Operations, WhiteHat Security)
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 15:20-15:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
 
  | style="width:10%; background:#7B8ABD" | 15:20-15:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 15:40-16:40 || style="width:40%; background:#F2F2F2" align="left" | Panel: Responsible "Website" Vulnerability Disclosure
+
  | style="width:10%; background:#7B8ABD" | 15:40-16:30 || style="width:40%; background:#BC857A" align="left" | The PKI Lie – Attacking Certificate-Based Authentication , Ofer Maor, CTO Hacktics
 +
| style="width:40%; background:#BCA57A" align="left" | TBD
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || style="width:40%; background:#F2F2F2" align="left" | Panel: Responsible "Website" Vulnerability Disclosure
 
Moderator: TBD
 
Moderator: TBD
  
Line 94: Line 97:
 
Panelists: Warren Axelrod – Chief Privacy Officer & Business Information Security Office for US Trust, Renato Delatorre – Director of Network Security & Risk Management for Verizon Wireless, and others TBD
 
Panelists: Warren Axelrod – Chief Privacy Officer & Business Information Security Office for US Trust, Renato Delatorre – Director of Network Security & Risk Management for Verizon Wireless, and others TBD
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 16:40-17:00 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Conference Wrap Up - Dave Wichers, OWASP Conferences Chair
+
  | style="width:10%; background:#7B8ABD" | 17:30-17:45 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Conference Wrap Up - Dave Wichers, OWASP Conferences Chair
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 19:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Microsoft Sponsored Cocktail Party: Drinks at Nearby Location (to be announced)
 
  | style="width:10%; background:#7B8ABD" | 19:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Microsoft Sponsored Cocktail Party: Drinks at Nearby Location (to be announced)
Line 108: Line 111:
 
  | style="width:10%; background:#7B8ABD" | 11:10-11:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
 
  | style="width:10%; background:#7B8ABD" | 11:10-11:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:80%; background:#BC857A" align="left" | .Net Web Services Hacking - Scan, Attacks and Defense, Sheeraj Shah, Blueinfy
+
  | style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:80%; background:#BC857A" align="left" | Web Services Security: Challenges and Techniques, Anoop Singhal, NIST
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch
 
  | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch
Line 114: Line 117:
 
  | style="width:10%; background:#7B8ABD" | 13:45-14:30 || style="width:80%; background:#BC857A" align="left" | Centralized, Dynamic Web Services Security and Policy Management, Richard Salz, IBM
 
  | style="width:10%; background:#7B8ABD" | 13:45-14:30 || style="width:80%; background:#BC857A" align="left" | Centralized, Dynamic Web Services Security and Policy Management, Richard Salz, IBM
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 14:30-15:10 || style="width:80%; background:#BC857A" align="left" | Web Services Security: Challenges and Techniques, Anoop Singhal, NIST
+
  | style="width:10%; background:#7B8ABD" | 14:30-15:10 || style="width:80%; background:#BC857A" align="left" | Covert CDATA Channels, XML Bombs, and Unexpected Attachments: Case Notes from a real-life XML Web Services Vulnerability Assessment, Mark O'Neill, CTO Vordel
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 15:10-15:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
 
  | style="width:10%; background:#7B8ABD" | 15:10-15:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break

Revision as of 11:03, 3 October 2007

The agenda for the conference is still under development and is subject to change.

The Web Services Security Track, which is the 3rd track on Day 1, is at the bottom of this page.

Breach Cocktail Party - Nov 13.

To close out the training event and the first day of the tech expo, Breach has kindly agreed to arrange a cocktail party on Tuesday evening. They sponsored a similar event at Black Hat for a joint OWASP / WASC get together and it was a roaring success with over 300 attendees. These have always been great events at previous conferences. Hope to see you there. More details will be posted when available.

OWASP & WASC AppSec 2007 Conference Schedule - Nov 14-15 (San Jose 2007)

Day 1 - Nov 14, 2007
Track 1: Track 2:
08:00-09:00 Registration and Coffee
09:00-09:10 Welcome to OWASP & WASC AppSec 2007 Conference: Dave Wichers, OWASP Conferences Chair and COO Aspect Security
09:10-10:00 Keynote: eBay Application Security Program – Dave Cullinane, CISO - eBay and Michael Barrett, CISO - PayPal
10:00-10:30 An Introduction to WASC and its projects – Jeremiah Grossman, CTO, WhiteHat Security
10:30-11:10 OWASP State of the Union, Dinis Cruz, Chief OWASP Evangelist
11:10-11:30 Break
11:30-12:30 For my next trick... hacking Web 2.0 – Petko D. Petkov (AKA PDP Architect), Senior Security Researcher Backdoors and other Developer Introduced 'Features', Chris Wysopal, CTO Veracode
12:30-13:45 Lunch
13:45-14:30 CSRF: Danger, Detection, and Defenses – Introducing two new OWASP CSRF Tools, Dave Wichers, COO Aspect Security and OWASP Conferences Chair WASC Distributed Open Proxy Honeypot Project, Ryan Barnett, WASC Open Proxy Honeypot Project Lead, Breach Security
14:30-15:10 Defeating Web 2.0 Attacks without Recoding Applications, Amichai Shulman, CTO, Imperva Dangers of Third Party Content, Tom Stripling, Senior Security Consultant - Security PS
15:10-15:30 Break
15:30-16:40 OWASP Projects Overview, Dinis Cruz, Chief OWASP Evangelist Web Browser (In)-Security - "Past, Present, and Future", Robert "RSnake" Hansen, CEO SecTheory
16:40-17:00 Break
17:00-18:00 Panel: “Building an Effective Application Security Assurance Program”

Moderator: Brian Bertacini, Sr. Manager, AppSec Consulting

Panelists: Jeff Williams - CEO Aspect Security, Andy Steingruebl - Principal Security Engineer PayPal, Gary Terrell, Adobe Systems, Scott Stender, iSEC Partners, Neil Daswani, Google

18:00-19:00 Chapter Leads Meeting - With Dinis Cruz
19:00-21:00 OWASP Social Gathering: Dinner and Drinks at Nearby Restaurant (TBD)
~01:00-??:?? OWASP Band ???
Day 2 - Nov 15, 2007
Track 1: Track 2:
08:00-09:00 Coffee
09:00-09:50 Keynote: DTCC Application Security Program, Jim Routh, CISO for the Depository Trust and Clearing Corporation (DTCC)
09:50-10:50 Using OWASP, Jeff Williams, OWASP Chair and CEO - Aspect Security
10:50-11:10 Break
11:10-11:50 Finding Vulnerabilities in Flash Applications, Stefano Di Paola, CTO Minded Security Start Rolling with Rails Security, Corey Benninger, Principal Consultant, Intrepidus Group, Inc.
11:50-12:30 OWASP Enterprise Security API (ESAPI) – Jeff Williams, CEO Aspect Security and OWASP Chair Securing Java Server Faces against the OWASP Top 10, David Chandler, Web Architect, Digital Insight
12:30-13:45 Lunch
13:45-14:30 The MySpace Worm, by its author: Samy Kamkar .Net Web Services Hacking - Scan, Attacks and Defense, Sheeraj Shah, Blueinfy
14:30-15:20 OWASP SpoC Project: Anti Samy - Picking a Fight with XSS, Arshan Dabirsiaghi, Application Security Engineer, Aspect Security Website Vulnerability Statistics, Arian Evans (Director of Operations, WhiteHat Security)
15:20-15:40 Break
15:40-16:30 The PKI Lie – Attacking Certificate-Based Authentication , Ofer Maor, CTO Hacktics TBD
16:30-17:30 Panel: Responsible "Website" Vulnerability Disclosure

Moderator: TBD

Panelists: TBD

Panel: Outsourcing: Financial Dream or Security Nightmare?

Moderator: Rohyt Belani, Managing Partner, Intrepidus Group

Panelists: Warren Axelrod – Chief Privacy Officer & Business Information Security Office for US Trust, Renato Delatorre – Director of Network Security & Risk Management for Verizon Wireless, and others TBD

17:30-17:45 Conference Wrap Up - Dave Wichers, OWASP Conferences Chair
19:00-21:00 Microsoft Sponsored Cocktail Party: Drinks at Nearby Location (to be announced)

Nov 14: Track 3: Web Services Security

Day 1 - Nov 14, 2007
Track 3: Web Services Security
11:10-11:30 Break
11:30-12:30 Web Services Security: Challenges and Techniques, Anoop Singhal, NIST
12:30-13:45 Lunch
13:45-14:30 Centralized, Dynamic Web Services Security and Policy Management, Richard Salz, IBM
14:30-15:10 Covert CDATA Channels, XML Bombs, and Unexpected Attachments: Case Notes from a real-life XML Web Services Vulnerability Assessment, Mark O'Neill, CTO Vordel
15:10-15:30 Break
15:30-16:40 Attacking XML Security, Brad Hill, Principal Security Consultant, iSEC Partners