Difference between revisions of "AppSec US 2010, CA"

From OWASP
Jump to: navigation, search
(Gold Sponsors)
(removed an extra CR from doc.)
Line 5: Line 5:
 
= Welcome to AppSec USA 2010  =
 
= Welcome to AppSec USA 2010  =
  
{| width="100%" border="0" align="center" class="FCK__ShowTableBorders"
+
{| class="FCK__ShowTableBorders" border="0" width="100%" align="center"
 
|-
 
|-
| align="left" colspan="4" style="background: none repeat scroll 0% 0% rgb(238, 235, 226); color: black;" |  
+
| style="background: rgb(238,235,226); color: black" colspan="4" align="left" |  
 
For complete information, please visit [http://www.appsecusa.org AppSec US 2010 Website] <br>Training and Presentation Schedules Available Now!  
 
For complete information, please visit [http://www.appsecusa.org AppSec US 2010 Website] <br>Training and Presentation Schedules Available Now!  
  
 
Training Days<br>Sept 7-8: [http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=Training_September_7th_.26_8th Schedule of Classes]  
 
Training Days<br>Sept 7-8: [http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=Training_September_7th_.26_8th Schedule of Classes]  
  
Presentation Schedule<br>Sept 9th: [http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=September_9th Schedule of Talks]<br>Sept 10th:&nbsp;[http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=September_10th Schedule of Talks]  
+
Presentation Schedule<br>Sept 9th: [http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=September_9th Schedule of Talks]<br>Sept 10th:&nbsp;[http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=September_10th Schedule of Talks]
  
 
|}
 
|}
  
{| class="FCK__ShowTableBorders" style="width: 100%;"
+
{| style="width: 100%" class="FCK__ShowTableBorders"
 
|-
 
|-
| style="width: 100%; color: rgb(0, 0, 0);" |  
+
| style="width: 100%; color: rgb(0,0,0)" |  
{| class="FCK__ShowTableBorders" style="width: 100%; background: none repeat scroll 0% 0% transparent; -moz-background-inline-policy: continuous;"
+
{| style="width: 100%; background: none transparent scroll repeat 0% 0%; -moz-background-inline-policy: continuous" class="FCK__ShowTableBorders"
 
|-
 
|-
| style="width: 95%; color: rgb(0, 0, 0);" |  
+
| style="width: 95%; color: rgb(0,0,0)" |  
 
'''Latest Updates:'''  
 
'''Latest Updates:'''  
  
 
Dr. Chenxi Wang of Forrester Research added as keynote speaker for September 9.  
 
Dr. Chenxi Wang of Forrester Research added as keynote speaker for September 9.  
  
@chenxiwang tweets at http://twitter.com/chenxiwang.  
+
@chenxiwang tweets at http://twitter.com/chenxiwang.'''<br>'''
 
+
'''<br>'''  
+
  
 
|}
 
|}
  
<!-- Twitter Box -->  
+
<!-- Twitter Box -->
  
| style="border: 0px solid rgb(204, 204, 204); width: 100%; color: rgb(0, 0, 0); font-size: 95%;" | <!-- DON'T REMOVE ME, I'M STRUCTURAL  
+
| style="border-bottom: rgb(204,204,204) 0px solid; border-left: rgb(204,204,204) 0px solid; width: 100%; color: rgb(0,0,0); font-size: 95%; border-top: rgb(204,204,204) 0px solid; border-right: rgb(204,204,204) 0px solid" | <!-- DON'T REMOVE ME, I'M STRUCTURAL  
  
 
{|
 
{|
Line 42: Line 40:
 
Use the '''[http://twitter.com/appsec2010 #AppSec2010]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)  
 
Use the '''[http://twitter.com/appsec2010 #AppSec2010]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)  
  
'''@AppSec2010 Twitter Feed ([http://twitter.com/appsec2010 follow us on Twitter!])''' <twitter>appec2010</twitter>-->  
+
'''@AppSec2010 Twitter Feed ([http://twitter.com/appsec2010 follow us on Twitter!])''' <twitter>appec2010</twitter>-->
| style="width: 110px; color: rgb(0, 0, 0); font-size: 95%;" |  
+
| style="width: 110px; color: rgb(0,0,0); font-size: 95%" |  
 
|}
 
|}
  
<!-- End Banner -->  
+
<!-- End Banner -->
  
 
==== Training September 7th &amp; 8th  ====
 
==== Training September 7th &amp; 8th  ====
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"
 
|-
 
|-
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T1. Web Security Testing - 2-Days - $1350
+
! style="background: rgb(64,88,160); color: white" align="center" | T1. Web Security Testing - 2-Days - $1350
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | This course is a deep dive into the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to common web application vulnerabilities, testing techniques and tools by a professional security tester.  
+
| style="background: rgb(242,242,242)" | This course is a deep dive into the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to common web application vulnerabilities, testing techniques and tools by a professional security tester.  
The course includes a guided penetration test in which the students will execute security test with the help of the instructor.  
+
The course includes a guided penetration test in which the students will execute security test with the help of the instructor.
  
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Joe Basirico, Security Innovation
+
| style="background: rgb(242,242,242)" | Instructor: Joe Basirico, Security Innovation
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Web Security Testing Class]]
+
| style="background: rgb(242,242,242)" | [[Learn More About the Web Security Testing Class]]
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.appsecusa.org/register-now.html Click here to register]
+
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]
 
|}
 
|}
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"
 
|-
 
|-
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350
+
! style="background: rgb(64,88,160); color: white" align="center" | T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | This two-day class will cover common Web 2.0 and AJAX security threats, vulnerabilities, and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities.  
+
| style="background: rgb(242,242,242)" | This two-day class will cover common Web 2.0 and AJAX security threats, vulnerabilities, and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities.  
Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them.  
+
Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them.
  
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Dave Wichers: [[Image:Aspect_logo.gif|link=http://www.aspectsecurity.com]]
+
| style="background: rgb(242,242,242)" | Instructor: Dave Wichers: [[Image:Aspect logo.gif]]
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More about the Building Secure Ajax and Web 2.0 Applications Class]]
+
| style="background: rgb(242,242,242)" | [[Learn More about the Building Secure Ajax and Web 2.0 Applications Class]]
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.appsecusa.org/register-now.html Click here to register]
+
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]
 
|-
 
|-
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350
+
! style="background: rgb(64,88,160); color: white" align="center" | T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |  
+
| style="background: rgb(242,242,242)" |  
 
This course will focus on using open source tools to perform web application assessments.&nbsp; The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-­‐WTF).&nbsp;  
 
This course will focus on using open source tools to perform web application assessments.&nbsp; The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-­‐WTF).&nbsp;  
  
Day one will take students through the steps and open source tools used to assess application for vulnerabilities.<br>  
+
Day one will take students through the steps and open source tools used to assess application for vulnerabilities.<br>
  
Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks.&nbsp; The latest tools and techniques will be used throughout the course, including several tools developed by the trainers themselves  
+
Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks.&nbsp; The latest tools and techniques will be used throughout the course, including several tools developed by the trainers themselves
  
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |  
+
| style="background: rgb(242,242,242)" |  
Instructor: Jason Searle: InGuardians [[Image:InGuardians.png|36x39px]]  
+
Instructor: Jason Searle: InGuardians [[Image:InGuardians.png|36x39px]]
  
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.appsecusa.org/register-now.html Click here to register]
+
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]
 
|-
 
|-
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T4. Application Security Leadership Essentials - 2-Days - $1350
+
! style="background: rgb(64,88,160); color: white" align="center" | T4. Application Security Leadership Essentials - 2-Days - $1350
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.
+
| style="background: rgb(242,242,242)" | In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Jeff Williams: [[Image:Aspect_logo.gif|link=http://www.aspectsecurity.com]]
+
| style="background: rgb(242,242,242)" | Instructor: Jeff Williams: [[Image:Aspect logo.gif]]
 
+
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More about the Application Security Leadership Essentials Class]]
+
| style="background: rgb(242,242,242)" | [[Learn More about the Application Security Leadership Essentials Class]]
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.appsecusa.org/register-now.html Click here to register]
+
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]
 
|-
 
|-
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675
+
! style="background: rgb(64,88,160); color: white" align="center" | T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | This class teaches attendees how to fix security vulnerabilities in existing software. It provides a mix of discussion of project concerns for planning and managing remediation efforts with hands-on coding examples fixing specific vulnerabilities. Attendees will learn how to risk-rank vulnerabilities, estimate remediation tasks, perform coding fixes for vulnerabilities and demonstrate the effectiveness of fixes applied. The focus is on the practical: how to use limited resources to make significant improvements to the security of target applications. Code examples use the OWASP ESAPI Java and Microsoft Web Protection Library. Many classes teach developers how to build secure code from the ground up or teach security analysts how to test applications for security vulnerabilities. This class teaches developers and security analysts how to deal with their existing portfolio of insecure applications.  
+
| style="background: rgb(242,242,242)" | This class teaches attendees how to fix security vulnerabilities in existing software. It provides a mix of discussion of project concerns for planning and managing remediation efforts with hands-on coding examples fixing specific vulnerabilities. Attendees will learn how to risk-rank vulnerabilities, estimate remediation tasks, perform coding fixes for vulnerabilities and demonstrate the effectiveness of fixes applied. The focus is on the practical: how to use limited resources to make significant improvements to the security of target applications. Code examples use the OWASP ESAPI Java and Microsoft Web Protection Library. Many classes teach developers how to build secure code from the ground up or teach security analysts how to test applications for security vulnerabilities. This class teaches developers and security analysts how to deal with their existing portfolio of insecure applications.  
Instructor: Dan Cornell: [[Image:AppSecDC2009-Sponsor-denim.gif]]  
+
Instructor: Dan Cornell: [[Image:AppSecDC2009-Sponsor-denim.gif]]
  
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.appsecusa.org/register-now.html Click here to register]
+
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]
 
|}
 
|}
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"
 
|-
 
|-
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T6. Live CD 1-Day - Sept 8th- $675
+
! style="background: rgb(64,88,160); color: white" align="center" | T6. Live CD 1-Day - Sept 8th- $675
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | This class will will cover the full range of tools and documentation that OWASP provides under free and open licenses. When the class is complete, students will be familiar with a wide range of tools and techniques to test web applications.
+
| style="background: rgb(242,242,242)" | This class will will cover the full range of tools and documentation that OWASP provides under free and open licenses. When the class is complete, students will be familiar with a wide range of tools and techniques to test web applications.  
 
+
The class will include a DVD of OWASP tools and documentation for testing web applications. Additionally, the DVD will include the OWASP Web Testing Environment. OWASP WTE is a collection of tools and documentation for testing web applications available both as a bootable Live CD and virtual machines. Attendees to this class will receive a customized version of OWASP WTE. It will be provided as a virtual machine which includes the tools, documentation and the applications tested during class. It is a self-contained environment to learn web application testing the students can take from class to further hone their testing skills.  
The class will include a DVD of OWASP tools and documentation for testing web applications. Additionally, the DVD will include the OWASP Web Testing Environment. OWASP WTE is a collection of tools and documentation for testing web applications available both as a bootable Live CD and virtual machines. Attendees to this class will receive a customized version of OWASP WTE. It will be provided as a virtual machine which includes the tools, documentation and the applications tested during class. It is a self-contained environment to learn web application testing the students can take from class to further hone their testing skills.
+
 
+
Students are encouraged to bring a laptop to class.  The virtualization software for OWASP WTE runs on Windows, OS X and Linux.  Students with a laptop can follow along with the in class demonstrations to get hands on testing experience
+
  
 +
Students are encouraged to bring a laptop to class. The virtualization software for OWASP WTE runs on Windows, OS X and Linux. Students with a laptop can follow along with the in class demonstrations to get hands on testing experience
  
Instructors: Matt Tesauro and Charles Henderson: [[Image:TrustwaveLogo.jpg]]  
+
<br>Instructors: Matt Tesauro and Charles Henderson: [[Image:TrustwaveLogo.jpg]]
  
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.appsecusa.org/register-now.html Click here to register]
+
| style="background: rgb(242,242,242)" | [http://www.appsecusa.org/register-now.html Click here to register]
 
|}
 
|}
  
<br>  
+
<br>
  
 
==== September 9th  ====
 
==== September 9th  ====
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"
 
|-
 
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - September 9th, 2010'''  
+
| style="background: rgb(64,88,160); color: white" colspan="4" align="center" | '''Conference Day 1 - September 9th, 2010'''  
<br>  
+
<br>
  
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>  
+
| style="width: 10%; background: rgb(123,138,189)" | <br>
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Crystal Cove Auditorium  
+
| style="width: 30%; background: rgb(188,133,122)" | Track 1 - Crystal Cove Auditorium  
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Pacific Ballroom  
+
| style="width: 30%; background: rgb(188,165,122)" | Track 2 - Pacific Ballroom  
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Doheny Beach
+
| style="width: 30%; background: rgb(153,255,153)" | Track 3 - Doheny Beach
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 07:30-08:30  
+
| style="width: 10%; background: rgb(123,138,189)" | 07:30-08:30  
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Breakfast + Coffee
+
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Registration and Breakfast + Coffee
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-08:45  
+
| style="width: 10%; background: rgb(123,138,189)" | 08:30-08:45  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium)
+
| style="width: 80%; background: rgb(242,242,242)" colspan="3" align="center" | Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:45-9:30  
+
| style="width: 10%; background: rgb(123,138,189)" | 08:45-9:30  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Jeff Williams (Crystal Cove Auditorium)
+
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Jeff Williams (Crystal Cove Auditorium)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 9:30-10:15  
+
| style="width: 10%; background: rgb(123,138,189)" | 9:30-10:15  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Chenxi Wang (Crystal Cove Auditorium)
+
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Chenxi Wang (Crystal Cove Auditorium)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15-10:35  
+
| style="width: 10%; background: rgb(123,138,189)" | 10:15-10:35  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF kick-off (Emerald Bay)
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF kick-off (Emerald Bay)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:35-11:20  
+
| style="width: 10%; background: rgb(123,138,189)" | 10:35-11:20  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | How I met your Girlfriend, ''Samy Kamkar''<br>  
+
| style="width: 30%; background: rgb(188,133,122)" align="left" | How I met your Girlfriend, ''Samy Kamkar''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Solving Real-World Problems with an Enterprise Security API (ESAPI), ''Chris Schmidt, ServiceMagic''<br>  
+
| style="width: 30%; background: rgb(188,165,122)" align="left" | Solving Real-World Problems with an Enterprise Security API (ESAPI), ''Chris Schmidt, ServiceMagic''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | TBD
+
| style="width: 30%; background: rgb(153,255,153)" align="left" | TBD
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:20-11:30  
+
| style="width: 10%; background: rgb(123,138,189)" | 11:20-11:30  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:15  
+
| style="width: 10%; background: rgb(123,138,189)" | 11:30-12:15  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | State of SSL on the Internet - 2010 Survey, Results and Conclusions, ''Ivan Ristic, Qualys''<br>  
+
| style="width: 30%; background: rgb(188,133,122)" align="left" | State of SSL on the Internet - 2010 Survey, Results and Conclusions, ''Ivan Ristic, Qualys''<br>
<br>  
+
<br>
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Into the Rabbit Hole: Execution Flow-based Web Application Testing, ''Rafal Los, Hewlett-Packard''<br>  
+
| style="width: 30%; background: rgb(188,165,122)" align="left" | Into the Rabbit Hole: Execution Flow-based Web Application Testing, ''Rafal Los, Hewlett-Packard''<br>
<br>  
+
<br>
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Threat Modeling Best Practices, ''Robert Zigweid, IOActive''<br>
+
| style="width: 30%; background: rgb(153,255,153)" align="left" | Threat Modeling Best Practices, ''Robert Zigweid, IOActive''<br>
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:15-13:15  
+
| style="width: 10%; background: rgb(123,138,189)" | 12:15-13:15  
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch - Expo - CTF
+
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Lunch - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:15  
+
| style="width: 10%; background: rgb(123,138,189)" | 13:30-14:15  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Bill Cheswick (Crystal Cove Auditorium)
+
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: Bill Cheswick (Crystal Cove Auditorium)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:15-14:25  
+
| style="width: 10%; background: rgb(123,138,189)" | 14:15-14:25  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:25-15:10  
+
| style="width: 10%; background: rgb(123,138,189)" | 14:25-15:10  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | P0w3d for Botnet CnC, ''Gunter Ollmann, Damballa''<br>  
+
| style="width: 30%; background: rgb(188,133,122)" align="left" | P0w3d for Botnet CnC, ''Gunter Ollmann, Damballa''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Cloud Computing, A Weapon of Mass Destruction?, ''David Bryan, Trustwave's SpiderLabs''<br>  
+
| style="width: 30%; background: rgb(188,165,122)" align="left" | Cloud Computing, A Weapon of Mass Destruction?, ''David Bryan, Trustwave's SpiderLabs''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Secure Coding Practices Quick Reference Guide, ''Keith Turpin, Boeing''
+
| style="width: 30%; background: rgb(153,255,153)" align="left" | The Secure Coding Practices Quick Reference Guide, ''Keith Turpin, Boeing''
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:30  
+
| style="width: 10%; background: rgb(123,138,189)" | 15:10-15:30  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break - Expo - CTF
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee Break - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:30-16:15  
+
| style="width: 10%; background: rgb(123,138,189)" | 15:30-16:15  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, ''Dan Cornell, Denim Group''<br>  
+
| style="width: 30%; background: rgb(188,133,122)" align="left" | Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, ''Dan Cornell, Denim Group''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Assessing, Testing and Validating Flash Content, ''Peleus Uhley, Adobe''<br>  
+
| style="width: 30%; background: rgb(188,165,122)" align="left" | Assessing, Testing and Validating Flash Content, ''Peleus Uhley, Adobe''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP State of the Union, ''Tom Brennan, OWASP''
+
| style="width: 30%; background: rgb(153,255,153)" align="left" | OWASP State of the Union, ''Tom Brennan, OWASP''
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:15-16:25  
+
| style="width: 10%; background: rgb(123,138,189)" | 16:15-16:25  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:25-17:10  
+
| style="width: 10%; background: rgb(123,138,189)" | 16:25-17:10  
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz
+
| style="width: 90%; background: rgb(242,242,242)" colspan="3" align="center" | Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz
 
|}
 
|}
  
 
==== September 10th  ====
 
==== September 10th  ====
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
{| style="width: 80%" class="FCK__ShowTableBorders" border="0" align="center"
 
|-
 
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 2 - September 10th, 2010'''  
+
| style="background: rgb(64,88,160); color: white" colspan="4" align="center" | '''Conference Day 2 - September 10th, 2010'''  
<br>  
+
<br>
  
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>  
+
| style="width: 10%; background: rgb(123,138,189)" | <br>
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Crystal Cove Auditorium  
+
| style="width: 30%; background: rgb(188,133,122)" | Track 1 - Crystal Cove Auditorium  
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Pacific Ballroom  
+
| style="width: 30%; background: rgb(188,165,122)" | Track 2 - Pacific Ballroom  
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Doheny Beach
+
| style="width: 30%; background: rgb(153,255,153)" | Track 3 - Doheny Beach
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:00-09:00  
+
| style="width: 10%; background: rgb(123,138,189)" | 08:00-09:00  
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee - Expo - CTF
+
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:15  
+
| style="width: 10%; background: rgb(123,138,189)" | 09:00-09:15  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Announcements (Crystal Cove Auditorium)
+
| style="width: 80%; background: rgb(242,242,242)" colspan="3" align="center" | Announcements (Crystal Cove Auditorium)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:15-10:00  
+
| style="width: 10%; background: rgb(123,138,189)" | 09:15-10:00  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: David Rice (Crystal Cove Auditorium)
+
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: David Rice (Crystal Cove Auditorium)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:10  
+
| style="width: 10%; background: rgb(123,138,189)" | 10:00-10:10  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF (Emerald Bay)
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF (Emerald Bay)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:55  
+
| style="width: 10%; background: rgb(123,138,189)" | 10:10-10:55  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Security Architecting Applications for the Cloud, ''Alex Stamos, iSEC Partners''<br>  
+
| style="width: 30%; background: rgb(188,133,122)" align="left" | Security Architecting Applications for the Cloud, ''Alex Stamos, iSEC Partners''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Unraveling Cross-Technology, Cross-Domain Trust Relations, ''Peleus Uhley, Adobe''<br>  
+
| style="width: 30%; background: rgb(188,165,122)" align="left" | Unraveling Cross-Technology, Cross-Domain Trust Relations, ''Peleus Uhley, Adobe''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Real Time Application Defenses - The Reality of AppSensor &amp; ESAPI, ''Michael Coates, Mozilla,''
+
| style="width: 30%; background: rgb(153,255,153)" align="left" | Real Time Application Defenses - The Reality of AppSensor &amp; ESAPI, ''Michael Coates, Mozilla,''
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:55-11:15  
+
| style="width: 10%; background: rgb(123,138,189)" | 10:55-11:15  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:15-12:00  
+
| style="width: 10%; background: rgb(123,138,189)" | 11:15-12:00  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, ''Joe Basirico, Security Innovation''<br>  
+
| style="width: 30%; background: rgb(188,133,122)" align="left" | Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, ''Joe Basirico, Security Innovation''<br>
<br>  
+
<br>
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Session Management Security tips and Tricks, ''Lars Ewe, Cenzic''<br>  
+
| style="width: 30%; background: rgb(188,165,122)" align="left" | Session Management Security tips and Tricks, ''Lars Ewe, Cenzic''<br>
<br>  
+
<br>
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, ''Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs''<br>
+
| style="width: 30%; background: rgb(153,255,153)" align="left" | The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, ''Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs''<br>
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:15  
+
| style="width: 10%; background: rgb(123,138,189)" | 12:00-13:15  
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch - Expo - CTF
+
| style="width: 80%; background: rgb(194,194,194)" colspan="3" align="left" | Lunch - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:15-14:00  
+
| style="width: 10%; background: rgb(123,138,189)" | 13:15-14:00  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: HD Moore (Crystal Cove Auditorium)
+
| style="width: 80%; background: rgb(252,252,150)" colspan="3" align="center" | Keynote: HD Moore (Crystal Cove Auditorium)
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:05-14:50  
+
| style="width: 10%; background: rgb(123,138,189)" | 14:05-14:50  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel Discussion: Vulnerability Lifecycle for Software Vendors, ''Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver''<br>  
+
| style="width: 30%; background: rgb(188,133,122)" align="left" | Panel Discussion: Vulnerability Lifecycle for Software Vendors, ''Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Agile + Security = FAIL, ''Adrian Lane''<br>  
+
| style="width: 30%; background: rgb(188,165,122)" align="left" | Agile + Security = FAIL, ''Adrian Lane''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, ''Aditya K. Sood, Armorize Technologies''
+
| style="width: 30%; background: rgb(153,255,153)" align="left" | Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, ''Aditya K. Sood, Armorize Technologies''
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:50-15:10  
+
| style="width: 10%; background: rgb(123,138,189)" | 14:50-15:10  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break - Expo - CTF
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Coffee Break - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:55  
+
| style="width: 10%; background: rgb(123,138,189)" | 15:10-15:55  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Escalating Privileges through Database Trusts, ''Scott Sutherland and Antti Rantasaari, NetSPI''<br>  
+
| style="width: 30%; background: rgb(188,133,122)" align="left" | Escalating Privileges through Database Trusts, ''Scott Sutherland and Antti Rantasaari, NetSPI''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Defining the Identiy Management Framework, ''Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy''<br>  
+
| style="width: 30%; background: rgb(188,165,122)" align="left" | Defining the Identiy Management Framework, ''Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy''<br>
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Breaking Web Browsers, ''Jeremiah Grossman, WhiteHat Security''
+
| style="width: 30%; background: rgb(153,255,153)" align="left" | Breaking Web Browsers, ''Jeremiah Grossman, WhiteHat Security''
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:55-16:05  
+
| style="width: 10%; background: rgb(123,138,189)" | 15:55-16:05  
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break - Expo - CTF
+
| style="width: 90%; background: rgb(194,194,194)" colspan="3" align="left" | Break - Expo - CTF
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:05-16:50  
+
| style="width: 10%; background: rgb(123,138,189)" | 16:05-16:50  
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes
+
| style="width: 90%; background: rgb(242,242,242)" colspan="3" align="center" | Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes
 
|}
 
|}
  
<br>  
+
<br>
  
 
==== Sponsors  ====
 
==== Sponsors  ====
Line 286: Line 281:
 
Slots are going fast so contact us to sponsor today!  
 
Slots are going fast so contact us to sponsor today!  
  
<br>  
+
<br>
  
<br>  
+
<br>
  
 
== Gold Sponsors  ==
 
== Gold Sponsors  ==
Line 296: Line 291:
 
== Silver Sponsors  ==
 
== Silver Sponsors  ==
  
[[Image:Fishnet Logo AppSec.jpg]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Acunetix logo 200.png]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Barracuda Color Logo.jpg]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br> [[Image:Cenziclogo.png]] &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; [[Image:Cigital-hor-color.JPG|120x68px]] &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Fujitsu-red-opt-b-150x56.gif|208x88px]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br> [[Image:Netspi logo.png]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Whitehat security logo.gif]] &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; [[Image:Imperva Logo.gif]]<br> [[Image:Aspect logo owasp.jpg]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [[Image:AppSecDC2009-Sponsor-aod.gif]]&nbsp;&nbsp; &nbsp; &nbsp;&nbsp; [[Image:Mavituna.jpg]] <br> [[Image:Sponsors-radware.jpg]]
+
[[Image:Fishnet Logo AppSec.jpg]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Acunetix logo 200.png]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Barracuda Color Logo.jpg]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>[[Image:Cenziclogo.png]] &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; [[Image:Cigital-hor-color.JPG|120x65px]] &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Fujitsu-red-opt-b-150x56.gif|150x56px]]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>[[Image:Netspi logo.png]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [[Image:Whitehat security logo.gif]] &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; [[Image:Imperva Logo.gif]]<br>[[Image:Aspect logo owasp.jpg]] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp;&nbsp;&nbsp;&nbsp; [[Image:AppSecDC2009-Sponsor-aod.gif]]&nbsp;&nbsp; &nbsp; &nbsp;&nbsp; [[Image:Mavituna.jpg]] <br>[[Image:Sponsors-radware.jpg]]  
  
 
== Organizational Sponsors  ==
 
== Organizational Sponsors  ==
Line 308: Line 303:
 
==== REGISTER NOW  ====
 
==== REGISTER NOW  ====
  
Click [http://www.appsecusa.org/register-now.html here]&nbsp; for registration information. <br>  
+
Click [http://www.appsecusa.org/register-now.html here]&nbsp; for registration information. <br>
  
 
[http://www.appsecusa.org/register-now.html http://www.appsecusa.org/register-now.html]  
 
[http://www.appsecusa.org/register-now.html http://www.appsecusa.org/register-now.html]  
  
<headertabs />  
+
<headertabs />
  
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_USA]]
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_USA]]

Revision as of 14:26, 23 August 2010



AppSec USA 2010 Banner

Welcome to AppSec USA 2010

For complete information, please visit AppSec US 2010 Website
Training and Presentation Schedules Available Now!

Training Days
Sept 7-8: Schedule of Classes

Presentation Schedule
Sept 9th: Schedule of Talks
Sept 10th: Schedule of Talks

Latest Updates:

Dr. Chenxi Wang of Forrester Research added as keynote speaker for September 9.

@chenxiwang tweets at http://twitter.com/chenxiwang.



Training September 7th & 8th

T1. Web Security Testing - 2-Days - $1350
This course is a deep dive into the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to common web application vulnerabilities, testing techniques and tools by a professional security tester.

The course includes a guided penetration test in which the students will execute security test with the help of the instructor.

Instructor: Joe Basirico, Security Innovation
Learn More About the Web Security Testing Class
Click here to register
T2. Building Secure Ajax and Web 2.0 Applications - 2-Days - $1350
This two-day class will cover common Web 2.0 and AJAX security threats, vulnerabilities, and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities.

Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course enables developers to securely utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and delivered in a very interactive manner. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them.

Instructor: Dave Wichers: Aspect logo.gif
Learn More about the Building Secure Ajax and Web 2.0 Applications Class
Click here to register
T3. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days - $1350

This course will focus on using open source tools to perform web application assessments.  The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-­‐WTF). 

Day one will take students through the steps and open source tools used to assess application for vulnerabilities.

Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks.  The latest tools and techniques will be used throughout the course, including several tools developed by the trainers themselves

Instructor: Jason Searle: InGuardians InGuardians.png

Click here to register
T4. Application Security Leadership Essentials - 2-Days - $1350
In this two-day management session you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root cause, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.
Instructor: Jeff Williams: Aspect logo.gif
Learn More about the Application Security Leadership Essentials Class
Click here to register
T5. Software Security Remediation: How to Fix Application Vulnerabilities 1-Day - Sept 7th- $675
This class teaches attendees how to fix security vulnerabilities in existing software. It provides a mix of discussion of project concerns for planning and managing remediation efforts with hands-on coding examples fixing specific vulnerabilities. Attendees will learn how to risk-rank vulnerabilities, estimate remediation tasks, perform coding fixes for vulnerabilities and demonstrate the effectiveness of fixes applied. The focus is on the practical: how to use limited resources to make significant improvements to the security of target applications. Code examples use the OWASP ESAPI Java and Microsoft Web Protection Library. Many classes teach developers how to build secure code from the ground up or teach security analysts how to test applications for security vulnerabilities. This class teaches developers and security analysts how to deal with their existing portfolio of insecure applications.

Instructor: Dan Cornell: AppSecDC2009-Sponsor-denim.gif

Click here to register
T6. Live CD 1-Day - Sept 8th- $675
This class will will cover the full range of tools and documentation that OWASP provides under free and open licenses. When the class is complete, students will be familiar with a wide range of tools and techniques to test web applications.

The class will include a DVD of OWASP tools and documentation for testing web applications. Additionally, the DVD will include the OWASP Web Testing Environment. OWASP WTE is a collection of tools and documentation for testing web applications available both as a bootable Live CD and virtual machines. Attendees to this class will receive a customized version of OWASP WTE. It will be provided as a virtual machine which includes the tools, documentation and the applications tested during class. It is a self-contained environment to learn web application testing the students can take from class to further hone their testing skills.

Students are encouraged to bring a laptop to class. The virtualization software for OWASP WTE runs on Windows, OS X and Linux. Students with a laptop can follow along with the in class demonstrations to get hands on testing experience


Instructors: Matt Tesauro and Charles Henderson: File:TrustwaveLogo.jpg

Click here to register


September 9th

Conference Day 1 - September 9th, 2010



Track 1 - Crystal Cove Auditorium Track 2 - Pacific Ballroom Track 3 - Doheny Beach
07:30-08:30 Registration and Breakfast + Coffee
08:30-08:45 Welcome to OWASP AppSec US, 2010 (Crystal Cove Auditorium)
08:45-9:30 Keynote: Jeff Williams (Crystal Cove Auditorium)
9:30-10:15 Keynote: Chenxi Wang (Crystal Cove Auditorium)
10:15-10:35 Break - Expo - CTF kick-off (Emerald Bay)
10:35-11:20 How I met your Girlfriend, Samy Kamkar
Solving Real-World Problems with an Enterprise Security API (ESAPI), Chris Schmidt, ServiceMagic
TBD
11:20-11:30 Break - Expo - CTF
11:30-12:15 State of SSL on the Internet - 2010 Survey, Results and Conclusions, Ivan Ristic, Qualys


Into the Rabbit Hole: Execution Flow-based Web Application Testing, Rafal Los, Hewlett-Packard


Threat Modeling Best Practices, Robert Zigweid, IOActive
12:15-13:15 Lunch - Expo - CTF
13:30-14:15 Keynote: Bill Cheswick (Crystal Cove Auditorium)
14:15-14:25 Break - Expo - CTF
14:25-15:10 P0w3d for Botnet CnC, Gunter Ollmann, Damballa
Cloud Computing, A Weapon of Mass Destruction?, David Bryan, Trustwave's SpiderLabs
The Secure Coding Practices Quick Reference Guide, Keith Turpin, Boeing
15:10-15:30 Coffee Break - Expo - CTF
15:30-16:15 Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications, Dan Cornell, Denim Group
Assessing, Testing and Validating Flash Content, Peleus Uhley, Adobe
OWASP State of the Union, Tom Brennan, OWASP
16:15-16:25 Break - Expo - CTF
16:25-17:10 Panel Discussion: Security Trends: Jeremiah Grossman, Robert Hansen, TBD...Moderator: Stuart Schwartz

September 10th

Conference Day 2 - September 10th, 2010



Track 1 - Crystal Cove Auditorium Track 2 - Pacific Ballroom Track 3 - Doheny Beach
08:00-09:00 Coffee - Expo - CTF
09:00-09:15 Announcements (Crystal Cove Auditorium)
09:15-10:00 Keynote: David Rice (Crystal Cove Auditorium)
10:00-10:10 Break - Expo - CTF (Emerald Bay)
10:10-10:55 Security Architecting Applications for the Cloud, Alex Stamos, iSEC Partners
Unraveling Cross-Technology, Cross-Domain Trust Relations, Peleus Uhley, Adobe
Real Time Application Defenses - The Reality of AppSensor & ESAPI, Michael Coates, Mozilla,
10:55-11:15 Break - Expo - CTF
11:15-12:00 Reducing Web application Vulnerabilities: Moving from a Test-Dependent to Design-Driven development, Joe Basirico, Security Innovation


Session Management Security tips and Tricks, Lars Ewe, Cenzic


The Dark Side of Twitter: Measuring and Analyzing Malicious Activity on Twitter, Paul Judge, David Maynor, and Daniel Peck, Barracuda Labs
12:00-13:15 Lunch - Expo - CTF
13:15-14:00 Keynote: HD Moore (Crystal Cove Auditorium)
14:05-14:50 Panel Discussion: Vulnerability Lifecycle for Software Vendors, Kelly FitzGerald (Symantec), (US CERT), (Cigital), (Tipping Point) Moderator: Edward Bonver
Agile + Security = FAIL, Adrian Lane
Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities, Aditya K. Sood, Armorize Technologies
14:50-15:10 Coffee Break - Expo - CTF
15:10-15:55 Escalating Privileges through Database Trusts, Scott Sutherland and Antti Rantasaari, NetSPI
Defining the Identiy Management Framework, Richard Tychansky, Jim Molini, Hord Tipton, and Mike Kilroy
Breaking Web Browsers, Jeremiah Grossman, WhiteHat Security
15:55-16:05 Break - Expo - CTF
16:05-16:50 Conference Wrap Up: AppSec US 2011 Location Announcement, CTF Results, Prizes


Sponsors

We are currently soliciting sponsors for the AppSec US 2010 Conference. Please refer to our List of Sponsorship Opportunities (or PDF).

Please contact Kate Hartmann for more information.

Slots are going fast so contact us to sponsor today!



Gold Sponsors

Ibmneg blurgb.jpg Fortify logo AppSec Research 2010.png    File:TrustwaveLogo.jpg

Silver Sponsors

Fishnet Logo AppSec.jpg           Acunetix logo 200.png               Barracuda Color Logo.jpg      
Cenziclogo.png                 Cigital-hor-color.JPG                     Fujitsu-red-opt-b-150x56.gif     
Netspi logo.png             Whitehat security logo.gif          Imperva Logo.gif
Aspect logo owasp.jpg                   AppSecDC2009-Sponsor-aod.gif        Mavituna.jpg
Sponsors-radware.jpg

Organizational Sponsors

Eccouncil.jpg      ISSA-LA icon.jpg

Reception Sponsors

Coffee Sponsors

REGISTER NOW

Click here  for registration information.

http://www.appsecusa.org/register-now.html