Difference between revisions of "Front Range OWASP Conference 2009"

From OWASP
Jump to: navigation, search
(Conference Location: added address and map link)
 
(41 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 +
__NOTOC__
 +
=Looking for this year's conference page?  Click [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2010 here] to go to the FROC2010 website.=
 +
 
[[Image:SnowFROCblue.jpg]]
 
[[Image:SnowFROCblue.jpg]]
 
<hr>
 
<hr>
 
Welcome to SnowFROC, the Winter 2009 Front Range OWASP Application Security Conference!
 
Welcome to SnowFROC, the Winter 2009 Front Range OWASP Application Security Conference!
 +
 +
Thanks to our witty speakers, volunteer organizers, enthusiastic attendees, and gracious sponsors, the event was packed and full of energy.  Thanks to those of you who completed the Survey.  Survey results are [http://www.owasp.org/images/c/ce/SnowFROC_Survey_Results.pdf here].
 +
 +
 +
<hr>
 +
<paypal>Front Range</paypal>
  
 
After a successful FROC in June of 2008, we are back in Denver, Colorado USA on 5 March 2009!  
 
After a successful FROC in June of 2008, we are back in Denver, Colorado USA on 5 March 2009!  
  
This year we again present a full day, multi-track conference.
+
'''This year we again present a full day, FREE multi-track conference, which will provide valuable information for managers and executives as well as developers and engineers.'''
  
 
In 2008, we attracted a packed venue with our great AppSec speakers, and we hope to achieve the same again in 2009.  This year we organized the conference to occur during the peak of the [http://www.google.com/search?q=colorado+skiing Colorado ski season], so that speakers can head up to the nearby mountains before and/or after the conference to enjoy some of the legendary snow.
 
In 2008, we attracted a packed venue with our great AppSec speakers, and we hope to achieve the same again in 2009.  This year we organized the conference to occur during the peak of the [http://www.google.com/search?q=colorado+skiing Colorado ski season], so that speakers can head up to the nearby mountains before and/or after the conference to enjoy some of the legendary snow.
 +
 +
<!-- [https://snowfroc.electricalchemy.net CLICK HERE TO REGISTER] -->
 +
  
 
==Conference Location==
 
==Conference Location==
 
[[Image:Denver_mountains.JPG]]
 
[[Image:Denver_mountains.JPG]]
  
This year, the conference will be held at the Tivoli Student Union in downtown Denver, CO.
+
This year, the conference will be held at the [http://maps.google.com/maps?hl=en&ie=UTF8&cid=0,0,17887458453474608109&fb=1&split=1&gl=us&dq=Tivoli+Student+Union+in+downtown+Denver,+CO&daddr=900+Auraria+Pkwy+%23+325E,+Denver,+CO+80204&geocode=2315206160437382962,39.746366,-105.007463&ei=jKOsSeKrM5O5twfLh4GDBg&z=16 Tivoli Student Union] in downtown 900 Auraria Pkwy # 325E
 +
Denver, CO 80204 (303) 556-6330
  
 
==Call for Presentations==
 
==Call for Presentations==
Line 20: Line 33:
  
  
==Agenda and Presentations: 5 March 2009==
+
==Agenda==
 +
Agenda and Presentations: 5 March 2009
  
 
The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing panel discussions back in the main auditorium.
 
The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing panel discussions back in the main auditorium.
Line 32: Line 46:
 
''David Campbell, OWASP Denver''
 
''David Campbell, OWASP Denver''
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 08:35-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: [[SnowFROC_Abstract_Grossman|"The Top Ten Hacks of 2008: What's possible, not probable"]]
+
  | style="width:10%; background:#7B8ABD" | 08:35-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: [[SnowFROC_Abstract_Grossman|"Top Ten Web Hacking Techniques of 2008: What's possible, not probable"]]
''Jeremiah Grossman, CTO: Whitehat Security''
+
''Jeremiah Grossman, Whitehat Security''
 +
 
 +
[http://video.google.com/videoplay?docid=2875886330538461390 Video]
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 09:45-10:15 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP State of the Union
 
  | style="width:10%; background:#7B8ABD" | 09:45-10:15 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP State of the Union
Line 44: Line 60:
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 10:30-11:15 || style="width:40%; background:#BC857A" align="left" | "[[sfroc_bellis_abstract|Doing More with Less: Automate or Die]]"
 
  | style="width:10%; background:#7B8ABD" | 10:30-11:15 || style="width:40%; background:#BC857A" align="left" | "[[sfroc_bellis_abstract|Doing More with Less: Automate or Die]]"
''Ed Bellis, CISO: Orbitz''
+
''Ed Bellis, Orbitz''
 +
 
 +
[http://video.google.com/videoplay?docid=-8396241750899139680 Video]
 
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Abstract_Zusman|"Poor Man's Guide to Breaking PKI: Why You Don't Need 200 Playstations"]]
 
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Abstract_Zusman|"Poor Man's Guide to Breaking PKI: Why You Don't Need 200 Playstations"]]
 
''Mike Zusman, Intrepidus Group''
 
''Mike Zusman, Intrepidus Group''
 +
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 11:15-12:00 || style="width:40%; background:#BC857A" align="left" | "Fixing FISMA: the CAG, AppSec and the SANS Top 25"
+
  | style="width:10%; background:#7B8ABD" | 11:15-12:00 || style="width:40%; background:#BC857A" align="left" | [[SnowFROC_Abstract_Paller|"A Legal Minimum Standard of Due Care: The CAG and the Top 25 Most Dangerous Programming Errors"]]
 
''Alan Paller, SANS''
 
''Alan Paller, SANS''
  | style="width:40%; background:#BCA57A" align="left" | "Adobe Flex, AMF 3 and BlazeDS: An Assessment" (Tool Release!)
+
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Abstract_Stads|"Adobe Flex, AMF 3 and BlazeDS: An Assessment"]]
 
''Kevin Stadmeyer, Trustwave''
 
''Kevin Stadmeyer, Trustwave''
 +
 +
[http://video.google.com/videoplay?docid=1629208419122953007 Video]
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF - Beatz by [http://www.dj-jackalope.com/ DJ Jackalope]
 
  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF - Beatz by [http://www.dj-jackalope.com/ DJ Jackalope]
Line 60: Line 81:
 
  | style="width:10%; background:#7B8ABD" | 13:00-13:50 || style="width:40%; background:#BC857A" align="left" | [[SnowFROC_Abstract_Peloquin|"Building an Effective Application Security Program"]]
 
  | style="width:10%; background:#7B8ABD" | 13:00-13:50 || style="width:40%; background:#BC857A" align="left" | [[SnowFROC_Abstract_Peloquin|"Building an Effective Application Security Program"]]
 
''Joey Peloquin, Fishnet Security''
 
''Joey Peloquin, Fishnet Security''
 +
 +
[http://video.google.com/videoplay?docid=-2540122072368010669 Video]
 
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Abstract_Belani|"Bad Cocktail: Spear Phishing + Application Hacks"]]
 
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Abstract_Belani|"Bad Cocktail: Spear Phishing + Application Hacks"]]
 
''Rohyt Belani, Intrepidus Group''
 
''Rohyt Belani, Intrepidus Group''
 +
 +
[http://video.google.com/videoplay?docid=3127205451740977427 Video]
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 13:50-14:50 || style="width:40%; background:#BC857A" align="left" | [[SnowFROC_Cornell_Dickson_Abstract|"Vulnerability Management in an Application Security World"]]
+
  | style="width:10%; background:#7B8ABD" | 13:50-14:50 || style="width:40%; background:#BC857A" align="left" | [[SnowFROC_Abstract_Byrne|"Automated vs. Manual Security: You can't filter The Stupid"]]
''John Dickson & Dan Cornell, Denim Group''
+
''David Byrne & Charles Henderson, Trustwave''
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Abstract_Damele|"SQL injection exploitation internals: How do I exploit this web application injection point?" (Tool Release!)]]
+
 
''Bernardo Damele, Portcullis''
+
[http://video.google.com/videoplay?docid=7611144342490803641 Video]
 +
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Abstract_Damele|"SQL injection: Not only AND 1=1"]]
 +
''Bernardo Damele Assumpcao Guimaraes, Portcullis Computer Security Ltd.''
 +
 
 +
[http://video.google.com/videoplay?docid=129190988572738701 Video]
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 14:50-15:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF - Beatz by [http://www.dj-jackalope.com/ DJ Jackalope]  
 
  | style="width:10%; background:#7B8ABD" | 14:50-15:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF - Beatz by [http://www.dj-jackalope.com/ DJ Jackalope]  
Line 72: Line 101:
 
  | style="width:10%; background:#7B8ABD" | 15:00-15:50 || style="width:40%; background:#BC857A" align="left" | [[SnowFROC_Abstract_Neucom|"Security Policy Management: Best Practices for Web Services and Application Security"]]
 
  | style="width:10%; background:#7B8ABD" | 15:00-15:50 || style="width:40%; background:#BC857A" align="left" | [[SnowFROC_Abstract_Neucom|"Security Policy Management: Best Practices for Web Services and Application Security"]]
 
''Ray Neucom, IBM''
 
''Ray Neucom, IBM''
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Abstract_Byrne|"Automated vs. Manual Security: You can't filter the stupid"]]
+
 
''David Byrne, Trustwave''
+
[http://video.google.com/videoplay?docid=-4972597638535731442 Video]
 +
  | style="width:40%; background:#BCA57A" align="left" | [[SnowFROC_Cornell_Dickson_Abstract|"Vulnerability Management in an Application Security World"]]
 +
''Dan Cornell & John Dickson, Denim Group''
 +
 
 +
[http://video.google.com/videoplay?docid=8588268474844052248 Video]
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 15:50-16:30 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Panel: Emerging Threats and Enterprise Countermeasures
 
  | style="width:10%; background:#7B8ABD" | 15:50-16:30 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | Panel: Emerging Threats and Enterprise Countermeasures
Line 86: Line 119:
 
<!-- Back to [https://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Home] -->
 
<!-- Back to [https://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 SnowFROC Home] -->
  
==Logistics==
+
==Capture the Flag (CTF)==
  
Venue: [http://www.tivoli.org/tivoli/ Tivoli Student Union, Denver, CO USA]
+
CTF is OPEN!
  
==Accommodations==
+
If you are attending FROC, join WiFi network "Auraria Campus" and browse to [http://ctf.technowarfare.com the CTF main page].  If you need help, email edupreyATowasp.org or visit the CTF lounge upstairs from the vendor area.
  
OWASP has not yet reserved a room block at the conference hotel. When we do, the hotel information will be:
+
This year FROC will be hosting a capture the flag game / contest throughout the day. The CTF consists of a LAMP web server target and a scoreboard.
  
TBD
+
Your job as a player is to successfully attack the small vulnerable web applications we provide to obtain hidden codes (called "flags".)  Enter a flag into the scoreboard and you're credited with the point value for that challenge.
  
$address
+
An entrant can be a team or an individual.  Small prizes will be given for the top three finishing entrants, but the greatest prize, of course, is bragging rights.  Winners will be announced (and prizes awarded) at the end of the conference as part of the conference wrap-up.
$phone
+
$email
+
$www
+
  
The room block that we have (which includes breakfast) is:
+
Thanks to:
  
Single Room: TBD $USD / night
+
*IBM for sponsoring this event and providing technical support.
 +
*Dan Guido and the rest of the team of students from Polytechnic University for developing the code the contest is based on. (this CTF is a modified version of the one they presented at OWASP NYC 2008)
 +
 
 +
===CTF Rules===
 +
 
 +
1. Don't attack other players.  The contest is about finding and exploiting vulnerabilities in the applications provided.  (yes, attacking application users is a real-world threat -- victims will be provided in the challenges where attacking a user is required.)
 +
 
 +
2. Don't attack the infrastructure.  Networks, routers, and the scoreboard are all off-limits as targets of attack.
 +
 
 +
Anyone discovered breaking these rules will earn banning, forfeiture of all points, and very bad karma.
 +
 
 +
==Logistics==
 +
 
 +
Venue: [http://maps.google.com/maps?hl=en&ie=UTF8&cid=0,0,17887458453474608109&fb=1&split=1&gl=us&dq=Tivoli+Student+Union+in+downtown+Denver,+CO&daddr=900+Auraria+Pkwy+%23+325E,+Denver,+CO+80204&geocode=2315206160437382962,39.746366,-105.007463&ei=jKOsSeKrM5O5twfLh4GDBg&z=16 Tivoli Student Union] in downtown 900 Auraria Pkwy # 325E
 +
Denver, CO 80204 (303) 556-6330
 +
 
 +
==Accommodations==
  
Double Room: TBD $USD / night
+
OWASP has negotiated discounted rates with the Hotel Teatro.  Rooms under the SnowFROC rate are $189/night and include courtesy Cadillac Escalade transportation to and from Auraria Campus. To reserve a room, contact Hotel Teatro at +1.303.228.1100 and mention SnowFROC.  The discounted rate will be available until Monday, March 2.
  
 
==Transportation to the Conference==
 
==Transportation to the Conference==
Line 113: Line 159:
  
 
===How to get to the venue?===
 
===How to get to the venue?===
See the [http://maps.google.com/maps?f=q&hl=en&q=tivoli+denver&ie=UTF8&ll=39.74785,-104.990931&spn=0.040189,0.061626&z=14&iwloc=A map].
+
See the [http://maps.google.com/maps?hl=en&ie=UTF8&cid=0,0,17887458453474608109&fb=1&split=1&gl=us&dq=Tivoli+Student+Union+in+downtown+Denver,+CO&daddr=900+Auraria+Pkwy+%23+325E,+Denver,+CO+80204&geocode=2315206160437382962,39.746366,-105.007463&ei=jKOsSeKrM5O5twfLh4GDBg&z=16 Map].
  
By taxi:
 
*taxi from the airport to venue is about $50 USD
 
  
 +
*By taxi: taxi from the airport to venue is about $50 USD
 +
 +
*From hotel: transport from the conference hotel (Hotel Teatro) by limo is free
 +
 +
*By car: there is plenty of parking at the Tivoli.  Parking validation will be provided for registered SnowFROC participants.
  
 
==Registration and Conference Fees==
 
==Registration and Conference Fees==
Line 124: Line 173:
  
 
Despite the fact that this is a free conference, we still need you to register to ensure that we don't exceed venue capacity.
 
Despite the fact that this is a free conference, we still need you to register to ensure that we don't exceed venue capacity.
 
[https://snowfroc.electricalchemy.net CLICK HERE TO REGISTER]
 
  
 
==Conference Committee==
 
==Conference Committee==
Line 131: Line 178:
 
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org
 
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org
  
SNOWFROC 2009 Planning Committee Chair: Kathy Thaxton - Business Partner Solutions - kthaxton 'at' businesspartnersolutions.com
+
SNOWFROC 2009 Planning Committee Chair: Kathy Thaxton - kthaxton 'at' owasp.org
  
 
Colorado Chapter Hosts:
 
Colorado Chapter Hosts:
Line 137: Line 184:
 
* Eric Duprey - OWASP Denver - eduprey 'at' exploits.org
 
* Eric Duprey - OWASP Denver - eduprey 'at' exploits.org
  
Vendor Exhibition Chair: Kathy Thaxton - Business Partner Solutions - kthaxton 'at' businesspartnersolutions.com
+
Vendor Exhibition Chair: Kathy Thaxton - kthaxton 'at' owasp.org
  
 
Capture the Flag Chair: Eric Duprey - eduprey 'at' exploits.org
 
Capture the Flag Chair: Eric Duprey - eduprey 'at' exploits.org
Line 146: Line 193:
  
 
The following organizations are proud sponsors of this conference:
 
The following organizations are proud sponsors of this conference:
<!--*Breach -->
+
*Accuvant
 +
*Breach
 
*Business Partner Solutions
 
*Business Partner Solutions
 
*Denim Group
 
*Denim Group
Line 160: Line 208:
 
*WhiteHat Security
 
*WhiteHat Security
  
If you are interested in sponsoring this OWASP conference, please contact Kathy Thaxton at kthaxton 'at' businesspartnersolutions.com.
+
If you are interested in sponsoring this OWASP conference, please contact Kathy Thaxton at kthaxton 'at' owasp.org.
  
  

Latest revision as of 12:49, 13 March 2012

Looking for this year's conference page? Click here to go to the FROC2010 website.

SnowFROCblue.jpg


Welcome to SnowFROC, the Winter 2009 Front Range OWASP Application Security Conference!

Thanks to our witty speakers, volunteer organizers, enthusiastic attendees, and gracious sponsors, the event was packed and full of energy. Thanks to those of you who completed the Survey. Survey results are here.



funds to OWASP earmarked for Front Range.

After a successful FROC in June of 2008, we are back in Denver, Colorado USA on 5 March 2009!

This year we again present a full day, FREE multi-track conference, which will provide valuable information for managers and executives as well as developers and engineers.

In 2008, we attracted a packed venue with our great AppSec speakers, and we hope to achieve the same again in 2009. This year we organized the conference to occur during the peak of the Colorado ski season, so that speakers can head up to the nearby mountains before and/or after the conference to enjoy some of the legendary snow.


Conference Location

Denver mountains.JPG

This year, the conference will be held at the Tivoli Student Union in downtown 900 Auraria Pkwy # 325E Denver, CO 80204 (303) 556-6330

Call for Presentations

The call for papers closed on 6 Feb 09. We received a tremendous response. Thanks to everybody who responded!


Agenda

Agenda and Presentations: 5 March 2009

The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing panel discussions back in the main auditorium.

March 5, 2009
07:30-08:30 Registration and Continental Breakfast in the Sponsor Expo Room
08:30-08:35 Welcome to SnowFROC AppSec 2009 Conference

David Campbell, OWASP Denver

08:35-09:45 Keynote: "Top Ten Web Hacking Techniques of 2008: What's possible, not probable"

Jeremiah Grossman, Whitehat Security

Video

09:45-10:15 OWASP State of the Union

Tom Brennan, OWASP Board

10:15-10:30 Break - Expo - CTF - Beatz by DJ Jackalope
Management / Executive Track: Room 1 Deep Technical Track: Room 2
10:30-11:15 "Doing More with Less: Automate or Die"

Ed Bellis, Orbitz

Video

"Poor Man's Guide to Breaking PKI: Why You Don't Need 200 Playstations"

Mike Zusman, Intrepidus Group

11:15-12:00 "A Legal Minimum Standard of Due Care: The CAG and the Top 25 Most Dangerous Programming Errors"

Alan Paller, SANS

"Adobe Flex, AMF 3 and BlazeDS: An Assessment"

Kevin Stadmeyer, Trustwave

Video

12:00-13:00 Lunch - Expo - CTF - Beatz by DJ Jackalope
Management / Executive Track: Room 1 Deep Technical Track: Room 2
13:00-13:50 "Building an Effective Application Security Program"

Joey Peloquin, Fishnet Security

Video

"Bad Cocktail: Spear Phishing + Application Hacks"

Rohyt Belani, Intrepidus Group

Video

13:50-14:50 "Automated vs. Manual Security: You can't filter The Stupid"

David Byrne & Charles Henderson, Trustwave

Video

"SQL injection: Not only AND 1=1"

Bernardo Damele Assumpcao Guimaraes, Portcullis Computer Security Ltd.

Video

14:50-15:00 Break - Expo - CTF - Beatz by DJ Jackalope
15:00-15:50 "Security Policy Management: Best Practices for Web Services and Application Security"

Ray Neucom, IBM

Video

"Vulnerability Management in an Application Security World"

Dan Cornell & John Dickson, Denim Group

Video

15:50-16:30 Panel: Emerging Threats and Enterprise Countermeasures

Moderator: John Dickson
Panelists: Alan Paller, Joey Peloquin, Rohyt Belani, Ed Bellis, Laz, Ray Neucom

16:30-17:30 Conference Wrap Up, CTF Awards & Sponsor Raffles - CTF - Beatz by DJ Jackalope
17:30-21:00 OWASP Social Gathering: Dinner and Drinks @ TBD


Capture the Flag (CTF)

CTF is OPEN!

If you are attending FROC, join WiFi network "Auraria Campus" and browse to the CTF main page. If you need help, email edupreyATowasp.org or visit the CTF lounge upstairs from the vendor area.

This year FROC will be hosting a capture the flag game / contest throughout the day. The CTF consists of a LAMP web server target and a scoreboard.

Your job as a player is to successfully attack the small vulnerable web applications we provide to obtain hidden codes (called "flags".) Enter a flag into the scoreboard and you're credited with the point value for that challenge.

An entrant can be a team or an individual. Small prizes will be given for the top three finishing entrants, but the greatest prize, of course, is bragging rights. Winners will be announced (and prizes awarded) at the end of the conference as part of the conference wrap-up.

Thanks to:

  • IBM for sponsoring this event and providing technical support.
  • Dan Guido and the rest of the team of students from Polytechnic University for developing the code the contest is based on. (this CTF is a modified version of the one they presented at OWASP NYC 2008)

CTF Rules

1. Don't attack other players. The contest is about finding and exploiting vulnerabilities in the applications provided. (yes, attacking application users is a real-world threat -- victims will be provided in the challenges where attacking a user is required.)

2. Don't attack the infrastructure. Networks, routers, and the scoreboard are all off-limits as targets of attack.

Anyone discovered breaking these rules will earn banning, forfeiture of all points, and very bad karma.

Logistics

Venue: Tivoli Student Union in downtown 900 Auraria Pkwy # 325E Denver, CO 80204 (303) 556-6330

Accommodations

OWASP has negotiated discounted rates with the Hotel Teatro. Rooms under the SnowFROC rate are $189/night and include courtesy Cadillac Escalade transportation to and from Auraria Campus. To reserve a room, contact Hotel Teatro at +1.303.228.1100 and mention SnowFROC. The discounted rate will be available until Monday, March 2.

Transportation to the Conference

By plane

Denver can be reached by commercial aviation through the Denver International Airport, which is a hub for United Airlines as well as Frontier.


How to get to the venue?

See the Map.


  • By taxi: taxi from the airport to venue is about $50 USD
  • From hotel: transport from the conference hotel (Hotel Teatro) by limo is free
  • By car: there is plenty of parking at the Tivoli. Parking validation will be provided for registered SnowFROC participants.

Registration and Conference Fees

Due to the hard work of our organizers and the gracious support of our sponsors, SNOWFROC will once again be a FREE CONFERENCE!!!

Despite the fact that this is a free conference, we still need you to register to ensure that we don't exceed venue capacity.

Conference Committee

OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org

SNOWFROC 2009 Planning Committee Chair: Kathy Thaxton - kthaxton 'at' owasp.org

Colorado Chapter Hosts:

  • David Campbell - OWASP Denver - dcampbell 'at' owasp.org
  • Eric Duprey - OWASP Denver - eduprey 'at' exploits.org

Vendor Exhibition Chair: Kathy Thaxton - kthaxton 'at' owasp.org

Capture the Flag Chair: Eric Duprey - eduprey 'at' exploits.org

CFP Chair: David Campbell - OWASP Denver - dcampbell 'at' owasp.org

Conference Sponsors

The following organizations are proud sponsors of this conference:

  • Accuvant
  • Breach
  • Business Partner Solutions
  • Denim Group
  • Fishnet Security
  • IBM
  • Imperva
  • Laz
  • Lares
  • Trustwave
  • WhiteHat Security

If you are interested in sponsoring this OWASP conference, please contact Kathy Thaxton at kthaxton 'at' owasp.org.


More information about conference sponsorship is available here.