Difference between revisions of "Front Range OWASP Conference 2013"

From OWASP
Jump to: navigation, search
(Lots of content updates as well as a format change to use the recommended (tab-based) layout.)
Line 3: Line 3:
  
 
__NOTOC__
 
__NOTOC__
 +
<font size=2pt>
 
= Introduction =
 
= Introduction =
 
+
{{:Front_Range_OWASP_Conference_2013/Introduction}}
<!-- Header -->
+
====Welcome to SnowFROC 2013 - the 5th Annual Front Range OWASP Security Conference====
+
 
+
 
+
After successful FROC's in June of 2008, [http://www.owasp.org/index.php/Front_Range_OWASP_Conference_2009 March of 2009], [[Front_Range_OWASP_Conference_2010|2010]] and [[Front_Range_OWASP_Conference_2012|2012]] we are back in Denver, Colorado USA on March 28-29, 2013. Primary conference proceedings will be held on Thursday with informal "Birds of a Feather" sessions on Friday morning (half-day). We're also trying to arrange discounted skiing for those looking to break free on Friday for the weekend.
+
 
+
The conference is a full day, multi-track event, which will provide valuable information for managers and executives as well as developers and engineers. Tracks are still being finalized but will include:
+
*Cloud Security - focused on how cloud hosting changes the security model and implementation of security controls
+
*Web App Security Management - focused on the manager's view of web application security with a special focus on scope, boundaries, responsibilities, and legal considerations
+
*Deep Dive Technical - focused on hard technical problems like encryption across an n-tiered web application stack, auditing web app mashups, and HTML 5 security concerns
+
*Web Application Security Testing - focused on testing web apps, especially large and complex enterprise apps
+
*Legal Aspects of Web App Security - focused on liability considerations and other concerns of particular interest to managers, executives, and counsel (will be awarded CLE credit)
+
 
+
While the tracks are ongoing we'll also have a capture the flag (CTF) competition underway featuring homegrown hacking challenges.
+
 
+
In 2012, we attracted a packed venue with our great AppSec speakers, and we hope to achieve the same again in 2013.
+
 
+
 
+
==Conference Committee==
+
Conference Lead: [[User:Micah_Tapman|Micah Tapman]], [[User:Kathy_Thaxton|Kathy Thaxton]] (alternate), [[User:Mark_Major|Mark Major]] (alternate)
+
<br />Sponsorship Coordinator: [[User:Micah_Tapman|Micah Tapman]] (acting)
+
<br />CTF Lead: [[User:Mark_Major|Mark Major]]
+
 
+
 
+
==Pesentation Selection Committee==
+
TBD
+
 
+
 
+
==Colorado Chapter Hosts==
+
[[User:Steve_Kosten|Steve Kosten]], [[Denver|OWASP Denver chapter]]
+
<br />[[User:Mark_Major|Mark Major]], [[Boulder|OWASP Boulder chapter]]
+
 
+
  
 
=CFP=
 
=CFP=
 
+
{{:Front_Range_OWASP_Conference_2013/CFP}}
====Call for Presentations====
+
 
+
Conference organizers are actively seeking presentations relating to the following topics. Please forward this site to all interested practitioners and colleagues.
+
 
+
 
+
==Tracks and topics==
+
The following topics will be prioritized during the selection process.
+
 
+
====High-level technical track====
+
*Cloud security
+
**How cloud hosting changes the security model
+
**Implementation of security controls
+
*Web application security testing, especially targeting large and complex enterprise applications
+
*OWASP tools and projects
+
**New and proposed projects
+
**Development and status of existing projects
+
 
+
====Deep-dive technical track====
+
*Encryption across an n-tiered web application stack
+
*Auditing web application mash-ups
+
*Technology-specific presentations (HTML5, AJAX, etc.)
+
*Secure coding for web applications
+
*Static code analysis
+
*Hands-on countermeasures
+
 
+
====Management track====
+
*Web application security management: focused on a managerial view of web application security with a special focus on scope, boundaries, responsibilities, and legal considerations
+
*Emerging threats
+
*Planning and managing secure software development lifecycles
+
*Metrics for application security
+
*Business risks associated with application security
+
 
+
====Legal track====
+
*Liability considerations related to web application security
+
*Data ownership and privacy within the cloud
+
*Cybersecurity legislation
+
 
+
 
+
==Submission process==
+
One abstract must be submitted for each presentation considered. Abstracts must be written in English, should not exceed 300 words, and should be uploaded [http://owasp.aerstone.com/cfp here].
+
 
+
'''Abstract format'''
+
<br />The website above will automatically create and format abstracts based on submitted information. However, uploading existing abstract documents is permitted provided the following requirements are met:
+
*Only Microsoft Word documents, PDFs, rich-text format documents, and text files will be reviewed.
+
*Author names, affiliations, email addresses, and other personally-identifiable information must be stripped from the uploaded document.
+
*All presentations must be titled. Titles should appear at the top of the page.
+
*The overview of the proposed presentation should not exceed 300 words.
+
 
+
 
+
==Evaluation process==
+
Submitted abstracts will be assessed by selected members of the Colorado OWASP chapters. All reviews will be blind and reviewers will not have visibility to author information. The following criteria will determine abstract rankings:
+
*Applicability to the requested topics
+
*Applicability to the conference theme
+
*OWASP relevance
+
*Industry relevance (web application development and operations, general cybersecurity, etc.)
+
*Timeliness of submission
+
*Strength of presentation (as determined by the review committee)
+
 
+
 
+
==Dates and deadlines==
+
Abstract collection will occur between January 5th through February 10th, 2013.
+
Initial presentation selections will be announced by February 17th, and a continuing collection may occur as needed until all tracks are filled.
+
 
+
Final presentations of accepted abstracts must be submitted for review by March 14th, 2013. All presentations will be delivered during conference proceedings on March 28th, 2013.
+
 
+
 
+
==Legalities==
+
All speakers must agree with and abide by the [[Speaker_Agreement|OWASP Speaker Agreement v2.0]].
+
====Anyone who cannot or will not abide by these terms will not be permitted to present at the conference.====
+
 
+
In addition, presenters must agree to allow use of abstract titles, text, and speaker names and bios for conference promotion.
+
With speaker consent, presentation materials will be distributed to conference attendees and will be archived for future reference.
+
With speaker consent, presentations will be recorded and archived.
+
 
+
  
 
=Registration=
 
=Registration=
 
+
{{:Front_Range_OWASP_Conference_2013/Registration}}
====SnowFROC 2013 registration will be available by January 21st.====
+
 
+
Please check back later for details.
+
 
+
<!--
+
'''Attendee registration: [http://tbd.tbd.tbd/tbd.html CLICK HERE TO REGISTER]'''
+
 
+
'''Speaker or Sponsor registration: [http://tbd.tbd.tbd/tbd.html Speaker-Sponsor Registration]'''
+
-->
+
 
+
  
 
=Venue=
 
=Venue=
 
+
{{:Front_Range_OWASP_Conference_2013/Venue}}
====Conference Location====
+
 
+
Due to conference expansion, SnowFROC is moving to the [http://www.marriott.com/hotels/hotel-photos/dendt-denver-marriott-city-center/ Denver Marriott City Center] in the heart of downtown [http://goo.gl/maps/pM4RM Denver, Colorado].
+
<!-- Denver Ballroom -->
+
 
+
OWASP negotiated preferred room rates at the Marriott. See the Hotel tab for additional details.
+
 
+
[[Image:marriott_dendt_phototour44.jpg|400px]]
+
 
+
  
 
=Conference Schedule=
 
=Conference Schedule=
 
+
{{:Front_Range_OWASP_Conference_2013/Schedule}}
====Track Schedule====
+
 
+
This schedule is subject to frequently changes as the conference draws nearer.
+
 
+
{| style="width:80%" border="0" align="center"
+
! colspan="6" align="center" style="background:#6D929B; color:white" | '''Day 1: Thursday, March 28th, 2013'''
+
|-
+
| style="width:10%; background:#6D929B; color:white" align="center" | || style="width:18%; background:#E8D0A9" | '''Cloud Security: Room 1'''
+
  | style="width:18%; background:#B7AFA3" align="center" | '''Technical Deep-Dive: Room 2'''
+
  | style="width:18%; background:#C1DAD6" align="center" | '''Management: Room 3'''
+
  | style="width:18%; background:#F2F2F2" align="center" | '''Legal Aspects: Room 4'''
+
  | style="width:18%; background:#ACD1E9" align="center" | '''Testing: Room 5'''
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 07:00-08:45 || colspan="5" style="width:80%; background:#C2C2C2" align="center"  | '''Registration''' <br> '''Executive Breakfast''' provided by BREAKFAST SPONSOR (08:00 - 09:00)
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 08:45-09:00 || colspan="5" style="width:80%; background:#C2C2C2" align="center" | '''Introductions'''<br> ''Presenters: [[User:Steve_Kostem|Steve Kosten]], [[User:Mark_Major|Mark Major]]'' <br> [http://www.owasp.org/ Slides]
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 09:00-09:45 || colspan="5" style="width:80%; background:#C2C2C2" align="center" | '''Keynote1'''<br> ''Presenters: [[Presenter_Bio Presenter 1]], [[Presenter_Bio Presenter 2]]'' <br> [http://www.owasp.org/ Slides]
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 09:45-10:15 || colspan="4" style="width:70%; background:#C2C2C2" align="center" | '''Room arrangement''' <br> '''Sponsor Expo'''
+
  | style="width:18%; background:#ACD1E9" | '''CTF Kick-off''' ''Presenters: [[User:Mark_Major|Mark Major]]''
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 10:15-11:00 || style="width:18%; background:#E8D0A9" align="center" | '''[[Link to Preso Page | Cloud Preso 1]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#B7AFA3" align="center" | '''[[Link to Preso Page | Deep-dive Preso 1]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#C1DAD6" align="center" | '''[[Link to Preso Page | Management Preso 1]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#F2F2F2" align="center" | '''[[Link to Preso Page | Legal Preso 1]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#ACD1E9" align="center" | '''[[Link to Preso Page | Testing Preso 1]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 11:10-11:55 || style="width:18%; background:#E8D0A9" align="center" | '''[[Link to Preso Page | Cloud Preso 2]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#B7AFA3" align="center" | '''[[Link to Preso Page | Deep-dive Preso 2]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#C1DAD6" align="center" | '''[[Link to Preso Page | Management Preso 2]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#F2F2F2" align="center" | '''[[Link to Preso Page | Legal Preso 2]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#ACD1E9" align="center" | '''[[Link to Preso Page | Testing Preso 2]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 12:05-12:50 || colspan="5" style="width:80%; background:#C2C2C2" align="center" | '''Sponsor Expo''' <br> ''LUNCH - Provided by LUNCH SPONSOR''
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 13:00-13:45 || style="width:18%; background:#E8D0A9" align="center" | '''[[Link to Preso Page | Cloud Preso 3]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#B7AFA3" align="center" | '''[[Link to Preso Page | Deep-dive Preso 3]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#C1DAD6" align="center" | '''[[Link to Preso Page | Management Preso 3]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#F2F2F2" align="center" | '''[[Link to Preso Page | Legal Preso 3]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#ACD1E9" align="center" | '''[[Link to Preso Page | Testing Preso 3]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 13:55-14:40 || style="width:18%; background:#E8D0A9" align="center" | '''[[Link to Preso Page | Cloud Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#B7AFA3" align="center" | '''[[Link to Preso Page | Deep-dive Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#C1DAD6" align="center" | '''[[Link to Preso Page | Management Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#F2F2F2" align="center" | '''[[Link to Preso Page | Legal Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#ACD1E9" align="center" | '''[[Link to Preso Page | Testing Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 14:50-15:35 || style="width:18%; background:#E8D0A9" align="center" | '''[[Link to Preso Page | Cloud Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#B7AFA3" align="center" | '''[[Link to Preso Page | Deep-dive Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#C1DAD6" align="center" | '''[[Link to Preso Page | Management Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#F2F2F2" align="center" | '''[[Link to Preso Page | Legal Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  | style="width:18%; background:#ACD1E9" align="center" | '''[[Link to Preso Page | Testing Preso 4]]''' <br> ''[http://authorurl.com Author Name]''<br> [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 15:35-16:05 || colspan="5" style="width:80%; background:#C2C2C2" align="center" | '''Room arrangement''' <br> '''Sponsor Expo''' ''Raffles?''
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 16:05-16:50 || colspan="5" style="width:80%; background:#E8D0A9" align="center" | '''Panel discussion: Topic of interest'''<br> ''
+
    Panelist Name, Company & Title, <br>
+
    Panelist Name, Company & Title, <br>
+
    Panelist Name, Company & Title, <br>
+
    Panelist Name, Company & Title, <br>
+
    Panelist Name, Company & Title, <br>
+
    Panelist Name, Company & Title, <br>
+
    Moderated by: Moderator Name''<br>
+
    [http://video.google.com/ VIDEO] / [http://owasp.org SLIDES]
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 16:50-17:00 || colspan="5" style="width:80%; background:#C2C2C2" align="center" | '''Wrap up''' ''Presenters: [[User:Micah_Tapman:Micah Tapman]]'' <br> '''Sponsor raffles'''
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 18:30-21:00+ || colspan="5" style="width:80%; background:#C2C2C2" align="center" | '''[https://www.appliedtrust.com AppliedTrust] after-party at WHEREVER''' <br> '''CTF awards ceremony''' ''(19:30)''
+
  |-
+
|}
+
 
+
 
+
{| style="width:80%" border="0" align="center"
+
! colspan="6" align="center" style="background:#6D929B; color:white" | Day 2: Friday, March 29th, 2013
+
|-
+
| style="width:10%; background:#6D929B" align="center" | || style="width:30%; background:#E8D0A9" | Technical
+
  | style="width:30%; background:#B7AFA3" align="center" | Management
+
  | style="width:30%; background:#C1DAD6" align="center" | Capture the Flag
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 08:45-09:15 || colspan="5" style="width:80%; background:#C2C2C2" align="center" | '''Coffee bar''' provided by COFFEE SPONSOR (08:45 - 10:15)
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 09:15-10:00 || style="width:30%; background:#E8D0A9" align="center" | '''Birds of a Feather: Session 1'''
+
  | style="width:30%; background:#B7AFA3" align="center" | '''Birds of a Feather: Session 1'''
+
  | style="width:30%; background:#C1DAD6" align="center" | '''Postmortem'''
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 10:15-11:00 || style="width:30%; background:#E8D0A9" align="center" | '''Birds of a Feather: Session 2'''
+
  | style="width:30%; background:#B7AFA3" align="center" | '''Birds of a Feather: Session 2'''
+
  | style="width:30%; background:#C1DAD6" align="center" | '''FLOSSHack: CTF VM'''
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 11:15-12:00 || style="width:30%; background:#E8D0A9" align="center" | '''Birds of a Feather: Session 3'''
+
  | style="width:30%; background:#B7AFA3" align="center" | '''Birds of a Feather: Session 3'''
+
  | style="width:30%; background:#C1DAD6" align="center" | '''FLOSSHack: Scoreboard'''
+
  |-
+
| style="width:10%; background:#6D929B; color:white" align="center" | 12:15-13:00 || style="width:30%; background:#E8D0A9" align="center" | '''Birds of a Feather: Session 4'''
+
  | style="width:30%; background:#B7AFA3" align="center" | '''Birds of a Feather: Session 4'''
+
  | style="width:30%; background:#C1DAD6" align="center" | '''FLOSSHack: Next steps'''
+
|}
+
 
+
  
 
=Event Sponsors=
 
=Event Sponsors=
 
+
{{:Front_Range_OWASP_Conference_2013/Sponsors}}
====Sponsors====
+
 
+
If you are interested in sponsoring the Front Range OWASP Conference, please contact [[User:Micah_Tapman|Micah Tapman]] at micah at aerstone dot com.
+
<!--
+
<hr>
+
<center>[https://www.owasp.org/images/linktosponsorshippackage.pdf Diamond Sponsor] - [http://www.owasp.org http://www.owasp.org/images/7/78/Owasp_logo_122106.png]<br>
+
<br>[https://www.owasp.org/images/linktosponsorshippackage.pdf Platinum Sponsor]  - [http://www.owasp.org http://www.owasp.org/images/7/78/Owasp_logo_122106.png]  - [http://www.owasp.org http://www.owasp.org/images/7/78/Owasp_logo_122106.png] -  [http://www.owasp.org http://www.owasp.org/images/7/78/Owasp_logo_122106.png] </center><br>
+
[https://www.owasp.org/images/linktosponsorshippackage.pdf Gold, Silver, Expo & Other Sponsors] - [http://www.owasp.org http://www.owasp.org/images/7/78/Owasp_logo_122106.png] - [http://www.owasp.org http://www.owasp.org/images/7/78/Owasp_logo_122106.png] - [http://www.owasp.org http://www.owasp.org/images/7/78/Owasp_logo_122106.png] - [http://www.owasp.org http://www.owasp.org/images/7/78/Owasp_logo_122106.png]
+
<br>
+
<center>[https://www.owasp.org/images/linktosponsorshippackage.pdf Sponsorship Opportunities]</center>
+
<hr>
+
-->
+
 
+
  
 
=Continuing Education Credit=
 
=Continuing Education Credit=
 
+
{{:Front_Range_OWASP_Conference_2013/Continuing_Education}}
====CPE and CLE credits====
+
Much of the SnowFROC content is eligible for continuing professional education (CPE) or continuing legal education (CLE) credits.  Please check with your institution regarding specific requirements.
+
 
+
 
+
==CPE credits==
+
'''The CISM CPE policy (www.isaca.org/cismcpepolicy) states''':
+
 
+
One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.
+
 
+
Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"
+
 
+
 
+
==CLE credits==
+
Conference organizers are actively pursuing certified seminar accreditation from the Colorado Board of Continuing Legal and Judicial Education. For additional information regarding CPEs and Rule 260 please visit the [http://www.coloradosupremecourt.com/CLE/CleFaq.htm Colorado Supreme Court's CLE page].
+
 
+
  
 
=Hotel and Travel=
 
=Hotel and Travel=
 +
{{:Front_Range_OWASP_Conference_2013/Travel}}
  
====Denver Marriott City Center====
+
=Presentation Materials=
 
+
{{:Front_Range_OWASP_Conference_2013/Archive}}
The [http://www.marriott.com/hotels/hotel-photos/dendt-denver-marriott-city-center/ Denver Marriott City Center] is extending a discounted room rate to conference attendees. This rate applies between March 25th through April 1st, 2013. Please reference SnowFROC when reserving your room.
+
 
+
[[Image:marriott_dendt_phototour36.jpg|400px]]
+
 
+
 
+
==Room block info==
+
Information coming soon.
+
 
+
 
+
==Local ground and air transportation==
+
Information coming soon.
+
 
+
 
+
==Denver Attractions==
+
The Marriott is located in the heart of [http://goo.gl/maps/pM4RM Denver, Colorado] and is walking distance or a short cab ride from many downtown attractions.
+
*[http://www.denvercenter.org/buy-tickets/shows/spamalot/about.aspx Monty Python's Spamalot] at the Buell Theatre (3/28-30)
+
*World-class exhibitions at the [http://www.denverartmuseum.org/ Denver Art Museum]
+
*Guided [http://www.denvermicrobrewtour.com/ walking tours] of downtown's microbreweries
+
*The [http://www.nba.com/nuggets/tickets/NuggetsSeats.html Denver Nuggets] host the Brooklyn Nets (3/29 @ 7pm)
+
*Free tours of the [https://www.usmint.gov/mint_tours/?action=startReservation US Mint]
+
*Plus all the standard downtown stuff: [http://16thstreetmalldenver.com/ shopping], [http://www.denverpavilions.com/ more shopping], an [http://www.aquariumrestaurants.com/downtownaquariumdenver/default.asp aquarium], a [http://www.denverzoo.org zoo], [http://www.comedyworks.com/ comedy clubs], [http://www.hermanshideaway.com/ local music], and many clubs, restaurants, and art galleries.
+
 
+
 
+
==Colorado Attractions==
+
Out-of-town visitors may be interested in staying for the weekend to enjoy all Colorado has to offer, including:
+
*[http://www.redrocksonline.com/Calendar.aspx Red Rocks amphitheatre]
+
*The [http://www.butterflies.org Butterfly Pavilion]
+
*[http://www.gardenofgods.com/home/index.cfm?flash=1 Garden of the Gods] (Colorado Springs)
+
*[http://www.royalgorgebridge.com/ Royal Gorge] (Canyon City)
+
*[http://www.millercoors.com/Brewery-Tours/Golden-Brewery-Tour.aspx Coors], [http://www.newbelgium.com/culture/brewery/visit-us.aspx New Belgium], [http://odellbrewing.com/ and] [http://greatdivide.com/ many] [http://averybrewing.com/ other] [http://www.colorado.com/colorado-breweries Colorado breweries]
+
 
+
 
+
==Skiing==
+
The SnowFROC staff is pursuing a chartered bus and negotiated discounts for premier ski resorts and lift tickets. Check back soon for details!
+
 
+
 
+
=Presentation Archive=
+
 
+
====2013 presentations====
+
 
+
Presentation materials will be made available upon the conclusion of SnowFROC2013.
+
 
+
 
+
====Previous conferences====
+
 
+
'''2012 presentations''' are [[Front_Range_OWASP_Conference_2012#2012_Presentations| available here]].
+
  
 +
</font>
 
<headertabs />
 
<headertabs />
 
[[Category:OWASP_AppSec_Conference]]
 
[[Category:OWASP_AppSec_Conference]]

Revision as of 19:34, 12 January 2013

SnowFROC 2013 wide white.png


[edit]

Welcome to SnowFROC 2013 - the 5th Annual Front Range OWASP Security Conference

Click here to register

The Colorado OWASP chapters are proud to present the 5th annual SnowFROC. Join 300 other developers, business owners, and security professionals for a day-and-a-half of presentations, training, and Birds-of-a-Feather (BoaF) sessions. The SnowFROC 2013 keynote speaker is Neal Ziring, Technical Director of InfoProtection at NSA.

The conference will occur on Thursday, March 28th at the Denver Marriott City Center and will feature four primary tracks:

  • High-Level Technical
  • Deep-Dive / Hands-on Technical
  • Management
  • Legal

Running in parallel to the conference proceedings will be a capture the flag (CTF) hacking competition developed exclusively for SnowFROC by Boulder OWASP chapter members. The day will conclude with a moderated panel discussion featuring top industry leaders.

On Friday, March 29, Aaron Weaver will teach a course in secure coding. This training is free to SnowFROC attendees!

Friday will also offer BoaF sessions. Join like-minded industry leaders and discuss pressing issues facing the industry and you. BoaF sessions are self-lead and may address and issue you would like. Pitch your idea and get the ball rolling!

Finally, Friday will feature a postmortem of the CTF tournament. In addition to discussing solutions, techniques, and tools, we will encourage participants to attack the previously out-of-bounds CTF framework. Itching to break into the scoreboard and rack up the points? The gloves come off Friday morning.

Conference Committee

Mark Major: Director

Brad Carvalho: Sponsorship, Executive events
Craig Klosterman: Merchandise
Steve Kosten: Sponsorship, Executive events
Glen Matthes: Planning
Chris Rossi: CTF, Networking events
Greg Foss: CTF

Colorado Chapter Hosts

OWASP Boulder chapter: Mark Major
OWASP Denver chapter: Steve Kosten, Brad Carvalho (acting)

Call for Presentations

Please direct all interested practitioners and colleagues to this site.

Submission process

Potential speakers may submit abstracts of proposed presentations here.

Abstracts will be formatted automatically during the submission process. However, all uploaded materials must adhere to the following requirements:

  • Only Microsoft Word documents, PDFs, rich-text format documents, and text files will be reviewed.
  • Author names, affiliations, email addresses, and other personally-identifiable information must be stripped from the uploaded document.
  • All presentations must be titled. Titles should appear at the top of the page.
  • The overview of the proposed presentation should not exceed 300 words.

Presenters will be allotted 45-minute time slots. One abstract must be submitted for each presentation considered. All abstracts must be written in English.


Evaluation process

The following criteria will determine abstract rankings:

  • Applicability to the requested topics (see below)
  • Relevance to web application development and operations
  • Relevance to the cyber security industry at large
  • Relevance to the OWASP Foundation
  • Strength of presentation (as determined by the review committee)
  • Timeliness of submission

Submitted abstracts will be assessed by selected members of the Colorado OWASP chapters. All reviews will be blind and author information will not be visible to reviewers.


Dates and deadlines

Abstract collection will begin January 14th and continue until all speaking slots are filled. Evaluations will occur on a rolling schedule with selected papers announced each Monday, beginning on February 11th. Although the rolling format extends the submission period significantly, potential speakers are advised to submit as early as possible in order to maximize chances for selection.

Final presentations of accepted abstracts must be submitted for review by March 17th. Templates and other presentation formatting constraints will be made available to selected speakers directly.

Phase 1: Jan 14 - Feb 11
Jan 14 - Feb 03: Submission period
Feb 04 - Feb 10: Evaluation period
Feb 11: Selected papers announcement

Phase 2: Feb 04 - Feb 18 (as needed)
Feb 04 - Feb 10: Submission period
Feb 11 - Feb 17: Evaluation period
Feb 18: Selected papers announcement

Phase 3: Feb 11 - Feb 25 (as needed)
Jan 11 - Feb 17: Submission period
Feb 18 - Feb 24: Evaluation period
Feb 25: Selected papers announcement

Phase 4: Feb 18 - Mar 04 (as needed)
Feb 18 - Feb 24: Submission period
Feb 25 - Mar 03: Evaluation period
Mar 04: Selected papers announcement

Presentation evaluation
Mar 17: Final draft presentations due
Mar 18 - Mar 25: Committee final review
Mar 28, 2013: SnowFROC proceedings


Legalities

All speakers must agree with and abide by the OWASP Speaker Agreement v2.0.

Anyone who cannot or will not abide by these terms will not be permitted to present at the conference.

In addition, presenters must agree to allow use of abstract titles, text, speaker names, and bios for conference promotion. With speaker consent, presentation materials will be distributed to conference attendees and will be recorded and archived for future reference.


Preferred topics

The following topics will be prioritized during the selection process.

High-level technical track

  • Web application security testing, especially targeting large and complex enterprise applications
  • Mobile device security
  • Cloud security
    • Impacts on the security model
    • Implementation of security controls
  • OWASP tools and projects
    • New and proposed projects
    • Development and status of existing projects

Deep-dive technical track

  • Technology-specific presentations (HTML5, AJAX, etc.)
  • Secure coding for web applications
  • Static code analysis
  • Hands-on countermeasures
  • Encryption across an n-tiered web application stack
  • Auditing web application mash-ups

Management track

  • Web application security management (scope, boundaries, responsibilities, legal considerations, etc.)
  • Emerging threats
  • Planning and managing secure software development life cycles
  • Metrics for managing application security
  • Business risks associated with application security

Legal track

  • Liability related to web application security
  • Data ownership and privacy laws within the cloud
  • Cyber security and privacy legislation and regulation
  • Electronic discovery considerations, both traditional and in the cloud
  • Cyber security considerations related to law enforcement
  • Data disclosure liability

SnowFROC 2013 registration

Click here to register

Pricing

$115 Non-Members Includes 1 year OWASP membership
$65 OWASP Members Register with the email address used to obtain OWASP membership to receive member pricing
$35 Students Proof of current enrollment is required at check-in (no exceptions)

Conference Location

SnowFROC 2013 will take place at Denver Marriott City Center located in the heart of downtown Denver, Colorado.

Conference proceedings will occur in the Denver Ballroom, Pre-Function area, and Colorado Ballrooms A-D. Out-of-town guest are encouraged to take advantage of group room rates.

Marriott dendt phototour44.jpg




                                                                                                                              Marriott Map.png

SnowFROC 2013 Schedule


Thu, Mar 28 Technical Track Deep-Dive Track Management Track Legal Track
07:00-08:30 Registration and Morning Snacks
Sponsored by HP
08:00-08:15 Welcome and Kick-off
Brad Carvalho, Mark Major
08:15-08:30 State of OWASP
Jim Manico
08:30-09:30 Keynote Address: Data Protection for the 21st Century
Neal Ziring, Technical Director for the National Security Agency’s Information Assurance Directorate (IAD)
Video
09:30-10:00 Coffee Break and Sponsor Expo
Sponsored by Aerstone
CTF Kick-off
Chris Rossi, Mark Major
10:00-10:45 DevFu: The inner ninja in every application developer
Danny Chrastil

Slides
Video
SIP Based Cloud Instances
Gregory Disney-Leugers

Slides
Video
Digital Bounty Hunters - Decoding Bug Bounty Programs
Jon Rose

Slides
Video
Electronic Discovery for System Administrators
Russell Shumway

Slides
Video
CTF
Sponsored by Aerstone
10:55-11:40 Adventures in Large Scale HTTP Header Abuse
Zachary Wolff

Slides
Video
How Malware Attacks Web Applications
Casey Smith

Slides
Video
Linking Security to Business Value in the Customer Service Industry
Dan Rojas

Slides
Video
Legal Issues of Forensics in the Cloud
David Willson

Slides
Video
11:40-12:40 Lunch and Sponsor Expo
Sponsored by Aerstone
12:40-13:25 Angry Cars: Hacking the "Car as Platform"
Aaron Weaver

Slides
Video
Top Ten Web Application Defenses
Jim Manico

Slides
Video
Using SaaS and the Cloud to Secure the SDLC
Andrew Earle

Slides
Video
CISPA: Why Privacy Advocates Hate This Legislation
Maureen Donohue Feinroth

Slides
Video
13:35-14:20 DevOps and Security: It's Happening. Right Now.
Helen Bravo

Slides
Video
A Demo of and Preventing XSS in .NET Applications
Larry Conklin

Slides
Video
Measuring Security Best Practices With OpenSAMM
Alan Jex

Slides
Video
Crafting a Plan for When Security Fails
Robert Lelewski

Slides
Video
14:30-15:15 Real World Cloud Application Security
Jason Chan

Slides
Video
Data Mining a Mountain of Zero Day Vulnerabilities
Joe Brady

Slides
Video
Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)
Jon McCoy

Slides
Video
Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem
Tom Glanville

Slides
Video
15:15-15:45 Coffee Break and Sponsor Expo
Sponsored by Aerstone
15:45-16:45 Moderated Panel Discussion
   Aaron Weaver
   David Willson
   Dan Wilson
   Neal Ziring
   Moderator: Jim Manico
   Video
16:45-17:00 Closing Statements
Brad Carvalho, Mark Major
17:00- Sponsor Raffles, Drawings, and Contests CTF Wrap-Up
Chris Rossi, Mark Major
19:00-22:00+ After-party at Tarantula Billiards
Sponsored by AppliedTrust
Tarantula is located 3 blocks from the Marriott at the corner of 15th and Stout (1520 Stout Street, Denver)
Awards Ceremony at Tarantula (20:00)


Fri, Mar 29 Training Birds of a Feather: A Birds of a Feather: B Capture the Flag
09:00-9:45 Training: Secure Coding
Aaron Weaver
DevOps in Cloud environments (edit) BoaF 1b (edit) FLOSSHack: CTF VM
10:00-10:45 The modern threatscape: what have you seen? (edit) BoaF 2b (edit)
10:45-11:15 Coffee Break
Sponsored by Aerstone
11:15-12:00 Access Control (edit) BoaF 3b (edit) FLOSSHack: CTF Scoreboard
12:15-13:00 COTS solutions for secure enterprise architectures (edit) BoaF 4b (edit)

Current Sponsors

Aerstone

Aerstone provides strategic and technical cyber security consulting services including assessments, planning, architecture designed incident response, regulatory compliance, and computer forensics. We provide services and products for medium to large healthcare providers, financial services organizations and legal firms, and law enforcement.  Clients range from local businesses to government agencies.
Aerstone


Applied Trust

AppliedTrust provides IT infrastructure, security, and opensource consulting services. Our clients are organizations where effective IT is critical to the reputation and growth of their business, and hail from a variety of industries including healthcare, financial services, hospitality, recreation, and government. Our specialty areas include:


  • Web Application Security
  • Drupal and Linux
  • Security
  • Technology Selection and Implementation
  • Operations
  • Performance and High Availability
  • Assessment and Audit
  • System, Network, and Security Architecture
  • Strategy and Governance
Applied Trust


Checkmarx

Checkmarx - Source Code Analysis Made Easy

Checkmarx is the developer of next generation Static Code Analysis (SCA) solutions. The company pioneered the concept of a query language-based solution for identifying technical and logical code vulnerabilities. Checkmarx provides the best way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk. The product enables developers and auditors to easily scan un-compiled / un-built code in all major coding languages anywhere, anytime. CxSuite's application security testing is available in both "On Premise" and "On Demand" configurations. The security testing scans for the most prevalent security vulnerabilities as determined by OWASP Top 10, SANS, and other major standards. Checkmarx was recognized by Gartner as sole visionary in their latest SAST magic quadrant and as Cool vendor in application security. Customers include Fortune 500, government organizations and SMBs in over 30 countries.

Checkmarx


HP

HP is a leading provider of security and compliance solutions for the modern enterprise that wants to mitigate risk in its hybrid environment and defend against advanced threats. Based on market leading products from HP ArcSight, HP Fortify, and HP TippingPoint, the HP Security Intelligence Platform uniquely delivers the advanced correlation, application protection, and network defenses to protect today’s hybrid IT infrastructure from sophisticated cyber threats.
HP


Security Pursuit

Security Pursuit provides computer security services to help organizations protect their critical information systems. Based in Denver, Colorado, Security Pursuit's services include: IT Security Risk Analysis, Data Breach Incident Response, Network Penetration Testing and Vulnerability Assessments, Website Penetration Testing and Vulnerability Assessments, Wireless Network Security, Social Engineering Prevention, Security Awareness Training, Employee Termination Assistance and Virtual CISO consulting. We have conducted hundreds of security assessments for financial institutions, healthcare providers, retailers, utilities, airports, and municipal governments; many in support of PCI, GLBA, NCUA, and HIPAA compliance requirements. Security Pursuit’s computer security services provide you with a higher level of awareness about the security posture of your organization.
Security Pursuit


SouthSeas

Escaping network insecurity means identifying and eliminating vulnerability at each and every level. At South Seas Corporation, we consider the big picture and the finest details of your information technology, from computers to routers to servers and the cabling between, from intranets to the internet, from mobile devices to web applications to remote networks across the globe. We also address administrative issues, including security policy and federal compliance. Of course, your budget is top of mind from the beginning. The end result is a tailored solution designed to secure every byte of information traveling through, to and around your organization at every point, installed by certified experts trained to work hand in hand with your IT department. Take a load off your mind with South Seas Corporation.
SouthSeas


Veracode

Today most global enterprises live under the constant threat of being hacked, which begs this critical question – how do they innovate and rapidly release new and improved applications required to be an industry leader while still securing their organizations critical IP and data assets? Before Veracode, application security was widely thought to slow innovation, but not anymore. With the Veracode Platform, application security and innovation can go hand-in-hand. Whether applications are built, brought or outsourced, Veracode’s patented testing technology provides the intelligence needed to quickly secure them from the most common forms of attack.
Veracode




CPE and CLE credits

Much of the SnowFROC content is eligible for continuing professional education (CPE) or continuing legal education (CLE) credits. Please check with your institution regarding specific requirements.


CPE credits

The CISM CPE policy (www.isaca.org/cismcpepolicy) states:

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"


CLE credits

Conference organizers are actively pursuing certified seminar accreditation from the Colorado Board of Continuing Legal and Judicial Education. For additional information regarding CPEs and Rule 260 please visit the Colorado Supreme Court's CLE page.

Denver Marriott City Center

The Denver Marriott City Center is extending a discounted room rate to conference attendees. This rate applies between March 25th through April 1st, 2013. Please reference SnowFROC when reserving your room.

  • Group rate standard guest room: $159
  • Complimentary in-room Internet service


                                                                                                                              Marriott dendt phototour36.jpg


Denver Attractions


Colorado Attractions

Out-of-town visitors may be interested in staying for the weekend to enjoy all Colorado has to offer, including:


Skiing

The SnowFROC staff is pursuing a chartered bus and negotiated discounts for premier ski resorts and lift tickets. Check back soon for details!

2013 presentations

Keynote Address: Data Protection for the 21st Century
Panel Discussion

Technical Track
DevFu: The inner ninja in every application developer

Adventures in Large Scale HTTP Header Abuse

Angry Cars: Hacking the "Car as Platform"

DevOps and Security: It's Happening. Right Now.

Real World Cloud Application Security


Deep-Dive Track
SIP Based Cloud Instances

How Malware Attacks Web Applications

Top Ten Web Application Defenses

A Demo of and Preventing XSS in .NET Applications

Data Mining a Mountain of Zero-Day Vulnerabilities


Management Track
Digital Bounty Hunters - Decoding Bug Bounty Programs

Linking Security to Business Value in the Customer Service Industry

Using SaaS and the Cloud to Secure the SDLC

Measuring Security Best Practices With Open SAMM

Defending Desktop (.NET/C#) Applications: Mitigating in the Dark (A Case Study Remix)


Legal Track
Electronic Discovery for System Administrators

Legal Issues of Forensics in the Cloud

CISPA: Why Privacy Advocates Hate This Legislation

Crafting a Plan for When Security Fails

Information Control: The Critical Need for a Defensible Position - Securing the Information Ecosystem


Previous conferences

2012 presentations are available here.