Difference between revisions of "German OWASP Day 2012/Programm"

From OWASP
Jump to: navigation, search
m
(keine themen mehr, mediawiki style)
Line 1: Line 1:
 
[[Category:OWASP_AppSec_Conference]] [[Category:Germany]] [[Category:Europe]] [[Category:German OWASP Day]]
 
[[Category:OWASP_AppSec_Conference]] [[Category:Germany]] [[Category:Europe]] [[Category:German OWASP Day]]
  
'''Programm des German OWASP Day 2012'''
 
  
== Themen ==
+
<font size="+2">Bereits bestätigte Vorträge des German OWASP Day 2012</font>
  
'''OWASP Introduction''' by Jim Manico, co-presented by Jerry Hoff
 
  
Simon Bennetts: '''OWASP Zed Attack Proxy'''
+
== Abstracts ==
  
Dr. Mario Heiderich: '''XSS von 1999 bis 2013 - Die Doctrine Classique der Websicherheit'''
+
=== OWASP Introduction: Jim Manico, co-presented by Jerry Hoff ===
  
Jim Manico: '''Top Ten Web Defenses'''
+
What's new in OWASP and why OWASP is interesting also for you or your company.
  
  
== Abstracts ==
+
=== Simon Bennetts: '''OWASP Zed Attack Proxy''' ===
 
+
Simon Bennetts: '''OWASP Zed Attack Proxy'''
+
  
 
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration
 
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration
Line 33: Line 29:
  
  
Dr. Mario Heiderich: '''XSS von 1999 bis 2013 - Die Doctrine Classique der Websicherheit'''
+
=== Dr. Mario Heiderich: '''XSS von 1999 bis 2013 - Die Doctrine Classique der Websicherheit''' ===
  
 
Cross-Site Scripting Angriffe wurden erstmals vor circa 14 Jahren
 
Cross-Site Scripting Angriffe wurden erstmals vor circa 14 Jahren
Line 51: Line 47:
  
  
Jim Manico: '''Abstract: Top Ten Web Defenses'
+
=== Jim Manico: '''Abstract: Top Ten Web Defenses' ===
  
 
We cannot hack or firewall our way secure. Application programmers need
 
We cannot hack or firewall our way secure. Application programmers need
Line 64: Line 60:
 
== Sprecher ==
 
== Sprecher ==
  
'''Simon Bennetts'''
+
=== Simon Bennetts ===
  
 
(a.k.a. Psiinon) has been developing web applications since
 
(a.k.a. Psiinon) has been developing web applications since
Line 85: Line 81:
  
  
'''Dr. Mario Heiderich'''
+
=== Dr. Mario Heiderich ===
  
 
arbeitet als Forscher für die Ruhr-Universität in
 
arbeitet als Forscher für die Ruhr-Universität in
Line 102: Line 98:
  
  
'''Jim Manico'''
+
=== Jim Manico ===
  
 
is the VP of Security Architecture for WhiteHat
 
is the VP of Security Architecture for WhiteHat

Revision as of 17:19, 7 August 2012


Bereits bestätigte Vorträge des German OWASP Day 2012


Contents

Abstracts

OWASP Introduction: Jim Manico, co-presented by Jerry Hoff

What's new in OWASP and why OWASP is interesting also for you or your company.


Simon Bennetts: OWASP Zed Attack Proxy

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is a community project, being maintained by a worldwide group of volunteers and is completely free, open source and cross platform. Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project.

Simon (the ZAP project lead) will:

  • Introduce ZAP to those who have not encountered it before
  • Detail the new features in the most recent releases
  • Explain the 3 ZAP related Google Summer of Code projects
  • Talk about the future plans


Dr. Mario Heiderich: XSS von 1999 bis 2013 - Die Doctrine Classique der Websicherheit

Cross-Site Scripting Angriffe wurden erstmals vor circa 14 Jahren dokumentiert. Seitdem hat diese Angriffstechnik eine Evolution durchzogen, die klassischen Dramentheorie ähnelt - inklusive Katastase, Heldentum und Peripetie.

Nun hält HTML Einzug in die Welt der Betriebssysteme, und das Drama XSS befindet sich an der Baumgrenze zur Katastrophe - der harmlose "Alert" hat sich zum schwarzen Schwan beliebiger Code-Ausführung im Betriebssystem gewandelt.

Dieser Vortrag zeigt die Evolution der Angriffstechnik XSS, untersucht unser aller Fehler in der bisherig angewandten Bekämpfung, bietet konsequente Ausblicke und schließt mit Denkanstößen für das Jahr 2013 und fortfolgend.


Jim Manico: Abstract: Top Ten Web Defenses'

We cannot hack or firewall our way secure. Application programmers need to learn to code in a secure fashion if we have any chance of providing organizations with proper defenses in the current threatscape. This talk will discuss the 10 most important security-centric computer programming techniques necessary to build low-risk web-based applications. This talk is best suited for technical web application development professionals at any stage of the software development lifecycle.


Sprecher

Simon Bennetts

(a.k.a. Psiinon) has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He works for Mozilla as part of their Security Team.

Some of the projects Simon works on:

  • OWASP Zed Attack Proxy project lead
  • OWASP Data Exchange Format project lead
  • Bodge It Store project lead
  • OWASP AppSensor contributor
  • wavsep contributor

'Penetration Testing for Developers' blog author

He is also one of the chapter leaders for the OWASP Manchester chapter.

Simon has a B.Sc in Computing and Information Systems from Manchester University.


Dr. Mario Heiderich

arbeitet als Forscher für die Ruhr-Universität in Bochum, findet Lücken im IE und anderen Tools für Microsoft in Redmond und arbeitet im wesentlichen im Bereich HTML5- und SVG- und Browser-Sicherheit.

Mario glaubt allen ernstes, man könne XSS mittels JavaScript verhindern und besiegen, schrieb darüber eine Dissertation und hat auch sonst eher wunderliche Ansichten.

In der verbleibenden Zeit pen-testet und berät Mario diverse DAX-Unternehmen, spricht auf internationalen Konferenzen und hat irrationale Freude am Finden von Bugs und Designfehlern.


Jim Manico

is the VP of Security Architecture for WhiteHat Security. Jim is also the host of the OWASP Podcast Series, is the committee chair of the OWASP Connections Committee, is the project manager of the OWASP Cheatsheet series, and is a significant contributor to several additional OWASP projects. Jim provides secure coding and developer awareness training for WhiteHat Security using his 8+ years of experience delivering developer-training courses for SANS, Aspect Security and others. He brings 16 years of database-driven Web software development and analysis experience to WhiteHat and OWASP as well. Jim works on the beautiful island of Kauai, Hawaii where he lives with his wife Tracey.