Difference between revisions of "German OWASP Day 2012/Programm"

From OWASP
Jump to: navigation, search
(keine themen mehr, mediawiki style)
Line 47: Line 47:
  
  
=== Jim Manico: '''Abstract: Top Ten Web Defenses' ===
+
=== Jim Manico: '''Top Ten Web Defenses''' ===
  
 
We cannot hack or firewall our way secure. Application programmers need
 
We cannot hack or firewall our way secure. Application programmers need

Revision as of 03:22, 21 August 2012


Bereits bestätigte Vorträge des German OWASP Day 2012


Contents

Abstracts

OWASP Introduction: Jim Manico, co-presented by Jerry Hoff

What's new in OWASP and why OWASP is interesting also for you or your company.


Simon Bennetts: OWASP Zed Attack Proxy

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is a community project, being maintained by a worldwide group of volunteers and is completely free, open source and cross platform. Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project.

Simon (the ZAP project lead) will:

  • Introduce ZAP to those who have not encountered it before
  • Detail the new features in the most recent releases
  • Explain the 3 ZAP related Google Summer of Code projects
  • Talk about the future plans


Dr. Mario Heiderich: XSS von 1999 bis 2013 - Die Doctrine Classique der Websicherheit

Cross-Site Scripting Angriffe wurden erstmals vor circa 14 Jahren dokumentiert. Seitdem hat diese Angriffstechnik eine Evolution durchzogen, die klassischen Dramentheorie ähnelt - inklusive Katastase, Heldentum und Peripetie.

Nun hält HTML Einzug in die Welt der Betriebssysteme, und das Drama XSS befindet sich an der Baumgrenze zur Katastrophe - der harmlose "Alert" hat sich zum schwarzen Schwan beliebiger Code-Ausführung im Betriebssystem gewandelt.

Dieser Vortrag zeigt die Evolution der Angriffstechnik XSS, untersucht unser aller Fehler in der bisherig angewandten Bekämpfung, bietet konsequente Ausblicke und schließt mit Denkanstößen für das Jahr 2013 und fortfolgend.


Jim Manico: Top Ten Web Defenses

We cannot hack or firewall our way secure. Application programmers need to learn to code in a secure fashion if we have any chance of providing organizations with proper defenses in the current threatscape. This talk will discuss the 10 most important security-centric computer programming techniques necessary to build low-risk web-based applications. This talk is best suited for technical web application development professionals at any stage of the software development lifecycle.


Sprecher

Simon Bennetts

(a.k.a. Psiinon) has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He works for Mozilla as part of their Security Team.

Some of the projects Simon works on:

  • OWASP Zed Attack Proxy project lead
  • OWASP Data Exchange Format project lead
  • Bodge It Store project lead
  • OWASP AppSensor contributor
  • wavsep contributor

'Penetration Testing for Developers' blog author

He is also one of the chapter leaders for the OWASP Manchester chapter.

Simon has a B.Sc in Computing and Information Systems from Manchester University.


Dr. Mario Heiderich

arbeitet als Forscher für die Ruhr-Universität in Bochum, findet Lücken im IE und anderen Tools für Microsoft in Redmond und arbeitet im wesentlichen im Bereich HTML5- und SVG- und Browser-Sicherheit.

Mario glaubt allen ernstes, man könne XSS mittels JavaScript verhindern und besiegen, schrieb darüber eine Dissertation und hat auch sonst eher wunderliche Ansichten.

In der verbleibenden Zeit pen-testet und berät Mario diverse DAX-Unternehmen, spricht auf internationalen Konferenzen und hat irrationale Freude am Finden von Bugs und Designfehlern.


Jim Manico

is the VP of Security Architecture for WhiteHat Security. Jim is also the host of the OWASP Podcast Series, is the committee chair of the OWASP Connections Committee, is the project manager of the OWASP Cheatsheet series, and is a significant contributor to several additional OWASP projects. Jim provides secure coding and developer awareness training for WhiteHat Security using his 8+ years of experience delivering developer-training courses for SANS, Aspect Security and others. He brings 16 years of database-driven Web software development and analysis experience to WhiteHat and OWASP as well. Jim works on the beautiful island of Kauai, Hawaii where he lives with his wife Tracey.