Lonestar Application Security Conference 2010

From OWASP
Revision as of 16:35, 22 October 2010 by Jsokol (Talk | contribs)

Jump to: navigation, search


LASCON 2010 Banner


LASCON is happening on October 29th, 2010 in Austin, TX

Registration Link | Speaker List Posted! | Follow LASCONATX on Twitter | Norris Conference Center


Welcome

Who Should Attend LASCON 2010:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security


LASCON 2010 Schedule

You can register for the conference here






Registration

Registration Is Now Open!

Register Here

OWASP Membership ($50 annual membership fee) gets you a discount on registration.

Non-Members (Includes a 1 year OWASP membership) $150 Until 10/26/2010 $200 After 10/26/2010
OWASP Members $100 Until 10/26/2010 $200 After 10/26/2010
Students with valid Student ID (must be shown at the door) $80 Until 10/26/2010 $2000 After 10/26/2010

Who Should Attend LASCON 2010:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security


For student discount, you must present proof of current enrollment when picking up your badge. No exceptions.

Sessions

Technical Track

James Flom
Why ha.ckers.org Doesn’t Get Hacked

Ha.ckers.org has suffered nearly every attack a website can. These attacks include robots, sophisticated web-based attacks, brute force, denial of service, and network based attacks. This speech will explain the other side of protecting high risk websites - the configurations, operating system, and network.

Charles Henderson
Anatomy of a Logic Flaw

Traditional vulnerabilities like SQL Injection, buffer overflows, etc, have well established techniques for discovery and prevention. On the other hand, logic flaws are incredibly diverse and often unique to the specific application or business organization. Because of this, logic flaws have taken on a near mythical status. In the myth, logic flaws are nearly impossible to find until the elite of the elite hackers launch an attack to completely own the application. The reality is far different; logic flaws are not the complex nightmare that many have made them out to be. This presentation will use real-world examples to show how logic flaws are typically introduced into an application, how they can be consistently detected during testing, and how they can be prevented during development. Instead of hoping for magic, repeatable processes will be outlined for each of those items. This will prove beneficial to anyone responsible for application security: programmers, architects, managers, and pen testers.

Management Track

Charlie Scott and Jay Paz
Conducting an Instiution-Wide, Multi-Department Application Security Assessment

From early 2009 until mid-2010, the Information Security Office at the University of Texas at Austin conducted a security assessment of over 250 web applications, spanning over 30 departments. The objectives of this assessment were to provide a thorough security review of existing applications, and act as an education and awareness exercise for the application developers. This presentation covers the political, technical, and scheduling challenges encountered on this assessment, how they were overcome, the results of the assessment and the changes they brought about, and lessons learned by the assessment team.

Joe Jarzombek
Mitigating Business Risks with Application Security

With today’s global IT software supply chain, project management and software/systems engineering processes must explicitly address security risks posed by exploitable software. Traditionally, these disciplines have not clearly and directly focused on software security risks that can be passed from projects to the organization. Software security assurance processes and practices span development and acquisition and can be used to enhance project management and quality assurance activities. Mr. Jarzombek explains the critical need for adherence to the practices, guidelines, rules, and principles used to build security into every phase of software development.

OWASP Etc Track

Dean Bushmiller
OWASP Top 10: What is it all about?

Everyone knows exactly what the OWASP top ten security threats are, right? Well sort of... I ask people if they have heard of the top ten they say yes. I ask them to name a few they pause, then they blurt out 2-3. Then I ask them to explain those 2-3 and they look at me like a deer-in-the-headlights. I want to make sure that everyone who walks out of the presentation can clearly define the top ten and be able to communicate to another what each of the top ten vulnerabilites are.

Brad Causey
Automating Web Testing Beyond OWASP Webscarab Using Python

This presentation will illustrate ways to improve web security assessments by using advanced features in OWASP Webscarab and extending your options with automation using Python.

Speakers

Asad Ali Noa Bar-yosef Erik Pace Birkholz Dean Bushmiller Brad Causey Chris Eng James Flom Robert Hansen Charles Henderson Michael Howard Joe Jarzombek Samy Kamkar Karen Lu Ernest Mueller Jay Paz Pete Perfetti Rob Rachwald Charlie Scott Amichai Shulman Josh Sokol

Volunteers

Volunteers Needed!

Get involved!

We will take all the help we can get to pull off the best Web Application Security Conference of the year! Volunteers get free admission. This is your chance to rub elbows with the big players and mingle with potential networking contacts or even future employers!


Please contact james.wickett(at)owasp.org to volunteer for a specific area:

  • Room Monitors
  • Speakers and Trainers
  • Vendors
  • Registration
  • Facilities

More opportunities and areas will be added as time goes on. Our File:Volunteer Sheet.doc can be downloaded which outlines some of the responsibilities and available positions. Note: this document references the the DC conference last year, this is just for a general guideline. Updated document coming soon.


Sponsors

Platinum Sponsors

YOUR COMPANY NAME AND LOGO COULD BE HERE
 

Gold Sponsors

Gemalto.jpg Whitehat.jpg Splunk.jpg Impactsecurityllc.png
Impact Security LLC
 

Silver Sponsors

K2share.gif Dexa.jpg Expandingsecurity.jpg
Expanding Security
Trustwave.jpg
        Fortify.png Veracode.gif Praetorian.jpg Denim-group.png

Badge Sponsor

Gemalto.jpg
 


Venue

Norris Conference Center

LASCON 2010 will be taking place at the Norris Conference Center in Austin, TX.


Travel

Traveling to the Austin Metro Area

Hotel

We have partnered with the Embassy Suites in the Arboretum and you can book rooms at using the discount code: LAS at 1-800-362-2779 begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting begin_of_the_skype_highlighting              1-800-362-2779      end_of_the_skype_highlighting or you can Book your room online.

Embassy Suites Austin - Arboretum 9505 Stonelake Boulevard Austin, Texas 78759

The rooms are $139 for a double or queen, includes hot breakfast and shuttle to/from the event.

Book your room online with the LASCON discount.

Sponsorship Options

We are currently soliciting sponsors for the LASCON 2010 Conference. Please refer to our List of Sponsorship Opportunities

Please contact James Wickett for more information.

Slots are going fast so contact us to sponsor today!

LASCON 2010 Sponsors.jpg

LASCON 2010 Additional.jpg

Call for Papers

Sorry, the CFP has ended for LASCON 2010. Maybe next year?