Difference between revisions of "MRB Scratchpad"

From OWASP
Jump to: navigation, search
(Created page with '__NOTOC__ link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010 [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=…')
 
Line 137: Line 137:
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:40-4:30  
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 4:40-5:30  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Pen-Test Panel <br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="3" | Pen-Test Panel <br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> Video|Slides
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> Video|Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:30-4:40  
+
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:30-5:40  
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 4:40-5:30  
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 5:40-6:30  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Pen-Test Panel <br><br> Video | Slides
+
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:00-8:00
+
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:30-8:30
 
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails and hors d'oeuvres in the EXPO Room (TBD)
 
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails and hors d'oeuvres in the EXPO Room (TBD)
 
<!-- Day 1 -->
 
<!-- Day 1 -->

Revision as of 15:13, 22 September 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Back to Conference Page

Training 11/08

Traning Day 1 - Nov 8th 2010
  Room TBD Room TBD Room TBD Room TBD Room TBD
09:00-12:00 Day 1:
Class
Instructor
Day 1:
Class
Instructor
Class
Instructor
Class
Instructor
Class
Instructor
12:00-13:00 Lunch
13:00-17:00 Class
Instructor
Class
Instructor
Class
Instructor
Class
Instructor
Class
Instructor

Training 11/09

Training Day 2 - Nov 9th 2010
  Room TBD Room TBD Room TBD Room TBD Room TBD
09:00-12:00 Day 2:
Class
Instructor
Day 2:
Class
Instructor
Class
Instructor
Class
Instructor
Class
Instructor
12:00-13:00 Lunch
13:00-17:00 Class
Instructor
Class
Instructor
Class
Instructor
Class
Instructor
Class
Instructor

Plenary 11/10

Plenary Day 1 - Nov 10th 2010
  Offense (TBD) Defense (TBD) OWASP (TBD) Government (TBD)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Neal Ziring
National Secuirty Agency
Video | Slides
10:00-10:30 All about OWASP
OWASP Board
Video | Slides
10:30-10:45 Coffee Break
10:45-11:35 Python Basics for Web App Pentesters
Justin Searle

Video | Slides
Drive By Downloads: How To Avoid Getting A Cap Popped In Your App
Neil Daswani

Video | Slides
Don’t Judge a Website by its GUI – Read the Label!
Jeff Williams

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
11:35-11:45 Break
11:45-12:35 White and Black box testing of Lotus Domino Applications
Ari Elias-bachrach and Casey Pike

Video | Slides
Protecting Federal Government from Web 2.0 Application Security Risks
Sarbari Gupta

Video | Slides
The Secure Coding Practices Quick Reference Guide
Keith Turpin

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
12:35-1:35 Lunch
1:35-2:25 Pen Testing with Iron
Andrew Wilson

Video | Slides
Providing application-level assurance through DNSSEC
Suresh Krishnaswamy, Wes Hardaker and Russ Mundy

Video | Slides
OWASP ESAPI SwingSet
Fabio Cerullo

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
2:25-2:35 Break
2:35-3:25 Hacking Oracle From Web Apps
Sumit Siddharth

Video | Slides
GuardRails: A (Nearly) Painless Solution to Insecure Web Applications
Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri

Video | Slides
Solving Real World Problems with ESAPI
Chris Schmidt

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
3:25-3:40 Coffee Break
3:40-4:30 wXf: Web Exploitation Framework
Ken Johnson and Seth Law

Video | Slides]
The Strengths of Combining Code Review with Application Penetration Testing
Dave Wichers

Video | Slides
OWASP ModSecurity Core Rule Set
Ryan Barnett

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
4:30-4:40 Break
4:40-5:30 Pen-Test Panel

Video | Slides
Botnet Resistant Coding: Protecting Your Users from Script Kiddies
Fabian Rothschild and Peter Greko

Video | Slides
Attack Detection and Prevention with OWASP AppSensor
Colin Watson

Video|Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
5:30-5:40 Break
5:40-6:30 A new approach to preventing injection attacks on the Web Application Stack
Ahmed Masud

Video | Slides
Open Source Web Entry Firewall
Ivan Buetler

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
6:30-8:30 Cocktails and hors d'oeuvres in the EXPO Room (TBD)

Plenary 11/11

Plenary Day 2 - Nov 11th 2010
  Process (146A) Attack & Defend (146B) Metrics (146C) Compliance (152A)
8:00-9:00 Registration & Coffee sponsored by

AppSecDC2009-Sponsor-fyrm.gif

9:00-9:45 The Big Picture: Web Risks and Assessments Beyond Scanning
Matt Fisher



Video | Slides

Securing the Core JEE Patterns
Rohit Sethi/Krishna Raja

Video |

Slides

The Web Hacking Incidents Database
Ryan C. Barnett

Video | Slides

Business Logic Automatons: Friend or Foe?
Amichai Shulman

Video | Slides

9:45-9:50 Break
9:50-10:35 Scalable Application Assessments in the Enterprise
Tom Parker/Lars Ewe



Video | Slides

Malicious Developers and Enterprise Java Rootkits
Jeff Williams

Video | Slides

[[Application security metrics from the organization on down to the

vulnerabilities]]
Chris Wysopal

Video | Slides

SCAP: Automating our way out of the Vulnerability Wheel of Pain
Ed

Bellis

Video | Slides

10:35-10:40 Break
10:40-11:25 Secure Software Updates: Update Like Conficker
Jeremy Allen

Video | Slides

Unicode Transformations: Finding Elusive Vulnerabilities
Chris

Weber

Video | Slides

OWASP Top 10 - 2010
Release

Candidate
Dave Wichers

Video | Slides

Secure SDLC: The Good, The Bad, and The Ugly
Joey Peloquin

Video
Slides
11:25-12:30 Hosted Lunch
12:30-1:15 Improving application security after an incident
Cory Scott

Video | Slides

The 10 least-likely and most dangerous people on the Internet
Robert

Hansen

Video | Slides

Hacking by Numbers
Tom Brennan

Video |

Slides

Federal CISO Panel

Video
1:15-1:20 Break
1:20-2:05 Deploying Secure Web Applications with OWASP Resources
Sebastien

Deleersnyder / Fabio Cerullo

Video | Slides

Automated vs. Manual Security: You can't filter The Stupid
David

Byrne/Charles Henderson

Video | Slides

Building an in-house application security assessment team
Keith

Turpin

Video | Slides

2:05-2:20 Coffee break sponsored by

AppSecDC2009-Sponsor-fyrm.gif

2:20-3:05 OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Dinis Cruz

Video |

Slides

[[Injectable Exploits: Two New Tools for Pwning Web Apps and

Browsers]]
Kevin Johnson, Justin Searle, Frank DiMaggio

Video |

Slides

The OWASP Security Spending Benchmarks Project
Dr. Boaz Gelbord

Video | Slides

Promoting Application Security within Federal Government
Sarbari

Gupta

Video | Slides

3:05-3:10 Break
3:10-3:55 [[Custom Intrusion Detection Techniques for Monitoring Web

Applications]]
Matthew Olney

Video | Slides

[[Manipulating Web Application Interfaces, a new approach to input

validation]]
Felipe Moreno-Strauch

Video | Slides

SANS Dshield Webhoneypot Project
Jason Lam

Video |

Slides

[[Techniques in Attacking and Defending XML/Web

Services]]
Mamoon Yunus/Jason Macy

Video | Slides

3:55-4:00 Break
4:00-4:15 Closing Remarks (146B)
Mark Bristow, Rex Booth, Doug Wilson
Video |

Slides

Back to Conference Page