Difference between revisions of "MRB Scratchpad"

From OWASP
Jump to: navigation, search
 
(6 intermediate revisions by one user not shown)
Line 4: Line 4:
 
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 
<br>
 
<br>
===[[OWASP AppSec DC 2010|Back to Conference Page]]===
+
<br>
 +
[[OWASP AppSec DC 2010|Main Conference Page]] | [[:Category:AppSec DC 2010 Presentations|Presentations Page]] | [[:Category:AppSec DC 2010 Training|Training Page]]
  
 
====Training 11/08====
 
====Training 11/08====
 
{| cellspacing="0" border="2"
 
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
| height="60" align="center" colspan="6" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Traning Day 1 - Nov 8th 2010'''</font>
+
| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Traning Day 1 - Nov 8th 2010'''</font>
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''149A'''  
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''149B'''  
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''145A'''  
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room TBD'''
+
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''155'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room TBD'''
+
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''154B'''
 +
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''159A'''
 +
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''159B'''
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]Class<br>Justin Searle & Mike Poor
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading the AppSec Initative ]]<br>Dave Wichers
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Day 1:<br>[[Software Security Best Practices]]<br>Ben Tomhave
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[WebAppSec.php: Developing Secure Web Applications]]<br>Robert Zakon
 +
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Art of Exploiting SQL Injections]] <br>Sumit Siddharth
 +
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Practical Web Security Overview]]<br>Zoltán Hornák
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="5" | Lunch
+
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="7" | Lunch
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]Class<br>Justin Searle & Mike Poor
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading the AppSec Initative ]]<br>Dave Wichers
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Day 1:<br>[[Software Security Best Practices]]<br>Ben Tomhave
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[WebAppSec.php: Developing Secure Web Applications]]<br>Robert Zakon
<!-- Training Day 2 -->
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Art of Exploiting SQL Injections]] <br>Sumit Siddharth
 +
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Practical Web Security Overview]]<br>Zoltán Hornák
 +
<!-- Training Day 1 -->
 
|}
 
|}
 
====Training 11/09====  
 
====Training 11/09====  
{| cellspacing="0" border="2"  
+
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
| height="60" align="center" colspan="6" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Training Day 2 - Nov 9th 2010'''</font>
+
| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''Traning Day 1 - Nov 8th 2010'''</font>
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''149A'''  
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''149B'''  
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room TBD'''  
+
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''145A'''  
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room TBD'''
+
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''155'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room TBD'''
+
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''154B'''
 +
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''159A'''
 +
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''159B'''
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 2:<br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]Class<br>Justin Searle & Mike Poor
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 2:<br>Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading the AppSec Initative ]]<br>Dave Wichers
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Day 1:<br>[[Software Security Best Practices]]<br>Ben Tomhave
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]]<br>Dan Cornell
 +
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]]<br>Rohit Sethi & Krishna Raja
 +
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Java Security Overview ]]<br>Zoltán Hornák
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
 
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="5" | Lunch
+
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="7" | Lunch
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>[[Assessing and Exploiting Web Applications with Samurai-WTF]]Class<br>Justin Searle & Mike Poor
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>[[Leading the AppSec Initative ]]<br>Dave Wichers
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1:<br>[[Remote Testing for Common Web Application Security Threats]]<br>David Rhoades
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Day 1:<br>[[Software Security Best Practices]]<br>Ben Tomhave
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Class<br>Instructor
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]]<br>Dan Cornell
<!-- Training Day 2 -->
+
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]]<br>Rohit Sethi & Krishna Raja
 +
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Java Security Overview ]]<br>Zoltán Hornák
 +
<!-- Training Day 2 -->
 
|}
 
|}
====Plenary 11/10====  
+
====Plenary Day 1 - 11/10====  
 
{| cellspacing="0" border="2"
 
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
Line 74: Line 87:
 
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (TBD)'''  
 
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (TBD)'''  
 
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Defense (TBD)'''  
 
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Defense (TBD)'''  
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''OWASP (TBD)'''  
+
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (TBD)'''  
 
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (TBD)'''
 
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (TBD)'''
 
|- valign="bottom"
 
|- valign="bottom"
Line 95: Line 108:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]]<br>Justin Searle <br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]]<br>Neil Daswani<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dont Judge a Website by its GUI Read the Label!|Don’t Judge a Website by its GUI – Read the Label!]]<br>Jeff Williams<br><br>Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
Line 104: Line 117:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]]<br>Ari Elias-bachrach and Casey Pike<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]]<br>Sarbari Gupta<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]]<br>Keith Turpin<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides  
 
|- valign="bottom"
 
|- valign="bottom"
Line 113: Line 126:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]]<br>Andrew Wilson <br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]]<br>Suresh Krishnaswamy, Wes Hardaker and Russ Mundy<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="3"| Federal CIO Panel <br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:35  
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:35  
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="1" | Break
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:35-3:25  
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:35-3:25  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]]<br>Sumit Siddharth<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]]<br>Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]]<br>Chris Schmidt<br><br> Video | Slides
 
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
Line 131: Line 144:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Seth Law<br><br> Video | Slides]
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]]<br>Ken Johnson and Seth Law<br><br> Video | Slides]
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]]<br>Dave Wichers<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
Line 137: Line 150:
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 4:40-5:30  
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:40-5:30  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="3" | Pen-Test Panel <br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | Pen-Test Panel <br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]]<br>Fabian Rothschild and Peter Greko<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> Video|Slides
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 +
|- valign="bottom"
 +
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:30-5:40  
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:30-5:40  
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 5:40-6:30  
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 5:40-6:30  
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[A new approach to preventing injection attacks on the Web Application Stack]]<br>Ahmed Masud<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | Slides
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video|Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | Hosted by DHS, DoD, NIST and NSA<br><br> Video | Slides
 +
|- valign="bottom"
 +
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:30-8:30  
 
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:30-8:30  
Line 155: Line 172:
 
<!-- Day 1 -->
 
<!-- Day 1 -->
 
|}
 
|}
====Plenary 11/11====  
+
====Plenary Day 2 - 11/11====  
 
{| cellspacing="0" border="2"
 
{| cellspacing="0" border="2"
 
|- valign="middle"
 
|- valign="middle"
Line 163: Line 180:
 
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (TBD)'''  
 
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (TBD)'''  
 
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''New Frontiers (TBD)'''  
 
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''New Frontiers (TBD)'''  
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (TBD)'''  
+
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''OWASP (TBD)'''  
 
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Process (TBD)'''
 
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Process (TBD)'''
 
|- valign="bottom"
 
|- valign="bottom"
Line 181: Line 198:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]]<br>Joshua Abraham and Will Vandevanter<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]]<br>Lars Ewe<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]]<br>Richard Tychansky<br><br>Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dont Judge a Website by its GUI Read the Label!|Don’t Judge a Website by its GUI – Read the Label!]]<br>Jeff Williams<br><br>Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]]<br>Dan Cornell<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
Line 190: Line 207:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]]<br>Chris Eng and Brandon Creighton<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Mozilla Foundation<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]]<br>Mozilla Foundation<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="3" | Federal CIO Panel <br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]]<br>Keith Turpin<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Code Reviewing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 12:05-12:15  
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 12:05-12:15  
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" | Break
+
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 12:15-1:05  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 12:15-1:05  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]]<br>Kevin Johnson and Mike Poor<br><br> Video | Slides  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]]<br>Aleksandr Yampolskiy<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]]<br>Aleksandr Yampolskiy<br><br> Video | Slides
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]]<br>Ivan Buetler<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]]<br>Nick Coblentz<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
Line 208: Line 225:
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]]<br>Arshan Dabirsiaghi<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]]<br>Michael Smith<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]]<br>Rafal Los<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]]<br>Chris Schmidt<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| Financial ServicesPanel<br><br>Video|Slides
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| Financial ServicesPanel<br><br>Video|Slides
 
|- valign="bottom"
 
|- valign="bottom"
Line 215: Line 232:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:05-3:55  
 
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:05-3:55  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>John McCoy<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]]<br>Jon McCoy<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br> Video | Slides
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]]<br>Kevin Johnson and Tom Eston<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]]<br>Andrew Weidenhamer<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]]<br>Fabio Cerullo<br><br> Video | Slides
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" bgcolor="#7b8abd" | 3:55-4:10  
 
| width="72" valign="middle" bgcolor="#7b8abd" | 3:55-4:10  
 
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break
 
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:10-5:00  
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:10-5:00  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | Slides]
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]]<br>Ron Gutierrez<br><br> Video | Slides]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]]<br>Dan Cornell<br><br> Video | Slides
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[OWASP Broken Web Applications Project Update]]<br>Chuck Willis<br>Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]]<br>Colin Watson<br><br> Video|Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Code Auditing Strategies]]<br>Andrew Wilson and John Hoopes<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]]<br>Darren Death<br><br> Video | Slides
|- valign="bottom"
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]]<br>Joshua Windsor and Joshua Pauli<br>Video | Slides
+
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:00-5:10  
 
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 5:00-5:10  
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 5:10-6:00  
+
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 5:10-6:00  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]]<br>Marcin Wielgoszewski and Nathan Hamiel<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]]<br>Eduardo Neves<br><br> Video | Slides
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]]<br>Scott Mendenhall<br>Video|Slides
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]]<br>Ryan Barnett<br><br> Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> Video | Slides
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]]<br>Benjamin Tomhave<br><br> Video | Slides
|- valign="bottom"
+
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]]<br>Ryan Barnett<br>Video | Slides
+
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:00-6:30  
 
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 6:00-6:30  
Line 246: Line 259:
 
<headertabs />
 
<headertabs />
  
===[[OWASP AppSec DC 2010|Back to Conference Page]]===
+
[[OWASP AppSec DC 2010|Main Conference Page]] | [[:Category:AppSec DC 2010 Presentations|Presentations Page]] | [[:Category:AppSec DC 2010 Training|Training Page]]
  
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_2010]]
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_2010]]

Latest revision as of 15:59, 12 October 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Main Conference Page | Presentations Page | Training Page

Training 11/08

Traning Day 1 - Nov 8th 2010
  149A 149B 145A 155 154B 159A 159B
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTFClass
Justin Searle & Mike Poor
Day 1:
Leading the AppSec Initative
Dave Wichers
Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades
Day 1:
Software Security Best Practices
Ben Tomhave
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
The Art of Exploiting SQL Injections
Sumit Siddharth
Practical Web Security Overview
Zoltán Hornák
12:00-13:00 Lunch
13:00-17:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTFClass
Justin Searle & Mike Poor
Day 1:
Leading the AppSec Initative
Dave Wichers
Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades
Day 1:
Software Security Best Practices
Ben Tomhave
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
The Art of Exploiting SQL Injections
Sumit Siddharth
Practical Web Security Overview
Zoltán Hornák

Training 11/09

Traning Day 1 - Nov 8th 2010
  149A 149B 145A 155 154B 159A 159B
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTFClass
Justin Searle & Mike Poor
Day 1:
Leading the AppSec Initative
Dave Wichers
Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades
Day 1:
Software Security Best Practices
Ben Tomhave
Software Security Remediation: How to Fix Application Vulnerabilities
Dan Cornell
Threat Modeling Express
Rohit Sethi & Krishna Raja
Java Security Overview
Zoltán Hornák
12:00-13:00 Lunch
13:00-17:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTFClass
Justin Searle & Mike Poor
Day 1:
Leading the AppSec Initative
Dave Wichers
Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades
Day 1:
Software Security Best Practices
Ben Tomhave
Software Security Remediation: How to Fix Application Vulnerabilities
Dan Cornell
Threat Modeling Express
Rohit Sethi & Krishna Raja
Java Security Overview
Zoltán Hornák

Plenary Day 1 - 11/10

Plenary Day 1 - Nov 10th 2010
  Offense (TBD) Defense (TBD) Metrics (TBD) Government (TBD)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Neal Ziring
National Secuirty Agency
Video | Slides
10:00-10:30 All about OWASP
OWASP Board
Video | Slides
10:30-10:45 Coffee Break
10:45-11:35 Python Basics for Web App Pentesters
Justin Searle

Video | Slides
Drive By Downloads: How To Avoid Getting A Cap Popped In Your App
Neil Daswani

Video | Slides
Secure Code Review: Enterprise Metrics
Richard Tychansky

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
11:35-11:45 Break
11:45-12:35 White and Black box testing of Lotus Domino Applications
Ari Elias-bachrach and Casey Pike

Video | Slides
Protecting Federal Government from Web 2.0 Application Security Risks
Sarbari Gupta

Video | Slides
Measuring Security: 5 KPIs for Successful Web App Security Programs
Rafal Los

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
12:35-1:35 Lunch
1:35-2:25 Pen Testing with Iron
Andrew Wilson

Video | Slides
Providing application-level assurance through DNSSEC
Suresh Krishnaswamy, Wes Hardaker and Russ Mundy

Video | Slides
Federal CIO Panel

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
2:25-2:35 Break Break
2:35-3:25 Hacking Oracle From Web Apps
Sumit Siddharth

Video | Slides
GuardRails: A (Nearly) Painless Solution to Insecure Web Applications
Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
3:25-3:40 Coffee Break
3:40-4:30 wXf: Web Exploitation Framework
Ken Johnson and Seth Law

Video | Slides]
The Strengths of Combining Code Review with Application Penetration Testing
Dave Wichers

Video | Slides
Dealing with Web Application Security, Regulation Style
Andrew Weidenhamer

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
4:30-4:40 Break
4:40-5:30 Pen-Test Panel

Video | Slides
Botnet Resistant Coding: Protecting Your Users from Script Kiddies
Fabian Rothschild and Peter Greko

Video | Slides
OWASP Broken Web Applications Project Update
Chuck Willis
Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation
Joshua Windsor and Joshua Pauli
Video | Slides
5:30-5:40 Break
5:40-6:30 A new approach to preventing injection attacks on the Web Application Stack
Ahmed Masud

Video | Slides
Using Misuse Cases to Articulate Vulnerabilities to Stakeholders
Scott Mendenhall
Video|Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
The Web Hacking Incident Database (WHID) Report
Ryan Barnett
Video | Slides
6:30-8:30 Cocktails and hors d'oeuvres in the EXPO Room (TBD)

Plenary Day 2 - 11/11

Plenary Day 2 - Nov 11th 2010
  Offense (TBD) New Frontiers (TBD) OWASP (TBD) Process (TBD)
07:30-08:55 Registration
08:55-09:00 Day 2 Opening Remarks
09:00-10:00 Keynote: Ron Ross
National Institute of Standards and Technology
Video | Slides
10:00-10:15 Coffee Break
10:15-11:05 Hacking SAP BusinessObjects
Joshua Abraham and Will Vandevanter

Video | Slides
Cloudy with a chance of hack!
Lars Ewe

Video | Slides
Don’t Judge a Website by its GUI – Read the Label!
Jeff Williams

Video | Slides
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Dan Cornell

Video | Slides
11:05-11:15 Break
11:15-12:05 Deconstructing ColdFusion
Chris Eng and Brandon Creighton

Video | Slides
Declarative Web Security
Mozilla Foundation

Video | Slides
The Secure Coding Practices Quick Reference Guide
Keith Turpin

Video | Slides
Code Reviewing Strategies
Andrew Wilson and John Hoopes

Video | Slides
12:05-12:15 Break
12:15-1:05 Friendly Traitor 2 Features are hot but giving up our secrets is not!
Kevin Johnson and Mike Poor

Video | Slides
Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files
Aleksandr Yampolskiy

Video | Slides
Open Source Web Entry Firewall
Ivan Buetler

Video | Slides
Microsoft's Security Development Lifecycle for Agile Development
Nick Coblentz

Video | Slides
1:05-2:05 Lunch
2:05-2:55 JavaSnoop: How to hack anything written in Java
Arshan Dabirsiaghi

Video | Slides
Life in the Clouds: a Service Provider's View
Michael Smith

Video | Slides
Solving Real World Problems with ESAPI
Chris Schmidt

Video | Slides
Financial ServicesPanel

Video|Slides
2:55-3:05 Break
3:05-3:55 Hacking .NET Applications at Runtime: A Dynamic Attack
Jon McCoy

Video | Slides
Social Zombies Gone Wild: Totally Exposed and Uncensored
Kevin Johnson and Tom Eston

Video | Slides
OWASP ESAPI SwingSet
Fabio Cerullo

Video | Slides
3:55-4:10 Coffee Break
4:10-5:00 Unlocking the Toolkit: Attacking Google Web Toolkit
Ron Gutierrez

Video | Slides]
Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications
Dan Cornell

Video | Slides
Attack Detection and Prevention with OWASP AppSensor
Colin Watson

Video|Slides
Implementing a Secure Software Development Program
Darren Death

Video | Slides
5:00-5:10 Break
5:10-6:00 Constricting the Web: Offensive Python for Web Hackers
Marcin Wielgoszewski and Nathan Hamiel

Video | Slides
Threats from Economical Improvement
Eduardo Neves

Video | Slides
OWASP ModSecurity Core Rule Set
Ryan Barnett

Video | Slides
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform
Benjamin Tomhave

Video | Slides
6:00-6:30 Closing Remarks/Prizes
The OWASP AppSec DC Team

Main Conference Page | Presentations Page | Training Page