Difference between revisions of "OWASP AppSec DC 2009 Schedule"

From OWASP
Jump to: navigation, search
(Back to Conference Page)
(Back to Conference Page)
Line 42: Line 42:
 
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 149A'''  
 
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 149A'''  
 
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 154B'''
 
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 154B'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room 155'''
 
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
Line 49: Line 48:
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
 
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]
 
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" |
 
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="5" | Lunch
+
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
Line 58: Line 56:
 
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni<br>[http://www.securitycompass.com Security Compass]
 
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni<br>[http://www.securitycompass.com Security Compass]
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]<!-- Day 2 -->
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | <!-- Day 2 -->
+
 
|}
 
|}
 
====Talks 11/12====  
 
====Talks 11/12====  
Line 67: Line 64:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''OWASP'''  
+
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''OWASP (146A)'''  
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Tools'''  
+
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Tools (146B)'''  
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''SDLC'''  
+
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Web 2.0 (146C)'''  
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Web 2.0'''
+
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''SDLC (152A)'''
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 07:30-08:45
+
| width="67" valign="middle" bgcolor="#7b8abd" | 07:30-08:50
| valign="middle" bgcolor="#909090" align="center" colspan="4" | Registration
+
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 08:45-09:00  
+
| width="67" valign="middle" bgcolor="#7b8abd" | 08:50-09:00  
 
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
 
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
 
|- valign="bottom"
 
|- valign="bottom"
Line 82: Line 79:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30  
| valign="middle" height="30" bgcolor="#909090" align="center" colspan="4" | Coffee Break &amp; Room Change
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP [[OWASP:About#Global_Board_Members| OWASP Board]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-11:30  
+
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-10:45
 +
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC2009-Sponsor-denim.gif|link=http://www.denimgroup.com/]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" bgcolor="#7b8abd" | 10:45-11:30  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann  
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 11:30-12:30  
+
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:30-12:30  
 +
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West  
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 12:30-13:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[DISA's Application Security and Development STIG: How OWASP Can Help You]]<br>Jason Li  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[DISA's Application Security and Development STIG: How OWASP Can Help You]]<br>Jason Li  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett  
 
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett  
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 13:30-14:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 14:30-15:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
 
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates  
 
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber  
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="3" | [[SDLC Panel AppSecDC|SDLC Panel]]<br>&nbsp;<br>Pravir Chandra<br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>David Rook<br>Keith Turpin
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="4" | [[SDLC Panel AppSecDC|SDLC Panel]]<br>&nbsp;<br>Pravir Chandra<br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>David Rook<br>Keith Turpin
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 15:30-16:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:55-3:00
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:00-3:45
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna  
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 16:30-17:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:45-3:50
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:50-4:35
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[OWASP Live CD: An open environment for Web Application Security]]<br>Matt Tesauro / Brad Causey  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[OWASP Live CD: An open environment for Web Application Security]]<br>Matt Tesauro / Brad Causey  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis  
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br>  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br>  
 
Josh Abraham  
 
Josh Abraham  
 
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 17:30-18:30  
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:35-4:50
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:40-5:30  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner  
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates  
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates  
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies]]<br>Rafal Los
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies]]<br>Rafal Los
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco
 
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 19:00-????
+
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 5:45-8:00
| valign="middle" height="60" bgcolor="#c0c0c0" align="center" colspan="4" | Reception <!-- Day 2 -->
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails and hors d'oeuvres in the EXPO Room (151)<br>Sponsored by [[Image:AppSecDC2009-Sponsor-cenzic.gif|link=http://www.cenzic.com/]]<!-- Day 2 -->
 
|}
 
|}
 
====Talks 11/13====  
 
====Talks 11/13====  
Line 145: Line 159:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Attack &amp; Defend'''  
+
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Process (146A)'''  
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Process'''  
+
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Attack &amp; Defend (146B)'''  
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics'''  
+
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (146C)'''  
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance'''
+
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance (152A)'''
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 07:30-09:00  
+
| width="67" valign="middle" bgcolor="#7b8abd" | 8:00-9:00  
| valign="middle" bgcolor="#909090" align="center" colspan="4" | Registration
+
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration & Coffee sponsored by [[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
+
| width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote: TBA
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher
|- valign="bottom"
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30
+
| valign="middle" height="30" bgcolor="#909090" align="center" colspan="4" | Coffee Break &amp; Room Change
+
|- valign="bottom"
+
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-11:30
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher
+
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett  
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett  
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Ofer Shezaf
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Ofer Shezaf
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 11:30-12:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 9:45-9:50
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe
+
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal  
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal  
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 12:30-13:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 10:35-10:40
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen
+
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]]<br>Dave Wichers  
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]]<br>Dave Wichers  
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 13:30-14:30  
+
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:25-12:30
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch
+
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 14:30-15:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Improving application security after an incident]]<br>Cory Scott
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan  
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan  
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]]
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 15:30-16:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney
+
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 16:30-17:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | TBD
 
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | TBD
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | TBD
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord  
 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord  
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta
 
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 17:30-18:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:55-3:00
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Kuai Hinojosa  
+
|- valign="bottom"
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam  
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:00-3:45
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Kuai Hinojosa  
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam  
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:45-3:50
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 18:30-19:00  
+
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 3:50-4:00  
| valign="middle" height="60" bgcolor="#c0c0c0" align="center" colspan="4" | Closing Remarks
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146C) <br> Mark Bristow, Rex Booth, Doug Wilson
 
|}
 
|}
 
<headertabs />
 
<headertabs />

Revision as of 19:50, 3 November 2009


Back to Conference Page

Please note, speaking times are not final, check back regularly for updates.

Training 11/10

Day 1 - Nov 10th 2009
  Room 154A Room 149B Room 149A Room 154B Room 155
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Day 1:
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
Threat Modeling Express
Krishna Raja
Security Compass
Foundations of Web Services and XML Security
Dave Wichers
Aspect Security
Live CD
Matt Tesauro
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
Threat Modeling Express
Krishna Raja
Security Compass
Foundations of Web Services and XML Security
Dave Wichers
Aspect Security
Live CD
Matt Tesauro

Training 11/11

Day 2 - Nov 11th 2009
  Room 154A Room 149B Room 149A Room 154B
09:00-12:00 Day 2:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Day 2:
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
Leader and Manager Training - Leading the Development of Secure Applications
John Pavone
Aspect Security
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
Leader and Manager Training - Leading the Development of Secure Applications
John Pavone
Aspect Security

Talks 11/12

Day 1 - Nov 12th 2009
  OWASP (146A) Tools (146B) Web 2.0 (146C) SDLC (152A)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Joe Jarzombek
10:00-10:30 All about OWASP OWASP Board
10:30-10:45 Coffee Break sponsored by AppSecDC2009-Sponsor-denim.gif
10:45-11:30 OWASP ESAPI
Jeff Williams
Clubbing WebApps with a Botnet
Gunter Ollmann
Understanding the Implications of Cloud Computing on Application Security
Dennis Hurst
Enterprise Application Security - GE's approach to solving root cause
Darren Challey
11:30-12:30 Hosted Lunch
12:30-1:15 Software Assurance Maturity Model (SAMM)
Pravir Chandra
The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security
Jacob West
Transparent Proxy Abuse
Robert Auger
Software Development The Next Security Frontier
Jim Molini
1:15-1:20 Break
1:20-2:05 DISA's Application Security and Development STIG: How OWASP Can Help You
Jason Li
OWASP ModSecurity Core Rule Set Project
Ryan C. Barnett
Development Issues Within AJAX Applications: How to Divert Threats
Lars Ewe
The essential role of infosec in secure software development
Kenneth R. van Wyk
2:05-2:10 Break
2:10-2:55 Defend Yourself: Integrating Real Time Defenses into Online Applications
Michael Coates
Finding the Hotspots: Web-security testing with the Watcher tool
Chris Weber
Social Zombies: Your Friends Want to Eat Your Brains
Tom Eston/Kevin Johnson
SDLC Panel
 
Pravir Chandra
Dan Cornell
Michael Craigue
Dennis Hurst
Joey Peloquin
David Rook
Keith Turpin
2:55-3:00 Break
3:00-3:45 The ESAPI Web Application Firewall
Arshan Dabirsiaghi
One Click Ownage
Ferruh Mavituna
Cloudy with a chance of 0-day
Jon Rose/Tom Leavey
Web Application Security Scanner Evaluation Criteria
Brian Shura
3:45-3:50 Break
3:50-4:35 OWASP Live CD: An open environment for Web Application Security
Matt Tesauro / Brad Causey
Learning by Breaking: A New Project Insecure Web Apps
Chuck Willis
Attacking WCF Web Services
Brian Holyfield
Vulnerability Management in an Application Security World
Dan Cornell
Synergy! A world where the tools communicate

Josh Abraham

4:35-4:50 Break
4:40-5:30 The Entrepreneur's Guide to Career Management
Lee Kushner
Advanced SSL: The good, the bad, and the ugly
Michael Coates
When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies
Rafal Los
Threat Modeling
John Steven
User input piercing for Cross Site Scripting Attacks
Matias Blanco
5:45-8:00 Cocktails and hors d'oeuvres in the EXPO Room (151)
Sponsored by AppSecDC2009-Sponsor-cenzic.gif

Talks 11/13

Day 2 - Nov 13th 2009
  Process (146A) Attack & Defend (146B) Metrics (146C) Compliance (152A)
8:00-9:00 Registration & Coffee sponsored by AppSecDC2009-Sponsor-fyrm.gif
9:00-9:45 The Big Picture: Web Risks and Assessments Beyond Scanning
Matt Fisher
Securing the Core JEE Patterns
Rohit Sethi/Krishna Raja
The Web Hacking Incidents Database
Ryan C. Barnett
Business Logic Automatons: Friend or Foe?
Ofer Shezaf
9:45-9:50 Break
9:50-10:35 Scalable Application Assessments in the Enterprise
Tom Parker/Lars Ewe
Unicode Transformations: Finding Elusive Vulnerabilities
Chris Weber
Application security metrics from the organization on down to the vulnerabilities
Chris Wysopal
SCAP: Automating our way out of the Vulnerability Wheel of Pain
Ed Bellis
10:35-10:40 Break
10:40-11:25 Secure Software Updates: Update Like Conficker
Jeremy Allen
Malicious Developers and Enterprise Java Rootkits
Jeff Williams
OWASP Top 10 - 2010
Dave Wichers
Secure SDLC: The Good, The Bad, and The Ugly
Joey Peloquin
11:25-12:30 Hosted Lunch
12:30-1:15 Improving application security after an incident
Cory Scott
The 10 least-likely and most dangerous people on the Internet
Robert Hansen
Hacking by Numbers
Tom Brennan
Federal CISO Panel
1:15-1:20 Break
1:20-2:05 Custom Intrusion Detection Techniques for Monitoring Web Applications
Matthew Olney
Automated vs. Manual Security: You can't filter The Stupid
David Byrne/Charles Henderson
Building an in-house application security assessment team
Keith Turpin
2:05-2:10 Break
2:10-2:55 TBD Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
Kevin Johnson, Justin Searle, Frank DiMaggio
The OWASP Security Spending Benchmarks Project
Dr. Boaz Gelbord
Promoting Application Security within Federal Government
Sarbari Gupta
2:55-3:00 Break
3:00-3:45 Deploying Secure Web Applications with OWASP Resources
Kuai Hinojosa
Manipulating Web Application Interfaces, a new approach to input validation
Felipe Moreno-Strauch
SANS Dshield Webhoneypot Project
Jason Lam
Techniques in Attacking and Defending XML/Web Services
Mamoon Yunus/Jason Macy
3:45-3:50 Break
3:50-4:00 Closing Remarks (146C)
Mark Bristow, Rex Booth, Doug Wilson

Back to Conference Page