Difference between revisions of "OWASP AppSec DC 2009 Schedule"

From OWASP
Jump to: navigation, search
(added first round of video links)
 
(44 intermediate revisions by 9 users not shown)
Line 2: Line 2:
  
 
===[[OWASP AppSec DC 2009|Back to Conference Page]]===
 
===[[OWASP AppSec DC 2009|Back to Conference Page]]===
Please note, speaking times are not final, check back regularly for updates.
+
 
 
====Training 11/10====  
 
====Training 11/10====  
 
{| cellspacing="0" border="2"
 
{| cellspacing="0" border="2"
Line 9: Line 9:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" |    
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" |    
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room 1'''  
+
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room 154A'''  
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room 2'''  
+
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room 149B'''  
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 3'''  
+
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 149A'''  
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 4'''
+
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 154B'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room 5'''
+
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room 155'''
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework<br> Justin Searle  
 
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1:<br>Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework<br> Justin Searle  
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>Java EE Secure Code Review<br>Sahba Kazerooni
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1:<br>Java EE Secure Code Review<br>Sahba Kazerooni<br>[http://www.securitycompass.com Security Compass]
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Threat Modeling Express<br>Krishna Raja
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Threat Modeling Express<br>Krishna Raja<br>[http://www.securitycompass.com Security Compass]
 
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Foundations of Web Services and XML Security<br>Dave Wichers<br>[http://www.aspectsecurity.com Aspect Security]
 
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Foundations of Web Services and XML Security<br>Dave Wichers<br>[http://www.aspectsecurity.com Aspect Security]
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Secure Coding for .Net<br>Whitehat
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Live CD<br>Matt Tesauro
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
Line 27: Line 27:
 
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
 
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework<br> Justin Searle  
 
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework<br> Justin Searle  
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni<br>[http://www.securitycompass.com Security Compass]
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Threat Modeling Express<br>Krishna Raja
+
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Threat Modeling Express<br>Krishna Raja<br>[http://www.securitycompass.com Security Compass]
 
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Foundations of Web Services and XML Security<br>Dave Wichers<br>[http://www.aspectsecurity.com Aspect Security]
 
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Foundations of Web Services and XML Security<br>Dave Wichers<br>[http://www.aspectsecurity.com Aspect Security]
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Secure Coding for .Net<br>Whitehat <!-- Day 2 -->
+
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Live CD<br>Matt Tesauro <!-- Day 2 -->
 
|}
 
|}
 
====Training 11/11====  
 
====Training 11/11====  
Line 38: Line 38:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room 1'''  
+
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Room 154A'''  
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room 2'''  
+
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Room 149B'''  
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 3'''  
+
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Room 149A'''  
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 4'''
+
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Room 154B'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''Room 5'''
+
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-12:00  
 
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 2:<br>Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework<br> Justin Searle  
 
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 2:<br>Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework<br> Justin Searle  
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 2:<br>Java EE Secure Code Review<br>Sahba Kazerooni
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 2:<br>Java EE Secure Code Review<br>Sahba Kazerooni<br>[http://www.securitycompass.com Security Compass]
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Applying the OWASP Testing Guide with the OWASP Live CD<br>Matt Tesauro
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]
+
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00  
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="5" | Lunch
+
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 13:00-17:00  
 
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework<br> Justin Searle  
 
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework<br> Justin Searle  
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni
+
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Java EE Secure Code Review<br>Sahba Kazerooni<br>[http://www.securitycompass.com Security Compass]
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
 
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | WebAppSec.php: Developing Secure Web Applications<br>Robert Zakon
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Applying the OWASP Testing Guide with the OWASP Live CD<br>Matt Tesauro
+
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]<!-- Day 2 -->
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | Leader and Manager Training - Leading the Development of Secure Applications<br>John Pavone<br>[http://www.aspectsecurity.com Aspect Security]<!-- Day 2 -->
+
 
|}
 
|}
 
====Talks 11/12====  
 
====Talks 11/12====  
Line 67: Line 64:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''OWASP'''  
+
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''OWASP (146A)'''  
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Tools'''  
+
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Tools (146B)'''  
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''SDLC'''  
+
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Web 2.0 (146C)'''  
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Web 2.0'''
+
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''SDLC (152A)'''
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 07:30-08:45
+
| width="67" valign="middle" bgcolor="#7b8abd" | 07:30-08:50
| valign="middle" bgcolor="#909090" align="center" colspan="4" | Registration
+
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 08:45-09:00  
+
| width="67" valign="middle" bgcolor="#7b8abd" | 08:50-09:00  
 
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
 
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-10:00  
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote: [[AppSecDC Keynote Jarzomnek|Joe Jarzombek]]
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote: [[AppSecDC Keynote Jarzomnek|Joe Jarzombek]]<br>Video | [[Media: Keynote - Joe Jarzombek.pdf| Slides]]  
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30  
 
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30  
| valign="middle" height="30" bgcolor="#909090" align="center" colspan="4" | Coffee Break &amp; Room Change
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | All about OWASP [[OWASP:About#Global_Board_Members| OWASP Board]]<br>Video | [[Media:OWASP-US09 all about owasp speech and summit outcome.pdf| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-11:30
+
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-10:45
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams
+
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC2009-Sponsor-denim.gif|link=http://www.denimgroup.com/]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst
+
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 11:30-12:30  
+
| width="67" valign="middle" bgcolor="#7b8abd" | 10:45-11:30  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[OWASP ESAPI AppSecDC|OWASP ESAPI]]<br>Jeff Williams <br><br> Video | [[Media: OWASP ESAPI-Jeff Williams.pptx| Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Clubbing WebApps with a Botnet]]<br>Gunter Ollmann <br><br> Video | [[Media: Clubbing WebApps with a Botnet - Gunter Ollmann.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Understanding the Implications of Cloud Computing on Application Security]]<br>Dennis Hurst<br><br> Video | [[Media: Understanding the Implications of Cloud Computing on Application Security-Dennis Hurst.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Enterprise Application Security - GE's approach to solving root cause and establishing a Center of Excellence|Enterprise Application Security - GE's approach to solving root cause]]<br>Darren Challey <br><br> Video | [[Media: Enterprise Application Security GEs approach to solving root cause-Darren Challey.pdf| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 12:30-13:30  
+
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:30-12:30  
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[DISA's Application Security and Development STIG: How OWASP Can Help You]]<br>Jason Li
+
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe
+
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 13:30-14:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Software Assurance Maturity Model (SAMM)]]<br>Pravir Chandra <br><br> Video | [[Media: Software Assurance Maturity Model (SAMM)-Pravir Chandra.ppt| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security]]<br>Jacob West <br><br> Video | [[Media: The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security - Jacob West.ppt | Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Transparent Proxy Abuse]]<br>Robert Auger<br><br> Video | [[Media: Transparent Proxy Abuse-Robert Auger.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Software Development The Next Security Frontier]]<br>Jim Molini<br><br> Video | [[Media: Software Development The Next Security Frontier-Jim Molini.pdf| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 14:30-15:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="3" | [[SDLC Panel AppSecDC|SDLC Panel]]<br>&nbsp;<br>Pravir Chandra<br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>David Rook<br>Keith Turpin
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson
+
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 15:30-16:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[DISA's Application Security and Development STIG: How OWASP Can Help You]]<br>Jason Li <br><br> Video | [[Media: DISAs Application Security and Development STIG How OWASP Can Help You-Jason Li.pdf| Slides]]
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[OWASP ModSecurity Core Rule Set Project]]<br>Ryan C. Barnett <br><br> Video | [[Media: OWASP ModSecurity Core Rule Set-Ryan Barnett.ppt| Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Development Issues Within AJAX Applications: How to Divert Threats]]<br>Lars Ewe <br><br> Video | [[Media: Development Issues Within AJAX Apps-Lars Ewe.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[SDLC Panel AppSecDC|Secure SDLC Panel: Real answers from real experience]]<br><i>Panelists:</i><br>Dan Cornell<br>Michael Craigue<br>Dennis Hurst<br>Joey Peloquin<br>Keith Turpin<br>&nbsp;<br><i>Moderator:</i><br>Pravir Chandra<br><br> Video | [[Media: SDLC Panel.ppt| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 16:30-17:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[OWASP Live CD: An open environment for Web Application Security]]<br>Matt Tesauro / Brad Causey
+
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Defend Yourself: Integrating Real Time Defenses into Online Applications]]<br>Michael Coates <br><br> Video | [[Media: Defend Yourself-Integrating Real Time Defenses into Online Applications-Michael Coates.pdf| Slides]]
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis
+
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Finding the Hotspots: Web-security testing with the Watcher tool]]<br>Chris Weber <br><br> Video | [[Media: Finding the Hotspots Web-security testing with the Watcher tool-Chris Weber.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Social Zombies: Your Friends Want to Eat Your Brains]]<br>Tom Eston/Kevin Johnson<br><br> [http://www.vimeo.com/9037895 Video] | [[Media: Social Zombies-Kevin Johnson Tom Eston.pdf| Slides]]  
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield
+
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br>  
+
| width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 2:55-3:10
Josh Abraham
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC2009-Sponsor-denim.gif|link=http://www.denimgroup.com/]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 3:10-3:55
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The ESAPI Web Application Firewall (ESAPI WAF)|The ESAPI Web Application Firewall]]<br>Arshan Dabirsiaghi <br><br> Video | [[Media: The ESAPI Web Application Firewall-Arshan Dabirsiaghi.pdf| Slides]]
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[One Click Ownage]]<br>Ferruh Mavituna <br><br> Video | [[Media: One Click Ownage-Ferruh Mavituna.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Cloudy with a chance of 0-day]]<br>Jon Rose/Tom Leavey<br><br> [http://www.vimeo.com/8980691 Video] | [[Media: Cloudy with a chance of 0 day - Jon Rose-Tom Leavey.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[The essential role of infosec in secure software development]]<br>Kenneth R. van Wyk <br><br> Video | [[Media: The essential role of IR in software development-Kenneth van Wyk.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Web Application Security Scanner Evaluation Criteria]]<br>Brian Shura <br><br> Video | [[Media: Web Application Security Scanner Evaluation Criteria - Brian Shura.ppt | Slides]]
  
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 17:30-18:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and "Highly Interactive" Technologies]]<br>Rafal Los
+
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:00-4:45
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[OWASP Live CD: An open environment for Web Application Security]]<br>Matt Tesauro / Brad Causey <br><br> Video | [[Media: OWASP Live CD An open environment for Web Application Security-Matt Tesauro Brad Causey.ppt| Slides]]
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Learning by Breaking: A New Project Insecure Web Apps]]<br>Chuck Willis<br><br> Video | [[Media: Learning by Breaking A New Project Insecure Web Apps-Chuck Willis.ppt| Slides]] 
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[Attacking WCF Web Services]]<br>Brian Holyfield<br><br> Video | [[Media: Attacking WCF Web Services-Brian Holyfield.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Vulnerability Management in an Application Security World]]<br>Dan Cornell <br><br> Video | [[Media: Vulnerability Management in an Application Security World-Dan Cornell.pdf| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 19:00-????
+
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Synergy! A world where the tools communicate]]<br>
| valign="middle" height="60" bgcolor="#c0c0c0" align="center" colspan="4" | Reception <!-- Day 2 -->
+
Josh Abraham <br><br> Video | [[Media: Synergy A world where tools communicate-Josh Abraham.pptx| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 4:50-5:55
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="2" | [[The Entrepreneur's Guide to Career Management]]<br>Lee Kushner <br><br> Video | [[Media: The Entrepreneurs Guide to Career Management-Lee Kushner.pdf| Slides]]
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Advanced SSL: The good, the bad, and the ugly]]<br>Michael Coates <br><br> Video | [[Media: Advanced SSL The good the bad and the ugly-Michael Coates.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[When Web 2.0 Attacks - Understanding Security Implications of AJAX, Flash and |When Web 2.0 Attacks - Understanding Security Implications of AJAX Flash and Highly Interactive Technologies]]<br>Rafal Los<br><br> Video | [[Media: When Web 2.0 Attacks - Understanding Security Implications of Highly Interactive Technologies-Rafal Los.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Threat Modeling by John Steven|Threat Modeling]]<br>John Steven <br><br> Video | [[Media: none.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[User input piercing for Cross Site Scripting Attacks]]<br>Matias Blanco<br><br> Video | [[Media: User input piercing for Cross Site Scripting Attacks-Matias Blanco.pdf| Slides]]
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 6:00-8:00
 +
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails and hors d'oeuvres in the EXPO Room (151)<br>Sponsored by [[Image:AppSecDC2009-Sponsor-cenzic.gif|link=http://www.cenzic.com/]]<!-- Day 2 -->
 
|}
 
|}
 
====Talks 11/13====  
 
====Talks 11/13====  
Line 145: Line 160:
 
|- valign="bottom"
 
|- valign="bottom"
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
 
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | &nbsp;  
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Attack &amp; Defend'''  
+
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Process (146A)'''  
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Process'''  
+
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Attack &amp; Defend (146B)'''  
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics'''  
+
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (146C)'''  
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance'''
+
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Compliance (152A)'''
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 07:30-09:00  
+
| width="67" valign="middle" bgcolor="#7b8abd" | 8:00-9:00  
| valign="middle" bgcolor="#909090" align="center" colspan="4" | Registration
+
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration & Coffee sponsored by [[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
+
| width="67" valign="middle" bgcolor="#7b8abd" rowspan="1"| 9:00-9:45
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Keynote: TBA
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher <br><br> Video | [[Media: none.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja <br><br> Video | [[Media: Securing the Core JEE Patterns-Rohit Sethi Krishna Raja.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett <br><br> [http://www.vimeo.com/8998992 Video] | [[Media: Web Hacking Incidents Database-Ryan Barnett.pdf | Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Amichai Shulman<br><br> [http://www.vimeo.com/9037171 Video] | [[Media: Business Logic Automatons - Friend or Foe - Amichai Shulman.pptx| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 10:00-10:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 9:45-9:50
| valign="middle" height="30" bgcolor="#909090" align="center" colspan="4" | Coffee Break &amp; Room Change
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" bgcolor="#7b8abd" | 10:30-11:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 9:50-10:35
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Securing the Core JEE Patterns]]<br>Rohit Sethi/Krishna Raja
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe <br><br> Video | [[Media: Scalable Application Assessments in the Enterprise-Tom Parker Lars Ewe.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Big Picture: Web Risks and Assessments Beyond Scanning]]<br>Matt Fisher
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams <br><br> Video | [[Media: Malicious Developers and Enterprise Java Rootkits - Jeff Williams.pptx| Slides]] 
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incidents Database]]<br>Ryan C. Barnett
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal <br><br> [http://www.vimeo.com/9007894 Video] | [[Media: Application security metrics-Chris Wysopal.ppt| Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Business Logic Automatons: Friend or Foe?]]<br>Ofer Shezaf
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis <br><br> Video | [[Media: SCAP Automating our way out of the Vulnerability Wheel of Pain-Ed Bellis.ppt| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 11:30-12:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 10:35-10:40
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Scalable Application Assessments in the Enterprise]]<br>Tom Parker/Lars Ewe
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Application security metrics from the organization on down to the vulnerabilities]]<br>Chris Wysopal
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[SCAP: Automating our way out of the Vulnerability Wheel of Pain]]<br>Ed Bellis
+
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 12:30-13:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 10:40-11:25
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Malicious Developers and Enterprise Java Rootkits]]<br>Jeff Williams
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen <br><br> Video | [[Media: none.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Secure Software Updates: Update Like Conficker]]<br>Jeremy Allen
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Unicode Transformations: Finding Elusive Vulnerabilities]]<br>Chris Weber<br><br> Video | [[Media: Unicode Transformations Finding Elusive Vulnerabilities-Chris Weber.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]]<br>Dave Wichers  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP Top 10 2010 AppSecDC|OWASP Top 10 - 2010]] <br>Release Candidate<br>Dave Wichers <br><br> [http://www.vimeo.com/9006276 Video] | [[Media: AppSec DC 2009 - OWASP Top 10 - 2010 rc1.pptx | Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Secure SDLC: The Good, The Bad, and The Ugly]]<br>Joey Peloquin<br><br> Video | [[Media: Secure SDLC The Good The Bad The Ugly-Joey Peloquin.ppt| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 13:30-14:30  
+
| width="67" valign="middle" height="40" bgcolor="#7b8abd" | 11:25-12:30
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="4" | Lunch
+
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Hosted Lunch
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 12:30-1:15
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Improving application security after an incident]]<br>Cory Scott<br><br> Video | [[Media: Cory Scott - Improving AppSec after an incident.ppt| Slides]] 
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen <br><br> Video | [[Media: The 10 least-likely and most dangerous people on the Internet - Robert Hansen.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan <br><br> Video | [http://www.owasp.org/images/0/06/WPstats_fall09_8th.pdf Slides]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]] <br><br> Video
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 1:15-1:20
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
 +
|- valign="bottom"
 +
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
 +
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Sebastien Deleersnyder / Fabio Cerullo <br><br> Video | [http://www.owasp.org/images/7/72/US09-OWASP-Deploying-Apps_Seba_-_Fabio.ppt Slides]
 +
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson <br><br> Video | [[Media: Automated vs Manual Security You can't filter The Stupid-David Byrne Charles Henderson.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin<br><br> [http://www.vimeo.com/8989378 Video] | [[Media: Building In-House Assesment Team-Keith Turpin.ppt| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 14:30-15:30
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:20
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[The 10 least-likely and most dangerous people on the Internet]]<br>Robert Hansen
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Coffee break sponsored by [[Image:AppSecDC2009-Sponsor-fyrm.gif|link=http://www.fyrmassociates.com/]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Improving application security after an incident]]<br>Cory Scott
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Hacking by Numbers]]<br>Tom Brennan
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[AppSecDC09 Federal CISO Panel|Federal CISO Panel]]
+
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 15:30-16:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:20-3:05
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Automated vs. Manual Security: You can't filter The Stupid]]<br>David Byrne/Charles Henderson
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[AppSecDC OWASP O2 PLATFORM|OWASP O2 Platform - Open Platform for automating application security knowledge and workflows]]<br>Dinis Cruz<br><br> Video | [http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf Slides]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney
+
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio <br><br> Video | [[Media:Injectable Exploits-Kevin Johnson Justin Searle Frank DiMaggio.pdf | Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Building an in-house application security assessment team]]<br>Keith Turpin
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord <br><br> Video | [[Media: The OWASP Security Spending Benchmarks Project - Dr Boaz Gelbord.pdf| Slides]]
 +
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta<br><br> Video | [[Media: Promoting Application Security within Federal Government-Sarbari Gupta.ppt| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" | 16:30-17:30
+
| width="67" valign="middle" height="15" bgcolor="#7b8abd" rowspan="1"| 3:05-3:10
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Advanced SQL Injection]]<br>Joe McCray
+
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Is your organization secured against internal threats?]]<br>Lars Ewe
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The OWASP Security Spending Benchmarks Project]]<br>Dr. Boaz Gelbord
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Promoting Application Security within Federal Government]]<br>Sarbari Gupta
+
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2" | 17:30-18:30
+
| width="67" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1" | 3:10-3:55
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch
+
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="1" | [[Custom Intrusion Detection Techniques for Monitoring Web Applications]]<br>Matthew Olney <br><br> Video | [[Media: Custom Intrusion Detection Techniques for Monitoring Web Applications-Matthew Olney.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Deploying Secure Web Applications with OWASP Resources]]<br>Kuai Hinojosa
+
| width="200" valign="middle" height="60" bgcolor="#ffdf80" align="center" | [[Manipulating Web Application Interfaces, a new approach to input validation]]<br>Felipe Moreno-Strauch <br><br> Video | [[Media: Manipulating Web App Interfaces - Felipe Moreno.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="2" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam  
+
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" rowspan="1" | [[SANS Dshield Webhoneypot Project]]<br>Jason Lam <br><br> Video | [[Media: SANS Dshield Webhoneypot-Jason Lam.pdf| Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy
+
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="1" | [[Techniques in Attacking and Defending XML/Web Services]]<br>Mamoon Yunus/Jason Macy<br><br> Video | [[Media: Techniques in Attacking and Defending XML Web Services-Mamoon Yunus Jason Macy.ppt| Slides]]
 
|- valign="bottom"
 
|- valign="bottom"
| width="200" valign="middle" height="60" bgcolor="#c0a0a0" align="center" | [[Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers]]<br>Kevin Johnson, Justin Searle, Frank DiMaggio
+
| width="67" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
 +
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="5" | Break
 
|- valign="bottom"
 
|- valign="bottom"
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 18:30-19:00
+
| width="67" valign="middle" height="60" bgcolor="#7b8abd" | 4:00-4:15
| valign="middle" height="60" bgcolor="#c0c0c0" align="center" colspan="4" | Closing Remarks
+
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks (146B) <br> Mark Bristow, Rex Booth, Doug Wilson<br> Video | [[Media: ClosingRemarks.pptx| Slides]]
 
|}
 
|}
 
<headertabs />
 
<headertabs />

Latest revision as of 18:59, 8 February 2010


Back to Conference Page

Training 11/10

Day 1 - Nov 10th 2009
  Room 154A Room 149B Room 149A Room 154B Room 155
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Day 1:
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
Threat Modeling Express
Krishna Raja
Security Compass
Foundations of Web Services and XML Security
Dave Wichers
Aspect Security
Live CD
Matt Tesauro
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
Threat Modeling Express
Krishna Raja
Security Compass
Foundations of Web Services and XML Security
Dave Wichers
Aspect Security
Live CD
Matt Tesauro

Training 11/11

Day 2 - Nov 11th 2009
  Room 154A Room 149B Room 149A Room 154B
09:00-12:00 Day 2:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Day 2:
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
Leader and Manager Training - Leading the Development of Secure Applications
John Pavone
Aspect Security
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
Leader and Manager Training - Leading the Development of Secure Applications
John Pavone
Aspect Security

Talks 11/12

Day 1 - Nov 12th 2009
  OWASP (146A) Tools (146B) Web 2.0 (146C) SDLC (152A)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Joe Jarzombek
Video | Slides
10:00-10:30 All about OWASP OWASP Board
Video | Slides
10:30-10:45 Coffee Break sponsored by AppSecDC2009-Sponsor-denim.gif
10:45-11:30 OWASP ESAPI
Jeff Williams

Video | Slides
Clubbing WebApps with a Botnet
Gunter Ollmann

Video | Slides
Understanding the Implications of Cloud Computing on Application Security
Dennis Hurst

Video | Slides
Enterprise Application Security - GE's approach to solving root cause
Darren Challey

Video | Slides
11:30-12:30 Hosted Lunch
12:30-1:15 Software Assurance Maturity Model (SAMM)
Pravir Chandra

Video | Slides
The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security
Jacob West

Video | Slides
Transparent Proxy Abuse
Robert Auger

Video | Slides
Software Development The Next Security Frontier
Jim Molini

Video | Slides
1:15-1:20 Break
1:20-2:05 DISA's Application Security and Development STIG: How OWASP Can Help You
Jason Li

Video | Slides
OWASP ModSecurity Core Rule Set Project
Ryan C. Barnett

Video | Slides
Development Issues Within AJAX Applications: How to Divert Threats
Lars Ewe

Video | Slides
Secure SDLC Panel: Real answers from real experience
Panelists:
Dan Cornell
Michael Craigue
Dennis Hurst
Joey Peloquin
Keith Turpin
 
Moderator:
Pravir Chandra

Video | Slides
2:05-2:10 Break
2:10-2:55 Defend Yourself: Integrating Real Time Defenses into Online Applications
Michael Coates

Video | Slides
Finding the Hotspots: Web-security testing with the Watcher tool
Chris Weber

Video | Slides
Social Zombies: Your Friends Want to Eat Your Brains
Tom Eston/Kevin Johnson

Video | Slides
2:55-3:10 Coffee Break sponsored by AppSecDC2009-Sponsor-denim.gif
3:10-3:55 The ESAPI Web Application Firewall
Arshan Dabirsiaghi

Video | Slides
One Click Ownage
Ferruh Mavituna

Video | Slides
Cloudy with a chance of 0-day
Jon Rose/Tom Leavey

Video | Slides
The essential role of infosec in secure software development
Kenneth R. van Wyk

Video | Slides
Web Application Security Scanner Evaluation Criteria
Brian Shura

Video | Slides
3:55-4:00 Break
4:00-4:45 OWASP Live CD: An open environment for Web Application Security
Matt Tesauro / Brad Causey

Video | Slides
Learning by Breaking: A New Project Insecure Web Apps
Chuck Willis

Video | Slides
Attacking WCF Web Services
Brian Holyfield

Video | Slides
Vulnerability Management in an Application Security World
Dan Cornell

Video | Slides
Synergy! A world where the tools communicate

Josh Abraham

Video | Slides

4:45-4:50 Break
4:50-5:55 The Entrepreneur's Guide to Career Management
Lee Kushner

Video | Slides
Advanced SSL: The good, the bad, and the ugly
Michael Coates

Video | Slides
When Web 2.0 Attacks - Understanding Security Implications of AJAX Flash and Highly Interactive Technologies
Rafal Los

Video | Slides
Threat Modeling
John Steven

Video | Slides
User input piercing for Cross Site Scripting Attacks
Matias Blanco

Video | Slides
6:00-8:00 Cocktails and hors d'oeuvres in the EXPO Room (151)
Sponsored by AppSecDC2009-Sponsor-cenzic.gif

Talks 11/13

Day 2 - Nov 13th 2009
  Process (146A) Attack & Defend (146B) Metrics (146C) Compliance (152A)
8:00-9:00 Registration & Coffee sponsored by AppSecDC2009-Sponsor-fyrm.gif
9:00-9:45 The Big Picture: Web Risks and Assessments Beyond Scanning
Matt Fisher

Video | Slides
Securing the Core JEE Patterns
Rohit Sethi/Krishna Raja

Video | Slides
The Web Hacking Incidents Database
Ryan C. Barnett

Video | Slides
Business Logic Automatons: Friend or Foe?
Amichai Shulman

Video | Slides
9:45-9:50 Break
9:50-10:35 Scalable Application Assessments in the Enterprise
Tom Parker/Lars Ewe

Video | Slides
Malicious Developers and Enterprise Java Rootkits
Jeff Williams

Video | Slides
Application security metrics from the organization on down to the vulnerabilities
Chris Wysopal

Video | Slides
SCAP: Automating our way out of the Vulnerability Wheel of Pain
Ed Bellis

Video | Slides
10:35-10:40 Break
10:40-11:25 Secure Software Updates: Update Like Conficker
Jeremy Allen

Video | Slides
Unicode Transformations: Finding Elusive Vulnerabilities
Chris Weber

Video | Slides
OWASP Top 10 - 2010
Release Candidate
Dave Wichers

Video | Slides
Secure SDLC: The Good, The Bad, and The Ugly
Joey Peloquin

Video | Slides
11:25-12:30 Hosted Lunch
12:30-1:15 Improving application security after an incident
Cory Scott

Video | Slides
The 10 least-likely and most dangerous people on the Internet
Robert Hansen

Video | Slides
Hacking by Numbers
Tom Brennan

Video | Slides
Federal CISO Panel

Video
1:15-1:20 Break
1:20-2:05 Deploying Secure Web Applications with OWASP Resources
Sebastien Deleersnyder / Fabio Cerullo

Video | Slides
Automated vs. Manual Security: You can't filter The Stupid
David Byrne/Charles Henderson

Video | Slides
Building an in-house application security assessment team
Keith Turpin

Video | Slides
2:05-2:20 Coffee break sponsored by AppSecDC2009-Sponsor-fyrm.gif
2:20-3:05 OWASP O2 Platform - Open Platform for automating application security knowledge and workflows
Dinis Cruz

Video | Slides
Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
Kevin Johnson, Justin Searle, Frank DiMaggio

Video | Slides
The OWASP Security Spending Benchmarks Project
Dr. Boaz Gelbord

Video | Slides
Promoting Application Security within Federal Government
Sarbari Gupta

Video | Slides
3:05-3:10 Break
3:10-3:55 Custom Intrusion Detection Techniques for Monitoring Web Applications
Matthew Olney

Video | Slides
Manipulating Web Application Interfaces, a new approach to input validation
Felipe Moreno-Strauch

Video | Slides
SANS Dshield Webhoneypot Project
Jason Lam

Video | Slides
Techniques in Attacking and Defending XML/Web Services
Mamoon Yunus/Jason Macy

Video | Slides
3:55-4:00 Break
4:00-4:15 Closing Remarks (146B)
Mark Bristow, Rex Booth, Doug Wilson
Video | Slides

Back to Conference Page