OWASP AppSec DC 2010 Schedule

From OWASP
Revision as of 12:43, 25 October 2010 by Mark.bristow (Talk | contribs)

Jump to: navigation, search

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Main Conference Page | Presentations Page | Training Page

Training 11/08

Training Day 1 - Nov 8th 2010
  149A 149B 145A 155 154B 159A 159B
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle & Mike Poor
Day 1:
Leading an AppSec Initative
Dave Wichers
Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades
Day 1:
Software Security Best Practices
Ben Tomhave
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
The Art of Exploiting SQL Injections
Sumit Siddharth
Practical Web Security Overview
Zoltán Hornák
12:00-13:00 Lunch
13:00-17:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle & Mike Poor
Day 1:
Leading an AppSec Initative
Dave Wichers
Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades
Day 1:
Software Security Best Practices
Ben Tomhave
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
The Art of Exploiting SQL Injections
Sumit Siddharth
Practical Web Security Overview
Zoltán Hornák

Training 11/09

Training Day 2 - Nov 9th 2010
  149A 149B 145A 155 154B 159A 159B
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle & Mike Poor
Day 1:
Leading an AppSec Initative
Dave Wichers
Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades
Day 1:
Software Security Best Practices
Ben Tomhave
Software Security Remediation: How to Fix Application Vulnerabilities
Dan Cornell
Threat Modeling Express
Rohit Sethi & Krishna Raja
Java Security Overview
Zoltán Hornák
12:00-13:00 Lunch
13:00-17:00 Day 1:
Assessing and Exploiting Web Applications with Samurai-WTF
Justin Searle & Mike Poor
Day 1:
Leading an AppSec Initative
Dave Wichers
Day 1:
Remote Testing for Common Web Application Security Threats
David Rhoades
Day 1:
Software Security Best Practices
Ben Tomhave
Software Security Remediation: How to Fix Application Vulnerabilities
Dan Cornell
Threat Modeling Express
Rohit Sethi & Krishna Raja
Java Security Overview
Zoltán Hornák

Plenary Day 1 - 11/10

Plenary Day 1 - Nov 10th 2010
  Offense (TBD) Defense (TBD) Metrics (TBD) Government (TBD)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Neal Ziring
National Secuirty Agency
Video | Slides
10:00-10:30 All about OWASP
OWASP Board
Video | Slides
10:30-10:45 Coffee Break sponsored by Redspin30x120.png
10:45-11:35 Python Basics for Web App Pentesters
Justin Searle

Video | Slides
Drive By Downloads: How To Avoid Getting A Cap Popped In Your App
Neil Daswani

Video | Slides
Secure Code Review: Enterprise Metrics
Richard Tychansky

Video | Slides
Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise
Joe Jarzombek

Video | Slides
11:35-11:45 Break
11:45-12:35 White and Black box testing of Lotus Domino Applications
Ari Elias-bachrach and Casey Pike

Video | Slides
Protecting Federal Government from Web 2.0 Application Security Risks
Sarbari Gupta

Video | Slides
Measuring Security: 5 KPIs for Successful Web App Security Programs
Rafal Los

Video | Slides
Understanding How They Attack Your Weaknesses: CAPEC
Sean Barnum

Video | Slides
12:35-1:35 Lunch
1:35-2:25 Pen Testing with Iron
Andrew Wilson

Video | Slides
Providing application-level assurance through DNSSEC
Suresh Krishnaswamy, Wes Hardaker and Russ Mundy

Video | Slides
Federal CIO Panel

Video | Slides
Ensuring Software Assurance Process Maturity
Edmund Wotring

Video | Slides
2:25-2:35 Break Break
2:35-3:25 Hacking Oracle From Web Apps
Sumit Siddharth

Video | Slides
GuardRails: A (Nearly) Painless Solution to Insecure Web Applications
Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri

Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
3:25-3:40 Coffee Break sponsored by SecureIdeas 30X65.png
3:40-4:30 wXf: Web Exploitation Framework
Ken Johnson and Chris Gates

Video | Slides]
The Strengths of Combining Code Review with Application Penetration Testing
Dave Wichers

Video | Slides
Dealing with Web Application Security, Regulation Style
Andrew Weidenhamer

Video | Slides
Panel: Lessons Learned from Process Implementation and Benchmarking

Video | Slides
4:30-4:40 Break
4:40-5:30 Pen-Test Panel

Video | Slides
Botnet Resistant Coding: Protecting Your Users from Script Kiddies
Fabian Rothschild and Peter Greko

Video | Slides
OWASP Broken Web Applications Project Update
Chuck Willis
Video | Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation
Joshua Windsor and Joshua Pauli
Video | Slides
5:30-5:40 Break
5:40-6:30 A new approach to preventing injection attacks on the Web Application Stack
Ahmed Masud

Video | Slides
Using Misuse Cases to Articulate Vulnerabilities to Stakeholders
Scott Mendenhall
Video|Slides
Hosted by DHS, DoD, NIST and NSA

Video | Slides
The Web Hacking Incident Database (WHID) Report
Ryan Barnett
Video | Slides
6:30-8:30 Cocktails and hors d'oeuvres in the sponsored by Trustwave50x250.png

Plenary Day 2 - 11/11

Plenary Day 2 - Nov 11th 2010
  Offense (TBD) New Frontiers (TBD) OWASP (TBD) Process (TBD)
07:30-08:55 Registration
08:55-09:00 Day 2 Opening Remarks
09:00-10:00 Keynote: Ron Ross
National Institute of Standards and Technology
Video | Slides
10:00-10:15 Coffee Break sponsored by Trustwave30x150.png
10:15-11:05 Hacking SAP BusinessObjects
Joshua Abraham and Will Vandevanter

Video | Slides
Cloudy with a chance of hack!
Lars Ewe

Video | Slides
Don’t Judge a Website by its GUI – Read the Label!
Jeff Williams

Video | Slides
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Dan Cornell

Video | Slides
11:05-11:15 Break
11:15-12:05 Deconstructing ColdFusion
Chris Eng and Brandon Creighton

Video | Slides
Declarative Web Security
Mozilla Foundation

Video | Slides
The Secure Coding Practices Quick Reference Guide
Keith Turpin

Video | Slides
Code Reviewing Strategies
Andrew Wilson and John Hoopes

Video | Slides
12:05-12:15 Break
12:15-1:05 Friendly Traitor 2 Features are hot but giving up our secrets is not!
Kevin Johnson and Mike Poor

Video | Slides
Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files
Aleksandr Yampolskiy

Video | Slides
Open Source Web Entry Firewall
Ivan Buetler

Video | Slides
Microsoft's Security Development Lifecycle for Agile Development
Nick Coblentz

Video | Slides
1:05-2:05 Lunch
2:05-2:55 Hacking .NET Applications at Runtime: A Dynamic Attack
Jon McCoy

Video | Slides
Life in the Clouds: a Service Provider's View
Michael Smith

Video | Slides
Solving Real World Problems with ESAPI
Chris Schmidt

Video | Slides
Financial Services Panel

Video|Slides
2:55-3:05 Break
3:05-3:55 JavaSnoop: How to hack anything written in Java
Arshan Dabirsiaghi

Video | Slides
Social Zombies Gone Wild: Totally Exposed and Uncensored
Kevin Johnson and Tom Eston

Video | Slides
Attack Detection and Prevention with OWASP AppSensor
Colin Watson

Video|Slides
3:55-4:10 Coffee Break
4:10-5:00 Unlocking the Toolkit: Attacking Google Web Toolkit
Ron Gutierrez

Video | Slides]
Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications
Dan Cornell

Video | Slides
OWASP ModSecurity Core Rule Set
Ryan Barnett

Video | Slides
Implementing a Secure Software Development Program
Darren Death

Video | Slides
5:00-5:10 Break
5:10-6:00 Constricting the Web: Offensive Python for Web Hackers
Marcin Wielgoszewski and Nathan Hamiel

Video | Slides
Threats from Economical Improvement
Eduardo Neves

Video | Slides
OWASP ESAPI SwingSet
Fabio Cerullo

Video | Slides
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform
Benjamin Tomhave

Video | Slides
6:00-6:30 Closing Remarks/Prizes
The OWASP AppSec DC Team

Main Conference Page | Presentations Page | Training Page