Difference between revisions of "OWASP AppSec DC 2012/Schedule/4-4-2012"

From OWASP
Jump to: navigation, search
Line 24: Line 24:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 11:00 AM - 11:50 AM
 
|  width=72 valign=middle bgcolor=#7b8abd | 11:00 AM - 11:50 AM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/DOMJacking__Attack_Exploit_and_Defense DOMJacking - Attack, Exploit and Defense]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/DOMJacking__Attack_Exploit_and_Defense|DOMJacking - Attack, Exploit and Defense]]<br>video | [[media: ASDC12-DOMJacking_Attack_Exploit_and_Defense.pdf|slides]]<br><br>Shreeraj Shah
Shreeraj Shah
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/The_Unfortunate_Reality_of_Insecure_Libraries|The Unfortunate Reality of Insecure Libraries]]<br>video | [[media: ASDC12-The_Unfortunate_Reality_of_Insecure_Libraries.pdf|slides]]<br><br>Jeff Williams and Arshan Dabirsiaghi
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/The_Unfortunate_Reality_of_Insecure_Libraries The Unfortunate Reality of Insecure Libraries]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Python_Basics_for_Web_App_Pentesters__Part_2|Python Basics for Web App Pentesters - Part 2]]<br>video | [[media: ASDC12-Python_Basics_for_Web_App_Pentesters__Part_2.pdf|slides]]<br><br>Justin Searle
Jeff Williams and Arshan Dabirsiaghi
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=3 | [[OWASP_AppSec_DC_2012/Integrating_Application_Security_into_your_Lifecycle_andProcurement|Integrating Application Security into your Lifecycle and
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Python_Basics_for_Web_App_Pentesters__Part_2 Python Basics for Web App Pentesters - Part 2]<br><br>
+
Procurement]]<br>video | slides<br><br>Moderator: Jim Manico
Justin Searle
+
| align=center rowspan=3 width=200 valign=middle height=60 bgcolor=#b3ff99 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Integrating_Application_Security_into_your_Lifecycle_andProcurement Integrating Application Security into your Lifecycle and Procurement]<br><br>
+
Moderator: Jim Manico<br>
+
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 11:50 AM - 12:00 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 11:50 AM - 12:00 PM
Line 37: Line 34:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 12:00 PM - 12:50 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 12:00 PM - 12:50 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Attacking_CAPTCHAs_for_Fun_and_Profit Attacking CAPTCHAs for Fun and Profit]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Attacking_CAPTCHAs_for_Fun_and_Profit|Attacking CAPTCHAs for Fun and Profit]]<br>video | [[media: ASDC12-Attacking_CAPTCHAs_for_Fun_and_Profit.pdf|slides]]<br><br>Gursev Singh Kalra
Gursev Singh Kalra
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | GoatDroid <br>video | slides<br><br>Jack Manino
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center |TBA
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Security_is_Dead_Long_Live_Rugged_DevOps_IT_at_LudicrousSpeed|Security is Dead. Long Live Rugged DevOps: IT at Ludicrous
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Security_is_Dead_Long_Live_Rugged_DevOps_IT_at_LudicrousSpeed Security is Dead. Long Live Rugged DevOps: IT at Ludicrous Speed]<br><br>
+
Speed]]<br>video | [[media: ASDC12-Security_is_Dead_Long_Live_Rugged_DevOps_IT_at_LudicrousSpeed.pdf|slides]]<br><br>Joshua Corman
Joshua Corman
+
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 12:50 PM - 2:30 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 12:50 PM - 2:30 PM
Line 47: Line 43:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 2:30 PM - 3:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 2:30 PM - 3:20 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Hacking_NETC_Applications_The_Black_Arts Hacking .NET(C#) Applications: The Black Arts]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Hacking_NETC_Applications_The_Black_Arts|Hacking .NET(C#) Applications: The Black Arts]]<br>video | [[media: ASDC12-Hacking_NETC_Applications_The_Black_Arts.pdf|slides]]<br><br>Jon McCoy
Jon McCoy
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Security_at_scale_Web_application_security_in_a_continuousdeployment_environment|Security at scale: Web application security in a continuous
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Security_at_scale_Web_application_security_in_a_continuousdeployment_environment Security at scale: Web application security in a continuous deployment environment]<br><br>
+
deployment environment]]<br>video | [[media: ASDC12-Security_at_scale_Web_application_security_in_a_continuousdeployment_environment.pdf|slides]]<br><br>Zane Lackey
Zane Lackey
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/The_Easy_Button_for_Your_Web_Application_Security_Career|The "Easy" Button for Your Web Application Security Career]]<br>video | [[media: ASDC12-The_Easy_Button_for_Your_Web_Application_Security_Career.pdf|slides]]<br><br>Salvador Grec
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/The_Easy_Button_for_Your_Web_Application_Security_Career The "Easy" Button for Your Web Application Security Career]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=3 | [[OWASP_AppSec_DC_2012/Risk_Analysis_and_Measurement_with_CWRAF|Risk Analysis and Measurement with CWRAF]]<br>video | [[media: ASDC12-Risk_Analysis_and_Measurement_with_CWRAF.pdf|slides]]<br><br>Joe Jarzombek, Bob Martin, Walter Houser and Tom Brennan
Salvador Grec
+
| align=center rowspan=3 width=200 valign=middle height=60 bgcolor=#b3ff99 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Risk_Analysis_and_Measurement_with_CWRAF Risk Analysis and Measurement with CWRAF]<br><br>
+
Joe Jarzombek, Bob Martin, Walter Houser and Tom Brennan
+
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 3:20 PM - 3:30 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 3:20 PM - 3:30 PM
Line 60: Line 53:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 3:30 PM - 4:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 3:30 PM - 4:20 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/OWASP_Broken_Web_Applications_OWASP_BWA_10_Release OWASP Broken Web Applications (OWASP BWA) 1.0 Release]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/OWASP_Broken_Web_Applications_OWASP_BWA_10_Release|OWASP Broken Web Applications (OWASP BWA) 1.0 Release]]<br>video | [[media: ASDC12-OWASP_Broken_Web_Applications_OWASP_BWA_10_Release.pdf|slides]]<br><br>Chuck Willis
Chuck Willis
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/Security_Is_Like_An_Onion_Thats_Why_It_Makes_You_Cry|Security Is Like An Onion, That's Why It Makes You Cry]]<br>video | [[media: ASDC12-Security_Is_Like_An_Onion_Thats_Why_It_Makes_You_Cry.pdf|slides]]<br><br>Michele Chubirka
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center |
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Anatomy_of_a_Logic_Flaw|Anatomy of a Logic Flaw]]<br>video | [[media: ASDC12-Anatomy_of_a_Logic_Flaw.pdf|slides]]<br><br>Charles Henderson and David Byrne
[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Security_Is_Like_An_Onion_Thats_Why_It_Makes_You_Cry Security Is Like An Onion, That's Why It Makes You Cry]<br><br>
+
 
Michele Chubirka
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Anatomy_of_a_Logic_Flaw Anatomy of a Logic Flaw]<br><br>
+
Charles Henderson and David Byrne
+
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 4:20 PM - 4:30 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 4:20 PM - 4:30 PM
Line 72: Line 62:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 4:30 PM - 5:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 4:30 PM - 5:20 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/New_and_Improved_Hacking_Oracle_from_Web New and Improved Hacking Oracle from Web]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/New_and_Improved_Hacking_Oracle_from_Web|New and Improved Hacking Oracle from Web]]<br>video | [[media: ASDC12-New_and_Improved_Hacking_Oracle_From_Web.pdf|slides]]<br><br>Sumit Siddharth
Sumit Siddharth
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/State_of_Web_Security|State of Web Security]]<br>video | [[media: ASDC12-State_of_Web_Security.pdf|slides]]<br><br>Robert Rowley
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/State_of_Web_Security State of Web Security]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Old_Webshells_New_Tricks__How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them|Old Webshells, New Tricks -- How Persistent Threats have
Robert Rowley
+
revived an old idea, and how you can detect them.]]<br>video | [[media: ASDC12-Old_Webshells_New_Tricks_How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them.pdf|slides]]<br><br>Ryan Kazanciyan
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Old_Webshells_New_Tricks__How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them Old Webshells, New Tricks -- How Persistent Threats have revived an old idea, and how you can detect them.]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#b3ff99 align=center rowspan=3 | [[OWASP_AppSec_DC_2012/Fed_Panel|Fed Panel]]<br>video | slides<br><br>Moderator: Rex Booth<br>
Ryan Kazanciyan
+
| align=center rowspan=3 width=200 valign=middle height=60 bgcolor=#b3ff99 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Fed_Panel Fed Panel]<br><br>
+
Moderator: Rex Booth<br>
+
 
Ron Ross, Joe Jarzombek, Kris Britton & Darren Death
 
Ron Ross, Joe Jarzombek, Kris Britton & Darren Death
 
|-  
 
|-  
Line 86: Line 73:
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 5:30 PM - 6:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 5:30 PM - 6:20 PM
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Unraveling_some_of_the_Mysteries_around_DOMbased_XSS Unraveling some of the Mysteries around DOM-based XSS]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#c0a0a0 align=center | [[OWASP_AppSec_DC_2012/Unraveling_some_of_the_Mysteries_around_DOMbased_XSS|Unraveling some of the Mysteries around DOM-based XSS]]<br>video | [[media: ASDC12-Unraveling_some_of_the_Mysteries_around_DOMbased_XSS.pdf|slides]]<br><br>Dave Wichers
Dave Wichers
+
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center | [[OWASP_AppSec_DC_2012/2012_Global_Security_Report|2012 Global Security Report]]<br>video | [[media: ASDC12-2012_Global_Security_Report.pdf|slides]]<br><br>Tom Brennan and Nick Percoco
| align=center width=200 valign=middle height=60 bgcolor=#ffdf80 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/2012_Global_Security_Report 2012 Global Security Report]<br><br>
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center | [[OWASP_AppSec_DC_2012/Survivable_Software_for_CyberPhysical_Systems|Survivable Software for Cyber-Physical Systems]]<br>video | [[media: ASDC12-Survivable_Software_for_CyberPhysical_Systems.pdf|slides]]<br><br>Karen Mercedes Goertzel
Tom Brennan and Nick Percoco
+
| align=center width=200 valign=middle height=60 bgcolor=#a0c0e0 align=center |[https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Survivable_Software_for_CyberPhysical_Systems Survivable Software for Cyber-Physical Systems]<br><br>
+
Karen Mercedes Goertzel
+
 
|-  
 
|-  
 
|  width=72 valign=middle bgcolor=#7b8abd | 6:20 PM
 
|  width=72 valign=middle bgcolor=#7b8abd | 6:20 PM
 
|  valign=middle height=30 bgcolor=#e0e0e0 align=center colspan=4 | Networking Opportunity in Room 207AB sponsored by: [[Image:SPL-LOGO-MED.png|link=https://www.trustwave.com/]]
 
|  valign=middle height=30 bgcolor=#e0e0e0 align=center colspan=4 | Networking Opportunity in Room 207AB sponsored by: [[Image:SPL-LOGO-MED.png|link=https://www.trustwave.com/]]
 
|}
 
|}

Revision as of 21:06, 18 April 2012

Plenary Day 1 - 4/4/2012
Offense & Tools
Room 201
Case Studies
Room 202A
IoMT
Room 202B
Interrogate!
Room 206
7:30 AM - 8:50 AM Registration
8:50 AM - 9:00 AM Welcome and Opening Remarks
Room 202A
9:00 AM - 10:00 AM Keynote: Dan Geer
Room 202A
10:00 AM - 10:45 AM OWASP Board
Room 202A
10:45 AM - 11:00 AM Coffee Break
11:00 AM - 11:50 AM DOMJacking - Attack, Exploit and Defense
video | slides

Shreeraj Shah
The Unfortunate Reality of Insecure Libraries
video | slides

Jeff Williams and Arshan Dabirsiaghi
Python Basics for Web App Pentesters - Part 2
video | slides

Justin Searle
Integrating Application Security into your Lifecycle and Procurement
video | slides

Moderator: Jim Manico
11:50 AM - 12:00 PM Coffee Break
12:00 PM - 12:50 PM Attacking CAPTCHAs for Fun and Profit
video | slides

Gursev Singh Kalra
GoatDroid
video | slides

Jack Manino
Security is Dead. Long Live Rugged DevOps: IT at Ludicrous Speed
video | slides

Joshua Corman
12:50 PM - 2:30 PM No-Host Lunch
2:30 PM - 3:20 PM Hacking .NET(C#) Applications: The Black Arts
video | slides

Jon McCoy
Security at scale: Web application security in a continuous deployment environment
video | slides

Zane Lackey
The "Easy" Button for Your Web Application Security Career
video | slides

Salvador Grec
Risk Analysis and Measurement with CWRAF
video | slides

Joe Jarzombek, Bob Martin, Walter Houser and Tom Brennan
3:20 PM - 3:30 PM Coffee Break
3:30 PM - 4:20 PM OWASP Broken Web Applications (OWASP BWA) 1.0 Release
video | slides

Chuck Willis
Security Is Like An Onion, That's Why It Makes You Cry
video | slides

Michele Chubirka
Anatomy of a Logic Flaw
video | slides

Charles Henderson and David Byrne
4:20 PM - 4:30 PM Coffee Break
4:30 PM - 5:20 PM New and Improved Hacking Oracle from Web
video | slides

Sumit Siddharth
State of Web Security
video | slides

Robert Rowley
Old Webshells, New Tricks -- How Persistent Threats have revived an old idea, and how you can detect them.
video | slides

Ryan Kazanciyan
Fed Panel
video | slides

Moderator: Rex Booth

Ron Ross, Joe Jarzombek, Kris Britton & Darren Death

5:20 PM - 5:30 PM Coffee Break
5:30 PM - 6:20 PM Unraveling some of the Mysteries around DOM-based XSS
video | slides

Dave Wichers
2012 Global Security Report
video | slides

Tom Brennan and Nick Percoco
Survivable Software for Cyber-Physical Systems
video | slides

Karen Mercedes Goertzel
6:20 PM Networking Opportunity in Room 207AB sponsored by: SPL-LOGO-MED.png