Difference between revisions of "OWASP AppSec Seattle 2006/Agenda"

From OWASP
Jump to: navigation, search
(OWASP Seattle 2006 Conference Schedule)
(OWASP Seattle 2006 Conference Schedule)
Line 28: Line 28:
 
  | style="width:10%; background:#7B8ABD" | 09:00 - 09:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Welcome to AppSec 2006 Seattle: Dave Wichers, OWASP Conferences Chair
 
  | style="width:10%; background:#7B8ABD" | 09:00 - 09:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Welcome to AppSec 2006 Seattle: Dave Wichers, OWASP Conferences Chair
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 09:10 - 10:00 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: The Benefits of the SDL initiative to Microsoft and its Customers – Michael Howard, Senior Security Program Manager, Microsoft and coauthor of Writing Secure Code, 2nd Ed., 19 Deadly Sins of Software Security, and the recently released Microsoft Security Development Lifecycle (SDL).
+
  | style="width:10%; background:#7B8ABD" | 09:10 - 10:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | Keynote: The Benefits of the SDL initiative to Microsoft and its Customers – Michael Howard, Senior Security Program Manager, Microsoft and coauthor of Writing Secure Code, 2nd Ed., 19 Deadly Sins of Software Security, and the recently released Microsoft Security Development Lifecycle (SDL).
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:00 - 11:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | PCI Presentation, Hap Huynh, VISA USA
+
  | style="width:10%; background:#7B8ABD" | 10:10 - 11:10 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | PCI Presentation, Hap Huynh, VISA USA
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 11:10 - 11:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
 
  | style="width:10%; background:#7B8ABD" | 11:10 - 11:30 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break

Revision as of 13:44, 27 September 2006

OWASP Training Courses

T1. Foundations of Web Application Security - One Day Course - October 16th, 2006
This powerful one day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities into their code. Read more here!
T2. WebServices and XML Security - One Day Course - October 16th, 2006
Many enterprises are currently developing new Web Services and/or adding and acquiring Web Services functionality into existing applications -- now is the time to build security into the system! Read more here!
T3. Advanced ASP.NET Exploits and Countermeasures - One Day Course - October 16th, 2006
In this one day course you will push ASP.NET to the limit and will be shown how ASP.NET applications and environments can be exploited by skilled attackers. Advanced exploitation techniques will be presented together with low-level technical analysis of the .NET Framework. You will also learn advanced defense techniques such as: Building an ASP.NET Security Protection layer (also called a Web Application Firewall) and Real time patching of vulnerabilities in the target application, the .NET Framework or the CLR. Read more here!

OWASP Seattle 2006 Conference Schedule

Day 1 - October 17th, 2006
Track 1: Bay Auditorium Track 2: Harbor Dining Room
08:00 - 09:00 Registration and Coffee
09:00 - 09:10 Welcome to AppSec 2006 Seattle: Dave Wichers, OWASP Conferences Chair
09:10 - 10:10 Keynote: The Benefits of the SDL initiative to Microsoft and its Customers – Michael Howard, Senior Security Program Manager, Microsoft and coauthor of Writing Secure Code, 2nd Ed., 19 Deadly Sins of Software Security, and the recently released Microsoft Security Development Lifecycle (SDL).
10:10 - 11:10 PCI Presentation, Hap Huynh, VISA USA
11:10 - 11:30 Break
11:30 - 12:30 OWASP Application Security Metrics and Assessment Standards Projects

Bob Austin, OWASP Application Security Metrics Project Lead President, KoreLogic Security and Cliff Barlow, OWASP Application Security Assessment Standards Project Lead Director Security Services, KoreLogic Security

Why AJAX applications are far more likely to be insecure, Dave Wichers, COO Aspect Security
12:30 - 13:45 Lunch
13:45 - 15:00 Home-grown Crypto (aka Taking a Knife to a Gun Fight), Hank Leininger, Senior Security Consultant, KoreLogic Security Using Sprajax to Test AJAX Security, Dan Cornell, Principal, Denim Group
15:00 - 15:20 Break
15:20-16:30 Agile and Secure: Can We Be Both?, Keith Landrus, Director of Technology, Denim Group The OWASP Code review, Testing guide & Live CD, an introduction., Eoin Keary, Sr Security Consultant, Rits (Ireland), OWASP Testing and Code Review Lead
16:30-16:50 Break
16:50 - 18:00 Panel: "The role of frameworks (e.g., .Net, Java, Enterprise Library, Struts, JaCorb) in 'forcing' developers to create and deploy 'secure' applications"

Moderator: TBD Panelists: Dinis Cruz, OWASP .Net Project Lead and others TBD

19:00 - 21:00 Social Gathering: Dinner and Drinks at Anthony’s Pier 66
Day 2 - October 18th, 2006
Track 1: Bay Auditorium Track 2: Harbor Dining Room
08:00 - 09:00 Coffee
09:00 - 10:45 Keynote: OWASP 2.0 - Enabling organizations to develop, maintain, and acquire applications they can trust, Dinis Cruz and Dave Wichers
10:45 - 11:10 Break
11:10 - 12:30 Buffer Overflows on the .Net Framework, Dinis Cruz, OWASP .Net Project Lead From Startup to IPO: Managing Security Risk in a Rapidly Growing Enterprise, Brian Chess, Chief Scientist, Fortify
12:30 - 13:45 Lunch
13:45 - 15:10 Advanced Web Services Security and Hacking, Justin Derry, Application Security Practice Leader, b-sec Consulting Pty Ltd (Australia) "Web Application Incident Response & Forensics: A Whole New Ball Game" and "OWASP Java Project Status", Rohyt Belani, OWASP Java Project Lead, Managing Director, Mandiant and Chuck Willis, Mandiant
15:10 - 15:30 Break
15:30 - 16:30 Panel: “What is in your application security toolbox?”

Moderator: Gunnar Peterson Panelists: Dave Wichers, COO Aspect Security, Brian Chess, Chief Scientist Fortify, ?? F5, Danny Allan, Director, Security Research, Watchfire, Michael Howard, Microsoft

16:30 - 16:50 Break
16:50 - 17:30 Conference Wrap Up - Dave Wichers, OWASP Conferences Chair