OWASP Education Presentation

From OWASP
Revision as of 02:48, 29 July 2007 by Sdeleersnyder (Talk | contribs)

Jump to: navigation, search

This page provide a commented overview of the OWASP presentations available.
Please use the last line of the tables as template.
Presentions can be tracked through:

Everybody is encouraged to link the presentations and add their findings on this page ! There are currently hundreds of presentations all over the OWASP web site. If you search google with “site:owasp.org filetype:ppt” there are 166 hits. “site:owasp.org filetype:pdf” returns 76. Feel free to “mine” them and add them to the overview.

Contents

OWASP Project Presentations

OWASP Project Presentations
Title Comment Level Date (yyyy-mm-dd)
OWASP NY Keynote by Jeff OWASP Overview presentation with slide "OWASP by the numbers" and slide with the sorry state of Tools (at best 45%) which caused some controverse Novice 2007-06-12
The OWASP Testing Guide (Jeff Williams) Overview of the OWASP Testing Guide Novice 2007-01-23
The OWASP Testing Guide v2 EUSecWest07 (Matteo Meucci, Alberto Revelli) Presentation at EUSecWest07 Intermediate 2007-03-01
OWASP Project Overview High level overview of projects and how OWASP works Novice 2006-09-19
The OWASP Application Security Metrics Project (Bob Austin) Presentation on the Application Security Metrics project Novice 2006-10-17
OWASP CLASP Project (Pravir Chandra) OWASP CLASP project presentation given at the 2006 European AppSec conference Novice 2006-05-30
Sprajax (Dan Cornell) OWASP Sprajax presentation given at the 2006 Seattle AppSec conference Intermediate 2006-10-17
Example (include link) Fill in your comments Novice/Intermediate/Expert yyyy-mm-dd


OWASP Conference Presentations

OWASP Conference Presentations
Title Comment Level Date (yyyy-mm-dd)
How the Security Development Lifecycle(SDL) Improved Windows Vista (Michael Howard) Michael Howard's talk on SDL from the OWASP Seattle AppSec Conference in 2006 Intermediate 2006-10-18
Bootstrapping the Application Assurance Process (Sebastien Deleersnyder) Presentation given during the European 2006 AppSec conference on the application assurance process Novice 2006-05-30
Inline Approach for Secure SOAP Requests and Early Validation (Mohammad Ashiqur Rahaman, Maartin Rits and Andreas Schaad SAP Research, Sophia Antipolis, France) Presentation given at the European 2006 AppSec conference about security and soap message structure issues Intermediate 2006-05-31
Web Application Firewalls:When Are They Useful? (Ivan Ristic) Presentation about Web Application Firewalls Novice 2006-05-31
HTTP Message Splitting, Smuggling and Other Animals (Amit Klein) A presentation about Message splitting other attacks around the HTTP protocol Intermediate 2006-05-31
Web Application Incident Response & Forensics: A Whole New Ball Game! (Rohyt Belani & Chuck Willis) Talk about Web Application Security incident handling and forensics given at the OWASP 2006 Seattle AppSec conference Intermediate 2006-10-18
Can (Automated) Testing Tools Really Find the OWASP Top 10? (Erwin Geirnaert) A talk about how automated testing tools stack up against the OWASP top 10 Intermediate 2006-05-30
RequestRodeo: Client Side Protection against Session Riding (Martin Johns / Justus Winter) Presentation given about how Sessions can be hi-jacked, etc... Novice 2006-05-31
Security Testing through Automated Software Tests (Stephen de Vries) Presentation given at the 2006 EuSec conference Intermediate 2006-05-31
In the Line of Fire: Defending Highly Visible Targets (Jeremy Poteet) Conference given at the 2005 DC AppSec conference Novice 2005-10-1
Google Hacking and Web Application Worms (Matt Fisher) Talk given at the 2005 DC AppSec conference Novice 2005-10-01
Establishing an Enterprise Application Security Program (Tony Canike) Talk given at the 2005 DC AppSec Conference Novice 2005-10-01
Why AJAX Applications Are Far More Likely To Be Insecure (And What To Do About It) (Dave Wichers) Dave's talk on AJAX given at the Seattle 2006 AppSec conference Intermediate 2006-10-01
Example (include link) Fill in your comments Novice/Intermediate/Expert yyyy-mm-dd


Web Application Security Presentations

Web Application Security Presentations
Title Comment Level Date (yyyy-mm-dd)
Universal PDF XSS by Ivan Ristic Protecting Web Applications from Universal PDF XSS Intermediate 2007-06-28
[Advanced SQL Injection (Victor Chapela) Detailed methodology for analyzing applications for SQL injection vulnerabilities Expert 2005-11-04
[Advanced Topics on SQL Injection Protection (Sam NG) 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. Intermediate 2006-02-27
[Attacking Web Services (Alex Stamos) Web Services Introduction and Attacks Intermediate 2005-10-11
MMS Spoofing (Matteo Meucci) A Case-study of a vulnerable web application Intermediate
Ajax Security (Andrew van der Stock) Presentation on Ajax security for OWASP AppSec Europe 2006 Intermediate 2006-05-30
Advanced Web Services Security & Hacking (Justin Derry) Presentation given on Webservice security at the Seattle 2006 AppSec conference Intermediate 2006-10-18
Integration into the SDLC (Eoin Keary) A presentation about why and how to integrate the SDLC. Novice 2005-04-09
Example (include link) Fill in your comments Novice/Intermediate/Expert yyyy-mm-dd



Chapter Presentations

Chapter Presentations
Title Comment Level Month (Mon-yyyy) Chapter
Brian Chess from Fortify shared what's going on with the Java Open Source review project at the June NoVA OWASP meeting Java Open Review Intermediate June 2007 Virginia (Northern Virginia)
Brian Chess from Fortify, presentation to NoVA OWASP chapter in June 2007. Bytecode injection Expert June 2007 Virginia (Northern Virginia)
Securing Web Services using XML Security Gateways by Tim Bond Securing Web Services using XML Security Gateways Intermediate May 2007 Virginia (Northern Virginia)
Software Assurance in the Acquisition Process by Stan Wisseman Software Assurance in the Acquisition Process Intermediate May 2007 Virginia (Northern Virginia)
Legal Aspects of (Web) Application Security by Jos Dumortier Legal Aspects of (Web) Application Security Intermediate May 2007 Belgium
AppSec Research (University Leuven Belgium) Formal absence of implementation bugs in web applications: a case study on indirect data sharing by Lieven Desmet Expert May 2007 Belgium
OWASP Update and OWASP BeLux Board Presentation (Seba) OWASP Update and OWASP BeLux Board Presentation Novice May 2007 Belgium
OWASP Update (Seba) OWASP Update Novice Jan 2007 Belgium
XSS Worms (Sven Vetsch) XSS Worms Intermediate Feb 2007 Switzerland
OWASP Update (Seba) OWASP Update Novice Jan 2007 Belgium
WebGoat and Pantera presentation (Philippe Bogaerts) WebGoat and Pantera presentation Novice Jan 2007 Belgium
Security implications of AOP for secure software (Bart De Win) Security implications of AOP for secure software Expert Jan 2007 Belgium
testing for common security flaws (David Byrne) testing for common security flaws Intermediate Nov 2006 Denver
40-ish slides on analyzing threats (Olli) Analyzing Threats Novice Dec 2006 Helsinki
Attacking the Application (Dave Ferguson) Vulnerabilities, attacks and coding suggestions Intermediate Dec 2006 Kansas City
Ajax Security Concerns (Rohini Sulatycki) Ajax Security Concerns Intermediate Dec 2006 Kansas City
Anatomy of 2 Web Application Testing (Matteo Meucci) Anatomy of 2 Web Application Testing Intermediate Mar 2006 Italy
Example (include link) Fill in your comments Novice/Intermediate/Expert Mon Year Chapter