This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP NYC AppSec 2008 Conference"

From OWASP
Jump to: navigation, search
(OWASP NYC AppSec 2008 Conference Schedule – Sept 24th - Sept 25th)
 
(392 intermediate revisions by 31 users not shown)
Line 1: Line 1:
= OWASP NYC AppSec 2008 - September 22th-25th 2008 =
+
__NOTOC__
Last Update: {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}
+
== Introduction ==
In association with: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net ISACA], [http://www.issa.org ISSA] and [http://www.pace.edu Pace University] you're invited to (2) days of Seminars and Technology Pavilion from the world's best application security technology minds, (2) days of hardcore hands-on training, all held at <b>[http://www.pace.edu/page.cfm?doc_id=16157 Pace University]</b>, located in downtown New York City at <b>One Pace Plaza New York, NY 10038.</b> Event Fees: $300 for 2 days of seminars, $675 for 1-day training classes and $1,350 for 2-day courses. [http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif] - do you want to preview the event space [http://www.flickr.com/photos/21550725@N04/sets/72157604662279903/detail Click Here]
+
This event was a great success, drawing together professionals from all around the world. Please see the agenda below for copies of the presentations and videos of all the talks!!
<hr>
+
 
<center>[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Diamond Sponsor] - [http://www.imperva.com https://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg]<br>
+
Conference Description: This vendor agnostic conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: [http://www.webappsec.org WASC], [http://www.nym-infragard.us NYM InfraGard], [http://aitglobal.com AITGlobal], [http://nyphp.org/index.php NYC PHP], [http://www.nycbug.org NYCBUG], [http://www.isacany.net NYC ISACA], [http://www.nymissa.org NYC ISSA] and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown.
<br>[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Platinum Sponsor] - [http://www.cenzic.com/ https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif]  - [https://www.owasp.org/images/6/60/NY_Sponsorship.pdf https://www.owasp.org/images/f/f8/Sponsorsm.gif] </center><br>
 
[https://www.owasp.org/images/6/60/NY_Sponsorship.pdf Gold & Silver Sponsors] -
 
[http://www.proactiverisk.com https://www.owasp.org/images/9/97/Proactiverisk_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [https://www.owasp.org/images/6/60/NY_Sponsorship.pdf https://www.owasp.org/images/f/f8/Sponsorsm.gif]
 
 
<br>
 
<br>
<center>[https://www.owasp.org/images/9/98/NY_Sponsorship_Form.pdf Sponsorship Opportunities] -- [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-PRESS Press Registration] -- [http://www.owasp.org/index.php/Member_Offers Other OWASP Member Offers] </center>  
+
<h2>SEE BELOW FOR VIDEO AND SLIDES - [http://www.flickr.com/photos/32167431@N06/tags/2008appsecusnewyork CLICK HERE FOR PHOTOS]</h2>
 +
<center> [http://www.linkedin.com/e/gis/36874 Join the OWASP Linked'In Group]
 +
- - -
 +
[https://www.owasp.org/index.php/Category:OWASP_Video For Previous OWASP Conference Video CLICK HERE]</center>
 
<hr>
 
<hr>
  
== OWASP NYC AppSec 2008 Conference Schedule – Sept 24th - Sept 25th ==
+
== 2008 OWASP USA, NYC Conference Schedule – FULL VIDEO 50+ Speakers see below ==
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
  ! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 – Sept 24th, 2008
+
  ! colspan="4" align="center" style="background:#4058A0; color:white" |
 +
 
 +
<h2>Day 1 – Sept 24th, 2008 </h2>
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1:  
+
  | style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1: BALLROOM
  | style="width:30%; background:#BCA57A" | Track 2:  
+
  | style="width:30%; background:#BCA57A" | Track 2: SKYLINE
  | style="width:30%; background:#7B8ABD" | Track 3:  
+
  | style="width:30%; background:#99FF99" | Track 3: TIMESQUARE
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 08:00-09:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Registration Opens and Tech Expo'''
+
  | style="width:10%; background:#7B8ABD" | 07:30-08:50 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Doors Open for Attendee/Speaker Registration
|-
+
''avoid lines come early get your caffeine fix and use free wifi''
  | style="width:10%; background:#7B8ABD" | 09:15-10:15 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Introduction, OWASP Version 3.0 where we are.. where we are going  
+
|-
''OWASP Foundation Board Jeff Williams, Tom Brennan, Dinis Cruz, Sebastien Deleersnyder & Dave Wichers''
+
  | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | '''OWASP Version 3.0 who we are, how we got here and where we are going?'''<br>
|-
+
''OWASP Foundation: [[Contact | Jeff Williams]], [[Contact | Dinis Cruz]], [[Contact | Dave Wichers]], [[Contact | Tom Brennan]], [[Contact | Sebastien Deleersnyder]]'' <br>
| style="width:10%; background:#7B8ABD" | 10:30-11:30 || style="width:30%; background:#BC857A" align="left" | Logic Attacks and Inefficiencies of Robotic Detection
+
<center>{{#ev:googlevideo|-228977859802026041}}</center> <br>
''Robert "RSnake" Hansen CEO [http://www.sectheory.com SecTheory]''
+
[http://www.owasp.org/images/b/b7/AppSecNYC08-Delivering_AppSec_Info.ppt Dave Wicher's Slides] / Jeff William's Slides / Dinis Cruz's Slides
  | style="width:30%; background:#BCA57A" align="left" | Offensive Assessing Financial Apps
+
|-
''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert Daniel Cuthbert]''
+
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="center" | '''[[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What%27s_hot_for_2008 | Analysis of the Web Hacking Incidents Database (WHID)]]''' <br>
| style="width:30%; background:#7B8ABD" align="left" | Web Intrusion Detection with ModSecurity
+
''[http://blog.shezaf.com Ofer Shezaf]''<br>
''Ivan Ristic''
+
[http://video.google.com/videoplay?docid=1130960689238372157&hl=en VIDEO] / SLIDES
|-
+
  | style="width:30%; background:#BCA57A" align="center" |  
| style="width:10%; background:#7B8ABD" | 11:30-12:30 || style="width:30%; background:#BC857A" align="left" | Reverse Engineering .NET
+
'''[http://www.webappsecroadmap.com Web Application Security Road Map]'''<br>
''Adam Boulton''
+
''[http://joesecurity.blogspot.com Joe White]''<br>
  | style="width:30%; background:#BCA57A" align="left" | [http://www.owasp.org/index.php/Category:OWASP_JBroFuzz JBroFuzz] 0.1 - 1.1: [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Building a Java Fuzzer for the Web]
+
[http://video.google.com/videoplay?docid=-237406228011458703&hl=en VIDEO] / [https://sites.google.com/a/webappsecroadmap.com/main/announcements/owasp-appsec-2008-presentation-has-been-uploaded SLIDES]
''[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou Yiannis Pavlosoglou] - Senior Director - [http://www.ouncelabs.com Ounce Labs] ''
+
| style="width:30%; background:#99FF99" align="center" |
| style="width:30%; background:#7B8ABD" align="left" | [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project OWASP LIVE CD]
+
'''[https://buildsecurityin.us-cert.gov/swa/acqwg.html DHS Software Assurance Initiatives]'''<br>
''Joshua Perrymon - CEO [http://www.packetfocus.com Packetfocus]''
+
''[http://www.linkedin.com/pub/0/ab/3b7 Stan Wisseman] & [http://www.linkedin.com/pub/1/439/923 Joe Jarzombek]''<br>
 +
[http://video.google.com/videoplay?docid=-6505795148329572484&hl=en VIDEO] / SLIDES
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="center" |  
 +
'''Http Bot Research'''<br>
 +
''[http://www.shadowserver.org/wiki/pmwiki.php?n=Shadowserver.Mission Andre M. DiMino - ShadowServer Foundation]''<br>
 +
[http://video.google.com/videoplay?docid=1400503643786264015&hl=en VIDEO] / SLIDES
 +
  | style="width:30%; background:#BCA57A" align="center" |  
 +
'''OWASP "Google Hacking" Project'''<br>
 +
''[http://www.linkedin.com/in/ChristianHeinrich Christian Heinrich]''<br>
 +
[http://video.google.com/videoplay?docid=5419982525671711780&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |
 +
'''MalSpam Research'''<br>
 +
'' [http://www.knujon.com/bios.html Garth Bruen]''<br>
 +
[http://video.google.com/videoplay?docid=-8813268235790993111&hl=en VIDEO] / SLIDES
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Sign-Up
 +
''LUNCH - Provided by event sponsors @ TechExpo''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="center" |
 +
'''Get Rich or Die Trying - Making Money on The Web, The Black Hat Way'''<br>
 +
''[http://www.linkedin.com/in/treyford Trey Ford], [http://www.linkedin.com/in/tombrennan Tom Brennan], [http://www.linkedin.com/pub/0/205/77a Jeremiah Grossman]''<br>
 +
[http://video.google.com/videoplay?docid=-7209323310151363553&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#BCA57A" align="center" |
 +
'''Framework-level Threat Analysis: Adding Science to the Art of Source-code review'''<br>
 +
''[[OWASP_NYC_AppSec_2008_Conference-rohit-sethi | Rohit Sethi]] & [[OWASP_NYC_AppSec_2008_Conference-sahba-kazerooni | Sahba Kazerooni]]''<br>
 +
[http://video.google.com/videoplay?docid=8935251380629216945&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |
 +
'''Automated Web-based Malware Behavioral Analysis'''<br>
 +
''[http://www.linkedin.com/pub/3/359/b1a Tyler Hudak]''<br>
 +
[http://video.google.com/videoplay?docid=4204600308807371535&hl=en VIDEO] / SLIDES
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="center" |
 +
'''[http://blogs.adobe.com/psirt/2008/09/thanks_to_jeremiah_grossman_an.html New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]'''<br>
 +
''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''<br>
 +
[http://video.google.com/videoplay?docid=-5747622209791380934&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#BCA57A" align="center" |  
 +
'''Web Intrusion Detection with ModSecurity'''<br>
 +
''[http://www.breach.com/company/executive-team/ Ivan Ristic]''<br>
 +
[http://video.google.com/videoplay?docid=-7391448618249578180&hl=en VIDEO] / [[Media:OWASP_NYC_2008-Web_Intrusion_Detection_with_ModSecurity.pdf|SLIDES]]
 +
| style="width:30%; background:#99FF99" align="center" |
 +
'''Using Layer 8 and OWASP to Secure Web Applications'''<br>
 +
''[http://www.linkedin.com/in/davidstern2000 David Stern] & [http://www.linkedin.com/in/romangarber Roman Garber]''<br>
 +
[http://video.google.com/videoplay?docid=-3883297889781954509&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 12:30-13:30 || style="width:30%; background:#BC857A" align="left" | [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann Multidisciplinary Bank Attacks]
+
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="center" | '''Application Security Industry Outlook Panel:'''<br>
''Gunter Ollmann, Director Security Strategy, [http://www.iss.net IBM Internet Security Systems]''
+
''[http://www.linkedin.com/pub/0/497/86a Jim Routh] CISO DTCC, <br>
  | style="width:30%; background:#BCA57A" align="left" | OWASP CLASP
+
[http://www.linkedin.com/pub/0/bb1/68a Sunil Seshadri] CISO NYSE-Euronet, <br>
''Pravir Chandra''
+
[http://www.linkedin.com/in/bernik Joe Bernik] SVP, RBS Americas,<br>
| style="width:30%; background:#7B8ABD" align="left" | Shootout at the Blackbox Corral
+
[http://www.linkedin.com/pub/8/878/240 Jennifer Bayuk] Infosec Consultant,<br>
''Dinis Cruz & Larry Suto''
+
[http://www.linkedin.com/in/philvenables Philip Venables] CISO, Goldman Sachs, <br>
 +
[http://www.linkedin.com/in/crecalde Carlos Recalde] SVP, Lehman Brothers, <br>
 +
Moderator: [http://www.linkedin.com/in/mahidontamsetti  Mahi Dontamsetti]''<br>
 +
[http://video.google.com/videoplay?docid=-7051719323294878516&hl=en VIDEO] / SLIDES
 +
  | style="width:30%; background:#BCA57A" align="center" |  
 +
'''[http://www.owasp.org/index.php/Security_Assessing_Java_RMI Security Assessing Java RMI] '''<br>
 +
''[http://www.linkedin.com/in/adamboulton Adam Boulton]''<br>
 +
[http://video.google.com/videoplay?docid=1673714450539106400&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web'''<br>
 +
''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou | Yiannis Pavlosoglou]]''<br>
 +
[http://video.google.com/videoplay?docid=-1551704659206071145&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 13:30-14:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Collective Intelligence - Jennifer Bayuk-CISO Bear Stearns, Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik Royal Bank of Scotland & Philip Venables CIRO, Goldman, Sachs
+
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="center" |  
Moderator: Mahi Dontamsetti
+
'''OWASP Testing Guide - Offensive Assessing Financial Applications'''<br>
 +
'' [[OWASP_NYC_AppSec_2008_Conference-daniel-cuthbert | Daniel Cuthbert]]''<br>
 +
[http://video.google.com/videoplay?docid=-3228312539505217121&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#BCA57A" align="center" |
 +
'''Flash Parameter Injection (FPI)'''<br>
 +
''Ayal Yogev & Adi Sharabani''<br>
 +
[http://video.google.com/videoplay?docid=7818654218575619118&hl=en VIDEO] / [http://blog.watchfire.com/FPI.ppt SLIDES] / [http://blog.watchfire.com/FPI.pdf PAPER]
 +
| style="width:30%; background:#99FF99" align="center" |
 +
'''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho | w3af - A Framework to own the web]]'''<br>
 +
''[http://www.bonsai-sec.com/ Andrés Riancho]''<br>
 +
[http://video.google.com/videoplay?docid=4354579888802327250&hl=en VIDEO] / VIDEO
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 14:30-15:30 || style="width:30%; background:#BC857A" align="left" | [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho w3af, a framework to own the web] -
+
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="center" |  
[https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho ''Andres Riancho''], [http://www.cybsec.com/ Cybsec]
+
'''OWASP Enterprise Security API [[ESAPI | (ESAPI) Project]]'''<br>
 
+
'' [http://www.aspectsecurity.com/management.htm Jeff Williams]''<br>
  | style="width:30%; background:#BCA57A" align="left" | [[AppSecEU08_Trends_in_Web_Hacking_Incidents:_What's_hot_for_2008 | Trends in Web Hacking: What's hot in 2008<br/>Analysis of the Web Hacking Incidents Database (WHID)]]
+
[http://video.google.com/videoplay?docid=-2912157383449643073&hl=en VIDEO] / SLIDES
''[http://blog.shezaf.com Ofer Shezaf], Breach''
+
  | style="width:30%; background:#BCA57A" align="center" |  
| style="width:30%; background:#7B8ABD" align="left" | Security in Agile Development
+
'''Cross-Site Scripting Filter Evasion'''<br>
''Dave Wichers, COO [http://www.aspectsecurity.com Aspect Security]''
+
''Alexios Fakos''<br>
 +
[http://video.google.com/videoplay?docid=-6974576754943514571&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-GunterOllmann | Multidisciplinary Bank Attacks]]'''<br>
 +
''Gunter Ollmann''<br>
 +
[http://video.google.com/videoplay?docid=3041861094296331549&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 15:30-16:30 || style="width:30%; background:#BC857A" align="left" | [http://www.owasp.org/index.php/ESAPI OWASP Enterprise Security API (ESAPI) Project]
+
| style="width:10%; background:#7B8ABD" | 17:00-17:45 || style="width:30%; background:#BC857A" align="center" |  
''Jeff Williams, CEO [http://www.aspectsecurity.com Aspect Security]''
+
'''Open Discussion On Application Security'''<br>
  | style="width:30%; background:#BCA57A" align="left" | Next Generation Cross Site Scripting Worms
+
''Joe Bernik & Steve Antoniewicz''<br>
''Arshan Dabirsiaghi, Director of Research [http://www.aspectsecurity.com Aspect Security]''
+
[http://video.google.com/videoplay?docid=6718671647859572098&hl=en VIDEO] / SLIDES
| style="width:30%; background:#7B8ABD" align="left" | "Threading the Needle:
+
  | style="width:30%; background:#BCA57A" align="center" |  
Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks."
+
'''Mastering PCI Section 6.6'''<br>
''Arian Evans, Director of Operations [http://www.whitehatsec.com WhiteHat Security]''
+
''[http://www.linkedin.com/pub/1/228/6a5 Taylor McKinley] and [http://www.linkedin.com/in/jacobwest Jacob West]''<br>
 +
[http://video.google.com/videoplay?docid=-2544477786674220116&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''Case Studies: Exploiting application testing tool deficiencies via "out of band" injection'''<br>
 +
''[http://www.linkedin.com/pub/0/a91/aa2 Vijay Akasapu] & [http://www.linkedin.com/pub/9/279/381 Marshall Heilman]''<br>
 +
[http://video.google.com/videoplay?docid=7623989457736720764&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || style="width:30%; background:#BC857A" align="left" | Shhhh Don’t Tell Anybody
+
| style="width:10%; background:#7B8ABD" | 18:00-18:45 || style="width:30%; background:#BC857A" align="center" |  
''Petko D. Petkov, a.k.a. pdp''
+
'''[http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project Spearfishing and the OWASP Live CD]'''<br>
  | style="width:30%; background:#BCA57A" align="left" | Secure PHP
+
''[http://www.linkedin.com/in/packetfocus Joshua Perrymon]''<br>
''Hans Zaunere, CEO [http://www.nyphp.com NYCPHP]''
+
[http://video.google.com/videoplay?docid=-4419524791864555496&hl=en VIDEO] / SLIDES
| style="width:30%; background:#7B8ABD" align="left" | Payment Card Data Security and the new Enterprise Java
+
  | style="width:30%; background:#BCA57A" align="center" |  
''Dr. B. V. Kumar & Mr. Abhay ''
+
'''Phundamental Security - Coding Secure w/PHP'''<br>
 +
''[http://www.linkedin.com/in/zaunere Hans Zaunere]''<br>
 +
[http://video.google.com/videoplay?docid=3477751371038020741&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |
 +
'''[[Payment_Card_Data_Security_and_the_new_Enterprise_Java | Payment Card Data Security and the new Enterprise Java]]'''<br>
 +
''[[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Dr._B._V._Kumar | Dr. B. V. Kumar]] & [[OWASP_NYC_AppSec_2008_Conference-SPEAKER-Abhay_Bhargav | Mr. Abhay Bhargav]]''<br>
 +
[http://video.google.com/videoplay?docid=4488848043144792234&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 17:30-18:30 || style="width:30%; background:#BC857A" align="left" | Notes Security
+
| style="width:10%; background:#7B8ABD" | 19:00-20:00 || style="width:30%; background:#BC857A" align="center" |  
''Jian Hui Wang''
+
'''OWASP Chapter Leader / Project Leader working session'''<br>
  | style="width:30%; background:#BCA57A" align="left" | Mastering PCI Section 6.6
+
''OWSAP Board/Chapter Leaders''
''Taylor McKinley and Jacob West''
+
  | style="width:30%; background:#BCA57A" align="center" |  
| style="width:30%; background:#7B8ABD" align="left" | AppSec Techniques
+
'''(ISC)2 Cocktail Hour'''<br>
''JD Glaser, CEO [http://www.ntobjectives.com/company/management.php NTO Objectives]''
+
All welcome to attend for a special announcement presented by:<br>
 +
[https://www.isc2.org/cgi-bin/content.cgi?page=351 W. Hord Tipton, Executive Director of (ISC)2]
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''Technology Movie Night'''<br>
 +
''[http://www.youtube.com/watch?v=LlKDkTbUFhU&feature=related Sneakers], [http://www.youtube.com/watch?v=tAcEzhQ7oqA WarGames], [http://hackersarepeopletoo.com HackersArePeopleToo], [http://www.youtube.com/watch?v=4Be-ZzcXVLw TigerTeam]'' <br>
 +
from 19:00 - 23:00
 +
 
 
|-
 
|-
  | style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Web Application Capture the Flag - [http://isis.poly.edu/projects Polytechnic University] & OWASP Chapter Leader Meeting - '''
+
  | style="width:10%; background:#7B8ABD" | 20:00-23:00+ || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Event Party/Reception <br>Event badge required for admission <br>[[OWASP_NYC_AppSec_2008_Conference/ctf | Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.]] <br>''Location: HOTEL BALLROOM''
 +
<br>
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 20:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | ''' Speaker/Attendee Reception'''
+
! colspan="10" align="center" style="background:#4058A0; color:white" |
 +
 
 +
<h2>Day 2 – Sept 25th, 2008 </h2>
 
|-
 
|-
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 – Sept 25th, 2008
+
  | style="width:10%; background:#99FF99" | 08:00-10:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | BREAKFAST - Provided by event sponsors @ TechExpo
 +
 
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 8:00-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | Breakfast @ Tech-Expo
+
| style="width:10%; background:#7B8ABD" | 08:00-08:45 || style="width:30%; background:#BC857A" align="center" |  
 +
'''Software Development and Management: The Last Security Frontier'''<br>
 +
''[http://blog.isc2.org/isc2_blog/tipton/index.html W. Hord Tipton], CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²''<br>
 +
[http://video.google.com/videoplay?docid=-4023599059084294937&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#BCA57A" align="center" |
 +
'''[[AppSecEU08_Best_Practices_Guide_Web_Application_Firewalls | Best Practices Guide for Web Application Firewalls]]'''<br>
 +
''Alexander Meisel''<br>
 +
[http://video.google.com/videoplay?docid=-2977259539412442033&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
 +
'''<br>
 +
''[http://www.linkedin.com/in/tommyryan Thomas Ryan]''<br>
 +
[http://video.google.com/videoplay?docid=-442445248884665643&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 0900-10:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | [http://www.aeispeakers.com/speakerbio.php?SpeakerID=1192 Prof. Howard A. Schmidt, CISSP, CISM (Hon.)] |
+
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || style="width:30%; background:#BC857A" align="center" |
Current (ISC)² Security Strategist and Former White House Cyber Security Advisor
+
'''OWASP Web Services Top Ten'''<br>
 +
''[http://1raindrop.typepad.com Gunnar Peterson]''<br>
 +
[http://video.google.com/videoplay?docid=5680040858618100893&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#BCA57A" align="center" |  
 +
'''[http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html  Red And Tiger Team Application Security Projects]'''<br>
 +
''[http://www.linkedin.com/pub/1/373/994 Chris Nickerson]''<br>
 +
[http://video.google.com/videoplay?docid=-1638710543904774703&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |
 +
'''OpenSource Tools'''<br>
 +
''Prof. Li-Chiou Chen & Chienitng Lin, [http://www.pace.edu/page.cfm?doc_id=16399 Pace Univ]''<br>
 +
[http://video.google.com/videoplay?docid=6174945058170583976&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 10:00-11:00 || style="width:30%; background:#BC857A" align="left" | Practical Advanced Threat Modeling
+
| style="width:10%; background:#7B8ABD" | 10:00-10:45 || style="width:30%; background:#BC857A" align="center" |  
''John Steven''
+
'''Building a tool for Security consultants: A story of a customized source code scanner'''<br>
  | style="width:30%; background:#BCA57A" align="left" | [http://reversebenchmarking.com Open Reverse Benchmarking Project]
+
''Dinis Cruz''<br>
''Marce Luck & Tom Stracener''
+
[http://video.google.com/videoplay?docid=5269154656993046978&hl=en VIDEO] / SLIDES
| style="width:30%; background:#7B8ABD" align="left" | Building Usable Security
+
  | style="width:30%; background:#BCA57A" align="center" |  
''Zed Abbadi''
+
'''"Help Wanted" [http://www.infosecleaders.com/survey 7 Things You Need to Know APPSEC/INFOSEC Employment]'''<br>
 +
''[http://www.linkedin.com/pub/0/29/685 Lee Kushner]''<br>
 +
[http://video.google.com/videoplay?docid=5330096815878108179&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''Industry Analysis with Forrester Research'''<br>
 +
''[http://www.forrester.com/rb/analyst/chenxi_wang Chenxi Wang]''<br>
 +
[http://video.google.com/videoplay?docid=1391450504589087806&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 11:00-12:00 || style="width:30%; background:#BC857A" align="left" | Offshoring Application Development? Security is Still Your Problem
+
| style="width:10%; background:#7B8ABD" | 11:00-11:45 || style="width:30%; background:#BC857A" align="center" |  
''Rohyt Belani''
+
'''Software Assurance Maturity Model (SAMM)'''<br>
  | style="width:30%; background:#BCA57A" align="left" | OWASP Orizon Project
+
''Pravir Chandra''<br>
''Paolo Perego''
+
[http://video.google.com/videoplay?docid=-7453282550277559385&hl=en VIDEO] / [https://www.owasp.org/images/2/2e/OWASP_CLASP_SAMM.ppt SLIDES]
| style="width:30%; background:#7B8ABD" align="left" | NIST SAMATE Static Analysis Tool Exposition (SATE)
+
  | style="width:30%; background:#BCA57A" align="CENTER" |  
''Vadim Okun''
+
'''Security in Agile Development'''<br>
 +
''[[User:Wichers | Dave Wichers]]''<br>
 +
[http://video.google.com/videoplay?docid=-8287209466278543377&hl=en VIDEO] / [http://www.owasp.org/images/a/a3/AppSecNYC08-Agile_and_Secure.ppt SLIDES]
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''Secure Software Impact'''<br>
 +
''[http://ouncelabs.com/company/team.asp Jack Danahy]''<br>
 +
[http://video.google.com/videoplay?docid=-3851913297265683210&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 12:00-13:00 || style="width:30%; background:#BC857A" align="left" | Wild Wild Web on Security Planet
+
| style="width:10%; background:#7B8ABD" | 12:00-12:45 || style="width:30%; background:#BC857A" align="center" |  
''Mano Paul CEO [http://www.securisksolutions.com SecuRisk Solutions]''
+
'''Next Generation Cross Site Scripting Worms '''<br>
  | style="width:30%; background:#BCA57A" align="left" | Software Liability
+
''[http://i8jesus.com/?page_id=5 Arshan Dabirsiaghi]''<br>
''Jack Danahy''
+
[http://video.google.com/videoplay?docid=-2782535918275323123&hl=en VIDEO] / SLIDES
| style="width:30%; background:#7B8ABD" align="left" | Cross-Site Scripting Filter Evasion
+
  | style="width:30%; background:#BCA57A" align="center" |  
''Alexios Fakos''
+
'''Security of Software-as-a-Service (SaaS)'''<br>
 +
''[http://www.linkedin.com/pub/6/372/45a James Landis]''<br>
 +
[http://video.google.com/videoplay?docid=-513622114181563795&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''[http://reversebenchmarking.com/About.html Open Reverse Benchmarking Project]'''<br>
 +
''Marce Luck & [http://www.linkedin.com/pub/1/507/616 Tom Stracener]''<br>
 +
[http://video.google.com/videoplay?docid=4352770935920515328&hl=en VIDEO] / SLIDES
 
|-
 
|-
  | style="width:10%; background:#7B8ABD" | 13:00-14:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Projects "Dinis Cruz & OWASP Project Leaders"
+
  | style="width:10%; background:#7B8ABD" | 12:00-13:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | [[OWASP_NYC_AppSec_2008_Conference/ctf | Capture the Flag]] Status
 +
''LUNCH - Provided @ TechExpo''
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 14:00-15:00 || style="width:30%; background:#BC857A" align="left" | Projects with OWASP
+
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="center" |  
''Steve Malson''
+
'''[[NIST SAMATE Static Analysis Tool Exposition (SATE) | NIST and SAMATE Static Analysis Tool Exposition (SATE)]]'''<br>
| style="width:30%; background:#BCA57A" align="left" | OWASP Pantera Advances
+
''[[OWASP_NYC_AppSec_2008_Conference-vadim-okun | Vadim Okun]]''<br>
''Simon Roses Femerling''
+
[http://video.google.com/videoplay?docid=-7567012344169452280&hl=en VIDEO] / SLIDES
| style="width:30%; background:#7B8ABD" align="left" | Software-as-a-Service (SaaS)
+
| style="width:30%; background:#BCA57A" align="center" |  
''James Landis''
+
'''[[User_talk:Jian | Lotus Notes/Domino Web Application Security]]'''<br>
 +
''[[User_talk:Jian | Jian Hui Wang]]''<br>
 +
[http://video.google.com/videoplay?docid=8645149711234878540&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''Shootout @ Blackbox Corral'''<br>
 +
''Larry Suto''<br>
 +
[http://video.google.com/videoplay?docid=-1565567642122481539&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 15:00-16:00 || style="width:30%; background:#BC857A" align="left" | "Out of Band" Injection
+
| style="width:10%; background:#7B8ABD" | 14:00-14:45 || style="width:30%; background:#BC857A" align="center" |  
''Vijay Akasapu & Marshall Heilman''
+
'''Practical Advanced Threat Modeling'''<br>
| style="width:30%; background:#BCA57A" align="left" | OWASP V2 Testing Guide 4.2.3 Spidering and Googling in depth
+
''John Steven''<br>
''Christian Heinrich''
+
[http://video.google.com/videoplay?docid=-734106766899160289&hl=en VIDEO] / SLIDES
| style="width:30%; background:#7B8ABD" align="left" | Caution, Java ahead
+
| style="width:30%; background:#BCA57A" align="center" |  
''Jeremiah Grossman CTO [http://www.whitehatsec.com WhiteHat Security]''
+
'''[http://www.owasp.org/index.php/Category:OWASP_Orizon_Project The OWASP Orizon Project: towards version 1.0]'''<br>
 +
''[[User:Thesp0nge | Paolo Perego]]''<br>
 +
[http://video.google.com/videoplay?docid=-9104434795648450379&hl=en VIDEO] / [http://www.owasp.org/index.php/Image:The_Owasp_Orizon_Project_Towards_version_1.0_v1.0.ppt#file SLIDES]
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''[[Building_Usable_Security | Building Usable Security]]'''<br>
 +
''[[Zed_Abbadi | Zed Abbadi]]''<br>
 +
[http://video.google.com/videoplay?docid=8782541141810029760&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 16:00-17:00 || style="width:30%; background:#BC857A" align="left" | [[Input validation: the Good, the Bad and the Ugly]]
+
| style="width:10%; background:#7B8ABD" | 15:00-15:45 || style="width:30%; background:#BC857A" align="center" |  
''[[Johan Peeters]]''
+
'''Off-shoring Application Development? Security is Still Your Problem'''<br>
| style="width:30%; background:#BCA57A" align="left" | Flash Parameter Injection (FPI)
+
''Rohyt Belani''<br>
''Ayal Yogev & Yuval Baror''
+
[http://video.google.com/videoplay?docid=1042293104444687505&hl=en VIDEO] / SLIDES
| style="width:30%; background:#7B8ABD" align="left" | Learning the .Net Debugging API
+
| style="width:30%; background:#BCA57A" align="center" |  
''Kevin Spett''
+
'''[[OWASP_EU_Summit_2008 | OWASP EU Summit Portugal]]'''<br>
 +
''Dinis Cruz''<br>
 +
[http://video.google.com/videoplay?docid=-7044581008789784268&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''A Security Architecture Case Study'''<br>
 +
''[http://johanpeeters.com Johan Peeters]''<br>
 +
[http://video.google.com/videoplay?docid=-4553372140069628300&hl=en VIDEO] / SLIDES
 
|-
 
|-
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || style="width:30%; background:#BC857A" align="left" | Secure System Development Life Cycle (SSDLC) Methodology for SOA
+
| style="width:10%; background:#7B8ABD" | 16:00-16:45 || style="width:30%; background:#BC857A" align="center" |  
''Ken Huang''
+
'''Vulnerabilities in application interpreters and runtimes'''<br>
  | style="width:30%; background:#BCA57A" align="left" | Web Security Education using Open Source Tools
+
''Erik Cabetas''<br>
''Prof. Li-Chiou Chen & Chienitng Lin''
+
[http://video.google.com/videoplay?docid=7859413573034669384&hl=en VIDEO] / SLIDES
| style="width:30%; background:#7B8ABD" align="left" | Friend or Foe: Penetration Testing VS Source Code Analysis
+
  | style="width:30%; background:#BCA57A" align="center" |  
''Tom Ryan''
+
'''Cryptography For Penetration Testers'''<br>
 +
''Chris Eng''<br>
 +
[http://video.google.com/videoplay?docid=-5187022592682372937&hl=en VIDEO] / SLIDES
 +
| style="width:30%; background:#99FF99" align="center" |  
 +
'''Memory Corruption and Buffer Overflows'''<br>
 +
''[http://www.immunitysec.com Dave Aitel]''<br>
 +
[http://video.google.com/videoplay?docid=-1012125050474412771&hl=en VIDEO] / SLIDES
 
|-
 
|-
  | style="width:10%; background:#7B8ABD" | 18:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Closing Remarks / CTF Awards / Raffles'''
+
  | style="width:10%; background:#7B8ABD" | 17:00-17:45 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles'''
 +
 
 +
<center>{{#ev:googlevideo|8211027328063203438}}</center> <br>
 +
[http://video.google.com/videoplay?docid=8211027328063203438&hl=en VIDEO]
 
|-
 
|-
  | style="width:10%; background:#7B8ABD" | 21:00 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | '''Farewell dinner.. Go secure the world'''
+
  | style="width:10%; background:#7B8ABD" | 18:30-19:30 || colspan="3" style="width:80%; background:#C2C2C2" align="center" | OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!
 
|}
 
|}
  
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>
+
<br>
 +
<center><b> So did you like the content? Lets us know.. [http://www.owasp.org/index.php/Contact Contact Us] </b></center>
 +
<br>
  
== Technology Pavilion - September 24th and 25th  ==
+
== EVENT SPONSORS ==
  
Want to see the latest offerings from technology product and service firms, visit the Technology Pavilion. On September 24th and 25th there will be 2 full days of exhibits by service providers and manufacturers from around the world.
 
  
 
<hr>
 
<hr>
 +
<center>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Diamond Sponsor] - [http://www.imperva.com http://www.owasp.org/images/d/de/Imperva_2color_RGB.jpg]<br>
 +
<br>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Platinum Sponsor]  - [http://www.cenzic.com https://www.owasp.org/images/b/bf/CenzicLogo_RGB.gif]  - [http://www.whitehatsec.com http://www.owasp.org/images/archive/4/4d/20080703021901%21Whitehat.gif] -  [http://www-935.ibm.com/services/us/gbs/app/html/gbs_applicationservices.html?cm_re=masthead-_-business-_-apps-allappserv https://www.owasp.org/images/4/47/Ibm.jpg] </center><br>
 +
[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Gold, Silver, Expo & Other Sponsors] - [http://www.isc2.org http://www.owasp.org/images/4/45/Isc2logo.gif] - [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] - [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif] - [http://www.qualys.com https://www.owasp.org/images/a/ae/Qualys.gif] - [http://www.ouncelabs.com https://www.owasp.org/images/6/6e/OunceLabs_logo.jpg] - [http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg] - [http://www.cigital.com/ https://www.owasp.org/images/b/be/Cigital_OWASP.GIF] - [http://www.acunetix.com https://www.owasp.org/images/e/eb/Acuneti.gif] - [http://www.denimgroup.com http://www.owasp.org/images/5/56/Denimgroup.jpg] - [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG] -
 +
[http://www.fishnetsecurity.com https://www.owasp.org/images/4/4a/Fishnet_security.png] - [http://www.airtightnetworks.net https://www.owasp.org/images/8/8b/Airtight.gif] -
 +
[http://www.artofdefence.com https://www.owasp.org/images/d/dc/AOD_Logo.gif] -
 +
[http://www.securityuniversity.net https://www.owasp.org/images/0/0d/Security_university.jpg] -
 +
[http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif] - [http://www.armorize.com https://www.owasp.org/images/c/ce/Armorize_Logo.png] -[http://www.barracudanetworks.com/ https://www.owasp.org/images/a/a2/Barracuda_Color_Logo.jpg] - [http://www.symantec.com https://www.owasp.org/images/2/26/New_Symantec_Logo.jpg] - [http://www.prevalent.net https://www.owasp.org/images/4/47/Prev_Logo_with_Tag_Line.jpg] - [http://www.mclabs.com https://www.owasp.org/images/9/91/MicroTek.jpg] - [http://www.protiviti.com https://www.owasp.org/images/c/cf/Protiviti.jpg]
 +
<br>
 +
<center>[https://www.owasp.org/images/b/bc/APPSEC2008Sponsor.pdf Sponsorship Opportunities]</center>
 +
<hr>
 +
 +
== CPE Credits ==
 +
 +
Much of the content is eligible for CPE credits.  Please check with your institution regarding specific requirements.
 +
 +
'''The CISM cpe policy (www.isaca.org/cismcpepolicy) states''':
 +
 +
One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.
 +
 +
Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"
 +
 +
'''Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC'''
 +
 +
Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows:
 +
Training Courses: September 22-23, 2008
 +
• 16 CPE units for 2 days of training (Monday - Tuesday)
 +
• 8 CPE units for 1 day of training (Monday or Tuesday Only)
 +
Conferences: September 24-25, 2008
 +
Earn 1 CPE per hour of conference attendance
 +
 +
== [http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008 ] ==
 +
 +
All classes begin at 9AM and end at 5:30PM
  
== [https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008] ==
 
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
 
  ! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
 
  ! align="center" style="background:#4058A0; color:white" | T1. Defensive Programming - 2-Days - $1350
 
  |-
 
  |-
  | style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. The instructor Pravir Chandra is well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
+
  | style="background:#F2F2F2" | This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. [[:Category:OWASP_AppSec_Conference_Training#T1._Defensive_Programming_-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]]
  
Instructor: Jason Rouse, Sr. Consultant, [http://www.cigital.com/training/series https://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''  
+
Instructor: Jason Rouse, Technical Manager, [http://www.cigital.com/training/series http://www.owasp.org/images/b/be/Cigital_OWASP.GIF]'''  
 
  |-
 
  |-
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
+
{| style="width:80%" border="0" align="center"
 +
! align="center" style="background:#4058A0; color:white" | T2. Secure Coding for Java EE - 2-Days - $1350
 
  |-
 
  |-
 
  | style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
 
  | style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
Line 168: Line 362:
 
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.
 
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.
  
[[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
+
[[:Category:OWASP_AppSec_Conference_Training#T2._Secure_Coding_for_Java_EE-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]]
  
Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
+
Instructor: Dave Wichers: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
 
'''
 
'''
 
  |-
 
  |-
 
  ! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
 
  ! align="center" style="background:#4058A0; color:white" | T3. Web Services and XML Security - 2-Days - $1350
 
  |-
 
  |-
  | style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
+
  | style="background:#F2F2F2" | The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. [[:Category:OWASP_AppSec_Conference_Training#T3._Web_Services_and_XML_Security_-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]]
  
 
Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
 
Instructor: Gunnar Peterson''' [http://www.arctecgroup.net https://www.owasp.org/images/b/bf/Arctec.jpg]
Line 181: Line 375:
 
  ! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
 
  ! align="center" style="background:#4058A0; color:white" | T4. Advanced Web Application Security Testing - 2-Days - $1350
 
  |-
 
  |-
  | style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
+
  | style="background:#F2F2F2" | Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. [[:Category:OWASP_AppSec_Conference_Training#T4._Advanced_Web_Application_Security_Testing_-_2-Day_Course_-_Sep_22-23.2C_2008 | Learn More Here]]
  
Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
+
Instructor: Eric Sheridan: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
 
  |-
 
  |-
 
  ! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
 
  ! align="center" style="background:#4058A0; color:white" | T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
 
  |-
 
  |-
  | style="background:#F2F2F2" |  In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process.  The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
+
  | style="background:#F2F2F2" |  In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process.  The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. [[:Category:OWASP_AppSec_Conference_Training#T5._Leading_the_Development_of_Secure_Applications_-_1-Day_Course_-_Sep_22.2C_2008 | Learn More Here]]
Instructor: This tutorial is provided by longtime OWASP contributor: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
+
Instructor: John Pavone: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
 +
|-
 +
{| style="width:80%" border="0" align="center"
 +
|-
 +
! align="center" style="background:#4058A0; color:white" | T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
 
  |-
 
  |-
  ! align="center" style="background:#4058A0; color:white" | T6. Application Security Forensics - 1-Day - Sep 23rd - $675
+
  | style="background:#F2F2F2" | Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development.  [[:Category:OWASP_AppSec_Conference_Training#T6._Building_Secure_Rich_Internet_Applications_-_1-Day_Course_-_Sep_23.2C_2008 | Learn More Here]]
  |-
+
Instructor: Arshan Dabirsiaghi: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]'''
  | style="background:#F2F2F2" | Web application forensics and incident response, requires a solid understanding of web application, security issues – this 1 day class will provide you with a crashcourse on chain of custody and issues related to dealing with a breach
+
|-
 +
  {| style="width:80%" border="0" align="center"
 +
 
 +
  ! align="center" style="background:#4058A0; color:white" | T8. Secure Coding for .NET - 2-Days - $1350
 
  |-
 
  |-
  ! align="center" style="background:#4058A0; color:white" | T7. Encryption Programming Using SKSML - 2-Days - $1350
+
  | style="background:#F2F2F2" | This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of .NET focused content, including:
|-
+
# .NET security overview,
| style="background:#F2F2F2" |  Application developers are increasingly required to protect sensitive data through encryption. While there are many libraries that can assist with cryptography, there are few to none that focus on encryption key management.
+
# All coding examples and recommendations are specifically focused on C#.NET and/or VB.NET and IIS servers, and
 +
# 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a .NET application developed for the class. Both C# and VB.NET versions of the hands on coding labs are available.
  
This class will introduce you to an OASIS standards protocol - Symmetric Key Services Markup Language (SKSML) - and show you how it can be used to securely encrypt sensitive data and manage encryption keys across the enterprise. [[:Category:OWASP_AppSec_Conference_Training | Learn More Here]]
+
[[:Category:OWASP_AppSec_Conference_Training#T8._Writing_Secure_Code_ASP.NET_-_Sep_22-23.2C_2008 | Learn More Here]]
  
Instructor: Arshad Noor, CTO, StrongAuth Inc.''' [http://www.strongauth.com https://www.owasp.org/images/8/86/StrongAuth.jpg]
+
Instructor: Jerry Hoff: [http://www.aspectsecurity.com http://www.owasp.org/images/d/d1/Aspect_logo.gif]
 
|}
 
|}
<center>[http://guest.cvent.com/i.aspx?4W,M3,828ca6d1-1b60-4105-8034-d344700e6956 https://www.owasp.org/images/7/7f/Register.gif]</center>
 
  
 
<h2> HOTELS / TRAVEL </h2>
 
<h2> HOTELS / TRAVEL </h2>
[http://maps.google.com/maps?near=Pace+Plz,+New+York,+NY+10038+(Pace+University+New+York+Cmps)&geocode=15467452012610799558,40.711640,-74.005820&q=hotel&f=l&dq=Pace+University-New+York&ie=UTF8&z=15&om=0 Hotel's in the area of the event]
+
[http://www.parkcentralny.com Park Central Hotel]
 +
 +
[http://maps.google.com/maps?near=7th+Ave+%26+W+56th+St,+New+York,+NY&geocode=&q=hotels&f=l&sll=40.766339,-73.980539&sspn=0.007654,0.02223&ie=UTF8&ll=40.764681,-73.980668&spn=0.007655,0.02223&z=16 Hotels close to the venue]
 +
 
 +
What is around APPSEC2008 - [http://www.parkcentralny.com/attractions/attractions.cfm  Area Attractions]
  
 
New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html
 
New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html
Line 220: Line 425:
  
 
New York City local news: http://www.ny1news.com
 
New York City local news: http://www.ny1news.com
 
<h2>EVENT SPONSORSHIP </h2>The OWASP Conferences & Training security technologists including CSOs,admins, application admins, MIS directors, homeland defense chiefs. These important influencers drive buying decisions exclusive access to its audiences. OWASP has established strategic relationships with security—print publications, newsletters, portals, consultants,message—and leadership positioning OWASP events. OWASP’s mission is supported by organizations who share our application, and software security communities. This approach should be part of your mix.
 
 
<b>[https://www.owasp.org/images/9/98/NY_Sponsorship_Form.pdf Sponsorship Opportunities]- Register online: [http://guest.cvent.com/i.aspx?4W,M3,09e3b490-ba93-4474-851e-be803b1a01c2 click here]</b>
 

Latest revision as of 11:02, 31 March 2009

Introduction

This event was a great success, drawing together professionals from all around the world. Please see the agenda below for copies of the presentations and videos of all the talks!!

Conference Description: This vendor agnostic conference has tracks for management, security, audit and development professionals interested in the state of the appsec industry and its trends. Presented by some of the brightest people in the industry, this event is a must attend for anyone looking to improve their information security posture and threat awareness. With assistance from: WASC, NYM InfraGard, AITGlobal, NYC PHP, NYCBUG, NYC ISACA, NYC ISSA and our event co-sponsors you are invited to (2) days of hardcore hands-on training and (2) full days of Seminars and Technology Pavilion from the world's best application security technology minds, all held in the New York City, Midtown.

SEE BELOW FOR VIDEO AND SLIDES - CLICK HERE FOR PHOTOS

Join the OWASP Linked'In Group

- - -

For Previous OWASP Conference Video CLICK HERE

2008 OWASP USA, NYC Conference Schedule – FULL VIDEO 50+ Speakers see below

Day 1 – Sept 24th, 2008

Track 1: BALLROOM Track 2: SKYLINE Track 3: TIMESQUARE
07:30-08:50 Doors Open for Attendee/Speaker Registration

avoid lines come early get your caffeine fix and use free wifi

09:00-09:45 OWASP Version 3.0 who we are, how we got here and where we are going?

OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder

EmbedVideo does not recognize the video service "googlevideo".

Dave Wicher's Slides / Jeff William's Slides / Dinis Cruz's Slides

10:00-10:45 Analysis of the Web Hacking Incidents Database (WHID)

Ofer Shezaf
VIDEO / SLIDES

Web Application Security Road Map
Joe White
VIDEO / SLIDES

DHS Software Assurance Initiatives
Stan Wisseman & Joe Jarzombek
VIDEO / SLIDES

11:00-11:45

Http Bot Research
Andre M. DiMino - ShadowServer Foundation
VIDEO / SLIDES

OWASP "Google Hacking" Project
Christian Heinrich
VIDEO / SLIDES

MalSpam Research
Garth Bruen
VIDEO / SLIDES

12:00-13:00 Capture the Flag Sign-Up

LUNCH - Provided by event sponsors @ TechExpo

12:00-12:45

Get Rich or Die Trying - Making Money on The Web, The Black Hat Way
Trey Ford, Tom Brennan, Jeremiah Grossman
VIDEO / SLIDES

Framework-level Threat Analysis: Adding Science to the Art of Source-code review
Rohit Sethi & Sahba Kazerooni
VIDEO / SLIDES

Automated Web-based Malware Behavioral Analysis
Tyler Hudak
VIDEO / SLIDES

13:00-13:45

New 0-Day Browser Exploits: Clickjacking - yea, this is bad...
Jeremiah Grossman & Robert "RSnake" Hansen
VIDEO / SLIDES

Web Intrusion Detection with ModSecurity
Ivan Ristic
VIDEO / SLIDES

Using Layer 8 and OWASP to Secure Web Applications
David Stern & Roman Garber
VIDEO / SLIDES

14:00-14:45 Application Security Industry Outlook Panel:

Jim Routh CISO DTCC,
Sunil Seshadri CISO NYSE-Euronet,
Joe Bernik SVP, RBS Americas,
Jennifer Bayuk Infosec Consultant,
Philip Venables CISO, Goldman Sachs,
Carlos Recalde SVP, Lehman Brothers,
Moderator: Mahi Dontamsetti
VIDEO / SLIDES

Security Assessing Java RMI
Adam Boulton
VIDEO / SLIDES

JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web
Yiannis Pavlosoglou
VIDEO / SLIDES

15:00-15:45

OWASP Testing Guide - Offensive Assessing Financial Applications
Daniel Cuthbert
VIDEO / SLIDES

Flash Parameter Injection (FPI)
Ayal Yogev & Adi Sharabani
VIDEO / SLIDES / PAPER

w3af - A Framework to own the web
Andrés Riancho
VIDEO / VIDEO

16:00-16:45

OWASP Enterprise Security API (ESAPI) Project
Jeff Williams
VIDEO / SLIDES

Cross-Site Scripting Filter Evasion
Alexios Fakos
VIDEO / SLIDES

Multidisciplinary Bank Attacks
Gunter Ollmann
VIDEO / SLIDES

17:00-17:45

Open Discussion On Application Security
Joe Bernik & Steve Antoniewicz
VIDEO / SLIDES

Mastering PCI Section 6.6
Taylor McKinley and Jacob West
VIDEO / SLIDES

Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
Vijay Akasapu & Marshall Heilman
VIDEO / SLIDES

18:00-18:45

Spearfishing and the OWASP Live CD
Joshua Perrymon
VIDEO / SLIDES

Phundamental Security - Coding Secure w/PHP
Hans Zaunere
VIDEO / SLIDES

Payment Card Data Security and the new Enterprise Java
Dr. B. V. Kumar & Mr. Abhay Bhargav
VIDEO / SLIDES

19:00-20:00

OWASP Chapter Leader / Project Leader working session
OWSAP Board/Chapter Leaders

(ISC)2 Cocktail Hour
All welcome to attend for a special announcement presented by:
W. Hord Tipton, Executive Director of (ISC)2

Technology Movie Night
Sneakers, WarGames, HackersArePeopleToo, TigerTeam
from 19:00 - 23:00

20:00-23:00+ OWASP Event Party/Reception
Event badge required for admission
Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.
Location: HOTEL BALLROOM


Day 2 – Sept 25th, 2008

08:00-10:00 BREAKFAST - Provided by event sponsors @ TechExpo
08:00-08:45

Software Development and Management: The Last Security Frontier
W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²
VIDEO / SLIDES

Best Practices Guide for Web Application Firewalls
Alexander Meisel
VIDEO / SLIDES

The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis
Thomas Ryan
VIDEO / SLIDES

09:00-09:45

OWASP Web Services Top Ten
Gunnar Peterson
VIDEO / SLIDES

Red And Tiger Team Application Security Projects
Chris Nickerson
VIDEO / SLIDES

OpenSource Tools
Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ
VIDEO / SLIDES

10:00-10:45

Building a tool for Security consultants: A story of a customized source code scanner
Dinis Cruz
VIDEO / SLIDES

"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment
Lee Kushner
VIDEO / SLIDES

Industry Analysis with Forrester Research
Chenxi Wang
VIDEO / SLIDES

11:00-11:45

Software Assurance Maturity Model (SAMM)
Pravir Chandra
VIDEO / SLIDES

Security in Agile Development
Dave Wichers
VIDEO / SLIDES

Secure Software Impact
Jack Danahy
VIDEO / SLIDES

12:00-12:45

Next Generation Cross Site Scripting Worms
Arshan Dabirsiaghi
VIDEO / SLIDES

Security of Software-as-a-Service (SaaS)
James Landis
VIDEO / SLIDES

Open Reverse Benchmarking Project
Marce Luck & Tom Stracener
VIDEO / SLIDES

12:00-13:00 Capture the Flag Status

LUNCH - Provided @ TechExpo

13:00-13:45

NIST and SAMATE Static Analysis Tool Exposition (SATE)
Vadim Okun
VIDEO / SLIDES

Lotus Notes/Domino Web Application Security
Jian Hui Wang
VIDEO / SLIDES

Shootout @ Blackbox Corral
Larry Suto
VIDEO / SLIDES

14:00-14:45

Practical Advanced Threat Modeling
John Steven
VIDEO / SLIDES

The OWASP Orizon Project: towards version 1.0
Paolo Perego
VIDEO / SLIDES

Building Usable Security
Zed Abbadi
VIDEO / SLIDES

15:00-15:45

Off-shoring Application Development? Security is Still Your Problem
Rohyt Belani
VIDEO / SLIDES

OWASP EU Summit Portugal
Dinis Cruz
VIDEO / SLIDES

A Security Architecture Case Study
Johan Peeters
VIDEO / SLIDES

16:00-16:45

Vulnerabilities in application interpreters and runtimes
Erik Cabetas
VIDEO / SLIDES

Cryptography For Penetration Testers
Chris Eng
VIDEO / SLIDES

Memory Corruption and Buffer Overflows
Dave Aitel
VIDEO / SLIDES

17:00-17:45 Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles
EmbedVideo does not recognize the video service "googlevideo".

VIDEO

18:30-19:30 OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!


So did you like the content? Lets us know.. Contact Us


EVENT SPONSORS


Diamond Sponsor - Imperva_2color_RGB.jpg

Platinum Sponsor - CenzicLogo_RGB.gif - 20080703021901%21Whitehat.gif - Ibm.jpg

Gold, Silver, Expo & Other Sponsors - Isc2logo.gif - 50px-F5_50px.jpg - Aspect_logo.gif - Qualys.gif - OunceLabs_logo.jpg - Fortify.jpg - Cigital_OWASP.GIF - Acuneti.gif - Denimgroup.jpg - Accessit.JPG - Fishnet_security.png - Airtight.gif - AOD_Logo.gif - Security_university.jpg - Breach_logo.gif - Armorize_Logo.png -Barracuda_Color_Logo.jpg - New_Symantec_Logo.jpg - Prev_Logo_with_Tag_Line.jpg - MicroTek.jpg - Protiviti.jpg

Sponsorship Opportunities

CPE Credits

Much of the content is eligible for CPE credits. Please check with your institution regarding specific requirements.

The CISM cpe policy (www.isaca.org/cismcpepolicy) states:

One continuing professional education hour is earned for each fifty minutes of active participation (excluding lunches and breaks) in a professional educational activity. Continuing professional education hours are only earned in full-hour increments and rounding must be down. For example, a CISA who attends an eight-hour presentation (480 minutes) with 90 minutes of breaks will earn seven (7) continuing professional education hours.

Activities that qualify for CPE must be directly applicable to the management, design or assessment of an enterprise's information security as per the CISM job practice"

Earn (ISC)2 CPE Credits at 2008 OWASP USA, NYC

Attendance at the 2008 OWASP NYC Training Courses or Conferences will earn you Continuing Professional Education (CPE) credits as follows: Training Courses: September 22-23, 2008 • 16 CPE units for 2 days of training (Monday - Tuesday) • 8 CPE units for 1 day of training (Monday or Tuesday Only) Conferences: September 24-25, 2008 Earn 1 CPE per hour of conference attendance

OWASP NYC AppSec 2008 Training Courses - September 22nd and 23rd, 2008

All classes begin at 9AM and end at 5:30PM

T1. Defensive Programming - 2-Days - $1350
This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws. Learn More Here

Instructor: Jason Rouse, Technical Manager, Cigital_OWASP.GIF

T2. Secure Coding for Java EE - 2-Days - $1350
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of Java focused content, including:
  1. Java EE security overview,
  2. All coding examples and recommendations are specifically focused on Java and Java servers, and
  3. 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a Java EE application developed for the class.

Learn More Here

Instructor: Dave Wichers: Aspect_logo.gif

T3. Web Services and XML Security - 2-Days - $1350
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Learn More Here

Instructor: Gunnar Peterson Arctec.jpg

T4. Advanced Web Application Security Testing - 2-Days - $1350
Course Overview While all developers need to know the basics of web application security testing, application security specialists will want to know all the advanced techniques for finding and diagnosing security problems in applications. Aspect’s Advanced Web Application Security Testing training is based on a decade of work verifying the security of critical applications. The course is taught by an experienced application security practitioner in an interactive manner. Learn More Here

Instructor: Eric Sheridan: Aspect_logo.gif

T5. Leading the Development of Secure Applications 1-Day - Sept 22nd- $675
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. Learn More Here

Instructor: John Pavone: Aspect_logo.gif

T6. Building Secure Rich Internet Applications 1-Day - Sept 23rd- $675
Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development. Learn More Here

Instructor: Arshan Dabirsiaghi: Aspect_logo.gif

T8. Secure Coding for .NET - 2-Days - $1350
This course is similar to Aspect's Building and Testing Secure Web Applications except it includes a significant amount of .NET focused content, including:
  1. .NET security overview,
  2. All coding examples and recommendations are specifically focused on C#.NET and/or VB.NET and IIS servers, and
  3. 3 additional hands on coding labs where the students find and then fix security vulnerabilities in a .NET application developed for the class. Both C# and VB.NET versions of the hands on coding labs are available.

Learn More Here

Instructor: Jerry Hoff: Aspect_logo.gif

HOTELS / TRAVEL

Park Central Hotel

Hotels close to the venue

What is around APPSEC2008 - Area Attractions

New York City MTA: http://www.mta.nyc.ny.us/nyct/index.html

New York City Subway & walking directions: http://www.hopstop.com/?city=newyork

New York Sights & Sounds - SightsSounds

New York City Travel Guide - http://www.nytoday.com/

New York City Attractions - http://www.nycvisit.com

New York TV Show Tickets - Get free tickets to TV shows! - http://www.nytix.com/

New York City local news: http://www.ny1news.com