Difference between revisions of "OWASP NYC AppSec 2008 Conference"

From OWASP
Jump to: navigation, search
Line 49: Line 49:
 
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | [http://blogs.adobe.com/psirt/2008/09/thanks_to_jeremiah_grossman_an.html New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]
 
| style="width:10%; background:#7B8ABD" | 13:00-13:45 || style="width:30%; background:#BC857A" align="left" | [http://blogs.adobe.com/psirt/2008/09/thanks_to_jeremiah_grossman_an.html New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]
 
''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''
 
''[http://jeremiahgrossman.blogspot.com Jeremiah Grossman] & [http://ha.ckers.org/blog/about Robert "RSnake" Hansen]''
  | style="width:30%; background:#BCA57A" align="left" | WAF ModSecurity
+
  | style="width:30%; background:#BCA57A" align="left" | Web Intrusion Detection with ModSecurity - [[OWASP_NYC_2008-Web_Intrusion_Detection_with_ModSecurity.pdf|SLIDES]]
 
''[http://www.breach.com/company/executive-team/ Ivan Ristic]''
 
''[http://www.breach.com/company/executive-team/ Ivan Ristic]''
 
| style="width:30%; background:#99FF99" align="left" | Using Layer 8 and OWASP to Secure Web Applications
 
| style="width:30%; background:#99FF99" align="left" | Using Layer 8 and OWASP to Secure Web Applications

Revision as of 03:46, 3 October 2008

2008 OWASP USA, NYC

Last Update: 10/3/2008



Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. OWASP is like "public radio" so support our efforts join today as a corporate or individual member learn more CLICK HERE

  • Note as of Oct 2nd, we are adding the videos as the become avail., and expect them to be all online in the next few days...

2008 OWASP USA, NYC Conference Schedule – Sept 24th - Sept 25th VIDEOS

Day 1 – Sept 24th, 2008

Track 1: BALLROOM Track 2: SKYLINE Track 3: TIMESQUARE
07:30-08:50 Doors Open for Attendee/Speaker Registration

avoid lines come early get your caffeine fix and use free wifi

09:00-09:45 OWASP Version 3.0 who we are, how we got here and where we are going? - VIDEO / Dave Wichers's SLIDES

OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder

10:00-10:45 Analysis of the Web Hacking Incidents Database (WHID) VIDEO / SLIDES

Ofer Shezaf

Web Application Security Road Map VIDEO / SLIDES

Joe White

DHS Software Assurance Initiatives - VIDEO / SLIDES

Stan Wisseman & Joe Jarzombek

11:00-11:45 Http Bot Research - VIDEO / SLIDES

Andre M. DiMino - ShadowServer Foundation

OWASP "Google Hacking" Project - VIDEO / SLIDES

Christian Heinrich

MalSpam Research - VIDEO / SLIDES

Garth Bruen

12:00-13:00 Capture the Flag Sign-Up

LUNCH - Provided by event sponsors @ TechExpo

12:00-12:45 Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - VIDEO / SLIDES

Trey Ford, Tom Brennan, Jeremiah Grossman

Framework-level Threat Analysis: Adding Science to the Art of Source-code review

Rohit Sethi & Sahba Kazerooni

Automated Web-based Malware Behavioral Analysis

Tyler Hudak

13:00-13:45 New 0-Day Browser Exploits: Clickjacking - yea, this is bad...

Jeremiah Grossman & Robert "RSnake" Hansen

Web Intrusion Detection with ModSecurity - SLIDES

Ivan Ristic

Using Layer 8 and OWASP to Secure Web Applications

David Stern & Roman Garber

14:00-14:45 Industry Outlook Panel: Mark Clancy EVP CitiGroup, Jim Routh CISO DTCC, Sunil Seshadri CISO NYSE-Euronet, Warren Axelrod SVP Bank of America, Joe Bernik SVP, RBS,Jennifer Bayuk Infosec Consultant & Philip Venables CISO, Goldman Sachs, Carlos Recalde SVP, Lehman Brothers, Tom King CISO, Barclays Capital,
Mahi Dontamsetti Moderator
Security Assessing Java RMI

Adam Boulton

JBroFuzz 0.1 - 1.1: Building a Java Fuzzer for the Web

Yiannis Pavlosoglou

15:00-15:45 OWASP Testing Guide - Offensive Assessing Financial Applications

Daniel Cuthbert

Flash Parameter Injection (FPI)

Ayal Yogev & Adi Sharabani

w3af - A Framework to own the web

Andres Riancho

16:00-16:45 OWASP Enterprise Security API (ESAPI) Project

Jeff Williams

Cross-Site Scripting Filter Evasion

Alexios Fakos

Case Studies: Exploiting application testing tool deficiencies via "out of band" injection

Vijay Akasapu & Marshall Heilman

17:00-17:45 Threading the Needle:

Bypassing web application/service security controls using Encoding, Transcoding, Filter Evasion, and other Canonicalization Attacks Arian Evans

Mastering PCI Section 6.6

Taylor McKinley and Jacob West

Multidisciplinary Bank Attacks

Gunter Ollmann

18:00-18:45 OWASP Live CD

Joshua Perrymon

Coding Secure w/PHP

Hans Zaunere

Payment Card Data Security and the new Enterprise Java

Dr. B. V. Kumar & Mr. Abhay Bhargav

19:00-20:00 OWASP Chapter Leader / Project Leader working session OWSAP Board/Chapter Leaders (ISC)2 Cocktail Hour all welcome to attend for special announcement
presented by: W. Hord Tipton, Executive Director of (ISC)2
Technology Movie Night Sneakers, WarGames, HackersArePeopleToo, TigerTeam from 19:00 - 23:00
20:00-23:00+ OWASP Event Party/Reception
Event badge required for admission
Food, Drinks w/ New & Old Friends - break out the laptop and play capture the flag for fun and prizes.
Location: HOTEL BALLROOM


Day 2 – Sept 25th, 2008

08:00-10:00 BREAKFAST - Provided by event sponsors @ TechExpo
08:00-08:45 Software Development: The Last Security Frontier

W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²

Best Practices Guide: Web Application Firewalls

Alexander Meisel

The Good The Bad and The Ugly - Pen Testing VS. Source Code Analysis

Thomas Ryan

09:00-09:45 OWASP Web Services Top Ten

Gunnar Peterson

Tiger Team - APPSEC Projects

Chris Nickerson

OpenSource Tools Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ
10:00-10:45 Building a tool for Security consultants: A story of a customized source code scanner

Dinis Cruz

"Help Wanted" 7 Things You Need to Know APPSEC/INFOSEC Employment

Lee Kushner

Industry Analyst with Forrester Research

Chenxi Wang

11:00-11:45

Pravir Chandra

Security in Agile Development

Dave Wichers ppt

Secure Software Impact

Jack Danahy

12:00-12:45 Next Generation Cross Site Scripting Worms

Arshan Dabirsiaghi

Security of Software-as-a-Service (SaaS)

James Landis

Open Reverse Benchmarking Project

Marce Luck & Tom Stracener

12:00-13:00 Capture the Flag Status

LUNCH - Provided @ TechExpo

13:00-13:45 NIST SAMATE Static Analysis Tool Exposition (SATE)

Vadim Okun

Lotus Notes/Domino Web Application Security

Jian Hui Wang

Shootout @ Blackbox Corral

Larry Suto

14:00-14:45 Practical Advanced Threat Modeling

John Steven

The OWASP Orizon Project: towards version 1.0 Paolo Perego Building Usable Security

Zed Abbadi

15:00-15:45 Off-shoring Application Development? Security is Still Your Problem

Rohyt Belani

OWASP EU Summit Portugal

Dinis Cruz

Code Secrets

Johan Peeters

16:00-16:45 Vulnerabilities in application interpreters and runtimes

Erik Cabetas

Detecting User Disposition - Polar Bears in a Whiteout Robert "RSnake" Hansen Corruption Dave Aitel
17:00-17:45 Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles
18:30-19:30 OWASP Foundation, Chapter Leader Meeting - to collect ideas to make OWASP better!