Difference between revisions of "OWASP Software Assurance Day DC 2009"

From OWASP
Jump to: navigation, search
(minor tweaks to spacing)
 
(10 intermediate revisions by 4 users not shown)
Line 20: Line 20:
  
 
For information on registration for the Software Assurance Forum, please contact [mailto:Jennifer.Brezovic@associates.dhs.gov Jennifer Brezovic].
 
For information on registration for the Software Assurance Forum, please contact [mailto:Jennifer.Brezovic@associates.dhs.gov Jennifer Brezovic].
 
 
If you have any questions relating to the conference or just want to help out, please email the conference chair, [mailto:sbarnum@cigital.com Sean Barnum].
 
 
 
Registration link should be up soon.
 
  
  
Line 42: Line 36:
 
''Sean Barnum, Conference Chair''
 
''Sean Barnum, Conference Chair''
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 08:30-09:00 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''Intro to OWASP'''
+
  | style="width:10%; background:#7B8ABD" | 08:30-09:00 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''Intro to OWASP''' [[Media:Brennan_-_OWASP_SwA_Day_DC_2009_-_OWASP_Intro_and_Overview.pdf‎|  (slides)]]
''Tom Brennan''
+
''Tom Brennan, WhiteHat Security''
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''CWE/SANS Top 25: Towards Minimum Due Care in Software Security'''
+
  | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | [[Maturing Software Assessment Through Static Analysis]][[Media:Maturing_Assessment_through_SA.ppt|  (slides)]]
''Steve Christey, Mitre''
+
''John Steven, Cigital''
 
   |-
 
   |-
  | style="width:10%; background:#7B8ABD" | 09:50-10:35 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''Don’t Write Your Own Security Code: The OWASP Enterprise Security API'''
+
  | style="width:10%; background:#7B8ABD" | 09:50-10:35 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | [[Don’t Write Your Own Security Code: The OWASP Enterprise Security API]] ([http://www.owasp.org/images/f/f2/ESAPI_for_OWASP_Day.pptx slides])
 
''Jeff Williams, Aspect Security''
 
''Jeff Williams, Aspect Security''
 
|-
 
|-
 
  | style="width:10%; background:#7B8ABD" | 10:35-10:50 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | '''Morning Break'''
 
  | style="width:10%; background:#7B8ABD" | 10:35-10:50 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | '''Morning Break'''
 
   |-
 
   |-
  | style="width:10%; background:#7B8ABD" | 10:50-11:35 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''Cooking with OWASP: Recipes in Web Security Testing'''
+
  | style="width:10%; background:#7B8ABD" | 10:50-11:35 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | [[Cooking with OWASP: Recipes in Web Security Testing]][[Media:CookingWithOWASP-opt.pdf|  (slides)]]
 
''Paco Hope, Cigital''
 
''Paco Hope, Cigital''
 
|-
 
|-
  | style="width:10%; background:#7B8ABD" | 11:40-12:25 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''OWASP Application Security Verification Standard (ASVS)'''
+
  | style="width:10%; background:#7B8ABD" | 11:40-12:25 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | [[OWASP Application Security Verification Standard (ASVS)]][[Media:Wichers_-_About_OWASP_ASVS_Web_Edition_v2.pdf‎|  (slides)]]
 
''Dave Wichers, Aspect Security''
 
''Dave Wichers, Aspect Security''
 
|-
 
|-
 
  | style="width:10%; background:#7B8ABD" | 12:25-13:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | '''Lunch – MITRE Cafeteria'''
 
  | style="width:10%; background:#7B8ABD" | 12:25-13:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | '''Lunch – MITRE Cafeteria'''
 
|-
 
|-
  | style="width:10%; background:#7B8ABD" | 13:45-14:30 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''Maturing Software Assessment Through Static Analysis'''
+
  | style="width:10%; background:#7B8ABD" | 13:45-14:30 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | [[CWE/SANS Top 25: Towards Minimum Due Care in Software Security]][[Media:CWE_Top_25_Minimum_Due_Care.pdf‎|  (slides)]]
''John Steven, Cigital''
+
''Steve Christey, Mitre''
 
|-
 
|-
  | style="width:10%; background:#7B8ABD" | 14:35-15:20 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''The Future of Mobile:  Developing Secure Mobile Applications'''
+
  | style="width:10%; background:#7B8ABD" | 14:35-15:20 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | [[The Future of Mobile:  Developing Secure Mobile Applications]][[Media:Rouse_-_Securing_Mobile_Applications_(size_reduced).pdf‎|  (slides)]]
 
''Jason Rouse, Cigital''
 
''Jason Rouse, Cigital''
 
|-
 
|-
 
  | style="width:10%; background:#7B8ABD" | 15:25-15:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | '''Afternoon Break'''
 
  | style="width:10%; background:#7B8ABD" | 15:25-15:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | '''Afternoon Break'''
 
|-
 
|-
  | style="width:10%; background:#7B8ABD" | 15:40-16:25 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | '''OWASP Live CD:  An open environment for Web Application Security'''
+
  | style="width:10%; background:#7B8ABD" | 15:40-16:25 || colspan="2" style="width:80%; background:#F2F2F2" align="left" | [[OWASP Live CD:  An open environment for Web Application Security]][[Media:OWASP_Live_CD.pdf‎‎|  (slides)]]
 
''Matt Tesauro, Texas Education Agency''
 
''Matt Tesauro, Texas Education Agency''
 
|-
 
|-
 
  | style="width:10%; background:#7B8ABD" | 16:25-16:45 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | '''Conference Wrap Up and Opportunities to Contribute'''  
 
  | style="width:10%; background:#7B8ABD" | 16:25-16:45 || colspan="2" style="width:40%; background:#F2F2F2" align="left" | '''Conference Wrap Up and Opportunities to Contribute'''  
 
|}
 
|}
 
  
 
==Logistics==
 
==Logistics==
Line 154: Line 147:
  
 
Despite the fact that this is a free conference, we still need you to register to fulfill security requirements of the facility and to ensure that we don't exceed venue capacity.
 
Despite the fact that this is a free conference, we still need you to register to fulfill security requirements of the facility and to ensure that we don't exceed venue capacity.
 
Registration links should be up soon.
 
  
  

Latest revision as of 13:32, 25 March 2009

Welcome to the OWASP Software Assurance Day DC 2009.

This single-day conference will be held on March 13th in conjunction with the Software Assurance Forum (March 10th-12th) sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.

We are pleased to invite OWASP members, attendees of the Software Assurance Forum and any other interested parties to join us for this event.

At this event, you will hear presentations from key leaders in the web application security domain on:

  • the state of the union for the Open Web Application Security Project
  • the current status of several ongoing OWASP projects
  • recently released knowledge resources to assist web application security programs in establishing a standard for minimum due care
  • recipes for leveraging OWASP resources in security testing efforts
  • the emerging importance of application security in the wireless domain
  • a state-of-the-art approach to automating multi-perspective application security assessment


You will also find out how you can leverage OWASP resources and participate in OWASP activities through local chapters in the DC/NOVA/Maryland area.

The co-located Software Assurance Forum is also a free conference and open to any attendees of OWASP Software Assurance Day DC 2009, though it will require separate registration.

For information on registration for the Software Assurance Forum, please contact Jennifer Brezovic.


Contents

Conference Location

The OWASP Software Assurance Day DC 2009 will be held in conjunction with the DHS/DOD/NIST Software Assurance Forum at MITRE Building 1, 7525 Colshire Drive, McLean, VA 22102.

Please use the Conference Center entrance.

Agenda and Presentations: 13 March 2009

March 13, 2009
08:15-08:30 OWASP Software Assurance Day DC kickoff

Sean Barnum, Conference Chair

08:30-09:00 Intro to OWASP (slides)

Tom Brennan, WhiteHat Security

09:00-09:45 Maturing Software Assessment Through Static Analysis (slides)

John Steven, Cigital

09:50-10:35 Don’t Write Your Own Security Code: The OWASP Enterprise Security API (slides)

Jeff Williams, Aspect Security

10:35-10:50 Morning Break
10:50-11:35 Cooking with OWASP: Recipes in Web Security Testing (slides)

Paco Hope, Cigital

11:40-12:25 OWASP Application Security Verification Standard (ASVS) (slides)

Dave Wichers, Aspect Security

12:25-13:40 Lunch – MITRE Cafeteria
13:45-14:30 CWE/SANS Top 25: Towards Minimum Due Care in Software Security (slides)

Steve Christey, Mitre

14:35-15:20 The Future of Mobile: Developing Secure Mobile Applications (slides)

Jason Rouse, Cigital

15:25-15:40 Afternoon Break
15:40-16:25 OWASP Live CD: An open environment for Web Application Security (slides)

Matt Tesauro, Texas Education Agency

16:25-16:45 Conference Wrap Up and Opportunities to Contribute

Logistics

Venue: MITRE Building 1, 7525 Colshire Drive, McLean, VA 22102

Please use the Conference Center entrance.

Accommodations

The conference has not negotiated any special rates for hotel accommodation but the following hotels are near the conference venue:


McLean Hilton 7920 Jones Branch Drive McLean, VA Tel: 1-703-448-1234

Website: http://www1.hilton.com/en_US/hi/hotel/MCLMHHH-Hilton-McLean-Tysons-Corner-Virginia/index.do


Westin Hotel 7801 Leesburg Pike Falls Church, VA Tel: 1-703-893-1340

Website: http://www.starwoodhotels.com/westin/property/overview/index.html?propertyID=1750


Marriott 8028 Leesburg Pike Vienna, VA Tel: 1-703-734-3200

Website: http://www.marriott.com/hotels/travel/wastc-tysons-corner-marriott/


Embassy Suites 8517 Leesburg Pike Vienna, VA Tel: 1-703-883-0707

Website: http://embassysuites1.hilton.com/en_US/es/hotel/WASTSES-Embassy-Suites-Tysons-Corner-Virginia/index.do


The Crowne Plaza Tysons Corner (formerly the Holiday Inn) 1960 Chain Bridge Rd McLean, VA Tel: 1-703-893-2100

Website: http://www.cptysonscorner.com/


Sheraton Premiere Tysons 8661 Leesburg Pike Vienna, VA Tel: 1-703-506-2500

Website: http://www.starwoodhotels.com/sheraton/property/overview/index.html?propertyID=691


Transportation to the Conference

By plane

The venue area can be reached by commercial aviation through either Dulles International Airport or Reagan National Airport.

Both are roughly equidistant from the venue and offer a range of airline and flight options.

How to get to the venue?

See the map.


Registration and Conference Fees

OWASP Software Assurance Day DC 2009 will be a free conference.

Despite the fact that this is a free conference, we still need you to register to fulfill security requirements of the facility and to ensure that we don't exceed venue capacity.


Conference Contacts

For more information please contact the team below for conference details, sponsorship or registration.


Mr Sean Barnum (Conference Chair) , Cigital Federal, Inc.

Email: sbarnum@cigital.com

Mobile: 703-473-8262


Kate Hartmann

OWASP Operations Director

9175 Guilford Road, Suite 300

Columbia, MD 21046, USA

Phone: +1-301-575-0189

Facsimile: +1-301-604-8033

Email: kate.hartmann@owasp.org


Conference Sponsors

Under negotiation.

If you are interested in sponsoring this OWASP conference, please contact Sean Barnum.