OWASP Appsec 2009 Nov. 10, 2009 to Nov. 13, 2009, Washington DC, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Assessing And Exploiting Web Applications With The Open Source Samurai Web Testing Framework Justin Searle Security Web Exploitation
Java Ee Secure Code Review Sahba Kazerooni Development Security
Threat Modeling Express Krishna Raja Security Others
Foundations Of Web Services And Xml Security Dave Wichers Security Web Application Security
Live Cd Matt Tesauro Security Unix
Webappsec.Php: Developing Secure Web Applications Robert Zakon Security Web Application Security
Leader And Manager Training - Leading The Development Of Secure Applications John Pavone Security Development
Keynote: Joe Jarzombek Keynote
All About Owasp Anonymous Speaker Community Security
Owasp Esapi Jeff Williams Video | Slides Jeff Williams Application security is arguably the most difficult IT challenge facing organizations today. Chasing the 700 ... Security Development
Clubbing Webapps With A Botnet Gunter Ollmann The lonely hacker taking pot-shots at a Web application & seeking out an exploitable flaw ... Security Web Application Security Botnets
Understanding The Implications Of Cloud Computing On Application Security Dennis Hurst Cloud Computing paradigms spell fundamental changes for where your applications run, the platforms on which ... Security Cloud
Enterprise Application Security - Ge'S Approach To Solving Root Cause And Establishing A Center Of Excellence Darren Challey GE has established a holistic Application Security Program that seeks to detect, correct and prevent ... Security Others Application Security
Software Assurance Maturity Model (Samm) Pravir Chandra The Software Assurance Maturity Model (SAMM) (http://www.opensamm.org) is a flexible and prescriptive framework for building ... Security Application Security Development
The Case Of Promiscuous Parameters And Other Ongoing Capers In Web Security Jacob West Security is harder than it looks: seemingly innocuous programming constructs can turn a cool project ... Security Buffer Overflows Web Others
Transparent Proxy Abuse Robert Auger Transparent proxies allow organizations to influence and monitor the traffic from its users without their ... Security Web Monitoring
Software Development The Next Security Frontier Jim Molini With over 70% of security vulnerabilities existing at the application layer (Gartner Group, 2005), the ... Compliance Development
Disa'S Application Security And Development Stig: How Owasp Can Help You Jason Li In July 2008, the Defense Information Systems Agency (DISA) released the first enforceable version of ... Security Application Security Development
Owasp Modsecurity Core Rule Set Project Ryan C. Barnett The ModSecurity Core Rule Set (CRS) is a free, generic set of web application firewall ... Security Web Application Security
Development Issues Within Ajax Applications: How To Divert Threats Lars Ewe AJAX has rapidly emerged as a prominent enabling technology in the movement to improve the ... Security Web Browser
Defend Yourself: Integrating Real Time Defenses Into Online Applications Michael Coates Ask any attacker how many attempts it takes them to successfully exploit a vulnerability - ... Exploitation
Finding The Hotspots: Web-Security Testing With The Watcher Tool Chris Weber Note: To participate, please come with Fiddler and the Watcher tool (http://websecuritytool.codeplex.com) installed for the ... Security Wireless Web Network Penetration
Social Zombies: Your Friends Want To Eat Your Brains Kevin Johnson , Tom Eston In Social Zombies: Your Friends want to eat Your Brains, Tom Eston and Kevin Johnson ... Security Botnets
Sdlc Panel Appsecdc Dan Dan cornell , Keith Turpin , Michael Craigue , Dennis Hurst , Joey Peloquin A discussion of Software Development Life Cycle implementations by industry leading experts. This panel will ... Panel
The Esapi Web Application Firewall (Esapi Waf) Arshan Dabirsiaghi This talk will be the official introduction of the ESAPI WAF! We'll present a new ... Web Access Control Access
One Click Ownage Ferruh Mavituna A simple plug-in based open source framework for Automation of detection and exploitation vulnerabilities such ... Automation
Web Application Security Scanner Evaluation Criteria Brian Shura Web application security scanners are a complex class of tools that are a challenge to ... Web Application Security
Cloudy With A Chance Of 0-Day Jon Rose , Tom Leavey This talk provides a brief overview of cloud computing, and reveals the security risks of ... Security Cloud Development
The Essential Role Of Infosec In Secure Software Development Kenneth R. Van wyk Secure software development won't succeed without substantial collaboration among the infosec teams in an organization. ... Security Development
Owasp Live Cd: An Open Environment For Web Application Security Matt Tesauro The OWASP Live CD is a project that collects some of the best open source ... Security Unix
Learning By Breaking: A New Project Insecure Web Apps Chuck Willis The idea of creating web applications with intentional vulnerabilities is nothing new. It seems that ... Security Web Application Security
Synergy! A World Where The Tools Communicate Joshua Abraham Most penetration testers use many separate tools to get the job done. The problem is ... Security Others
Attacking Wcf Web Services Brian Holyfield Let's face it, hacking a web service generally isn't rocket science. But what if the ... Security Web Others Application Security
Vulnerability Management In An Application Security World Dan Dan cornell Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in ... Security Web Application Security
The Entrepreneur'S Guide To Career Management Lee Kushner As the Information Security profession continue to mature, the competition for highly sought after positions ... Security Deep Knowledge
Advanced Ssl: The Good, The Bad, And The Ugly Michael Coates SSL has taken many hits over the past year. From the MD5 rogue certificate creation ... Security Web Browser
When Web 2.0 Attacks - Understanding Security Implications Of Ajax, Flash And Rafal Los Web 2.0 - love it or hate it, the technology driving the highly interactive web ... Web Application Security
Threat Modeling By John Steven John Steven How will attackers break your web application? How much security testing is enough? Do I ... Application Security Web
The Big Picture: Web Risks And Assessments Beyond Scanning Matthew Fisher This talk is an unabashed look at the role and limitations of automated technologies in ... Web Risk
Securing The Core Jee Patterns Rohit Sethi The demand to integrate security into early development activities has accelerated in recent years. The ... Analysis
The Web Hacking Incidents Database Ryan C. Barnett The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to ... Web Analysis
Scalable Application Assessments In The Enterprise Tom Parker That's right & we said scalable. Applications which live in the enterprise, COTS or otherwise; ... Security Business Development
Malicious Developers And Enterprise Java Rootkits Jeff Williams How much would it cost to convince a developer to insert a few special lines ... Security Rootkits Development
Application Security Metrics From The Organization On Down To The Vulnerabilities Chris Wysopal Application security metrics are valuable today yet are still evolving. The best place to start ... Security Others
Scap: Automating Our Way Out Of The Vulnerability Wheel Of Pain Ed Bellis The harsh economic climate has hit us all in some way. Budgets are trimmed and ... Security Automation
Secure Software Updates: Update Like Conficker Jeremy Allen Software updates are an often forgotten backbone of modern software. The one constant for a ... Security Malware
Unicode Transformations: Finding Elusive Vulnerabilities Chris Weber The complex landscape of Unicode provides many angles for exploiting software and end users. We've ... Exploitation
Owasp Top 10 2010 Appsecdc Dave Wichers , Dave Wichers This presentation will cover the OWASP Top 10 - 2010 Release Candidate that is being ... Security Others
Secure Sdlc: The Good, The Bad, And The Ugly Joey Peloquin This isn't your father's Secure SDLC talk folks! Join Joey Peloquin, Director of Application Security ... Security Compliance Development
Improving Application Security After An Incident Cory Scott When an enterprise suffers an application security incident, a whirlwind of activity takes place to ... Security Intrusion Detection Incident Response
Deploying Secure Web Applications With Owasp Resources Sebastien Deleersnyder , Fabio E Cerullo Universities are key to making application security visible and the need to educate software developers ... Security Community Development
Appsecdc Owasp O2 Platform Dinis Cruz In this talk Dinis Cruz will show the OWASP O2 Platform which is an open ... Security Web Development
Custom Intrusion Detection Techniques For Monitoring Web Applications Matthew Olney This talk will discuss leveraging in-house specific architecture knowledge to build custom detection methodologies. One ... Web Anonymity Privacy Monitoring
The 10 Least-Likely And Most Dangerous People On The Internet Robert Hansen There are a number of people who work in roles and at places that drive ... Security Deep Knowledge
Injectable Exploits: Two New Tools For Pwning Web Apps And Browsers Kevin Johnson Injectable exploits focus on the exploitation of major web flaws during penetration tests. Two new ... Web Exploitation Network Penetration
Automated Vs. Manual Security: You Can'T Filter The Stupid David Byrne Everyone wants to stretch their security budget, and automated application security tools are an appealing ... Security Automation
Manipulating Web Application Interfaces, A New Approach To Input Validation Felipe Moreno This talk will suggest a new approach for web application input validation testing and introduce ... Security Web Application Security Browser
Hacking By Numbers Tom Brennan There is a difference between what is possible and what is probable, something we often ... Exploitation Automation
Building An In-House Application Security Assessment Team Keith Turpin Like many companies, Boeing historically relied on contracted security vendors to provide various IT security ... Risk
The Owasp Security Spending Benchmarks Project Boaz Gelbord How much security spending is enough when developing web applications? There are few, if any, ... Security Community
Sans Dshield Webhoneypot Project Jason Lam The DShield project has been providing the information security industry with early attack warning data ... Others Security
Appsecdc09 Federal Ciso Panel Earl Crane , Gary Galloway , Timothy Ruland , Richard Smith The US Federal Government owns some of the largest IT infrastructures in the world. With ... Privacy
Promoting Application Security Within Federal Government Sarbari Gupta Currently, federal government organizations are not particularly focused on application layer security. The major reason ... Security Risk Compliance
Techniques In Attacking And Defending Xml/Web Services Phil Dunkelberger Security Others