OWASP Appsec 2010 Nov. 8, 2010 to Nov. 11, 2010, Washington DC, USA

Event Page

Notes :

Tell us about missing data
Title Speakers Summary Topic Types
Assessing And Exploiting Web Applications With Samurai-Wtf Mike Poor , Justin Searle Course Length: 2 Days Come take the official Samurai-WTF training course given by one of ... Workshops
Leading An Appsec Initiative Luciano Bello , Anonymous Speaker Today, every business function relies on custom software applications. These applications are typically built under ... Workshops
Remote Testing For Common Web Application Security Threats David Rhoades The proliferation of web-based applications has increased the enterprise's exposure to a variety of threats. ... Workshops
The Art Of Exploiting Sql Injections Sumit Siddharth Workshops
Webappsec.Php: Developing Secure Web Applications Web applications are the new frontier of wide?spread security breaches. This tutorial will guide through ...
Java Security Overview Zoltán Hornák The course on one hand introduces the basic security solutions provided by the Java language ... Workshops
Threat Modeling Express Rohit Sethi Workshops
Software Security Remediation: How To Fix Application Vulnerabilities Dan Dan cornell This class teaches attendees how to fix security vulnerabilities in existing software. It provides a ... Workshops
Appsec Dc 2010 Keynote Neal Ziring Keynote
Python Basics For Web App Pentesters Justin Searle Take a break from those talks that overstimulate your brain with cool technical details but ... Web Application Security
Drive By Downloads: How To Avoid Getting A Cap Popped In Your App Neil Daswani Which browser do you claim? What color is your screen-saver? It is a world wide ... Web Application Security Statistics Intrusion Prevention
Secure Code Review: Enterprise Metrics Anonymous Speaker Developers in large organizations are experiencing a move to a more holistic centralized management of ... Others Security
Cyber-Assurance Ecosystem - Automation Activities For Securing The Enterprise Joe Jarzombek Whether you manage internal development activities, work with third party developers or are developing a ... Security Exploitation Cyberwar
White And Black Box Testing Of Lotus Domino Applications Ari Elias-bachrach , Casey Pike IBM’s Lotus Domino is a unique server platform which requires a unique procedure for both ... Security Application Security SQL
Protecting Federal Government From Web 2.0 Application Security Risks Anonymous Speaker Social Media and Web 2.0 technologies - such as blogs, podcasts, web chat, Facebook, Twitter, ... Security Web Risk Web Security Social Media
Measuring Security: 5 Kpis For Successful Web App Security Programs Rafal Los Modern enterprises recognize the need to test their web applications for security vulnerabilities, but few ... Security Web Application Security Web Security Compliance
Security Risk And The Software Supply Chain Karen Mercedes Goertzel A critical aspect of the U.S. government’s effectiveness is the dependability, trustworthiness, and survivability of ... Security Others Risk
Pen Testing With Iron Andrew Wilson By taking advantage of the new Dynamic Language Runtime (DLR) from Microsoft, many challenges in ... Application Security
Providing Application-Level Assurance Through Dnssec Suresh Krishnaswamy The base DNS specification has certain security vulnerabilities that, with recent findings, makes it even ... Security Web DNS
H.....T.....T....P.......P....O....S....T Tom Brennan , Onn Chee Denial-Of-Service is an attempt to make a computer resource unavailable to its intended users and ... Security Web
Understanding How They Attack Your Weaknesses: Capec Sean Barnum By learning to think more like attackers, we gain a better understanding of how to ... Security Analysis
Hacking Oracle From Web Apps Anonymous Speaker This talk will focus on exploiting SQL injections in web applications with oracle back-end and ... Security Web SQL
Guardrails: A Nearly Painless Solution To Insecure Web Applications Anonymous Speaker With web applications continuing to grow in popularity and frameworks becoming simpler to use, creating ... Web Application Security
Framed! Security-Patching Common Web Development Frameworks Rafal Los , Joshua Abraham Developers don’t write insecure code on purpose, they simply work with tools they’re given to ... Security Infrastructure Web Application Security
Wxf: Web Exploitation Framework Ken Johnson The web application security field has seen a large expansion in the last decade. In ... Security Web Application Security
The Strengths Of Combining Code Review With Application Penetration Testing Dave Wichers The strengths of manual code review in findings vulns (using the Top 10 as the ... Security Web Application Security Compliance
Dealing With Web Application Security, Regulation Style Andrew Weidenhamer The fact that many organizations don't perform security unless they have to, significantly contributes to ... Security Web Application Security Compliance
Ensuring Software Assurance Process Maturity Edmund Wotring All organizations—government and commercial—have a growing awareness of the need for an ongoing software assurance ... Security Compliance
Pen-Test Panel Joshua Abraham , Matthew Fisher , Ken Johnson , Kevin Johnson Panel
Botnet Resistant Coding: Protecting Your Users From Script Kiddies From Owasp Jump To: Navigation, Search 468X60-Banner-2010.Gif Registration | Hotel | Walter E. Washington Convention Center The Pr Peter Greko , Fabian Rothschild Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus’s availability ... Security Development Botnets
Owasp Broken Web Applications Project Update Chuck Willis At AppSecDC in 2009, the OWASP Broken Web Applications (OWASP BWA) Project was announced and ... Security Web Application Security
People, Process, And Technology: Owasp Impact On The Swa Processes And Practices Working Group Michele Moss Application security is an evolving field, and one that gets more complex each day as ... Security Community
Closing The Gap: Analyzing The Limitations Of Web Application Vulnerability Scanners Anonymous Speaker Security Web Application Security
Using Misuse Cases To Articulate Vulnerabilities To Stakeholders Anonymous Speaker Security
Using Misuse Cases To Articulate Vulnerabilities To Stakeholders Scott Mendenhall The stakeholders of a web application often do not have specific knowledge regarding particular vulnerabilities. ... Security Analysis
The Web Hacking Incident Database (Whid) Report Ryan Barnett The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to ... Security Web Application Security
Federal Perspectives On Application Security Anonymous Speaker The panel will discuss application security in the Federal sector and prospects for change, including ... Panel
Appsec Dc 2010 Ron Ross Keynote
Hacking Sap Businessobjects Joshua Abraham Business intelligence is a multi-billion industry. At the top of the product food chain is ... Security Business
Cloudy With A Chance Of Hack! Lars Ewe Cloud computing is a cost effective and efficient way for enterprises to automate their processes. ... Security Cloud
Don'T Judge A Website By Its Icon - Read The Label! Jeff Williams The software market is broken - at least as far as security is concerned. When ... Security Web
Application Portfolio Risk Ranking: Banishing Fud With Structure And Numbers Dan Dan cornell Far too often application security decisions are made in an ad hoc manner and based ... Security Application Security
Deconstructing Coldfusion Chris Eng ColdFusion is a somewhat forgotten but still very prevalent web application development platform. This presentation ... Security Web
Declarative Web Security Brandon Sterne The Web faces a host of well-known but persistent threats: XSS, CSRF, MITM, Phishing, Clickjacking, ... Security Web Application Security
The Secure Coding Practices Quick Reference Guide Keith Turpin Introducing a new OWASP project, "The Secure Coding Practices Quick Reference Guide". The guide is ... Security Compliance
Code Reviewing Strategies Andrew Wilson Looking at the source of an application that's over 100k lines of code can be ... Security Compliance
Friendly Traitor 2 Features Are Hot But Giving Up Our Secrets Is Not! Kevin Johnson , Mike Poor In Friendly Traitor 2, Kevin Johnson and Mike Poor continue to explore the risks and ... Security Exploitation
Exploiting The Media For Fun And Profit. Analysis Of A New Type Of Web Application Attacks Through Media Files Aleksandr Yampolskiy As the criminals adapt, they look for new ways to distribute malware. This talk will ... Security Social Media
Open Source Web Entry Firewall Ivan Butler What makes the difference between a web application firewall and a web entry server? Learn ... Security Web Firewall
Microsoft'S Security Development Lifecycle For Agile Development Anonymous Speaker Many development and security teams believe Agile development cannot be accomplished securely. During this presentation, ... Security Development
Hacking .Net Applications At Runtime: A Dynamic Attack Jon Mccoy Increasingly desktop applications are created in .NET with C#, VB.NET, MC++, F#... by both small ... Application Security
Life In The Clouds: A Service Provider'S View Michael Smith Even though IT managers have been pushing towards cloud computing in recent years, people are ... Security Cloud
Solving Real World Problems With Esapi Anonymous Speaker A great deal of work has gone into aggregating statistics and information about security vulnerabilities ... Security Analysis
Financial Services Panel Jerry Kickenson , Joe Bernik , Mahi Dontamsetti , Thien La , Ajoy Kumar Panel
Attack Detection And Prevention With Owasp Appsensor Colin Watson OWASP AppSensor defines a conceptual framework, methodology and guidance to implement intrusion detection and automated ... Security Web Application Security
Social Zombies Gone Wild: Totally Exposed And Uncensored Kevin Johnson , Tom Eston Geolocation technology has significantly evolved over the years. Early use began with simple IP lookups ... Security Social Media
Javasnoop: How To Hack Anything Written In Java Anonymous Speaker Anybody who has assessed anything with a thick Java client has probably been frustrated beyond ... Security Web Application Security
Unlocking The Toolkit: Attacking Google Web Toolkit Ron Gutierrez The Google Web Toolkit (GWT) provides developers with a framework to easily create Rich Internet ... Security Web Exploitation
Smart Phones With Dumb Apps: Threat Modeling For Mobile Applications Dan Dan cornell Enterprises are targeting both internal users and customers with smartphone applications for platforms such as ... Mobile Security Android Security Exploitation
Owasp Modsecurity Core Rule Set Ryan Barnett This project just recently achieved Release Quality status as an OWASP Project. http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project This presentation ... Security Others
Implementing A Secure Software Development Program Anonymous Speaker In this presentation I will discuss how the Library of Congress has implemented their Secure ... Security Development
Constricting The Web: Offensive Python For Web Hackers Anonymous Speaker It seems that everything is a web application nowadays. Whether the application is cloud-based, mobile, ... Security Web Network Penetration
Threats From Economical Improvement Eduardo Neves Baseline projections from Goldman Sachs envisage the BRICs overtaking the US by 2018. In terms ... Security Analysis
Owasp Esapi Swingset Fabio E Cerullo The ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users ... Security Web Application Security
The Unintended Consequences Of Beating Users With Carrot Sticks: Radical Thoughts On Security Reform Ben Tomhave What we're doing today is not working and isn't sustainable. The fundamental culture of the ... Security Analysis