Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Prize Ceremony and Closing Notes
OWASP AppSec Research 2010
#OWASP #AppSecEu
torsdag, 2010 juli 08
Please, Enter the Stage!
• Mattias BerglingVice chair, budget
• Alan DavidsonStockholm University
• Stefan Pettersson Sponsoring coordinator
• Carl-Johan Bostorp Schedule and CTF
• Martin Holst Swende Coffee/lunch/dinner
• Michael BomanAttendee pack, beanies
torsdag, 2010 juli 08
Also ...
• Sebastien DeleersnyderOWASP Board
• Ulf MunkedalChapter leader Denmark
• Kåre PresttunChapter leader Norway
• Martin KnoblochCapture the Flag
• Kate HartmannOWASP Director
• Dave WichersOWASP Board
• Alison ShraderOWASP Accountant
torsdag, 2010 juli 08
Please, Enter the Stage!• Maryam Chenari
• Spyridon Dosis
• Irvin Homem
• Assem Nazar Hussain
• Yigezu Balcha Jorro
• Ioannis Kakavas
• Parvinder Kaur
• Mohammad Khodaei
• Elena Kozhemyak
• Mammo Meklit
• Chigozie Nwogu
• Ozan Safi
• Nazli Yasemin Sahin
• Qing Song Song
• Monica Vermatorsdag, 2010 juli 08
Conference Program, Wednesday June 23 (Beware of thieves – don’t leave your laptop unattended) Track 1 Track 2 Track 3 08:50 – 09:00 A Warm Welcome from OWASP! 09:00 – 10:00 Cross‐Domain Theft and the Future of
Browser Security Chris Evans and Ian Fette, Google
10:10 – 10:45 BitFlip: Determine a Data's Signature Coverage from Within the Application Heinrich Poehls, Univ. of Passau
CsFire: Browser‐Enforced Mitigation Against CSRF Desmet & De Ryck, Katholieke Univ. Leuven
Deconstructing ColdFusion Chris Eng, Veracode
10:45 – 11:10 Coffee Break + CTF kick‐off in the Gallery 11:10 – 11:45 Towards Building Secure Web Mashups
M Decat et al, Katholieke Univ. Leuven Automated vs. Manual Security: You Can't Filter "The Stupid" Byrne & Henderson, Trustwave
How to Render SSL Useless Ivan Ristic, Qualys
11:55 – 12:30 Busting Frame Busting Gustav Rydstedt, Stanford
Web Frameworks and How They Kill Traditional Security Scanning Hang & Andren, Armorize Technologies
The State of SSL in the World Michael Boman, Omegapoint
12:30 – 13:45 Lunch Break in the Gallery 13:45 – 14:20 Securing Web Applications with ESAPI
Ken Sipe, Perficient Beyond the Same‐Origin Policy Nagra & Samuel, Google
SmashFileFuzzer ‐ a New File Fuzzer Tool Komal Randive, Symantec
14:30 – 15:05 Security Toolbox for .NET Development and Testing Lindfors & König, Microsoft
Cross‐Site Location Jacking (XSLJ) (not really) Lindsay, Cigital, & Vela Nava, sla.ckers.org
Owning Oracle: Sessions and Credentials Henrique & Ocepek, Trustwave
15:05 – 15:30 Coffee Break in the Gallery 15:30 – 16:05 Value Objects a la Domain‐Driven
Security: A Design Mindset to Avoid SQL Injection and Cross‐Site Scripting Dan Bergh Johnsson, Omegapoint
New Insights into Clickjacking Marco Balduzzi, Eurecom
Session Fixation ‐ the Forgotten Vulnerability? Schrank et al, Univ. of Passau & SAP Research
16:15 – 17:00 Is Application Security a Losing Battle? Panel Discussion with Pravir Chandra, Johan Lindfors, Dave Wichers, and Dan Bergh Johnsson
… and then the Gala Dinner, starting 18:30!
The Speakers
Conference Program, Thursday June 24 (Beware of thieves – don’t leave your laptop unattended) Track 1 Track 2 Track 3 09:00 – 10:00 The Security Development Lifecycle –
The Creation and Evolution of a Security Development Process Steve Lipner, Microsoft
10:10 – 10:45 (New) The Anatomy of Real‐World Software Security Programs Pravir Chandra, Fortify
Promon TestSuite: Client‐Based Penetration Testing Tool Braber and Lysemose Hansen, Promon
A Taint Mode for Python via a Library Conti, Univ. Tecnológica Nacional and Russo, Chalmers Univ. of Technology
10:45 – 11:10 Coffee Break in the Gallery 11:10 – 11:45 Microsoft's Security Development
Lifecycle for Agile Development Nick Coblentz, OWASP Kansas City
Detecting and Protecting Your Users from 100% of all Malware – How? Anstis and Pogulievsky, M86 Security
OPA: Language Support for a Sane, Safe and Secure Web Rajchenbach‐Teller and Sinot, MLstate
11:55 – 12:30 Secure Application Development for the Enterprise: Practical, Real‐World Tips Michael Craigue, Dell
Responsibility for the Harm and Risk of Software Security Flaws Cassio Goldschmidt, Symantec
Secure the Clones: Static Enforcement of Policies for Secure Object Copying Jensen and Pichardie, INRIA
12:30 – 13:45 Lunch Break in the Gallery 13:45 – 14:20 Product Security Management in Agile
Product Management Antti Vähä‐Sipilä, Nokia
Hacking by Numbers Tom Brennan, WhiteHat Security and OWASP Foundation
Safe Wrappers and Sane Policies for Self Protecting JavaScript Magazinius et al, Chalmers Univ. of Technology
14:30 – 15:05 OWASP Top 10 2010 Dave Wichers, Aspect Security and OWASP Foundation
Application Security Scoreboard in the Sky Chris Eng, Veracode
On the Privacy of File Sharing Services Nikiforakis et al, Katholieke Univ. Leuven
15:05 – 15:30 Coffee Break in the Gallery 15:30 – 16:00 • Prize Ceremony (CTF & expo winners)
• Announcement of AppSec EU 2011 • Closing Notes
… and then 19 months of work is done. Hope you had a good time. Thanks everyone!
torsdag, 2010 juli 08
Please Stand Up!
torsdag, 2010 juli 08
Venue Services
• Linda BruhnHörs Catering
• Agneta Hollström &Ami HedbladConference Services
• Sound Team
• Film Team
torsdag, 2010 juli 08
And Of Course
• Johanna Perssonmy girlfriend who’s put up with all of this
torsdag, 2010 juli 08
Prize Ceremony1. Imperva
2. PortWise
3. High Performance Systems
4. F5
5. Google
6. Omegapoint
7. nixu
8. * Capture the Flag *
torsdag, 2010 juli 08
OWASP AppSec Research 2011
Trinity CollegeDublin, Ireland
torsdag, 2010 juli 08
OWASP AppSec Research 2012
AthensGreece
torsdag, 2010 juli 08