Never Ending Security

It starts all here

OWASP Video Collection

  • 1 Welcome to the OWASP Video Collection
    • 1.1 OWASP Global Webinars
    • 1.2 OWASP AppSecUSA 2014 Conference
    • 1.3 OWASP AppSec Europe 2014 Conference
    • 1.4 OWASP AppSec California 2014 Conference
    • 1.5 OWASP AppSecUSA 2013 Conference
    • 1.6 OWASP AppSec EU Research 2013 Conference
    • 1.7 OWASP AppSec Video Tutorial Series w/ Jerry Hoff
    • 1.8 OWASP AppSecUSA 2012 Conference
    • 1.9 OWASP AppSecUSA 2011 Conference
    • 1.10 OWASP Summit 2011
    • 1.11 OWASP Appsec DC 2010 Conference
    • 1.12 OWASP USA 2010 Conference
    • 1.13 OWASP EU 2010 Conference
    • 1.14 OWASP FROC 2010 Conference
    • 1.15 OWASP USA 2009 Conference
    • 1.16 OWASP AppSecEMEA 2009 Conference
    • 1.17 OWASP Israel 2008
    • 1.18 OWASP AppSecUSA 2008 Conference
    • 1.19 OWASP SnowFROC
    • 1.20 OWASP Minneapolis/St. Paul (OWASP MSP)
    • 1.21 Black Hat 2006
    • 1.22 AppSec Washington 2005

OWASP Global Webinars

YouTube Playlist

OWASP AppSecUSA 2014 Conference

YouTube Playlist

OWASP AppSec Europe 2014 Conference

YouTube Playlist

OWASP AppSec California 2014 Conference

YouTube Playlist

OWASP AppSecUSA 2013 Conference

YouTube Playlist

OWASP AppSec EU Research 2013 Conference

news entry “Video Recordings online”

[VID] OWASP-AppsecEU13-AmirAlsbih-ExperiencemadeinTechnicalDueDiligence_720p.mp4 01-Sep-2013 12:28 376M
[VID] OWASP-AppsecEU13-AngelaSasse-KeynoteBustingTheMythofDancingPigsAngelasTop10listofreasonswhyusersbypasssecuritymeasures_720p.mp4 28-Aug-2013 14:20 517M
[VID] OWASP-AppsecEU13-BenStock-EradicatingDNSRebindingwiththeExtendedSame-OriginPolicy_720p.mp4 28-Aug-2013 13:44 447M
[VID] OWASP-AppsecEU13-ChrisEngRyanOBoyle-FromtheTrenchesReal-WorldAgileSDLC_720p.mp4 28-Aug-2013 12:15 518M
[VID] OWASP-AppsecEU13-DavidRoss-InsaneintheIFRAME–Thecaseforclient-sideHTMLsanitization_720p.mp4 28-Aug-2013 15:11 478M
[VID] OWASP-AppsecEU13-DirkWetter-Welcomenoteandamanualfortheconferenceandeverythingelse_720p.mp4 28-Aug-2013 13:52 141M
[VID] OWASP-AppsecEU13-ErlendOftedal-SecuringamodernJavaScriptbasedsinglepagewebapplication_720p.mp4 28-Aug-2013 14:45 429M
[VID] OWASP-AppsecEU13-FlorianStahlJohannesStroeher-SecurityTestingGuidelinesformobileApps_720p.mp4 28-Aug-2013 13:20 353M
[VID] OWASP-AppsecEU13-FrederikBraun-OriginPolicyEnforcementinModernBrowsers_720p.mp4 28-Aug-2013 16:18 284M
[VID] OWASP-AppsecEU13-JimManico-OWASPTop10ProactiveControls_720p.mp4 28-Aug-2013 12:36 403M
[VID] OWASP-AppsecEU13-KrzysztofKotowicz-Iminurbrowserpwningyourstuff-AttackingwithGoogleChromeextensions_720p.mp4 28-Aug-2013 16:36 329M
[VID] OWASP-AppsecEU13-NickNikiforakisLievenDesmetStevenVanAcker-SandboxingJavascript_720p.mp4 28-Aug-2013 16:54 317M
[VID] OWASP-AppsecEU13-OWASPBoard-OWASPIntroduction_720p.mp4 28-Aug-2013 11:04 160M
[VID] OWASP-AppsecEU13-SebastianLekiesBenStock-ClickjackingProtectionUnderNon-trivialCircumstances_720p.mp4 28-Aug-2013 16:03 345M
[VID] OWASP-AppsecEU13-StefanoDiPaola-JavascriptlibrariesinsecurityAshowcaseofrecklessusesandunwittingmisuses_720p.mp4 28-Aug-2013 15:44 634M
[VID] OWASP-AppsecEU13-TarasIvashchenko-ContentSecurityPolicy-thepanaceaforXSSorplacebo_720p.mp4 28-Aug-2013 13:01 459M
[VID] OWASP-AppsecEU13-ThomasRoessler-KeynoteSecureallthethingsfictionfromtheWebsimmediatefuture_720p.mp4 28-Aug-2013 17:19 466M
[VID] OWASP-AppsecEU13-TobiasGondrom-OWASP-CISOGuideandCISOreport2013formanagers_720p.mp4 28-Aug-2013 11:47 419M

[VID] OWASP-AppsecEU13-AbrahamAranguren-IntroducingOWASPOWTF5x5_720p.mp4 27-Aug-2013 04:28 211M
[VID] OWASP-AppsecEU13-AchimHoffmannOferShezaf-WAFEC-contentandhistoryofanunbiasedprojectchallenge_720p.mp4 27-Aug-2013 04:14 299M
[VID] OWASP-AppsecEU13-BastianBraunJoachimPoseggaChristianV.Pollak-ADoormanforYourHome-Control-FlowIntegrityMeansinWebFrameworks_720p.mp4 27-Aug-2013 00:54 327M
[VID] OWASP-AppsecEU13-ColinWatsonDennisGroves-OWASPAppSensorInTheoryInPracticeandInPrint_720p.mp4 27-Aug-2013 05:29 322M
[VID] OWASP-AppsecEU13-DanCornell-DoYouHaveaScanneroraScanningProgram_720p.mp4 27-Aug-2013 03:54 353M
[VID] OWASP-AppsecEU13-DaveWichers-OWASPTop10-2013_720p.mp4 31-Aug-2013 12:02 474M
[VID] OWASP-AppsecEU13-DieterGollmann-ClosingNoteAccessControloftheWeb-TheWebofAccessControl_720p.mp4 27-Aug-2013 06:40 479M
[VID] OWASP-AppsecEU13-DirkWetter-ClosingCeremony_720p.mp4 27-Aug-2013 06:53 206M
[VID] OWASP-AppsecEU13-EduardoVela-Matryoshka_720p.mp4 26-Aug-2013 23:26 324M
[VID] OWASP-AppsecEU13-ErlendOftedal-RESTfulsecurity_720p.mp4 26-Aug-2013 22:36 435M
[VID] OWASP-AppsecEU13-FredDonovan-Q-BoxandH-BoxRaspberryPIfortheInfrastructureandHacker_720p.mp4 27-Aug-2013 01:18 350M
[VID] OWASP-AppsecEU13-JrgSchwenk-KeynoteCryptographyinWebSecurityStupidBrokenandmaybeWorking_720p.mp4 26-Aug-2013 17:50 213M
[VID] OWASP-AppsecEU13-KonstantinosPapapanagiotouSpyrosGasteratos-OWASPHackademicapracticalenvironmentforteachingapplicationsecurity_720p.mp4 27-Aug-2013 05:08 319M
[VID] OWASP-AppsecEU13-LucaViganLucaCompagna-TheSPaCIoSToolproperty-drivenandvulnerability-drivensecuritytestingforWeb-basedapplicationscenarios_720p.mp4 27-Aug-2013 05:50 311M
[VID] OWASP-AppsecEU13-MarcoBalduzziVincenzoCiangagliniRobertMcArdle-HTTPS-BasedClusteringforAssistedCybercrimeInvestigations_720p.mp4 26-Aug-2013 23:05 450M
[VID] OWASP-AppsecEU13-MarioHeiderich-TheinnerHTMLApocalypse-HowmXSSattackschangeeverythingwebelievedtoknowsofar_720p.mp4 27-Aug-2013 00:33 584M
[VID] OWASP-AppsecEU13-MicheleOrr-RootingyourinternalsInter-ProtocolExploitationcustomshellcodeandBeEF_720p.mp4 26-Aug-2013 18:16 406M
[VID] OWASP-AppsecEU13-MiltonSmith-MakingtheFutureSecurewithJava_720p.mp4 27-Aug-2013 02:55 559M
[VID] OWASP-AppsecEU13-NickNikiforakis-WebFingerprintingHowWhoandWhy_720p.mp4 27-Aug-2013 01:51 490M
[VID] OWASP-AppsecEU13-NicolasGrgoire-BurpPro-Real-lifetipsandtricks_720p.mp4 26-Aug-2013 20:30 562M
[VID] OWASP-AppsecEU13-PaulStone-PrecisionTiming-AttackingbrowserprivacywithSVGandCSS_720p.mp4 26-Aug-2013 19:22 518M
[VID] OWASP-AppsecEU13-PhilippeDeRyckLievenDesmetFrankPiessensWouterJoosen-ImprovingtheSecurityofSessionManagementinWebApplications_720p.mp4 26-Aug-2013 23:54 427M
[VID] OWASP-AppsecEU13-RetoIschi-AnAlternativeApproachforReal-LifeSQLiDetection_720p.mp4 27-Aug-2013 04:47 286M
[VID] OWASP-AppsecEU13-RobertoSuggiLiverani-AugmentedRealityinyourWebProxy_720p.mp4 26-Aug-2013 21:34 505M
[VID] OWASP-AppsecEU13-SahbaKazerooni-NewOWASPASVS2013_720p.mp4 27-Aug-2013 06:09 269M
[VID] OWASP-AppsecEU13-SaschaFahlMarianHarbachMatthewSmith-MalloDroidHuntingDownBrokenSSLinAndroidApps_720p.mp4 26-Aug-2013 22:06 498M
[VID] OWASP-AppsecEU13-SaschaFahlMatthewSmithHenningPerlMichaelBrenner-QualitativeComparisonofSSLValidationAlternatives_720p.mp4 26-Aug-2013 18:49 512M
[VID] OWASP-AppsecEU13-SimonBennetts-OWASPZAPInnovations_720p.mp4 27-Aug-2013 03:31 524M
[VID] OWASP-AppsecEU13-TalBeEry-APerfectCRIMEOnlytimewilltell_720p.mp4 26-Aug-2013 21:00 463M
[VID] OWASP-AppsecEU13-ThomasHerleaNelisBouckJohanPeeters-RecipesforenablingHTTPS_720p.mp4 26-Aug-2013 19:53 483M
[VID] OWASP-AppsecEU13-YvanBoilyMinion-MakingSecurityToolsaccessibleforDevelopers_720p.mp4 27-Aug-2013 02:17 390M

OWASP AppSec Video Tutorial Series w/ Jerry Hoff

OWASP Appsec Tutorial Series Click Here

OWASP AppSecUSA 2012 Conference


OWASP AppSecUSA 2011 Conference

Videos and Slides

Thursday, September 22, 2011

0830-0920 KEYNOTE
Mark Curphey
Community – The Killer App (Video – starts at time marker 5:30, PDF)
0920-0930 BREAK
0930-1020 Andrés Riancho

Web Application Security Payloads(Video, PDF)

Andy Murren

SwA and the Cloud – Counting the Risks (Video,PPTX)

Patrick Tatro

Principles of Patrolling: Applying Ranger School to Information Security (Video,PPTX)

* Thank you to Patrick who, true to form, willingly stepped forward as an alternate

Arian Evans

Six Key Metrics: A look at the future of appsec (Video, sorry – no slides)

1020-1040 COFFEE BREAK
1040-1130 Jim Manico

Ghosts of XSS Past, Present and Future(Video, PDF)

Shankar Babu Chebrolu, PhD, CISSP

Top Ten Risks with Cloud that will keep you Awake at Night(Video, PPTX)

Ryan W Smith

STAAF: An Efficient Distributed Framework for Performing Large-Scale Android Application Analysis (Video,PDF)

Charles Henderson

Global Security Report (PDF)

1130-1140 BREAK
1140-1230 Shreeraj Shah

Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2) (Video,PDF)

Scott Matsumoto

Threat Modeling in the Cloud: What You Don’t Know Will Hurt You!(Video, PDF)

Tom Fischer

Lessons Learned Building Secure ASP.NET Applications(Video, PDF)

* Moved from Patterns Track for scheduling purposes

John Benninghoff

Behavioral Security Modeling: Eliminating Vulnerabilities by Building Predictable Systems (Video,PDF)

Jeff Williams (Chair), Tom Brennan, Eoin Keary, Matt Tesauro, Dave Wichers, and incoming board member Michael Coates (Video, PDF)* Sebastien Deleersnyder was unable to attend due to a scheduling conflict.
1330-1420 Javier Marcos de Prado, Juan Galiana Lara

Pwning intranets with HTML5 (Video,PDF)

Dan Cornell

The Self Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching (Video,PDF)

Mike Park

Android Security, or This is not the Kind of “Open” I Meant… (Video,PPTX)

Rafal Los, Mike McCormick,Christophe Veltsos, Jeff Williams

Making it in Information Security and Application Security (Video,PPT)

1420-1430 BREAK
1430-1520 Ganesh Devarajan,Todd Redfoot

Keeping up with the Web-Application Security (Video,PPTX)

Matt Tesauro

Testing from the Cloud: Is the Sky Falling? (Video,PDF)

Kevin Stadmeyer,Garrett Held

Hacking (and Defending) iPhone Applications(Video, PPTX)

John B. Dickson, CISSP

Software Security: Is OK Good Enough?(Video, PDF)

1520-1540 COFFEE BREAK
1540-1630 Jon McCoy (DigitalBodyGuard)

Hacking .NET (C#) Applications: The Black Arts (Video,PDF)

Adrian Lane

CloudSec 12-Step(Video, PDF)

Ashkan Soltani,Gerrit Padgham

When Zombies Attack – a Tracking Love Story (Video, PDF)

Jeff Williams

AppSec Inception – Exploiting Software Culture(Video, Prezi [Flash])

1700-1800 HAPPY HOUR

Friday, September 23, 2011

0830-0920 KEYNOTE
Ira Winkler (Video, PPT)
0920-0930 BREAK
0930-1020 Richard Struse

Software Assurance Automation throughout the Lifecycle (Video,PPTX)

Michael Coates

Pure AppSec, No Fillers or Preservatives – OWASP Cheat Sheet Series(Video, PDF)

Colin Watson

OWASP Codes of Conduct (PDF)

Dr. Bill Chu, Jing Xie

Secure Programming Support in IDE(Video, PDF)

Brian Chess

Gray, the New Black: Gray-Box Web Penetration Testing (Video,PPTX)

1020-1040 COFFEE BREAK
1040-1130 Ryan Stinson

Improve your SDLC with CAPEC and CWE (Video,PPTX)

Jack Mannino,Zach Lanier,Mike Zusman

OWASP Mobile Top 10 Risks(Video, PPTX)

Aditya K Sood,Richard Enbody

The Good Hacker – Dismantling Web Malware (Video,PDF)

Chris Wysopal

Application Security Debt and Application Interest Rates (Video, PPT)

1130-1140 BREAK
1140-1230 Chuck Willis,Kris Britton

Sticking to the Facts: Scientific Study of Static Analysis Tools(Video, PDF)

Simon Bennetts

Introducing the OWASP Zed Attack Proxy(Video, PPTX)

Justin Collins,Tin Zaw

Brakeman and Jenkins: The Duo Detect Defects in Ruby on Rails Code (Video,PPTX)

Mike Ware

Simplifying Threat Modeling (Video,PDF)

1230-1330 LUNCH & KEYNOTE Moxie Marlinspike (Video, PDF)
1330-1420 Adam Meyers

Mobile Applications Software Assurance (Video,PDF)

Anthony J. Stieber

How NOT to Implement Cryptography for the OWASP Top 10 (Video, PDF)

Michael Coates

Security Evolution – Bug Bounty Programs for Web Applications(Video, PDF)

Wendy Nather (moderator),Dinis Cruz, Chris Eng, Jerry Hoff,Darren Meyer,John Steven,Sean Fay

Speeding Up Security Testing Panel (Video,PPTX)

1420-1430 BREAK
1430-1520 Charles Schmidt

You’re Not Done (Yet) – Turning Securable Apps into Secure Installations using SCAP (Video,PPTX)

Beef (Chris Schmidt), Kevin Wall

ESAPI 2.0 – Defense Against the Dark Arts(Video, PPT)

Jason Li

OWASP Projects Portal Launch! (5-10 Minutes)(Video, PPTX)

Srini Penchikala

Messaging Security using GlassFish 3.1 and Open Message Queue (Video,PDF)

Glenn Leifheit (moderator), Andreas Fuchsberger,Ajoy Kumar,Richard Tychansky,Alessandro Moretti

Application Security Advisory Board SDLC Panel(Video, PPTX)

1520-1540 COFFEE BREAK
1540-1630 Michelle Moss,Nadya Bartol

Why do developers make these dangerous software errors?(Video, PPTX)

Ryan Barnett

OWASP CRS and AppSensor Project(Video, Prezi [Flash])

Alex Smolen

Application Security and User Experience (Video,PDF)

Gunnar Peterson

Mobile Web Services (Video, sorry – no slides)

* Moved from Mobile Track for scheduling purposes

1630-1640 BREAK

OWASP Summit 2011

OWASP Summit 2011 Vimeo videos are available at

OWASP Appsec DC 2010 Conference

OWASP Appsec DC 2010 Click Here

  1. Cloudy with a Chance of Hack! with Lars Ewe, Cenzic

OWASP USA 2010 Conference

OWASP USA 2010 Click Here

  1. HD Moore, Keynote Speaker

    23.3K Plays

  2. Jeremiah Grossman, Breaking Web Browsers

    2,220 Plays

  3. Samy Kamkar, How I Met Your Girlfriend

    2,033 Plays

  4. Keith Turpin: The Secure Coding Practices Quick Reference Guide

    1,625 Plays

  5. Dan Cornell, Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications

    1,244 Plays

  6. Robert Zigweid: Threat Modeling Best Practices

    998 Plays

  7. Peleus Uhley, Assessing, Testing & Validating Flash Content

    829 Plays

  8. Joe Basirico, Reducing Web Application Vulnerabilities: Moving from a Test-Dependent to Design-Driven Development.

    789 Plays

  9. Michael Coates, Real Time Application Defenses – The Reality of AppSensor & ESAPI

    767 Plays

  10. Adrian Lane, Agile + Security = FAIL

    646 Plays

  11. David Rice, Keynote Speaker

    546 Plays

  12. Paul Judge, The Dark Side of Twitter, Measuri

  1. OWASP: AppSec 2010 Promo

    411 Plays

  2. Rafal Los, Into the Rabbit Hole: Execution Flow-based Web Application Testing

    303 Plays

  3. Panel Discussion: Vulnerability Lifecycle for Software Vendors with Kelly FitzGerald, Katie Moussouris, John Steven & Daniel Hol

    202 Plays

  4. Aditya K. Sood, Bug-Alcoholic 2.0 – Untamed World of Web Vulnerabilities

    198 Plays

  5. Lars Ewe, Session Management Security Tips and Tricks

    198 Plays

  6. Panel Discussion: Security Trends with Jeremiah Grossman, Robert Hansen, Jeff Williams & Eric Chen

    197 Plays

  7. David Bryan & Michael Anderson, Cloud Computing, A Weapon of Mass Destruction?

    187 Plays

  8. Gunter Ollmann, P0w3d for Botnet CNC

    181 Plays

  9. Chenxi Wang

    167 Plays

  10. Chris Schmidt: Solving Real-World Problems with an Enterprise Security API (ESAPI)

    161 Plays

  11. Dinis Cruz: Tour of OWASP Projects & Using the OWASP 02 Platform

    132 Plays

  12. Bill Cheswick

    121 Plays

  1. Jeff Williams

    116 Plays

  2. Panel Discussion: Characterizing Software Security as a Mainstream Business risk with Ed Pagett, Richard Greenberg, John Sapp &

    116 Plays

  3. Ivan Ristic, State of SSL on the Internet – 2010 Survey

    112 Plays

  4. Antti Rantasaari & Scott Sutherland, Escalating Privileges through Database Trusts

    88 Plays

  5. Alex Stamos

    85 Plays

  6. Peleus Uhley, Unraveling Cross-Technology, Cross-Domain Trust Relations

    83 Plays

  7. Panel Discussion: Defining the Identity Management Framework with Mano Paul, Richard Tychansky, Jeff Williams & Hord Tipton

    82 Plays

OWASP EU 2010 Conference

OWASP Stockholm Sweden 2010 Click Here and Click Here

Conference Day 1 – June 23, 2010OWASP AppSec Research 2010 Research R.gif = Research paper OWASP AppSec Research 2010 Demo D.gif = Demo OWASP AppSec Research 2010 Presentation P.gif = Presentation
Track 1 Track 2 Track 3
08:00-08:50 Registration and Breakfast + Coffee
08:50-09:00 Welcome to OWASP AppSec Research 2010 Conference (John Wilander & OWASP Global Board Members) (pdf)
09:00-10:00 #Keynote: Cross-Domain Theft and the Future of Browser Security (pdf) (video)Chris Evans, Information Security Engineer, and Ian Fette, Product Manager for Chrome Security, Google
10:10-10:45 OWASP AppSec Research 2010 Research R.gif #BitFlip: Determine a Data’s Signature Coverage from Within the Application (pdf) (video)Henrich Christopher Poehls, University of Passau OWASP AppSec Research 2010 Presentation P.gif #CsFire: Browser-Enforced Mitigation Against CSRF (pdf) (video)Lieven Desmet and Philippe De Ryck, Katholieke Universiteit Leuven OWASP AppSec Research 2010 Presentation P.gif #Deconstructing ColdFusion (pdf) (video)Chris Eng, Veracode
10:45-11:10 Break – Expo – CTF kick-off, Coffee break sponsoring position open ($2,000)
11:10-11:45 OWASP AppSec Research 2010 Research R.gif #Towards Building Secure Web Mashups (pdf) (video)M Decat, P De Ryck, L Desmet, F Piessens, W Joosen, Katholieke Universiteit Leuven OWASP AppSec Research 2010 Presentation P.gif #New Insights into Clickjacking (pdf) (video)Marco Balduzzi, Eurecom

OWASP AppSec Research 2010 Presentation P.gif #How to Render SSL Useless (pdf) (video)Ivan Ristic, Qualys
11:55-12:30 OWASP AppSec Research 2010 Research R.gif #Busting Frame Busting (pdf) (video)

Gustav Rydstedt, Stanford Web Security Research

OWASP AppSec Research 2010 Presentation P.gif #Web Frameworks and How They Kill Traditional Security Scanning (pdf) (video)Christian Hang and Lars Andren, Armorize Technologies OWASP AppSec Research 2010 Demo D.gif #The State of SSL in the World (pdf) (video without sound :()Michael Boman, Omegapoint
12:30-13:45 Lunch – Expo – CTF, Lunch sponsor: OWASP AppSec Research 2010 IIS logo for program.png
13:45-14:20 OWASP AppSec Research 2010 Research R.gif #(New) Object Capabilities and Isolation of Untrusted Web Applications (pdf) (video)Sergio Maffeis, Imperial College, London OWASP AppSec Research 2010 Presentation P.gif #Beyond the Same-Origin Policy (pdf) (video)Jasvir Nagra and Mike Samuel, Google
OWASP AppSec Research 2010 Demo D.gif #SmashFileFuzzer – a New File Fuzzer Tool(pdf) (video)Komal Randive, Symantec
14:30-15:05 OWASP AppSec Research 2010 Demo D.gif #Security Toolbox for .NET Development and Testing (pdf) (video)Johan Lindfors and Dag König, Microsoft OWASP AppSec Research 2010 Demo D.gif #Cross-Site Location Jacking (XSLJ) (not really)(pdf) (video)David Lindsay, Cigital
Eduardo Vela Nava,
OWASP AppSec Research 2010 Demo D.gif #Owning Oracle: Sessions and Credentials (pdf) (video)Wendel G. Henrique and Steve Ocepek, Trustwave
15:05-15:30 Break – Expo – CTF, Coffee break sponsoring position open ($2,000)
15:30-16:05 OWASP AppSec Research 2010 Demo D.gif #Value Objects a la Domain-Driven Security: A Design Mindset to Avoid SQL Injection and Cross-Site Scripting (pdf) (video)Dan Bergh Johnsson, Omegapoint OWASP AppSec Research 2010 Presentation P.gif #Automated vs. Manual Security: You Can’t Filter “The Stupid” (pdf not available yet) (video)
David Byrne and Charles Henderson, Trustwave
OWASP AppSec Research 2010 Research R.gif #Session Fixation – the Forgotten Vulnerability?(pdf) (video)Michael Schrank and Bastian Braun, University of Passau
Martin Johns, SAP Research
16:15-17:00 Panel Discussion: “Is Application Security a Losing Battle?” (video, partly poor sound)
19:00-23:00 Stockholm City Hall, photo by Yanan Li Gala Dinner at Stockholm City Hall
Sponsored by
OWASP AppSec Research 2010 Google logo for program.png
The Golden Hall, photo by Yanan Li
Conference Day 2 – June 24, 2010OWASP AppSec Research 2010 Research R.gif = Research paper OWASP AppSec Research 2010 Demo D.gif = Demo OWASP AppSec Research 2010 Presentation P.gif = Presentation
Track 1 Track 2 Track 3
08:00-08:50 Breakfast + Coffee
08:50-09:00 Three Announcements from OWASP (video)
09:00-10:00 #Keynote: The Security Development Lifecycle – The Creation and Evolution of a Security Development Process (pdf) (video)
Steve Lipner, Senior Director of Security Engineering Strategy, Microsoft Corporation
10:10-10:45 OWASP AppSec Research 2010 Presentation P.gif #The Anatomy of Real-World Software Security Programs (pdf) (video)

Pravir Chandra, Fortify

OWASP AppSec Research 2010 Demo D.gif #Promon TestSuite: Client-Based Penetration Testing Tool (pdf not available yet) (video)

Folker den Braber and Tom Lysemose Hansen, Promon

OWASP AppSec Research 2010 Research R.gif #A Taint Mode for Python via a Library (pdf) (video)

Juan José Conti, Universidad Tecnológica Nacional
Alejandro Russo, Chalmers Univ. of Technology

10:45-11:10 Break – Expo – CTF, Coffee sponsor: OWASP AppSec Research 2010 MyNethouse logo for program.png
11:10-11:45 OWASP AppSec Research 2010 Presentation P.gif #Microsoft’s Security Development Lifecycle for Agile Development (pdf) (video)

Nick Coblentz, OWASP Kansas City Chapter and AT&T Consulting

OWASP AppSec Research 2010 Presentation P.gif #Detecting and Protecting Your Users from 100% of all Malware – How? (pdf) (video)

Bradley Anstis and Vadim Pogulievsky, M86 Security

OWASP AppSec Research 2010 Research R.gif #OPA: Language Support for a Sane, Safe and Secure Web (pdf) (video without sound :( )

David Rajchenbach-Teller and François-Régis Sinot, MLstate

11:55-12:30 OWASP AppSec Research 2010 Presentation P.gif #Secure Application Development for the Enterprise: Practical, Real-World Tips (pdf) (video)

Michael Craigue, Dell

OWASP AppSec Research 2010 Presentation P.gif #Responsibility for the Harm and Risk of Software Security Flaws (pdf) (video)

Cassio Goldschmidt, Symantec

OWASP AppSec Research 2010 Research R.gif #Secure the Clones: Static Enforcement of Policies for Secure Object Copying (pdf) (video)

Thomas Jensen and David Pichardie, INRIA Rennes – Bretagne Atlantique

12:30-13:45 Lunch – Expo – CTF, Lunch break sponsoring position open ($4,000)
13:45-14:20 OWASP AppSec Research 2010 Presentation P.gif #Product Security Management in Agile Product Management (pdf) (video)

Antti Vähä-Sipilä, Nokia

OWASP AppSec Research 2010 Presentation P.gif #Hacking by Numbers (pdf) (video)

Tom Brennan, WhiteHat Security and OWASP Foundation

OWASP AppSec Research 2010 Research R.gif #Safe Wrappers and Sane Policies for Self Protecting JavaScript (pdf) (video)

Jonas Magazinius, Phu H. Phung, and David Sands, Chalmers Univ. of Technology

14:30-15:05 OWASP AppSec Research 2010 Presentation P.gif #OWASP_Top_10_2010 (pdf) (video)

Dave Wichers, Aspect Security and OWASP Foundation

OWASP AppSec Research 2010 Presentation P.gif #Application Security Scoreboard in the Sky(pdf) (video)

Chris Eng, Veracode

OWASP AppSec Research 2010 Research R.gif #On the Privacy of File Sharing Services (pdf & video not available because of potential zero-day)

N Nikiforakis, F Gadaleta, Y Younan, and W Joosen, Katholieke Universiteit Leuven

15:05-15:30 Break – Expo – CTF, Coffee break sponsoring position open ($2,000)
15:30-16:00 CTF Price Ceremony, Announcement of OWASP AppSec EU 2011, Closing Notes (pdf)

OWASP FROC 2010 Conference

FROC 2010 – Click Here

JUNE 2, 2010
07:30-08:30 Registration and Continental Breakfast in the Sponsor Expo Room
08:30-08:35 Welcome to FROC 2010 ConferenceDavid Campbell, OWASP Denver
08:35-09:35 Keynote: “Watching Software Run: Software Security Beyond Defect Elimination”Brian Chess, Fortify Software

Presentation Video

09:35-10:00 OWASP: State of the UnionTom Brennan, OWASP Board – BIO


10:00-10:20 Cloud Security Alliance: State of the UnionRandy Barr, Cloud Security Alliance


10:20-10:30 Break – Expo – CTF
AppSec/Technical Track: Room 1 Cloud/Mobile/Emerging Track: Room 2 Management / Exec Track: Room 3
10:30-11:15 2010: Web Hacking Odyssey – The Top Hacks of the YearJeremiah Grossman

Presentation Video Note the blip version seems broken, so linked to WhiteHatSec webex.

“Building a Secure, Compliant Cloud for the Enterprise”Matt Ferrari, “Anatomy of a Logic Flaw”David Byrne and Charles Henderson, Trustwave
11:15-12:00 Advanced MITM Techniques for Security TestersMike Zusman, Raj Umadas and Aaron Rhodes, Intrepidus Group


“YOU are the weakest link”Chris Nickerson, Lares Consulting


“Effectively marketing security as a win for both the business and the customer”Ben Whaley, Applied Trust Engineering and Jeff Smith, Rally Software


12:00-13:00 Lunch – Expo – CTF
13:00-13:50 Vulnerabilities in Secure Code: Now and BeyondAlex Wheeler and Ryan Smith, Accuvant


“Real life CSI – Data Mining and Intelligence Gathering for the masses”Chris Roberts, Cyopsis


“The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise”John Dickson, Denim Group


13:50-14:40 Beware of Serialized GUI Objects Bearing DataDavid Byrne and Rohini Sulatycki, Trustwave


“What’s Old Is New Again: An Overview of Mobile Application Security”Zach Lanier and Mike Zusman, Intrepidus Group “Fundamental Practices and Tools to implement a security development lifecycle”Cassio Goldschmidt, Symantec


14:40-15:00 BREAK
15:00-15:50 Solving Real-World Problems with an Enterprise Security APIChris Schmidt

Presentation Video

“Cloudy with a chance of hack”Lars Ewe, Cenzic


“Application Security Program Management with Vulnerability Manager”Bryan Beverly, Denim Group


15:50-16:30 Panel Discussion: Topic: “Security successes are like Six legged calves: unnatural, but they happen.” Moderator: John Dickson, Denim Group.Panelists: Randy Barr, CSO @ Qualys. Jeremiah Grossman, CTO @ WhiteHat Security, Chris Nickerson, Principal @ Lares Consulting, Andy Lewis, CSO @ New Frontier Media
16:30-17:30 Wrap up, vendor raffles, CTF awards, FREE BEER!

OWASP USA 2009 Conference

APPSEC DC 2009 – Click Here

Training 11/10

Day 1 – Nov 10th 2009
Room 154A Room 149B Room 149A Room 154B Room 155
09:00-12:00 Day 1:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Day 1:
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
Threat Modeling Express
Krishna Raja
Security Compass
Foundations of Web Services and XML Security
Dave Wichers
Aspect Security
Live CD
Matt Tesauro
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
Threat Modeling Express
Krishna Raja
Security Compass
Foundations of Web Services and XML Security
Dave Wichers
Aspect Security
Live CD
Matt Tesauro

Training 11/11

Day 2 – Nov 11th 2009
Room 154A Room 149B Room 149A Room 154B
09:00-12:00 Day 2:
Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Day 2:
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
Leader and Manager Training – Leading the Development of Secure Applications
John Pavone
Aspect Security
12:00-13:00 Lunch
13:00-17:00 Assessing and Exploiting Web Applications with the open source Samurai Web Testing Framework
Justin Searle
Java EE Secure Code Review
Sahba Kazerooni
Security Compass
WebAppSec.php: Developing Secure Web Applications
Robert Zakon
Leader and Manager Training – Leading the Development of Secure Applications
John Pavone
Aspect Security

Talks 11/12

Day 1 – Nov 12th 2009
OWASP (146A) Tools (146B) Web 2.0 (146C) SDLC (152A)
07:30-08:50 Registration
08:50-09:00 Welcome and Opening Remarks
09:00-10:00 Keynote: Joe Jarzombek
Video | Slides
10:00-10:30 All about OWASP OWASP Board
Video | Slides
10:30-10:45 Coffee Break sponsored by AppSecDC2009-Sponsor-denim.gif
10:45-11:30 OWASP ESAPI
Jeff Williams

Video | Slides

Clubbing WebApps with a Botnet
Gunter Ollmann

Video | Slides

Understanding the Implications of Cloud Computing on Application Security
Dennis Hurst

Video | Slides

Enterprise Application Security – GE’s approach to solving root cause
Darren Challey

Video | Slides

11:30-12:30 Hosted Lunch
12:30-1:15 Software Assurance Maturity Model (SAMM)
Pravir Chandra

Video | Slides

The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security
Jacob West

Video | Slides

Transparent Proxy Abuse
Robert Auger

Video | Slides

Software Development The Next Security Frontier
Jim Molini

Video | Slides

1:15-1:20 Break
1:20-2:05 DISA’s Application Security and Development STIG: How OWASP Can Help You
Jason Li

Video | Slides

OWASP ModSecurity Core Rule Set Project
Ryan C. Barnett

Video | Slides

Development Issues Within AJAX Applications: How to Divert Threats
Lars Ewe

Video | Slides

Secure SDLC Panel: Real answers from real experience
Dan Cornell
Michael Craigue
Dennis Hurst
Joey Peloquin
Keith Turpin

Pravir Chandra

Video | Slides

2:05-2:10 Break
2:10-2:55 Defend Yourself: Integrating Real Time Defenses into Online Applications
Michael Coates

Video | Slides

Finding the Hotspots: Web-security testing with the Watcher tool
Chris Weber

Video | Slides

Social Zombies: Your Friends Want to Eat Your Brains
Tom Eston/Kevin Johnson

Video | Slides

2:55-3:10 Coffee Break sponsored by AppSecDC2009-Sponsor-denim.gif
3:10-3:55 The ESAPI Web Application Firewall
Arshan Dabirsiaghi

Video | Slides

One Click Ownage
Ferruh Mavituna

Video | Slides

Cloudy with a chance of 0-day
Jon Rose/Tom Leavey

Video | Slides

The essential role of infosec in secure software development
Kenneth R. van Wyk

Video | Slides

Web Application Security Scanner Evaluation Criteria
Brian Shura

Video | Slides

3:55-4:00 Break
4:00-4:45 OWASP Live CD: An open environment for Web Application Security
Matt Tesauro / Brad Causey

Video | Slides

Learning by Breaking: A New Project Insecure Web Apps
Chuck Willis

Video | Slides

Attacking WCF Web Services
Brian Holyfield

Video | Slides

Vulnerability Management in an Application Security World
Dan Cornell

Video | Slides

Synergy! A world where the tools communicate
Josh Abraham

Video | Slides

4:45-4:50 Break
4:50-5:55 The Entrepreneur’s Guide to Career Management
Lee Kushner

Video | Slides

Advanced SSL: The good, the bad, and the ugly
Michael Coates

Video | Slides

When Web 2.0 Attacks – Understanding Security Implications of AJAX Flash and Highly Interactive Technologies
Rafal Los

Video | Slides

Threat Modeling
John Steven

Video | Slides

User input piercing for Cross Site Scripting Attacks
Matias Blanco

Video | Slides

6:00-8:00 Cocktails and hors d’oeuvres in the EXPO Room (151)
Sponsored by AppSecDC2009-Sponsor-cenzic.gif

Talks 11/13

Day 2 – Nov 13th 2009
Process (146A) Attack & Defend (146B) Metrics (146C) Compliance (152A)
8:00-9:00 Registration & Coffee sponsored by AppSecDC2009-Sponsor-fyrm.gif
9:00-9:45 The Big Picture: Web Risks and Assessments Beyond Scanning
Matt Fisher

Video | Slides

Securing the Core JEE Patterns
Rohit Sethi/Krishna Raja

Video | Slides

The Web Hacking Incidents Database
Ryan C. Barnett

Video | Slides

Business Logic Automatons: Friend or Foe?
Amichai Shulman

Video | Slides

9:45-9:50 Break
9:50-10:35 Scalable Application Assessments in the Enterprise
Tom Parker/Lars Ewe

Video | Slides

Malicious Developers and Enterprise Java Rootkits
Jeff Williams

Video | Slides

Application security metrics from the organization on down to the vulnerabilities
Chris Wysopal

Video | Slides

SCAP: Automating our way out of the Vulnerability Wheel of Pain
Ed Bellis

Video | Slides

10:35-10:40 Break
10:40-11:25 Secure Software Updates: Update Like Conficker
Jeremy Allen

Video | Slides

Unicode Transformations: Finding Elusive Vulnerabilities
Chris Weber

Video | Slides

OWASP Top 10 – 2010
Release Candidate
Dave Wichers

Video | Slides

Secure SDLC: The Good, The Bad, and The Ugly
Joey Peloquin

Video | Slides

11:25-12:30 Hosted Lunch
12:30-1:15 Improving application security after an incident
Cory Scott

Video | Slides

The 10 least-likely and most dangerous people on the Internet
Robert Hansen

Video | Slides

Hacking by Numbers
Tom Brennan

Video | Slides

Federal CISO Panel


1:15-1:20 Break
1:20-2:05 Deploying Secure Web Applications with OWASP Resources
Sebastien Deleersnyder / Fabio Cerullo

Video | Slides

Automated vs. Manual Security: You can’t filter The Stupid
David Byrne/Charles Henderson

Video | Slides

Building an in-house application security assessment team
Keith Turpin

Video | Slides

2:05-2:20 Coffee break sponsored by AppSecDC2009-Sponsor-fyrm.gif
2:20-3:05 OWASP O2 Platform – Open Platform for automating application security knowledge and workflows
Dinis Cruz

Video | Slides

Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
Kevin Johnson, Justin Searle, Frank DiMaggio

Video | Slides

The OWASP Security Spending Benchmarks Project
Dr. Boaz Gelbord

Video | Slides

Promoting Application Security within Federal Government
Sarbari Gupta

Video | Slides

3:05-3:10 Break
3:10-3:55 Custom Intrusion Detection Techniques for Monitoring Web Applications
Matthew Olney

Video | Slides

Manipulating Web Application Interfaces, a new approach to input validation
Felipe Moreno-Strauch

Video | Slides

SANS Dshield Webhoneypot Project
Jason Lam

Video | Slides

Techniques in Attacking and Defending XML/Web Services
Mamoon Yunus/Jason Macy

Video | Slides

3:55-4:00 Break
4:00-4:15 Closing Remarks (146B)
Mark Bristow, Rex Booth, Doug Wilson
Video | Slides

OWASP AppSecEMEA 2009 Conference

OWASP EU 2009 – Here and Here

Conference – May 13

DAY 1 – MAY 13, 2009
Track 1: room Alfa 1 Track 2: room Alfa 2 Track 3: room Beta
08:00-08:50 Registration and Coffee
08:50-09:00 Welcome to OWASP AppSec 2009 Conference (PPT)Sebastien Deleersnyder, OWASP Foundation
09:00-10:00 Web App Security – The Good, the Bad and the Ugly (PPT)Ross Anderson, Professor in Security Engineering, University of Cambridge
10:00-10:45 OWASP State of the Union (PPT|video)Dinis Cruz, Dave Wichers & Sebastien Deleersnyder, OWASP Foundation
10:45-11:05 Break – Expo CTF Kick-OffAndrés Riancho
11:05-11:50 OWASP Live CD: An open environment for Web Application Security (PPT)Matt Tesauro, OWASP Live CD Project Leveraging agile to gain better security (PPT|video)Erlend Oftedal, Bekk Consulting The OWASP Orizon project: new static analysis in HiFi (PPT|video)Paolo Perego, Spike Reply
11:55-12:40 OWASP Application Security Verification Standard (ASVS) Project (PPT)Dave Wichers, Aspect Security Tracking the effectiveness of an SDL program: lessons from the gym (PPT|video)Cassio Goldschmidt, Symantec Corporation The Bank in the Browser – Defending web infrastructures from banking malware (PDF|video)Giorgio Fedon, Minded Security
12:40-14:00 Lunch – Expo – CTF
14:00-14:45 Threat Modeling (PPT)John Steven, Cigital Web Application Harvesting (PPT|video)Esteban Ribičić, tbd Maturing Beyond Application Security Puberty (PPT)David Harper, Fortify
14:50-15:35 Exploiting Web 2.0 – Next Generation Vulnerabilities (PDF)Shreeraj Shah, Blueinfy O2 – Advanced Source Code Analysis Toolkit (video)Dinis Cruz, Ounce Labs The Truth about Web Application Firewalls: What the vendors do not want you to know (PPT)Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity
15:35-15:55 Break – Expo – CTF
15:55-16:40 The Software Assurance Maturity Model (SAMM)(PPT)Pravir Chandra, Cognosticus Advanced SQL injection exploitation to operating system full control (PDF|video)Bernardo Damele Assumpcao Guimaraes, lead developer of sqlmap When Security Isn’t Free: The Myth of Open Source Security (PPT|video)David Harper, Fortify
16:45-17:45 Panel: SDLC: where do they work well, where do they fail? (PPT)Moderator: Cassio Goldschmidt – Panelists: Pravir Chandra, Bart De Win, John Steven, Dave Wichers

Conference- May 14

DAY 2 – MAY 14, 2009
Track 1: room Alfa 1 Track 2: room Alfa 2 Track 3: room Beta
08:00-09:00 Registration and Coffee
09:00-09:00 Fixing Internet Security by Hacking the Business ClimateBruce Schneier, Chief Security Technology Officer, BT
10:00-10:45 OWASP Projects (PPT|video)Dave Wichers & Dinis Cruz, OWASP Foundation
10:45-11:05 Break – Expo – CTF
11:05-11:50 OWASP “Google Hacking” Project (video)Christian Heinrich, OWASP “Google Hacking” Project Lead Deploying Secure Web Applications with OWASP ResourcesKuai Hinojosa, New York University (video) Beyond security principles approximation in software architectures (PPT|video)Bart De Win, Ascure
11:55-12:40 OWASP Enterprise Security API (ESAPI) Project(PPT|video)Dave Wichers, Aspect Security w3af, A framework to 0wn the web (PPT|Video)Andrés Riancho, Bonsai Information Security Brain’s hardwiring and its impact on software development and secure software (PDF|video)Alexandru Bolboaca & Maria Diaconu, Mosaic Works
12:40-14:00 Lunch – Expo – CTF
14:00-14:45 OWASP ROI: Optimize Security Spending using OWASP (PPT)Matt Tesauro, OWASP Live CD Project CSRF: the nightmare becomes reality? (PPT|video)Lieven Desmet, University Leuven I thought you were my friend Evil Markup, browser issues and other obscurities (PDF /PPT|video)Mario Heiderich, Business-IN
14:50-15:35 HTTP Parameter Pollution (PDF|video)Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity OWASP Source Code Flaws Top 10 Project (PPT|video)Paolo Perego, Spike Reply Business Logic Attacks: Bots and Bats (PPT|video)Eldad Chai, Imperva
15:35-15:55 Break – Expo – CTF
15:55-16:40 Factoring malware and organized crime in to Web application security (PDF1PDF2|video)Gunter Ollmann, Damballa Real Time Defenses against Application Worms and Malicious Attackers (PPT|video),Michael Coates, Aspect Security Can an accessible web application be secure? Assessment issues for security testers, developers and auditors (PPT|video)Colin Watson, Watson Hall Ltd
16:45-17:45 Panel: The Future of web application security (video)Moderator: Christian Heinrich, Panelists: tbd
17:45-18:00 Conference Wrap-Up & CTF AwardsDave Wichers, OWASP Foundation

Venue: Park Inn Hotel, Krakow

OWASP Israel 2008

Click Here

Room #1 Room #2
Management Track Fundamentals Track
9:15-10:00 Web Application Security and Search Engines – Beyond Google Hacking (ppt, video part 1, video part 2)
Amichai Shulman, Imperva
Application Security – The code analysis way (download ppt)
Maty Siman, Checkmark
10:00-10:45 No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler Using Traffic Profiling (watch video, download video)
Ivan Ristic, Breach Security
Black Box vs. White Box – pros and cons (download ppt)
Adi Sharabani & Yinnon Haviv, IBM
10:45-11:00 Break
11:00-11:45 Trends in Web Hacking: What’s hot in 2008 (ppt, watch video, download video)
Ofer Shezaf, Breach Security
AJAX – new technologies new threats (download ppt)
Dr. David Movshovitz, IDC
11:45-12:30 Testin g the Tester – Measuring Quality of Security Testing (ppt, download video)
Ofer Maor, Hacktics
GreenSQL – an open source database security gateway (download ppt)
Yuli Stremovsky
12:30-13:15 Lunch
Advanced Technology Track Practical Technology Track
13:15-14:00 Achilles’ heel – Hacking Through Java Protocols (ppt, watch video, download video)
Shai Chen, Hacktics
Defending against Phishing without Client-side Code (ppt, watch video, download video)
Prof. Amir Herzberg, Bar-Ilan University
14:00-14:45 Cryptographic elections – how to simultaneously achieve verifiability and privacy (download pdf)
Dr. Alon Rosen, IDC
.NET Framework rootkits – backdoors inside your Framework (download ppt)
Erez Metula, 2Bsecure
14:45-15:00 Break
15:00-15:45 Automated Crawling & Security Analysis of Flash/Flex based Web Applications (download ppt)
Ronen Bachar, IBM
Korset: Code-based Intrusion Detection System for Linux (download pdf)
Ohad Ben-Cohen
15:45-16:30 Turbo talks (Rump Session), Currently scheduled presentations:

  • Yossi Oren, Automatic Patch-Based Exploit Generation (APEG) (download ppt)
  • Avi Weissman, Introduction to the Israeli Forum for Information Security (ISIF)
  • Robert Moskovitch, Detection of Unknown Malicious Code via Machine Learning (download pdf)
  • Yaniv Miron, Comsec, UTF7 XSS (download ppt)
  • Shay Zalalichin & Avi Douglen, Comsec, Breaking CAPTCHA Myths (download ppt)

Closing Words, Ofer Shezaf

OWASP AppSecUSA 2008 Conference

Click Here

DAY 1 – SEPT 24TH, 2008

07:30-08:50 Doors Open for Attendee/Speaker Registrationavoid lines come early get your caffeine fix and use free wifi
09:00-09:45 OWASP Version 3.0 who we are, how we got here and where we are going?
OWASP Foundation: Jeff Williams, Dinis Cruz, Dave Wichers, Tom Brennan, Sebastien Deleersnyder

Dave Wicher’s Slides / Jeff William’s Slides / Dinis Cruz’s Slides

10:00-10:45 Analysis of the Web Hacking Incidents Database (WHID)
Ofer Shezaf
Web Application Security Road Map
Joe White
DHS Software Assurance Initiatives
Stan Wisseman & Joe Jarzombek
11:00-11:45 Http Bot Research
Andre M. DiMino – ShadowServer Foundation
OWASP “Google Hacking” Project
Christian Heinrich
MalSpam Research
Garth Bruen
12:00-13:00 Capture the Flag Sign-UpLUNCH – Provided by event sponsors @ TechExpo
12:00-12:45 Get Rich or Die Trying – Making Money on The Web, The Black Hat Way
Trey Ford, Tom Brennan, Jeremiah Grossman
Framework-level Threat Analysis: Adding Science to the Art of Source-code review
Rohit Sethi & Sahba Kazerooni
Automated Web-based Malware Behavioral Analysis
Tyler Hudak
13:00-13:45 New 0-Day Browser Exploits: Clickjacking – yea, this is bad…
Jeremiah Grossman & Robert “RSnake” Hansen
Web Intrusion Detection with ModSecurity
Ivan Ristic
Using Layer 8 and OWASP to Secure Web Applications
David Stern & Roman Garber
14:00-14:45 Application Security Industry Outlook Panel:
Jim Routh CISO DTCC,
Sunil Seshadri CISO NYSE-Euronet,
Joe Bernik SVP, RBS Americas,
Jennifer Bayuk Infosec Consultant,
Philip Venables CISO, Goldman Sachs,
Carlos Recalde SVP, Lehman Brothers,
Moderator: Mahi Dontamsetti
Security Assessing Java RMI
Adam Boulton
JBroFuzz 0.1 – 1.1: Building a Java Fuzzer for the Web
Yiannis Pavlosoglou
15:00-15:45 OWASP Testing Guide – Offensive Assessing Financial Applications
Daniel Cuthbert
Flash Parameter Injection (FPI)
Ayal Yogev & Adi Sharabani
w3af – A Framework to own the web
Andrés Riancho
16:00-16:45 OWASP Enterprise Security API (ESAPI) Project
Jeff Williams
Cross-Site Scripting Filter Evasion
Alexios Fakos
Multidisciplinary Bank Attacks
Gunter Ollmann
17:00-17:45 Open Discussion On Application Security
Joe Bernik & Steve Antoniewicz
Mastering PCI Section 6.6
Taylor McKinley and Jacob West
Case Studies: Exploiting application testing tool deficiencies via “out of band” injection
Vijay Akasapu & Marshall Heilman
18:00-18:45 Spearfishing and the OWASP Live CD
Joshua Perrymon
Phundamental Security – Coding Secure w/PHP
Hans Zaunere
Payment Card Data Security and the new Enterprise Java
Dr. B. V. Kumar & Mr. Abhay Bhargav
19:00-20:00 OWASP Chapter Leader / Project Leader working session
OWSAP Board/Chapter Leaders
(ISC)2 Cocktail Hour
All welcome to attend for a special announcement presented by:
W. Hord Tipton, Executive Director of (ISC)2
Technology Movie Night
Sneakers, WarGames,HackersArePeopleToo,TigerTeam
from 19:00 – 23:00
20:00-23:00+ OWASP Event Party/Reception
Event badge required for admission
Food, Drinks w/ New & Old Friends – break out the laptop and play capture the flag for fun and prizes.

DAY 2 – SEPT 25TH, 2008

08:00-10:00 BREAKFAST – Provided by event sponsors @ TechExpo
08:00-08:45 Software Development and Management: The Last Security Frontier
W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS and former Chief Information Officer for the U.S. Department of the Interior Executive Director and member of the Board of Directors, (ISC)²
Best Practices Guide for Web Application Firewalls
Alexander Meisel
The Good The Bad and The Ugly – Pen Testing VS. Source Code Analysis
Thomas Ryan
09:00-09:45 OWASP Web Services Top Ten
Gunnar Peterson
Red And Tiger Team Application Security Projects
Chris Nickerson
OpenSource Tools
Prof. Li-Chiou Chen & Chienitng Lin, Pace Univ
10:00-10:45 Building a tool for Security consultants: A story of a customized source code scanner
Dinis Cruz
“Help Wanted” 7 Things You Need to Know APPSEC/INFOSEC Employment
Lee Kushner
Industry Analysis with Forrester Research
Chenxi Wang
11:00-11:45 Software Assurance Maturity Model (SAMM)
Pravir Chandra
Security in Agile Development
Dave Wichers
Secure Software Impact
Jack Danahy
12:00-12:45 Next Generation Cross Site Scripting Worms
Arshan Dabirsiaghi
Security of Software-as-a-Service (SaaS)
James Landis
Open Reverse Benchmarking Project
Marce Luck & Tom Stracener
12:00-13:00 Capture the Flag StatusLUNCH – Provided @ TechExpo
13:00-13:45 NIST and SAMATE Static Analysis Tool Exposition (SATE)
Vadim Okun
Lotus Notes/Domino Web Application Security
Jian Hui Wang
Shootout @ Blackbox Corral
Larry Suto
14:00-14:45 Practical Advanced Threat Modeling
John Steven
The OWASP Orizon Project: towards version 1.0
Paolo Perego
Building Usable Security
Zed Abbadi
15:00-15:45 Off-shoring Application Development? Security is Still Your Problem
Rohyt Belani
OWASP EU Summit Portugal
Dinis Cruz
A Security Architecture Case Study
Johan Peeters
16:00-16:45 Vulnerabilities in application interpreters and runtimes
Erik Cabetas
Cryptography For Penetration Testers
Chris Eng
Memory Corruption and Buffer Overflows
Dave Aitel
17:00-17:45 Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles
18:30-19:30 OWASP Foundation, Chapter Leader Meeting – to collect ideas to make OWASP better!


OWASP SnowFROC from Denver, CO 2009
MARCH 5, 2009
07:30-08:30 Registration and Continental Breakfast in the Sponsor Expo Room
08:30-08:35 Welcome to SnowFROC AppSec 2009 ConferenceDavid Campbell, OWASP Denver
08:35-09:45 Keynote: “Top Ten Web Hacking Techniques of 2008: What’s possible, not probable”Jeremiah Grossman, Whitehat Security


09:45-10:15 OWASP State of the UnionTom Brennan, OWASP Board
10:15-10:30 Break – Expo – CTF – Beatz by DJ Jackalope
Management / Executive Track: Room 1 Deep Technical Track: Room 2
10:30-11:15 Doing More with Less: Automate or DieEd Bellis, Orbitz


“Poor Man’s Guide to Breaking PKI: Why You Don’t Need 200 Playstations”Mike Zusman, Intrepidus Group
11:15-12:00 “A Legal Minimum Standard of Due Care: The CAG and the Top 25 Most Dangerous Programming Errors”Alan Paller, SANS “Adobe Flex, AMF 3 and BlazeDS: An Assessment”Kevin Stadmeyer, Trustwave


12:00-13:00 Lunch – Expo – CTF – Beatz by DJ Jackalope
Management / Executive Track: Room 1 Deep Technical Track: Room 2
13:00-13:50 “Building an Effective Application Security Program”Joey Peloquin, Fishnet Security


“Bad Cocktail: Spear Phishing + Application Hacks”Rohyt Belani, Intrepidus Group


13:50-14:50 “Automated vs. Manual Security: You can’t filter The Stupid”David Byrne & Charles Henderson, Trustwave


“SQL injection: Not only AND 1=1”Bernardo Damele Assumpcao Guimaraes, Portcullis Computer Security Ltd.


14:50-15:00 Break – Expo – CTF – Beatz by DJ Jackalope
15:00-15:50 “Security Policy Management: Best Practices for Web Services and Application Security”Ray Neucom, IBM


“Vulnerability Management in an Application Security World”Dan Cornell & John Dickson, Denim Group


15:50-16:30 Panel: Emerging Threats and Enterprise CountermeasuresModerator: John Dickson
Panelists: Alan Paller, Joey Peloquin, Rohyt Belani, Ed Bellis, Laz, Ray Neucom
16:30-17:30 Conference Wrap Up, CTF Awards & Sponsor Raffles – CTF – Beatz by DJ Jackalope
17:30-21:00 OWASP Social Gathering: Dinner and Drinks @ TBD

OWASP Minneapolis/St. Paul (OWASP MSP)

Presentations from the OWASP Minneapolis-St. Paul (OWASP MSP) chapter events hosted in the Twin Cities area of Minnesota are now on their own page. Please visit OWASPMSP_Videos page for links to them. Some of the presenters include Pravir Chandra, Bruce Schneier, Jeremiah Grossman, Ryan Barnett, and many others.

Black Hat 2006

From Black Hat 2006:

Dinis Cruz @ BlackHat 2006 with FSTV
Dinis Cruz, leader of the OWASP.NET project joins us to talk about .NET, web security tools, the future of OWASP, and Open Source Software. OWASP – 30 min – Aug 30, 2006

AppSec Washington 2005

From the 2nd U.S. OWASP Conference held Oct 11-12, 2005 – Day 1:

OWASP Intro: Dave Wichers – Key Note Day 1: Joe Jarzombek – Dir. of Software Assurance – DHS – Software Assurance: Considerations for Advancing a National Strategy to Secure Cyberspace & Ron Ross -FISMA Project Lead – NIST – Status of the Federal Information Security Management Act (FISMA) Project. OWASP – 2 hr 7 min – Oct 11, 2005
OWASP Jack Danahy – The Business Case for Software Security Assurance. OWASP – 1 hr 2 min – Oct 11, 2005
OWASP Arian Evans – The OWASP Tools Survey Project. OWASP – 1 hr 18 min – Oct 11, 2005
OWASP Diniz Cruz – Rooting the CLR. OWASP – 1 hr 22 min – Oct 11, 2005
OWASP Paul Black – NIST – Developing a Reference Dataset & Rick Kuhn – NIST – Software Fault Interactions. OWASP – 1 hr 9 min – Oct 11, 2005
OWASP Alex Smolen – Application Logic Defense. OWASP – 36 min – Oct 11, 2005
OWASP Daniel Cuthbert – OWASP Testing Guide Lead – The Evolution Web App Pen Testing. OWASP – 1 hr 11 min – Oct 11, 2005

The 2nd U.S. OWASP Conference Day 2:

OWASP Ira Winkler – Keynote Day 2: Secrets of Superspies & Jeremy Poteet – In the Line of Fire: Defending Highly Visible Targets. OWASP – 2 hr 2 min – Oct 12, 2005
OWASP Jeff Williams – OWASP Development Guide and OWASP Membership Plan. OWASP – 1 hr 12 min – Oct 12, 2005
OWASP Diniz Cruz – The .Net Tools Project. OWASP – 1 hr 15 min – Oct 12, 2005
OWASP Matt Fisher – Worms Now Targeting Web Applications. OWASP – 49 min – Oct 12, 2005
OWASP Rogan Dawes – Advanced Features of OWASP WebScarab. OWASP – 1 hr 24 min – Oct 12, 2005
OWASP John Steven – Building a Scalable Software Security Practice. OWASP – 1 hr 19 min – Oct 12, 2005
OWASP Gunnar Peterson – Integrating Identity Services into Web Apps. OWASP – 35 min – Oct 12, 2005

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s