Prize Ceremony and Closing Notes OWASP AppSec Research 2010

Prize Ceremony and Closing Notes

OWASP AppSec Research 2010

#OWASP #AppSecEu

torsdag, 2010 juli 08

Please, Enter the Stage!

• Mattias BerglingVice chair, budget

• Alan DavidsonStockholm University

• Stefan Pettersson Sponsoring coordinator

• Carl-Johan Bostorp Schedule and CTF

• Martin Holst Swende Coffee/lunch/dinner

• Michael BomanAttendee pack, beanies


Also ...

• Sebastien DeleersnyderOWASP Board

• Ulf MunkedalChapter leader Denmark

• Kåre PresttunChapter leader Norway

• Martin KnoblochCapture the Flag

• Kate HartmannOWASP Director

• Dave WichersOWASP Board

• Alison ShraderOWASP Accountant


Please, Enter the Stage!• Maryam Chenari

• Spyridon Dosis

• Irvin Homem

• Assem Nazar Hussain

• Yigezu Balcha Jorro

• Ioannis Kakavas

• Parvinder Kaur

• Mohammad Khodaei

• Elena Kozhemyak

• Mammo Meklit

• Chigozie Nwogu

• Ozan Safi

• Nazli Yasemin Sahin

• Qing Song Song

• Monica Vermatorsdag, 2010 juli 08

Conference Program, Wednesday June 23 (Beware of thieves – don’t leave your laptop unattended) Track 1 Track 2 Track 3 08:50 – 09:00 A Warm Welcome from OWASP! 09:00 – 10:00 Cross‐Domain Theft and the Future of

Browser Security Chris Evans and Ian Fette, Google

10:10 – 10:45 BitFlip: Determine a Data's Signature Coverage from Within the Application Heinrich Poehls, Univ. of Passau

CsFire: Browser‐Enforced Mitigation Against CSRF Desmet & De Ryck, Katholieke Univ. Leuven

Deconstructing ColdFusion Chris Eng, Veracode

10:45 – 11:10 Coffee Break + CTF kick‐off in the Gallery 11:10 – 11:45 Towards Building Secure Web Mashups

M Decat et al, Katholieke Univ. Leuven Automated vs. Manual Security: You Can't Filter "The Stupid" Byrne & Henderson, Trustwave

How to Render SSL Useless Ivan Ristic, Qualys

11:55 – 12:30 Busting Frame Busting Gustav Rydstedt, Stanford

Web Frameworks and How They Kill Traditional Security Scanning Hang & Andren, Armorize Technologies

The State of SSL in the World Michael Boman, Omegapoint

12:30 – 13:45 Lunch Break in the Gallery 13:45 – 14:20 Securing Web Applications with ESAPI

Ken Sipe, Perficient Beyond the Same‐Origin Policy Nagra & Samuel, Google

SmashFileFuzzer ‐ a New File Fuzzer Tool Komal Randive, Symantec

14:30 – 15:05 Security Toolbox for .NET Development and Testing Lindfors & König, Microsoft

Cross‐Site Location Jacking (XSLJ) (not really) Lindsay, Cigital, & Vela Nava, sla.ckers.org

Owning Oracle: Sessions and Credentials Henrique & Ocepek, Trustwave

15:05 – 15:30 Coffee Break in the Gallery 15:30 – 16:05 Value Objects a la Domain‐Driven

Security: A Design Mindset to Avoid SQL Injection and Cross‐Site Scripting Dan Bergh Johnsson, Omegapoint

New Insights into Clickjacking Marco Balduzzi, Eurecom

Session Fixation ‐ the Forgotten Vulnerability? Schrank et al, Univ. of Passau & SAP Research

16:15 – 17:00 Is Application Security a Losing Battle? Panel Discussion with Pravir Chandra, Johan Lindfors, Dave Wichers, and Dan Bergh Johnsson

… and then the Gala Dinner, starting 18:30!

The Speakers

Conference Program, Thursday June 24 (Beware of thieves – don’t leave your laptop unattended) Track 1 Track 2 Track 3 09:00 – 10:00 The Security Development Lifecycle –

The Creation and Evolution of a Security Development Process Steve Lipner, Microsoft

10:10 – 10:45 (New) The Anatomy of Real‐World Software Security Programs Pravir Chandra, Fortify

Promon TestSuite: Client‐Based Penetration Testing Tool Braber and Lysemose Hansen, Promon

A Taint Mode for Python via a Library Conti, Univ. Tecnológica Nacional and Russo, Chalmers Univ. of Technology

10:45 – 11:10 Coffee Break in the Gallery 11:10 – 11:45 Microsoft's Security Development

Lifecycle for Agile Development Nick Coblentz, OWASP Kansas City

Detecting and Protecting Your Users from 100% of all Malware – How? Anstis and Pogulievsky, M86 Security

OPA: Language Support for a Sane, Safe and Secure Web Rajchenbach‐Teller and Sinot, MLstate

11:55 – 12:30 Secure Application Development for the Enterprise: Practical, Real‐World Tips Michael Craigue, Dell

Responsibility for the Harm and Risk of Software Security Flaws Cassio Goldschmidt, Symantec

Secure the Clones: Static Enforcement of Policies for Secure Object Copying Jensen and Pichardie, INRIA

12:30 – 13:45 Lunch Break in the Gallery 13:45 – 14:20 Product Security Management in Agile

Product Management Antti Vähä‐Sipilä, Nokia

Hacking by Numbers Tom Brennan, WhiteHat Security and OWASP Foundation

Safe Wrappers and Sane Policies for Self Protecting JavaScript Magazinius et al, Chalmers Univ. of Technology

14:30 – 15:05 OWASP Top 10 2010 Dave Wichers, Aspect Security and OWASP Foundation

Application Security Scoreboard in the Sky Chris Eng, Veracode

On the Privacy of File Sharing Services Nikiforakis et al, Katholieke Univ. Leuven

15:05 – 15:30 Coffee Break in the Gallery 15:30 – 16:00 • Prize Ceremony (CTF & expo winners)

• Announcement of AppSec EU 2011 • Closing Notes

… and then 19 months of work is done. Hope you had a good time. Thanks everyone!


Please Stand Up!


Venue Services

• Linda BruhnHörs Catering

• Agneta Hollström &Ami HedbladConference Services

• Sound Team

• Film Team


And Of Course

• Johanna Perssonmy girlfriend who’s put up with all of this


Prize Ceremony1. Imperva

2. PortWise

3. High Performance Systems

4. F5

5. Google

6. Omegapoint

7. nixu

8. * Capture the Flag *



Trinity CollegeDublin, Ireland



AthensGreece


Documents

Prize Ceremony and Closing Notes OWASP AppSec Research 2010