13 November 2009

OWASP AppSec DC 2009 - Part 1

Following an encouraging discussion of the Building Security In initiative of the US Department of Homeland Security by Joe Jarzombek, Director for Software Assurance in the National Cyber Security Division, and a short presentation from the Open Web Application Security Project (OWASP) board, OWASP AppSec DC 2009 got underway.

Partial photo of the first day's agenda at OWASP AppSec DC 2009

The conference had four streams on the first day:

  • OWASP
  • Tools
  • Web 2.0
  • SDLC

This made choosing which presentations to attend difficult, but I settled on:

  • Understanding the Implications of Cloud Computing on Application Security, Dennis Hurst.
    Briefing on the upcoming second version of the guidance document from the Cloud Security Alliance.
  • Transparent Proxy Abuse, Robert Auger
    The lifecycle, explanation and demonstration of an unexpected weakness in transparent proxies.
  • OWASP ModSecurity Core Rule Set Project, Ryan Barnett
    Briefing on ModSecurity web application firewall (WAF) and the changes in the recently issued v2 rule set which is now an OWASP Project.
  • Defend Yourself: Integrating Real Time Defenses into Online Applications, Michael Coates
    An update on the OWASP AppSensor Project and two example implementations demonstrating how the AppSensor responds to an automated scanner, and how it could suppress application worm propagation.
  • The ESAPI Web Application Firewall, Arshan Dabirsiaghi
    Demonstration of code built upon the OWASP ESAPI Project to apply virtual patches to an application built in Java.
  • Attacking WCF Web Services, Brian Holyfield
    Description of .NET core communications framework and how messages can be intercepted, decoded and modified.
  • When Web 2.0 Attacks – Understanding Security Implications of Highly Interactive Technologies, Rafal Los
    Issues and examples of how Web 2.0 is reinventing old faults.

The presentations will be available on the conference web site.

Auditorium room 146A during the presentation about the ESAPI Web Application Firewall

The day ended with a generously sponsored reception for delegates to network further and practice penetration testing.

Red/blue team penetration testing during the reception at the end of the first day

Update 14th November 2009: Part 2 added.

Posted on: 13 November 2009 at 14:20 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
OWASP AppSec DC 2009 - Part 1
http://www.clerkendweller.com/2009/11/13/OWASP-AppSec-DC-2009--Part-1
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2009/11/13/OWASP-AppSec-DC-2009--Part-1
Requested by 38.107.179.222 on Saturday, 4 February 2012 at 22:00 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2009-2012 clerkendweller.com