[Owasp-bayarea] Final Reminder - Bay Area OWASP Application Security Summit -Feb25th

Mandeep Khera mkhera at owasp.org
Tue Feb 23 21:45:45 EST 2010



This is the final reminder for the Bay Area OWASP Application Security
Summit on Feb 25th. The registration will close tomorrow (Feb 24th) at 1 PM.
Please register before then. 


Final agenda is attached below.


Best regards,

Mandeep Khera



From: Mandeep Khera [mailto:mkhera at owasp.org] 
Sent: Wednesday, February 17, 2010 2:46 PM
To: owasp-bayarea at lists.owasp.org
Cc: 'Mandeep Khera'; Mandeep Khera; Richard.Chow at parc.com;
mitchell at cs.stanford.edu; vishal.sikka at sap.com; abdul.razack at sap.com;
dawnsong at cs.berkeley.edu; jbau at stanford.edu; 'Bitterle, Barbara'; Lars Ewe;
'Dianne Gutierrez'
Subject: Bay Area OWASP Application Security Summit - Feb 25th 


Greetings Security Professionals,

OWASP Bay Area will host its next Application Security Summit at the Fujitsu
Offices in Sunnyvale on February 25th. As usual attendance is free and food
and beverages will be provided. This will be an awesome event and a great
opportunity to network with industry peers. The event is open to the public;
please forward this invite to your colleagues and friends who are interested
in computer and application security. We have an excellent line-up of

Please note that due to security issues, your must pre-register. The
registration will ask you for citizenship/permanent residence status as
well. Badges will be ready for the registered attendees at the lobby where
you will check in. 

WHAT: OWASP Bay Area Chapter - Application Security Summit
WHEN: Thursday, February 25th, 2010 - From 1 P.M. to 8.00 P.M. (including a
reception from 6.00 to 8.00)
WHERE: Fujitsu Offices, Sunnyvale - See below for directions


1:00 PM - 1:15 PM ... Check-in, registration, networking
1:15 PM - 1:30 PM ... Welcome Remarks and Overview of OWASP Bay Area -
Mandeep Khera, Bay Area Chapter Leader
1:30 PM - 2:15 PM ... Keynote - Vishal Sikka, CTO, SAP
2:15 PM - 3:00 PM ... WebBlaze: New Techniques and Tools for Web Security -
Dawn Song, Associate Professor, UC Berkeley
3:00 PM - 3:30 PM ... Networking Break, refreshments
3:30 PM - 4:00 PM ... State of the Art: Automated Black-Box Web app testing-
Prof. John Mitchell, Stanford University and Jason Bau, PH.D. Student,
4:00 PM - 4:30 PM ... Controlling Data in the Cloud: Outsourcing Computation
without Outsourcing Control - Richard Chow, PARC
4.30 PM - 4.45 PM ... Mini Break
4.45 PM - 6.00 PM ... Panel - App Security issues - Cloud Security, Inertia
with App Security, Future of App Security - Q&A from the audience -
Panelists: Prof. Dawn Song; 
                                      Richard Chow; Prof. John Mitchell,
Lars Ewe, CTO, Cenzic; Moderator: Mandeep Khera
6.00 PM - 8.00 PM ... Networking Reception - Dinner and Drinks!

Venue and Directions:

Fujitsu Sunnyvale Campus (Building H)
1250 E. Arques Avenue
Sunnyvale, CA 94085

Fujitsu Policy : Please note that you will be asked to sign and write down
your country of citizenship in order to comply with US Customs regulations
and C/TPAT (Customs Trade Partnership Against Terrorism) certifications. As
part of the compliance, we regrettably are not able to allow attendance to
those who hold the citizenship of Cuba, Iran, North Korea, Sudan, or Syria
without a US Green Card. We sincerely apologize for any inconvenience this
may cause.



Please RSVP by registering at http://owaspbayarea-feb2010.eventbrite.com/

Special thanks to Sree Rajan of Fujitsu for hosting this event and to Cenzic
<http://www.cenzic.com/> , AppSec <http://www.appsecconsulting.com/>
Consulting, and Fujitsu <http://www.fujitsu.com/us/>  for sponsoring. 

Best regards,
Mandeep Khera



From:San Jose, Morgan Hill

. Take 101 North to Lawrence Expy..
. Exit Lawrence Expy and go south (tum left).
. Take a left on Arques
. Fujitsu Silicon Valley Campus is located on the right side after the fitst

From: Palo Alto, San Francisco

. Take 101 South to Lawrence Expy
. Exit Lawrence Expy and go south (tum right).
. Take a left on Arques.
. Fujitsu Silicon Valley Campus is located on the light side after the first
stop light

From: Milpitas

. Take 237 West to Lawrence Expy
. Exit Lawrence Expy/Caribbean Dr exit and head straight to exit on Lawrence
. Take a left on Arques ..
. Fujitsu Silicon Valley Campus is located on the right hand side after the
first stoplight

From: Mountain View

. Take 237 East to Lawrence Expy
. Exit Lawrence Expy and go south (tum tight).
. Take a left on Arques  
. Fujitsu Silicon Valley Campus is located on the right  after first

Detailed Abstracts and Speaker Bios


Bio - Vishal Sikka, CTO, SAP
Vishal Sikka is chief technology officer (CTO), and member of the Executive
Board of SAP AG.  Sikka's responsibilities include defining the company's
technology and architecture strategy and product standards across the entire
SAP product portfolio; driving innovation, user-experience, and design;
introducing emerging technologies; and leading advanced development of  the
SAP next-generation technology platform, applications, and tools. Sikka also
oversees key technology partnerships, customer co-innovation, and incubation
of emerging businesses. He has global responsibility for the SAP Research
organization and academic and government relations, and is an executive
sponsor of the SAP Labs network.   

Prior to being appointed the first CTO of SAP, Sikka was the chief software
architect at SAP, responsible for the SAP technology and architecture road
map, before which he was responsible for the advanced technology group. 

Before joining SAP, Sikka was area vice president for platform technologies
at Peregrine Systems, where he was responsible for developing Peregrine's
(Remedy Corp) application platform, including development tools and
lifecycle management.  Sikka joined Peregrine following the acquisition of
his startup Bodha, Inc., where he served as founder and CEO. 

Sikka holds a doctorate in computer science from Stanford University in
California, and his experience includes research in automatic programming,
information and application integration, and artificial intelligence at
Stanford, at Xerox Palo Alto Labs, and at two startup companies.

WebBlaze: New Techniques and Tools for Web Security 
I will present the WebBlaze project, aiming at designing and developing new
techniques and tools to improve web security. WebBlaze's new technologies
cover a broad range including new architectural solutions for defending
against cross-site scripting attacks, tools for detecting and defending
against cross-origin JavaScript capability leaks which lead to universal
cross-site scripting attacks, and new approaches for secure  browser
extensions and web advertisements. 

In this talk, I will focus on two sample techniques in WebBlaze: (1) dynamic
analysis and symbolic reasoning of JavaScript to detect client-side input
validation vulnerabilities; (2) program binary analysis to extract
security-related models from browsers to detect new classes of
vulnerabilities such as content-sniffing vulnerabilities. Our techniques and
tools have discovered previously unknown vulnerabilities in browsers and
popular web applications. Some of the solutions in WebBlaze have been
adopted by mainstream browsers and industry standards and deployed on
millions of machines. 

Bio - Prof. Dawn Song
Dawn Song is an Associate Professor in the department of Electrical
Engineering and Computer Science at University of California, Berkeley. She
obtained her B.S. in Physics from Tsinghua University in China in 1996, her
M.S. in Computer Science from Carnegie Mellon University in 1999, and her
Ph.D. in Computer Science from UC Berkeley in 2002. Prior to joining UC
Berkeley, she was an Assistant Professor at Carnegie Mellon University from
2002 to 2007.

Her research interest lies in security and privacy issues in computer
systems and networks, including areas ranging from software security,
networking security, database security, distributed systems security, to
applied cryptography.  She is the recipient of various awards including the
NSF CAREER Award, the Alfred P. Sloan Research Fellowship Award, the IBM
Faculty Award, the George Tallman Ladd Research Award, the Okawa Foundation
Research Award, and the Li Ka Shing Foundation

Women in Science Distinguished Lecture Series Award. She is also the author
of multiple award papers in top security conferences, including the Best
Paper Award at the USENIX Security Symposium and the Highest Ranked Paper
Award at the IEEE Symposium on Security and Privacy.  Recently she was
awarded the MIT Technology Review TR-35 Award, recognizing her as one of the
world's top innovators under the age of 35.

State of the Art: Automated Black-Box Web app testing 

Black-box web application vulnerability scanners are automated tools that
probe web applications for security vulnerabilities. In order to assess the
current state of the art, we obtained access to eight leading tools and
carried out a study of: (i) the class of vulnerabilities tested by these
scanners, (ii) their effectiveness against target vulnerabilities, and (iii)
the relevance of the target vulnerabilities to vulnerabilities found in the
wild. To conduct our study we used a custom web application vulnerable to
known and projected vulnerabilities, and previous versions of widely used
web applications containing known vulnerabilities. Our results show the
promise and effectiveness of automated tools, as a group, and also some
limitations. In particular, "stored" forms of Cross Site Scripting (XSS) and
SQL Injection (SQLI) vulnerabilities are not currently found by many tools.
Because our goal is to assess the potential of future research, not to
evaluate specific vendors, we will not report comparative data or make any
recommendations about purchase of specific tools.

Bio - Prof. John Mitchell
John Mitchell is the Mary and Gordon Crary Family Professor in the Stanford
Computer Science Department. His research in computer security focuses on
web security, network security, privacy, and distributed authorization
management. He has also worked on programming language analysis and design,
formal methods, and applications of mathematical logic to computer science.
Prof. Mitchell currently leads research projects funded by the US Air Force,
the Office of Naval Research, private companies and foundations, and he is
the Stanford Principal Investigator of the multidisciplinary TRUST NSF
Science and Technology Center. He is a consultant and advisor to a number of
companies and is the author of over 140 research articles and two books.

Controlling Data in the Cloud: Outsourcing Computation without Outsourcing
Cloud computing is clearly one of today's most enticing technology areas.
However, despite the surge in activity and interest, there are significant,
persistent concerns about cloud computing that are impeding momentum and
will eventually compromise the vision of cloud computing as a new IT
procurement model. In this survey talk, we characterize the problems and
their impact on adoption. In addition, we describe some existing research
thrusts with the potential to alleviate some of the concerns impeding

Bio - Richard Chow
Richard Chow works in the security and privacy group at the Palo Alto
Research Center. Richard is interested in systems security, fraud detection,
and privacy. Some of his achievements include architecting Yahoo!'s
click-fraud protection system and the security and DRM components for
Motorola's first Java-based phone platform. He has played a lead role at
three startups and was also a founder of Trusted Systems Laboratories, which
brought high-assurance security systems to the commercial market. Richard
received his Ph.D. in Mathematics from UCLA.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bayarea/attachments/20100223/b9946384/attachment-0001.html 

More information about the Owasp-bayarea mailing list