[Owasp-twincities] MN OWASP One Day Conference - Oct 21st, 2008

Lorna Alamri lorna.alamri at owasp.org
Tue Oct 7 10:58:36 EDT 2008

*You're invited to attend the 1st ever MN OWASP Conference on October 21st.
We're very excited out the line up of internationally known speakers we were
able to bring together for this one day of Application Security talks.  The
local MN OWASP chapter is hosting this event which we've brought to you at a
nominal fee of $25.00 per person which includes lunch.  Seating is limited
and we expect this event to sell out. On site registration the day of the
event  is not expected to be available so please register prior to the event
to guarantee your seat at this event.


8:00 - 9:00


9:00 – 9:30 am

Kuai Hinojosa

OWASP MN President

Conference introduction

9:30 – 10:30 am

Jeff Williams

CEO, Aspect Security
OWASP founder; Chair, OWASP Foundation

Application security is getting more complicated every day with increasing
connectivity, more mixing of code and data, more parsers, more interpreters,
more assets, and more functionality available. We have to take steps now to
simplify the problem. So if you're tired of securing one application at a
time, and wrestling with the same vulnerabilities again and again,
establishing your organization's ESAPI is one of the best things you can do.

10:30 – 11:00 am

Arshan *Dabirsiaghi*

Director of Research, Aspect Security

Many of the challenges we face in application security could be solved at an
architectural layer without trying to accomplish the impossible task of
fixing millions of websites with billions of lines of code behind them. The
OWASP Intrinsic Security Working Group is a new OWASP effort focused on
addressing root causes of application security problems and fixing them
where it's easiest.

11:00 - 12:30


12:30 - 1:30 pm

Anil Kumar Revuru


Microsoft Connected Information Security Framework (CISF) and Tools
Description: The Connected Information Security Group, part of Microsoft
internal Information Security organization are working on a technology
framework and set of applications to support corporate information security
management programs. This presentation provides a short overview of the
problem space and current thinking on our approach to solving it.

1:30 - 2:30 pm

Brian Chess

Fortify Software

Creating secure code requires more than just good intentions. Programmers
need to know how to make their code safe in an almost infinite number of
scenarios and configurations. Static source code analysis gives users the
ability to review their work with a fine tooth comb and uncover the kinds of
errors that lead directly to vulnerabilities. This talk frames the software
security problem and shows how static analysis is part of the solution.

2:30 - 3:00 pm


3:00- - 4:00 pm

Elliot Glazer


Information Security Architecture Layers and Key Processes
Information Security Architecture is driven by an Information Security
Strategy and Principles. It is also critical the architecture support the
Business Strategy:
Security Functional Architecture
Security Technical Architecture
Security Reference Architecture
Security Technology Lifecycle
Security Program Implementation Planning

4:00 – 5:00 pm

Corey Benninger

Intrepidus Group

Exploring the how poor application security mixed with a phishing is leading
to a costly cocktail of disaster. This talk will go over real world examples
of phishing attacks that have taken advantage of cross site scripting flaws,
SQL injection vulnerabilities, session fixation attacks, and others web
application flaws. Learn what phishers are doing to take their attacks to
the next level by chaining multiple vulnerabilities together. The
presentation will also share resources that help to track phishing trends
and research

5:00 – 5:15 pm

Richard Stallman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-twincities/attachments/20081007/d21c5f4f/attachment-0001.html 

More information about the Owasp-twincities mailing list