Friday, November 16, 2007
OWASP & WASC AppSec 2007
AppSec 2007 was a blast. 200+ people filled eBay’s Town Hall enjoying nothing but web application security for two solid days (and nights). Can’t get that any place else and we even got some great press! If you weren’t able to attend, sorry you missed out. Don’t worry though - the conference slides will be posted on the websites shortly and within a couple of weeks the video will be made available too! This is fantastic because with just the slides a lot of the speaker’s insights are lost.
Speaking of the speakers, a huge concentration of the brightest webappsec minds from literally all over the world in were in attendance. pdp, Chris Wysopal, Ryan Barnett, Tom Stripling, RSnake, Sheeraj Shah, Arian Evans, Ofer Maor, Tom Stracener, Stefano Di Paola, and even Samy made an appearance. Judging from the feedback this took the event up to a new level. The web application expertise in the house was tremendous and few questions could go unanswered.
I personally got to meet and hang out with a lot of new people from Microsoft, Google, Cisco, eBay, PayPal, Oracle, Symantec, and even the U.S. Secret Service. Much of the time the hallway and after-party conversations are just as valuable to me as the conference content. Building relationships and learning more about people’s everyday webappsec challenges are my take away because these are the things I go home and try to later solve.
A lot of great pictures were taken, especially by Garrett Gee and Wayne Huang. I expect them to pop online up over the next week. When anyone posts their pics, please comment here or let me know so we can link to them. Pravir Chandra, Dave Wichers (and staff), Gunnar Peterson, Anurag Agarwal, Brian Bertacini, and the rest of the volunteers did a stellar job organizing the event, parties, and exhibits. As a result of their hard work everyone who attended had a really good time and learned a lot.
And finally a big thank you to all the sponsors who made the event possible. Aspect, Fortify, PayPal, eBay, OunceLabs, Breach, WhiteHat Security, IO Active, Art of Defense, Cenzic, AppliCure, Watchfire, Armoize, F5, Veracode, and Cisco. The vendor technology expo added that extra dimension of content to event that many benefited by and something that people don’t get to experience first hand elsewhere.