Disclaimer: If I don’t pick your talk it doesn’t mean I don’t like you or the material. :) It might be that I’ve already seen it and/or familiar with the content.
Day 1
Web Application Security Road Map - Joe White
Because its initiatives like this one that will eventually serve as a template for other organizations to follow.
Http Bot Research - Andre M. DiMino - ShadowServer Foundation
I have a soft spot for bots, seemed interesting, and wanted to see what data they have.
Get Rich or Die Trying - Making Money on The Web, The Black Hat Way - Trey Ford, Tom Brennan, Jeremiah Grossman
Well, you know, I sorta have to be there. :)
New Exploit Techniques - Jeremiah Grossman & Robert "RSnake" Hansen
One of those presentations exposing what Web attacks in the next 12-18 month will look like. We’ve purposely kept really quiet about what we plan to demonstrate, but its certainly going to make people a little nervous. :)
Industry Outlook Panel
Curious about what these folks have on their mind.
Multidisciplinary Bank Attacks - Gunter Ollmann
Good speaker and I enjoy hacking backs. :)
Case Studies: Exploiting application testing tool deficiencies via "out of band" injection
I have no idea, though appeared to be an interesting topic
w3af - A Framework to own the web - Andres Riancho
I'd like to see this tool demonstrated and understand what it can really do.
Coding Secure w/PHP - Hans Zaunere
Want to see more about how this is done. It can be right?
Day 2
Best Practices Guide: Web Application Firewalls - Alexander Meisel
A big toss up between this one and Pen Testing VS. Source Code Analysis, but had to go with the WAFs. Wanted to see what their point of view is and the guidance they're suggesting.
APPSEC Red/Tiger Team Projects - Chris Nickerson
Sounded cool, that’s about it.
Industry Analyst with Forrester Research - Chenxi Wang
It’s always good to know how the certain enterprises will be influenced
Security in Agile Development - Dave Wichers
As before, is this possible? And if so, how!? TELL ME!
Next Generation Cross Site Scripting Worms - Arshan Dabirsiaghi
cmon Arshan, no holding back. Give me the next NEXT generation XSS worms! :)
NIST SAMATE Static Analysis Tool Exposition (SATE) - Vadim Okun
Tools lined-up side-by-side and tested always interested me.
Practical Advanced Threat Modeling - John Steven
It's been a while since I attended a threat modeling talk, especially one targeted towards webappsec, which I hope this is.
Off-shoring Application Development? Security is Still Your Problem - Rohyt Belani
Uh yap it is, but what to do about it is the question. Hopefully Rohyt will answer that one.
Flash Parameter Injection (FPI) - Ayal Yogev & Adi Sharabani
Flash security is HUGE! HUGE I SAY!
Most of these speakers I've never seen present before, which I find refreshing. New talent, new ideas, and shows an emerging industry. Good luck everyone!
7 comments:
Yah will be a tough time to decide which one I want to see when there are others on at the same time
yeah. there's still a time to think
fyi - chris nickerson i believe was one of the guys who was on that short-lived "tiger team" series on court tv.
AHAHAH. Wow, I accidentally skipped over your hour. I'll be there!
Arshan, if you mess with Jeremiah's Polynesian ancestry, then you are messing with me too! I got my eye on you Arshan.....
Seems to be Grossman operates a tight ship called favouritism.
All aboard!!!
The conference is flying by. Totally agree with Jeremiah that it is jam packed with awesome presentations. I've been blogging up notes and information on the presentations that I've been to at http://www.webadminblog.com in case you went to something different and want to see what was presented elsewhere.
Post a Comment