OWASP NYC AppSec 2008 Video

For those that weren’t able to attend the OWASP NYC Appsec 2008 Conference, the video from all the presentations are now online!

Intro

• OWASP 3.0 – Who We Are And How We Got Here by The OWASP Foundation

Track 1

• Analysis Of The Web Hacking Incident Database by Ofer Shezaf
• HTTP Bot Research by Steven Adair
• Get Rich Or Die Trying – Making Money on The Web, The Black Hat Way by Trey Ford, Tom Brennan, and Jeremiah Grossman
• New 0-Day Browser Exploits: Clickjacking by Jeremiah Grossman and Robert “RSnake” Hansen
• Application Security Industry Outlook Panel
• OWASP Testing Guide – Offensive Assessing Financial Applications by Daniel Cuthbert
• OWASP Enterprise Security API by Jeff Williams
• Open Discussion On Application Security by Joe Bernik and Steve Antoniewicz
• Spearfishing and the OWASP Live CD by Joshua Perrymon
• Software Development and Management: The Last Security Frontier by W. Hord Tipton
• OWASP Web Services Top Ten by Gunnar Peterson
• Building a tool for Security consultants – A story of customized source code scanner by Dinis Cruz
• Software Assurance Maturity Model by Pravir Chandra
• Next Generation Cross Site Scripting Worms by Arshan Dabirsiaghi
• NIST and SAMATE Static Analysis Tool Exposition by Vadim Okun
• Practical Advanced Threat Modeling by John Steven
• Off-shoring Application Development? Security is Still Your Problem by Rohyt Belani
• Vulnerabilities in application interpreters and runtimes by Erik Cabetas

Track 2

• Web Application Security Road Map by Joe White
• OWASP “Google Hacking” Project by Christian Heinrich
• Framework-level Threat Analysis: Adding Science to the Art of Source-code review by Rohit Sethi and Sahba Kazerooni
• Web Intrusion Detection with ModSecurity by Ivan Ristic
• Security Assessing Java RMI by Adam Boulton
• Cross-Site Scripting Filter Evasion by Alexios Fakos
• Mastering PCI Section 6.6 by Taylor McKinley and Jacob West
• Phundamental Security – Coding Secure /w PHP by Hans Zaunere
• Best Practices Guide for Web Application Firewalls by Alexander Meisel
• Red And Tiger Team Application Security Projects by Chris Nickerson
• “Help Wanted” 7 Things You Need to Know APPSEC/INFOSEC Employment by Lee Kushner
• Security in Agile Development by Dave Wichers
• Security of Software-as-a-Service by James Landis
• Lotus Notes/Domino Web Application Security by Jian Hui Wang
• The OWASP Orizon Project: towards version 1.0 by Paolo Perego
• OWASP EU Summit Portugal by Dinis Cruz
• Cryptography For Penetration Testers by Chris Eng

Track 3

• DHS Software Assurance Initiatives by Stan Wisseman and Joe Jarzombek
• MalSpam Research by Garth Bruen
• Automated Web-based Malware Behavioral Analysis by Tyler Hudak
• Using Layer 8 and OWASP to Secure Web Applications by David Stern and Roman Garber
• JBroFuzz 0.1 – 1.1: Building a Java Fuzzer for the Web by Yiannis Pavlosoglou
• w3af – A Framework to own the web by Andres Riancho
• Multidisciplinary Bank Attacks by Gunter Ollmann
• Case Studies: Exploiting application testing tool deficiencies via “out of band” injection by Vijay Akasapu and Marshall Heilman
• Payment Card Data Security and the new Enterprise Java by Dr. B. V. Kumar and Mr. Abhay Bhargav
• The Good The Bad and The Ugly – Pen Testing VS Source Code Analysis by Thomas Ryan
• Open Source Tools by Prof. Li-Chiou Chen and Chienintng Lin
• Inustry Analysis with Forrester Research by Chenxi Wang
• Secure Software Impact by Jack Danahy
• Open Reverse Benchmarking Project by Marce Luck and Tom Stracener
• Shootout @ Blackbox Corral by Larry Suto
• Building Usable Security by Zed Abbadi
• A Security Architecture Case Study by Johan Peeters
• Memory Corruption and Buffer Overflows by Dave Aitel

Closing

• Event Wrap-Up / Speaker & CTF Awards and Sponsor Raffles