We came, we saw, we concurred
Loosely Typed in Ohio

OWASP AppSec 2008: Day 3

Posted by Chris Green on September 24th, 2008

Today brought us the real meat of the week, conference day one. This is my first industry engagement and I found it quite easy to get registered, figure out where things are happening and understand the lay of the land. Quite a bit happening all at once; three different presentation tracks, a bustling vendor area, many coffee-and-tea stops (which I used frequently!), people moving all around, and just a lot of good energy around the building. To keep this on the lighter side, I’ll bullet out what presentations I chose with a quick comment.

  • DHS Software Assurance Initiatives: A thorough discussion on integrating security into the SDLC with government best practices. Keyed me into a lot of materials I’d like to read!
  • HTTP Bot Research: This was a great talk on botnets, past present and future by shadowserver. A lot of time was spent on the Georgia conflict and looking at the first botnet attack from the U.S. and the second from Russia. I really enjoyed it!
  • Get Rich or Die Trying - Making Money on The Web, The Black Hat Way: This was my (and Jon’s) favorite talk. It was a veiled comic presentation that hammers home business logic flaws.
  • Using Layer 8 and OWASP to Secure Web Applications: Two of the City of New York’s security guys lead this presentation on how they’ve developed their software development policies and practices.
  • Industry Outlook Panel: Several big names in corporate security discussed their thoughts on a variety of topics. I really wish it was a double session, 50 minutes wasn’t nearly enough time.
  • OWASP Testing Guide - Offensive Assessing Financial Applications: This was presented by a jet-lagged no-BS Brit who laid out some good testing primer.
    • cough we skipped the next hour and half (nothing we really wanted to hear) to run back to the hotel and grab some great Thai food in the East Village.

  • OWASP Live CD: This turned out to be a lot less on the live CD and a lot more about a beta email phishing project loaded into a VM image. It scared the devil out of me, very powerful software. Apparently scared a few other folks too as it may not ever get released because it works so well.

Finished the night up with the (ISC)2 cocktail hour (free booze!) and they announced a new certification, the CSSLP.Then we took a walk to Times Square again which is infinitely cooler at night (duh).

Back in and getting rested for tomorrow. Can’t believe it’s nearly Thursday already!

Goodnight from Grand (street)!

This entry was posted on Wednesday, September 24th, 2008 at 10:57 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave your mark

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

©2008 Innova Partners • Powered by WordPress 2.6.3
Close
E-mail It
Socialized through Gregarious 42