The OWASP Media Project is an infrastructure project that gathers, consolidates, and promotes OWASP content in video format on a central appealing hub. The first and main instance of the project will be a YouTube channel.
The session will be used in order bring project leaders up to speed on how video sharing and live streaming can help promote your project and reach people. We will do that by presenting Google Hangout, and the official OWASP YouTube channel.
Then, we will gather potential sources and existing videos in order to populate the OWASP channel. This summit experience will not just be about promoting the Media Project itself, but also about the exposure of any other projects with video content.
CALLING ALL SECURITY NINJAS… Whether you’re attending Appsec in person or in spirit, you’re invited to join Bugcrowd and the OWASP team as we unite hackers across the world for the first everInternet-wide bug bash.
This collaborative hack-a-thon will feature testers and providers of public bug bounty programs finding bugs in the world’s largest Internet companies! Companies contributing to bounty programs, including Prezi, Facebook, Google and Yandex will be present to meet and greet those responsible for improving global application and internet security. No need to worry about protecting your identity, masks will be provided!
Featuring…
The Inaugural Wall of Bugz, music, drinks, hacking contests, special prizes, the world’s largest gummy bug and more!
Bug Bounty programs have been getting a lot of press lately, and for good reason. They work. Bugcrowd will be running this event live from 8-12 every night during Appsec USA 2013 and we actively encourage OWASP members around the world to participate.
Just some of the targets to pick from: https://bugcrowd.com/list-of-bug-bounty-programs/
** YOU MUST RSVP FOR THIS TRAINING BY EMAILING RALPH.DURKEE@OWASP.ORG. CAPACITY IS LIMITED TO 24 ATTENDEES **
A ntense 2.5 hours hands-on course where you will find a buffer overflow vulnerability and then develop an exploit for a stack based buffer overflow. We'll also discuss and test mitigating techniques such as address randomization, stack protections mechanisms, non-executable stacks and of course programming to prevent buffer overflows.
The course will use a virtual Linux system with the required tools running on your own laptop. Students must be comfortable with the Linux command line, and be familiar with basic C/C++ programming. We'll be using the Gnu development tools such as g++. gcc, gdb, and make. Vim, Emacs and Eclipse will all be installed for your editing and exploit writing pleasure. We'll be looking at assembly code in order to develop the final exploit, so some familiarity with assembler languages is helpful, but not required. You must bring your own laptop. The laptop can be MS Windows, Mac or Linux, just make sure you have a recent version of VirtualBox installed and working. Having a DVD reader is helpful for transferring the VM, but a flash drive will also be available.
Laptop Requirements:
At least 4Gb RAM
8 Gb of free disk space
Virtual Box 4.2.16 or newer installed.
Administrator or root privileges for the laptop.
Comfortable with Linux Command Line and g++ / gcc.
SomeC/C++programming
CALLING ALL SECURITY NINJAS… Whether you’re attending Appsec in person or in spirit, you’re invited to join Bugcrowd and the OWASP team as we unite hackers across the world for the first everInternet-wide bug bash.
This collaborative hack-a-thon will feature testers and providers of public bug bounty programs finding bugs in the world’s largest Internet companies! Companies contributing to bounty programs, including Prezi, Facebook, Google and Yandex will be present to meet and greet those responsible for improving global application and internet security. No need to worry about protecting your identity, masks will be provided!
Featuring…
The Inaugural Wall of Bugz, music, drinks, hacking contests, special prizes, the world’s largest gummy bug and more!
Bug Bounty programs have been getting a lot of press lately, and for good reason. They work. Bugcrowd will be running this event live from 8-12 every night during Appsec USA 2013 and we actively encourage OWASP members around the world to participate.
Just some of the targets to pick from: https://bugcrowd.com/list-of-bug-bounty-programs/
OWASP Documentation Projects are a key element in the industry. They are broadly adopted and used.
This session aims to review the below documents, and give recommendations on where they can be improved.
->OWASP AppSensor Project.
->OWASP Development Guide Project.
->OWASP Code Review Guide Project.
->OWASP Testing Guide Project.
->OWASP Code of Conduct.
During this session, the objectives we will be covering are:
1. Figure out what needs to be done for each project.
2. Assign sections to each participant
3. Finish various sections assigned to you.
4. Consolidate all finished sections.
Join us today!
Video of session:
https://www.youtube.com/watch?v=aXMcLO4dNwQ&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=2
Speaker(s): Joshua Corman and Nicholas Percoco
Description: In the Internet of Things, security issues have grown well
beyond our day jobs. Our dependence on software is growing faster than our
ability to secure it. In our efforts to find the grown-ups who are paying
attention to these risks, one painful truth has become clear: The Cavalry
Isn¹t Coming. Our fate falls to us or to no one. At BSidesLV and DEF CON
21, a call was made and many of you have answered. At DerbyCon, we begin
the work of shaping our futures. Here at AppSec, we have the opportunity
to level-up and reframe our role in all of this. As the initiated, we face
a clear and present danger in the criminalization of research, to our
liberties, and (with our increased dependence on indefensible IT) even to
human safety and human life. What was once our hobby became our profession
and (when we weren¹t looking) now permeates every aspect of our personal
lives, our families, our safetyŠ Now that security issues are mainstream,
security illiteracy has lead to very dangerous precedents as many of us
are watching our own demise. It is time for some uncomfortable
experimentation.
This session will both frame the plans to engage in Legislative, Judicial,
Professional, and Media (hearts & minds) channels and to organize and
initiate our ³constitutional congress² working sessions. The time is now. It will not be easy, but
it is necessary, and we are up for the challenge.
It¹s high time we make our dent in the universe. For background, please
watch the video of the launch of @iamthecavalry : http://bit.ly/16YbpC1 >
Join the conversations also at: google group:
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:
◊ Evaluating an organization’s existing
software security practices
◊ Building a balanced software security program
in well-defined iterations
◊ Demonstrating concrete improvements
to a security assurance program
◊ Defining and measuring security-related activities
within an organization
SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project.
Project Leader, Sebastien Deleersnyder, will be speaking about the project in depth in this talk.
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
It's no longer possible to be in the news media without being security savvy.
Edward Snowden's NSA leaks, FBI subpoenas of reporters' phone records, and frequent hack attacks directed against news organizations -- all of these prove that we're living in a time when journalists need cybersecurity skills.
Whether to protect the sacred bond between reporters and sources or to protect the credibility and availability of a major news website, those in the media must know what security tools are available and how to use them. And the security industry must know what journalists need, and how existing tools fall short.Cybersecurity and Media: All the News That's Fit to Protect?
In this panel, reporters and IT pros will describe how security issues have affected them. We'll discuss leading-edge software and best practices to protect the newsroom. And we'll create a wishlist for the software and services needed to protect journalism's role as the 24/7, real-time, global clearinghouse of the information economy.
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
The Healthcare Security Discussion Forum is offered to provide security application developers an opportunity to discuss and share perspective on a vital industry sector where their work is gaining traction. The Healthcare Forum is an open discussion of activities underway to adopt secure applications (apps) and mobility in the Healthcare sector. It includes guidance from the Office of the National Coordinator (ONC) for Health Information Technology (HIT), from the Healthcare Committee of the National Strategy for Trusted Identities in Cyberspace (NSTIC), from Health Level Seven (HL7), and from the U.S. National Institute for Standards and Technology (NIST), such as Special Publication 800-53-4,"Recommended Security Controls for Federal Information Systems and Organization.” All are welcome to participate in this open discussion of trends, issues, and other topics of interest in the healthcare security sector. A bibliography will be provided to Forum participants.
CALLING ALL SECURITY NINJAS… Whether you’re attending Appsec in person or in spirit, you’re invited to join Bugcrowd and the OWASP team as we unite hackers across the world for the first everInternet-wide bug bash.
This collaborative hack-a-thon will feature testers and providers of public bug bounty programs finding bugs in the world’s largest Internet companies! Companies contributing to bounty programs, including Prezi, Facebook, Google and Yandex will be present to meet and greet those responsible for improving global application and internet security. No need to worry about protecting your identity, masks will be provided!
Featuring…
The Inaugural Wall of Bugz, music, drinks, hacking contests, special prizes, the world’s largest gummy bug and more!
Bug Bounty programs have been getting a lot of press lately, and for good reason. They work. Bugcrowd will be running this event live from 8-12 every night during Appsec USA 2013 and we actively encourage OWASP members around the world to participate.
Just some of the targets to pick from: https://bugcrowd.com/list-of-bug-bounty-programs/
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Application Security Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge. Project Leader, Dinis Cruz, will be giving a talk along with a training session on how to use the platform.
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Application Security Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge. Project Leader, Dinis Cruz, will be giving a talk along with a training session on how to use the platform.
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
Video of session:
https://www.youtube.com/watch?v=jPA7ILovh84&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=36
Title: The US National Institute of Standards and Technology (NIST), Information Technology Lab (ITL). What we do, why we do it and what it means to you.
Founded in 1901 and now part of the U.S. Department of Commerce, NIST is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major handicap to U.S. industrial competitiveness at the time—a second-rate measurement infrastructure that lagged behind the capabilities of England, Germany, and other economic rivals. Today, NIST measurements support the smallest of technologies—nanoscale devices—to the largest and most complex of human-made creations, from earthquake-resistant skyscrapers to wide-body jetliners to global communication networks.
In this session the NIST and ITL missions and impacts to US industry, economy and citizens will be presented. Attendees can learn about the current Programs, Projects and Research and Development activities in the US Governments premier scientific institutions.
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
Question: I noticed on the schedule there are "OPEN-MIC" sessions, what exactly are they and how do I present during those time slots?
Answer: During the morning hours of Wednesday, Nov. 20 badge-holding conference attendees interested in presenting an AppSec related topic may sign up for the Open Mic slots. There will be large voting boards near registration where you can post your submission proposal (session title, mini abstract and name) on a post-it note. Depending on the amount of submissions, we may be hosting 2-3 "speed talks" during each Open Mic session. All badge-holding conference attendees will use little sticky dots, included in their conference registration bag, to vote on the talks they'd be interested in attending. Voting will be open until Noon on each day, at that time the conference organizers will post the accepted submissions on the AppSec USA Schedule webpage.
CALLING ALL SECURITY NINJAS… Whether you’re attending Appsec in person or in spirit, you’re invited to join Bugcrowd and the OWASP team as we unite hackers across the world for the first everInternet-wide bug bash.
This collaborative hack-a-thon will feature testers and providers of public bug bounty programs finding bugs in the world’s largest Internet companies! Companies contributing to bounty programs, including Prezi, Facebook, Google and Yandex will be present to meet and greet those responsible for improving global application and internet security. No need to worry about protecting your identity, masks will be provided!
Featuring…
The Inaugural Wall of Bugz, music, drinks, hacking contests, special prizes, the world’s largest gummy bug and more!
Bug Bounty programs have been getting a lot of press lately, and for good reason. They work. Bugcrowd will be running this event live from 8-12 every night during Appsec USA 2013 and we actively encourage OWASP members around the world to participate.
Just some of the targets to pick from: https://bugcrowd.com/list-of-bug-bounty-programs/