Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Project Summit [clear filter]
Monday, November 18
 

9:00am EST

OWASP Media Project Introduction

The OWASP Media Project is an infrastructure project that gathers, consolidates, and promotes OWASP content in video format on a central appealing hub. The first and main instance of the project will be a YouTube channel.

The session will be used in order bring project leaders up to speed on how video sharing and live streaming can help promote your project and reach people. We will do that by presenting Google Hangout, and the official OWASP YouTube channel.

Then, we will gather potential sources and existing videos in order to populate the OWASP channel. This summit experience will not just be about promoting the Media Project itself, but also about the exposure of any other projects with video content.


Speakers
avatar for Jonathan Marcil

Jonathan Marcil

Application Security Engineer, Twitch
Jonathan has created over a hundred threat models during his career and enjoys sharing his experience. He currently co-leads the OWASP Threat Model Cookbook Project and is a board member of the OWASP Orange County chapter located in beautiful Irvine, California. Originally from Montreal... Read More →


Monday November 18, 2013 9:00am - 10:00am EST
Sky Lounge (16th Floor) NY Marriott Marquis

9:00am EST

Project Summit: OWASP Projects Review Session
During the OWASP Projects Review working session, attendees will be able to participate in the review of the entire inventory of OWASP Projects using the new assessment criteria developed by our team of Technical Project Advisors. The aim of this session is to establish a more accurate representation of OWASP project health and product quality. The session outline is as follows:

  1. Overview of new assessment criteria to conduct reviews.
  2. Team in small groups(2 to 3 max) based on experience and background to asses a set of Projects (Code, Tool or Documentation)
  3. Fill in the Questionnaire (Google Forms) to complete assessment of Projects and provide the review with a final score and results (Project defined as Incubator, Lab or Flagship) 
  4. Review results of questionnaire with your team.
  5. Present results and conclusions of assessment session.
 

Moderators
avatar for Samantha Groves

Samantha Groves

Program Manager, OWASP
Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement... Read More →

Speakers
avatar for Johanna Curiel

Johanna Curiel

Security Engineer and Researcher, Mobiquity
Johanna Curiel is a security engineer and researcher with 18 years experience in programming, testing and quality control. Her early encounters with hackers and cybercrime was a turning point in her career to work in the area of Cyber security.Between 2005 and 2007, she worked as... Read More →


Monday November 18, 2013 9:00am - 1:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

10:30am EST

Project Summit: ESAPI Hackathon Session
Take part in building the next generation of the Enterprise Security API. In this hackathon we will focus on building modular security controls that can be plugged in to the brand new ESAPI 3.0 framework allowing developers to quickly and easily integrate the security controls they need into their projects. During the hackathon, the ESAPI leaders will be on-site to get the effort kicked off, join in the coding fun, and to present awards for submitted components on the final day! Join us to leave your mark on one of the most visible OWASP Code Projects in our arsenal, and help make tomorrow's applications more secure!

Speakers
avatar for Chris Schmidt

Chris Schmidt

Chief Architect, Contrast Security
Chris is currently the Project Leader for the OWASP ESAPI Projects and also served on the OWASP Global Projects Committee. He has been involved with OWASP for 6 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership... Read More →
avatar for Kevin Wall

Kevin Wall

Information Security Engineer, Wells Fargo
Kevin Wall has been involved in application security for the past 15+ years, but he still considers himself a developer first and an appsec engineer second. During most of those 15+ years, Kevin has specialized in applied cryptography and web appsec. Before transitioning to appsec... Read More →
avatar for Jeff Williams

Jeff Williams

Co-founder and CTO, Contrast Security
I've been in security since the late 1980's and have been blessed with the opportunity to help start three great application security organizations: Contrast Security, OWASP, and Aspect Security (recently sold to EY).I'm coming to LASCON to meet *you*. I'm easy to find :-) and love... Read More →


Monday November 18, 2013 10:30am - 5:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

1:00pm EST

OWASP PHP Security and RBAC Projects: An introduction
The aim of this session is to introduce attendees to both projects, and to get them working on project related activities. 

OWASP PHP Security Project


1. To demonstrate and introduce the OWASP PHP Security Project, have people contribute to it and have people contribute it to their own projects!

2. The project is developed, we're going to show sample usages and have people try to hack them (which should be impossible). We also introduce the libraries and discuss what future works are needed on the project.

3. The project is really interesting and has a cool aim, and this will help get a lot more people in its community.

OWASP RBAC Project

1. OWASP RBAC is a new cutting-edge technology taht can revolutionize the authorization domain. Unfortunately because its rigorous and comlex, we havent been very succesful in expanding its usage.

2. Get the people know how awesome this is, and get them use it in their applications. This is a pretty mature project and is one of those things that you don't know exists, but when you do you can't get enough of. We also like to get contributors porting it to other programming languages.

3. We've done 85% of the job. There is a website, API, full code with tests, all we need is people to go ahead and use it, and some people who want to use it in another programming language so that we get the community to port it!

Moderators
avatar for Abbas Naderi

Abbas Naderi

Project/Chapter Leader, OWASP
Information security, cryptography, computer science, and all sorts of geeky stuff make up my life. I'm doing heavy infosec research as well. My CV is available at https://abiusx.com/cv

Monday November 18, 2013 1:00pm - 5:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

1:00pm EST

Project Summit: AppSensor 2.0 Hackathon
Take part in building the next generation of AppSensor. In this hackathon we will focus on building the code for AppSensor 2.0, which will involve moving to a services (both REST and SOAP) model for event detection and response. During the hackathon, the AppSensor development leaders will be designing and coding side-by-side with you. Come join us and help make the AppSensor idea available to all!

Speakers
avatar for John Melton

John Melton

Principal Security Researcher, WhiteHat Security
John Melton: I'm the lead developer for OWASP AppSensor, which I discovered after building a nearly identical tool, and looking for prior art. For my day job, I am currently a principal security researcher at WhiteHat Security, where I do R&D work, particularly in the static analysis... Read More →


Monday November 18, 2013 1:00pm - 5:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

8:00pm EST

Bug Bounty - Group Hack
The Great OWASP Bug Bash of 2013

CALLING ALL SECURITY NINJAS… Whether you’re attending Appsec in person or in spirit, you’re invited to join Bugcrowd and the OWASP team as we unite hackers across the world for the first everInternet-wide bug bash.

This collaborative hack-a-thon will feature testers and providers of public bug bounty programs finding bugs in the world’s largest Internet companies! Companies contributing to bounty programs, including Prezi, Facebook, Google and Yandex will be present to meet and greet those responsible for improving global application and internet security. No need to worry about protecting your identity, masks will be provided!

Featuring…
The Inaugural Wall of Bugz, music, drinks, hacking contests, special prizes, the world’s largest gummy bug and more!

Bug Bounty programs have been getting a lot of press lately, and for good reason. They work. Bugcrowd will be running this event live from 8-12 every night during Appsec USA 2013 and we actively encourage OWASP members around the world to participate.

Just some of the targets to pick from: https://bugcrowd.com/list-of-bug-bounty-programs/


Speakers
avatar for Dinis Cruz

Dinis Cruz

AppSec, OWASP
Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. After many years (and multiple roles) Dinis... Read More →


Monday November 18, 2013 8:00pm - 11:59pm EST
Sky Lounge (16th Floor) NY Marriott Marquis
 
Tuesday, November 19
 

9:00am EST

Project Summit: Mobile Security Session
Just as the mobile security landscape has changed, so has the OWASP Mobile Project. Join us as we discuss the major milestones of 2013 and what is in store for the projects future. We will also go deeper in to the Mobile Top Ten project where we will discuss the decisions made on categories, vulnerability information, and look at some surprising vulnerability trends in mobile applications.

During this session, we will cover:

- OWASP Top 10 Mobile Risks, 2014 Refresh.

- Mobile project 2013 achievements and the 2014 roadmap.

- Increasing industry collaboration within the mobile security space.
 

Speakers
avatar for Jason Haddix

Jason Haddix

Head of Penetration Testing, Fortify
I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website... Read More →
JM

Jack Mannino

nVisium
Jack is the CEO at nVisium and loves solving problems in the field of application security. With experience building, breaking, and securing software, he founded nVisium to invent new and more efficient ways of protecting software. Jack is a huge fan of contributing to open source... Read More →
avatar for Daniel Miessler

Daniel Miessler

Principal Security Architect, HP
Daniel Miessler is Principal Security Architect with HP based out of San Francisco, California. He specializes in application security with specific focus in web and mobile application assessments, helping enterprise customers build effective application security programs, and speaking... Read More →


Tuesday November 19, 2013 9:00am - 1:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

9:00am EST

Project Summit: Training Development Session
Training is an important part of OWASP's mission as it helps not only in increasing the awareness around application security but also in actually improving the security of applications. In the past, we have tried several training models (e.g. Training Days, Tours, etc.) and dozens of ideas have been put on the table. Nevertheless, we are still missing a viable training model that will be easy to reproduce and will provide added value to attendees.   

During the Project Summit, we will discuss various training models, and the experience we have gained over the past years in order to build a model that will be subsequently used to train developers and anyone involved in securing applications.

Speakers
avatar for Konstantinos Papapanagiotou, Spryros Gastreratos

Konstantinos Papapanagiotou, Spryros Gastreratos

Information Security Services Team Lead, OTE
Both trainers are Hackademic project leaders, long time OWASP members and application security professionals
avatar for Martin  Knobloch

Martin Knobloch

Chairmain of the Board, OWASP Foundation
 


Tuesday November 19, 2013 9:00am - 1:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

10:30am EST

Project Summit: ESAPI Hackathon Session
Take part in building the next generation of the Enterprise Security API. In this hackathon we will focus on building modular security controls that can be plugged in to the brand new ESAPI 3.0 framework allowing developers to quickly and easily integrate the security controls they need into their projects. During the hackathon, the ESAPI leaders will be on-site to get the effort kicked off, join in the coding fun, and to present awards for submitted components on the final day! Join us to leave your mark on one of the most visible OWASP Code Projects in our arsenal, and help make tomorrow's applications more secure!

Speakers
avatar for Chris Schmidt

Chris Schmidt

Chief Architect, Contrast Security
Chris is currently the Project Leader for the OWASP ESAPI Projects and also served on the OWASP Global Projects Committee. He has been involved with OWASP for 6 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership... Read More →
avatar for Kevin Wall

Kevin Wall

Information Security Engineer, Wells Fargo
Kevin Wall has been involved in application security for the past 15+ years, but he still considers himself a developer first and an appsec engineer second. During most of those 15+ years, Kevin has specialized in applied cryptography and web appsec. Before transitioning to appsec... Read More →
avatar for Jeff Williams

Jeff Williams

Co-founder and CTO, Contrast Security
I've been in security since the late 1980's and have been blessed with the opportunity to help start three great application security organizations: Contrast Security, OWASP, and Aspect Security (recently sold to EY).I'm coming to LASCON to meet *you*. I'm easy to find :-) and love... Read More →


Tuesday November 19, 2013 10:30am - 5:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

1:00pm EST

Project Summit: Academies Development Session
The OWASP Academies program aims to bring together academic institutions from all over the world in order to collaborate towards increasing awareness on application security. The OWASP Academy Portal is the actual deliverable of this process: a portal that will provide various types of content (presentations, labs, etc.) to students and faculty who wish to learn or teach application security. 

During the Projects Summit we intend to kick start the Academy Portal, complete the intial design and add some actual content. The OWASP Academy Portal will then serve as the meeting point for application security in academia.

Moreover, the Projects Summit will serve as a meeting point for several members of the academic community and a unique opportunity to exchange ideas and experience.

Speakers
avatar for Konstantinos Papapanagiotou, Spryros Gastreratos

Konstantinos Papapanagiotou, Spryros Gastreratos

Information Security Services Team Lead, OTE
Both trainers are Hackademic project leaders, long time OWASP members and application security professionals
avatar for Martin  Knobloch

Martin Knobloch

Chairmain of the Board, OWASP Foundation
 


Tuesday November 19, 2013 1:00pm - 5:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

3:00pm EST

OWASP O2 Documentation Session
The objective of this session is to discuss the development of a Book about the O2 Platform Web Automation capabilities. Join us during our initial discussion, and get your ideas heard. 

Speakers
avatar for Dinis Cruz

Dinis Cruz

AppSec, OWASP
Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. After many years (and multiple roles) Dinis... Read More →
avatar for Michael Hidalgo

Michael Hidalgo

Software Developer Engineer, Security Innovation
Software Developer Engineer based on San José, Costa Rica. With more than 6 years of experience building financial applications and with his high sense of responsibility and quality, Michael always work hard to do things better. Currently Michael works as a Software Developer Engineer... Read More →


Tuesday November 19, 2013 3:00pm - 6:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

8:00pm EST

Bug Bounty - Group Hack
The Great OWASP Bug Bash of 2013

CALLING ALL SECURITY NINJAS… Whether you’re attending Appsec in person or in spirit, you’re invited to join Bugcrowd and the OWASP team as we unite hackers across the world for the first everInternet-wide bug bash.

This collaborative hack-a-thon will feature testers and providers of public bug bounty programs finding bugs in the world’s largest Internet companies! Companies contributing to bounty programs, including Prezi, Facebook, Google and Yandex will be present to meet and greet those responsible for improving global application and internet security. No need to worry about protecting your identity, masks will be provided!

Featuring…
The Inaugural Wall of Bugz, music, drinks, hacking contests, special prizes, the world’s largest gummy bug and more!

Bug Bounty programs have been getting a lot of press lately, and for good reason. They work. Bugcrowd will be running this event live from 8-12 every night during Appsec USA 2013 and we actively encourage OWASP members around the world to participate.

Just some of the targets to pick from: https://bugcrowd.com/list-of-bug-bounty-programs/


Speakers
avatar for Dinis Cruz

Dinis Cruz

AppSec, OWASP
Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. After many years (and multiple roles) Dinis... Read More →


Tuesday November 19, 2013 8:00pm - 11:59pm EST
Sky Lounge (16th Floor) NY Marriott Marquis
 
Wednesday, November 20
 

9:00am EST

Project Summit: Writing and Documentation Review Session

OWASP Documentation Projects are a key element in the industry. They are broadly adopted and used. 

This session aims to review the below documents, and give recommendations on where they can be improved.

->OWASP AppSensor Project.

->OWASP Development Guide Project.

->OWASP Code Review Guide Project.

->OWASP Testing Guide Project.

->OWASP Code of Conduct.


During this session, the objectives we will be covering are:

1. Figure out what needs to be done for each project.

2. Assign sections to each participant

3. Finish various sections assigned to you.

4. Consolidate all finished sections.


Join us today!

 

 

Moderators
avatar for Samantha Groves

Samantha Groves

Program Manager, OWASP
Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement... Read More →

Speakers
avatar for Michael Hidalgo

Michael Hidalgo

Software Developer Engineer, Security Innovation
Software Developer Engineer based on San José, Costa Rica. With more than 6 years of experience building financial applications and with his high sense of responsibility and quality, Michael always work hard to do things better. Currently Michael works as a Software Developer Engineer... Read More →


Wednesday November 20, 2013 9:00am - 1:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

11:00am EST

OWASP PCI toolkit Session
Join us and learn how to help organizations achieve PCI-DSS compliance with OWASP tools & Documentation by creating an interactive scope toolkit app. 

Speakers
avatar for Johanna Curiel

Johanna Curiel

Security Engineer and Researcher, Mobiquity
Johanna Curiel is a security engineer and researcher with 18 years experience in programming, testing and quality control. Her early encounters with hackers and cybercrime was a turning point in her career to work in the area of Cyber security.Between 2005 and 2007, she worked as... Read More →


Wednesday November 20, 2013 11:00am - 11:45am EST
Sky Lounge (16th Floor) NY Marriott Marquis

12:00pm EST

Project Summit: ESAPI Hackathon Session
Take part in building the next generation of the Enterprise Security API. In this hackathon we will focus on building modular security controls that can be plugged in to the brand new ESAPI 3.0 framework allowing developers to quickly and easily integrate the security controls they need into their projects. During the hackathon, the ESAPI leaders will be on-site to get the effort kicked off, join in the coding fun, and to present awards for submitted components on the final day! Join us to leave your mark on one of the most visible OWASP Code Projects in our arsenal, and help make tomorrow's applications more secure!

Speakers
avatar for Chris Schmidt

Chris Schmidt

Chief Architect, Contrast Security
Chris is currently the Project Leader for the OWASP ESAPI Projects and also served on the OWASP Global Projects Committee. He has been involved with OWASP for 6 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership... Read More →
avatar for Kevin Wall

Kevin Wall

Information Security Engineer, Wells Fargo
Kevin Wall has been involved in application security for the past 15+ years, but he still considers himself a developer first and an appsec engineer second. During most of those 15+ years, Kevin has specialized in applied cryptography and web appsec. Before transitioning to appsec... Read More →
avatar for Jeff Williams

Jeff Williams

Co-founder and CTO, Contrast Security
I've been in security since the late 1980's and have been blessed with the opportunity to help start three great application security organizations: Contrast Security, OWASP, and Aspect Security (recently sold to EY).I'm coming to LASCON to meet *you*. I'm easy to find :-) and love... Read More →


Wednesday November 20, 2013 12:00pm - 5:00pm EST
Sky Lounge (16th Floor) NY Marriott Marquis

8:00pm EST

Bug Bounty - Group Hack
The Great OWASP Bug Bash of 2013

CALLING ALL SECURITY NINJAS… Whether you’re attending Appsec in person or in spirit, you’re invited to join Bugcrowd and the OWASP team as we unite hackers across the world for the first everInternet-wide bug bash.

This collaborative hack-a-thon will feature testers and providers of public bug bounty programs finding bugs in the world’s largest Internet companies! Companies contributing to bounty programs, including Prezi, Facebook, Google and Yandex will be present to meet and greet those responsible for improving global application and internet security. No need to worry about protecting your identity, masks will be provided!

Featuring…
The Inaugural Wall of Bugz, music, drinks, hacking contests, special prizes, the world’s largest gummy bug and more!

Bug Bounty programs have been getting a lot of press lately, and for good reason. They work. Bugcrowd will be running this event live from 8-12 every night during Appsec USA 2013 and we actively encourage OWASP members around the world to participate.

Just some of the targets to pick from: https://bugcrowd.com/list-of-bug-bounty-programs/



Moderators
avatar for Serg Belokamen

Serg Belokamen

Founder and CTO, Bugcrowd, Inc., Bugcrowd
Serg is a co-founder and a CTO of Bugcrowd. Bugcrowd delivers ad-hoc, ongoing and objective-based bug bounties. Our clients can elect to engage the full crowd, or run a private bounty with just the top ranked testers. Our service let's you test web, mobile and client-side applications... Read More →
avatar for Tom Brennan

Tom Brennan

Founder, Security Architect, ProactiveRISK
Tom Brennan is a mage at Proactive Risk with two decades of hands on the keyboard building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SafeCode, Trustwave, WhiteHat, ADP, Datek Online and the United States Marines. As a volunteer... Read More →
avatar for Dinis Cruz

Dinis Cruz

AppSec, OWASP
Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. After many years (and multiple roles) Dinis... Read More →
avatar for Casey Ellis

Casey Ellis

Founder, Bugcrowd
As Founder of Bugcrowd, Casey Ellis brings over 14 years of information security experience to lead the company’s technology vision and strategic operation. Prior to Bugcrowd, he served as chief security officer at ScriptRock and as an information security specialist and account... Read More →
avatar for Simon Roses Femerling

Simon Roses Femerling

Simon Roses holds a B.S. from Suffolk University (Boston), Postgraduate in E-Commerce from Harvard University (Boston) and Executive MBA from IE Business School (IE, Madrid). Frequent speaker at security industry events including BLACK HAT, RSA, OWASP, SOURCE. DeepSec and Microsoft... Read More →
avatar for Jeremiah Grossman

Jeremiah Grossman

Founder, WhiteHat Security
Jeremiah Grossman is the Founder and iCEO of WhiteHat Security, where he sets overall company vision and oversees day to day operations. Over the last decade, Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the... Read More →

Wednesday November 20, 2013 8:00pm - 11:59pm EST
Salon 2 (5th Floor Ballroom) NY Marriott Marquis
 
Thursday, November 21
 

9:00am EST

Project Summit: ZAP Hackathon Session
This session is a chance for people to learn how to work on ZAP from the ZAP Project Leader.
ZAP is a community project, and as such participation is actively encouraged.

Simon will explain the numerous ways in which individuals and companies can contribute to ZAP.
He will also explain how the code is structured and explain how any part of the project can be changed.
Working on ZAP is a great way to learn more about web application security.

Being able to change the code means that you can add and change any features you want, either just for you own benefit or to contribute back to the community. There will be time set aside for hacking ZAP, with Simon on hand to answer any questions and give any guidance required.

This is a great opportunity to be part of the fastest growing and most active OWASP project.

During this session, Simon will:

  • Explain how people can contribute to ZAP.
  • Demonstrate how to set up a ZAP development environment.
  • Explain ZAP code structure. 
  • Show people how to code scripts, active/passive scan rules, add-ons, core changes and improve the docs and localization.
  • Let people hack the ZAP code and docs with full support and guidance.

    Please note that if you want to work on ZAP source code (including add-ons) then you should set up a ZAP development environment prior to attending this session.

    You will need to download and install Eclipse and import the main ZAP project as well as the ZAP extension projects - for more details see http://code.google.com/p/zaproxy/wiki/Building

    You will not need to set up a development environment if you just plan to work on scripts, documentation or translation. 
  •  

    Speakers
    avatar for Simon Bennetts

    Simon Bennetts

    Security, Mozilla
    Simon Bennetts has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He is the OWASP Zed Attack Proxy Project Leader and works for Mozilla as part of the Cloud Security Team.


    Thursday November 21, 2013 9:00am - 1:00pm EST
    Sky Lounge (16th Floor) NY Marriott Marquis

    10:30am EST

    Project Summit: ESAPI Hackathon Session
    Take part in building the next generation of the Enterprise Security API. In this hackathon we will focus on building modular security controls that can be plugged in to the brand new ESAPI 3.0 framework allowing developers to quickly and easily integrate the security controls they need into their projects. During the hackathon, the ESAPI leaders will be on-site to get the effort kicked off, join in the coding fun, and to present awards for submitted components on the final day! Join us to leave your mark on one of the most visible OWASP Code Projects in our arsenal, and help make tomorrow's applications more secure!

    Speakers
    avatar for Chris Schmidt

    Chris Schmidt

    Chief Architect, Contrast Security
    Chris is currently the Project Leader for the OWASP ESAPI Projects and also served on the OWASP Global Projects Committee. He has been involved with OWASP for 6 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership... Read More →
    avatar for Kevin Wall

    Kevin Wall

    Information Security Engineer, Wells Fargo
    Kevin Wall has been involved in application security for the past 15+ years, but he still considers himself a developer first and an appsec engineer second. During most of those 15+ years, Kevin has specialized in applied cryptography and web appsec. Before transitioning to appsec... Read More →
    avatar for Jeff Williams

    Jeff Williams

    Co-founder and CTO, Contrast Security
    I've been in security since the late 1980's and have been blessed with the opportunity to help start three great application security organizations: Contrast Security, OWASP, and Aspect Security (recently sold to EY).I'm coming to LASCON to meet *you*. I'm easy to find :-) and love... Read More →


    Thursday November 21, 2013 10:30am - 5:00pm EST
    Sky Lounge (16th Floor) NY Marriott Marquis

    1:00pm EST

    Project Summit: Open SAMM Session
    OWASP Software Assurance Maturity Model (SAMM) is an open framework to help organizations start and implement a secure software development lifecycle that is tailored to the specific risks facing the organization. During the AppSec USA conference, the SAMM project team organises this workshop for you to influence in which direction SAMM evolves. The workshop is also an excellent opportunity to exchange experiences with your peers.
    We will cover the following agenda:
    • Introduction / getting to know each other
    • Project status and goals 
    • OpenSAMM inventory of tools and templates
    • Case studies / sharing experiences  
    • What do we need (thinking about improvements, can be anything ranging from translations over tools to model improvements)
    • What do we need next (prioritization)
    • Call for involvement (responsibilities), identity teams for specific topics 
    • Rough planning for the future 
    • Extra topic: source/build control 

    Speakers
    avatar for Sebastien Deleersnyder

    Sebastien Deleersnyder

    CEO, Toreon
    Seba (https://twitter.com/Sebadele)  is co-founder, CEO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board and performed several public presentations on Application Security. Seba... Read More →


    Thursday November 21, 2013 1:00pm - 5:00pm EST
    Sky Lounge (16th Floor) NY Marriott Marquis

    3:30pm EST

    Bug Bounty - Group Hack
    The Great OWASP Bug Bash of 2013

    CALLING ALL SECURITY NINJAS… Whether you’re attending Appsec in person or in spirit, you’re invited to join Bugcrowd and the OWASP team as we unite hackers across the world for the first everInternet-wide bug bash.

    This collaborative hack-a-thon will feature testers and providers of public bug bounty programs finding bugs in the world’s largest Internet companies! Companies contributing to bounty programs, including Prezi, Facebook, Google and Yandex will be present to meet and greet those responsible for improving global application and internet security. No need to worry about protecting your identity, masks will be provided!

    Featuring…
    The Inaugural Wall of Bugz, music, drinks, hacking contests, special prizes, the world’s largest gummy bug and more!

    Bug Bounty programs have been getting a lot of press lately, and for good reason. They work. Bugcrowd will be running this event live from 8-12 every night during Appsec USA 2013 and we actively encourage OWASP members around the world to participate.

    Just some of the targets to pick from: https://bugcrowd.com/list-of-bug-bounty-programs/


    Speakers
    avatar for Tom Brennan

    Tom Brennan

    Founder, Security Architect, ProactiveRISK
    Tom Brennan is a mage at Proactive Risk with two decades of hands on the keyboard building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SafeCode, Trustwave, WhiteHat, ADP, Datek Online and the United States Marines. As a volunteer... Read More →
    avatar for Dinis Cruz

    Dinis Cruz

    AppSec, OWASP
    Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. After many years (and multiple roles) Dinis... Read More →
    avatar for Casey Ellis

    Casey Ellis

    Founder, Bugcrowd
    As Founder of Bugcrowd, Casey Ellis brings over 14 years of information security experience to lead the company’s technology vision and strategic operation. Prior to Bugcrowd, he served as chief security officer at ScriptRock and as an information security specialist and account... Read More →
    avatar for Samantha Groves

    Samantha Groves

    Program Manager, OWASP
    Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement... Read More →


    Thursday November 21, 2013 3:30pm - 4:00pm EST
    Belasco & Broadhurst (5th Floor) NY Marriott Marquis