OWASP AppSec Europe 2009 - Poland

Kolejny AppSec już tuż tuż. Tym razem będę ;-) Poniżej moja prawdopodobna agenda.

Dzień I:

- Mirage: building an application model made easy (OWASP Orizon v 1.2) - Paolo Perego, Spike Reply
- The Truth about Web Application Firewalls: What the vendors do not want you to know - Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity
- Maturing Beyond Application Security Puberty - Roger Thornton, Fortify
- O2 - Advanced Source Code Analysis Toolkit - Dinis Cruz, Ounce Labs
- Advanced SQL injection exploitation to operating system full control - Bernardo Damele Assumpcao Guimaraes, lead developer of sqlmap
- Exploiting Web 2.0 – Next Generation Vulnerabilities - Shreeraj Shah, Blueinfy

Dzień II:

- OWASP Source Code Flaws Top 10 Project - Paolo Perego, Spike Reply / Flash Parameter Injection - Adi Sharabani, IBM
- OWASP Enterprise Security API (ESAPI) Project - Dave Wichers, Aspect Security
- The Bank in the Browser - Defending web infrastructures from banking malware - Giorgio Fedon, Minded Security
- HTTP Parameter Pollution - Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity
- Real Time Defenses against Application Worms and Malicious Attackers, Michael Coates, Aspect Security
- Factoring malware and organized crime in to Web application security - Gunter Ollmann, Damballa
- The New Web-Based Man-in-the-Middle Attack - Adi Sharabani, IBM


Odnośnie jednej z prezentacji dnia pierwszego mam pewien plan ;-) ale dzisiaj jeszcze za wcześnie by o tym mówić.