6:00 – 6:15 Welcome and Opening Remarks / Appsec Trivia

6:15 – 7:00 “An Insider’s Look: WAF and Identity and Access Management Integration” - Jan Poczobutt, Director of Enterprise ADC & WAF Sales at Barracuda Networks, will provide an inside look at some of the problems with traditional access management implementations and how enterprises can sucessfully overcome these challenges by integrating web application firewall technologies with Identity and Access Management. Learn about best practices, specific use cases and how this new integration translates into operational simplicity for the enterprise.

7:00 – 7:15 Break

7:15 – 8:00+ “Don’t Drop the SOAP: Real World Web Service Testing for Web Hackers” - Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven’t kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don’t work properly, are poorly designed or don’t fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.

In this presentation Kevin Johnson will discuss the new security issues with web services and discuss an updated web service testing methodology released at Defcon 19 last year that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and an open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques.

• Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin’s involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

Twitter: @secureideas

We do not currently have a sponsor for this event but refreshments will be provided out of chapter funds. If you are interested in sponsoring please contact tony.turner@owasp.org

University of Central Florida has graciously agreed to provide meeting space at the Medical College campus.
College of Medicine 6850 Lake Nona Blvd. Orlando, FL 32827