[WEB SECURITY] Web Application Security Summit in Las Vegas

Anurag Agarwal anurag.agarwal at yahoo.com
Tue Apr 15 20:48:05 EDT 2008

SANS and WASC have organized a Web Application Security Summit in Vegas.

Web Application Security Summit
Jeremiah Grossman, Summit Chair
with Robert "RSnake" Hansen, Gary McGraw, and Caleb Sima
June 2-3, 2008 . Paris Hotel & Casino . Las Vegas, NV

On June 2-3, Various Application Security folks working in the enterprises 
will share the lessons learned in their application security initiatives. 
Case studies in application security initiatives will be presented and 
dozens of questions will be answered. In the last few years, there has been 
a huge surge in web application attacks since that around 70% of all web 
applications had security flaws...and now 80% of new malware is focused on 
the application layer.

Applications have become the easier attack target. With that change, the 
criminals added a new security challenge-not only must corporations and 
schools and governments ensure secure configuration and effective patch 
management, now they must also ensure the applications they deploy have no 
security flaws. The WhatWorks in Application Security Summit 2008 brings 
together the pioneers who have already faced the application security 
problem. If you are spending or about to spend a lot of money and want to 
make sure the investment actually improves security these are real users who 
can tell you what works and what doesn't.


    * Is this a developer problem or a security problem? What is the role of 
each and how do they work together?
    * What are the primary attack vectors criminals are using to compromise 
applications and which programming errors account for the vast majority of 
those attacks?
    * How can we ensure our programmers know the common security flaws and 
can consistently eliminate them from the code we are deploying? Training? 
Testing? Hiring? And how can we make sure our outsourced programmers and 
suppliers also have those skills?
    * How do you architect security into the development lifecycle? How do 
you implement a layered approach to application security? What is SDLC and 
is it enough?
    * In addition to the Credit Card Industry (PCI) Standard, what other 
standards demand improved application security and what do they specifically 
    * Which application security software tools work best? Do we need a 
combination of these tools or will one suffice?
          o Black-box: web application scanners
          o White box: code reviewers
          o Application security firewalls
    * How often do the tools create false positives and what are the best 
practices for dealing with false positives? And much more.

This could be a great place to learn from other's experiences who have been 
in the hot seat and have real live experience and insight of what worked for 
them and what didn't and why.

You can get a 10% discount if you register early.
To register go to: 
https://www.sans.org/registration/register.php?conferenceid=11223 and use 
the discount, WASC10


Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list