SANS WhatWorks in Web Application Security Summit 2008

SANS Institute

The most trusted source for computer security training, certification and research.

select a course

Las Vegas, NV - May 31 - June 9, 2008

There's nothing that compares to the detail and real world content in this course.
-John Daskal, Johns Hopkins University Applied Physics Laboratory

Additional Summit Offered in Las Vegas: Two Great Summits! Please visit the WhatWorks in Penetration Testing and Ethical Hacking Summit 2008 page for more information.

The SANS WhatWorks Summit Series brings together the thought leaders of the industry...
>> Read More

Work Study opportunities still available for the Penetration Testing Summit. Please visit Work Study Facilitator Page to submit an application.

Co-sponsored by WASC

7:00am - 8:30am: Breakfast
8:30am - 9:30am: Keynote Address - Expert Briefing: Visibility into the most prevalent website vulnerabilities, what the hackers hack, how, and the end result. - Jeremiah Grossman, WASC
9:30am - 10:30pm: User Panel: Justifying, Planning, and Launching a Website Security Program. Raghu Kotha - Silicon Valley Bank; Deven Bhatt - Airlines Reporting Corp.; Ed Pagett - First American Corp.
10:30am - 10:45am: Break
10:45pm - 11:45pm: User Panel: Essentials of a Comprehensive Website Security Program. Frank Kim - Kaiser Permanente; Brook Schoenfield - Cisco; Jaswinder Hayer - HBO; Barry Lyons - Northrup Grumman
11:45am - 12:15pm: OWASP Update - Free Resources for the Community. Jeff Williams - Aspect Security
12:15pm - 1:15pm: Lunch
1:15pm - 2:00 pm: Expert Briefing: Latest & Greatest Web Hacking Techniques. - Robert Hansen
2:00pm - 2:50pm: Expert Briefing - Jeff Williams - Aspect Security
2:50pm - 3:05pm: Break
3:05pm - 4:00pm: User Panel: Innovative Uses of Procurement to Improve Application Security and Managing Application Security Outsourcing. Brook Schoenfield - Cisco; Jaswinder Hayer - HBO
4:00pm - 5:00pm: Vendor Panel: Success Stories and Lessons Learned. Ryan Berg - Ounce Laboratories; Billy Hoffman - HP; Kumar Sriram - Droisys; Fran Brown - Stach & Liu; Imperva
5:00pm - 8:00pm: Vendor Hospitality Suites

7:00am - 8:30am: Breakfast - Sponsored by Cenzic
8:30am - 9:30am: Keynote Address: Software Security: State of the Practice 2008 - Gary McGraw, Cigital
9:30am - 10:30am: User Panel: Strategies For Effective Application Security in the SDL. Mike Hryekewicz - Standard Insurance; Andy Steingruebl - PayPal
10:30am - 10:45am: Break
10:45am - 11:15am: Expert Panel: PCI Web Application Security Compliance Troy Leach - PCI SSC; Deven Bhatt - Airlines Reporting Corp.
11:15 am - 12:15pm: User Panel: Winning the Hearts and Minds of Software Developers and QA Testers. Kurt Jensen - Real Networks; Ethan Steiger - Polk Automotive; Andy Steingruebl - PayPal; Ed Pagett - First American Corp.
12:15pm - 1:30pm: Lunch
1:30pm - 2:30pm: Expert Briefing: Billy Hoffman - HP
2:30pm - 2:45pm: Break
2:45pm - 3:50pm: User Panel: Vulnerability Identification Strategies: What Works and What Doesn't. Mark Littlejohn - Stewart Title; Wymann Lewis - GSI Commerce Solutions
3:50pm - 5:00pm: Vendor Panel: Solutions Shootout: See what the vendors are offering head-to-head. Ryan Barnett - Breach Security; Mike Kazmierczak - Cenzic; Anurag Agural - WhiteHat; Carl Hartman - Applicure