the most trusted source for computer security training, certification and research
select a course
Las Vegas, NV - May 31 - June 9, 2008
Global Information Assurance Certification

I have 14 years experience in IT security, and SANS is by far the best technical security conferences I have attended.
-Tom Davis, Indiana University


Additional Summit Offered in Las Vegas: Two Great Summits! Please visit the WhatWorks in Web Application Security Summit 2008 page for more information.

Sunday, June 1

5:00pm - 8:00pm
Welcome Reception and Registration

Monday, June 2

7:00am - 8:30am
Breakfast
8:30am - 9:30am
Keynote Address - HD Moore's Changing Landscape of Penetration Testing and the Mindset of Successful Attackers - HD Moore, Metasploit
9:30am - 10:30am
User Panel: Network Penetration Testing Tools: Building an arsenal from best of breed commercial and free tools - Michael Tench - Wolseley; Justin Scarle - JetBlue; Ron Dilley - Warner Bros.; Michael Hoffman - Verizon
10:30am - 10:45pm
Break
10:45 pm - 11:20 pm
Expert Briefing: Incredibly Useful Free Resources for the Pen Test Community: OWASP, Nmap, Nessus, Testing Methodologies, etc - Dr. Eric Cole, Ph.D. - SANS Technology Institute (Fellow)
11:20 pm - 12:15 pm
Expert Briefing: The Ultimate Pen Test: Combining Network and Web App Techniques - Ed Skoudis, Intelguardians (Fellow)
12:15pm - 1:15pm
Lunch
1:15pm - 2:00pm
Expert Briefing: Incorporating Advanced MiTM Attacks in Your Penetration Testing Regimen - Bryce Galbraith, Lead Consultant, Layered Security
2:00pm - 2:50pm
User Panel: Vetting Penetration Testers: employees & third-party companies. How can you evaluate their skills, methodology and background? AND The pros and cons of hiring a third-party penetration testing company. Michael Tench - Wolseley; Macy Dennis - Amylin Pharmaceuticals; Raghu Kotha - Silicon Valley Bank; Nazir Hussein - Fox Interactive Media; Barry Lyons - Northrup Grumman
2:50pm - 3:05pm
Break
3:05pm - 4:00pm
Expert Briefing - Don Donzal, EthicalHacker.net
4:00pm - 5:00pm
Solution Provider and Vendor Panel: Success Stories and Lessons Learned - Lars Ewe - Cenzic; Sanjiv Goyal - Droisys; Randy Bartels - Calence; Vinnie Liu; Core Security Tech
5:00pm - 8:00pm
Vendor Hospitality Suites

Tuesday, June 3

7:00am - 8:30am
Breakfast - Sponsored by Cenzic
8:30am - 9:30am
Keynote Address: The Evolution of Penetration Testing, 2005 to 2013 - Gera Richarte, Core Security Technology
9:30am - 10:30am
Panel: Best of the Recent Cons: Briefings from the recent hacker conferences on cutting-edge techniques for penetration testers. Larry Pesce - pauldotcom.com; Jason Ostrom - Vigilar; Jay Beale - Intelguardians
10:30am - 10:45am
Break
10:45am - 11:10am
Must-Have New Tools and Techniques - Highlights from SANS 560 - Ed Skoudis, Intelguardians (Fellow)
11:10 am - 12:15 pm
Expert Briefing: No Tech Hacking - Johnny Long
12:15pm - 1:30pm
Lunch
1:30pm - 2:30 pm
Expert Briefing: Beyond network and apps: Pen Testing Wetware - Terry Gudaitis, Cyveillance
2:30pm - 2:45pm
Break
2:45pm - 3:50pm
User Panel: The road forward. So, you've just gotten a pen test. Making it valuable. Macy Dennis - Amylin Pharmaceuticals; Esteban Gutierrez - Intel; Justin Scarle - JetBlue; Ron Dilley - Warner Bros.; Toby Kohlenberg - Intel
3:50pm - 5:00pm
Vendor Panel: Tools Shootout. A great chance to pick the tools vendors you'll want on your short list of products to consider.

SANS Web Application Security Summit Agenda