OWASP
AppSec USA
OWASP Logo
2011
Your life is in the cloud.

Minneapolis
Sched/Slides/Video
Venue/Hotel/Travel
Contact Us
FAQ
About Us
Archive
Women in AppSec
September
20-21
Training

September 21
U Challenge
Workgroups
5K/10K
September
22-23
Talks
CTF
Sponsors
OSS Showcase

ARCHIVE

Previous AppSec USA conferences and material from this site

Previous AppSec conferences hosted in the United States of America:

OWASP APPSEC USA 2011 SPEAKER LINEUP - August 10, 2011

See the announcement.

WE HAVE MOXIE! AND TRAINERS! - May 6, 2011

Moxie MarlinspikeMoxie Marlinspike
We're exhilarated to tell you that Moxie Marlinspike will be keynoting over lunch at OWASP AppSec USA 2011! See a short writeup on Moxie.

 

Moxie Marlinspike, Ira Winkler, and Mark Curphey join a just-announced group of trainers offering courses in mobile security, coding securely (PHP, .NET, Ajax & Web 2.0), enterprise source code analysis, OWASP WTE, SQL injection, and application attack detection & response.

IRA WINKLER SECOND KEYNOTE, TRAINING ANNOUNCEMENT SOON - April 21, 2011 - Adam Baso

Ira WinklerIRA WINKLER
As OWASP celebrates ten years, OWASP AppSec USA 2011's September 23 keynote, famous real world spy author Ira Winkler will bring a dose of reality about today's threats. See Ira's full bio.

 

Mark CurpheyMARK CURPHEY
Ira joins OWASP AppSec USA 2011's September 22 keynote, OWASP founder Mark Curphey.

Be sure to check back soon. We will announce the training lineup soon!

CALL FOR PAPERS OPEN, FIRST KEYNOTE ANNOUNCED - March 20, 2011 - Adam Baso

The OWASP AppSec USA 2011 Call for Papers (CFP) is now open. Visit the Talks page to submit your abstract for the September 22-23, 2011 talks in Minneapolis, Minnesota:

We're excited to announce that speakers will be in good company with our first keynote, OWASP founder Mark Curphey, who will run with the theme of Community - The Killer App, much in the spirit of recent SXSW keynote Christopher Poole.

The CFP will close June 14, 2011. We look forward to talk submissions over the coming months from security practitioners, researchers, thought leaders, and developers in the following content areas:

  • Software Development Platform Tutorials
  • Cloud Security
  • Mobile Security
  • Secure SDLC
  • OWASP Projects (turbo talks)
  • Software & Architecture Patterns for Security
  • New Attacks & Defenses
  • Thought Leadership (executive panels, interviews, and speeches)

Speakers will receive free admission (nontransferable) to the conference in return for delivering a 50 minute talk or for delivering a 25 minute OWASP Projects turbo talk.

WE ARE ALL CONNECTED - March 8, 2011 - Lorna Alamri

I am a news junkie. Generally, I check cnn.com and bbc.com regularly during the day, read Twitter comments and blogs - like everyone else I am connected to my interwebs.

During the OWASP Summit in Portugal this constant connection wasn’t available. It wasn't until the Friday evening of February 11th that I finally had some time to stop and watch the news after the OWASP Summit ended. I learned that the regime of President Mubarak had been toppled. An event which started out as a Facebook page ended in a revolution which toppled a government. An oversimplification, however, it highlighted for me just why the work done at OWASP is so amazingly important: the Internet has become an increasingly vital part of our everyday lives, it ties us together in ways not originally planned, is ever changing, and we are ever more dependent on it.

As an organization dedicated to web application security, OWASP has a voice that needs to be heard, and not just by our security colleagues. One of the themes of the working sessions held at the Summit was the focus and direction of OWASP.

Now, I’ve just returned from the OWASP Summit in Portugal and honestly I’m excited about where OWASP is at today and where I think it can go. As an organization, OWASP is on the cusp of change. Change was the topic of many of the working sessions during the Summit. And now, just read the blog posts and tweets by Mark Curphey, Michael Coates, John Wilander, Jeff Williams, and many others. The Summit and upcoming changes to the OWASP board have spurred discussions on OWASP as an organization, OWASP's message, and who that message should be delivered to.

These changes and direction should be molded by the voices of the many members of OWASP to define the platform which OWASP runs upon, and the focus and direction set for the next year, five years, and beyond.

For the 10 Year Anniversary of OWASP, AppSec USA 2011 will focus on how much our lives are connected to web applications. It will focus on the change and growth of OWASP as an organization. We will celebrate the history of OWASP and the gathering will be the stage for OWASP leaders to define and present the direction of OWASP to come.

Our goal is to join the builders, breakers, defenders, and managers. We will do this by welcoming talks along these lines. More importantly, we will reach out to each of these communities and reach outside of OWASP to draw attendees, providing compelling speakers to spark ideas and communication around application security.

OWASP has built a reputation among those in the application security field, and it is now time to refine our message for our growing audiences and actively engage those audiences in OWASP.

OWASP TO CELEBRATE 10 YEARS - February 25, 2011 - Colin Watson

Any organization which reaches 10 years old has achieved a significant milestone. All types of groups can form and disperse in relatively short timescales, whatever kind of entity they are. For a relatively ad-hoc group of people "in" OWASP to have maintained the organization through almost a decade of fast-changing times, says much about its participants — from the women and men who are project leaders & chapter leaders, to attendees at meetings, training & conferences, and OWASP's dedicated employees and leadership.

I have only been involved for less than half that time, but even when I first looked at OWASP, I was amazed at the breadth and depth of information that OWASP participants had assembled, and made available freely for everyone to use. OWASP was, and still is, the pre-eminent forum and body of knowledge about application security.

OWASP has produced an abundance of high quality documentation and tools, and is contributing to efforts by other agencies, governments and organizations to multiply the effect. All of this is being undertaken while staying true to its principles and code of ethics. Apart from the quality of resources, I think it was the openness and honesty, and of course all the selfless contributions being made from around the world, which drew me to become more involved.

Therefore I was pleasantly surprised to be asked to write this first introduction for the AppSec USA 2011 conference website. Writing this in January, we still have the upcoming OWASP Summit in February where there will be time to retool, reorganize, refocus, and revamp. But I can see how OWASP is already maturing — becoming more externally focused, raising standards, and working with other groups to achieve its mission to make application security visible — so that everyone can make informed decisions about true application security risks.

People come and go in all groups — those currently involved are building upon the great efforts of those before, as well as injecting new energy and ideas into OWASP. Of course, some continue to contribute who were there at the start. Like life, having a mix of people is the greatest resource OWASP can have. We do not know all the answers and with ever-changing threats, diversity is a great asset. With such an open community, ideas are seeded, grown, re-developed and exploited; and some of these will become new "crown jewels".

We all want to be able to do more, and do it faster. By supporting OWASP through membership, sponsorship and attending events such as conferences, OWASP is able to build its efforts in training, outreach, engagement with others and of course, the continued support of projects. With a tiny administrative overhead and thousands of volunteers, OWASP must be one of the most productive groups involved in information security around the world. Maybe you have something to contribute to the effort?

Among the events organized by members of over 150 chapters around the world, the national and regional conferences in the Americas, Asia-Pacific, Australasia and Europe stand out. They are an opportunity to completely immerse yourself in application security matters with other people who are running software development programs, implementing security controls, undertaking security verification, assessing risk and defending applications. I know that I learn something new during every presentation or workshop, and there is the opportunity to make new contacts with like-minded professionals and brilliant application security experts throughout the event. The training sessions provide an opportunity to delve into some aspects in much greater detail. I'm looking forward to attending AppSec USA 2011 in Minneapolis and hope to see you there.

Happy birthday OWASP.

Colin Watson
OWASP Global Industry Committee
http://www.owasp.org/index.php/Global_Industry_Committee

Talks Icon

Talks

Sponsors Icon

Sponsors

Training Icon

Training

Capture the Flag Icon

CTF



Promotional Consideration Provided By

Corporate Donors
Cargill

Platinum
Trustwave   Security Innovation

Gold
IBM   NetSPI   Veracode

Qualys   Fortify, an HP Company

Silver
Cigital   Accuvant   Core Security

Radware   Imperva   WhiteHat Security

Barracuda Networks   Rapid7   Aspect Security

Fishnet Security   Intrepidus Group   NT OBJECTives

Additional Sponsors
F5

Media Partners
TECHdotMN   The 451 Group

(ISC)2   InfoSecurity