Thursday
august 7, 2008

Opening Event

Friday
august 8, 2008

	Policy / Compliance / Solutions	Penetration Testing
9:00 - 10:30	Open	Browser Threats and Defense Michael Sutton
10:45 - 12:15	Practical Compliance Francis Brown	Understanding the Top Web 2.0 Attack Vectors Danny Allan (IBM)
1:30 - 3:00	oWASP / WASC update Tom Brennan, oWASP Members
3:15 - 4:45	Microsoft Security Development Lifecycle (SDL) Bryan Sullivan	The Big Picture: Web Risks and assessments beyond automated scanning. Matt Fisher, Piscis Security

	Policy / Compliance / Solutions	Penetration Testing
9:00 - 10:30	PCI experiences and lessons learned Charles Carmakal (PricewaterhouseCoopers)	Framework-induced Vulnerabilities in J2EE Ryan Berg (Ounce Labs)
10:45 - 12:15	SilverLigt security Joe Stagner	Why YOU (Attendee) Need to Stop Laughing and Start Using Static Source Code Analyzers Dinis Cruz
1:30 - 3:00	Joey, Peloquin Application Security in the Real World	Real-world Code Review Vincent Liu
3:15 - 4:45	Web intrusion detection and ModSecurity Ivan Ristic	IOActive
	* Vendor session will be for advanced demos and Q&A sessions. Companies will be expected to send highly technical people that can demonstrate the technology and answer hard questions.