Overview

• Policy / Compliance / Solutions track will include talks on real world experiences by security professionals. The focus of this track is to provide attendees with a view of how application security is being address in the industry.
• Penetration Testing will focus on techniques for performing assessments and penetration tests. It will also include special topics such as development tools and technologies related issues.
• Vendor Track will provide vendors a venue to showcase their solutions in the applicaiton security arena. We are asking the vendors to send highly technical presenters as we fully expect the questions to be challenging.

Speakers

• Ryan Berg(Ounce Labs), is a Co-Founder and Chief Scientist for Ounce Labs. In addition to advancing the state of the art in application security technologies, Ryan is also a popular speaker, instructor, and author, in the fields of security, risk management, and secure development processes. He holds patents and has patents pending in multi-language security assessment, kernel-level security, intermediary security assessment language, and secure remote communication protocols. Prior to Ounce, Ryan co-founded Qiave Technologies, a pioneer in kernel-level security, which later sold to WatchGuard Technologies in October of 2000. In the late 1990’s, Ryan also designed and developed the infrastructure for GTE Internetworking/Genuity’s appliance-based managed firewall and security services.
• Francis Brown(Stach & Liu), MCSE, CISA, CISSP,is the Director of Assessment at Stach & Liu, a firm providing IT security consulting to the Fortune 500, US and foreign governments, and global financial institutions. Before joining Stach & Liu, Francis worked at Honeywell International and Ernst & Young, where he led teams performing network and application penetration testing and assessments. He holds a degree in Computer Science with a minor is Psychology from the University of Pennsylvania, where he also taught courses in operating system implementation and C programming. He has also participated in DARPA-funded research into advanced network intrusion detection.
• Tom Brennan(CISSP, NSA, C|EH has over 20+ years cross-platform experiences with testing the effectiveness of an organization's ability to protect assets by attempting to circumvent, defeat or otherwise thwart that organization's internal and external security. He has served with the United States Marine Corps and has had INFOSEC roles with both US Federal Government Agencies and experiences with Financial Services, Manufacturing and Retail industries.
  
  Tom is the CTO of Proactive Risk (www.proactiverisk.com) and has been a subject matter expert for the Wall Street Journal, NBC & ABC News in NYC, USA Today, CMP Media/Dark Reading and others. He has delivered technical content as a speaker before the DHS/FBI Infragard, ISSA, OWASP, ISACA and the United Nations.
• Charles Carmakal (PricewaterhouseCoopers) is a Manager in the PricewaterhouseCoopers Technology practice and has over 7 years of information security experience. He has assisted clients across various industries address a broad range of security, technology, and regulatory challenges. Charles is a subject matter specialist in Payment Card Industry (PCI) compliance, attack and penetration testing, and web application security. Charles is currently assisting a multi-billion dollar cable television company build a Payment Card Industry compliance program to assess and manage enterprise remediation spanning across over 30 operating entities.
  
  Charles has provided PCI-related services to four Level 1 merchants including assessments, remediation, and corporate compliance strategy development. He has managed and executed over 30 attack and penetration testing engagements and has performed over 300 web application/architecture reviews for clients across numerous industries.
  
  Charles leads a number of global PricewaterhouseCoopers core teams including Web Security (leader), Payment Card Industry (co-leader), Attack and Penetration (member) and Unix Security (member). These core teams are responsible for developing PricewaterhouseCoopers' proprietary methodologies, go-to-market approach, tools, and practice aids.
• Dinis Cruz Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development.
  
  Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications.
  
  Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]).
  
  Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG . His latest course is the two day training course [Advanced Asp.Net Exploits and Countermeasures, which was delivered at the Black Hat 2006 conference and will be presented on the fortcomming [OWASP AppSec Conference] in Seattle.
  Taken from oWASP profile.
• Vincent Liu (Stach & Liu), CISSP, is the Managing Director at Stach & Liu, a firm providing IT security consulting to the Fortune 500, US and foreign governments, and global financial institutions. Prior to founding Stach & Liu, Vincent worked at Honeywell International, Ernst & Young, and the National Security Agency. He is a graduate of the University of Pennsylvania with a degree in Computer Science and a minor in Psychology. In addition Vincent has presented his research at conferences including BlackHat, ToorCon, and Microsoft BlueHat and has been published in interviews, journals, and authored several books including: Writing Security Tools, Hacking Exposed: Wireless and being a technical editor for AJAX Security.
• Ivan Ristic is a web security specialist and the principal author of ModSecurity, the open source intrusion detection and prevention engine for web applications. Ivan also wrote Apache Security, a concise yet comprehensive web security guide for administrators, system architects and programmers. Ivan is an active participant in the web application security community, officer the Web Application Security Consortium and leader of the OWASP London Chapter.
• Bryan Sullivan (Microsoft)
• Michael Sutton (SafeChannel) VP Security Research
• George Turrentine(Verizon)