" rel="stylesheet">
Skip Main Navigation
Page Content
This event has ended

OWASP Tampa Day 2011

OWASP - Tampa Chapter

Monday, June 20, 2011 from 9:30 AM to 3:00 PM (EDT)

OWASP Tampa Day 2011

Ticket Information

Type Remaining End Quantity
General Admission Sold Out Ended Free  

Share OWASP Tampa Day 2011

Event Details

Jump To



The 1st ever OWASP Tampa Day will take place on Monday, June 20th at Tampa International Airport (TPA). This FREE event will feature presentations aimed at providing developers and Information Security professionals with an introduction to application security. However, ALL are welcome to attend. Attendees will leave the event with a greater understanding of how and when to integrate application security principles into their daily processes and procedures. Additionally, attendees will learn how common attacks are performed and how to mitigate them.



Time Topic Presenter
9:30 to 10:00 Registration & Refreshments Sponsored by Qualys
10:00 to 10:15 Welcome Justin Morehouse
10:15 to 11:15 Analysis of Deadly Combination of XSS and CSRF Sherif Koussa
11:15 to 11:30 Break Sponsored by Qualys
11:30 to 12:30 How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams Bruce Jenkins
12:30 to 13:00 Lunch Sponsored by WhiteHat Security
13:00 to 14:00 PCI for Developers: Lessons from the Real World Trevor Hawthorn
14:00 to 14:15 Break Sponsored by Stratum Security
14:15 to 14:45 Top Website Vulnerabilities: Trends, Business, Effects and How to Fight Them Rinaldi Rampen
14:45 to 15:00 Closing Remarks & Giveaways Justin Morehouse


Presentation Abstracts & Speaker Bios

Sherif Koussa, Principal Application Security Consultant, Software Secured

Analysis of Deadly Combination of XSS and CSRF

Flashback to April 11th, 2009 as a major attack targeted Twitter and led to a huge embarrassment for this famous social media network. This presentation will delve into the details of the attack, what happened and how cross-site scripting (XSS) and cross-site request forgery (CSRF) played a major role. We will explore the insides of the real attack, including inspecting the actual malicious code utilized by the attacker. Attendees will gain an understanding of how malicious code exploits weaknesses and how to better secure your web applications from similar attacks.

Bruce Jenkins, Managing Consultant, Fortify Software

How to Defend the Universe from Evil-doers: A Guide for Software Developers and Security Teams

Software security is often a bolt-on afterthought for dealing with potentially serious yet non-functional product issues. However, software developers frequently have neither the time nor inclination to deal with anything but functional enhancements and bug fixes identified in their defect tracking system. The Security Group, having a corporate mandate to “secure the enterprise,” unmercifully throws at the Dev Team an enormous list of non-actionable “issues” derived from dynamic and static security testing. The Project Lead is naturally and legitimately concerned about release schedules, which are now understandably threatened by unfocused approaches to security issue identification and mitigation. Add to this a mixture of overt distrust and skepticism between the Security Group and software developers, and organizations are left with a pile of suspected security issues and no resolution in sight. The CISO, meanwhile, could not care less about minutia such as Cross-Site Request Forgery, but instead is focused on reducing business risk.

“Status quo” or “save the day”? The answer is obvious, but getting there is easier said than done. This presentation outlines the dysfunction common in organizations attempting to tackle software security assurance. The message ultimately focuses on what developers and security teams alike can do to lift themselves out of the quagmire in support of their C-level, who is endeavoring to prevent the next TJX- or Heartland-like security event.

Trevor Hawthorn, Managing Principal, Stratum Security

PCI for Developers: Lessons from the Real World

Any organization that stores, processes, or transmits credit card data must comply with the Payment Card Industry's (PCI) Data Security Standards (DSS). PCI can be daunting even for compliance and security experts. If you are a developer, it can be a major headache. Sooner or later the day will come when you (or your developers) will need to integrate PCI into your Software Development Lifecycle (SDLC). During this talk Trevor will discuss what is required to meet PCI compliance, and examine how a wide variety of organizations tackle their compliance obligations.

Rinaldi Rampen, Director, Solutions Architecture, WhiteHat Security

Top Website Vulnerabilities: Trends, Business Effects and How to Fight Them

Website attacks continue to prevail despite the best efforts of enterprises to fight them. Websites are an ongoing business concern and security must be assured all the time, not just at a point in time. And yet, most websites were exposed to at least one serious vulnerability every day of 2010, leaving valuable corporate and customer date at risk. Why?

In this presentation, Rinaldi will explore a new way to measure website security, Windows of Exposure, that tracks an organization's current and historical website security posture. Window of Exposure is a useful combination of vulnerability prevalence, how long vulnerabilities take to get fixed, and the percentage of them that are remediated. By carefully tracking these metrics, an organization can determine where resources would be best invested.

Using data from WhiteHat's 11th Website Security Statistics Report, based on assessments of over 3,000 websites, Rampen will reveal the most secure (and insecure) vertical markets and the Windows of Exposure of each. Find out how your industry ranks, and the top ten vulnerabilities plaguing your peers. Attendees will also learn how to determine which metrics are critical to increasing their remediation rates, thereby limiting their Window of Exposure. The good news is that companies that take this approach are increasing remediation rates by 5 percent per year.


Platinum Sponsor

WhiteHat Security

WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. WhiteHat Sentinel, the company’s flagship product family, was launched in 2003. WhiteHat Sentinel is the most accurate, complete and cost-effective website vulnerability management solution available.


Gold Sponsor


Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions — delivered as a service. Qualys' Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures


Silver Sponsor

Stratum Security

Stratum Security is an information security services firm that provides services to clients worldwide. Their list of successful engagements include large multi-national enterprises to small start-ups in a wide array  of  industries including finance, insurance, retail, hospitality, education, health care, government, technology, energy, and telecommunications. 


Venue Details

  • Parking at Tampa International Airport will be FREE with validation. Validation stickers will be handed out during the event, so make sure to bring your parking ticket with you to the event. Please park in the short term or long term parking garages (NOT the Marriott Hotel's parking).
  • Once you enter the Airport, proceed to the 3rd floor. The Boardroom is on the 3rd level of the main terminal building (Located near the Airside A Shuttle, follow the hallway between the barbershop and the Earhart elevators).


CPE Credits

A reminder that you may be able to earn 4 CPE credit hours for attending OWASP Tampa Day 2011. CPE verification information will be provided during the event's Closing Remarks.

Have questions about OWASP Tampa Day 2011? Contact OWASP - Tampa Chapter

When & Where

Tampa International Airport - Board Room
4100 George J. Bean Parkway
Tampa, FL 33607

Monday, June 20, 2011 from 9:30 AM to 3:00 PM (EDT)

  Add to my calendar


OWASP - Tampa Chapter

The Open Web Application Security Project (OWASP) is an international organization and the OWASP Foundation supports OWASP efforts around the world.

OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.

All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.

You can learn more about OWASP at www.owasp.org or get involved with the Tampa Chapter by visiting www.owasp.org/index.php/Tampa.

  Contact the Organizer
OWASP Tampa Day 2011
Tampa, FL Events Conference

Interested in hosting your own event?

Join millions of people on Eventbrite.

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.