https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Fabio.e.cerulloOWASP - User contributions [en]2026-04-11T20:27:45ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=GSoC&diff=237235GSoC2018-02-02T19:53:16Z<p>Fabio.e.cerullo: </p>
<hr />
<div>'''OWASP is applying to be a Google Summer of Code (“GSoC”) mentoring organization in 2018!'''<br />
<br />
Open source software is changing the world and creating the future.<br />
<br />
Want to help shaping it? We’re looking for students to join us in making 2018 the best Summer of Code yet!<br />
<br />
<span style="color:#FF0000">'''STUDENTS: THE PROPOSAL SUBMISSION PERIOD WILL BE OPEN FROM MARCH 12th thru 27th 2018'''</span><br />
{| class="wikitable"<br />
|March 12 16:00 UTC<br />
|Student application period begins<br />
|-<br />
|March 27 16:00 UTC<br />
|Student application deadline<br />
|}<br />
[https://summerofcode.withgoogle.com/ '''Google Summer of Code Program Site''']<br />
* OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.<br />
* All students currently enrolled in an accredited institution are welcome to participate in the Google Summer of Code 2018 program, hopefully along with the OWASP Foundation.<br />
* Below you could find all the instructions on how to participate.<br />
<br />
== What is GSOC? ==<br />
<br />
The [https://developers.google.com/open-source/gsoc/ Google Summer of Code program] (“GSoC”) is designed to encourage student participation in open source development. Through GSoC, accepted student applicants will be paired with OWASP mentors that will guide them through their coding tasks.<br />
<br />
Benefits to students include:<br />
<br />
* Gaining exposure to real-world software development scenarios<br />
* An opportunity for employment in areas related to their academic pursuits and<br />
* Google will be offering successful student contributors a 5,500 USD stipend, enabling them to focus on their coding projects for three months. <br />
<br />
This program is done completely online. Students and mentors from more than 100 countries have participated in past years.<br />
==Instructions common to all participants==<br />
<br />
All participants should take a look at the [https://developers.google.com/open-source/gsoc/faq Google Summer of Code Program Site] every now and then to be informed about updates and advice. It is also important to read the [https://developers.google.com/open-source/gsoc/faq Summer of Code FAQ], as it contains useful information.<br />
All participants will need a Google account in order to join the program. You'll save some time if you create one now. Please review the [https://developers.google.com/open-source/gsoc/timeline GSOC 2018 TimeLine]<br />
<br />
===Programming Language===<br />
<br />
While the majority of OWASP tools are developed using C++/Java, we do accept other languages, including (but not limited to) Python, Ruby and C#. C++ will be accepted for any project. Submissions and ideas for projects in any other language should specifically mention the choice.<br />
<br />
==Instructions for students==<br />
<br />
Are you a student and want to code for an OWASP project? <br />
Here are the steps and some tips on getting started:<br />
<br />
1) Think of a good idea – For reference see<br />
[https://www.owasp.org/index.php/GSOC2018_Ideas GSOC 2018 Ideas].<br />
<br />
2) Do some research yourself based on the idea, write up a proposal draft <br />
<br />
3) Post it to the mailing list at [https://groups.google.com/forum/#!forum/owasp-gsoc https://groups.google.com/d/forum/owasp-gsoc] for initial discussions with OWASP mentors.<br />
<br />
4) Based on feedback, write a full proposal – See template below:<br />
https://www.owasp.org/index.php/GSoC_SAT<br />
<br />
5) Submit your proposal to Google from March 12th to March 27th 2018.<br />
<br />
Students wishing to participate in GSoC must realize this is a formal commitment to produce code for the selected OWASP Project during three months. You will also take some resources from OWASP project leaders, who will dedicate a portion of their time to mentor you. Therefore, we'd like to have candidates who are committed to helping OWASP mission. You don't have to be a proven developer -- in fact, this whole program is meant to facilitate joining OWASP and other Open Source communities. However, experience in coding and applications are welcome.<br />
<br />
You should start familiarising yourself with the components that you plan on working on before the start date. OWASP Project Mentors are available on the mailing list https://groups.google.com/d/forum/owasp-gsoc for help. <br />
<br />
===General instructions===<br />
First of all, please read the instructions common to all participants and the [https://developers.google.com/open-source/gsoc/faq GSoC FAQ]. Pay special attention to the '''Eligibility''' section of the FAQ.<br />
<br />
===Getting in touch===<br />
* Google Group: OWASP Organization Administrators and Mentors are available at https://groups.google.com/d/forum/owasp-gsoc ready to answer any questions and discuss any idea.<br />
* Mailing list: Each project has its own development mailing list (eg. ESAPI: http://lists.owasp.org/pipermail/esapi-dev/). Feel free to subscribe in order to discuss your ideas directly with the project's contributors.<br />
* IRC channel: You can find us at irc.freenode.net channel #owasp-gsoc<br />
<br />
===Recommended steps===<br />
* Read Google's instructions for participating<br />
* Take a look at the list of ideas<br />
* Come up with project that you're interested in<br />
* Write a first draft proposal and get someone to review it for you<br />
* Submit it using Google's web interface<br />
<br />
Coming up with an interesting idea is probably the most difficult part of all. It should be something interesting for an OWASP Project, and more importantly for you. It also has to be something that you can realistically achieve in the time available to you.<br />
<br />
Finding out what the most pressing issues are in the projects you're interested in is a good start. You can optionally join the mailing lists for that project: you can make acquaintance with developers and your potential mentor, as well as start learning the codebase. We recommend strongly doing that and we will look favourably on applications from students who have started to act like Open Source developers.<br />
<br />
===Student proposal guidelines===<br />
A project proposal is what you will be judged upon. So, as a general recommendation, write a clear proposal on what you plan to do, what your project is and what it is not, etc. Several websites now contain hints and other useful information on writing up such proposals.<br />
OWASP does not require a specific format or specific list of information, but there is an application template on the OWASP page in Google Melange with some specific points that you should address in your application:<br />
* Who are you? What are you studying?<br />
* What exactly do you intend to do? What will not be done?<br />
* Why are you the right person for this task?<br />
* To what extent are you familiar with the software you're proposing to work with? Have you used it? Have you read the source? Have you modified the source?<br />
* How many hours are you going to work on this a week? 10? 20? 30? 40?<br />
* Do you have other commitments that we should know about? If so, please suggest a way to compensate if it will take much time away from Summer of Code.<br />
* Are you comfortable working independently under a supervisor or mentor who is several thousand miles away, not to mention 12 time zones away? How will you work with your mentor to track your work? Have you worked in this style before?<br />
* If your native language is not English, are you comfortable working closely with a supervisor whose native language is English? What is your native language, as that may help us find a mentor who has the same native language?<br />
* Where do you live, and can we assign a mentor who is local to you so you can meet in a coffee shop for lunch?<br />
<br />
After you have written your proposal, you should get it reviewed. Do not rely on the OWASP mentors to do it for you via the web interface: they will only send back a proposal if they find it lacking. Instead, ask a colleague or a developer to do it for you.<br />
<br />
===Hints===<br />
'''Submit your proposal early:''' early submissions get more attention from developers for the simple fact that they have more time to dedicate to reading them. The more people see it, the more it'll get known.<br />
<br />
'''Do not leave it all to the last minute:''' while it is Google that is operating the webserver, it would be wise to expect a last-minute overload on the server. So, make sure you send your application before the final rush. Also, note that the applications submitted very late will get the least attention from mentors, so you may get a low vote because of that.<br />
<br />
'''Keep it simple:''' we don't need a 10-page essay on the project and on you (Google won't even let you submit a text that long). You just need to be concise and precise.<br />
<br />
'''Know what you are talking about:''' the last thing we need is for students to submit ideas that cannot be accomplished realistically or ideas that aren't even remotely related to OWASP Projects. If your idea is unusual, be sure to explain why you have chosen OWASP to be your mentoring organisation.<br />
<br />
'''Aim wide:''' submit more than one proposal, to different OWASP Projects. We also recommend submitting to more than one organisation too. This will increase your chances of being chosen.<br />
<br />
The PostgreSQL project has also released a list of [http://www.postgresql.org/developer/summerofcodeadvice.html hints] that you can take a look.<br />
<br />
==Instructions for mentors==<br />
===Ideas===<br />
If you're a developer and you wish to participate in Summer of Code, you can do it in two ways: the first and easiest is to make a proposal in the [https://www.owasp.org/index.php/GSOC2016_Ideas ideas] page. Take a look at what the different OWASP Projects needs or what you feel should have. Feel free to submit ideas even if you cannot elaborate too much on them.<br />
<br />
The second possibility is to be a mentor for a more specific idea. If you wish to do that, please read the instructions common to all participants and the Summer of Code FAQ. Also, please contact the project leader for your application or module and get the go-ahead from him/her. Then edit the ideas page, adding your idea.<br />
<br />
Your idea proposal should be a brief description of what the project is, what the desired goals would be, what the student should know and your email address for contact. Please note, though, that the students are not required to follow your idea to the letter, so regard your proposal as just a suggestion.<br />
<br />
===Mentoring===<br />
If you wish to help us even more, you can be an OWASP mentor. We will potentially assign a student to you who has never worked on such a large project and will need some help. Make sure you're up for the task.<br />
When subscribing yourself as a mentor, please make sure that your application or module maintainer is aware of that. Ask him/her to send the Summer of Code OWASP Administrators an email confirming to know you. This is just a formality to make sure you are a real person we can trust -- the administrators cannot know all active developers by their Google account ID.<br />
<br />
If you would like to get an idea of what is involved in being a good mentor, be sure to read the [http://write.flossmanuals.net/gsoc-mentoring/about-this-manual/ mentoring guide]. <br />
<br />
You will be subscribed to a mailing list to discuss ideas. We will also require you to read the proposals as they come in and you will be allowed to vote on the proposals, according to rules we will publish later.<br />
<br />
Finally, know that we will never assign you to a project you do not want to work on. We will not assign you more projects than you can/want to take on either. And you will have a backup mentor, just in case something unforeseen takes place.<br />
<br />
===Subscribing as mentor===<br />
To subscribe as mentor, you need to complete a few easy steps.<br />
* Contact the OWASP GSoC administrators to let them know which project you want to mentor for<br />
* Log in to [https://summerofcode.withgoogle.com/ Google Summer of Code Program Site]<br />
* Apply as a mentor for OWASP<br />
* Subscribe to https://groups.google.com/d/forum/owasp-gsoc<br />
<br />
'''The current list of GSOC 2018 Mentors are:'''<br />
* Fabio Cerullo<br />
* Kostas Papapanagiotou<br />
* Spyros Gasteratos<br />
<br />
==Instructions for OWASP Project Leaders==<br />
If you are an OWASP Project Leader, you may be contacted by developers in your project about an idea he wants to submit. <br />
You should judge whether the idea being proposed coincides with the general goals for your OWASP Project. If you feel that is not the case, you should reply to your developer and suggest that he modify the proposal.<br />
You do not need yourself to be a mentor, but we would like you to.<br />
<br />
==Contact OWASP GSoC Admininstrators==<br />
To reach the OWASP administrators for Summer of Code, please send an email to the GSOC Administrators below.<br />
<br />
'''The GSOC 2018 Administrators are:'''<br />
<br />
* Kostas Papapanagiotou (konstantinos@owasp.org)<br />
* Claudia Casanovas (claudia.aviles-casanovas@owasp.org)<br />
* Fabio Cerullo (fcerullo@owasp.org)</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=GSoC&diff=237234GSoC2018-02-02T19:50:46Z<p>Fabio.e.cerullo: typo</p>
<hr />
<div>'''OWASP is applying to be a Google Summer of Code (“GSoC”) mentoring organization in 2018!'''<br />
<br />
Open source software is changing the world and creating the future.<br />
<br />
Want to help shaping it? We’re looking for students to join us in making 2018 the best Summer of Code yet!<br />
<br />
<span style="color:#FF0000">'''STUDENTS: THE PROPOSAL SUBMISSION PERIOD WILL BE OPEN FROM MARCH 12th thru 27th 2018'''</span><br />
{| class="wikitable"<br />
|March 12 16:00 UTC<br />
|Student application period begins<br />
|-<br />
|March 27 16:00 UTC<br />
|Student application deadline<br />
|}<br />
[https://summerofcode.withgoogle.com/ '''Google Summer of Code Program Site''']<br />
* OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.<br />
* All students currently enrolled in an accredited institution are welcome to participate in the Google Summer of Code 2018 program, hopefully along with the OWASP Foundation.<br />
* Below you could find all the instructions on how to participate.<br />
<br />
== What is GSOC? ==<br />
<br />
The [https://developers.google.com/open-source/gsoc/ Google Summer of Code program] (“GSoC”) is designed to encourage student participation in open source development. Through GSoC, accepted student applicants will be paired with OWASP mentors that will guide them through their coding tasks.<br />
<br />
Benefits to students include:<br />
<br />
* Gaining exposure to real-world software development scenarios<br />
* An opportunity for employment in areas related to their academic pursuits and<br />
* Google will be offering successful student contributors a 5,500 USD stipend,enabling them to focus on their coding projects for three months. <br />
<br />
This program is done completely online. Students and mentors from more than 100 countries have participated in past years.<br />
==Instructions common to all participants==<br />
<br />
All participants should take a look at the [https://developers.google.com/open-source/gsoc/faq Google Summer of Code Program Site] every now and then to be informed about updates and advice. It is also important to read the [https://developers.google.com/open-source/gsoc/faq Summer of Code FAQ], as it contains useful information.<br />
All participants will need a Google account in order to join the program. You'll save some time if you create one now. Please review the [https://developers.google.com/open-source/gsoc/timeline GSOC 2018 TimeLine]<br />
<br />
===Programming Language===<br />
<br />
While the majority of OWASP tools are developed using C++/Java, we do accept other languages, including (but not limited to) Python, Ruby and C#. C++ will be accepted for any project. Submissions and ideas for projects in any other language should specifically mention the choice.<br />
<br />
==Instructions for students==<br />
<br />
Are you a student and want to code for an OWASP project? <br />
Here are the steps and some tips on getting started:<br />
<br />
1) Think of a good idea – For reference see<br />
[https://www.owasp.org/index.php/GSOC2018_Ideas GSOC 2018 Ideas].<br />
<br />
2) Do some research yourself based on the idea, write up a proposal draft <br />
<br />
3) Post it to the mailing list at [https://groups.google.com/forum/#!forum/owasp-gsoc https://groups.google.com/d/forum/owasp-gsoc] for initial discussions with OWASP mentors.<br />
<br />
4) Based on feedback, write a full proposal – See template below:<br />
https://www.owasp.org/index.php/GSoC_SAT<br />
<br />
5) Submit your proposal to Google from March 12th to March 27th 2018.<br />
<br />
Students wishing to participate in GSoC must realize this is a formal commitment to produce code for the selected OWASP Project during three months. You will also take some resources from OWASP project leaders, who will dedicate a portion of their time to mentor you. Therefore, we'd like to have candidates who are committed to helping OWASP mission. You don't have to be a proven developer -- in fact, this whole program is meant to facilitate joining OWASP and other Open Source communities. However, experience in coding and applications are welcome.<br />
<br />
You should start familiarising yourself with the components that you plan on working on before the start date. OWASP Project Mentors are available on the mailing list https://groups.google.com/d/forum/owasp-gsoc for help. <br />
<br />
===General instructions===<br />
First of all, please read the instructions common to all participants and the [https://developers.google.com/open-source/gsoc/faq GSoC FAQ]. Pay special attention to the '''Eligibility''' section of the FAQ.<br />
<br />
===Getting in touch===<br />
* Google Group: OWASP Organization Administrators and Mentors are available at https://groups.google.com/d/forum/owasp-gsoc ready to answer any questions and discuss any idea.<br />
* Mailing list: Each project has its own development mailing list (eg. ESAPI: http://lists.owasp.org/pipermail/esapi-dev/). Feel free to subscribe in order to discuss your ideas directly with the project's contributors.<br />
* IRC channel: You can find us at irc.freenode.net channel #owasp-gsoc<br />
<br />
===Recommended steps===<br />
* Read Google's instructions for participating<br />
* Take a look at the list of ideas<br />
* Come up with project that you're interested in<br />
* Write a first draft proposal and get someone to review it for you<br />
* Submit it using Google's web interface<br />
<br />
Coming up with an interesting idea is probably the most difficult part of all. It should be something interesting for an OWASP Project, and more importantly for you. It also has to be something that you can realistically achieve in the time available to you.<br />
<br />
Finding out what the most pressing issues are in the projects you're interested in is a good start. You can optionally join the mailing lists for that project: you can make acquaintance with developers and your potential mentor, as well as start learning the codebase. We recommend strongly doing that and we will look favourably on applications from students who have started to act like Open Source developers.<br />
<br />
===Student proposal guidelines===<br />
A project proposal is what you will be judged upon. So, as a general recommendation, write a clear proposal on what you plan to do, what your project is and what it is not, etc. Several websites now contain hints and other useful information on writing up such proposals.<br />
OWASP does not require a specific format or specific list of information, but there is an application template on the OWASP page in Google Melange with some specific points that you should address in your application:<br />
* Who are you? What are you studying?<br />
* What exactly do you intend to do? What will not be done?<br />
* Why are you the right person for this task?<br />
* To what extent are you familiar with the software you're proposing to work with? Have you used it? Have you read the source? Have you modified the source?<br />
* How many hours are you going to work on this a week? 10? 20? 30? 40?<br />
* Do you have other commitments that we should know about? If so, please suggest a way to compensate if it will take much time away from Summer of Code.<br />
* Are you comfortable working independently under a supervisor or mentor who is several thousand miles away, not to mention 12 time zones away? How will you work with your mentor to track your work? Have you worked in this style before?<br />
* If your native language is not English, are you comfortable working closely with a supervisor whose native language is English? What is your native language, as that may help us find a mentor who has the same native language?<br />
* Where do you live, and can we assign a mentor who is local to you so you can meet in a coffee shop for lunch?<br />
<br />
After you have written your proposal, you should get it reviewed. Do not rely on the OWASP mentors to do it for you via the web interface: they will only send back a proposal if they find it lacking. Instead, ask a colleague or a developer to do it for you.<br />
<br />
===Hints===<br />
'''Submit your proposal early:''' early submissions get more attention from developers for the simple fact that they have more time to dedicate to reading them. The more people see it, the more it'll get known.<br />
<br />
'''Do not leave it all to the last minute:''' while it is Google that is operating the webserver, it would be wise to expect a last-minute overload on the server. So, make sure you send your application before the final rush. Also, note that the applications submitted very late will get the least attention from mentors, so you may get a low vote because of that.<br />
<br />
'''Keep it simple:''' we don't need a 10-page essay on the project and on you (Google won't even let you submit a text that long). You just need to be concise and precise.<br />
<br />
'''Know what you are talking about:''' the last thing we need is for students to submit ideas that cannot be accomplished realistically or ideas that aren't even remotely related to OWASP Projects. If your idea is unusual, be sure to explain why you have chosen OWASP to be your mentoring organisation.<br />
<br />
'''Aim wide:''' submit more than one proposal, to different OWASP Projects. We also recommend submitting to more than one organisation too. This will increase your chances of being chosen.<br />
<br />
The PostgreSQL project has also released a list of [http://www.postgresql.org/developer/summerofcodeadvice.html hints] that you can take a look.<br />
<br />
==Instructions for mentors==<br />
===Ideas===<br />
If you're a developer and you wish to participate in Summer of Code, you can do it in two ways: the first and easiest is to make a proposal in the [https://www.owasp.org/index.php/GSOC2016_Ideas ideas] page. Take a look at what the different OWASP Projects needs or what you feel should have. Feel free to submit ideas even if you cannot elaborate too much on them.<br />
<br />
The second possibility is to be a mentor for a more specific idea. If you wish to do that, please read the instructions common to all participants and the Summer of Code FAQ. Also, please contact the project leader for your application or module and get the go-ahead from him/her. Then edit the ideas page, adding your idea.<br />
<br />
Your idea proposal should be a brief description of what the project is, what the desired goals would be, what the student should know and your email address for contact. Please note, though, that the students are not required to follow your idea to the letter, so regard your proposal as just a suggestion.<br />
<br />
===Mentoring===<br />
If you wish to help us even more, you can be an OWASP mentor. We will potentially assign a student to you who has never worked on such a large project and will need some help. Make sure you're up for the task.<br />
When subscribing yourself as a mentor, please make sure that your application or module maintainer is aware of that. Ask him/her to send the Summer of Code OWASP Administrators an email confirming to know you. This is just a formality to make sure you are a real person we can trust -- the administrators cannot know all active developers by their Google account ID.<br />
<br />
If you would like to get an idea of what is involved in being a good mentor, be sure to read the [http://write.flossmanuals.net/gsoc-mentoring/about-this-manual/ mentoring guide]. <br />
<br />
You will be subscribed to a mailing list to discuss ideas. We will also require you to read the proposals as they come in and you will be allowed to vote on the proposals, according to rules we will publish later.<br />
<br />
Finally, know that we will never assign you to a project you do not want to work on. We will not assign you more projects than you can/want to take on either. And you will have a backup mentor, just in case something unforeseen takes place.<br />
<br />
===Subscribing as mentor===<br />
To subscribe as mentor, you need to complete a few easy steps.<br />
* Contact the OWASP GSoC administrators to let them know which project you want to mentor for<br />
* Log in to [https://summerofcode.withgoogle.com/ Google Summer of Code Program Site]<br />
* Apply as a mentor for OWASP<br />
* Subscribe to https://groups.google.com/d/forum/owasp-gsoc<br />
<br />
'''The current list of GSOC 2018 Mentors are:'''<br />
* Fabio Cerullo<br />
* Kostas Papapanagiotou<br />
* Spyros Gasteratos<br />
<br />
==Instructions for OWASP Project Leaders==<br />
If you are an OWASP Project Leader, you may be contacted by developers in your project about an idea he wants to submit. <br />
You should judge whether the idea being proposed coincides with the general goals for your OWASP Project. If you feel that is not the case, you should reply to your developer and suggest that he modify the proposal.<br />
You do not need yourself to be a mentor, but we would like you to.<br />
<br />
==Contact OWASP GSoC Admininstrators==<br />
To reach the OWASP administrators for Summer of Code, please send an email to the GSOC Administrators below.<br />
<br />
'''The GSOC 2018 Administrators are:'''<br />
<br />
* Kostas Papapanagiotou (konstantinos@owasp.org)<br />
* Claudia Casanovas (claudia.aviles-casanovas@owasp.org)<br />
* Fabio Cerullo (fcerullo@owasp.org)</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Board_Election_Policy&diff=198106Board Election Policy2015-07-29T18:35:17Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== '''OWASP International Board Of Directors Election Policy''' ==<br />
<br />
<br><br />
<br />
The OWASP Foundation was established in 2001 as an open community and software security resource. Since then, OWASP has grown to be globally recognized as a credible source for application security standards (see industry citations). Individuals typically find OWASP when searching the internet for information about software security - and they are happy to find a reliable source of knowledge built by an extremely open and passionate community. OWASP is open to anyone. Anyone can attend OWASP's vendor agnostic local chapter meetings, participate in regional and global conferences, and contribute to the many OWASP projects. And anyone can start a new project, form a new chapter, or lend their expertise to help an OWASP Global Committee.<br />
<br />
The OWASP Foundation Board of Directors currently consists of seven elected volunteers. These unpaid volunteers dedicate themselves to the organizational mission and playing a pivotal role in the software security community. OWASP conducts democratic elections of its Board Members to enable bottom-up advancement of its mission.<br />
<br />
=== About OWASP ===<br />
* [https://www.owasp.org/index.php/About_OWASP Learn About OWASP]<br />
* Read the OWASP Foundation bylaws - [https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf Click Here] <br />
* Review the Monthly Board meetings, voting history and topics - [https://www.owasp.org/index.php/OWASP_Board_Meetings Click Here]<br />
<br />
=== '''Potential Election Timeline''' ===<br />
# Notify current board member(s) who's term is up<br> <br />
# Call for Candidates Opens<br><br />
# Honorary Membership Self Nomination Opens<br><br />
# Email Reminder Call For Candidates<br><br />
# Submission for Questions From the Community for the Candidate Interviews Opens<br><br />
# Email Reminder Honorary Membership<br><br />
# Email Reminder Honorary Membership<br><br />
# Honorary Membership Closes<br><br />
# Email Reminder Call For Candidates<br><br />
# Email Reminder Call For Candidates<br><br />
# Deadline for Call for Candidates Closes<br><br />
# Deadline for Questions from the community<br><br />
# The 4-5 top questions from the community will be selected<br><br />
# Verification of candidates<br><br />
# Candidates announced in OWASP "Special Edition" connector and posted to social media/email<br><br />
# Top 4-5 questions are shared with all candidates<br><br />
# Scheduling of interview recordings <br><br />
# Deadline for interview recordings to be completed<br><br />
# Recordings posted on the election wiki page<br><br />
# Email/Social Media notifying the community the recordings are posted<br><br />
# Paid Membership Deadline<br><br />
# Voting opens<br><br />
# Voting closes<br><br />
# Results shared with all candidates<br><br />
# Results shared via "Special Edition" connector, email and social media<br><br />
<br />
=== '''Global Board of Directors Primary Responsibilities''' ===<br />
<br />
Seated members of the Board of Directors attend and contribute to monthly meetings. Additionally, they:<br />
<br />
1. Create and review a statement of mission and purpose that articulates the organization's goals, means, and primary constituents served globally. They then support that mission and purpose.<br />
<br />
2. Support all employees. The Board should ensure that the employees have the moral and professional support needed to further the goals and performance objectives of the organization.<br />
<br />
3. Ensure effective planning. The Board must actively participate in the overall planning process for the organization and assist in implementing and monitoring the organization's goals.<br />
<br />
4. Monitor and strengthen programs and services. The Board's responsibility is to determine which programs are consistent with the organization's mission and monitor their effectiveness.<br />
<br />
5. Ensure financial integrity of the Foundation. Secure adequate funding resources for the organization to fulfill its mission; protect assets and provide financial oversight following general accepted accounting principles and policies and assist in developing the annual budget and ensuring that proper financial controls are in place.<br />
<br />
Additional Responsibilities that the International Board of Directors must adhere to can be found [https://www.owasp.org/index.php/Governance on the Foundation Governance Page]<br />
<br />
=== '''Eligibility Requirements for Board Candidates''' ===<br />
You need to be an OWASP [https://www.owasp.org/index.php/Membership member]. '''NOT''' just paid members, but active [https://www.owasp.org/index.php/Category:OWASP_Project project] and [https://www.owasp.org/index.php/OWASP_Chapter chapter] contributors are eligible. All candidates must be in good standing for a twelve (12) month period of time prior to the '''<<election period commencement date>>'''. Candidates are required to submit a bio, current membership status and a brief description of why you would like to be elected. You will be contacted in early August to schedule a audio interview/podcast. If you are interesting in running for the board then please submit your intention along with the requirements listed above [http://www.tfaforms.com/371459 here]. All submissions will be reviewed and verified by OWASP.<br />
<br><br />
<br />
=== '''Honorary Membership''' ===<br />
Who is eligible for Honorary Membership? <br />
*OWASP Chapter Leaders - The OWASP Chapter MUST be active and your leadership position MUST be on file with the OWASP Foundation prior to the '''<<election period commencement date>>'''.<br />
*OWASP Project Leaders - The OWASP Project MUST be active and your leadership position MUST be on file with the OWASP Foundation prior to the '''<<election period commencement date>>'''.<br />
<br />
'''**NOTE**''' If you are an OWASP leader that does not have a paid individual membership on file, but meets the requirements for Honorary Membership, then you '''MUST APPLY''' for an Honorary Membership in order to vote in this years election. The Honorary Membership request form will be available starting June 1 and will close June 30. All submissions will be reviewed and verified by OWASP. [http://www.tfaforms.com/371458 '''Submit your Request HERE''']<br />
<br />
=== '''Who Can Vote?''' ===<br />
OWASP paid Individual Members, paid Corporate Members and Honorary Members registered prior to the '''<<election period commencement date>>''' will have (1) vote per set (there are 4 sets up for this election). <br />
Please check the current [https://docs.google.com/spreadsheets/d/1XW-VxPOz8smjWyk6T8eyK5zw4FB51Q3E4hPuTOdGBtg/edit?usp=sharing Member Directory]. If you are not a member yet, we encourage you to join. [http://myowasp.force.com/memberappregion Join Now]<br />
<br><br />
<br />
=== '''How Do I Vote?''' ===<br />
Eligible voting members will receive an email to their registered email address from owasp@simplyvoting.com with subject "OWASP Board Election"<br />
This email will have a specific link for you to cast your vote. Please '''do NOT''' share this link with anyone. It is a specific link '''JUST FOR YOU'''! <br />
<br />
Additionally, eligible voting members will also receive an email from the OWASP Foundation notifying them that their ballot has been sent. In the instance that they did not receive a ballot they will be asked to contact us immediately.<br />
<br />
=== '''Have additional questions about the OWASP Membership?''' ===<br />
*Read the Membership FAQ [https://www.owasp.org/index.php/MEMBERSHIP_FAQ CLICK HERE]<br><br />
=== '''Election FAQ''' ===<br />
If you have a question about the current election please [http://owasp4.owasp.org/contactus.html click here].<br />
*'''Where can I find communication to the OWASP Community about the upcoming election?'''<br />
Answer: We will try to publish announcements and key milestone reminders to as many communication channels as possible, including the OWASP Blog, OWASP Connector, OWASP Leader's List and this Wiki Page. Please feel free to help us communicate the message, by re-posting, re-tweeting, or sharing with the OWASP Chapter, Project, or Initiatives you may be involved with.<br />
<br><br />
=== '''Acknowledgements''' ===</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Board_Election_Policy&diff=198105Board Election Policy2015-07-29T18:33:33Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== '''OWASP International Board Of Directors Election Policy''' ==<br />
<br />
<br><br />
<br />
The OWASP Foundation was established in 2001 as an open community and software security resource. Since then, OWASP has grown to be globally recognized as a credible source for application security standards (see industry citations). Individuals typically find OWASP when searching the internet for information about software security - and they are happy to find a reliable source of knowledge built by an extremely open and passionate community. OWASP is open to anyone. Anyone can attend OWASP's vendor agnostic local chapter meetings, participate in regional and global conferences, and contribute to the many OWASP projects. And anyone can start a new project, form a new chapter, or lend their expertise to help an OWASP Global Committee.<br />
<br />
The OWASP Foundation Board of Directors currently consists of seven elected volunteers. These unpaid volunteers dedicate themselves to the organizational mission and playing a pivotal role in the software security community. OWASP conducts democratic elections of its Board Members to enable bottom-up advancement of its mission.<br />
<br />
=== About OWASP ===<br />
* [https://www.owasp.org/index.php/About_OWASP Learn About OWASP]<br />
* Read the OWASP Foundation bylaws - [https://www.owasp.org/images/9/92/April2014OWASPFoundationByLaws.pdf Click Here] <br />
* Review the Monthly Board meetings, voting history and topics - [https://www.owasp.org/index.php/OWASP_Board_Meetings Click Here]<br />
<br />
=== '''Potential Election Timeline''' ===<br />
# Notify current board member(s) who's term is up<br> <br />
# Call for Candidates Opens<br><br />
# Honorary Membership Self Nomination Opens<br><br />
# Email Reminder Call For Candidates<br><br />
# Submission for Questions From the Community for the Candidate Interviews Opens<br><br />
# Email Reminder Honorary Membership<br><br />
# Email Reminder Honorary Membership<br><br />
# Honorary Membership Closes<br><br />
# Email Reminder Call For Candidates<br><br />
# Email Reminder Call For Candidates<br><br />
# Deadline for Call for Candidates Closes<br><br />
# Deadline for Questions from the community<br><br />
# The 4-5 top questions from the community will be selected<br><br />
# Verification of candidates<br><br />
# Candidates announced in OWASP "Special Edition" connector and posted to social media/email<br><br />
# Top 4-5 questions are shared with all candidates<br><br />
# Scheduling of interview recordings <br><br />
# Deadline for interview recordings to be completed<br><br />
# Recordings posted on the election wiki page<br><br />
# Email/Social Media notifying the community the recordings are posted<br><br />
# Paid Membership Deadline<br><br />
# Voting opens<br><br />
# Voting closes<br><br />
# Results shared with all candidates<br><br />
# Results shared via "Special Edition" connector, email and social media<br><br />
<br />
=== '''Global Board of Directors Primary Responsibilities''' ===<br />
<br />
Seated members of the Board of Directors attend and contribute to monthly meetings. Additionally, they:<br />
<br />
1. Create and review a statement of mission and purpose that articulates the organization's goals, means, and primary constituents served globally. They then support that mission and purpose.<br />
<br />
2. Support all employees. The Board should ensure that the employees have the moral and professional support needed to further the goals and performance objectives of the organization.<br />
<br />
3. Ensure effective planning. The Board must actively participate in the overall planning process for the organization and assist in implementing and monitoring the organization's goals.<br />
<br />
4. Monitor and strengthen programs and services. The Board's responsibility is to determine which programs are consistent with the organization's mission and monitor their effectiveness.<br />
<br />
5. Ensure financial integrity of the Foundation. Secure adequate funding resources for the organization to fulfill its mission; protect assets and provide financial oversight following general accepted accounting principles and policies and assist in developing the annual budget and ensuring that proper financial controls are in place.<br />
<br />
Additional Responsibilities that the International Board of Directors must adhere to can be found [https://www.owasp.org/index.php/Governance on the Foundation Governance Page]<br />
<br />
=== '''Eligibility Requirements for Board Candidates''' ===<br />
You need to be an OWASP [https://www.owasp.org/index.php/Membership member]. '''NOT''' just paid members, but active [https://www.owasp.org/index.php/Category:OWASP_Project project] and [https://www.owasp.org/index.php/OWASP_Chapter chapter] contributors are eligible. All candidates must be in good standing for a twelve (12) month period of time prior to the election period commencement date. Candidates are required to submit a bio, current membership status and a brief description of why you would like to be elected. You will be contacted in early August to schedule a audio interview/podcast. If you are interesting in running for the board then please submit your intention along with the requirements listed above [http://www.tfaforms.com/371459 here]. All submissions will be reviewed and verified by OWASP.<br />
<br><br />
<br />
=== '''Honorary Membership''' ===<br />
Who is eligible for Honorary Membership? <br />
*OWASP Chapter Leaders - The OWASP Chapter MUST be active and your leadership position MUST be on file with the OWASP Foundation prior to the election period commencement date.<br />
*OWASP Project Leaders - The OWASP Project MUST be active and your leadership position MUST be on file with the OWASP Foundation prior to the election period commencement date.<br />
<br />
'''**NOTE**''' If you are an OWASP leader that does not have a paid individual membership on file, but meets the requirements for Honorary Membership, then you '''MUST APPLY''' for an Honorary Membership in order to vote in this years election. The Honorary Membership request form will be available starting June 1 and will close June 30. All submissions will be reviewed and verified by OWASP. [http://www.tfaforms.com/371458 '''Submit your Request HERE''']<br />
<br />
=== '''Who Can Vote?''' ===<br />
OWASP paid Individual Members, paid Corporate Members and Honorary Members registered prior to the election period commencement date will have (1) vote per set (there are 4 sets up for this election). <br />
Please check the current [https://docs.google.com/spreadsheets/d/1XW-VxPOz8smjWyk6T8eyK5zw4FB51Q3E4hPuTOdGBtg/edit?usp=sharing Member Directory]. If you are not a member yet, we encourage you to join. [http://myowasp.force.com/memberappregion Join Now]<br />
<br><br />
<br />
=== '''How Do I Vote?''' ===<br />
Eligible voting members will receive an email to their registered email address from owasp@simplyvoting.com with subject "OWASP Board Election"<br />
This email will have a specific link for you to cast your vote. Please '''do NOT''' share this link with anyone. It is a specific link '''JUST FOR YOU'''! <br />
<br />
Additionally, eligible voting members will also receive an email from the OWASP Foundation notifying them that their ballot has been sent. In the instance that they did not receive a ballot they will be asked to contact us immediately.<br />
<br />
=== '''Have additional questions about the OWASP Membership?''' ===<br />
*Read the Membership FAQ [https://www.owasp.org/index.php/MEMBERSHIP_FAQ CLICK HERE]<br><br />
=== '''Election FAQ''' ===<br />
If you have a question about the current election please [http://owasp4.owasp.org/contactus.html click here].<br />
*'''Where can I find communication to the OWASP Community about the upcoming election?'''<br />
Answer: We will try to publish announcements and key milestone reminders to as many communication channels as possible, including the OWASP Blog, OWASP Connector, OWASP Leader's List and this Wiki Page. Please feel free to help us communicate the message, by re-posting, re-tweeting, or sharing with the OWASP Chapter, Project, or Initiatives you may be involved with.<br />
<br><br />
=== '''Acknowledgements''' ===</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Owasp.org_email_address&diff=196544Owasp.org email address2015-06-24T10:09:46Z<p>Fabio.e.cerullo: </p>
<hr />
<div>'''Request an OWASP.org email account'''<br />
<br />
Paid members, project leaders and chapter leaders can get a @OWASP.ORG email address. That way, if you desire to collaborate with peers globally, you do not have to use your company/personal email address if you do not want to.<br />
<br />
[http://sl.owasp.org/contactus Submit a request.]<br />
<br />
[[newmembership|Return to membership overview.]]<br />
<br />
'''Terms of Use'''<br />
<br />
By accessing or using the OWASP.org email services, you agree to act responsibly, exercise good judgment, adhere to the [https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics OWASP Code of Ethics] and comply with the following:<br />
<br />
(a) Do not use your OWASP.org email address in connection with the distribution of spam (which we define as unsolicited bulk e-mail or any other unsolicited messages of a commercial, religious, romantic or political nature);<br />
<br />
(b) Do not use your OWASP.org email address for any commercial purpose whatsoever, including but not limited to:<br><br />
- Unsolicited advertising of services, products and goods.<br><br />
- Posting of job offers or volunteer opportunities for one’s business.<br><br />
- Any commercial content that benefits the content author (such as signatures with company details, logos, etc).<br><br />
<br />
'''Signature Format'''<br />
<br />
We strongly encourage OWASP leaders to promote their projects, chapters, conferences, etc in their OWASP.org email signatures. Here is a suggested signature format template:<br />
<br />
Joe Doe<br><br />
OWASP Awesome Project Leader<br><br />
https://www.owasp.org/awesomeproject<br><br />
Follow us @awesomeproject<br><br />
<br />
If you have any questions, please don’t hesitate to [http://sl.owasp.org/contactus contact us].</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Owasp.org_email_address&diff=196543Owasp.org email address2015-06-24T10:09:26Z<p>Fabio.e.cerullo: </p>
<hr />
<div>'''Request an OWASP.org email account'''<br />
<br />
Paid members, project leaders and chapter leaders can get a @OWASP.ORG email address. That way, if you desire to collaborate with peers globally, you do not have to use your company/personal email address if you do not want to.<br />
<br />
[http://sl.owasp.org/contactus Submit a request.]<br />
<br />
[[newmembership|Return to membership overview.]]<br />
<br />
'''Terms of Use'''<br />
<br />
By accessing or using the OWASP.org email services, you agree to act responsibly, exercise good judgment, adhere to the [https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics OWASP Code of Ethics] and comply with the following:<br />
<br />
(a) Do not use your OWASP.org email address in connection with the distribution of spam (which we define as unsolicited bulk e-mail or any other unsolicited messages of a commercial, religious, romantic or political nature);<br />
<br />
(b) Do not use your OWASP.org email address for any commercial purpose whatsoever, including but not limited to:<br><br />
Unsolicited advertising of services, products and goods.<br><br />
Posting of job offers or volunteer opportunities for one’s business.<br><br />
Any commercial content that benefits the content author (such as signatures with company details, logos, etc).<br><br />
<br />
'''Signature Format'''<br />
<br />
We strongly encourage OWASP leaders to promote their projects, chapters, conferences, etc in their OWASP.org email signatures. Here is a suggested signature format template:<br />
<br />
Joe Doe<br><br />
OWASP Awesome Project Leader<br><br />
https://www.owasp.org/awesomeproject<br><br />
Follow us @awesomeproject<br><br />
<br />
If you have any questions, please don’t hesitate to [http://sl.owasp.org/contactus contact us].</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Owasp.org_email_address&diff=196542Owasp.org email address2015-06-24T10:08:47Z<p>Fabio.e.cerullo: </p>
<hr />
<div>'''Request an OWASP.org email account'''<br />
<br />
Paid members, project leaders and chapter leaders can get a @OWASP.ORG email address. That way, if you desire to collaborate with peers globally, you do not have to use your company/personal email address if you do not want to.<br />
<br />
[http://sl.owasp.org/contactus Submit a request.]<br />
<br />
[[newmembership|Return to membership overview.]]<br />
<br />
'''Terms of Use'''<br />
<br />
By accessing or using the OWASP.org email services, you agree to act responsibly, exercise good judgment, adhere to the [https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics OWASP Code of Ethics] and comply with the following:<br />
<br />
(a) Do not use your OWASP.org email address in connection with the distribution of spam (which we define as unsolicited bulk e-mail or any other unsolicited messages of a commercial, religious, romantic or political nature);<br />
<br />
(b) Do not use your OWASP.org email address for any commercial purpose whatsoever, including but not limited to:<br />
Unsolicited advertising of services, products and goods<br />
Posting of job offers or volunteer opportunities for one’s business.<br />
Any commercial content that benefits the content author (such as signatures with company details, logos, etc).<br />
<br />
'''Signature Format'''<br />
<br />
We strongly encourage OWASP leaders to promote their projects, chapters, conferences, etc in their OWASP.org email signatures. Here is a suggested signature format template:<br />
<br />
Joe Doe<br><br />
OWASP Awesome Project Leader<br><br />
https://www.owasp.org/awesomeproject<br><br />
Follow us @awesomeproject<br><br />
<br />
If you have any questions, please don’t hesitate to [http://sl.owasp.org/contactus contact us].</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Owasp.org_email_address&diff=196541Owasp.org email address2015-06-24T10:08:26Z<p>Fabio.e.cerullo: </p>
<hr />
<div>'''Request an OWASP.org email account'''<br />
<br />
Paid members, project leaders and chapter leaders can get a @OWASP.ORG email address. That way, if you desire to collaborate with peers globally, you do not have to use your company/personal email address if you do not want to.<br />
<br />
[http://sl.owasp.org/contactus Submit a request.]<br />
<br />
[[newmembership|Return to membership overview.]]<br />
<br />
'''Terms of Use'''<br />
<br />
By accessing or using the OWASP.org email services, you agree to act responsibly, exercise good judgment, adhere to the [https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics OWASP Code of Ethics] and comply with the following:<br />
<br />
(a) Do not use your OWASP.org email address in connection with the distribution of spam (which we define as unsolicited bulk e-mail or any other unsolicited messages of a commercial, religious, romantic or political nature);<br />
<br />
(b) Do not use your OWASP.org email address for any commercial purpose whatsoever, including but not limited to:<br />
Unsolicited advertising of services, products and goods<br />
Posting of job offers or volunteer opportunities for one’s business.<br />
Any commercial content that benefits the content author (such as signatures with company details, logos, etc).<br />
<br />
'''Signature Format'''<br />
<br />
We strongly encourage OWASP leaders to promote their projects, chapters, conferences, etc in their OWASP.org email signatures. Here is a suggested signature format template:<br />
<br />
Joe Doe<br><br />
OWASP Awesome Project Leader<br><br />
https://www.owasp.org/awesomeproject<br><br />
Follow us @awesomeproject<br><br />
If you have any questions, please don’t hesitate to [http://sl.owasp.org/contactus contact us].</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Owasp.org_email_address&diff=196540Owasp.org email address2015-06-24T10:07:14Z<p>Fabio.e.cerullo: </p>
<hr />
<div>'''OWASP.org email address'''<br />
<br />
Paid members, project leaders and chapter leaders can get a @OWASP.ORG email address. That way, if you desire to collaborate with peers globally, you do not have to use your company/personal email address if you do not want to.<br />
<br />
[http://sl.owasp.org/contactus Submit a request.]<br />
<br />
[[newmembership|Return to membership overview.]]<br />
<br />
'''Terms of Use'''<br />
<br />
By accessing or using the OWASP.org email services, you agree to act responsibly, exercise good judgment, adhere to the [https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics OWASP Code of Ethics] and comply with the following:<br />
<br />
(a) Do not use your OWASP.org email address in connection with the distribution of spam (which we define as unsolicited bulk e-mail or any other unsolicited messages of a commercial, religious, romantic or political nature);<br />
<br />
(b) Do not use your OWASP.org email address for any commercial purpose whatsoever, including but not limited to:<br />
Unsolicited advertising of services, products and goods<br />
Posting of job offers or volunteer opportunities for one’s business.<br />
Any commercial content that benefits the content author (such as signatures with company details, logos, etc).<br />
<br />
'''Signature Format'''<br />
<br />
We strongly encourage OWASP leaders to promote their projects, chapters, conferences, etc in their OWASP.org email signatures. Here is a suggested signature format template:<br />
<br />
Joe Doe<br />
OWASP Awesome Project Leader<br />
https://www.owasp.org/awesomeproject<br />
Follow us @awesomeproject<br />
If you have any questions, please don’t hesitate to [http://sl.owasp.org/contactus contact us].</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Owasp.org_email_address&diff=196539Owasp.org email address2015-06-24T10:06:30Z<p>Fabio.e.cerullo: </p>
<hr />
<div>'''OWASP.org email address'''<br />
<br />
Paid members, project leaders and chapter leaders can get a @OWASP.ORG email address. That way, if you desire to collaborate with peers globally, you do not have to use your company/personal email address if you do not want to.<br />
<br />
[http://sl.owasp.org/contactus Submit a request.]<br />
<br />
[[newmembership|Return to membership overview.]]<br />
<br />
'''Terms of Use'''<br />
<br />
By accessing or using the OWASP.org email services, you agree to act responsibly, exercise good judgment, adhere to the [https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics OWASP Code of Ethics] and comply with the following:<br />
<br />
(a) Do not use your OWASP.org email address in connection with the distribution of spam (which we define as unsolicited bulk e-mail or any other unsolicited messages of a commercial, religious, romantic or political nature);<br />
<br />
(b) Do not use your OWASP.org email address for any commercial purpose whatsoever, including but not limited to:<br />
Unsolicited advertising of services, products and goods<br />
Posting of job offers or volunteer opportunities for one’s business.<br />
Any commercial content that benefits the content author (such as signatures with company details, logos, etc).<br />
<br />
'''Signature Format'''<br />
<br />
We strongly encourage OWASP leaders to promote their projects, chapters, conferences, etc in their OWASP.org email signatures. Here is a suggested signature format template:<br />
<br />
Joe Doe<br />
OWASP Awesome Project Leader<br />
[https://www.owasp.org/awesomeproject https://www.owasp.org/awesomeproject]<br />
Follow us @awesomeproject<br />
If you have any questions, please don’t hesitate to [http://sl.owasp.org/contactus contact us].</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=June_24,_2015&diff=196483June 24, 20152015-06-22T18:28:10Z<p>Fabio.e.cerullo: /* Old Business */</p>
<hr />
<div>==Dial In Info==<br />
===Notice of Recording===<br />
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013<br />
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.<br />
*[link:addme Meeting Recording]<br />
<br />
<br />
===Time===<br />
14:00-15:00 PDT<br />
<br />
===Location=== <br />
<br />
'''Teleconference Information:'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
<br />
=== Attendance Tracker===<br />
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''<br />
<br />
=== Meeting Minutes===<br />
[link:addme Meeting Minutes]<br />
<br />
= Reading Material =<br />
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''<br />
<br />
* [https://docs.google.com/document/d/1RnVbx6DXX3tGcFWlrSxyn8NDKPQEYbTcACJR0oCuyaI/edit#heading=h.rye1xpr37ksy|OWASP By Laws v7]<br />
<br />
* [https://docs.google.com/a/owasp.org/document/d/1d6c5LqjN-qSQjWfMQdqaYaQz2dBVTNssBSLCSKAgusY/edit?usp=sharing On-Demand Training Proposal]<br />
<br />
= Meeting Agenda =<br />
== Call to Order /OWASP Mission ==<br />
*Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)<br />
<br />
== Reports ==<br />
=== Chairmain's Report - Tobias Gondrom ===<br />
*<br />
<br />
=== Vice Chairmain's Report - Josh Sokol ===<br />
*<br />
<br />
=== Treasurer Report - Fabio Cerullo ===<br />
*<br />
<br />
=== Secretary Report - Matt Konda ===<br />
*<br />
<br />
=== Updates from Members at Large - Michael Coates, Andrew van der Stock & Jim Manico ===<br />
<br />
* Andrew van der Stock - Education strategic goal update.<br />
<br />
==Reports==<br />
* Executive Director/Operations Update - [link:addme Rollup Report P.Ritchie]<br />
** Financial Update - [link:addme Monthly & YTD Financials]<br />
** Director Update - Kate Hartmann - [link:addme Kate Hartmann Update]<br />
** Project Manager Update - [link:addme Project Manager Report]<br />
** Membership Update - [https://www.owasp.org/index.php/May_2015_Membership_Report Membership Report]<br />
** IT Update - [link:addme Matt Tesauro Report]<br />
<br />
=== Community Initiative Reports ===<br />
*<br />
*<br />
<br />
==Old Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
* Bylaws (pre-reading material: [https://docs.google.com/document/d/1RnVbx6DXX3tGcFWlrSxyn8NDKPQEYbTcACJR0oCuyaI/edit#heading=h.rye1xpr37ksy|OWASP By Laws v7])<br />
<br />
Discuss revised by laws, approve, reword or reject changes to bring our by laws into good standing before the election. <br />
<br />
* Fund ring fencing <br />
<br />
Discuss how we ensure that all of our strategic goals are properly funded, and ensure that the Foundation doesn't need to borrow when we have funds on hand. Chapters have 71% of OWASP's funds ring fenced. Let's discuss how we deliver all of OWASP's strategic goals, and improve our admin cost overhead ratio.<br />
<br />
* On Demand Training (pre-reading material link above)<br />
<br />
At OWASP we are frequently receiving requests from companies looking for training related to application security. This is an area of expertise that plenty of individuals in our Community could fulfil. This growing demand for training is aligned with OWASP Strategic Goals and will become a much needed revenue stream for the Foundation that is not conference driven. Discuss revised proposal for OWASP to deliver/organise trainings.<br />
<br />
==New Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
* [Tobias] - reopen communication with RSA to explore potential opportunities for OWASP outreach. <br />
** [discussion topic]<br />
* [Matt] - hire a technical editor for a few months. <br />
** [discussion topic]<br />
* [Jim] - Making public statements on crypto<br />
** "Even though 501c3 organizations *can* do some lobbying (as long as expenditures are not substantial), the IAB is careful not to talk about legislation or urge anyone to contact representatives about legislation." - Jeff Willams<br />
* [Josh] - Funding request for Project Summit at AppSecUSA 2015<br />
** http://lists.owasp.org/pipermail/owasp-leaders/2015-June/014359.html<br />
** $10,000 requested<br />
<br />
== Action Items==<br />
*<br />
<br />
==Announcements==<br />
<br />
<br />
==Adjournment==<br />
*Next meeting date/time: <br />
<br />
<br />
<br />
<br />
==Motion to close meeting==</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=June_24,_2015&diff=196482June 24, 20152015-06-22T18:25:00Z<p>Fabio.e.cerullo: </p>
<hr />
<div>==Dial In Info==<br />
===Notice of Recording===<br />
* Notice to all attendees - board meetings are recorded and publicly available as of March, 2013<br />
* Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording.<br />
*[link:addme Meeting Recording]<br />
<br />
<br />
===Time===<br />
14:00-15:00 PDT<br />
<br />
===Location=== <br />
<br />
'''Teleconference Information:'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
<br />
=== Attendance Tracker===<br />
'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]'''<br />
<br />
=== Meeting Minutes===<br />
[link:addme Meeting Minutes]<br />
<br />
= Reading Material =<br />
'''''It is a requirement as a board member to fully read all material prior to the start of the meeting'''''<br />
<br />
* [https://docs.google.com/document/d/1RnVbx6DXX3tGcFWlrSxyn8NDKPQEYbTcACJR0oCuyaI/edit#heading=h.rye1xpr37ksy|OWASP By Laws v7]<br />
<br />
* [https://docs.google.com/a/owasp.org/document/d/1d6c5LqjN-qSQjWfMQdqaYaQz2dBVTNssBSLCSKAgusY/edit?usp=sharing On-Demand Training Proposal]<br />
<br />
= Meeting Agenda =<br />
== Call to Order /OWASP Mission ==<br />
*Administrative (List of attendees and Agenda bashing (only if last-minute changes to the agenda are needed) (5 min)<br />
<br />
== Reports ==<br />
=== Chairmain's Report - Tobias Gondrom ===<br />
*<br />
<br />
=== Vice Chairmain's Report - Josh Sokol ===<br />
*<br />
<br />
=== Treasurer Report - Fabio Cerullo ===<br />
*<br />
<br />
=== Secretary Report - Matt Konda ===<br />
*<br />
<br />
=== Updates from Members at Large - Michael Coates, Andrew van der Stock & Jim Manico ===<br />
<br />
* Andrew van der Stock - Education strategic goal update.<br />
<br />
==Reports==<br />
* Executive Director/Operations Update - [link:addme Rollup Report P.Ritchie]<br />
** Financial Update - [link:addme Monthly & YTD Financials]<br />
** Director Update - Kate Hartmann - [link:addme Kate Hartmann Update]<br />
** Project Manager Update - [link:addme Project Manager Report]<br />
** Membership Update - [https://www.owasp.org/index.php/May_2015_Membership_Report Membership Report]<br />
** IT Update - [link:addme Matt Tesauro Report]<br />
<br />
=== Community Initiative Reports ===<br />
*<br />
*<br />
<br />
==Old Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
* Bylaws (pre-reading material: [https://docs.google.com/document/d/1RnVbx6DXX3tGcFWlrSxyn8NDKPQEYbTcACJR0oCuyaI/edit#heading=h.rye1xpr37ksy|OWASP By Laws v7])<br />
<br />
Discuss revised by laws, approve, reword or reject changes to bring our by laws into good standing before the election. <br />
<br />
* Fund ring fencing <br />
<br />
Discuss how we ensure that all of our strategic goals are properly funded, and ensure that the Foundation doesn't need to borrow when we have funds on hand. Chapters have 71% of OWASP's funds ring fenced. Let's discuss how we deliver all of OWASP's strategic goals, and improve our admin cost overhead ratio.<br />
<br />
* On Demand Training (pre-reading material link above)<br />
<br />
Discuss revised proposal to provide training and generate revenue for the OWASP Foundation and Local Chapters.<br />
<br />
==New Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
* [Tobias] - reopen communication with RSA to explore potential opportunities for OWASP outreach. <br />
** [discussion topic]<br />
* [Matt] - hire a technical editor for a few months. <br />
** [discussion topic]<br />
* [Jim] - Making public statements on crypto<br />
** "Even though 501c3 organizations *can* do some lobbying (as long as expenditures are not substantial), the IAB is careful not to talk about legislation or urge anyone to contact representatives about legislation." - Jeff Willams<br />
* [Josh] - Funding request for Project Summit at AppSecUSA 2015<br />
** http://lists.owasp.org/pipermail/owasp-leaders/2015-June/014359.html<br />
** $10,000 requested<br />
<br />
== Action Items==<br />
*<br />
<br />
==Announcements==<br />
<br />
<br />
==Adjournment==<br />
*Next meeting date/time: <br />
<br />
<br />
<br />
<br />
==Motion to close meeting==</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Summer_Code_Sprint2015&diff=196279Summer Code Sprint20152015-06-17T15:36:55Z<p>Fabio.e.cerullo: /* Mailing List */</p>
<hr />
<div>== OWASP Summer Code Sprint 2015 ==<br />
<br />
== Goal == <br />
<br />
The OWASP Summer Code Sprint 2015 is a program that aims to provide incentives to students to contribute to OWASP projects. By participating in the OWASP Summer Code Sprint a student can get real life experience while contributing to an open source project. A student that successfully completes the program will receive in total $1500.<br />
<br />
== Program details ==<br />
<br />
''Projects that are eligible:'' All code/tools projects. Documentation projects are excluded.<br />
<br />
''Duration:'' 2 months of full-time engagement.<br />
<br />
== How it works ==<br />
<br />
Any code/tool project can participate in the OWASP Summer Code Sprint. Each project will be guided by an OWASP mentor. Students are evaluated in the middle and at the end of the coding period, based on success criteria identified at the beginning of the project. Successful students will receive $750 after each evaluation, a total of $1500 per student.<br />
<br />
Projects are focused on developing security tools. It is required that the code any student produces for those projects will be released as Open Source. <br />
<br />
Note on language: English is required for code comments and documentation, but not for interactions between students and advisers. Advisers who speak the same language as their students are encouraged to interact in that language. <br />
<br />
== How you can participate ==<br />
<br />
=== As a student: ===<br />
<br />
1. Review the list of OWASP Projects currently participating in the OWASP Summer Code Sprint 2015.<br />
<br />
2. Get in touch with the OWASP Project mentor of your choice.<br />
<br />
3. Agree deliverables with OWASP mentor. <br />
<br />
4. Work away during Summer 2015.<br />
<br />
5. Rise to Open Source Development Glory :-)<br />
<br />
ALL STUDENTS PLEASE APPLY HERE >> [http://goo.gl/forms/jUFTcXVDEY FORM]<br />
<br />
=== As an OWASP Project Leader: ===<br />
<br />
1. Edit this page adding your project and some proposed tasks as per the examples<br />
<br />
2. Promote the initiative to your academic contacts<br />
<br />
== Timeplan ==<br />
<br />
'''Phase 1: Proposals'''<br />
<br />
Project leaders who want to include their project to the program should submit some initial proposal ideas on this page. These ideas serve as guidance to the students; they are things that project leaders would like to get done, like new features, improvements, etc.<br />
<br />
Subsequently students are invited to submit detailed proposals that can (but do not necessarily have to) be based on these ideas. Students are strongly encouraged to engage with project leaders and each project's community (e.g. through the project's mailing list) in order to discuss the details of their proposal. Proposals should provide details about the implementation, time plan, milestones, etc.<br />
<br />
'''Phase 2: Scoring of proposals'''<br />
<br />
After the submission of proposals, project leaders and contributors/mentors are required to review the submitted proposals and score them (on a 1 to 5 scale). Each proposal should receive at least 3 assessments/scores from different mentors. Each mentor, contributor or leader can score only proposals for their OWN project. All assessments should provide justification. Reviewers are strongly encouraged to provide constructive comments for students so that they can improve in the future.<br />
<br />
Project leaders are responsible to attract a sufficient number of volunteer mentors to score proposals and subsequently supervise those that will get selected.<br />
<br />
'''Phase 3: Slot allocation.'''<br />
<br />
When proposal scoring has been completed, each project leader requests a specific number of slots. This number should be based on:<br />
The number of truly outstanding proposals according to submitted scores.<br />
The importance of the proposal to the project's roadmap.<br />
The number of available mentors for the project. At least 2 mentors are needed for each proposal that gets accepted.<br />
If the total number of requested slots is less than or equal to the available number of slots, then all projects get the requested slots. If not, the following rules apply:<br />
All projects that have requested a slot get at least 1 slot, provided they have a high quality proposal and sufficient number of mentors.<br />
Two mentors are required per slot allocated to the project.<br />
The program's administrators get in touch with project leaders, especially those that have requested a large number of slots to receive additional feedback on the requested slots and explore any available possibilities for reducing the requested number of slots. A project leader might choose to donate one or more requested slots back to the pool so that other projects can get more slots. The program administrators can choose to initiate a public discussion between projects in need of more slots and projects that have requested a lot of slots in order to determine the best possible outcome for everyone.<br />
If all else fails, slots are equally allocated to projects, i.e. all projects get 1 slot; projects that have requested 2 or more slots get an extra slot if available; projects that have requested 3 or more slots get an extra slot if available, etc. When there are no more slots available for all projects that have requested them a draw is used to allocate the remaining slots.<br />
<br />
In any case, the program's administrators should perform a final review of the selected proposals to ensure that they are of high quality. If concerns arise they should request additional information from project leaders.<br />
<br />
'''Phase 4: Coding.'''<br />
<br />
This is the main phase of the program. Students implement their proposal according to the submitted timeplan and under the supervision <br />
of their mentors.<br />
<br />
== Evaluations ==<br />
<br />
In the middle of the coding period, mentors should submit an evaluation of their students to ensure that they are on track and provide some feedback both to OWASP and the students.<br />
<br />
If no/little progress has been made up to this point, the mentors could decide to fail the student in which case the student does not receive money. If successful, OWASP will pay half the amount ($750). The final evaluations are submitted at the end of the coding period and the second installment ($750) is paid to the student if all agreed deliverables are met. If the student has failed to demonstrate progress during the second period, then the second installment will not be paid and the student will get only half of the amount.<br />
<br />
<br />
== Deadlines == <br />
Program announcement: June 1st, 2015<br />
<br />
Student Applications: June 21st, 2015<br />
<br />
Proposal Evaluations: from June 22nd until June 28th.<br />
<br />
Successful proposals announcement: July 1st<br />
<br />
Coding Period Starts: July 10th<br />
<br />
Mid-term evaluations: Submitted from August 10th until August 15th.<br />
<br />
Coding period ends: September 10th.<br />
<br />
Final evaluations: Until September 18th.<br />
<br />
== Mailing List ==<br />
Please subscribe to the following mailing list to receive updates or ask any particular questions:<br />
<br />
[https://groups.google.com/d/forum/owasp-summer-code-sprint OWASP Summer Code Sprint Mailing List]<br />
<br />
== Ideas ==<br />
<br />
=== OWASP Hackademic ===<br />
<br />
=== Docker Sandboxed for challenges ===<br />
<br />
''' Brief explanation: '''<br />
Background problem to solve:<br />
<br />
We are trying to enable users to freely upload vulnerable applications to the platform. <br />
After some research we concluded that writing a python application that uses docker to deploy challenges would be the best way to go about it.<br />
Also, we need to provide a frontend to manage the deployed containers and integrate our existing analytics gathering system into the dockerized challenges.<br />
The installer of the application should take care of initializing both the cms and the containers without introducing too much complexity.<br />
<br />
Proposed solution:<br />
<br />
There is an easy to use python library for docker and there should be a frontend managing the containers we can use off the self with minimal modifications.<br />
The feature has already had a poc using linux containers, you can find it in the open merge requests of the project's github page.<br />
<br />
''' Expected results '''<br />
* Integrate dockerized challenges in the platform.<br />
* PEP-8 compliant code in all provided python code<br />
* PSR compliant code in all php provided code<br />
* Sphinx/phpdoc friendly comments<br />
* Excellent reliability<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation <br />
<br />
''' Prerequisites '''<br />
<br />
Some knowledge of test driven development, php, python, docker<br />
<br />
''' OWASP Mentors '''<br />
<br />
Spyros Gasteratos (spyros.gasteratos@owasp.org)<br />
-- anyone else who already knows of puppet(I think we'll end up writing puppet manifests for installation)<br />
docker, python, php?<br />
<br />
=== Javascript Based Development Challenges ===<br />
<br />
Brief explanation:<br />
Background Problem to solve:<br />
<br />
We are looking for challenges which are aimed towards secure coding.<br />
The user should be served with a piece of vulnerable javascript which fails the unit tests provided.<br />
The user has to fix the vulnerability in a way that makes the unit tests pass.<br />
<br />
Example Solution of one of the challenges:<br />
Provide the user with the following code:<br />
''<br />
function sayHi(string userInput){<br />
var hiField = document.getElementById("hiField");<br />
hiField.innerHtml = userInput;<br />
}<br />
''<br />
Use any javascript unit - testing framework to design a set of unit tests which call the function with all sorts of payloads and test if the user seems to have escaped userInput correctly,<br />
we're not looking for completeness a solid proof of concept implementation for future reference is acceptable.<br />
<br />
''' Expected Results '''<br />
A complete implementation of challenges covering the top 10 according to our coding standards.<br />
<br />
=== Migrate old code to the new coding standards ===<br />
<br />
In the last project summit we decided to introduce code style and standards compliance checking for new commits and slowly migrate the old ones to the new setting.<br />
We also decided to prefer contributions with unit tests.<br />
<br />
We're looking for someone to assist in this migration. So far we have 0% of the classes in the new standards/coding style but the frontend tests cover a significant part of the platform.<br />
You could help us reach at least 70% line coverage in tests and a similar coverage in standard/code style <br />
<br />
<br />
=== New Theme ===<br />
<br />
Problem to solve:<br />
Our current theme is from 2012 and looks even older, moreover it could do with some usability improvements. Your job will be to design and implement a new shiny theme for the platform.<br />
<br />
'''Expected Results''' A shiny new theme with complete front end tests using the theme<br />
<br />
=== OWASP OWTF ===<br />
<br />
<br />
=== OWASP OWTF - VMS - OWTF Vulnerability Management System ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Background problem to solve:<br />
<br />
We are trying to reduce the human work burden where there will be hundreds of issues listing apache out of date or php out of date. <br />
<br />
Proposed solution:<br />
<br />
We can meta aggregate these duplicate issues into one issue of "outdated software / apache / php detected". with XYZ list of issues in them.<br />
<br />
<br />
A separate set of scripts that allows for grouping and management of vulnerabilities (i.e. think huge assessments), to be usable *both* from inside + outside of OWTF in a separate sub-repo here: https://github.com/owtf <br />
<br />
VMS will have the following features:<br />
* Vulnerability correlation engine which will allow for quick identification of unique vulnerability and deduplication.<br />
* Vulnerability table optimization : combining redundant vulnerabilities like example : PHP <5.1 , PHP < 5.2 , PHP < 5.3 all suggest upgrade php so if multiple issues are reported they should be combined.<br />
* Integration with existing bug tracking system like example bugzilla, jira : Should not be too hard as all such system have one or the other method exposed (REST API or similar)<br />
* Fix Validation : Since we integrate with bug tracking once dev fixed the bug and code deployed we can run specific checks via * OWTF or other tool (may be specific nessus or nexpose plugin or similar.)<br />
* Management Dashboard : Could be exposed to Pentester, Higher Management where stats are shown with lesser details but more of high level overview.<br />
<br />
[http://www.slideshare.net/null0x00/nessus-and-reporting-karma Similar previous work for Nessus]<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - HTTP Request Translator Improvements ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Problem to solve:<br />
<br />
There are many situations in web app pentests where just no tool will do the job and you need to script something, or mess around with the command line (classic example: sequence of steps where each step requires input from the previous step). In these situations, translating an HTTP request or a sequence of HTTP requests, takes valuable time which the pentester might just not really have.<br />
<br />
Proposed solution:<br />
<br />
An HTTP request translator, a *standalone* *tool* that can:<br />
<br />
1) Be used from inside OR outside of OWTF.<br />
<br />
2) Translate raw HTTP requests into curl commands or bash/python/php/ruby/PowerShell scripts<br />
<br />
3) Provide essential quick and dirty transforms: base64 (encode/decode), urlencode (encode/decode)<br />
* Transforms with boundary strings? (TBD)<br />
* Individually or in bulk? (TBD)<br />
<br />
'''Essential Function: "--output" argument'''<br />
<br />
CRITICAL: The command/script should be generated so that the request is sent as literally as possible.<br />
<br />
Example: NO client specific headers are sent. IF the original request had "User-Agent: X", the generated command/script should have EXACTLY that (i.e. NOT a curl user agent, etc.). Obviously, the same applies to ALL other headers.<br />
<br />
NOTE: Ideally the following should be implemented using an extensible plugin architecture (i.e. NEW plugins are EASY to add)<br />
* http request in => curl command out<br />
* http request in => bash script out<br />
* http request in => python script out<br />
* http request in => php script out<br />
* http request in => ruby script out<br />
* http request in => PowerShell script out<br />
<br />
'''Basic additional arguments:'''<br />
<br />
- "--proxy" argument: generates the command/script with the relevant proxy option<br />
<br />
NOTE: With this the command/script may send requests through a MiTM proxy (i.e. OWTF, ZAP, Burp, etc.)<br />
<br />
- "--string-search" argument: generates the command/script so that it:<br />
<br />
1) performs the request<br />
<br />
2) then searches for something in the response (i.e. literal match)<br />
<br />
- "--regex-search" argument: generates the command/script so that it:<br />
1) performs the request<br />
<br />
2) then searches for something in the response (i.e. regex match)<br />
<br />
'''OWTF integration'''<br />
<br />
The idea here, is to invoke this tool from:<br />
<br />
1) Single HTTP transactions:<br />
<br />
For example, have a button to "export http request" + then show options equivalent to the flags<br />
<br />
2) Multiple HTTP transactions:<br />
<br />
Same as with Single transactions, but letting the user "select a number of transactions" first (maybe a checkbox?).<br />
<br />
<br />
'''Desired input formats:'''<br />
<br />
* Read raw HTTP request from stdin -Suggested default behaviour! :)-<br />
<br />
Example: cat path/to/http_request.txt | http-request-translator.py --output<br />
<br />
* Interactive mode: read raw HTTP request from keyboard + "hit enter when ready"<br />
<br />
Suggestion: This could be a "-i" (for "interactive") flag and/or the fallback option when "stdin is empty"<br />
<br />
Example:<br />
<br />
1) User runs tool with desired flags (i.e. "--output ruby --proxy 127.0.0.1:1234 ...", etc.)<br />
<br />
2) Tool prints: "Please paste a raw HTTP request and hit enter when ready"<br />
<br />
3) User pastes a raw HTTP requests + hits enter<br />
<br />
4) Tool outputs whatever is relevant for the flags + http request given<br />
<br />
* For bulk processing: Maybe a directory of raw http request files?<br />
<br />
'''Nice to have: Transforms'''<br />
<br />
In the context of translating raw HTTP requests into commands/scripts, what we want here is to provide some handy "macros" so that the relevant command/script is generated accordingly.<br />
<br />
Example:<br />
<br />
NOTE: Assume something like the following arguments: "--transform-boundary=@@@@@@@ --transform-language=php"<br />
<br />
Step 1) The user provides a raw HTTP request like this:<br />
<br />
GET /path/to/urlencode@@@@@@@abc d@@@@@@@/test<br />
Host: target.com<br />
...<br />
<br />
Step 2) The tool generates a bash script like the following:<br />
<br />
#!/bin/bash<br />
<br />
PARAM1=$(echo 'abc d' | php -r "echo urlencode(fgets(STDIN));")<br />
curl ...... "http://target.com/path/to/$PARAM1/test"<br />
<br />
<br />
OR a "curl command" like the following:<br />
PARAM1=$(echo 'abc d' | php -r "echo urlencode(fgets(STDIN));"); curl ...... "http://target.com/path/to/$PARAM1/test"<br />
<br />
<br />
This feature can be valuable to shave a bit more time in script writing.<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - JavaScript Library Sniper Improvements ===<br />
<br />
'''Brief explanation:'''<br />
This is a project that tries to resolve a very common problem during penetration tests:<br />
<br />
The customer is running a number of outdated JavaScript Libraries, but there is just not enough time to determine if something useful -i.e. something *really* bad! :)- can be done with that or not.<br />
<br />
<br />
To solve this problem, we propose a *standalone* *tool* that can:<br />
<br />
1) Be run BOTH from inside AND outside of OWTF<br />
<br />
2) Build and *update* a fingerprint JavaScript library database of:<br />
* Library File hashes => JavaScript Library version<br />
* Library File lengths => JavaScript Library version<br />
* (Nice to have:) As above, but for each individual github commit (possible drawback: too big?)<br />
<br />
3) Build and *update* a vulnerability database of:<br />
* JavaScript Library version => CVE - CVSS score - Vulnerability info<br />
<br />
4) Given a [ JavaScript file OR hash OR length ], found in the database, provides:<br />
* JavaScript Library version<br />
* List of vulnerabilities sorted in descending CVSS score order<br />
<br />
5) (very cool to have) Given a list of JavaScript files (maybe a directory), provides:<br />
* ALL Library/vulnerability matches described on 4)<br />
<br />
Once the standalone tool is built and verified to be working, OWTF should be able to:<br />
<br />
Feature 1) GREP plugin improvement (Web Application Fingerprint):<br />
<br />
Step 1) Lookup file lengths and hashes in the "JavaScript library database"<br />
<br />
Step 2) If a match is found: provide the list of known vulnerabilities against "JavaScript library X" to the user<br />
<br />
Feature 2) SEMI-PASSIVE plugin improvement (Web Application Fingerprint):<br />
<br />
1) Requests all referenced BUT missing JavaScript files -i.e. scanners won't load JavaScript files! :)-<br />
<br />
2) re-runs the GREP plugin on the new files (i.e. to avoid missing vulns due to unrequested JavaScript files)<br />
<br />
Potential projects worth having a look for potential overlap/inspiration:<br />
* [https://owasp.org/index.php/OWASP_Dependency_Check OWASP Dependency Check?]<br />
<br />
How many JavaScript libraries should be included?<br />
* As many as possible, but especially the major ones: jQuery, knockout, etc.<br />
* "Nirvana" Nice to have: ALL Individual versions of ALL JavaScript files from ALL opensource projects, (ideally) even if the project is not a JavaScript library -i.e. JavaScript files from Joomla, Wordpress, etc.-<br />
<br />
Common JavaScript library fingerprinting techniques include:<br />
* Parse the JavaScript file and grab the version from there<br />
* Determine the JavaScript version based on a hash of the file<br />
* Determine the JavaScript version based on the length of the file<br />
<br />
Other Challenges:<br />
* "the file" could be "the minimised file", "the expanded file" or even "a specific JavaScript file from Library X"<br />
* When the JavaScript file does not match a specific version:<br />
1) The commit that matches the closest should (ideally) be found<br />
2) The NEXT library version after that commit (if present) should be found<br />
3) From there, it is about reusing the knowledge to figure out public vulnerabilities, CVSS scores, etc. again<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Off-line HTTP traffic uploader ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Although it is awesome that OWTF runs a lot of tools on behalf of the user, there are situations where uploading the HTTP traffic of another tool off-line can be very interesting for OWTF, for example:<br />
<br />
* Tools that OWTF has trouble proxying right now: skipfish, hoppy<br />
* Tools that the user may have run manually OR even from a tool aggregator -very common! :)-<br />
* Tools that we just don't run from OWTF: ZAP, Burp, Fiddler<br />
<br />
This project is about implementing an off-line utility able to parse HTTP traffic:<br />
<br />
1) Figure out how to read output files from various tools like:<br />
skipfish, hoppy, w3af, arachni, etc.<br />
Nice to have: ZAP database, Burp database<br />
<br />
2) Translate that into the following clearly defined fields:<br />
<br />
* HTTP request<br />
* HTTP response status code<br />
* HTTP response headers<br />
* HTTP response body<br />
<br />
3) IMPORTANT: Implement a plugin-based uploader system<br />
<br />
4) IMPORTANT: Implement ONE plugin, that uploads that into the OWTF database<br />
<br />
5) IMPORTANT: OWTF should ideally be able to invoke the uploader right after running a tool<br />
Example: OWTF runs skipfish, skipfish finishes, OWTF runs the HTTP traffic uploader, all skipfish data is pushed to the OWTF DB.<br />
<br />
6) CRITICAL: The off-line HTTP traffic uploader should be smart enough to read + push 1-by-1 instead of *stupidly* trying to load everything into memory first, you have been warned! :)<br />
<br />
Why? Because in a huge assessment, the output of "tool X" can be "10 GB", which is *stupid* to load into memory, this is OWTF, we *really* try to foresee the crash before it happens! ;)<br />
<br />
<br />
CRITICAL: It is important to implement a plugin-based uploader system, so that other projects can benefit from this work (i.e. to be able to import third-party tool data to ZAP, Burp, and other tools in a similar fashion), and hence hopefully join us in maintaining this project moving forward.<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Health Monitor ===<br />
<br />
'''Brief explanation:'''<br />
<br />
In some cases, especially on large assessments (think: > 30 URLs) a number of things often go wrong and OWTF needs to recover from everything, which is difficult.<br />
<br />
For this reason, OWTF needs an independent module, which is completely detached from OWTF (a different process), to ensure the health of the assessment is in check at all times, this includes the following:<br />
<br />
'''Feature 1) Alerting mechanisms'''<br />
<br />
When any of the monitor alerts (see below) is triggered. The OWTF user will be notified immediately through ALL of the following means:<br />
* Playing an mp3 song (both local and possibly remote locations)<br />
* Scan status overview on the CLI<br />
* Scan status overview on the GUI<br />
<br />
NOTE: A configuration file from where the user can enable/disable/configure all these mechanisms is desired.<br />
<br />
'''Feature 2) Corrective mechanisms'''<br />
<br />
Corrective mechanisms are also expected in this project, these will be accomplished sending OWTF api messages such as:<br />
* Stop this tool<br />
* Freeze this process (to continue later)<br />
* Freeze the whole scan (to continue later)<br />
<br />
Additional mechanisms:<br />
* Show a ranking of files that take the most space<br />
<br />
'''Feature 3) Target monitor'''<br />
<br />
Brief overview:<br />
<br />
All target URLs are checked for availability periodically (i.e. once x 5 minutes?), if a URL in scope goes down the pentester is alerted (see above).<br />
<br />
Potential approach: Check if length of 1st page changes every 60 seconds.<br />
<br />
NOTE: It might be needed to change this on the fly.<br />
<br />
More background<br />
<br />
Consider the following scenario:<br />
<br />
Current Situation aka "problem to solve":<br />
<br />
1) Website X goes down during a scan<br />
<br />
2) the customer notices<br />
<br />
3) the customer tells the boss<br />
<br />
4) the boss tells the pentester<br />
<br />
5) the pentester stops the tool which was *still* trying to scan THAT target (!!!!)<br />
<br />
Desired situation aka "solution":<br />
<br />
It would be much more professional AND efficient that:<br />
<br />
1) The pentester notices<br />
<br />
2) The pentester tells the boss<br />
<br />
3) The boss tells the customer<br />
<br />
4) OWTF stops the tool because it knows that website is DEAD anyway<br />
<br />
A target monitor could easily do this with heartbeat requests + playing mp3s<br />
<br />
The target monitor will use the api to tell OWTF "this target is dead: freeze(stop?) current tests, skip target in future tests"<br />
<br />
'''Feature 4) Disk space monitor'''<br />
<br />
Another problem that is relatively common in large assessments, is that all disk space is used and the scanning box becomes unresponsive or crashes. When this happens it is too late, the pentester may also see this coming but wonder “which are the biggest files in the filesystem that I can delete”, it is not ideal to have to look for these files in a moment when the scanning box is about to crash :).<br />
<br />
Proposed solution:<br />
<br />
Regularly monitor how much disk space is left, especially on the partition where OWTF is writing the review (but also tool directories such as /home/username/.w3af/tmp, etc.). Keep track of files created by OWTF and all called tools and sort them by size in descending order. Then when the disk space is going low (i.e. predefined threshold), an mp3 or similar is played and this list is displayed to the user, so that they know what to delete to survive :).<br />
<br />
'''Feature 5) Network/Internet Connectivity monitor'''<br />
<br />
Sometimes it may also happen that ISP, etc. connectivity go down in the middle of a scan, this is often a very unfortunate situation since most tools are scanning in parallel and they won’t be able to produce a report OR even resume (i.e. A LOT is lost). The goal here is that OWTF does all of the following automatically:<br />
<br />
1) Detects the lack of connectivity<br />
<br />
2) Freezes all the tools (read: processes) in progress<br />
<br />
3) Resumes the scan when the connectivity is back.<br />
<br />
'''Feature 6) Tool crash detection'''<br />
<br />
Sometimes, certain tools (most notably, ahem, w3af), when they crash they do NOT exit. This leaves OWTF in a difficult position where 1+ process is waiting for nothing, forever (i.e. because “Tool X” will never finish)<br />
<br />
'''Feature 7) Tool (Plugin?) CPU/RAM/Bandwidth abuse detection and correction'''<br />
<br />
OWTF needs to notice when some tools crash and/or “go beserk” with RAM/CPU/Bandwidth consumption, this is different from the existing built-in checks in OWTF like “do not launch a new tool if there is less than XYZ RAM free” and more like “if tool X is using > XYZ of the available RAM/CPU/Bandwidth” and this is (potentially) negatively affecting other tools/tests, then throttle it.<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Installation Improvements and Package manager ===<br />
<br />
'''Brief explanation:'''<br />
<br />
This project is to implement what was suggested in the following github issue:<br />
[https://github.com/owtf/owtf/issues/192 https://github.com/owtf/owtf/issues/192]<br />
<br />
<br />
Recently i tried to make a fresh installation of OWTF. The installation process takes too much time. Is there any way to make the installation faster?<br />
Having a private server with:<br />
* pre-installed files for VMs<br />
* pre-configured and patched tools<br />
* Merged Lists<br />
* Pre-configured certificates<br />
Additionally a minimal installation which will install the core of OWTF with the option of update can increase the installation speed. The update procedure will start fetching the latest file versions from the server and copy them to the right path.<br />
Additional ideas are welcome.<br />
<br />
-- They could be hosted on Dropbox or a private VPS :)<br />
<br />
2 Installation Modes<br />
* For high speed connections (Downloading the files uncompressed)<br />
* For low speed connections (Downloading the files compressed)<br />
and the installation crashed because i runned out of space in the vm<br />
IMPORTANT NOTE: OWTF should check the available disk space BEFORE installation starts + warn the user if problems are likely<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Excellent reliability (i.e. proper exception handling, etc.)<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Testing Framework Improvements ===<br />
<br />
'''Brief explanation:'''<br />
<br />
As OWASP OWTF grows it makes sense to build custom unit tests to automatically re-test that functionality has not been broken. In this project we would like to improve the existing unit testing framework so that creating OWASP OWTF unit tests is as simple as possible and all missing tests for new functionality are created. The goal of this project is to update the existing Unit Test Framework to create all missing tests as well as improve the existing ones to verify OWASP OWTF functionality in an automated fashion.<br />
<br />
<br />
'''Top features'''<br />
<br />
In this improvement phase, the Testing Framework should:<br />
* (Top Prio) Focus more on functional tests<br />
For example: Improve coverage of OWASP Testing Guide, PTES, etc. (lots of room for improvement there!)<br />
* (Top Prio) Put together a great wiki documentation section for contributors<br />
The goal here is to help contributors write tests for the functionality that they implement. This should be as easy as possible.<br />
* (Top Prio) Fix the current Travis issues :)<br />
* (Nice to have) Bring the unit tests up to speed with the codebase<br />
This will be challenging but very worth trying after top priorities.<br />
The wiki should be heavily updated so that contributors create their own unit tests easily moving forward.<br />
<br />
<br />
'''General background'''<br />
<br />
The Unit Test Framework should be able to:<br />
* Define test categories: For example, "all plugins", "web plugins", "aux plugins", "test framework core", etc. (please see [http://www.slideshare.net/abrahamaranguren/introducing-owasp-owtf-workshop-brucon-2012 this presentation] for more background)<br />
* Allow to regression test isolated plugins (i.e. "only test _this_ plugin")<br />
* Allow to regression test by test categories (i.e. "test only web plugins")<br />
* Allow to regression test everything (i.e. plugins + framework core: "test all")<br />
* Produce meaningful statistics and easy to navigate logs to identify which tests failed and ideally also hints on how to potentially fix the problem where possible<br />
* Allow for easy creation of _new_ unit tests specific to OWASP OWTF<br />
* Allow for easy modification and maintenance of _existing_ unit tests specific to OWASP OWTF<br />
* Perform well so that we can run as many tests as possible in a given period of time<br />
* Potentially leverage the python unittest library: [http://docs.python.org/2/library/unittest.html http://docs.python.org/2/library/unittest.html]<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Performant and automated regression testing<br />
* Unit tests for a wide coverage of OWASP OWTF, ideally leveraging the Unit Test Framework where possible<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python, experience with unit tests and automated regression testing would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
<br />
=== OWASP OWTF - Tool utilities module ===<br />
<br />
'''WARNING: This idea is taken from the 1st round of OWCS selections (Sept. 15th), please do NOT apply'''<br />
<br />
'''Brief explanation:'''<br />
<br />
The spirit of this feature is something that may or may not be used from OWTF: These are utilities that may be chained together by OWTF OR a penetration tester using the command line. The idea is to automate mundane tasks that take time but may provide a lever to a penetration tester short on time.<br />
<br />
'''Feature 1) Vulnerable software version database:'''<br />
<br />
Implement a searchable vulnerable software version database so that a penetration tester enters a version and gets vulnerabilities sorted by criticality with MAX Impact vulnerabilities at the top (possibly: CVSS score in DESC order).<br />
<br />
Example:<br />
[http://www.cvedetails.com/vulnerability-list.php?vendor_id=74&product_id=128&version_id=149817&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=17&sha=0d26af6f3ba8ea20af18d089df40c252ea09b711 Vulnerabilities against specific software version]<br />
<br />
'''Feature 2) Nmap output file merger:'''<br />
<br />
Unify nmap files *without* losing data: XML, text and greppable formats<br />
For example: Sometimes 2 scans pass through the same port, one returns the server version, the other does not, we obviously do not want to lose banner information :).<br />
<br />
'''Feature 3) Nmap output file vulnerability mapper'''<br />
<br />
From an nmap output file, get the unique software version banners, and provide a list of (maybe in tabs?):<br />
<br />
1) CVEs in reverse order of CVSS score, with links.<br />
<br />
2) Metasploit modules available for each CVE / issue<br />
<br />
NOTE: Can supply an *old* shell script for reference<br />
<br />
3) Servers/ports affected (i.e. all server / port combinations using that software version)<br />
<br />
<br />
'''Feature 4) URL target list creator:'''<br />
<br />
Turn all “speaks http” ports (from any nmap format) into a list of URL targets for OWTF<br />
<br />
<br />
'''Feature 5) Hydra command creator:'''<br />
<br />
nmap file in => Hydra command list out<br />
<br />
grep http auth / login pages in output files to identify login interfaces => Hydra command list out<br />
<br />
<br />
'''Feature 6) WP-scan command creator:'''<br />
<br />
look at all URLs (i.e. nmap file), check if they might be running word press, generate a list of suggested wp-scan commands for all targets that might be running word press<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Excellent reliability (i.e. proper exception handling, etc.)<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python, experience with unit tests and automated regression testing would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
''' OWASP Mentors '''<br />
<br />
<br />
=== OWASP ZAP ===<br />
There are a number of ZAP related projects students can work on, including:<br />
* Bug tracker support<br />
* Convert active and passive scan rules to scripts<br />
* Field enumeration<br />
* Form handling<br />
* Gauntlet integration<br />
* Script console code completion<br />
* Support java as a scripting language<br />
* Testing guide integration<br />
* Zest text representation and parser<br />
<br />
For more details see the ZAP [https://code.google.com/p/zaproxy/wiki/OpenProjects Open Projects] wiki page.</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Summer_Code_Sprint2015&diff=196276Summer Code Sprint20152015-06-17T15:33:30Z<p>Fabio.e.cerullo: /* As a student: */</p>
<hr />
<div>== OWASP Summer Code Sprint 2015 ==<br />
<br />
== Goal == <br />
<br />
The OWASP Summer Code Sprint 2015 is a program that aims to provide incentives to students to contribute to OWASP projects. By participating in the OWASP Summer Code Sprint a student can get real life experience while contributing to an open source project. A student that successfully completes the program will receive in total $1500.<br />
<br />
== Program details ==<br />
<br />
''Projects that are eligible:'' All code/tools projects. Documentation projects are excluded.<br />
<br />
''Duration:'' 2 months of full-time engagement.<br />
<br />
== How it works ==<br />
<br />
Any code/tool project can participate in the OWASP Summer Code Sprint. Each project will be guided by an OWASP mentor. Students are evaluated in the middle and at the end of the coding period, based on success criteria identified at the beginning of the project. Successful students will receive $750 after each evaluation, a total of $1500 per student.<br />
<br />
Projects are focused on developing security tools. It is required that the code any student produces for those projects will be released as Open Source. <br />
<br />
Note on language: English is required for code comments and documentation, but not for interactions between students and advisers. Advisers who speak the same language as their students are encouraged to interact in that language. <br />
<br />
== How you can participate ==<br />
<br />
=== As a student: ===<br />
<br />
1. Review the list of OWASP Projects currently participating in the OWASP Summer Code Sprint 2015.<br />
<br />
2. Get in touch with the OWASP Project mentor of your choice.<br />
<br />
3. Agree deliverables with OWASP mentor. <br />
<br />
4. Work away during Summer 2015.<br />
<br />
5. Rise to Open Source Development Glory :-)<br />
<br />
ALL STUDENTS PLEASE APPLY HERE >> [http://goo.gl/forms/jUFTcXVDEY FORM]<br />
<br />
=== As an OWASP Project Leader: ===<br />
<br />
1. Edit this page adding your project and some proposed tasks as per the examples<br />
<br />
2. Promote the initiative to your academic contacts<br />
<br />
== Timeplan ==<br />
<br />
'''Phase 1: Proposals'''<br />
<br />
Project leaders who want to include their project to the program should submit some initial proposal ideas on this page. These ideas serve as guidance to the students; they are things that project leaders would like to get done, like new features, improvements, etc.<br />
<br />
Subsequently students are invited to submit detailed proposals that can (but do not necessarily have to) be based on these ideas. Students are strongly encouraged to engage with project leaders and each project's community (e.g. through the project's mailing list) in order to discuss the details of their proposal. Proposals should provide details about the implementation, time plan, milestones, etc.<br />
<br />
'''Phase 2: Scoring of proposals'''<br />
<br />
After the submission of proposals, project leaders and contributors/mentors are required to review the submitted proposals and score them (on a 1 to 5 scale). Each proposal should receive at least 3 assessments/scores from different mentors. Each mentor, contributor or leader can score only proposals for their OWN project. All assessments should provide justification. Reviewers are strongly encouraged to provide constructive comments for students so that they can improve in the future.<br />
<br />
Project leaders are responsible to attract a sufficient number of volunteer mentors to score proposals and subsequently supervise those that will get selected.<br />
<br />
'''Phase 3: Slot allocation.'''<br />
<br />
When proposal scoring has been completed, each project leader requests a specific number of slots. This number should be based on:<br />
The number of truly outstanding proposals according to submitted scores.<br />
The importance of the proposal to the project's roadmap.<br />
The number of available mentors for the project. At least 2 mentors are needed for each proposal that gets accepted.<br />
If the total number of requested slots is less than or equal to the available number of slots, then all projects get the requested slots. If not, the following rules apply:<br />
All projects that have requested a slot get at least 1 slot, provided they have a high quality proposal and sufficient number of mentors.<br />
Two mentors are required per slot allocated to the project.<br />
The program's administrators get in touch with project leaders, especially those that have requested a large number of slots to receive additional feedback on the requested slots and explore any available possibilities for reducing the requested number of slots. A project leader might choose to donate one or more requested slots back to the pool so that other projects can get more slots. The program administrators can choose to initiate a public discussion between projects in need of more slots and projects that have requested a lot of slots in order to determine the best possible outcome for everyone.<br />
If all else fails, slots are equally allocated to projects, i.e. all projects get 1 slot; projects that have requested 2 or more slots get an extra slot if available; projects that have requested 3 or more slots get an extra slot if available, etc. When there are no more slots available for all projects that have requested them a draw is used to allocate the remaining slots.<br />
<br />
In any case, the program's administrators should perform a final review of the selected proposals to ensure that they are of high quality. If concerns arise they should request additional information from project leaders.<br />
<br />
'''Phase 4: Coding.'''<br />
<br />
This is the main phase of the program. Students implement their proposal according to the submitted timeplan and under the supervision <br />
of their mentors.<br />
<br />
== Evaluations ==<br />
<br />
In the middle of the coding period, mentors should submit an evaluation of their students to ensure that they are on track and provide some feedback both to OWASP and the students.<br />
<br />
If no/little progress has been made up to this point, the mentors could decide to fail the student in which case the student does not receive money. If successful, OWASP will pay half the amount ($750). The final evaluations are submitted at the end of the coding period and the second installment ($750) is paid to the student if all agreed deliverables are met. If the student has failed to demonstrate progress during the second period, then the second installment will not be paid and the student will get only half of the amount.<br />
<br />
<br />
== Deadlines == <br />
Program announcement: June 1st, 2015<br />
<br />
Student Applications: June 21st, 2015<br />
<br />
Proposal Evaluations: from June 22nd until June 28th.<br />
<br />
Successful proposals announcement: July 1st<br />
<br />
Coding Period Starts: July 10th<br />
<br />
Mid-term evaluations: Submitted from August 10th until August 15th.<br />
<br />
Coding period ends: September 10th.<br />
<br />
Final evaluations: Until September 18th.<br />
<br />
== Mailing List ==<br />
Please subscribe to the following mailing list to receive updates or ask any particular questions: <br />
<br />
<br />
== Ideas ==<br />
<br />
=== OWASP Hackademic ===<br />
<br />
=== Docker Sandboxed for challenges ===<br />
<br />
''' Brief explanation: '''<br />
Background problem to solve:<br />
<br />
We are trying to enable users to freely upload vulnerable applications to the platform. <br />
After some research we concluded that writing a python application that uses docker to deploy challenges would be the best way to go about it.<br />
Also, we need to provide a frontend to manage the deployed containers and integrate our existing analytics gathering system into the dockerized challenges.<br />
The installer of the application should take care of initializing both the cms and the containers without introducing too much complexity.<br />
<br />
Proposed solution:<br />
<br />
There is an easy to use python library for docker and there should be a frontend managing the containers we can use off the self with minimal modifications.<br />
The feature has already had a poc using linux containers, you can find it in the open merge requests of the project's github page.<br />
<br />
''' Expected results '''<br />
* Integrate dockerized challenges in the platform.<br />
* PEP-8 compliant code in all provided python code<br />
* PSR compliant code in all php provided code<br />
* Sphinx/phpdoc friendly comments<br />
* Excellent reliability<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation <br />
<br />
''' Prerequisites '''<br />
<br />
Some knowledge of test driven development, php, python, docker<br />
<br />
''' OWASP Mentors '''<br />
<br />
Spyros Gasteratos (spyros.gasteratos@owasp.org)<br />
-- anyone else who already knows of puppet(I think we'll end up writing puppet manifests for installation)<br />
docker, python, php?<br />
<br />
=== Javascript Based Development Challenges ===<br />
<br />
Brief explanation:<br />
Background Problem to solve:<br />
<br />
We are looking for challenges which are aimed towards secure coding.<br />
The user should be served with a piece of vulnerable javascript which fails the unit tests provided.<br />
The user has to fix the vulnerability in a way that makes the unit tests pass.<br />
<br />
Example Solution of one of the challenges:<br />
Provide the user with the following code:<br />
''<br />
function sayHi(string userInput){<br />
var hiField = document.getElementById("hiField");<br />
hiField.innerHtml = userInput;<br />
}<br />
''<br />
Use any javascript unit - testing framework to design a set of unit tests which call the function with all sorts of payloads and test if the user seems to have escaped userInput correctly,<br />
we're not looking for completeness a solid proof of concept implementation for future reference is acceptable.<br />
<br />
''' Expected Results '''<br />
A complete implementation of challenges covering the top 10 according to our coding standards.<br />
<br />
=== Migrate old code to the new coding standards ===<br />
<br />
In the last project summit we decided to introduce code style and standards compliance checking for new commits and slowly migrate the old ones to the new setting.<br />
We also decided to prefer contributions with unit tests.<br />
<br />
We're looking for someone to assist in this migration. So far we have 0% of the classes in the new standards/coding style but the frontend tests cover a significant part of the platform.<br />
You could help us reach at least 70% line coverage in tests and a similar coverage in standard/code style <br />
<br />
<br />
=== New Theme ===<br />
<br />
Problem to solve:<br />
Our current theme is from 2012 and looks even older, moreover it could do with some usability improvements. Your job will be to design and implement a new shiny theme for the platform.<br />
<br />
'''Expected Results''' A shiny new theme with complete front end tests using the theme<br />
<br />
=== OWASP OWTF ===<br />
<br />
<br />
=== OWASP OWTF - VMS - OWTF Vulnerability Management System ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Background problem to solve:<br />
<br />
We are trying to reduce the human work burden where there will be hundreds of issues listing apache out of date or php out of date. <br />
<br />
Proposed solution:<br />
<br />
We can meta aggregate these duplicate issues into one issue of "outdated software / apache / php detected". with XYZ list of issues in them.<br />
<br />
<br />
A separate set of scripts that allows for grouping and management of vulnerabilities (i.e. think huge assessments), to be usable *both* from inside + outside of OWTF in a separate sub-repo here: https://github.com/owtf <br />
<br />
VMS will have the following features:<br />
* Vulnerability correlation engine which will allow for quick identification of unique vulnerability and deduplication.<br />
* Vulnerability table optimization : combining redundant vulnerabilities like example : PHP <5.1 , PHP < 5.2 , PHP < 5.3 all suggest upgrade php so if multiple issues are reported they should be combined.<br />
* Integration with existing bug tracking system like example bugzilla, jira : Should not be too hard as all such system have one or the other method exposed (REST API or similar)<br />
* Fix Validation : Since we integrate with bug tracking once dev fixed the bug and code deployed we can run specific checks via * OWTF or other tool (may be specific nessus or nexpose plugin or similar.)<br />
* Management Dashboard : Could be exposed to Pentester, Higher Management where stats are shown with lesser details but more of high level overview.<br />
<br />
[http://www.slideshare.net/null0x00/nessus-and-reporting-karma Similar previous work for Nessus]<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - HTTP Request Translator Improvements ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Problem to solve:<br />
<br />
There are many situations in web app pentests where just no tool will do the job and you need to script something, or mess around with the command line (classic example: sequence of steps where each step requires input from the previous step). In these situations, translating an HTTP request or a sequence of HTTP requests, takes valuable time which the pentester might just not really have.<br />
<br />
Proposed solution:<br />
<br />
An HTTP request translator, a *standalone* *tool* that can:<br />
<br />
1) Be used from inside OR outside of OWTF.<br />
<br />
2) Translate raw HTTP requests into curl commands or bash/python/php/ruby/PowerShell scripts<br />
<br />
3) Provide essential quick and dirty transforms: base64 (encode/decode), urlencode (encode/decode)<br />
* Transforms with boundary strings? (TBD)<br />
* Individually or in bulk? (TBD)<br />
<br />
'''Essential Function: "--output" argument'''<br />
<br />
CRITICAL: The command/script should be generated so that the request is sent as literally as possible.<br />
<br />
Example: NO client specific headers are sent. IF the original request had "User-Agent: X", the generated command/script should have EXACTLY that (i.e. NOT a curl user agent, etc.). Obviously, the same applies to ALL other headers.<br />
<br />
NOTE: Ideally the following should be implemented using an extensible plugin architecture (i.e. NEW plugins are EASY to add)<br />
* http request in => curl command out<br />
* http request in => bash script out<br />
* http request in => python script out<br />
* http request in => php script out<br />
* http request in => ruby script out<br />
* http request in => PowerShell script out<br />
<br />
'''Basic additional arguments:'''<br />
<br />
- "--proxy" argument: generates the command/script with the relevant proxy option<br />
<br />
NOTE: With this the command/script may send requests through a MiTM proxy (i.e. OWTF, ZAP, Burp, etc.)<br />
<br />
- "--string-search" argument: generates the command/script so that it:<br />
<br />
1) performs the request<br />
<br />
2) then searches for something in the response (i.e. literal match)<br />
<br />
- "--regex-search" argument: generates the command/script so that it:<br />
1) performs the request<br />
<br />
2) then searches for something in the response (i.e. regex match)<br />
<br />
'''OWTF integration'''<br />
<br />
The idea here, is to invoke this tool from:<br />
<br />
1) Single HTTP transactions:<br />
<br />
For example, have a button to "export http request" + then show options equivalent to the flags<br />
<br />
2) Multiple HTTP transactions:<br />
<br />
Same as with Single transactions, but letting the user "select a number of transactions" first (maybe a checkbox?).<br />
<br />
<br />
'''Desired input formats:'''<br />
<br />
* Read raw HTTP request from stdin -Suggested default behaviour! :)-<br />
<br />
Example: cat path/to/http_request.txt | http-request-translator.py --output<br />
<br />
* Interactive mode: read raw HTTP request from keyboard + "hit enter when ready"<br />
<br />
Suggestion: This could be a "-i" (for "interactive") flag and/or the fallback option when "stdin is empty"<br />
<br />
Example:<br />
<br />
1) User runs tool with desired flags (i.e. "--output ruby --proxy 127.0.0.1:1234 ...", etc.)<br />
<br />
2) Tool prints: "Please paste a raw HTTP request and hit enter when ready"<br />
<br />
3) User pastes a raw HTTP requests + hits enter<br />
<br />
4) Tool outputs whatever is relevant for the flags + http request given<br />
<br />
* For bulk processing: Maybe a directory of raw http request files?<br />
<br />
'''Nice to have: Transforms'''<br />
<br />
In the context of translating raw HTTP requests into commands/scripts, what we want here is to provide some handy "macros" so that the relevant command/script is generated accordingly.<br />
<br />
Example:<br />
<br />
NOTE: Assume something like the following arguments: "--transform-boundary=@@@@@@@ --transform-language=php"<br />
<br />
Step 1) The user provides a raw HTTP request like this:<br />
<br />
GET /path/to/urlencode@@@@@@@abc d@@@@@@@/test<br />
Host: target.com<br />
...<br />
<br />
Step 2) The tool generates a bash script like the following:<br />
<br />
#!/bin/bash<br />
<br />
PARAM1=$(echo 'abc d' | php -r "echo urlencode(fgets(STDIN));")<br />
curl ...... "http://target.com/path/to/$PARAM1/test"<br />
<br />
<br />
OR a "curl command" like the following:<br />
PARAM1=$(echo 'abc d' | php -r "echo urlencode(fgets(STDIN));"); curl ...... "http://target.com/path/to/$PARAM1/test"<br />
<br />
<br />
This feature can be valuable to shave a bit more time in script writing.<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - JavaScript Library Sniper Improvements ===<br />
<br />
'''Brief explanation:'''<br />
This is a project that tries to resolve a very common problem during penetration tests:<br />
<br />
The customer is running a number of outdated JavaScript Libraries, but there is just not enough time to determine if something useful -i.e. something *really* bad! :)- can be done with that or not.<br />
<br />
<br />
To solve this problem, we propose a *standalone* *tool* that can:<br />
<br />
1) Be run BOTH from inside AND outside of OWTF<br />
<br />
2) Build and *update* a fingerprint JavaScript library database of:<br />
* Library File hashes => JavaScript Library version<br />
* Library File lengths => JavaScript Library version<br />
* (Nice to have:) As above, but for each individual github commit (possible drawback: too big?)<br />
<br />
3) Build and *update* a vulnerability database of:<br />
* JavaScript Library version => CVE - CVSS score - Vulnerability info<br />
<br />
4) Given a [ JavaScript file OR hash OR length ], found in the database, provides:<br />
* JavaScript Library version<br />
* List of vulnerabilities sorted in descending CVSS score order<br />
<br />
5) (very cool to have) Given a list of JavaScript files (maybe a directory), provides:<br />
* ALL Library/vulnerability matches described on 4)<br />
<br />
Once the standalone tool is built and verified to be working, OWTF should be able to:<br />
<br />
Feature 1) GREP plugin improvement (Web Application Fingerprint):<br />
<br />
Step 1) Lookup file lengths and hashes in the "JavaScript library database"<br />
<br />
Step 2) If a match is found: provide the list of known vulnerabilities against "JavaScript library X" to the user<br />
<br />
Feature 2) SEMI-PASSIVE plugin improvement (Web Application Fingerprint):<br />
<br />
1) Requests all referenced BUT missing JavaScript files -i.e. scanners won't load JavaScript files! :)-<br />
<br />
2) re-runs the GREP plugin on the new files (i.e. to avoid missing vulns due to unrequested JavaScript files)<br />
<br />
Potential projects worth having a look for potential overlap/inspiration:<br />
* [https://owasp.org/index.php/OWASP_Dependency_Check OWASP Dependency Check?]<br />
<br />
How many JavaScript libraries should be included?<br />
* As many as possible, but especially the major ones: jQuery, knockout, etc.<br />
* "Nirvana" Nice to have: ALL Individual versions of ALL JavaScript files from ALL opensource projects, (ideally) even if the project is not a JavaScript library -i.e. JavaScript files from Joomla, Wordpress, etc.-<br />
<br />
Common JavaScript library fingerprinting techniques include:<br />
* Parse the JavaScript file and grab the version from there<br />
* Determine the JavaScript version based on a hash of the file<br />
* Determine the JavaScript version based on the length of the file<br />
<br />
Other Challenges:<br />
* "the file" could be "the minimised file", "the expanded file" or even "a specific JavaScript file from Library X"<br />
* When the JavaScript file does not match a specific version:<br />
1) The commit that matches the closest should (ideally) be found<br />
2) The NEXT library version after that commit (if present) should be found<br />
3) From there, it is about reusing the knowledge to figure out public vulnerabilities, CVSS scores, etc. again<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Off-line HTTP traffic uploader ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Although it is awesome that OWTF runs a lot of tools on behalf of the user, there are situations where uploading the HTTP traffic of another tool off-line can be very interesting for OWTF, for example:<br />
<br />
* Tools that OWTF has trouble proxying right now: skipfish, hoppy<br />
* Tools that the user may have run manually OR even from a tool aggregator -very common! :)-<br />
* Tools that we just don't run from OWTF: ZAP, Burp, Fiddler<br />
<br />
This project is about implementing an off-line utility able to parse HTTP traffic:<br />
<br />
1) Figure out how to read output files from various tools like:<br />
skipfish, hoppy, w3af, arachni, etc.<br />
Nice to have: ZAP database, Burp database<br />
<br />
2) Translate that into the following clearly defined fields:<br />
<br />
* HTTP request<br />
* HTTP response status code<br />
* HTTP response headers<br />
* HTTP response body<br />
<br />
3) IMPORTANT: Implement a plugin-based uploader system<br />
<br />
4) IMPORTANT: Implement ONE plugin, that uploads that into the OWTF database<br />
<br />
5) IMPORTANT: OWTF should ideally be able to invoke the uploader right after running a tool<br />
Example: OWTF runs skipfish, skipfish finishes, OWTF runs the HTTP traffic uploader, all skipfish data is pushed to the OWTF DB.<br />
<br />
6) CRITICAL: The off-line HTTP traffic uploader should be smart enough to read + push 1-by-1 instead of *stupidly* trying to load everything into memory first, you have been warned! :)<br />
<br />
Why? Because in a huge assessment, the output of "tool X" can be "10 GB", which is *stupid* to load into memory, this is OWTF, we *really* try to foresee the crash before it happens! ;)<br />
<br />
<br />
CRITICAL: It is important to implement a plugin-based uploader system, so that other projects can benefit from this work (i.e. to be able to import third-party tool data to ZAP, Burp, and other tools in a similar fashion), and hence hopefully join us in maintaining this project moving forward.<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Health Monitor ===<br />
<br />
'''Brief explanation:'''<br />
<br />
In some cases, especially on large assessments (think: > 30 URLs) a number of things often go wrong and OWTF needs to recover from everything, which is difficult.<br />
<br />
For this reason, OWTF needs an independent module, which is completely detached from OWTF (a different process), to ensure the health of the assessment is in check at all times, this includes the following:<br />
<br />
'''Feature 1) Alerting mechanisms'''<br />
<br />
When any of the monitor alerts (see below) is triggered. The OWTF user will be notified immediately through ALL of the following means:<br />
* Playing an mp3 song (both local and possibly remote locations)<br />
* Scan status overview on the CLI<br />
* Scan status overview on the GUI<br />
<br />
NOTE: A configuration file from where the user can enable/disable/configure all these mechanisms is desired.<br />
<br />
'''Feature 2) Corrective mechanisms'''<br />
<br />
Corrective mechanisms are also expected in this project, these will be accomplished sending OWTF api messages such as:<br />
* Stop this tool<br />
* Freeze this process (to continue later)<br />
* Freeze the whole scan (to continue later)<br />
<br />
Additional mechanisms:<br />
* Show a ranking of files that take the most space<br />
<br />
'''Feature 3) Target monitor'''<br />
<br />
Brief overview:<br />
<br />
All target URLs are checked for availability periodically (i.e. once x 5 minutes?), if a URL in scope goes down the pentester is alerted (see above).<br />
<br />
Potential approach: Check if length of 1st page changes every 60 seconds.<br />
<br />
NOTE: It might be needed to change this on the fly.<br />
<br />
More background<br />
<br />
Consider the following scenario:<br />
<br />
Current Situation aka "problem to solve":<br />
<br />
1) Website X goes down during a scan<br />
<br />
2) the customer notices<br />
<br />
3) the customer tells the boss<br />
<br />
4) the boss tells the pentester<br />
<br />
5) the pentester stops the tool which was *still* trying to scan THAT target (!!!!)<br />
<br />
Desired situation aka "solution":<br />
<br />
It would be much more professional AND efficient that:<br />
<br />
1) The pentester notices<br />
<br />
2) The pentester tells the boss<br />
<br />
3) The boss tells the customer<br />
<br />
4) OWTF stops the tool because it knows that website is DEAD anyway<br />
<br />
A target monitor could easily do this with heartbeat requests + playing mp3s<br />
<br />
The target monitor will use the api to tell OWTF "this target is dead: freeze(stop?) current tests, skip target in future tests"<br />
<br />
'''Feature 4) Disk space monitor'''<br />
<br />
Another problem that is relatively common in large assessments, is that all disk space is used and the scanning box becomes unresponsive or crashes. When this happens it is too late, the pentester may also see this coming but wonder “which are the biggest files in the filesystem that I can delete”, it is not ideal to have to look for these files in a moment when the scanning box is about to crash :).<br />
<br />
Proposed solution:<br />
<br />
Regularly monitor how much disk space is left, especially on the partition where OWTF is writing the review (but also tool directories such as /home/username/.w3af/tmp, etc.). Keep track of files created by OWTF and all called tools and sort them by size in descending order. Then when the disk space is going low (i.e. predefined threshold), an mp3 or similar is played and this list is displayed to the user, so that they know what to delete to survive :).<br />
<br />
'''Feature 5) Network/Internet Connectivity monitor'''<br />
<br />
Sometimes it may also happen that ISP, etc. connectivity go down in the middle of a scan, this is often a very unfortunate situation since most tools are scanning in parallel and they won’t be able to produce a report OR even resume (i.e. A LOT is lost). The goal here is that OWTF does all of the following automatically:<br />
<br />
1) Detects the lack of connectivity<br />
<br />
2) Freezes all the tools (read: processes) in progress<br />
<br />
3) Resumes the scan when the connectivity is back.<br />
<br />
'''Feature 6) Tool crash detection'''<br />
<br />
Sometimes, certain tools (most notably, ahem, w3af), when they crash they do NOT exit. This leaves OWTF in a difficult position where 1+ process is waiting for nothing, forever (i.e. because “Tool X” will never finish)<br />
<br />
'''Feature 7) Tool (Plugin?) CPU/RAM/Bandwidth abuse detection and correction'''<br />
<br />
OWTF needs to notice when some tools crash and/or “go beserk” with RAM/CPU/Bandwidth consumption, this is different from the existing built-in checks in OWTF like “do not launch a new tool if there is less than XYZ RAM free” and more like “if tool X is using > XYZ of the available RAM/CPU/Bandwidth” and this is (potentially) negatively affecting other tools/tests, then throttle it.<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Installation Improvements and Package manager ===<br />
<br />
'''Brief explanation:'''<br />
<br />
This project is to implement what was suggested in the following github issue:<br />
[https://github.com/owtf/owtf/issues/192 https://github.com/owtf/owtf/issues/192]<br />
<br />
<br />
Recently i tried to make a fresh installation of OWTF. The installation process takes too much time. Is there any way to make the installation faster?<br />
Having a private server with:<br />
* pre-installed files for VMs<br />
* pre-configured and patched tools<br />
* Merged Lists<br />
* Pre-configured certificates<br />
Additionally a minimal installation which will install the core of OWTF with the option of update can increase the installation speed. The update procedure will start fetching the latest file versions from the server and copy them to the right path.<br />
Additional ideas are welcome.<br />
<br />
-- They could be hosted on Dropbox or a private VPS :)<br />
<br />
2 Installation Modes<br />
* For high speed connections (Downloading the files uncompressed)<br />
* For low speed connections (Downloading the files compressed)<br />
and the installation crashed because i runned out of space in the vm<br />
IMPORTANT NOTE: OWTF should check the available disk space BEFORE installation starts + warn the user if problems are likely<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Excellent reliability (i.e. proper exception handling, etc.)<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Testing Framework Improvements ===<br />
<br />
'''Brief explanation:'''<br />
<br />
As OWASP OWTF grows it makes sense to build custom unit tests to automatically re-test that functionality has not been broken. In this project we would like to improve the existing unit testing framework so that creating OWASP OWTF unit tests is as simple as possible and all missing tests for new functionality are created. The goal of this project is to update the existing Unit Test Framework to create all missing tests as well as improve the existing ones to verify OWASP OWTF functionality in an automated fashion.<br />
<br />
<br />
'''Top features'''<br />
<br />
In this improvement phase, the Testing Framework should:<br />
* (Top Prio) Focus more on functional tests<br />
For example: Improve coverage of OWASP Testing Guide, PTES, etc. (lots of room for improvement there!)<br />
* (Top Prio) Put together a great wiki documentation section for contributors<br />
The goal here is to help contributors write tests for the functionality that they implement. This should be as easy as possible.<br />
* (Top Prio) Fix the current Travis issues :)<br />
* (Nice to have) Bring the unit tests up to speed with the codebase<br />
This will be challenging but very worth trying after top priorities.<br />
The wiki should be heavily updated so that contributors create their own unit tests easily moving forward.<br />
<br />
<br />
'''General background'''<br />
<br />
The Unit Test Framework should be able to:<br />
* Define test categories: For example, "all plugins", "web plugins", "aux plugins", "test framework core", etc. (please see [http://www.slideshare.net/abrahamaranguren/introducing-owasp-owtf-workshop-brucon-2012 this presentation] for more background)<br />
* Allow to regression test isolated plugins (i.e. "only test _this_ plugin")<br />
* Allow to regression test by test categories (i.e. "test only web plugins")<br />
* Allow to regression test everything (i.e. plugins + framework core: "test all")<br />
* Produce meaningful statistics and easy to navigate logs to identify which tests failed and ideally also hints on how to potentially fix the problem where possible<br />
* Allow for easy creation of _new_ unit tests specific to OWASP OWTF<br />
* Allow for easy modification and maintenance of _existing_ unit tests specific to OWASP OWTF<br />
* Perform well so that we can run as many tests as possible in a given period of time<br />
* Potentially leverage the python unittest library: [http://docs.python.org/2/library/unittest.html http://docs.python.org/2/library/unittest.html]<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Performant and automated regression testing<br />
* Unit tests for a wide coverage of OWASP OWTF, ideally leveraging the Unit Test Framework where possible<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python, experience with unit tests and automated regression testing would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
<br />
=== OWASP OWTF - Tool utilities module ===<br />
<br />
'''WARNING: This idea is taken from the 1st round of OWCS selections (Sept. 15th), please do NOT apply'''<br />
<br />
'''Brief explanation:'''<br />
<br />
The spirit of this feature is something that may or may not be used from OWTF: These are utilities that may be chained together by OWTF OR a penetration tester using the command line. The idea is to automate mundane tasks that take time but may provide a lever to a penetration tester short on time.<br />
<br />
'''Feature 1) Vulnerable software version database:'''<br />
<br />
Implement a searchable vulnerable software version database so that a penetration tester enters a version and gets vulnerabilities sorted by criticality with MAX Impact vulnerabilities at the top (possibly: CVSS score in DESC order).<br />
<br />
Example:<br />
[http://www.cvedetails.com/vulnerability-list.php?vendor_id=74&product_id=128&version_id=149817&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=17&sha=0d26af6f3ba8ea20af18d089df40c252ea09b711 Vulnerabilities against specific software version]<br />
<br />
'''Feature 2) Nmap output file merger:'''<br />
<br />
Unify nmap files *without* losing data: XML, text and greppable formats<br />
For example: Sometimes 2 scans pass through the same port, one returns the server version, the other does not, we obviously do not want to lose banner information :).<br />
<br />
'''Feature 3) Nmap output file vulnerability mapper'''<br />
<br />
From an nmap output file, get the unique software version banners, and provide a list of (maybe in tabs?):<br />
<br />
1) CVEs in reverse order of CVSS score, with links.<br />
<br />
2) Metasploit modules available for each CVE / issue<br />
<br />
NOTE: Can supply an *old* shell script for reference<br />
<br />
3) Servers/ports affected (i.e. all server / port combinations using that software version)<br />
<br />
<br />
'''Feature 4) URL target list creator:'''<br />
<br />
Turn all “speaks http” ports (from any nmap format) into a list of URL targets for OWTF<br />
<br />
<br />
'''Feature 5) Hydra command creator:'''<br />
<br />
nmap file in => Hydra command list out<br />
<br />
grep http auth / login pages in output files to identify login interfaces => Hydra command list out<br />
<br />
<br />
'''Feature 6) WP-scan command creator:'''<br />
<br />
look at all URLs (i.e. nmap file), check if they might be running word press, generate a list of suggested wp-scan commands for all targets that might be running word press<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Excellent reliability (i.e. proper exception handling, etc.)<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python, experience with unit tests and automated regression testing would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
''' OWASP Mentors '''<br />
<br />
<br />
=== OWASP ZAP ===<br />
There are a number of ZAP related projects students can work on, including:<br />
* Bug tracker support<br />
* Convert active and passive scan rules to scripts<br />
* Field enumeration<br />
* Form handling<br />
* Gauntlet integration<br />
* Script console code completion<br />
* Support java as a scripting language<br />
* Testing guide integration<br />
* Zest text representation and parser<br />
<br />
For more details see the ZAP [https://code.google.com/p/zaproxy/wiki/OpenProjects Open Projects] wiki page.</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Summer_Code_Sprint2015&diff=196273Summer Code Sprint20152015-06-17T15:19:46Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== OWASP Summer Code Sprint 2015 ==<br />
<br />
== Goal == <br />
<br />
The OWASP Summer Code Sprint 2015 is a program that aims to provide incentives to students to contribute to OWASP projects. By participating in the OWASP Summer Code Sprint a student can get real life experience while contributing to an open source project. A student that successfully completes the program will receive in total $1500.<br />
<br />
== Program details ==<br />
<br />
''Projects that are eligible:'' All code/tools projects. Documentation projects are excluded.<br />
<br />
''Duration:'' 2 months of full-time engagement.<br />
<br />
== How it works ==<br />
<br />
Any code/tool project can participate in the OWASP Summer Code Sprint. Each project will be guided by an OWASP mentor. Students are evaluated in the middle and at the end of the coding period, based on success criteria identified at the beginning of the project. Successful students will receive $750 after each evaluation, a total of $1500 per student.<br />
<br />
Projects are focused on developing security tools. It is required that the code any student produces for those projects will be released as Open Source. <br />
<br />
Note on language: English is required for code comments and documentation, but not for interactions between students and advisers. Advisers who speak the same language as their students are encouraged to interact in that language. <br />
<br />
== How you can participate ==<br />
<br />
=== As a student: ===<br />
<br />
1. Review the list of OWASP Projects currently participating in the OWASP Summer Code Sprint 2015.<br />
<br />
2. Get in touch with the OWASP Project mentor of your choice.<br />
<br />
3. Agree deliverables with OWASP mentor. <br />
<br />
4. Work away during Summer 2015.<br />
<br />
5. Rise to Open Source Development Glory :-)<br />
<br />
ALL STUDENTS PLEASE APPLY HERE >> [FORM http://goo.gl/forms/jUFTcXVDEY]<br />
<br />
=== As an OWASP Project Leader: ===<br />
<br />
1. Edit this page adding your project and some proposed tasks as per the examples<br />
<br />
2. Promote the initiative to your academic contacts<br />
<br />
== Timeplan ==<br />
<br />
'''Phase 1: Proposals'''<br />
<br />
Project leaders who want to include their project to the program should submit some initial proposal ideas on this page. These ideas serve as guidance to the students; they are things that project leaders would like to get done, like new features, improvements, etc.<br />
<br />
Subsequently students are invited to submit detailed proposals that can (but do not necessarily have to) be based on these ideas. Students are strongly encouraged to engage with project leaders and each project's community (e.g. through the project's mailing list) in order to discuss the details of their proposal. Proposals should provide details about the implementation, time plan, milestones, etc.<br />
<br />
'''Phase 2: Scoring of proposals'''<br />
<br />
After the submission of proposals, project leaders and contributors/mentors are required to review the submitted proposals and score them (on a 1 to 5 scale). Each proposal should receive at least 3 assessments/scores from different mentors. Each mentor, contributor or leader can score only proposals for their OWN project. All assessments should provide justification. Reviewers are strongly encouraged to provide constructive comments for students so that they can improve in the future.<br />
<br />
Project leaders are responsible to attract a sufficient number of volunteer mentors to score proposals and subsequently supervise those that will get selected.<br />
<br />
'''Phase 3: Slot allocation.'''<br />
<br />
When proposal scoring has been completed, each project leader requests a specific number of slots. This number should be based on:<br />
The number of truly outstanding proposals according to submitted scores.<br />
The importance of the proposal to the project's roadmap.<br />
The number of available mentors for the project. At least 2 mentors are needed for each proposal that gets accepted.<br />
If the total number of requested slots is less than or equal to the available number of slots, then all projects get the requested slots. If not, the following rules apply:<br />
All projects that have requested a slot get at least 1 slot, provided they have a high quality proposal and sufficient number of mentors.<br />
Two mentors are required per slot allocated to the project.<br />
The program's administrators get in touch with project leaders, especially those that have requested a large number of slots to receive additional feedback on the requested slots and explore any available possibilities for reducing the requested number of slots. A project leader might choose to donate one or more requested slots back to the pool so that other projects can get more slots. The program administrators can choose to initiate a public discussion between projects in need of more slots and projects that have requested a lot of slots in order to determine the best possible outcome for everyone.<br />
If all else fails, slots are equally allocated to projects, i.e. all projects get 1 slot; projects that have requested 2 or more slots get an extra slot if available; projects that have requested 3 or more slots get an extra slot if available, etc. When there are no more slots available for all projects that have requested them a draw is used to allocate the remaining slots.<br />
<br />
In any case, the program's administrators should perform a final review of the selected proposals to ensure that they are of high quality. If concerns arise they should request additional information from project leaders.<br />
<br />
'''Phase 4: Coding.'''<br />
<br />
This is the main phase of the program. Students implement their proposal according to the submitted timeplan and under the supervision <br />
of their mentors.<br />
<br />
== Evaluations ==<br />
<br />
In the middle of the coding period, mentors should submit an evaluation of their students to ensure that they are on track and provide some feedback both to OWASP and the students.<br />
<br />
If no/little progress has been made up to this point, the mentors could decide to fail the student in which case the student does not receive money. If successful, OWASP will pay half the amount ($750). The final evaluations are submitted at the end of the coding period and the second installment ($750) is paid to the student if all agreed deliverables are met. If the student has failed to demonstrate progress during the second period, then the second installment will not be paid and the student will get only half of the amount.<br />
<br />
<br />
== Deadlines == <br />
Program announcement: June 1st, 2015<br />
<br />
Student Applications: June 21st, 2015<br />
<br />
Proposal Evaluations: from June 22nd until June 28th.<br />
<br />
Successful proposals announcement: July 1st<br />
<br />
Coding Period Starts: July 10th<br />
<br />
Mid-term evaluations: Submitted from August 10th until August 15th.<br />
<br />
Coding period ends: September 10th.<br />
<br />
Final evaluations: Until September 18th.<br />
<br />
== Mailing List ==<br />
Please subscribe to the following mailing list to receive updates or ask any particular questions: <br />
<br />
<br />
== Ideas ==<br />
<br />
=== OWASP Hackademic ===<br />
<br />
=== Docker Sandboxed for challenges ===<br />
<br />
''' Brief explanation: '''<br />
Background problem to solve:<br />
<br />
We are trying to enable users to freely upload vulnerable applications to the platform. <br />
After some research we concluded that writing a python application that uses docker to deploy challenges would be the best way to go about it.<br />
Also, we need to provide a frontend to manage the deployed containers and integrate our existing analytics gathering system into the dockerized challenges.<br />
The installer of the application should take care of initializing both the cms and the containers without introducing too much complexity.<br />
<br />
Proposed solution:<br />
<br />
There is an easy to use python library for docker and there should be a frontend managing the containers we can use off the self with minimal modifications.<br />
The feature has already had a poc using linux containers, you can find it in the open merge requests of the project's github page.<br />
<br />
''' Expected results '''<br />
* Integrate dockerized challenges in the platform.<br />
* PEP-8 compliant code in all provided python code<br />
* PSR compliant code in all php provided code<br />
* Sphinx/phpdoc friendly comments<br />
* Excellent reliability<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation <br />
<br />
''' Prerequisites '''<br />
<br />
Some knowledge of test driven development, php, python, docker<br />
<br />
''' OWASP Mentors '''<br />
<br />
Spyros Gasteratos (spyros.gasteratos@owasp.org)<br />
-- anyone else who already knows of puppet(I think we'll end up writing puppet manifests for installation)<br />
docker, python, php?<br />
<br />
=== Javascript Based Development Challenges ===<br />
<br />
Brief explanation:<br />
Background Problem to solve:<br />
<br />
We are looking for challenges which are aimed towards secure coding.<br />
The user should be served with a piece of vulnerable javascript which fails the unit tests provided.<br />
The user has to fix the vulnerability in a way that makes the unit tests pass.<br />
<br />
Example Solution of one of the challenges:<br />
Provide the user with the following code:<br />
''<br />
function sayHi(string userInput){<br />
var hiField = document.getElementById("hiField");<br />
hiField.innerHtml = userInput;<br />
}<br />
''<br />
Use any javascript unit - testing framework to design a set of unit tests which call the function with all sorts of payloads and test if the user seems to have escaped userInput correctly,<br />
we're not looking for completeness a solid proof of concept implementation for future reference is acceptable.<br />
<br />
''' Expected Results '''<br />
A complete implementation of challenges covering the top 10 according to our coding standards.<br />
<br />
=== Migrate old code to the new coding standards ===<br />
<br />
In the last project summit we decided to introduce code style and standards compliance checking for new commits and slowly migrate the old ones to the new setting.<br />
We also decided to prefer contributions with unit tests.<br />
<br />
We're looking for someone to assist in this migration. So far we have 0% of the classes in the new standards/coding style but the frontend tests cover a significant part of the platform.<br />
You could help us reach at least 70% line coverage in tests and a similar coverage in standard/code style <br />
<br />
<br />
=== New Theme ===<br />
<br />
Problem to solve:<br />
Our current theme is from 2012 and looks even older, moreover it could do with some usability improvements. Your job will be to design and implement a new shiny theme for the platform.<br />
<br />
'''Expected Results''' A shiny new theme with complete front end tests using the theme<br />
<br />
=== OWASP OWTF ===<br />
<br />
<br />
=== OWASP OWTF - VMS - OWTF Vulnerability Management System ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Background problem to solve:<br />
<br />
We are trying to reduce the human work burden where there will be hundreds of issues listing apache out of date or php out of date. <br />
<br />
Proposed solution:<br />
<br />
We can meta aggregate these duplicate issues into one issue of "outdated software / apache / php detected". with XYZ list of issues in them.<br />
<br />
<br />
A separate set of scripts that allows for grouping and management of vulnerabilities (i.e. think huge assessments), to be usable *both* from inside + outside of OWTF in a separate sub-repo here: https://github.com/owtf <br />
<br />
VMS will have the following features:<br />
* Vulnerability correlation engine which will allow for quick identification of unique vulnerability and deduplication.<br />
* Vulnerability table optimization : combining redundant vulnerabilities like example : PHP <5.1 , PHP < 5.2 , PHP < 5.3 all suggest upgrade php so if multiple issues are reported they should be combined.<br />
* Integration with existing bug tracking system like example bugzilla, jira : Should not be too hard as all such system have one or the other method exposed (REST API or similar)<br />
* Fix Validation : Since we integrate with bug tracking once dev fixed the bug and code deployed we can run specific checks via * OWTF or other tool (may be specific nessus or nexpose plugin or similar.)<br />
* Management Dashboard : Could be exposed to Pentester, Higher Management where stats are shown with lesser details but more of high level overview.<br />
<br />
[http://www.slideshare.net/null0x00/nessus-and-reporting-karma Similar previous work for Nessus]<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - HTTP Request Translator Improvements ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Problem to solve:<br />
<br />
There are many situations in web app pentests where just no tool will do the job and you need to script something, or mess around with the command line (classic example: sequence of steps where each step requires input from the previous step). In these situations, translating an HTTP request or a sequence of HTTP requests, takes valuable time which the pentester might just not really have.<br />
<br />
Proposed solution:<br />
<br />
An HTTP request translator, a *standalone* *tool* that can:<br />
<br />
1) Be used from inside OR outside of OWTF.<br />
<br />
2) Translate raw HTTP requests into curl commands or bash/python/php/ruby/PowerShell scripts<br />
<br />
3) Provide essential quick and dirty transforms: base64 (encode/decode), urlencode (encode/decode)<br />
* Transforms with boundary strings? (TBD)<br />
* Individually or in bulk? (TBD)<br />
<br />
'''Essential Function: "--output" argument'''<br />
<br />
CRITICAL: The command/script should be generated so that the request is sent as literally as possible.<br />
<br />
Example: NO client specific headers are sent. IF the original request had "User-Agent: X", the generated command/script should have EXACTLY that (i.e. NOT a curl user agent, etc.). Obviously, the same applies to ALL other headers.<br />
<br />
NOTE: Ideally the following should be implemented using an extensible plugin architecture (i.e. NEW plugins are EASY to add)<br />
* http request in => curl command out<br />
* http request in => bash script out<br />
* http request in => python script out<br />
* http request in => php script out<br />
* http request in => ruby script out<br />
* http request in => PowerShell script out<br />
<br />
'''Basic additional arguments:'''<br />
<br />
- "--proxy" argument: generates the command/script with the relevant proxy option<br />
<br />
NOTE: With this the command/script may send requests through a MiTM proxy (i.e. OWTF, ZAP, Burp, etc.)<br />
<br />
- "--string-search" argument: generates the command/script so that it:<br />
<br />
1) performs the request<br />
<br />
2) then searches for something in the response (i.e. literal match)<br />
<br />
- "--regex-search" argument: generates the command/script so that it:<br />
1) performs the request<br />
<br />
2) then searches for something in the response (i.e. regex match)<br />
<br />
'''OWTF integration'''<br />
<br />
The idea here, is to invoke this tool from:<br />
<br />
1) Single HTTP transactions:<br />
<br />
For example, have a button to "export http request" + then show options equivalent to the flags<br />
<br />
2) Multiple HTTP transactions:<br />
<br />
Same as with Single transactions, but letting the user "select a number of transactions" first (maybe a checkbox?).<br />
<br />
<br />
'''Desired input formats:'''<br />
<br />
* Read raw HTTP request from stdin -Suggested default behaviour! :)-<br />
<br />
Example: cat path/to/http_request.txt | http-request-translator.py --output<br />
<br />
* Interactive mode: read raw HTTP request from keyboard + "hit enter when ready"<br />
<br />
Suggestion: This could be a "-i" (for "interactive") flag and/or the fallback option when "stdin is empty"<br />
<br />
Example:<br />
<br />
1) User runs tool with desired flags (i.e. "--output ruby --proxy 127.0.0.1:1234 ...", etc.)<br />
<br />
2) Tool prints: "Please paste a raw HTTP request and hit enter when ready"<br />
<br />
3) User pastes a raw HTTP requests + hits enter<br />
<br />
4) Tool outputs whatever is relevant for the flags + http request given<br />
<br />
* For bulk processing: Maybe a directory of raw http request files?<br />
<br />
'''Nice to have: Transforms'''<br />
<br />
In the context of translating raw HTTP requests into commands/scripts, what we want here is to provide some handy "macros" so that the relevant command/script is generated accordingly.<br />
<br />
Example:<br />
<br />
NOTE: Assume something like the following arguments: "--transform-boundary=@@@@@@@ --transform-language=php"<br />
<br />
Step 1) The user provides a raw HTTP request like this:<br />
<br />
GET /path/to/urlencode@@@@@@@abc d@@@@@@@/test<br />
Host: target.com<br />
...<br />
<br />
Step 2) The tool generates a bash script like the following:<br />
<br />
#!/bin/bash<br />
<br />
PARAM1=$(echo 'abc d' | php -r "echo urlencode(fgets(STDIN));")<br />
curl ...... "http://target.com/path/to/$PARAM1/test"<br />
<br />
<br />
OR a "curl command" like the following:<br />
PARAM1=$(echo 'abc d' | php -r "echo urlencode(fgets(STDIN));"); curl ...... "http://target.com/path/to/$PARAM1/test"<br />
<br />
<br />
This feature can be valuable to shave a bit more time in script writing.<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - JavaScript Library Sniper Improvements ===<br />
<br />
'''Brief explanation:'''<br />
This is a project that tries to resolve a very common problem during penetration tests:<br />
<br />
The customer is running a number of outdated JavaScript Libraries, but there is just not enough time to determine if something useful -i.e. something *really* bad! :)- can be done with that or not.<br />
<br />
<br />
To solve this problem, we propose a *standalone* *tool* that can:<br />
<br />
1) Be run BOTH from inside AND outside of OWTF<br />
<br />
2) Build and *update* a fingerprint JavaScript library database of:<br />
* Library File hashes => JavaScript Library version<br />
* Library File lengths => JavaScript Library version<br />
* (Nice to have:) As above, but for each individual github commit (possible drawback: too big?)<br />
<br />
3) Build and *update* a vulnerability database of:<br />
* JavaScript Library version => CVE - CVSS score - Vulnerability info<br />
<br />
4) Given a [ JavaScript file OR hash OR length ], found in the database, provides:<br />
* JavaScript Library version<br />
* List of vulnerabilities sorted in descending CVSS score order<br />
<br />
5) (very cool to have) Given a list of JavaScript files (maybe a directory), provides:<br />
* ALL Library/vulnerability matches described on 4)<br />
<br />
Once the standalone tool is built and verified to be working, OWTF should be able to:<br />
<br />
Feature 1) GREP plugin improvement (Web Application Fingerprint):<br />
<br />
Step 1) Lookup file lengths and hashes in the "JavaScript library database"<br />
<br />
Step 2) If a match is found: provide the list of known vulnerabilities against "JavaScript library X" to the user<br />
<br />
Feature 2) SEMI-PASSIVE plugin improvement (Web Application Fingerprint):<br />
<br />
1) Requests all referenced BUT missing JavaScript files -i.e. scanners won't load JavaScript files! :)-<br />
<br />
2) re-runs the GREP plugin on the new files (i.e. to avoid missing vulns due to unrequested JavaScript files)<br />
<br />
Potential projects worth having a look for potential overlap/inspiration:<br />
* [https://owasp.org/index.php/OWASP_Dependency_Check OWASP Dependency Check?]<br />
<br />
How many JavaScript libraries should be included?<br />
* As many as possible, but especially the major ones: jQuery, knockout, etc.<br />
* "Nirvana" Nice to have: ALL Individual versions of ALL JavaScript files from ALL opensource projects, (ideally) even if the project is not a JavaScript library -i.e. JavaScript files from Joomla, Wordpress, etc.-<br />
<br />
Common JavaScript library fingerprinting techniques include:<br />
* Parse the JavaScript file and grab the version from there<br />
* Determine the JavaScript version based on a hash of the file<br />
* Determine the JavaScript version based on the length of the file<br />
<br />
Other Challenges:<br />
* "the file" could be "the minimised file", "the expanded file" or even "a specific JavaScript file from Library X"<br />
* When the JavaScript file does not match a specific version:<br />
1) The commit that matches the closest should (ideally) be found<br />
2) The NEXT library version after that commit (if present) should be found<br />
3) From there, it is about reusing the knowledge to figure out public vulnerabilities, CVSS scores, etc. again<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Off-line HTTP traffic uploader ===<br />
<br />
'''Brief explanation:'''<br />
<br />
Although it is awesome that OWTF runs a lot of tools on behalf of the user, there are situations where uploading the HTTP traffic of another tool off-line can be very interesting for OWTF, for example:<br />
<br />
* Tools that OWTF has trouble proxying right now: skipfish, hoppy<br />
* Tools that the user may have run manually OR even from a tool aggregator -very common! :)-<br />
* Tools that we just don't run from OWTF: ZAP, Burp, Fiddler<br />
<br />
This project is about implementing an off-line utility able to parse HTTP traffic:<br />
<br />
1) Figure out how to read output files from various tools like:<br />
skipfish, hoppy, w3af, arachni, etc.<br />
Nice to have: ZAP database, Burp database<br />
<br />
2) Translate that into the following clearly defined fields:<br />
<br />
* HTTP request<br />
* HTTP response status code<br />
* HTTP response headers<br />
* HTTP response body<br />
<br />
3) IMPORTANT: Implement a plugin-based uploader system<br />
<br />
4) IMPORTANT: Implement ONE plugin, that uploads that into the OWTF database<br />
<br />
5) IMPORTANT: OWTF should ideally be able to invoke the uploader right after running a tool<br />
Example: OWTF runs skipfish, skipfish finishes, OWTF runs the HTTP traffic uploader, all skipfish data is pushed to the OWTF DB.<br />
<br />
6) CRITICAL: The off-line HTTP traffic uploader should be smart enough to read + push 1-by-1 instead of *stupidly* trying to load everything into memory first, you have been warned! :)<br />
<br />
Why? Because in a huge assessment, the output of "tool X" can be "10 GB", which is *stupid* to load into memory, this is OWTF, we *really* try to foresee the crash before it happens! ;)<br />
<br />
<br />
CRITICAL: It is important to implement a plugin-based uploader system, so that other projects can benefit from this work (i.e. to be able to import third-party tool data to ZAP, Burp, and other tools in a similar fashion), and hence hopefully join us in maintaining this project moving forward.<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Health Monitor ===<br />
<br />
'''Brief explanation:'''<br />
<br />
In some cases, especially on large assessments (think: > 30 URLs) a number of things often go wrong and OWTF needs to recover from everything, which is difficult.<br />
<br />
For this reason, OWTF needs an independent module, which is completely detached from OWTF (a different process), to ensure the health of the assessment is in check at all times, this includes the following:<br />
<br />
'''Feature 1) Alerting mechanisms'''<br />
<br />
When any of the monitor alerts (see below) is triggered. The OWTF user will be notified immediately through ALL of the following means:<br />
* Playing an mp3 song (both local and possibly remote locations)<br />
* Scan status overview on the CLI<br />
* Scan status overview on the GUI<br />
<br />
NOTE: A configuration file from where the user can enable/disable/configure all these mechanisms is desired.<br />
<br />
'''Feature 2) Corrective mechanisms'''<br />
<br />
Corrective mechanisms are also expected in this project, these will be accomplished sending OWTF api messages such as:<br />
* Stop this tool<br />
* Freeze this process (to continue later)<br />
* Freeze the whole scan (to continue later)<br />
<br />
Additional mechanisms:<br />
* Show a ranking of files that take the most space<br />
<br />
'''Feature 3) Target monitor'''<br />
<br />
Brief overview:<br />
<br />
All target URLs are checked for availability periodically (i.e. once x 5 minutes?), if a URL in scope goes down the pentester is alerted (see above).<br />
<br />
Potential approach: Check if length of 1st page changes every 60 seconds.<br />
<br />
NOTE: It might be needed to change this on the fly.<br />
<br />
More background<br />
<br />
Consider the following scenario:<br />
<br />
Current Situation aka "problem to solve":<br />
<br />
1) Website X goes down during a scan<br />
<br />
2) the customer notices<br />
<br />
3) the customer tells the boss<br />
<br />
4) the boss tells the pentester<br />
<br />
5) the pentester stops the tool which was *still* trying to scan THAT target (!!!!)<br />
<br />
Desired situation aka "solution":<br />
<br />
It would be much more professional AND efficient that:<br />
<br />
1) The pentester notices<br />
<br />
2) The pentester tells the boss<br />
<br />
3) The boss tells the customer<br />
<br />
4) OWTF stops the tool because it knows that website is DEAD anyway<br />
<br />
A target monitor could easily do this with heartbeat requests + playing mp3s<br />
<br />
The target monitor will use the api to tell OWTF "this target is dead: freeze(stop?) current tests, skip target in future tests"<br />
<br />
'''Feature 4) Disk space monitor'''<br />
<br />
Another problem that is relatively common in large assessments, is that all disk space is used and the scanning box becomes unresponsive or crashes. When this happens it is too late, the pentester may also see this coming but wonder “which are the biggest files in the filesystem that I can delete”, it is not ideal to have to look for these files in a moment when the scanning box is about to crash :).<br />
<br />
Proposed solution:<br />
<br />
Regularly monitor how much disk space is left, especially on the partition where OWTF is writing the review (but also tool directories such as /home/username/.w3af/tmp, etc.). Keep track of files created by OWTF and all called tools and sort them by size in descending order. Then when the disk space is going low (i.e. predefined threshold), an mp3 or similar is played and this list is displayed to the user, so that they know what to delete to survive :).<br />
<br />
'''Feature 5) Network/Internet Connectivity monitor'''<br />
<br />
Sometimes it may also happen that ISP, etc. connectivity go down in the middle of a scan, this is often a very unfortunate situation since most tools are scanning in parallel and they won’t be able to produce a report OR even resume (i.e. A LOT is lost). The goal here is that OWTF does all of the following automatically:<br />
<br />
1) Detects the lack of connectivity<br />
<br />
2) Freezes all the tools (read: processes) in progress<br />
<br />
3) Resumes the scan when the connectivity is back.<br />
<br />
'''Feature 6) Tool crash detection'''<br />
<br />
Sometimes, certain tools (most notably, ahem, w3af), when they crash they do NOT exit. This leaves OWTF in a difficult position where 1+ process is waiting for nothing, forever (i.e. because “Tool X” will never finish)<br />
<br />
'''Feature 7) Tool (Plugin?) CPU/RAM/Bandwidth abuse detection and correction'''<br />
<br />
OWTF needs to notice when some tools crash and/or “go beserk” with RAM/CPU/Bandwidth consumption, this is different from the existing built-in checks in OWTF like “do not launch a new tool if there is less than XYZ RAM free” and more like “if tool X is using > XYZ of the available RAM/CPU/Bandwidth” and this is (potentially) negatively affecting other tools/tests, then throttle it.<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* CRITICAL: Excellent reliability -i.e. the Health Monitor cannot crash! :)-<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Installation Improvements and Package manager ===<br />
<br />
'''Brief explanation:'''<br />
<br />
This project is to implement what was suggested in the following github issue:<br />
[https://github.com/owtf/owtf/issues/192 https://github.com/owtf/owtf/issues/192]<br />
<br />
<br />
Recently i tried to make a fresh installation of OWTF. The installation process takes too much time. Is there any way to make the installation faster?<br />
Having a private server with:<br />
* pre-installed files for VMs<br />
* pre-configured and patched tools<br />
* Merged Lists<br />
* Pre-configured certificates<br />
Additionally a minimal installation which will install the core of OWTF with the option of update can increase the installation speed. The update procedure will start fetching the latest file versions from the server and copy them to the right path.<br />
Additional ideas are welcome.<br />
<br />
-- They could be hosted on Dropbox or a private VPS :)<br />
<br />
2 Installation Modes<br />
* For high speed connections (Downloading the files uncompressed)<br />
* For low speed connections (Downloading the files compressed)<br />
and the installation crashed because i runned out of space in the vm<br />
IMPORTANT NOTE: OWTF should check the available disk space BEFORE installation starts + warn the user if problems are likely<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Excellent reliability (i.e. proper exception handling, etc.)<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python and bash experience would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
=== OWASP OWTF - Testing Framework Improvements ===<br />
<br />
'''Brief explanation:'''<br />
<br />
As OWASP OWTF grows it makes sense to build custom unit tests to automatically re-test that functionality has not been broken. In this project we would like to improve the existing unit testing framework so that creating OWASP OWTF unit tests is as simple as possible and all missing tests for new functionality are created. The goal of this project is to update the existing Unit Test Framework to create all missing tests as well as improve the existing ones to verify OWASP OWTF functionality in an automated fashion.<br />
<br />
<br />
'''Top features'''<br />
<br />
In this improvement phase, the Testing Framework should:<br />
* (Top Prio) Focus more on functional tests<br />
For example: Improve coverage of OWASP Testing Guide, PTES, etc. (lots of room for improvement there!)<br />
* (Top Prio) Put together a great wiki documentation section for contributors<br />
The goal here is to help contributors write tests for the functionality that they implement. This should be as easy as possible.<br />
* (Top Prio) Fix the current Travis issues :)<br />
* (Nice to have) Bring the unit tests up to speed with the codebase<br />
This will be challenging but very worth trying after top priorities.<br />
The wiki should be heavily updated so that contributors create their own unit tests easily moving forward.<br />
<br />
<br />
'''General background'''<br />
<br />
The Unit Test Framework should be able to:<br />
* Define test categories: For example, "all plugins", "web plugins", "aux plugins", "test framework core", etc. (please see [http://www.slideshare.net/abrahamaranguren/introducing-owasp-owtf-workshop-brucon-2012 this presentation] for more background)<br />
* Allow to regression test isolated plugins (i.e. "only test _this_ plugin")<br />
* Allow to regression test by test categories (i.e. "test only web plugins")<br />
* Allow to regression test everything (i.e. plugins + framework core: "test all")<br />
* Produce meaningful statistics and easy to navigate logs to identify which tests failed and ideally also hints on how to potentially fix the problem where possible<br />
* Allow for easy creation of _new_ unit tests specific to OWASP OWTF<br />
* Allow for easy modification and maintenance of _existing_ unit tests specific to OWASP OWTF<br />
* Perform well so that we can run as many tests as possible in a given period of time<br />
* Potentially leverage the python unittest library: [http://docs.python.org/2/library/unittest.html http://docs.python.org/2/library/unittest.html]<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Performant and automated regression testing<br />
* Unit tests for a wide coverage of OWASP OWTF, ideally leveraging the Unit Test Framework where possible<br />
* Good documentation<br />
<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python, experience with unit tests and automated regression testing would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
<br />
=== OWASP OWTF - Tool utilities module ===<br />
<br />
'''WARNING: This idea is taken from the 1st round of OWCS selections (Sept. 15th), please do NOT apply'''<br />
<br />
'''Brief explanation:'''<br />
<br />
The spirit of this feature is something that may or may not be used from OWTF: These are utilities that may be chained together by OWTF OR a penetration tester using the command line. The idea is to automate mundane tasks that take time but may provide a lever to a penetration tester short on time.<br />
<br />
'''Feature 1) Vulnerable software version database:'''<br />
<br />
Implement a searchable vulnerable software version database so that a penetration tester enters a version and gets vulnerabilities sorted by criticality with MAX Impact vulnerabilities at the top (possibly: CVSS score in DESC order).<br />
<br />
Example:<br />
[http://www.cvedetails.com/vulnerability-list.php?vendor_id=74&product_id=128&version_id=149817&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=17&sha=0d26af6f3ba8ea20af18d089df40c252ea09b711 Vulnerabilities against specific software version]<br />
<br />
'''Feature 2) Nmap output file merger:'''<br />
<br />
Unify nmap files *without* losing data: XML, text and greppable formats<br />
For example: Sometimes 2 scans pass through the same port, one returns the server version, the other does not, we obviously do not want to lose banner information :).<br />
<br />
'''Feature 3) Nmap output file vulnerability mapper'''<br />
<br />
From an nmap output file, get the unique software version banners, and provide a list of (maybe in tabs?):<br />
<br />
1) CVEs in reverse order of CVSS score, with links.<br />
<br />
2) Metasploit modules available for each CVE / issue<br />
<br />
NOTE: Can supply an *old* shell script for reference<br />
<br />
3) Servers/ports affected (i.e. all server / port combinations using that software version)<br />
<br />
<br />
'''Feature 4) URL target list creator:'''<br />
<br />
Turn all “speaks http” ports (from any nmap format) into a list of URL targets for OWTF<br />
<br />
<br />
'''Feature 5) Hydra command creator:'''<br />
<br />
nmap file in => Hydra command list out<br />
<br />
grep http auth / login pages in output files to identify login interfaces => Hydra command list out<br />
<br />
<br />
'''Feature 6) WP-scan command creator:'''<br />
<br />
look at all URLs (i.e. nmap file), check if they might be running word press, generate a list of suggested wp-scan commands for all targets that might be running word press<br />
<br />
<br />
For background on OWASP OWTF please see: [https://www.owasp.org/index.php/OWASP_OWTF https://www.owasp.org/index.php/OWASP_OWTF]<br />
<br />
<br />
'''Expected results:'''<br />
<br />
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
* '''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
* '''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
* Excellent reliability (i.e. proper exception handling, etc.)<br />
* Good performance<br />
* Unit tests / Functional tests<br />
* Good documentation<br />
<br />
'''Knowledge Prerequisite:'''<br />
<br />
Python, experience with unit tests and automated regression testing would be beneficial, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn<br />
<br />
<br />
'''OWASP OWTF Mentor:'''<br />
<br />
Abraham Aranguren, Bharadwaj Machiraju - OWASP OWTF Project Leaders - Contact: Abraham.Aranguren@owasp.org, bharadwaj.machiraju@gmail.com<br />
<br />
''' OWASP Mentors '''<br />
<br />
<br />
=== OWASP ZAP ===<br />
There are a number of ZAP related projects students can work on, including:<br />
* Bug tracker support<br />
* Convert active and passive scan rules to scripts<br />
* Field enumeration<br />
* Form handling<br />
* Gauntlet integration<br />
* Script console code completion<br />
* Support java as a scripting language<br />
* Testing guide integration<br />
* Zest text representation and parser<br />
<br />
For more details see the ZAP [https://code.google.com/p/zaproxy/wiki/OpenProjects Open Projects] wiki page.</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Spain/Chapter_Meeting&diff=195770Spain/Chapter Meeting2015-06-04T07:49:09Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== <b>IX OWASP Spain Chapter Meeting</b> - <font size=-1>Barcelona, 12 de junio de 2015</font> ==<br />
Estas conferencias, abiertas y gratuitas, reúnen desde 2006 a los profesionales del sector de la seguridad de nuestro país y se han consolidado como un evento de referencia sobre seguridad en el software.<br />
<br><br />
<br><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
<br><br />
<br><br />
Si desea conocer las opciones de patrocinio disponibles, contacte con [mailto:vicente.aguilera@owasp.org Vicente Aguilera].<br />
'''Patrocinador PLATINO'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=center><br />
[[Image:Logo_ISEC.png|link=http://www.isecauditors.com]]<br />
</td><br />
<td width=20% align=center><br />
</td><br />
<td width=60%><br />
</td><br />
</table><br />
'''Patrocinador ORO'''<br />
<br />
<br />
<br />
'''Patrocinador PLATA'''<br />
<br />
<br />
<br />
'''Colabora'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=left><br />
[[Image:Logo_laSalle_URL_institucional_positiu_CAT.png|link=http://www.salleurl.edu]]<br />
</td><br />
</table><br />
<br><br><br />
= Agenda =<br />
{{:Spain/Agenda_Chapter_Meeting}}<br />
<br />
= Localización = <br />
{{:Spain/Localizacion_Chapter_Meeting}}<br />
<br />
= Ponentes =<br />
{{:Spain/Ponentes Chapter Meeting}}<br />
<br />
= Formacion =<br />
<br />
'''Introducción a la Seguridad en Aplicaciones Web'''<br />
<br />
'''DIA''': Jueves 11 de Junio de 9 a 18 horas.<br />
<br />
El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
<br />
'''Formato:'''<br />
<br />
El taller combina la teoría y ejercicios prácticos. Los participantes aprenderán a identificar vulnerabilidades en sitios web específicamente diseñados con vulnerabilidades y errores de código, explotándolas utilizando diferentes técnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnología usada en aplicaciones web.<br />
*Áreas críticas en una aplicación web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
<br />
'''Perfil del Trainer : '''<br />
<br />
[[Image:Cerullof.jpg|150px]]<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' 200 Euros (Miembros OWASP). 250 Euros (Público en General).<br />
<br />
* '''Para mayor información : ''' Por favor comuníquese al correo fcerullo@owasp.org<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/introduccionalaseguridadweb'''HAZ CLICK AQUI!'''] '''<br> <br><br />
<br />
<br />
= Patrocinadores =<br />
{{:Spain/Patrocinadores_Chapter_Meeting}}<br />
<br />
= Call For Papers =<br />
{{:Spain/CFP_Chapter_Meeting}}<br />
<br />
<br />
__NOTOC__<br />
<br />
<headertabs /><br />
<br />
<br><br />
<table width=100%><br />
<tr><br />
<td align="left"><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
</td><br />
<td align="right">[http://www.owasp.org/index.php/Spain https://www.owasp.org/images/a/a0/Owasp-logo-250.png]<br />
</td><br />
</tr><br />
</table><br />
<br><br />
<br><br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
[[Category:Spain]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Spain/Chapter_Meeting&diff=195769Spain/Chapter Meeting2015-06-04T07:47:31Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== <b>IX OWASP Spain Chapter Meeting</b> - <font size=-1>Barcelona, 12 de junio de 2015</font> ==<br />
Estas conferencias, abiertas y gratuitas, reúnen desde 2006 a los profesionales del sector de la seguridad de nuestro país y se han consolidado como un evento de referencia sobre seguridad en el software.<br />
<br><br />
<br><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
<br><br />
<br><br />
Si desea conocer las opciones de patrocinio disponibles, contacte con [mailto:vicente.aguilera@owasp.org Vicente Aguilera].<br />
'''Patrocinador PLATINO'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=center><br />
[[Image:Logo_ISEC.png|link=http://www.isecauditors.com]]<br />
</td><br />
<td width=20% align=center><br />
</td><br />
<td width=60%><br />
</td><br />
</table><br />
'''Patrocinador ORO'''<br />
<br />
<br />
<br />
'''Patrocinador PLATA'''<br />
<br />
<br />
<br />
'''Colabora'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=left><br />
[[Image:Logo_laSalle_URL_institucional_positiu_CAT.png|link=http://www.salleurl.edu]]<br />
</td><br />
</table><br />
<br><br><br />
= Agenda =<br />
{{:Spain/Agenda_Chapter_Meeting}}<br />
<br />
= Localización = <br />
{{:Spain/Localizacion_Chapter_Meeting}}<br />
<br />
= Ponentes =<br />
{{:Spain/Ponentes Chapter Meeting}}<br />
<br />
= Formacion =<br />
<br />
'''Introducción a la Seguridad en Aplicaciones Web'''<br />
<br />
El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
<br />
'''Formato:'''<br />
<br />
El taller combina la teoría y ejercicios prácticos. Los participantes aprenderán a identificar vulnerabilidades en sitios web específicamente diseñados con vulnerabilidades y errores de código, explotándolas utilizando diferentes técnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnología usada en aplicaciones web.<br />
*Áreas críticas en una aplicación web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
<br />
'''Perfil del Trainer : '''<br />
<br />
[[Image:Cerullof.jpg|150px]]<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' 200 Euros (Miembros OWASP). 250 Euros (Público en General).<br />
<br />
* '''Para mayor información : ''' Por favor comuníquese al correo fcerullo@owasp.org<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/introduccionalaseguridadweb'''HAZ CLICK AQUI!'''] '''<br> <br><br />
<br />
<br />
= Patrocinadores =<br />
{{:Spain/Patrocinadores_Chapter_Meeting}}<br />
<br />
= Call For Papers =<br />
{{:Spain/CFP_Chapter_Meeting}}<br />
<br />
<br />
__NOTOC__<br />
<br />
<headertabs /><br />
<br />
<br><br />
<table width=100%><br />
<tr><br />
<td align="left"><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
</td><br />
<td align="right">[http://www.owasp.org/index.php/Spain https://www.owasp.org/images/a/a0/Owasp-logo-250.png]<br />
</td><br />
</tr><br />
</table><br />
<br><br />
<br><br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
[[Category:Spain]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Spain/Chapter_Meeting&diff=195768Spain/Chapter Meeting2015-06-04T07:46:49Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== <b>IX OWASP Spain Chapter Meeting</b> - <font size=-1>Barcelona, 12 de junio de 2015</font> ==<br />
Estas conferencias, abiertas y gratuitas, reúnen desde 2006 a los profesionales del sector de la seguridad de nuestro país y se han consolidado como un evento de referencia sobre seguridad en el software.<br />
<br><br />
<br><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
<br><br />
<br><br />
Si desea conocer las opciones de patrocinio disponibles, contacte con [mailto:vicente.aguilera@owasp.org Vicente Aguilera].<br />
'''Patrocinador PLATINO'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=center><br />
[[Image:Logo_ISEC.png|link=http://www.isecauditors.com]]<br />
</td><br />
<td width=20% align=center><br />
</td><br />
<td width=60%><br />
</td><br />
</table><br />
'''Patrocinador ORO'''<br />
<br />
<br />
<br />
'''Patrocinador PLATA'''<br />
<br />
<br />
<br />
'''Colabora'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=left><br />
[[Image:Logo_laSalle_URL_institucional_positiu_CAT.png|link=http://www.salleurl.edu]]<br />
</td><br />
</table><br />
<br><br><br />
= Agenda =<br />
{{:Spain/Agenda_Chapter_Meeting}}<br />
<br />
= Localización = <br />
{{:Spain/Localizacion_Chapter_Meeting}}<br />
<br />
= Ponentes =<br />
{{:Spain/Ponentes Chapter Meeting}}<br />
<br />
= Formacion =<br />
<br />
'''Introducción a la Seguridad en Aplicaciones Web'''<br />
<br />
El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
<br />
'''Formato:'''<br />
<br />
El taller combina la teoría y ejercicios prácticos. Los participantes aprenderán a identificar vulnerabilidades en sitios web específicamente diseñados con vulnerabilidades y errores de código, explotándolas utilizando diferentes técnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- Material Impreso<br><br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnología usada en aplicaciones web.<br />
*Áreas críticas en una aplicación web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
<br />
'''Perfil del Trainer : '''<br />
<br />
[[Image:Cerullof.jpg|150px]]<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' 200 Euros (Miembros OWASP). 250 Euros (Público en General).<br />
<br />
* '''Para mayor información : ''' Por favor comuníquese al correo fcerullo@owasp.org<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/introduccionalaseguridadweb'''HAZ CLICK AQUI!'''] '''<br> <br><br />
<br />
<br />
= Patrocinadores =<br />
{{:Spain/Patrocinadores_Chapter_Meeting}}<br />
<br />
= Call For Papers =<br />
{{:Spain/CFP_Chapter_Meeting}}<br />
<br />
<br />
__NOTOC__<br />
<br />
<headertabs /><br />
<br />
<br><br />
<table width=100%><br />
<tr><br />
<td align="left"><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
</td><br />
<td align="right">[http://www.owasp.org/index.php/Spain https://www.owasp.org/images/a/a0/Owasp-logo-250.png]<br />
</td><br />
</tr><br />
</table><br />
<br><br />
<br><br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
[[Category:Spain]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Spain/Chapter_Meeting&diff=195766Spain/Chapter Meeting2015-06-04T07:42:22Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== <b>IX OWASP Spain Chapter Meeting</b> - <font size=-1>Barcelona, 12 de junio de 2015</font> ==<br />
Estas conferencias, abiertas y gratuitas, reúnen desde 2006 a los profesionales del sector de la seguridad de nuestro país y se han consolidado como un evento de referencia sobre seguridad en el software.<br />
<br><br />
<br><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
<br><br />
<br><br />
Si desea conocer las opciones de patrocinio disponibles, contacte con [mailto:vicente.aguilera@owasp.org Vicente Aguilera].<br />
'''Patrocinador PLATINO'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=center><br />
[[Image:Logo_ISEC.png|link=http://www.isecauditors.com]]<br />
</td><br />
<td width=20% align=center><br />
</td><br />
<td width=60%><br />
</td><br />
</table><br />
'''Patrocinador ORO'''<br />
<br />
<br />
<br />
'''Patrocinador PLATA'''<br />
<br />
<br />
<br />
'''Colabora'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=left><br />
[[Image:Logo_laSalle_URL_institucional_positiu_CAT.png|link=http://www.salleurl.edu]]<br />
</td><br />
</table><br />
<br><br><br />
= Agenda =<br />
{{:Spain/Agenda_Chapter_Meeting}}<br />
<br />
= Localización = <br />
{{:Spain/Localizacion_Chapter_Meeting}}<br />
<br />
= Ponentes =<br />
{{:Spain/Ponentes Chapter Meeting}}<br />
<br />
= Formacion =<br />
<br />
'''Introducción a la Seguridad en Aplicaciones Web'''<br />
<br />
El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
<br />
'''Formato:'''<br />
<br />
El taller combina la teoría y ejercicios prácticos. Los participantes aprenderán a identificar vulnerabilidades en sitios web específicamente diseñados con vulnerabilidades y errores de código, explotándolas utilizando diferentes técnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- Material Impreso<br><br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnología usada en aplicaciones web.<br />
*Áreas críticas en una aplicación web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
<br />
'''Perfil del Trainer : '''<br />
<br />
[[Image:Cerullof.jpg|150px]]<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor información : ''' Por favor comuníquese al correo fcerullo@owasp.org<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRO CERRADO!'''] '''<br> <br><br />
<br />
<br />
= Patrocinadores =<br />
{{:Spain/Patrocinadores_Chapter_Meeting}}<br />
<br />
= Call For Papers =<br />
{{:Spain/CFP_Chapter_Meeting}}<br />
<br />
<br />
__NOTOC__<br />
<br />
<headertabs /><br />
<br />
<br><br />
<table width=100%><br />
<tr><br />
<td align="left"><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
</td><br />
<td align="right">[http://www.owasp.org/index.php/Spain https://www.owasp.org/images/a/a0/Owasp-logo-250.png]<br />
</td><br />
</tr><br />
</table><br />
<br><br />
<br><br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
[[Category:Spain]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Spain/Chapter_Meeting&diff=195765Spain/Chapter Meeting2015-06-04T07:40:33Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== <b>IX OWASP Spain Chapter Meeting</b> - <font size=-1>Barcelona, 12 de junio de 2015</font> ==<br />
Estas conferencias, abiertas y gratuitas, reúnen desde 2006 a los profesionales del sector de la seguridad de nuestro país y se han consolidado como un evento de referencia sobre seguridad en el software.<br />
<br><br />
<br><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
<br><br />
<br><br />
Si desea conocer las opciones de patrocinio disponibles, contacte con [mailto:vicente.aguilera@owasp.org Vicente Aguilera].<br />
'''Patrocinador PLATINO'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=center><br />
[[Image:Logo_ISEC.png|link=http://www.isecauditors.com]]<br />
</td><br />
<td width=20% align=center><br />
</td><br />
<td width=60%><br />
</td><br />
</table><br />
'''Patrocinador ORO'''<br />
<br />
<br />
<br />
'''Patrocinador PLATA'''<br />
<br />
<br />
<br />
'''Colabora'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=left><br />
[[Image:Logo_laSalle_URL_institucional_positiu_CAT.png|link=http://www.salleurl.edu]]<br />
</td><br />
</table><br />
<br><br><br />
= Agenda =<br />
{{:Spain/Agenda_Chapter_Meeting}}<br />
<br />
= Localización = <br />
{{:Spain/Localizacion_Chapter_Meeting}}<br />
<br />
= Ponentes =<br />
{{:Spain/Ponentes Chapter Meeting}}<br />
<br />
= Formacion =<br />
<br />
'''Introducción a la Seguridad en Aplicaciones Web'''<br />
<br />
[[Image:Cerullof.jpg|150px]]<br />
El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
<br />
'''Formato:'''<br />
<br />
El taller combina la teoría y ejercicios prácticos. Los participantes aprenderán a identificar vulnerabilidades en sitios web específicamente diseñados con vulnerabilidades y errores de código, explotándolas utilizando diferentes técnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- Material Impreso<br><br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnología usada en aplicaciones web.<br />
*Áreas críticas en una aplicación web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
'''Perfil del Trainer : '''<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor información : ''' Por favor comuníquese al correo owasp.peru@gmail.com<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRO CERRADO!'''] '''<br> <br><br />
<br />
<br />
= Patrocinadores =<br />
{{:Spain/Patrocinadores_Chapter_Meeting}}<br />
<br />
= Call For Papers =<br />
{{:Spain/CFP_Chapter_Meeting}}<br />
<br />
<br />
__NOTOC__<br />
<br />
<headertabs /><br />
<br />
<br><br />
<table width=100%><br />
<tr><br />
<td align="left"><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
</td><br />
<td align="right">[http://www.owasp.org/index.php/Spain https://www.owasp.org/images/a/a0/Owasp-logo-250.png]<br />
</td><br />
</tr><br />
</table><br />
<br><br />
<br><br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
[[Category:Spain]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Spain/Chapter_Meeting&diff=195764Spain/Chapter Meeting2015-06-04T07:38:24Z<p>Fabio.e.cerullo: </p>
<hr />
<div>== <b>IX OWASP Spain Chapter Meeting</b> - <font size=-1>Barcelona, 12 de junio de 2015</font> ==<br />
Estas conferencias, abiertas y gratuitas, reúnen desde 2006 a los profesionales del sector de la seguridad de nuestro país y se han consolidado como un evento de referencia sobre seguridad en el software.<br />
<br><br />
<br><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
<br><br />
<br><br />
Si desea conocer las opciones de patrocinio disponibles, contacte con [mailto:vicente.aguilera@owasp.org Vicente Aguilera].<br />
'''Patrocinador PLATINO'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=center><br />
[[Image:Logo_ISEC.png|link=http://www.isecauditors.com]]<br />
</td><br />
<td width=20% align=center><br />
</td><br />
<td width=60%><br />
</td><br />
</table><br />
'''Patrocinador ORO'''<br />
<br />
<br />
<br />
'''Patrocinador PLATA'''<br />
<br />
<br />
<br />
'''Colabora'''<br />
<table widht=100%><br />
<tr><br />
<td width=20% align=left><br />
[[Image:Logo_laSalle_URL_institucional_positiu_CAT.png|link=http://www.salleurl.edu]]<br />
</td><br />
</table><br />
<br><br><br />
= Agenda =<br />
{{:Spain/Agenda_Chapter_Meeting}}<br />
<br />
= Localización = <br />
{{:Spain/Localizacion_Chapter_Meeting}}<br />
<br />
= Ponentes =<br />
{{:Spain/Ponentes Chapter Meeting}}<br />
<br />
= Formacion =<br />
<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Taller''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Introducción a la Seguridad en Aplicaciones Web'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | [[Image:Cerullof.jpg|150px]]<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
'''Formato:'''<br />
<br />
El taller combina la teoría y ejercicios prácticos. Los participantes aprenderán a identificar vulnerabilidades en sitios web específicamente diseñados con vulnerabilidades y errores de código, explotándolas utilizando diferentes técnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- Material Impreso<br><br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnología usada en aplicaciones web.<br />
*Áreas críticas en una aplicación web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
'''Perfil del Trainer : '''<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor información : ''' Por favor comuníquese al correo owasp.peru@gmail.com<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRO CERRADO!'''] '''<br> <br><br />
<br />
<br />
= Patrocinadores =<br />
{{:Spain/Patrocinadores_Chapter_Meeting}}<br />
<br />
= Call For Papers =<br />
{{:Spain/CFP_Chapter_Meeting}}<br />
<br />
<br />
__NOTOC__<br />
<br />
<headertabs /><br />
<br />
<br><br />
<table width=100%><br />
<tr><br />
<td align="left"><br />
[https://www.eventbrite.es/e/entradas-ix-owasp-spain-chapter-meeting-15979118975?ref=ebtn https://www.owasp.org/images/7/77/Buttoncreate.png]<br />
</td><br />
<td align="right">[http://www.owasp.org/index.php/Spain https://www.owasp.org/images/a/a0/Owasp-logo-250.png]<br />
</td><br />
</tr><br />
</table><br />
<br><br />
<br><br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
[[Category:Spain]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=About_The_Open_Web_Application_Security_Project&diff=193397About The Open Web Application Security Project2015-04-15T01:36:14Z<p>Fabio.e.cerullo: /* Treasurer: Fabio Cerullo */</p>
<hr />
<div>Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' <br />
__TOC__<br />
<br />
==The OWASP Foundation==<br />
The OWASP Foundation came online on [http://wayback.archive.org/web/*/http://www.owasp.org December 1st 2001] it was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at [[Main Page|OWASP]]. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at [[Main Page|www.owasp.org]].<br />
<br />
<br />
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative and open way. The [[OWASP Foundation]] is a not-for-profit entity that ensures the project's long-term success.<br />
<br />
[http://www.linkedin.com/companies/owasp https://www.owasp.org/images/9/98/Btn_cofollow_badge.png]<br />
<br />
<br />
===OWASP Foundation Bylaws===<br />
<br />
The business of the OWASP Foundation Inc. is outlined in the organizational [http://en.wikipedia.org/wiki/By-law by-laws]. These by-laws govern the organization worldwide and allow the participants to understand the established process for doing so. <br />
<br />
[[OWASP Foundation ByLaws]]<br />
<br />
[https://www.owasp.org/images/9/90/126741_OWASP_vzw_modelstatuten_v0.9_EN_REV.pdf OWASP EU Foundation ByLaws (English Translation)]<br />
<br />
[[Local Chapter ByLaws]]<br />
<br />
<br />
== Core Values ==<br />
<b>OPEN</b><br />
Everything at OWASP is radically transparent from our finances to our code.<br />
<br />
<b>INNOVATION</b><br />
OWASP encourages and supports innovation and experiments for solutions to software security challenges.<br />
<br />
<b>GLOBAL</b><br />
Anyone around the world is encouraged to participate in the OWASP community.<br />
<br />
<b>INTEGRITY</b><br />
OWASP is an honest and truthful, vendor neutral, global community.<br />
<br />
<br />
== Core Purpose ==<br />
Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software. <br />
<br />
<br />
== Code of Ethics ==<br />
Each of us is expected to behave according to the principles contained in the following Code of Ethics. Breaches of the Code of Ethics may result in the foundation taking disciplinary action.<br />
[https://www.owasp.org/index.php/Membership_Revocation Membership Revocation]<br />
<br />
* Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;<br />
* Promote the implementation of and promote compliance with standards, procedures, controls for application security;<br />
* Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;<br />
* Discharge professional responsibilities with diligence and honesty;<br />
* To communicate openly and honestly;<br />
* Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association;<br />
* To maintain and affirm our objectivity and independence;<br />
* To reject inappropriate pressure from industry or others;<br />
* Not intentionally injure or impugn the professional reputation of practice of colleagues, clients, or employers;<br />
* Treat everyone with respect and dignity; and<br />
* To avoid relationships that impair — or may appear to impair — OWASP's objectivity and independence.<br />
<br />
<br />
== Principles ==<br />
<br />
* Free & Open<br />
* Governed by rough consensus & running code<br />
* Abide by a code of ethics (see ethics)<br />
* Not-for-profit<br />
* Not driven by commercial interests<br />
* Risk based approach<br />
<br />
<br />
==2015 Global Board Members==<br />
<br />
<br />
====Chairman: [[User:tgondrom|Tobias Gondrom]]====<br />
<br />
====Vice Chairman: [[User:jsokol|Josh Sokol]]====<br />
<br />
====Treasurer: [[User:Fabio.e.cerullo|Fabio Cerullo]]====<br />
<br />
====Secretary: [[User:Matt_Konda |Matt Konda]]====<br />
<br />
====Board Member: [[User:vanderaj |Andrew van der Stock]]====<br />
<br />
====Board Member: [[User:MichaelCoates|Michael Coates]]====<br />
<br />
====Board Member: [[User:Jmanico|Jim Manico]]====<br />
<br />
==Employees and Contractors of the OWASP Foundation==<br />
<br />
{{:About_OWASP/HR}}<br />
<br />
<br />
* Additional [https://www.owasp.org/index.php/About_OWASP/HR staff and HR info]<br />
<br />
<br />
==Meeting Minutes==<br />
The OWASP Foundation Board meets monthly.<br />
<br />
[[OWASP_Board_Meetings | Board meeting minutes for the record.]]<br />
<br />
[https://docs.google.com/folder/d/0B5Z9zE0hx0LNOWFIRG9reTUwOXM/edit Staff Meetings]<br />
<br />
[https://docs.google.com/folder/d/0B5Z9zE0hx0LNZ0pqZC1QWWRTM28/edit Global Initiatives Meetings]<br />
<br />
<br />
== Operational Procedures ==<br />
[https://www.owasp.org/index.php/About_OWASP/Operational-Procedures Standard Operations Procedures (SOP)]<br />
<br />
<br />
==Licensing==<br />
All OWASP materials are available under an approved [[OWASP Licenses|FLOSS license]]. For more information, please see the '''[[OWASP Licenses]]''' page.<br />
<br />
<br />
==Participation and Membership==<br />
Everyone is welcome to participate in our [https://lists.owasp.org/mailman/listinfo forums], [[projects]], [[chapters]], and [[conferences]]. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert.<br />
<br />
<br />
If you find the OWASP materials valuable, please consider supporting our cause by becoming an OWASP member. All monies received by the OWASP Foundation go directly into supporting OWASP projects.<br />
<br />
<br />
For more information, please see the '''[[Membership]]''' page.<br />
<br />
<br />
==Projects==<br />
OWASP's projects cover many aspects of application security. We build documents, tools, teaching environments, guidelines, checklists, and other materials to help organizations improve their capability to produce secure code.<br />
<br />
<br />
For details on all the OWASP projects, please see the '''[[:Category:OWASP Project|OWASP Project]]''' page.<br />
<br />
<br />
==Privacy Policy==<br />
Given OWASP’s mission to help organizations with application security, you have the right to expect protection of any personal information that we might collect about our members.<br />
<br />
<br />
In general, we do not require authentication or ask visitors to reveal personal information when visiting our website. We collect Internet addresses, not the e-mail addresses, of visitors solely for use in calculating various website statistics.<br />
<br />
<br />
We may ask for certain personal information, including name and email address from persons downloading OWASP products. This information is not divulged to any third party and is used only for the purposes of:<br />
* Communicating urgent fixes in the OWASP Materials<br />
* Seeking advice and feedback about OWASP Materials<br />
* Inviting participation in OWASP’s consensus process and AppSec conferences<br />
<br />
<br />
OWASP publishes a list of member organizations and individual members. Listing is purely voluntary and "opt-in." Listed members can request not to be listed at any time.<br />
<br />
All information about you or your organization that you send us by fax or mail is physically protected. If you have any questions or concerns about our privacy policy, please contact us at [http://sl.owasp.org/contactus Submit a Inquiry]<br />
<br />
<br />
==Membership or Donations==<br />
If you are interested in joining OWASP as a member, or donating funds for OWASP's efforts, please check out the [[Membership|OWASP Membership Page]].<br />
<br />
{{:About_OWASP/Financial_Transparency}}<br />
<br />
<br/><br />
<br />
==Contacting OWASP==<br />
The easiest way to contact the [[OWASP Foundation]] is via e-mail. If you have a question concerning a particular project, we <b>strongly</b> recommend using the [https://lists.owasp.org/mailman/listinfo mailing list] for that project. Many questions can also be answered by [https://www.owasp.org/google/results.html searching] the [[Main Page|OWASP]] web site, so please check there first.<br />
<br />
Our global address for general correspondence and faxes can be sent to our physical office address, to the attention of [[User:Kate_Hartmann|Kate Hartmann]], at: <br />
<br />
OWASP Foundation<br />
1200-C Agora Drive, #232<br />
Bel Air, MD 21014<br />
US<br />
+1 951-692-7703 (tel)<br />
+1 443-283-4021(fax)<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
The European correspondence address is below.<br />
More information is available on the OWASP [[Europe]] page.<br />
<br />
OWASP Europe VZW<br />
Leinstraat 104A<br />
B-9660 Opbrakel<br />
Belgium<br />
+1 951-692-7703 (tel)<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
OWASP Norway Chapter<br />
[http://w2.brreg.no/enhet/sok/detalj.jsp?orgnr=994253085 Entity Record]<br />
v/Kåre Presttun<br />
c/o Mnemonic as<br />
Wergelandsveien 25<br />
0167 OSLO<br />
<br />
<br />
Want to chat on IRC?<br />
The official #owasp channel is now live on http://irc.freenode.net ! Come on in and chat with us!<br />
<br />
For more information, please see the pages listed below:<br />
<br />
* [[Contributions]] for details about how to make contributions<br />
* [[Advertising]] if you're interested in advertising on the OWASP site<br />
* [[How OWASP Works]] for more information about projects and governance<br />
* [[OWASP brand usage rules]] for information about using the OWASP brand<br />
<br />
[[Category:Popular]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=User:Fabio.e.cerullo&diff=193390User:Fabio.e.cerullo2015-04-15T00:27:25Z<p>Fabio.e.cerullo: </p>
<hr />
<div>{| class="wikitable" style="text-align:left"<br />
|-<br />
! [[File:Cerullof.jpg|200px]]<br />
! Fabio Cerullo is the Managing Director of Cycubix, an Information Security company that specialises in securing the applications that businesses rely on. He has extensive experience in understanding and addressing the challenges of application security from over a decade working in and with organisations across a diverse range of industries – from financial services to government departments and manufacturing.<br />
<br />
Fabio is a Global Board member of the OWASP Foundation and a regular speaker at events organised by the leading Information Security associations including OWASP, ISACA and (ISC)2. He also provides commentary and insight for specialised industry media (Computer Weekly, Infosecurity magazine, SiliconRepublic.com). As an official certified instructor for (ISC)2, the global leader in information security education and certification, Fabio is responsible for training information security professionals around the world.<br />
<br />
Fabio is a Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP). He holds a Master’s degree in Computer Engineering from Universidad Católica Argentina.<br />
|}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=User:Fabio.e.cerullo&diff=193389User:Fabio.e.cerullo2015-04-15T00:25:28Z<p>Fabio.e.cerullo: </p>
<hr />
<div>{| class="wikitable" style="text-align:left<br />
|-<br />
! [[File:Cerullof.jpg|200px]]<br />
! Fabio Cerullo is the Managing Director of Cycubix, an Information Security company that specialises in securing the applications that businesses rely on. He has extensive experience in understanding and addressing the challenges of application security from over a decade working in and with organisations across a diverse range of industries – from financial services to government departments and manufacturing.<br />
<br />
Fabio is a Global Board member of the OWASP Foundation and a regular speaker at events organised by the leading Information Security associations including OWASP, ISACA and (ISC)2. He also provides commentary and insight for specialised industry media (Computer Weekly, Infosecurity magazine, SiliconRepublic.com). As an official certified instructor for (ISC)2, the global leader in information security education and certification, Fabio is responsible for training information security professionals around the world.<br />
<br />
Fabio is a Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP). He holds a Master’s degree in Computer Engineering from Universidad Católica Argentina.<br />
|}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=User:Fabio.e.cerullo&diff=193387User:Fabio.e.cerullo2015-04-15T00:24:39Z<p>Fabio.e.cerullo: </p>
<hr />
<div>{| class="wikitable"<br />
|-<br />
! [[File:Cerullof.jpg|200px]]<br />
! class="wikitable" style="text-align:left Fabio Cerullo is the Managing Director of Cycubix, an Information Security company that specialises in securing the applications that businesses rely on. He has extensive experience in understanding and addressing the challenges of application security from over a decade working in and with organisations across a diverse range of industries – from financial services to government departments and manufacturing.<br />
<br />
Fabio is a Global Board member of the OWASP Foundation and a regular speaker at events organised by the leading Information Security associations including OWASP, ISACA and (ISC)2. He also provides commentary and insight for specialised industry media (Computer Weekly, Infosecurity magazine, SiliconRepublic.com). As an official certified instructor for (ISC)2, the global leader in information security education and certification, Fabio is responsible for training information security professionals around the world.<br />
<br />
Fabio is a Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP). He holds a Master’s degree in Computer Engineering from Universidad Católica Argentina.<br />
|}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=User:Fabio.e.cerullo&diff=193386User:Fabio.e.cerullo2015-04-15T00:24:17Z<p>Fabio.e.cerullo: </p>
<hr />
<div>{| class="wikitable"<br />
|-<br />
! [[File:Cerullof.jpg|200px]]<br />
! style="text-align:left Fabio Cerullo is the Managing Director of Cycubix, an Information Security company that specialises in securing the applications that businesses rely on. He has extensive experience in understanding and addressing the challenges of application security from over a decade working in and with organisations across a diverse range of industries – from financial services to government departments and manufacturing.<br />
<br />
Fabio is a Global Board member of the OWASP Foundation and a regular speaker at events organised by the leading Information Security associations including OWASP, ISACA and (ISC)2. He also provides commentary and insight for specialised industry media (Computer Weekly, Infosecurity magazine, SiliconRepublic.com). As an official certified instructor for (ISC)2, the global leader in information security education and certification, Fabio is responsible for training information security professionals around the world.<br />
<br />
Fabio is a Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP). He holds a Master’s degree in Computer Engineering from Universidad Católica Argentina.<br />
|}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=User:Fabio.e.cerullo&diff=193385User:Fabio.e.cerullo2015-04-15T00:21:49Z<p>Fabio.e.cerullo: </p>
<hr />
<div>{| class="wikitable"<br />
|-<br />
! [[File:Cerullof.jpg|200px]]<br />
! Fabio Cerullo is the Managing Director of Cycubix, an Information Security company that specialises in securing the applications that businesses rely on. He has extensive experience in understanding and addressing the challenges of application security from over a decade working in and with organisations across a diverse range of industries – from financial services to government departments and manufacturing.<br />
<br />
Fabio is a Global Board member of the OWASP Foundation and a regular speaker at events organised by the leading Information Security associations including OWASP, ISACA and (ISC)2. He also provides commentary and insight for specialised industry media (Computer Weekly, Infosecurity magazine, SiliconRepublic.com). As an official certified instructor for (ISC)2, the global leader in information security education and certification, Fabio is responsible for training information security professionals around the world.<br />
<br />
Fabio is a Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP). He holds a Master’s degree in Computer Engineering from Universidad Católica Argentina.<br />
|}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=User:Fabio.e.cerullo&diff=193384User:Fabio.e.cerullo2015-04-15T00:18:42Z<p>Fabio.e.cerullo: </p>
<hr />
<div>{| class="wikitable"<br />
|-<br />
! [[File:Cerullof.jpg|200px]]<br />
! Fabio Cerullo is the Managing Director of Cycubix, an Information Security company that specialises in securing the applications that businesses rely on. He has extensive experience in understanding and addressing the challenges of application security from over a decade working in and with organisations across a diverse range of industries – from financial services to government departments and manufacturing.<br />
<br />
Fabio is a Global Board member of the OWASP Foundation and a regular speaker at events organised by the leading Information Security associations including OWASP, ISACA and (ISC)2. He also provides commentary and insight for specialised industry media (Computer Weekly, Infosecurity magazine, SiliconRepublic.com). As an official certified instructor for (ISC)2, the global leader in information security education and certification, Fabio is responsible for training information security professionals around the world.<br />
<br />
Fabio is a Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP). He holds a Master’s degree in Computer Engineering from Universidad Católica Argentina.<br />
|}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=192746LatamTour20152015-04-05T21:14:07Z<p>Fabio.e.cerullo: /* CTF */</p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |750px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes Droguett [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru'''(Lima) : John Vargas [john.vargas@owasp.org] vía [https://docs.google.com/forms/d/1HJAwdnCxhnDjxdEOrHVBaewrkQncIB2uxHCzxEtxwug '''this Google form''']<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes Droguett [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* Santa Cruz de las Sierras, Bolivia: Daniel Torres [daniel.torres@owasp.org]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Andrea Villar<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=PATAGONIA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
''Conferencias: Libres y gratuitas''<br><br />
''Entrenamiento: 250 dólares''<br><br />
<br />
===CTF Patagonia===<br />
Competencia de hacking "CTF Patagonia".<br><br />
Preparen, aputen,...., [http://ctf-ddn.rhcloud.com/ FUEGO!]<br />
<br />
===Agenda ===<br />
'''Viernes 10 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | Expositor<br />
<br />
|-<br />
| 09:00 - 10:00<br />
| Acreditacion<br />
| <br />
|- <br />
| 10:00 - 10:15<br />
| Bienvenida e intoduccion a OWASP<br />
|<br />
|-<br />
| 10:20 - 11:00<br />
| [https://www.owasp.org/index.php/LatamTour2015/VulnerabilidadesGatewayPago Vulnerabilidades en Gateways de Pago]<br />
| [https://www.linkedin.com/in/ariancho Andrés Riancho]<br />
|- <br />
| 11:00 - 11:30<br />
| Pausa para café<br />
|<br />
|-<br />
| 11:30 - 12:00 <br />
| Aspectos Legales de la Seguridad informática<br><br />
| Marcelo Campetella<br />
|-<br />
| 12:00 - 12:30<br />
| El mercado del Malware en las Apps de los Store para Android<br />
| Claudio Caracciolo<br />
|-<br />
| 12:30 - 14:00<br />
| Pausa para almuerzo<br />
|<br />
|- <br />
| 14:00 - 14:40<br />
| Mobile Apps and how to Pentest them<br />
| Gustavo Sorondo<br />
|-<br />
| 14:40 - 15:10<br />
| CIOs vs CISOs: OWASP al rescate <br />
| Mauro Graziosi<br />
|-<br />
| 15:10 - 15:40<br />
| Pausa para café<br />
|<br />
|-<br />
| 15:40 - 16:20<br />
| Certificate Pinning: ¿tenemos el c...ertificado roto?<br />
| Cristian Borghello<br />
|- <br />
| 16:20 - 16:30<br />
| Agradecimientos y cierre<br />
|<br />
|}<br />
<br />
'''Sabado 11 de abril'''<br><br />
''Valor del entrenamiento: u$s 250''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="450" align="center" | Entrenamiento<br />
! width="150" align="center" | Expositor<br />
<br />
|-<br />
| 08:00 - 12:00<br />
| Hacking de aplicaciones web basado en OWASP Top 10 (Parte 1)<br />
| Cristian Borghello<br />
|- <br />
| 12:00 - 13:00<br />
| Pausa para almuerzo<br />
|<br />
|-<br />
| 13:00 - 17:00<br />
| Hacking de aplicaciones web basado en OWASP Top 10 (Parte 2)<br />
| Cristian Borghello<br />
|}<br />
<br />
===¿Dónde?===<br />
'''Viernes 10'''<br><br />
Universidad Nacional del Comahue, Buenos Aires 1400, Neuquén<br><br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br><br><br />
'''Sabado 11'''<br><br />
Instituto Icono, Santa Fe 355, Neuquén<br><br />
[[File:MapaIFES.png|link=https://www.google.com.ar/maps/place/Icono+S.r.l./@-38.9517208,-68.0592463,16z/data=!4m2!3m1!1s0x960a33d10f798455:0xed1c52f760942955?hl=es-419]]<br />
<br />
===Afiche para difusión===<br />
[[File:PosterLatamtour2015-Patagonia.jpg|link=https://www.owasp.org/images/6/60/Poster_Latamtour.pdf]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
=BUENOS AIRES=<br />
<br />
Invitamos a estudiantes, desarrolladores, expertos en seguridad informática y curiosos en general a compartir con la comunidad de OWASP un nuevo evento en Buenos Aires! Será una jornada de charlas técnicas, en un ambiente relajado e ideal para conocer otras personas interesadas en la seguridad en aplicaciones.<br />
<br />
<br />
=='''Inscripcion'''==<br />
<br />
Recuerden que es necesario [https://www.regonline.com/owasplatamtour15argentina '''inscribirse'''] para asistir. La registración es '''completamente gratis''' y es unicamente utilizada para verificar su identidad en la entrada de la Universidad.<br />
<br />
== '''Fecha y lugar'''==<br />
<br />
24 Abril 2015 - 9am (puntual!)<br><br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
[https://www.google.com.ar/maps/place/Av+Rivadavia+2258,+Buenos+Aires,+Ciudad+Aut%C3%B3noma+de+Buenos+Aires/@-34.6096561,-58.3984517,17z/data=!3m1!4b1!4m2!3m1!1s0x95bccae91dc7f349:0x3177aaca9808e637 Av. Rivadavia 2258, Ciudad Autonoma de Buenos Aires]<br><br />
<br />
<br />
== '''Charlas'''==<br />
<br />
<table width="761" border="1" cellpadding="0" cellspacing="0" ><br />
<tr style="background-color: #30608f; color:#FFF;"><br />
<td><b>Hora</b></td><br />
<td><b>Titulo</b></td><br />
<td><b>Orador</b></td><br />
</tr><br />
<tr><br />
<td width="100">9:10</td><br />
<td width="491">Introducción a OWASP</td><br />
<td width="200">Fabio Cerullo</td><br />
</tr><br />
<tr><br />
<td width="100">9:35</td><br />
<td width="491">Steering a Bullet Train</td><br />
<td width="200">Santiago Kantorowicz</td><br />
</tr><br />
<tr><br />
<td width="100">10:25</td><br />
<td width="491">Y ahora nos preocupamos por la privacidad? Gracias #Snowden</td><br />
<td width="200">Mariano M. del Rio</td><br />
</tr><br />
<tr><br />
<td width="100">10:50</td><br />
<td width="491">Coffee break</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">11:20</td><br />
<td width="491">Building a High Interaction Honeypot: Implementation and logging techniques</td><br />
<td width="200">Fernando Catoira</td><br />
</tr><br />
<tr><br />
<td width="100">11:45</td><br />
<td width="491">[https://www.owasp.org/index.php/LatamTour2015/VulnerabilidadesGatewayPago Vulnerabilidades en Gateways de Pago]</td><br />
<td width="200">[https://www.linkedin.com/in/ariancho Andrés Riancho]</td><br />
</tr><br />
<tr><br />
<td width="100">12:35</td><br />
<td width="491">Almuerzo</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">13:55</td><br />
<td width="491">Threat not found!</td><br />
<td width="200">Sheila Berta</td><br />
</tr><br />
<tr><br />
<td width="100">14:20</td><br />
<td width="491">Mobile Apps and How To Pentest Them</td><br />
<td width="200">Gustavo Sorondo</td><br />
</tr><br />
<tr><br />
<td width="100">15:10</td><br />
<td width="491">Coffee break</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">15:40</td><br />
<td width="491">HP Sponsor talk</td><br />
<td width="200">TBD</td><br />
</tr><br />
<tr><br />
<td width="100">16:05</td><br />
<td width="491">Web Security for Bitcoin Services</td><br />
<td width="200">Juliano Rizzo</td><br />
</tr><br />
</table><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
[https://www.owasp.org/index.php/Chile El Capítulo Chileno de OWASP], tiene el agrado de invitar a la conferencia LatamTour2015, con el auspicio de [http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC] sede Alonso Ovalle.<br />
<br />
OWASP es una organización mundial sin fines de lucro dedicada a identificar y combatir las causas que hacen inseguro el software. Revise nuestra documentación y metodologías en los [[:Category:OWASP_Project|Proyectos OWASP]] donde encontrará valioso material de aplicación práctica en los ambientes corporativos. Asista a los talleres y conferencias del LatamTour y aprenda como sacar provecho a estos recursos de libre acceso.<br />
<br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''HAGA CLICK AQUI PARA REGISTRARSE''']<br />
<br><br />
Para asistentes registrados se sortean 5 membresías, que permiten acceder gratis (o con descuento preferente) a eventos y talleres OWASP durante 12 meses.<br />
Inscribase y asegure su confirmación de reserva preferente.<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#4B0082" align="center" colspan="6" | <span style="color:#ffffff"> '''DETALLES DE LA CONFERENCIA (Miércoles 8 de Abril en DUOC-UC sede Alonso Ovalle Nro.1586 -Metro Moneda-)'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Horario''' <br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Modulo'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Ponente'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 - 09:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 09:30 - 10:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Bienvenida y Presentación del Evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | DUOC-UC y OWASP-Chile<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Rodrigo Cea Warner. Director de Carrera DUOC-UC. Carlos Allendes Droguett Chapter Leader OWASP Chile.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 - 10:50<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Bug Bounty, programs reload<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Ormeño y Freddy Grey (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoques e investigación sobre programas de BUG BOUNTY periodico a través de vectores de ataque poco convencionales.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 10:50 - 11:05<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:10 - 12:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Analizando tráfico WIFI de smartphones <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Yago Fernández H. (ESPAÑA)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Es seguro utilizar redes WiFi? Intercepción on-line del tráfico wi-fi en conexiones de smartphone y tecnicas de hacking. <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:00 - 12:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Estado transparente, descentralización y confianza ¿Apoyado con Tecnología?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esteban Valenzuela Van Treek (Escritor, doctor en Historia, ex alcalde/diputado, Director de Ciencia Política U.A.Hurtado)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Potenciar el regionalismo, la descentralización y la trasparencia del pais, usando la tecnología e internet (teletrabajo, e-learning, flexibilidad laboral, innovación, etc.)<br />
|-|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:35 - 13:10<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gestionar la inversión en seguridad con OpenSAMM. Donde Iniciar?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Allendes Droguett (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoque Tecnico y Ecónomico para maximizar el retorno de la inversión en hacking etico, pentesting, desarrollo seguro, análisis del código, pruebas de seguridad.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 13:10 - 14:50<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Break para Almorzar<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:50 - 15:40<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking efectivo: Desde una credencial hasta el Domain Admin en un solo día<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ricardo Supo P. (PERU)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Como ganar acceso a credenciales locales de dominio y escalar privilegios hasta obtener un acceso de administrador de dominio.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:40 - 16:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | HTTPS: Usted, úselo bien.<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cristián Rojas, CLCERT U.de Chile<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Que riesgos acechan, aunque tengamos instalado SSL/TLS? Año 2014 fue intenso: Heartbleed, POODLE, y errores de implementación como el GOTO FAIL.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 16:30 - 16:40<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:40 - 17:20<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Seguridad Incorporada al Ciclo de Desarrollo<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Alejandro Johannes (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Principios y fundamentos para disponer de una gestión con seguridad y calidad en el Ciclo de Desarrollo de aplicaciones.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:20 - 18:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Importancia de la seguridad en el software<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hector Takami (MEXICO)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | En lo que respecta a la seguridad del software, dar importancia a proyectos como OpenSAMM e integrar estas sugerencias en un modelo de seguridad aplicativa.<br />
|-<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 18:00 - 18:10<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Cierre del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Sorteo de Premios<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | membresías OWASP (entre inscritos)<br />
|-<br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="6" | <span style="color:#ffffff"> '''TALLERES (Jueves 9 de Abril)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 9 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 9 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
<br />
|}<br />
<br/><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
[[File:Owasp_upb_2015.jpg|link=https://www.google.com/maps/place/Universidad+Pontificia+Bolivariana+Seccional+Bucaramanga/@7.0389574,-73.071732,14z/data=!4m2!3m1!1s0x8e6840b36653b9c5:0x4dcdbc55842151df]]<br />
<br><br />
<br><br />
===REGISTRO===<br />
Recuerde que el ingreso al evento es <b>TOTALMENTE GRATUITO, sólo debe registrarse previamente</b>.<br><br />
[[File:Register.gif|link=https://www.regonline.com/owasplatamtour15colombia]]<br />
<!--[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']--><br />
<br><br />
<br><br />
<br />
===CONFERENCIAS===<br />
<br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 7:30 a.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">8:00</td><br />
<td width="212" bgcolor="#CED7EF">Diego Ademir Duarte Santana</td><br />
<td width="482" bgcolor="#CED7EF"><b>OWASP ASVS 2.0 Web Application Standard</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">9:00</td><br />
<td>Jhon César Arango Serna</td><br />
<td><b>IPv6 Ventaja o Amenaza</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:00</td><br />
<td bgcolor="#CED7EF">Hugo Armando Rodriguez Vera</td><br />
<td bgcolor="#CED7EF"><b>Protección de Datos Personales, infracción y consecuencias</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FFFFFF" style="text-align: center">11:00</td><br />
<td bgcolor="#FFFFFF">MundoHacker</td><br />
<td bgcolor="#FFFFFF"><b>Ciberespionaje y Cibercrimen as a Service</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Lunch</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">14:00</td><br />
<td bgcolor="#CED7EF">German Alonso Suárez Guerrero</td><br />
<td bgcolor="#CED7EF"><b>OWASP Proactive Controls</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">15:00</td><br />
<td>Ronald Escalona</td><br />
<td><b>Hardening del Servidor Web, enfoque práctico con jail/chroot para entornos multisitios</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">16:00</td><br />
<td bgcolor="#CED7EF">Javier Orlando Mantilla P</td><br />
<td bgcolor="#CED7EF"><b>Seguridad en desarrollo de aplicaciones web usando Apache Tomee</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Finish Event</td><br />
</tr><br />
</table><br />
<br><br />
<b>Tendremos algunas otras sorpresas más relacionadas con SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD !!!!</b><br />
<br><br />
<br><br />
Se contará con <b>transmisión vía streaming</b> para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===PATROCINIO===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
<br />
[[File:Santa.jpg]]<br />
<br><br />
<br><br />
<br><br />
Lugar: Universidad NUR<br />
<br><br />
Dirección: Av. Banzer, Victorino Rivero 100<br />
<br><br />
Santa Cruz de la Sierra, Bolivia<br />
<br><br />
Fecha: 17 y 18 de abril del 2015<br />
<br><br />
<br><br />
[[File:Mapa.jpg]]<br />
<br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
<br />
'''Viernes 17 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="150" align="center" | Expositor<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | País<br />
<br />
|-<br />
! 08:00 - 08:30<br />
| colspan="3" style="text-align: center;" | Registro - Acreditación<br />
|- <br />
! 08:30 - 09:00<br />
| colspan="3" style="text-align: center;" | Video: Mundo Hacker - Proyecto OWASP<br />
|- <br />
! 09:00 - 09:50<br />
| Jaime Iván Mendoza Ribera<br />
| Análisis de vulnerabilidades web<br />
| Santa Cruz, Bolivia<br />
|-<br />
! 09:50 - 10:40<br />
| Cesar Roberto Cuenca Díaz<br />
| Desarrollo Seguro Principios y Buenas Prácticas.<br />
| La Paz, Bolivia<br />
|- <br />
! 10:40 - 11:30<br />
| Juan Pablo Barriga Sapiencia<br />
| Riegos en TI<br />
| Sucre, Bolivia<br />
|- <br />
! 11:30 - 12:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|-<br />
! 12:00 - 12:50 <br />
| Walter Camama Menacho<br />
| MiTM a nivel de browser con beef y metasploit<br />
| Trinidad, Bolivia<br />
|-<br />
! 12:50 - 13:40<br />
| Leonardo Camilo Quenta Alarcon<br />
| Seguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 13:40 - 14:30<br />
| Deyvi Bustamante Perez<br />
| Exploit development<br />
| Sucre , Bolivia<br />
|-<br />
! 14:30 - 15:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|- <br />
! 15:00 - 15:50<br />
| Gonzalo Nina Mamani<br />
| Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web<br />
| Cochabamba , Bolivia<br />
|-<br />
! 15:50 - 16:40<br />
| Hernán Marcelo Leytón Balderrama<br />
| Seguridad en los Satélites de Comunicación<br />
| Potosí, Bolivia<br />
|-<br />
! 16:40 - 17:30<br />
| Juan Alberto Fajardo Canaza<br />
| WAF Testing Framework<br />
| Potosí, Bolivia<br />
|}<br />
<br />
<br />
'''Sabado 18 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="150" align="center" | Expositor<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | País<br />
<br />
|-<br />
! 08:00 - 08:30<br />
| colspan="3" style="text-align: center;" | Acreditación<br />
|- <br />
! 09:00 - 09:50<br />
| Alex Villegas y Roller Ibanez<br />
| Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301<br />
| Cochabamba, Bolivia<br />
|-<br />
! 09:50 - 10:40<br />
| Richard Villca Apaza<br />
| Rompiendo el modelo de negocios: Debugging Android Apps<br />
| La Paz, Bolivia<br />
|- <br />
! 10:40 - 11:30<br />
| Cristhian Lima Saravia<br />
| Framework Pleni<br />
| Cochabamba, Bolivia<br />
|- <br />
! 11:30 - 12:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|-<br />
! 12:00 - 12:50 <br />
| Elvin Vidal Mollinedo Mencia<br />
| Los 7 pecados de un desarrollador Web<br />
| Santa Cruz, Bolivia<br />
|-<br />
! 12:50 - 13:40<br />
| Alvaro Machaca Tola<br />
| Análisis de riesgos aplicando la metodología OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 13:40 - 14:30<br />
| Erick Calderon Mostajo<br />
| Herramientas de Aprendizaje OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 14:30 - 15:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|- <br />
! 15:00 - 15:50<br />
| Daniel Torres Sandi<br />
| Headers seguros en HTTP<br />
| Sucre , Bolivia<br />
|-<br />
! 15:50 - 16:50<br />
| Gabriel Labrada Hernandez (INTEL MEXICO)<br />
| Seguridad en Hardware y los servicios en la nube<br />
| Mexico<br />
|-<br />
! 16:50 - 17:50<br />
| Jacobo Tibaquira<br />
| Atacando al atacante (DRAGON JAR)<br />
| Colombia<br />
|}<br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
El evento se va a llevar a cabo en el auditorio de la Ciudad de la Investigación de la Universidad de Costa Rica. [http://goo.gl/Y64lZG'''Ver Dirección exacta''']<br />
<br />
[[File:Mapa-ucr-auditorio.png|800px]]<br />
<br />
<br><br />
<br />
=== REGISTRO ===<br />
Recuerde que el ingreso al evento es totalmente gratuito, sólo debe registrarse previamente. '''El comprobante de registro será solicitado en el momento de ingresar en el auditorio'''.<br />
[https://www.regonline.com/owasplatamtour15costarica'''Pulse aquí para registrarse en el evento.''']<br />
<br><br />
<br />
=== CONFERENCIAS-LISTADO DE EXPOSITORES===<br />
<br />
'''Martes 21 de Abril'''<br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Recepción y Registro De 7:30 am a 8:00 am</td><br />
</tr><br />
<tr><br />
<td width="150" bgcolor="#CED7EF" style="text-align: center">8:00 am a 8:10 am</td><br />
<td width="212" bgcolor="#CED7EF">OWASP Costa Rica &amp; UCR</td><br />
<td width="500" bgcolor="#CED7EF"><b>Palabras de Bienvenida</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">8:10-9:00 am</td><br />
<td bgcolor="#CED7EF">Fabio Cerullo , <b>Dublin Irlanda</b></td><br />
<td bgcolor="#CED7EF"><b>Keynote: Desarrollo Rápido y Seguro de Aplicaciones – Es posible tener las dos cosas? </b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">09:00-09:50 am</td><br />
<td bgcolor="#CED7EF"> Eduardo Rojas</td><br />
<td bgcolor="#CED7EF"><b>Bloques de construcción en la implementación estratégica del software seguro con SAMM</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">09:50-10:10am</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:10-11:00 am</td><br />
<td bgcolor="#CED7EF">Mauricio Oviedo</td><br />
<td bgcolor="#CED7EF"><b>Manejo Seguro del DNS</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">11:00-11:50 am</td><br />
<td bgcolor="#CED7EF">Walter Montes</td><br />
<td bgcolor="#CED7EF"><b>Buenas prácticas para manejo de autenticación y sesión</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">11:50-1:20 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Almuerzo Libre</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">1:20-2:10 pm</td><br />
<td bgcolor="#CED7EF">Randall Barnett</td><br />
<td bgcolor="#CED7EF"><b>Vulnerabilidades encontradas en Sistema de Control de Tráfico Nacional</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">2:15-3:05 pm</td><br />
<td bgcolor="#CED7EF"> Mario Robles</td><br />
<td bgcolor="#CED7EF"> <b>Web Application Penetration Testing</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">3:05-3:25 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">3:25-4:15 pm</td><br />
<td bgcolor="#CED7EF">TBD </td><br />
<td bgcolor="#CED7EF"><b>TBD</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:15-5:00 pm</td><br />
<td bgcolor="#CED7EF">Bertin Bervis</td><br />
<td bgcolor="#CED7EF"><b>MiTM Attacks con DNS proxys a escala WAN el modem bajo ataque</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">5:00 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Palabras de cierre</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== PATROCINIO===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las oportunidades de patrocinio <br />
Cualquier consulta pueden contactar a [mailto:michael.hidalgo@owasp.org Michael Hidalgo].<br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
===CONFERENCIAS===<br />
<b>Día 1</b><br />
<b>Abril 21</b><br />
<br><br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 1:30 p.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">2:00</td><br />
<td width="212" bgcolor="#CED7EF">Camilo Fernandez</td><br />
<td width="482" bgcolor="#CED7EF"><b>OWASP Tools</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">3:00</td><br />
<td>Pablo Barrera</td><br />
<td><b>La verdad sobre los ataques de denegación de servicio</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:30</td><br />
<td bgcolor="#CED7EF">Oscar Rodas y Marco To</td><br />
<td bgcolor="#CED7EF"><b>Avances en investigación sobre seguridad informática</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FFFFFF" style="text-align: center">5:15</td><br />
<td bgcolor="#FFFFFF">Elder Guerra</td><br />
<td bgcolor="#FFFFFF"><b>Un verdadero análisis de riesgos</b></td><br />
</tr><br />
</table><br />
<br><br />
<b>Día 2</b><br />
<b>Abril 22</b><br />
<br><br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 1:30 p.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">2:00 PM Salon 1</td><br />
<td width="212" bgcolor="#CED7EF">Luis Cordon</td><br />
<td width="482" bgcolor="#CED7EF"><b>Web Pentesting</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2:00 PM Salon 2</td><br />
<td>Pablo Barrera</td><br />
<td><b>Server Hardening: métodos de aseguramiento de tu servidor web y los datos que contiene</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:00PM</td><br />
<td bgcolor="#CED7EF"><b>Concurso de Ethical Hacking</b></td><br />
</tr><br />
</table><br />
<b>Tendremos algunas otras sorpresas más relacionadas con SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD !!!!</b><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''TALLERES Y CONFERENCIAS''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Latam Tour - Lima 2015''' == <br />
<br />
'''Viernes 17 de Abril''' ''(Talleres)'' <br>'''Sábado 18 de Abril''' ''(Conferencia)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''Descripcion y Objetivo'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP LATAM TOUR,''' es una gira por Latino América que promueve la seguridad en aplicaciones web en diversas instituciones, como: universidades, organismos gubernamentales, empresas de TI y entidades financieras, buscando crear conciencia sobre la seguridad en las aplicaciones y puedan tomar decisiones informadas sobre los verdaderos riesgos de seguridad.<br />
<br />
*Ademas del OWASP Top 10, la mayoría de los [[:Category:OWASP_Project|Proyectos OWASP]] no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial. <br />
<br />
*Esta serie de talleres y conferencias tienen como objetivo cambiar esta situación proporcionando una explicación sobre los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.<br />
|}<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''LIMA PERÚ'''</span><br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> '''TALLERES (Viernes 17)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Viernes 17 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | ''' San Isidro '''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | Durante todo el OWASP LatamTour se estarán realizando talleres de capacitación dictados por destacados profesionales en la materia.<br> <br />
'''Duracion:''' 8 horas<br> <br />
'''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br> <br />
'''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br> <br />
'''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN'''] '''<br><br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''TALLER 1'''</span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Taller''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''De 0 a Ninja con Metasploit'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | [[Image:Dragonjar.jpg|150px]]<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | El taller de 0 a Ninja con Metasploit, busca detallar el uso de la herramienta Metasploit ampliamente utilizada en auditorias de seguridad por profesionales del área, desde su instalación y puesta a punto para el trabajo, hasta el uso de sus funciones para llevar a feliz termino una auditoria en seguridad.<br />
De 0 a Ninja DragonJAR<br />
<br />
Este curso, altamente práctico, tiene una duración de 8 horas en las que los asistentes podrán acortar la curva de aprendizaje, gracias a la transmisión de conocimientos y experiencias de los docentes, altamente calificados, con el fin de que una vez finalizado el taller puedas aplicar los conocimientos adquiridos.<br />
<br />
Duracion: 1 día (8 horas)<br />
====De 0 a Ninja con Metasploit====<br />
*Introducción a Metasploit<br />
*Introducción a la linea de comandos de Metasploit<br />
*Trabajando con Metasploit y sus componentes (msfconsole, msfcli, msfgui, msfweb, msfpayload, msfencode, msfvenom, etc…)<br />
*Etapas de un Pentesting y las herramientas para realizarlas incluidas en Metasploit<br />
*Post-Explotación, ya tengo shell … ¿ahora que hago?<br />
*Trabajando con Meterpreter<br />
*Trabajo colaborativo usando Armitage/Cobalt Strike<br />
*Generando el informe ¿Alguna tool que pueda ayudarme?<br />
<br />
<br><br />
'''Perfil del Trainer : '''<br />
<br />
'''[https://twitter.com/DragonJAR/ Jaime Andrés Restrepo (DragonJAR)]''', es Ingeniero en Sistemas y Telecomunicaciones de la Universidad de Manizales. Information Security Researcher con más de 10 años de experiencias en Ethical Hacking, Pen Testing y Análisis Forense. Docente Universitario en Pre y Post-Grado, Speaker y Organizador de diferentes eventos de Seguridad Informática, Co-Fundador del ACK Security Conference, Fundador de DragonJAR SAS y de La Comunidad DragonJAR, una de las comunidades de seguridad informática mas grandes de habla hispana y referente en el sector. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 9:00am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRESE AL TALLER AQUI'''] '''<br> <br><br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''TALLER 2'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Taller''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Introducción a la Seguridad en Aplicaciones Web'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | [[Image:Cerullof.jpg|150px]]<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
'''Format:'''<br />
<br />
El taller combina la teoría y ejecícios practicos. Los participantes aprenderán a identificar vulnerabilidades en sitios web espeficamente diseñados con vulnerabilidades y errores de código, explotandolas utilizando diferentes tecnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- Material Impreso<br><br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnológia usada en Aplicaciones Web.<br />
*Áreas criticas en una Aplicación Web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
'''Perfil del Trainer : '''<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRESE AL TALLER AQUI!'''] '''<br> <br><br />
|-<br />
|}<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> '''CONFERENCIAS (Sábado 18)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | Sábado 18 de Abril<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Universidad Tecnológica del Peru - Esquina Av. 28 de Julio con Av. Petit Thouars, Lima – Perú'''<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Precio y Registro'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | El ingreso a las conferencias es '''GRATUITO''' - El proceso de registro lo podrá ubicar en el siguiente link : <br><br />
[https://www.regonline.com/owasplatamtour15lima'''EL REGISTRO SE ENCUENTRA ABIERTO!''']<br />
<br><br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Promociones'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | OFERTA ESPECIAL - Durante todo el OWASP Latam Tour el costo de la membresía anual es de solamente U$D 20. Utilice el código de descuento "LATAM" durante el proceso de registro electrónico como miembro individual en el enlace disponible a continuación.<br><br />
[http://myowasp.force.com/memberappregion Hágase MIEMBRO DE OWASP AQUÍ] <br><br />
'''Si usted aun no es miembro OWASP, por favor considere unirse a nuestra organización.'''<br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''DETALLES DE LA JORNADA'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | ''' - '''<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Ponente'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 9:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | OWASP PERU<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Presentación del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/John_Vargas John Vargas]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cyber War in Web and Mobile Applications <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/stinguer88 Jesús González (ESP)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Desarrollo Rápido y Seguro de Aplicaciones – Es posible tener las dos cosas?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |[https://twitter.com/fcerullo Fabio Cerullo (ARG)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Seguridad en Aplicaciones Moviles<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/pITea_security Juan Pablo Quiñe]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Todos a Sh3ll34r!<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/gabsitus Gabriel Lazo]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Se verán distintas técnicas utilizadas por atacantes maliciosos para lograr subir shells y obtener acceso a servidores web.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | OWASP Zap <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/Alonso_ReYDeS Alonso Caballero]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hackeando Carros en Latinoamérica<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/DragonJAR Andrés Restrepo (COL) (DragonJAR)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|}<br />
<br />
=URUGUAY=<br />
<br />
== '''Conferencia: 15 de abril de 2015 ''' ==<br />
El evento más importante de la región llega nuevamente a Uruguay, OWASP Latam tour 2015!. Expositores internacionales estarán presentando conferencias sobre los temas más importantes en Seguridad en Aplicaciones.<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA REGISTRARSE AL EVENTO HAGA CLIC AQUI! - SIN COSTO''']<br />
<br />
'''¿Dónde?''' <br />
<br />
[http://www.ucu.edu.uy/ Universidad Católica del Uruguay]<br><br />
Av. 8 de Octubre 2738<br><br />
Montevideo 11600 Montevideo, Uruguay. <br><br />
Ver en [https://www.google.com/maps/place/Universidad+Cat%C3%B3lica+del+Uruguay/@-34.888694,-56.159218,17z/data=!3m1!4b1!4m2!3m1!1s0x0:0x13508c3340b76e45 Google Maps]<br />
<br><br />
<br />
== '''Conferencias: Miércoles 15 de abril''' ==<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#4B0082" align="center" colspan="6" | <span style="color:#ffffff"> '''DETALLES DE LA CONFERENCIA - Miércoles 15 de Abril (Universidad Católica del Uruguay)'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Horario''' <br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Expositor'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Titulo'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 17:30 - 18:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:00 - 18:45<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cristian Borghello<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Certificate Pinning: ¿tenemos el c...ertificado roto?<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esta charla pretende demostrar en vivo la explotación de distintas vulnerabilidades en una aplicación móvil de tal manera que podamos revisar las causas y consecuencias, ademas recomendar las medidas de seguridad pertinentes.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:45 - 19:15<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Edgar Salazar<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Inseguridad en Aplicaciones Móviles<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esta charla pretende demostrar en vivo la explotación de distintas vulnerabilidades en una aplicación móvil de tal manera que podamos revisar las causas y consecuencias, ademas recomendar las medidas de seguridad pertinentes.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 19:15 - 19:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 19:30 - 20:15<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Eduardo Santiago<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | (IN)secure Development<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Forget Injection and XSS<br />
This lecture aims to demonstrate simple traps in web development, and bad practices in addition to some factors are likely to cause critical security flaws. We will analyze some cases and demonstrate ways to mitigate and correct such failures.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 20:15 - 21:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ricardo Supo Picón<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking Efectivo<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Los dominios windows están presentes en gran cantidad de organizaciones, en estos la autenticación de usuarios esta disponible en muchos servicios. En esta charla analizaremos los distintos tipos de autenticación de windows y como obtener credenciales locales y de dominio así mismo como a partir de una sola credencial se puede obtener más credenciales hasta obtener un administrador de dominio. Así mismo se detallará como poder realizar intrusiones masivas en red de computadores que ayudan a que un sólo hacker pueda multiplicar sus actividades y conseguir su objetivo en un sólo día, presentación de la herramienta Domainator.<br />
|-|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 21:00 - 21:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Victor Rojo<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Porque la seguridad en software es tan importante?<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoque Tecnico y Ecónomico para maximizar el retorno de la inversión en hacking etico, pentesting, desarrollo seguro, análisis del código, pruebas de seguridad.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 21:30 - 22:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Cierre del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Sorteo de Premios<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="6" | <span style="color:#ffffff"> '''TALLERES (Jueves 16 de Abril)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 16 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | TRAINING 1: Hacking de aplicaciones web basado en OWASP Top 10 (Costo: USD 250) by Cristian Borghello<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Universidad Católica del Uruguay<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Los desarrolladores son una raza extraña. Los Pentesters viven en una burbuja. Este entrenamiento ayuda a los desarrolladores a conocer sobre seguridad en el desarrollo web y a los Pentesters a probar aplicaciones web de forma adecuada.<br />
<br />
Objetivos: - Conocer OWASP Top 10 (quick summary) - Aprender cómo comprobar cada vulnerabilidad desde el punto de vista del Desarrollador y del Pentester - Conocer recomendaciones desde el punto de vista del Pentester - Conocer recomendaciones desde el punto de vista del Desarrollador<br />
<br />
Orientado a desarrolladores, pentesters y personas relacionados con el ciclo de vida del desarrollo de software o sus pruebas de seguridad. <br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 16 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | TRAINING 2: BYOX101/Construya su propio xploit 101/Build Your Own Xploit 101 (Costo: USD 250) by Mauricio Campiglia<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Universidad Católica del Uruguay<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | ¿Alguna vez te preguntaste de dónde salen ese montón de numeritos que por arte de magia te dejan en una línea de comandos con privilegios? Esta es tu oportunidad para conocer de dónde salen y porqué están ahí y no en otro lugar. Este entrenamiento te guía desde cero hasta la creación de exploits sencillos e intermedios aprendiendo en el recorrido los por qué de cada paso. No se verán exploits de dia cero ni muy complejos, nos concentraremos en lo probado y conocido pues el objetivo es entender el proceso de creación de un exploit.<br />
<br />
Detalles:<br />
<br />
Entrenamiento mayormente práctico de creación básica de exploits para sistemas MS Windows. Se usarán ejemplos conocidos pero fiables y se crearán programas de ejemplo vulnerables a propósito.<br />
<br />
Conocimientos obtenidos:<br />
<br />
Quienes asistan entenderán el proceso de creación de un exploit entendiendo en el camino la confirmación de memoria de sistemas MS Windows y las protecciones de este sistema. ¿Por qué participar de este entrenamiento?<br />
<br />
La habilidad de creación de exploits no es algo que se encuentre facilmente en un curso.<br />
Entender este proceso te da la flexibilidad de adaptarte cuando un ataque no funciona tal como te lo dieron.<br />
Desenmarañar el porqué de un montón de números sin sentido que te dan un acceso que no tienes es mágico.<br />
<br />
|}<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA REGISTRARSE AL EVENTO HAGA CLIC AQUI! - SIN COSTO''']<br />
<br />
== '''Trainings: Jueves 16 de abril de 8am a 5pm''' ==<br />
<br />
=== TRAINING 1: Hacking de aplicaciones web basado en OWASP Top 10 (Costo: USD 250) ===<br />
<br />
'''Instructor:''' Christian Borghello<br />
<br />
Los desarrolladores son una raza extraña. Los Pentesters viven en una burbuja. Este entrenamiento ayuda a los desarrolladores a conocer sobre seguridad en el desarrollo web y a los Pentesters a probar aplicaciones web de forma adecuada.<br />
<br />
Objetivos: - Conocer OWASP Top 10 (quick summary) - Aprender cómo comprobar cada vulnerabilidad desde el punto de vista del Desarrollador y del Pentester - Conocer recomendaciones desde el punto de vista del Pentester - Conocer recomendaciones desde el punto de vista del Desarrollador <br />
<br />
Orientado a desarrolladores, pentesters y personas relacionados con el ciclo de vida del desarrollo de software o sus pruebas de seguridad. <br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA INSCRIBIRSE HAGA CLIC AQUI!''']<br />
<br />
=== TRAINING 2: BYOX101/Construya su propio xploit 101/Build Your Own Xploit 101 (Costo: USD 250) ===<br />
<br />
'''Instructor:''' Mauricio Campiglia<br />
<br />
¿Alguna vez te preguntaste de dónde salen ese montón de numeritos que por arte de magia te dejan en una línea de comandos con privilegios? Esta es tu oportunidad para conocer de dónde salen y porqué están ahí y no en otro lugar. Este entrenamiento te guía desde cero hasta la creación de exploits sencillos e intermedios aprendiendo en el recorrido los por qué de cada paso. No se verán exploits de dia cero ni muy complejos, nos concentraremos en lo probado y conocido pues el objetivo es entender el proceso de creación de un exploit.<br />
<br />
'''Detalles''':<br /><br />
<br />
Entrenamiento mayormente práctico de creación básica de exploits para<br />
sistemas MS Windows. Se usarán ejemplos conocidos pero fiables y se crearán<br />
programas de ejemplo vulnerables a propósito.<br />
<br />
'''Conocimientos obtenidos''':<br /><br />
<br />
Quienes asistan entenderán el proceso de creación de un exploit entendiendo en el camino la confirmación de memoria de sistemas MS Windows y las protecciones de este sistema. ¿Por qué participar de este entrenamiento?<br />
* La habilidad de creación de exploits no es algo que se encuentre facilmente en un curso.<br />
* Entender este proceso te da la flexibilidad de adaptarte cuando un ataque no funciona tal como te lo dieron.<br />
* Desenmarañar el porqué de un montón de números sin sentido que te dan un acceso que no tienes es mágico.<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA INSCRIBIRSE HAGA CLIC AQUI!''']<br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd 2015''' ==<br />
[[File:bwoltv.png| center |bwoltv.png ]]<br />
<br><br />
<br />
== Registro ==<br />
El registro es totalmente gratis, nos complacería mucho que nos acompañaras este día. <br />
<br />
Te esperamos!!!<br />
<br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGISTRATE AQUI''']<br />
<br><br />
<br><br />
<br />
== UBICACIÓN ==<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
<br />
[[File:UbicacionLatamCaracas.png]]<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Registro 8:30 am</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">9:00 am</td><br />
<td width="212" bgcolor="#CED7EF">OWASP Venezuela & UCV</td><br />
<td width="482" bgcolor="#CED7EF"><b>Palabras de Bienvenida</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">9:15-9:55 am</td><br />
<td bgcolor="#CED7EF"> Jair Garcia</td><br />
<td bgcolor="#CED7EF" ><b>Hacking Etico: Cacería de Vulnerabilidades</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:00-9:35 am</td><br />
<td bgcolor="#CED7EF"> Randy Ortega</td><br />
<td bgcolor="#CED7EF"><b>Sessión Hijacking: Peligro en la web</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">10:40-11:10am</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">11:15-11:50 am</td><br />
<td bgcolor="#CED7EF">Michael Hidalgo (Costa Rica)</td><br />
<td bgcolor="#CED7EF"><b>Ataques de denegación de servicio a través de expresiones regulares: De la explotación a la corrección</b></td><br />
</tr><br />
<br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">12:00-1:30 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Almuerzo Libre</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">1:35-2:10 pm</td><br />
<td bgcolor="#CED7EF">Josmell Chavarri</td><br />
<td bgcolor="#CED7EF"><b>Conociendo al Enemigo: Honeypots</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">2:15-2:40 pm</td><br />
<td bgcolor="#CED7EF" > Rodrigo Bravo y Eliezer Romero</td><br />
<td bgcolor="#CED7EF" > <b>Programación Segura en Python</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">2:45-3:20 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">3:35-4:10 pm</td><br />
<td bgcolor="#CED7EF">Maximiliano Anlonzo (Uruguay) </td><br />
<td bgcolor="#CED7EF"><b>Peligro: software en construcción</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:15-4:40 pm</td><br />
<td bgcolor="#CED7EF">Carlos Suárez</td><br />
<td bgcolor="#CED7EF"><b>Beef como framework de explotación xss</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">4:45-5:00 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Palabras de cierre</td><br />
</tr><br />
</table><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
= CTF =<br />
<br />
Do you have an interest in security or are you a security professional? Either way, you have something to gain from the OWASP Security Shepherd LATAM Tour CTF. OWASP Security Shepherd has been designed and implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn or to improve upon existing manual penetration testing skills. The OWASP Security Shepherd leaders have created a customised version of the project for this CTF. This CTF is for everyone and anyone, so check it out! Just ensure that you follow these rules when you take part;<br />
<br />
== CTF Rules == <br />
- No Denial of Service Attacks.<br><br />
- No automated Scans (you might get banned).<br><br />
- Do not generate large amounts of traffic.<br><br />
- No destructive attacks (don't delete stuff).<br><br />
- Confine hacking on the tasks that are explicitly free to hack.<br><br />
- If you find a cheat or trick to solve things more easily, please report it for Bonus Points.<br><br />
- The organizers might change the rules throughout the challenge.<br><br />
- Participants breaking these rules might be penalized or excluded from the competition.<br><br />
<br />
Follow the CTF twitter feed for CTF news: [https://twitter.com/LatamTourCtf https://twitter.com/LatamTourCtf]<br />
<br />
Enjoying the CTF? Want to contribute? More information on the project here: [https://www.owasp.org/index.php/OWASP_Security_Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd]<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=192745LatamTour20152015-04-05T21:13:30Z<p>Fabio.e.cerullo: /* CTF */</p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |750px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes Droguett [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru'''(Lima) : John Vargas [john.vargas@owasp.org] vía [https://docs.google.com/forms/d/1HJAwdnCxhnDjxdEOrHVBaewrkQncIB2uxHCzxEtxwug '''this Google form''']<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes Droguett [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* Santa Cruz de las Sierras, Bolivia: Daniel Torres [daniel.torres@owasp.org]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Andrea Villar<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=PATAGONIA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
''Conferencias: Libres y gratuitas''<br><br />
''Entrenamiento: 250 dólares''<br><br />
<br />
===CTF Patagonia===<br />
Competencia de hacking "CTF Patagonia".<br><br />
Preparen, aputen,...., [http://ctf-ddn.rhcloud.com/ FUEGO!]<br />
<br />
===Agenda ===<br />
'''Viernes 10 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | Expositor<br />
<br />
|-<br />
| 09:00 - 10:00<br />
| Acreditacion<br />
| <br />
|- <br />
| 10:00 - 10:15<br />
| Bienvenida e intoduccion a OWASP<br />
|<br />
|-<br />
| 10:20 - 11:00<br />
| [https://www.owasp.org/index.php/LatamTour2015/VulnerabilidadesGatewayPago Vulnerabilidades en Gateways de Pago]<br />
| [https://www.linkedin.com/in/ariancho Andrés Riancho]<br />
|- <br />
| 11:00 - 11:30<br />
| Pausa para café<br />
|<br />
|-<br />
| 11:30 - 12:00 <br />
| Aspectos Legales de la Seguridad informática<br><br />
| Marcelo Campetella<br />
|-<br />
| 12:00 - 12:30<br />
| El mercado del Malware en las Apps de los Store para Android<br />
| Claudio Caracciolo<br />
|-<br />
| 12:30 - 14:00<br />
| Pausa para almuerzo<br />
|<br />
|- <br />
| 14:00 - 14:40<br />
| Mobile Apps and how to Pentest them<br />
| Gustavo Sorondo<br />
|-<br />
| 14:40 - 15:10<br />
| CIOs vs CISOs: OWASP al rescate <br />
| Mauro Graziosi<br />
|-<br />
| 15:10 - 15:40<br />
| Pausa para café<br />
|<br />
|-<br />
| 15:40 - 16:20<br />
| Certificate Pinning: ¿tenemos el c...ertificado roto?<br />
| Cristian Borghello<br />
|- <br />
| 16:20 - 16:30<br />
| Agradecimientos y cierre<br />
|<br />
|}<br />
<br />
'''Sabado 11 de abril'''<br><br />
''Valor del entrenamiento: u$s 250''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="450" align="center" | Entrenamiento<br />
! width="150" align="center" | Expositor<br />
<br />
|-<br />
| 08:00 - 12:00<br />
| Hacking de aplicaciones web basado en OWASP Top 10 (Parte 1)<br />
| Cristian Borghello<br />
|- <br />
| 12:00 - 13:00<br />
| Pausa para almuerzo<br />
|<br />
|-<br />
| 13:00 - 17:00<br />
| Hacking de aplicaciones web basado en OWASP Top 10 (Parte 2)<br />
| Cristian Borghello<br />
|}<br />
<br />
===¿Dónde?===<br />
'''Viernes 10'''<br><br />
Universidad Nacional del Comahue, Buenos Aires 1400, Neuquén<br><br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br><br><br />
'''Sabado 11'''<br><br />
Instituto Icono, Santa Fe 355, Neuquén<br><br />
[[File:MapaIFES.png|link=https://www.google.com.ar/maps/place/Icono+S.r.l./@-38.9517208,-68.0592463,16z/data=!4m2!3m1!1s0x960a33d10f798455:0xed1c52f760942955?hl=es-419]]<br />
<br />
===Afiche para difusión===<br />
[[File:PosterLatamtour2015-Patagonia.jpg|link=https://www.owasp.org/images/6/60/Poster_Latamtour.pdf]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
=BUENOS AIRES=<br />
<br />
Invitamos a estudiantes, desarrolladores, expertos en seguridad informática y curiosos en general a compartir con la comunidad de OWASP un nuevo evento en Buenos Aires! Será una jornada de charlas técnicas, en un ambiente relajado e ideal para conocer otras personas interesadas en la seguridad en aplicaciones.<br />
<br />
<br />
=='''Inscripcion'''==<br />
<br />
Recuerden que es necesario [https://www.regonline.com/owasplatamtour15argentina '''inscribirse'''] para asistir. La registración es '''completamente gratis''' y es unicamente utilizada para verificar su identidad en la entrada de la Universidad.<br />
<br />
== '''Fecha y lugar'''==<br />
<br />
24 Abril 2015 - 9am (puntual!)<br><br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
[https://www.google.com.ar/maps/place/Av+Rivadavia+2258,+Buenos+Aires,+Ciudad+Aut%C3%B3noma+de+Buenos+Aires/@-34.6096561,-58.3984517,17z/data=!3m1!4b1!4m2!3m1!1s0x95bccae91dc7f349:0x3177aaca9808e637 Av. Rivadavia 2258, Ciudad Autonoma de Buenos Aires]<br><br />
<br />
<br />
== '''Charlas'''==<br />
<br />
<table width="761" border="1" cellpadding="0" cellspacing="0" ><br />
<tr style="background-color: #30608f; color:#FFF;"><br />
<td><b>Hora</b></td><br />
<td><b>Titulo</b></td><br />
<td><b>Orador</b></td><br />
</tr><br />
<tr><br />
<td width="100">9:10</td><br />
<td width="491">Introducción a OWASP</td><br />
<td width="200">Fabio Cerullo</td><br />
</tr><br />
<tr><br />
<td width="100">9:35</td><br />
<td width="491">Steering a Bullet Train</td><br />
<td width="200">Santiago Kantorowicz</td><br />
</tr><br />
<tr><br />
<td width="100">10:25</td><br />
<td width="491">Y ahora nos preocupamos por la privacidad? Gracias #Snowden</td><br />
<td width="200">Mariano M. del Rio</td><br />
</tr><br />
<tr><br />
<td width="100">10:50</td><br />
<td width="491">Coffee break</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">11:20</td><br />
<td width="491">Building a High Interaction Honeypot: Implementation and logging techniques</td><br />
<td width="200">Fernando Catoira</td><br />
</tr><br />
<tr><br />
<td width="100">11:45</td><br />
<td width="491">[https://www.owasp.org/index.php/LatamTour2015/VulnerabilidadesGatewayPago Vulnerabilidades en Gateways de Pago]</td><br />
<td width="200">[https://www.linkedin.com/in/ariancho Andrés Riancho]</td><br />
</tr><br />
<tr><br />
<td width="100">12:35</td><br />
<td width="491">Almuerzo</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">13:55</td><br />
<td width="491">Threat not found!</td><br />
<td width="200">Sheila Berta</td><br />
</tr><br />
<tr><br />
<td width="100">14:20</td><br />
<td width="491">Mobile Apps and How To Pentest Them</td><br />
<td width="200">Gustavo Sorondo</td><br />
</tr><br />
<tr><br />
<td width="100">15:10</td><br />
<td width="491">Coffee break</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">15:40</td><br />
<td width="491">HP Sponsor talk</td><br />
<td width="200">TBD</td><br />
</tr><br />
<tr><br />
<td width="100">16:05</td><br />
<td width="491">Web Security for Bitcoin Services</td><br />
<td width="200">Juliano Rizzo</td><br />
</tr><br />
</table><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
[https://www.owasp.org/index.php/Chile El Capítulo Chileno de OWASP], tiene el agrado de invitar a la conferencia LatamTour2015, con el auspicio de [http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC] sede Alonso Ovalle.<br />
<br />
OWASP es una organización mundial sin fines de lucro dedicada a identificar y combatir las causas que hacen inseguro el software. Revise nuestra documentación y metodologías en los [[:Category:OWASP_Project|Proyectos OWASP]] donde encontrará valioso material de aplicación práctica en los ambientes corporativos. Asista a los talleres y conferencias del LatamTour y aprenda como sacar provecho a estos recursos de libre acceso.<br />
<br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''HAGA CLICK AQUI PARA REGISTRARSE''']<br />
<br><br />
Para asistentes registrados se sortean 5 membresías, que permiten acceder gratis (o con descuento preferente) a eventos y talleres OWASP durante 12 meses.<br />
Inscribase y asegure su confirmación de reserva preferente.<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#4B0082" align="center" colspan="6" | <span style="color:#ffffff"> '''DETALLES DE LA CONFERENCIA (Miércoles 8 de Abril en DUOC-UC sede Alonso Ovalle Nro.1586 -Metro Moneda-)'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Horario''' <br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Modulo'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Ponente'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 - 09:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 09:30 - 10:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Bienvenida y Presentación del Evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | DUOC-UC y OWASP-Chile<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Rodrigo Cea Warner. Director de Carrera DUOC-UC. Carlos Allendes Droguett Chapter Leader OWASP Chile.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 - 10:50<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Bug Bounty, programs reload<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Ormeño y Freddy Grey (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoques e investigación sobre programas de BUG BOUNTY periodico a través de vectores de ataque poco convencionales.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 10:50 - 11:05<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:10 - 12:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Analizando tráfico WIFI de smartphones <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Yago Fernández H. (ESPAÑA)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Es seguro utilizar redes WiFi? Intercepción on-line del tráfico wi-fi en conexiones de smartphone y tecnicas de hacking. <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:00 - 12:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Estado transparente, descentralización y confianza ¿Apoyado con Tecnología?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esteban Valenzuela Van Treek (Escritor, doctor en Historia, ex alcalde/diputado, Director de Ciencia Política U.A.Hurtado)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Potenciar el regionalismo, la descentralización y la trasparencia del pais, usando la tecnología e internet (teletrabajo, e-learning, flexibilidad laboral, innovación, etc.)<br />
|-|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:35 - 13:10<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gestionar la inversión en seguridad con OpenSAMM. Donde Iniciar?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Allendes Droguett (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoque Tecnico y Ecónomico para maximizar el retorno de la inversión en hacking etico, pentesting, desarrollo seguro, análisis del código, pruebas de seguridad.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 13:10 - 14:50<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Break para Almorzar<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:50 - 15:40<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking efectivo: Desde una credencial hasta el Domain Admin en un solo día<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ricardo Supo P. (PERU)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Como ganar acceso a credenciales locales de dominio y escalar privilegios hasta obtener un acceso de administrador de dominio.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:40 - 16:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | HTTPS: Usted, úselo bien.<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cristián Rojas, CLCERT U.de Chile<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Que riesgos acechan, aunque tengamos instalado SSL/TLS? Año 2014 fue intenso: Heartbleed, POODLE, y errores de implementación como el GOTO FAIL.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 16:30 - 16:40<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:40 - 17:20<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Seguridad Incorporada al Ciclo de Desarrollo<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Alejandro Johannes (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Principios y fundamentos para disponer de una gestión con seguridad y calidad en el Ciclo de Desarrollo de aplicaciones.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:20 - 18:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Importancia de la seguridad en el software<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hector Takami (MEXICO)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | En lo que respecta a la seguridad del software, dar importancia a proyectos como OpenSAMM e integrar estas sugerencias en un modelo de seguridad aplicativa.<br />
|-<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 18:00 - 18:10<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Cierre del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Sorteo de Premios<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | membresías OWASP (entre inscritos)<br />
|-<br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="6" | <span style="color:#ffffff"> '''TALLERES (Jueves 9 de Abril)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 9 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 9 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
<br />
|}<br />
<br/><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
[[File:Owasp_upb_2015.jpg|link=https://www.google.com/maps/place/Universidad+Pontificia+Bolivariana+Seccional+Bucaramanga/@7.0389574,-73.071732,14z/data=!4m2!3m1!1s0x8e6840b36653b9c5:0x4dcdbc55842151df]]<br />
<br><br />
<br><br />
===REGISTRO===<br />
Recuerde que el ingreso al evento es <b>TOTALMENTE GRATUITO, sólo debe registrarse previamente</b>.<br><br />
[[File:Register.gif|link=https://www.regonline.com/owasplatamtour15colombia]]<br />
<!--[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']--><br />
<br><br />
<br><br />
<br />
===CONFERENCIAS===<br />
<br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 7:30 a.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">8:00</td><br />
<td width="212" bgcolor="#CED7EF">Diego Ademir Duarte Santana</td><br />
<td width="482" bgcolor="#CED7EF"><b>OWASP ASVS 2.0 Web Application Standard</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">9:00</td><br />
<td>Jhon César Arango Serna</td><br />
<td><b>IPv6 Ventaja o Amenaza</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:00</td><br />
<td bgcolor="#CED7EF">Hugo Armando Rodriguez Vera</td><br />
<td bgcolor="#CED7EF"><b>Protección de Datos Personales, infracción y consecuencias</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FFFFFF" style="text-align: center">11:00</td><br />
<td bgcolor="#FFFFFF">MundoHacker</td><br />
<td bgcolor="#FFFFFF"><b>Ciberespionaje y Cibercrimen as a Service</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Lunch</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">14:00</td><br />
<td bgcolor="#CED7EF">German Alonso Suárez Guerrero</td><br />
<td bgcolor="#CED7EF"><b>OWASP Proactive Controls</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">15:00</td><br />
<td>Ronald Escalona</td><br />
<td><b>Hardening del Servidor Web, enfoque práctico con jail/chroot para entornos multisitios</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">16:00</td><br />
<td bgcolor="#CED7EF">Javier Orlando Mantilla P</td><br />
<td bgcolor="#CED7EF"><b>Seguridad en desarrollo de aplicaciones web usando Apache Tomee</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Finish Event</td><br />
</tr><br />
</table><br />
<br><br />
<b>Tendremos algunas otras sorpresas más relacionadas con SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD !!!!</b><br />
<br><br />
<br><br />
Se contará con <b>transmisión vía streaming</b> para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===PATROCINIO===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
<br />
[[File:Santa.jpg]]<br />
<br><br />
<br><br />
<br><br />
Lugar: Universidad NUR<br />
<br><br />
Dirección: Av. Banzer, Victorino Rivero 100<br />
<br><br />
Santa Cruz de la Sierra, Bolivia<br />
<br><br />
Fecha: 17 y 18 de abril del 2015<br />
<br><br />
<br><br />
[[File:Mapa.jpg]]<br />
<br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
<br />
'''Viernes 17 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="150" align="center" | Expositor<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | País<br />
<br />
|-<br />
! 08:00 - 08:30<br />
| colspan="3" style="text-align: center;" | Registro - Acreditación<br />
|- <br />
! 08:30 - 09:00<br />
| colspan="3" style="text-align: center;" | Video: Mundo Hacker - Proyecto OWASP<br />
|- <br />
! 09:00 - 09:50<br />
| Jaime Iván Mendoza Ribera<br />
| Análisis de vulnerabilidades web<br />
| Santa Cruz, Bolivia<br />
|-<br />
! 09:50 - 10:40<br />
| Cesar Roberto Cuenca Díaz<br />
| Desarrollo Seguro Principios y Buenas Prácticas.<br />
| La Paz, Bolivia<br />
|- <br />
! 10:40 - 11:30<br />
| Juan Pablo Barriga Sapiencia<br />
| Riegos en TI<br />
| Sucre, Bolivia<br />
|- <br />
! 11:30 - 12:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|-<br />
! 12:00 - 12:50 <br />
| Walter Camama Menacho<br />
| MiTM a nivel de browser con beef y metasploit<br />
| Trinidad, Bolivia<br />
|-<br />
! 12:50 - 13:40<br />
| Leonardo Camilo Quenta Alarcon<br />
| Seguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 13:40 - 14:30<br />
| Deyvi Bustamante Perez<br />
| Exploit development<br />
| Sucre , Bolivia<br />
|-<br />
! 14:30 - 15:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|- <br />
! 15:00 - 15:50<br />
| Gonzalo Nina Mamani<br />
| Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web<br />
| Cochabamba , Bolivia<br />
|-<br />
! 15:50 - 16:40<br />
| Hernán Marcelo Leytón Balderrama<br />
| Seguridad en los Satélites de Comunicación<br />
| Potosí, Bolivia<br />
|-<br />
! 16:40 - 17:30<br />
| Juan Alberto Fajardo Canaza<br />
| WAF Testing Framework<br />
| Potosí, Bolivia<br />
|}<br />
<br />
<br />
'''Sabado 18 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="150" align="center" | Expositor<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | País<br />
<br />
|-<br />
! 08:00 - 08:30<br />
| colspan="3" style="text-align: center;" | Acreditación<br />
|- <br />
! 09:00 - 09:50<br />
| Alex Villegas y Roller Ibanez<br />
| Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301<br />
| Cochabamba, Bolivia<br />
|-<br />
! 09:50 - 10:40<br />
| Richard Villca Apaza<br />
| Rompiendo el modelo de negocios: Debugging Android Apps<br />
| La Paz, Bolivia<br />
|- <br />
! 10:40 - 11:30<br />
| Cristhian Lima Saravia<br />
| Framework Pleni<br />
| Cochabamba, Bolivia<br />
|- <br />
! 11:30 - 12:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|-<br />
! 12:00 - 12:50 <br />
| Elvin Vidal Mollinedo Mencia<br />
| Los 7 pecados de un desarrollador Web<br />
| Santa Cruz, Bolivia<br />
|-<br />
! 12:50 - 13:40<br />
| Alvaro Machaca Tola<br />
| Análisis de riesgos aplicando la metodología OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 13:40 - 14:30<br />
| Erick Calderon Mostajo<br />
| Herramientas de Aprendizaje OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 14:30 - 15:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|- <br />
! 15:00 - 15:50<br />
| Daniel Torres Sandi<br />
| Headers seguros en HTTP<br />
| Sucre , Bolivia<br />
|-<br />
! 15:50 - 16:50<br />
| Gabriel Labrada Hernandez (INTEL MEXICO)<br />
| Seguridad en Hardware y los servicios en la nube<br />
| Mexico<br />
|-<br />
! 16:50 - 17:50<br />
| Jacobo Tibaquira<br />
| Atacando al atacante (DRAGON JAR)<br />
| Colombia<br />
|}<br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
El evento se va a llevar a cabo en el auditorio de la Ciudad de la Investigación de la Universidad de Costa Rica. [http://goo.gl/Y64lZG'''Ver Dirección exacta''']<br />
<br />
[[File:Mapa-ucr-auditorio.png|800px]]<br />
<br />
<br><br />
<br />
=== REGISTRO ===<br />
Recuerde que el ingreso al evento es totalmente gratuito, sólo debe registrarse previamente. '''El comprobante de registro será solicitado en el momento de ingresar en el auditorio'''.<br />
[https://www.regonline.com/owasplatamtour15costarica'''Pulse aquí para registrarse en el evento.''']<br />
<br><br />
<br />
=== CONFERENCIAS-LISTADO DE EXPOSITORES===<br />
<br />
'''Martes 21 de Abril'''<br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Recepción y Registro De 7:30 am a 8:00 am</td><br />
</tr><br />
<tr><br />
<td width="150" bgcolor="#CED7EF" style="text-align: center">8:00 am a 8:10 am</td><br />
<td width="212" bgcolor="#CED7EF">OWASP Costa Rica &amp; UCR</td><br />
<td width="500" bgcolor="#CED7EF"><b>Palabras de Bienvenida</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">8:10-9:00 am</td><br />
<td bgcolor="#CED7EF">Fabio Cerullo , <b>Dublin Irlanda</b></td><br />
<td bgcolor="#CED7EF"><b>Keynote: Desarrollo Rápido y Seguro de Aplicaciones – Es posible tener las dos cosas? </b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">09:00-09:50 am</td><br />
<td bgcolor="#CED7EF"> Eduardo Rojas</td><br />
<td bgcolor="#CED7EF"><b>Bloques de construcción en la implementación estratégica del software seguro con SAMM</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">09:50-10:10am</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:10-11:00 am</td><br />
<td bgcolor="#CED7EF">Mauricio Oviedo</td><br />
<td bgcolor="#CED7EF"><b>Manejo Seguro del DNS</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">11:00-11:50 am</td><br />
<td bgcolor="#CED7EF">Walter Montes</td><br />
<td bgcolor="#CED7EF"><b>Buenas prácticas para manejo de autenticación y sesión</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">11:50-1:20 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Almuerzo Libre</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">1:20-2:10 pm</td><br />
<td bgcolor="#CED7EF">Randall Barnett</td><br />
<td bgcolor="#CED7EF"><b>Vulnerabilidades encontradas en Sistema de Control de Tráfico Nacional</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">2:15-3:05 pm</td><br />
<td bgcolor="#CED7EF"> Mario Robles</td><br />
<td bgcolor="#CED7EF"> <b>Web Application Penetration Testing</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">3:05-3:25 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">3:25-4:15 pm</td><br />
<td bgcolor="#CED7EF">TBD </td><br />
<td bgcolor="#CED7EF"><b>TBD</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:15-5:00 pm</td><br />
<td bgcolor="#CED7EF">Bertin Bervis</td><br />
<td bgcolor="#CED7EF"><b>MiTM Attacks con DNS proxys a escala WAN el modem bajo ataque</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">5:00 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Palabras de cierre</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== PATROCINIO===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las oportunidades de patrocinio <br />
Cualquier consulta pueden contactar a [mailto:michael.hidalgo@owasp.org Michael Hidalgo].<br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
===CONFERENCIAS===<br />
<b>Día 1</b><br />
<b>Abril 21</b><br />
<br><br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 1:30 p.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">2:00</td><br />
<td width="212" bgcolor="#CED7EF">Camilo Fernandez</td><br />
<td width="482" bgcolor="#CED7EF"><b>OWASP Tools</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">3:00</td><br />
<td>Pablo Barrera</td><br />
<td><b>La verdad sobre los ataques de denegación de servicio</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:30</td><br />
<td bgcolor="#CED7EF">Oscar Rodas y Marco To</td><br />
<td bgcolor="#CED7EF"><b>Avances en investigación sobre seguridad informática</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FFFFFF" style="text-align: center">5:15</td><br />
<td bgcolor="#FFFFFF">Elder Guerra</td><br />
<td bgcolor="#FFFFFF"><b>Un verdadero análisis de riesgos</b></td><br />
</tr><br />
</table><br />
<br><br />
<b>Día 2</b><br />
<b>Abril 22</b><br />
<br><br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 1:30 p.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">2:00 PM Salon 1</td><br />
<td width="212" bgcolor="#CED7EF">Luis Cordon</td><br />
<td width="482" bgcolor="#CED7EF"><b>Web Pentesting</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2:00 PM Salon 2</td><br />
<td>Pablo Barrera</td><br />
<td><b>Server Hardening: métodos de aseguramiento de tu servidor web y los datos que contiene</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:00PM</td><br />
<td bgcolor="#CED7EF"><b>Concurso de Ethical Hacking</b></td><br />
</tr><br />
</table><br />
<b>Tendremos algunas otras sorpresas más relacionadas con SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD !!!!</b><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''TALLERES Y CONFERENCIAS''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Latam Tour - Lima 2015''' == <br />
<br />
'''Viernes 17 de Abril''' ''(Talleres)'' <br>'''Sábado 18 de Abril''' ''(Conferencia)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''Descripcion y Objetivo'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP LATAM TOUR,''' es una gira por Latino América que promueve la seguridad en aplicaciones web en diversas instituciones, como: universidades, organismos gubernamentales, empresas de TI y entidades financieras, buscando crear conciencia sobre la seguridad en las aplicaciones y puedan tomar decisiones informadas sobre los verdaderos riesgos de seguridad.<br />
<br />
*Ademas del OWASP Top 10, la mayoría de los [[:Category:OWASP_Project|Proyectos OWASP]] no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial. <br />
<br />
*Esta serie de talleres y conferencias tienen como objetivo cambiar esta situación proporcionando una explicación sobre los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.<br />
|}<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''LIMA PERÚ'''</span><br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> '''TALLERES (Viernes 17)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Viernes 17 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | ''' San Isidro '''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | Durante todo el OWASP LatamTour se estarán realizando talleres de capacitación dictados por destacados profesionales en la materia.<br> <br />
'''Duracion:''' 8 horas<br> <br />
'''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br> <br />
'''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br> <br />
'''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN'''] '''<br><br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''TALLER 1'''</span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Taller''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''De 0 a Ninja con Metasploit'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | [[Image:Dragonjar.jpg|150px]]<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | El taller de 0 a Ninja con Metasploit, busca detallar el uso de la herramienta Metasploit ampliamente utilizada en auditorias de seguridad por profesionales del área, desde su instalación y puesta a punto para el trabajo, hasta el uso de sus funciones para llevar a feliz termino una auditoria en seguridad.<br />
De 0 a Ninja DragonJAR<br />
<br />
Este curso, altamente práctico, tiene una duración de 8 horas en las que los asistentes podrán acortar la curva de aprendizaje, gracias a la transmisión de conocimientos y experiencias de los docentes, altamente calificados, con el fin de que una vez finalizado el taller puedas aplicar los conocimientos adquiridos.<br />
<br />
Duracion: 1 día (8 horas)<br />
====De 0 a Ninja con Metasploit====<br />
*Introducción a Metasploit<br />
*Introducción a la linea de comandos de Metasploit<br />
*Trabajando con Metasploit y sus componentes (msfconsole, msfcli, msfgui, msfweb, msfpayload, msfencode, msfvenom, etc…)<br />
*Etapas de un Pentesting y las herramientas para realizarlas incluidas en Metasploit<br />
*Post-Explotación, ya tengo shell … ¿ahora que hago?<br />
*Trabajando con Meterpreter<br />
*Trabajo colaborativo usando Armitage/Cobalt Strike<br />
*Generando el informe ¿Alguna tool que pueda ayudarme?<br />
<br />
<br><br />
'''Perfil del Trainer : '''<br />
<br />
'''[https://twitter.com/DragonJAR/ Jaime Andrés Restrepo (DragonJAR)]''', es Ingeniero en Sistemas y Telecomunicaciones de la Universidad de Manizales. Information Security Researcher con más de 10 años de experiencias en Ethical Hacking, Pen Testing y Análisis Forense. Docente Universitario en Pre y Post-Grado, Speaker y Organizador de diferentes eventos de Seguridad Informática, Co-Fundador del ACK Security Conference, Fundador de DragonJAR SAS y de La Comunidad DragonJAR, una de las comunidades de seguridad informática mas grandes de habla hispana y referente en el sector. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 9:00am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRESE AL TALLER AQUI'''] '''<br> <br><br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''TALLER 2'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Taller''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Introducción a la Seguridad en Aplicaciones Web'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | [[Image:Cerullof.jpg|150px]]<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
'''Format:'''<br />
<br />
El taller combina la teoría y ejecícios practicos. Los participantes aprenderán a identificar vulnerabilidades en sitios web espeficamente diseñados con vulnerabilidades y errores de código, explotandolas utilizando diferentes tecnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- Material Impreso<br><br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnológia usada en Aplicaciones Web.<br />
*Áreas criticas en una Aplicación Web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
'''Perfil del Trainer : '''<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRESE AL TALLER AQUI!'''] '''<br> <br><br />
|-<br />
|}<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> '''CONFERENCIAS (Sábado 18)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | Sábado 18 de Abril<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Universidad Tecnológica del Peru - Esquina Av. 28 de Julio con Av. Petit Thouars, Lima – Perú'''<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Precio y Registro'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | El ingreso a las conferencias es '''GRATUITO''' - El proceso de registro lo podrá ubicar en el siguiente link : <br><br />
[https://www.regonline.com/owasplatamtour15lima'''EL REGISTRO SE ENCUENTRA ABIERTO!''']<br />
<br><br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Promociones'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | OFERTA ESPECIAL - Durante todo el OWASP Latam Tour el costo de la membresía anual es de solamente U$D 20. Utilice el código de descuento "LATAM" durante el proceso de registro electrónico como miembro individual en el enlace disponible a continuación.<br><br />
[http://myowasp.force.com/memberappregion Hágase MIEMBRO DE OWASP AQUÍ] <br><br />
'''Si usted aun no es miembro OWASP, por favor considere unirse a nuestra organización.'''<br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''DETALLES DE LA JORNADA'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | ''' - '''<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Ponente'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 9:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | OWASP PERU<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Presentación del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/John_Vargas John Vargas]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cyber War in Web and Mobile Applications <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/stinguer88 Jesús González (ESP)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Desarrollo Rápido y Seguro de Aplicaciones – Es posible tener las dos cosas?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |[https://twitter.com/fcerullo Fabio Cerullo (ARG)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Seguridad en Aplicaciones Moviles<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/pITea_security Juan Pablo Quiñe]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Todos a Sh3ll34r!<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/gabsitus Gabriel Lazo]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Se verán distintas técnicas utilizadas por atacantes maliciosos para lograr subir shells y obtener acceso a servidores web.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | OWASP Zap <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/Alonso_ReYDeS Alonso Caballero]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hackeando Carros en Latinoamérica<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/DragonJAR Andrés Restrepo (COL) (DragonJAR)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|}<br />
<br />
=URUGUAY=<br />
<br />
== '''Conferencia: 15 de abril de 2015 ''' ==<br />
El evento más importante de la región llega nuevamente a Uruguay, OWASP Latam tour 2015!. Expositores internacionales estarán presentando conferencias sobre los temas más importantes en Seguridad en Aplicaciones.<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA REGISTRARSE AL EVENTO HAGA CLIC AQUI! - SIN COSTO''']<br />
<br />
'''¿Dónde?''' <br />
<br />
[http://www.ucu.edu.uy/ Universidad Católica del Uruguay]<br><br />
Av. 8 de Octubre 2738<br><br />
Montevideo 11600 Montevideo, Uruguay. <br><br />
Ver en [https://www.google.com/maps/place/Universidad+Cat%C3%B3lica+del+Uruguay/@-34.888694,-56.159218,17z/data=!3m1!4b1!4m2!3m1!1s0x0:0x13508c3340b76e45 Google Maps]<br />
<br><br />
<br />
== '''Conferencias: Miércoles 15 de abril''' ==<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#4B0082" align="center" colspan="6" | <span style="color:#ffffff"> '''DETALLES DE LA CONFERENCIA - Miércoles 15 de Abril (Universidad Católica del Uruguay)'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Horario''' <br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Expositor'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Titulo'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 17:30 - 18:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:00 - 18:45<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cristian Borghello<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Certificate Pinning: ¿tenemos el c...ertificado roto?<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esta charla pretende demostrar en vivo la explotación de distintas vulnerabilidades en una aplicación móvil de tal manera que podamos revisar las causas y consecuencias, ademas recomendar las medidas de seguridad pertinentes.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:45 - 19:15<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Edgar Salazar<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Inseguridad en Aplicaciones Móviles<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esta charla pretende demostrar en vivo la explotación de distintas vulnerabilidades en una aplicación móvil de tal manera que podamos revisar las causas y consecuencias, ademas recomendar las medidas de seguridad pertinentes.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 19:15 - 19:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 19:30 - 20:15<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Eduardo Santiago<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | (IN)secure Development<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Forget Injection and XSS<br />
This lecture aims to demonstrate simple traps in web development, and bad practices in addition to some factors are likely to cause critical security flaws. We will analyze some cases and demonstrate ways to mitigate and correct such failures.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 20:15 - 21:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ricardo Supo Picón<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking Efectivo<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Los dominios windows están presentes en gran cantidad de organizaciones, en estos la autenticación de usuarios esta disponible en muchos servicios. En esta charla analizaremos los distintos tipos de autenticación de windows y como obtener credenciales locales y de dominio así mismo como a partir de una sola credencial se puede obtener más credenciales hasta obtener un administrador de dominio. Así mismo se detallará como poder realizar intrusiones masivas en red de computadores que ayudan a que un sólo hacker pueda multiplicar sus actividades y conseguir su objetivo en un sólo día, presentación de la herramienta Domainator.<br />
|-|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 21:00 - 21:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Victor Rojo<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Porque la seguridad en software es tan importante?<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoque Tecnico y Ecónomico para maximizar el retorno de la inversión en hacking etico, pentesting, desarrollo seguro, análisis del código, pruebas de seguridad.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 21:30 - 22:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Cierre del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Sorteo de Premios<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="6" | <span style="color:#ffffff"> '''TALLERES (Jueves 16 de Abril)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 16 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | TRAINING 1: Hacking de aplicaciones web basado en OWASP Top 10 (Costo: USD 250) by Cristian Borghello<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Universidad Católica del Uruguay<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Los desarrolladores son una raza extraña. Los Pentesters viven en una burbuja. Este entrenamiento ayuda a los desarrolladores a conocer sobre seguridad en el desarrollo web y a los Pentesters a probar aplicaciones web de forma adecuada.<br />
<br />
Objetivos: - Conocer OWASP Top 10 (quick summary) - Aprender cómo comprobar cada vulnerabilidad desde el punto de vista del Desarrollador y del Pentester - Conocer recomendaciones desde el punto de vista del Pentester - Conocer recomendaciones desde el punto de vista del Desarrollador<br />
<br />
Orientado a desarrolladores, pentesters y personas relacionados con el ciclo de vida del desarrollo de software o sus pruebas de seguridad. <br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 16 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | TRAINING 2: BYOX101/Construya su propio xploit 101/Build Your Own Xploit 101 (Costo: USD 250) by Mauricio Campiglia<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Universidad Católica del Uruguay<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | ¿Alguna vez te preguntaste de dónde salen ese montón de numeritos que por arte de magia te dejan en una línea de comandos con privilegios? Esta es tu oportunidad para conocer de dónde salen y porqué están ahí y no en otro lugar. Este entrenamiento te guía desde cero hasta la creación de exploits sencillos e intermedios aprendiendo en el recorrido los por qué de cada paso. No se verán exploits de dia cero ni muy complejos, nos concentraremos en lo probado y conocido pues el objetivo es entender el proceso de creación de un exploit.<br />
<br />
Detalles:<br />
<br />
Entrenamiento mayormente práctico de creación básica de exploits para sistemas MS Windows. Se usarán ejemplos conocidos pero fiables y se crearán programas de ejemplo vulnerables a propósito.<br />
<br />
Conocimientos obtenidos:<br />
<br />
Quienes asistan entenderán el proceso de creación de un exploit entendiendo en el camino la confirmación de memoria de sistemas MS Windows y las protecciones de este sistema. ¿Por qué participar de este entrenamiento?<br />
<br />
La habilidad de creación de exploits no es algo que se encuentre facilmente en un curso.<br />
Entender este proceso te da la flexibilidad de adaptarte cuando un ataque no funciona tal como te lo dieron.<br />
Desenmarañar el porqué de un montón de números sin sentido que te dan un acceso que no tienes es mágico.<br />
<br />
|}<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA REGISTRARSE AL EVENTO HAGA CLIC AQUI! - SIN COSTO''']<br />
<br />
== '''Trainings: Jueves 16 de abril de 8am a 5pm''' ==<br />
<br />
=== TRAINING 1: Hacking de aplicaciones web basado en OWASP Top 10 (Costo: USD 250) ===<br />
<br />
'''Instructor:''' Christian Borghello<br />
<br />
Los desarrolladores son una raza extraña. Los Pentesters viven en una burbuja. Este entrenamiento ayuda a los desarrolladores a conocer sobre seguridad en el desarrollo web y a los Pentesters a probar aplicaciones web de forma adecuada.<br />
<br />
Objetivos: - Conocer OWASP Top 10 (quick summary) - Aprender cómo comprobar cada vulnerabilidad desde el punto de vista del Desarrollador y del Pentester - Conocer recomendaciones desde el punto de vista del Pentester - Conocer recomendaciones desde el punto de vista del Desarrollador <br />
<br />
Orientado a desarrolladores, pentesters y personas relacionados con el ciclo de vida del desarrollo de software o sus pruebas de seguridad. <br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA INSCRIBIRSE HAGA CLIC AQUI!''']<br />
<br />
=== TRAINING 2: BYOX101/Construya su propio xploit 101/Build Your Own Xploit 101 (Costo: USD 250) ===<br />
<br />
'''Instructor:''' Mauricio Campiglia<br />
<br />
¿Alguna vez te preguntaste de dónde salen ese montón de numeritos que por arte de magia te dejan en una línea de comandos con privilegios? Esta es tu oportunidad para conocer de dónde salen y porqué están ahí y no en otro lugar. Este entrenamiento te guía desde cero hasta la creación de exploits sencillos e intermedios aprendiendo en el recorrido los por qué de cada paso. No se verán exploits de dia cero ni muy complejos, nos concentraremos en lo probado y conocido pues el objetivo es entender el proceso de creación de un exploit.<br />
<br />
'''Detalles''':<br /><br />
<br />
Entrenamiento mayormente práctico de creación básica de exploits para<br />
sistemas MS Windows. Se usarán ejemplos conocidos pero fiables y se crearán<br />
programas de ejemplo vulnerables a propósito.<br />
<br />
'''Conocimientos obtenidos''':<br /><br />
<br />
Quienes asistan entenderán el proceso de creación de un exploit entendiendo en el camino la confirmación de memoria de sistemas MS Windows y las protecciones de este sistema. ¿Por qué participar de este entrenamiento?<br />
* La habilidad de creación de exploits no es algo que se encuentre facilmente en un curso.<br />
* Entender este proceso te da la flexibilidad de adaptarte cuando un ataque no funciona tal como te lo dieron.<br />
* Desenmarañar el porqué de un montón de números sin sentido que te dan un acceso que no tienes es mágico.<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA INSCRIBIRSE HAGA CLIC AQUI!''']<br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd 2015''' ==<br />
[[File:bwoltv.png| center |bwoltv.png ]]<br />
<br><br />
<br />
== Registro ==<br />
El registro es totalmente gratis, nos complacería mucho que nos acompañaras este día. <br />
<br />
Te esperamos!!!<br />
<br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGISTRATE AQUI''']<br />
<br><br />
<br><br />
<br />
== UBICACIÓN ==<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
<br />
[[File:UbicacionLatamCaracas.png]]<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Registro 8:30 am</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">9:00 am</td><br />
<td width="212" bgcolor="#CED7EF">OWASP Venezuela & UCV</td><br />
<td width="482" bgcolor="#CED7EF"><b>Palabras de Bienvenida</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">9:15-9:55 am</td><br />
<td bgcolor="#CED7EF"> Jair Garcia</td><br />
<td bgcolor="#CED7EF" ><b>Hacking Etico: Cacería de Vulnerabilidades</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:00-9:35 am</td><br />
<td bgcolor="#CED7EF"> Randy Ortega</td><br />
<td bgcolor="#CED7EF"><b>Sessión Hijacking: Peligro en la web</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">10:40-11:10am</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">11:15-11:50 am</td><br />
<td bgcolor="#CED7EF">Michael Hidalgo (Costa Rica)</td><br />
<td bgcolor="#CED7EF"><b>Ataques de denegación de servicio a través de expresiones regulares: De la explotación a la corrección</b></td><br />
</tr><br />
<br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">12:00-1:30 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Almuerzo Libre</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">1:35-2:10 pm</td><br />
<td bgcolor="#CED7EF">Josmell Chavarri</td><br />
<td bgcolor="#CED7EF"><b>Conociendo al Enemigo: Honeypots</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">2:15-2:40 pm</td><br />
<td bgcolor="#CED7EF" > Rodrigo Bravo y Eliezer Romero</td><br />
<td bgcolor="#CED7EF" > <b>Programación Segura en Python</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">2:45-3:20 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">3:35-4:10 pm</td><br />
<td bgcolor="#CED7EF">Maximiliano Anlonzo (Uruguay) </td><br />
<td bgcolor="#CED7EF"><b>Peligro: software en construcción</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:15-4:40 pm</td><br />
<td bgcolor="#CED7EF">Carlos Suárez</td><br />
<td bgcolor="#CED7EF"><b>Beef como framework de explotación xss</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">4:45-5:00 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Palabras de cierre</td><br />
</tr><br />
</table><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
= CTF =<br />
<br />
Do you have an interest in security or are you a security professional? Either way, you have something to gain from the OWASP Security Shepherd LATAM Tour CTF. OWASP Security Shepherd has been designed and implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn or to improve upon existing manual penetration testing skills. The OWASP Security Shepherd leaders have created a customised version of the project for this CTF. This CTF is for everyone and anyone, so check it out! Just ensure that you follow these rules when you take part;<br />
<br />
== CTF Rules == <br />
- No Denial of Service Attacks.<br><br />
- No automated Scans (you might get banned).<br><br />
- Do not generate large amounts of traffic.<br><br />
- No destructive attacks (don't delete stuff).<br><br />
- Confine hacking on the tasks that are explicitly free to hack.<br><br />
- If you find a cheat or trick to solve things more easily, please report it for Bonus Points.<br><br />
- The organizers might change the rules throughout the challenge.<br><br />
- Participants breaking these rules might be penalized or excluded from the competition.<br><br />
<br />
Follow the CTF twitter feed for CTF news: [https://twitter.com/LatamTourCtf]<br />
<br />
Enjoying the CTF? Want to contribute? More information on the project here: [https://www.owasp.org/index.php/OWASP_Security_Shepherd]<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=192744LatamTour20152015-04-05T21:11:38Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |750px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes Droguett [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru'''(Lima) : John Vargas [john.vargas@owasp.org] vía [https://docs.google.com/forms/d/1HJAwdnCxhnDjxdEOrHVBaewrkQncIB2uxHCzxEtxwug '''this Google form''']<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes Droguett [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* Santa Cruz de las Sierras, Bolivia: Daniel Torres [daniel.torres@owasp.org]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Andrea Villar<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=PATAGONIA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
''Conferencias: Libres y gratuitas''<br><br />
''Entrenamiento: 250 dólares''<br><br />
<br />
===CTF Patagonia===<br />
Competencia de hacking "CTF Patagonia".<br><br />
Preparen, aputen,...., [http://ctf-ddn.rhcloud.com/ FUEGO!]<br />
<br />
===Agenda ===<br />
'''Viernes 10 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | Expositor<br />
<br />
|-<br />
| 09:00 - 10:00<br />
| Acreditacion<br />
| <br />
|- <br />
| 10:00 - 10:15<br />
| Bienvenida e intoduccion a OWASP<br />
|<br />
|-<br />
| 10:20 - 11:00<br />
| [https://www.owasp.org/index.php/LatamTour2015/VulnerabilidadesGatewayPago Vulnerabilidades en Gateways de Pago]<br />
| [https://www.linkedin.com/in/ariancho Andrés Riancho]<br />
|- <br />
| 11:00 - 11:30<br />
| Pausa para café<br />
|<br />
|-<br />
| 11:30 - 12:00 <br />
| Aspectos Legales de la Seguridad informática<br><br />
| Marcelo Campetella<br />
|-<br />
| 12:00 - 12:30<br />
| El mercado del Malware en las Apps de los Store para Android<br />
| Claudio Caracciolo<br />
|-<br />
| 12:30 - 14:00<br />
| Pausa para almuerzo<br />
|<br />
|- <br />
| 14:00 - 14:40<br />
| Mobile Apps and how to Pentest them<br />
| Gustavo Sorondo<br />
|-<br />
| 14:40 - 15:10<br />
| CIOs vs CISOs: OWASP al rescate <br />
| Mauro Graziosi<br />
|-<br />
| 15:10 - 15:40<br />
| Pausa para café<br />
|<br />
|-<br />
| 15:40 - 16:20<br />
| Certificate Pinning: ¿tenemos el c...ertificado roto?<br />
| Cristian Borghello<br />
|- <br />
| 16:20 - 16:30<br />
| Agradecimientos y cierre<br />
|<br />
|}<br />
<br />
'''Sabado 11 de abril'''<br><br />
''Valor del entrenamiento: u$s 250''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="450" align="center" | Entrenamiento<br />
! width="150" align="center" | Expositor<br />
<br />
|-<br />
| 08:00 - 12:00<br />
| Hacking de aplicaciones web basado en OWASP Top 10 (Parte 1)<br />
| Cristian Borghello<br />
|- <br />
| 12:00 - 13:00<br />
| Pausa para almuerzo<br />
|<br />
|-<br />
| 13:00 - 17:00<br />
| Hacking de aplicaciones web basado en OWASP Top 10 (Parte 2)<br />
| Cristian Borghello<br />
|}<br />
<br />
===¿Dónde?===<br />
'''Viernes 10'''<br><br />
Universidad Nacional del Comahue, Buenos Aires 1400, Neuquén<br><br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br><br><br />
'''Sabado 11'''<br><br />
Instituto Icono, Santa Fe 355, Neuquén<br><br />
[[File:MapaIFES.png|link=https://www.google.com.ar/maps/place/Icono+S.r.l./@-38.9517208,-68.0592463,16z/data=!4m2!3m1!1s0x960a33d10f798455:0xed1c52f760942955?hl=es-419]]<br />
<br />
===Afiche para difusión===<br />
[[File:PosterLatamtour2015-Patagonia.jpg|link=https://www.owasp.org/images/6/60/Poster_Latamtour.pdf]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
=BUENOS AIRES=<br />
<br />
Invitamos a estudiantes, desarrolladores, expertos en seguridad informática y curiosos en general a compartir con la comunidad de OWASP un nuevo evento en Buenos Aires! Será una jornada de charlas técnicas, en un ambiente relajado e ideal para conocer otras personas interesadas en la seguridad en aplicaciones.<br />
<br />
<br />
=='''Inscripcion'''==<br />
<br />
Recuerden que es necesario [https://www.regonline.com/owasplatamtour15argentina '''inscribirse'''] para asistir. La registración es '''completamente gratis''' y es unicamente utilizada para verificar su identidad en la entrada de la Universidad.<br />
<br />
== '''Fecha y lugar'''==<br />
<br />
24 Abril 2015 - 9am (puntual!)<br><br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
[https://www.google.com.ar/maps/place/Av+Rivadavia+2258,+Buenos+Aires,+Ciudad+Aut%C3%B3noma+de+Buenos+Aires/@-34.6096561,-58.3984517,17z/data=!3m1!4b1!4m2!3m1!1s0x95bccae91dc7f349:0x3177aaca9808e637 Av. Rivadavia 2258, Ciudad Autonoma de Buenos Aires]<br><br />
<br />
<br />
== '''Charlas'''==<br />
<br />
<table width="761" border="1" cellpadding="0" cellspacing="0" ><br />
<tr style="background-color: #30608f; color:#FFF;"><br />
<td><b>Hora</b></td><br />
<td><b>Titulo</b></td><br />
<td><b>Orador</b></td><br />
</tr><br />
<tr><br />
<td width="100">9:10</td><br />
<td width="491">Introducción a OWASP</td><br />
<td width="200">Fabio Cerullo</td><br />
</tr><br />
<tr><br />
<td width="100">9:35</td><br />
<td width="491">Steering a Bullet Train</td><br />
<td width="200">Santiago Kantorowicz</td><br />
</tr><br />
<tr><br />
<td width="100">10:25</td><br />
<td width="491">Y ahora nos preocupamos por la privacidad? Gracias #Snowden</td><br />
<td width="200">Mariano M. del Rio</td><br />
</tr><br />
<tr><br />
<td width="100">10:50</td><br />
<td width="491">Coffee break</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">11:20</td><br />
<td width="491">Building a High Interaction Honeypot: Implementation and logging techniques</td><br />
<td width="200">Fernando Catoira</td><br />
</tr><br />
<tr><br />
<td width="100">11:45</td><br />
<td width="491">[https://www.owasp.org/index.php/LatamTour2015/VulnerabilidadesGatewayPago Vulnerabilidades en Gateways de Pago]</td><br />
<td width="200">[https://www.linkedin.com/in/ariancho Andrés Riancho]</td><br />
</tr><br />
<tr><br />
<td width="100">12:35</td><br />
<td width="491">Almuerzo</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">13:55</td><br />
<td width="491">Threat not found!</td><br />
<td width="200">Sheila Berta</td><br />
</tr><br />
<tr><br />
<td width="100">14:20</td><br />
<td width="491">Mobile Apps and How To Pentest Them</td><br />
<td width="200">Gustavo Sorondo</td><br />
</tr><br />
<tr><br />
<td width="100">15:10</td><br />
<td width="491">Coffee break</td><br />
<td width="200">n/a</td><br />
</tr><br />
<tr><br />
<td width="100">15:40</td><br />
<td width="491">HP Sponsor talk</td><br />
<td width="200">TBD</td><br />
</tr><br />
<tr><br />
<td width="100">16:05</td><br />
<td width="491">Web Security for Bitcoin Services</td><br />
<td width="200">Juliano Rizzo</td><br />
</tr><br />
</table><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
[https://www.owasp.org/index.php/Chile El Capítulo Chileno de OWASP], tiene el agrado de invitar a la conferencia LatamTour2015, con el auspicio de [http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC] sede Alonso Ovalle.<br />
<br />
OWASP es una organización mundial sin fines de lucro dedicada a identificar y combatir las causas que hacen inseguro el software. Revise nuestra documentación y metodologías en los [[:Category:OWASP_Project|Proyectos OWASP]] donde encontrará valioso material de aplicación práctica en los ambientes corporativos. Asista a los talleres y conferencias del LatamTour y aprenda como sacar provecho a estos recursos de libre acceso.<br />
<br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''HAGA CLICK AQUI PARA REGISTRARSE''']<br />
<br><br />
Para asistentes registrados se sortean 5 membresías, que permiten acceder gratis (o con descuento preferente) a eventos y talleres OWASP durante 12 meses.<br />
Inscribase y asegure su confirmación de reserva preferente.<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#4B0082" align="center" colspan="6" | <span style="color:#ffffff"> '''DETALLES DE LA CONFERENCIA (Miércoles 8 de Abril en DUOC-UC sede Alonso Ovalle Nro.1586 -Metro Moneda-)'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Horario''' <br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Modulo'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Ponente'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 - 09:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 09:30 - 10:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Bienvenida y Presentación del Evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | DUOC-UC y OWASP-Chile<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Rodrigo Cea Warner. Director de Carrera DUOC-UC. Carlos Allendes Droguett Chapter Leader OWASP Chile.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 - 10:50<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Bug Bounty, programs reload<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Ormeño y Freddy Grey (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoques e investigación sobre programas de BUG BOUNTY periodico a través de vectores de ataque poco convencionales.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 10:50 - 11:05<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:10 - 12:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Analizando tráfico WIFI de smartphones <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Yago Fernández H. (ESPAÑA)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Es seguro utilizar redes WiFi? Intercepción on-line del tráfico wi-fi en conexiones de smartphone y tecnicas de hacking. <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:00 - 12:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Estado transparente, descentralización y confianza ¿Apoyado con Tecnología?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esteban Valenzuela Van Treek (Escritor, doctor en Historia, ex alcalde/diputado, Director de Ciencia Política U.A.Hurtado)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Potenciar el regionalismo, la descentralización y la trasparencia del pais, usando la tecnología e internet (teletrabajo, e-learning, flexibilidad laboral, innovación, etc.)<br />
|-|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:35 - 13:10<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Gestionar la inversión en seguridad con OpenSAMM. Donde Iniciar?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Allendes Droguett (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoque Tecnico y Ecónomico para maximizar el retorno de la inversión en hacking etico, pentesting, desarrollo seguro, análisis del código, pruebas de seguridad.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 13:10 - 14:50<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Break para Almorzar<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:50 - 15:40<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking efectivo: Desde una credencial hasta el Domain Admin en un solo día<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ricardo Supo P. (PERU)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Como ganar acceso a credenciales locales de dominio y escalar privilegios hasta obtener un acceso de administrador de dominio.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:40 - 16:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | HTTPS: Usted, úselo bien.<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cristián Rojas, CLCERT U.de Chile<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Que riesgos acechan, aunque tengamos instalado SSL/TLS? Año 2014 fue intenso: Heartbleed, POODLE, y errores de implementación como el GOTO FAIL.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 16:30 - 16:40<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:40 - 17:20<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Seguridad Incorporada al Ciclo de Desarrollo<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Alejandro Johannes (CHILE)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Principios y fundamentos para disponer de una gestión con seguridad y calidad en el Ciclo de Desarrollo de aplicaciones.<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:20 - 18:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Importancia de la seguridad en el software<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hector Takami (MEXICO)<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | En lo que respecta a la seguridad del software, dar importancia a proyectos como OpenSAMM e integrar estas sugerencias en un modelo de seguridad aplicativa.<br />
|-<br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 18:00 - 18:10<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Cierre del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Sorteo de Premios<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | membresías OWASP (entre inscritos)<br />
|-<br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="6" | <span style="color:#ffffff"> '''TALLERES (Jueves 9 de Abril)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 9 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 9 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Por Definir<br />
<br />
|}<br />
<br/><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
[[File:Owasp_upb_2015.jpg|link=https://www.google.com/maps/place/Universidad+Pontificia+Bolivariana+Seccional+Bucaramanga/@7.0389574,-73.071732,14z/data=!4m2!3m1!1s0x8e6840b36653b9c5:0x4dcdbc55842151df]]<br />
<br><br />
<br><br />
===REGISTRO===<br />
Recuerde que el ingreso al evento es <b>TOTALMENTE GRATUITO, sólo debe registrarse previamente</b>.<br><br />
[[File:Register.gif|link=https://www.regonline.com/owasplatamtour15colombia]]<br />
<!--[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']--><br />
<br><br />
<br><br />
<br />
===CONFERENCIAS===<br />
<br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 7:30 a.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">8:00</td><br />
<td width="212" bgcolor="#CED7EF">Diego Ademir Duarte Santana</td><br />
<td width="482" bgcolor="#CED7EF"><b>OWASP ASVS 2.0 Web Application Standard</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">9:00</td><br />
<td>Jhon César Arango Serna</td><br />
<td><b>IPv6 Ventaja o Amenaza</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:00</td><br />
<td bgcolor="#CED7EF">Hugo Armando Rodriguez Vera</td><br />
<td bgcolor="#CED7EF"><b>Protección de Datos Personales, infracción y consecuencias</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FFFFFF" style="text-align: center">11:00</td><br />
<td bgcolor="#FFFFFF">MundoHacker</td><br />
<td bgcolor="#FFFFFF"><b>Ciberespionaje y Cibercrimen as a Service</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Lunch</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">14:00</td><br />
<td bgcolor="#CED7EF">German Alonso Suárez Guerrero</td><br />
<td bgcolor="#CED7EF"><b>OWASP Proactive Controls</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">15:00</td><br />
<td>Ronald Escalona</td><br />
<td><b>Hardening del Servidor Web, enfoque práctico con jail/chroot para entornos multisitios</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">16:00</td><br />
<td bgcolor="#CED7EF">Javier Orlando Mantilla P</td><br />
<td bgcolor="#CED7EF"><b>Seguridad en desarrollo de aplicaciones web usando Apache Tomee</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Finish Event</td><br />
</tr><br />
</table><br />
<br><br />
<b>Tendremos algunas otras sorpresas más relacionadas con SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD !!!!</b><br />
<br><br />
<br><br />
Se contará con <b>transmisión vía streaming</b> para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===PATROCINIO===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
<br />
[[File:Santa.jpg]]<br />
<br><br />
<br><br />
<br><br />
Lugar: Universidad NUR<br />
<br><br />
Dirección: Av. Banzer, Victorino Rivero 100<br />
<br><br />
Santa Cruz de la Sierra, Bolivia<br />
<br><br />
Fecha: 17 y 18 de abril del 2015<br />
<br><br />
<br><br />
[[File:Mapa.jpg]]<br />
<br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
<br />
'''Viernes 17 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="150" align="center" | Expositor<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | País<br />
<br />
|-<br />
! 08:00 - 08:30<br />
| colspan="3" style="text-align: center;" | Registro - Acreditación<br />
|- <br />
! 08:30 - 09:00<br />
| colspan="3" style="text-align: center;" | Video: Mundo Hacker - Proyecto OWASP<br />
|- <br />
! 09:00 - 09:50<br />
| Jaime Iván Mendoza Ribera<br />
| Análisis de vulnerabilidades web<br />
| Santa Cruz, Bolivia<br />
|-<br />
! 09:50 - 10:40<br />
| Cesar Roberto Cuenca Díaz<br />
| Desarrollo Seguro Principios y Buenas Prácticas.<br />
| La Paz, Bolivia<br />
|- <br />
! 10:40 - 11:30<br />
| Juan Pablo Barriga Sapiencia<br />
| Riegos en TI<br />
| Sucre, Bolivia<br />
|- <br />
! 11:30 - 12:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|-<br />
! 12:00 - 12:50 <br />
| Walter Camama Menacho<br />
| MiTM a nivel de browser con beef y metasploit<br />
| Trinidad, Bolivia<br />
|-<br />
! 12:50 - 13:40<br />
| Leonardo Camilo Quenta Alarcon<br />
| Seguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 13:40 - 14:30<br />
| Deyvi Bustamante Perez<br />
| Exploit development<br />
| Sucre , Bolivia<br />
|-<br />
! 14:30 - 15:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|- <br />
! 15:00 - 15:50<br />
| Gonzalo Nina Mamani<br />
| Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web<br />
| Cochabamba , Bolivia<br />
|-<br />
! 15:50 - 16:40<br />
| Hernán Marcelo Leytón Balderrama<br />
| Seguridad en los Satélites de Comunicación<br />
| Potosí, Bolivia<br />
|-<br />
! 16:40 - 17:30<br />
| Juan Alberto Fajardo Canaza<br />
| WAF Testing Framework<br />
| Potosí, Bolivia<br />
|}<br />
<br />
<br />
'''Sabado 18 de abril'''<br><br />
{| class="wikitable"<br />
|-<br />
! width="100" align="center" | Hora<br />
! width="150" align="center" | Expositor<br />
! width="450" align="center" | Conferencia<br />
! width="150" align="center" | País<br />
<br />
|-<br />
! 08:00 - 08:30<br />
| colspan="3" style="text-align: center;" | Acreditación<br />
|- <br />
! 09:00 - 09:50<br />
| Alex Villegas y Roller Ibanez<br />
| Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301<br />
| Cochabamba, Bolivia<br />
|-<br />
! 09:50 - 10:40<br />
| Richard Villca Apaza<br />
| Rompiendo el modelo de negocios: Debugging Android Apps<br />
| La Paz, Bolivia<br />
|- <br />
! 10:40 - 11:30<br />
| Cristhian Lima Saravia<br />
| Framework Pleni<br />
| Cochabamba, Bolivia<br />
|- <br />
! 11:30 - 12:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|-<br />
! 12:00 - 12:50 <br />
| Elvin Vidal Mollinedo Mencia<br />
| Los 7 pecados de un desarrollador Web<br />
| Santa Cruz, Bolivia<br />
|-<br />
! 12:50 - 13:40<br />
| Alvaro Machaca Tola<br />
| Análisis de riesgos aplicando la metodología OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 13:40 - 14:30<br />
| Erick Calderon Mostajo<br />
| Herramientas de Aprendizaje OWASP<br />
| La Paz , Bolivia<br />
|-<br />
! 14:30 - 15:00<br />
| colspan="3" style="text-align: center;" | Pausa para café<br />
|- <br />
! 15:00 - 15:50<br />
| Daniel Torres Sandi<br />
| Headers seguros en HTTP<br />
| Sucre , Bolivia<br />
|-<br />
! 15:50 - 16:50<br />
| Gabriel Labrada Hernandez (INTEL MEXICO)<br />
| Seguridad en Hardware y los servicios en la nube<br />
| Mexico<br />
|-<br />
! 16:50 - 17:50<br />
| Jacobo Tibaquira<br />
| Atacando al atacante (DRAGON JAR)<br />
| Colombia<br />
|}<br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
El evento se va a llevar a cabo en el auditorio de la Ciudad de la Investigación de la Universidad de Costa Rica. [http://goo.gl/Y64lZG'''Ver Dirección exacta''']<br />
<br />
[[File:Mapa-ucr-auditorio.png|800px]]<br />
<br />
<br><br />
<br />
=== REGISTRO ===<br />
Recuerde que el ingreso al evento es totalmente gratuito, sólo debe registrarse previamente. '''El comprobante de registro será solicitado en el momento de ingresar en el auditorio'''.<br />
[https://www.regonline.com/owasplatamtour15costarica'''Pulse aquí para registrarse en el evento.''']<br />
<br><br />
<br />
=== CONFERENCIAS-LISTADO DE EXPOSITORES===<br />
<br />
'''Martes 21 de Abril'''<br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Recepción y Registro De 7:30 am a 8:00 am</td><br />
</tr><br />
<tr><br />
<td width="150" bgcolor="#CED7EF" style="text-align: center">8:00 am a 8:10 am</td><br />
<td width="212" bgcolor="#CED7EF">OWASP Costa Rica &amp; UCR</td><br />
<td width="500" bgcolor="#CED7EF"><b>Palabras de Bienvenida</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">8:10-9:00 am</td><br />
<td bgcolor="#CED7EF">Fabio Cerullo , <b>Dublin Irlanda</b></td><br />
<td bgcolor="#CED7EF"><b>Keynote: Desarrollo Rápido y Seguro de Aplicaciones – Es posible tener las dos cosas? </b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">09:00-09:50 am</td><br />
<td bgcolor="#CED7EF"> Eduardo Rojas</td><br />
<td bgcolor="#CED7EF"><b>Bloques de construcción en la implementación estratégica del software seguro con SAMM</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">09:50-10:10am</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:10-11:00 am</td><br />
<td bgcolor="#CED7EF">Mauricio Oviedo</td><br />
<td bgcolor="#CED7EF"><b>Manejo Seguro del DNS</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">11:00-11:50 am</td><br />
<td bgcolor="#CED7EF">Walter Montes</td><br />
<td bgcolor="#CED7EF"><b>Buenas prácticas para manejo de autenticación y sesión</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">11:50-1:20 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Almuerzo Libre</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">1:20-2:10 pm</td><br />
<td bgcolor="#CED7EF">Randall Barnett</td><br />
<td bgcolor="#CED7EF"><b>Vulnerabilidades encontradas en Sistema de Control de Tráfico Nacional</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">2:15-3:05 pm</td><br />
<td bgcolor="#CED7EF"> Mario Robles</td><br />
<td bgcolor="#CED7EF"> <b>Web Application Penetration Testing</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">3:05-3:25 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">3:25-4:15 pm</td><br />
<td bgcolor="#CED7EF">TBD </td><br />
<td bgcolor="#CED7EF"><b>TBD</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:15-5:00 pm</td><br />
<td bgcolor="#CED7EF">Bertin Bervis</td><br />
<td bgcolor="#CED7EF"><b>MiTM Attacks con DNS proxys a escala WAN el modem bajo ataque</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">5:00 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Palabras de cierre</td><br />
</tr><br />
</table><br />
<br><br />
<br />
=== PATROCINIO===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las oportunidades de patrocinio <br />
Cualquier consulta pueden contactar a [mailto:michael.hidalgo@owasp.org Michael Hidalgo].<br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
===CONFERENCIAS===<br />
<b>Día 1</b><br />
<b>Abril 21</b><br />
<br><br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 1:30 p.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">2:00</td><br />
<td width="212" bgcolor="#CED7EF">Camilo Fernandez</td><br />
<td width="482" bgcolor="#CED7EF"><b>OWASP Tools</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">3:00</td><br />
<td>Pablo Barrera</td><br />
<td><b>La verdad sobre los ataques de denegación de servicio</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:30</td><br />
<td bgcolor="#CED7EF">Oscar Rodas y Marco To</td><br />
<td bgcolor="#CED7EF"><b>Avances en investigación sobre seguridad informática</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FFFFFF" style="text-align: center">5:15</td><br />
<td bgcolor="#FFFFFF">Elder Guerra</td><br />
<td bgcolor="#FFFFFF"><b>Un verdadero análisis de riesgos</b></td><br />
</tr><br />
</table><br />
<br><br />
<b>Día 2</b><br />
<b>Abril 22</b><br />
<br><br />
<br><br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Register from 1:30 p.m.</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">2:00 PM Salon 1</td><br />
<td width="212" bgcolor="#CED7EF">Luis Cordon</td><br />
<td width="482" bgcolor="#CED7EF"><b>Web Pentesting</b></td><br />
</tr><br />
<tr><br />
<td style="text-align: center">2:00 PM Salon 2</td><br />
<td>Pablo Barrera</td><br />
<td><b>Server Hardening: métodos de aseguramiento de tu servidor web y los datos que contiene</b></td><br />
</tr><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:00PM</td><br />
<td bgcolor="#CED7EF"><b>Concurso de Ethical Hacking</b></td><br />
</tr><br />
</table><br />
<b>Tendremos algunas otras sorpresas más relacionadas con SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD !!!!</b><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''TALLERES Y CONFERENCIAS''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Latam Tour - Lima 2015''' == <br />
<br />
'''Viernes 17 de Abril''' ''(Talleres)'' <br>'''Sábado 18 de Abril''' ''(Conferencia)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''Descripcion y Objetivo'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP LATAM TOUR,''' es una gira por Latino América que promueve la seguridad en aplicaciones web en diversas instituciones, como: universidades, organismos gubernamentales, empresas de TI y entidades financieras, buscando crear conciencia sobre la seguridad en las aplicaciones y puedan tomar decisiones informadas sobre los verdaderos riesgos de seguridad.<br />
<br />
*Ademas del OWASP Top 10, la mayoría de los [[:Category:OWASP_Project|Proyectos OWASP]] no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial. <br />
<br />
*Esta serie de talleres y conferencias tienen como objetivo cambiar esta situación proporcionando una explicación sobre los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.<br />
|}<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''LIMA PERÚ'''</span><br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> '''TALLERES (Viernes 17)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Viernes 17 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | ''' San Isidro '''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | Durante todo el OWASP LatamTour se estarán realizando talleres de capacitación dictados por destacados profesionales en la materia.<br> <br />
'''Duracion:''' 8 horas<br> <br />
'''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br> <br />
'''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br> <br />
'''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN'''] '''<br><br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''TALLER 1'''</span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Taller''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''De 0 a Ninja con Metasploit'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | [[Image:Dragonjar.jpg|150px]]<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | El taller de 0 a Ninja con Metasploit, busca detallar el uso de la herramienta Metasploit ampliamente utilizada en auditorias de seguridad por profesionales del área, desde su instalación y puesta a punto para el trabajo, hasta el uso de sus funciones para llevar a feliz termino una auditoria en seguridad.<br />
De 0 a Ninja DragonJAR<br />
<br />
Este curso, altamente práctico, tiene una duración de 8 horas en las que los asistentes podrán acortar la curva de aprendizaje, gracias a la transmisión de conocimientos y experiencias de los docentes, altamente calificados, con el fin de que una vez finalizado el taller puedas aplicar los conocimientos adquiridos.<br />
<br />
Duracion: 1 día (8 horas)<br />
====De 0 a Ninja con Metasploit====<br />
*Introducción a Metasploit<br />
*Introducción a la linea de comandos de Metasploit<br />
*Trabajando con Metasploit y sus componentes (msfconsole, msfcli, msfgui, msfweb, msfpayload, msfencode, msfvenom, etc…)<br />
*Etapas de un Pentesting y las herramientas para realizarlas incluidas en Metasploit<br />
*Post-Explotación, ya tengo shell … ¿ahora que hago?<br />
*Trabajando con Meterpreter<br />
*Trabajo colaborativo usando Armitage/Cobalt Strike<br />
*Generando el informe ¿Alguna tool que pueda ayudarme?<br />
<br />
<br><br />
'''Perfil del Trainer : '''<br />
<br />
'''[https://twitter.com/DragonJAR/ Jaime Andrés Restrepo (DragonJAR)]''', es Ingeniero en Sistemas y Telecomunicaciones de la Universidad de Manizales. Information Security Researcher con más de 10 años de experiencias en Ethical Hacking, Pen Testing y Análisis Forense. Docente Universitario en Pre y Post-Grado, Speaker y Organizador de diferentes eventos de Seguridad Informática, Co-Fundador del ACK Security Conference, Fundador de DragonJAR SAS y de La Comunidad DragonJAR, una de las comunidades de seguridad informática mas grandes de habla hispana y referente en el sector. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 9:00am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRESE AL TALLER AQUI'''] '''<br> <br><br />
|-<br />
| align="center" style="background: #4B0082;" colspan="2" | <span style="color:#ffffff">'''TALLER 2'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Taller''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Introducción a la Seguridad en Aplicaciones Web'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | [[Image:Cerullof.jpg|150px]]<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | El contenido está alineado al OWASP TOP 10, documento referente sobre los riesgos de seguridad de las Aplicaciones Web.<br />
'''Format:'''<br />
<br />
El taller combina la teoría y ejecícios practicos. Los participantes aprenderán a identificar vulnerabilidades en sitios web espeficamente diseñados con vulnerabilidades y errores de código, explotandolas utilizando diferentes tecnicas y herramientas libres en un entorno controlado.<br />
<br />
'''Audiencia:''' IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals.<br />
<br />
'''Duración:''' 1 día - (8 horas)<br />
<br />
'''Material a entregar:'''<br />
<br />
- Material Impreso<br><br />
- OWASP Live CD incluyendo las herramientas utilizadas.<br><br />
- Certificado de Participación (CPE Points)<br><br />
<br />
==== Introducción a la Seguridad de Aplicaciones Web. ====<br />
Los temas a cubrir son:<br />
<br />
*Introducción a la Seguridad de Aplicaciones Web.<br />
*Tecnológia usada en Aplicaciones Web.<br />
*Áreas criticas en una Aplicación Web.<br />
**Inyección<br />
**Cross Site Scripting (XSS).<br />
**Broken Authentication and Session Management.<br />
**Insecure Direct Object References.<br />
**Cross Site Request Forgery.<br />
**Security Misconfiguration.<br />
**Insecure Cryptographic Storage.<br />
**Failure to restrict URL Access.<br />
**Insufficient Transport Layer Protection.<br />
**Unvalidated Redirects and Forwards.<br />
**Secure Software Development Lifecycle (SSDLC)<br />
<br><br />
'''Perfil del Trainer : '''<br />
<br />
'''[https://twitter.com/fcerullo Fabio Cerullo]''', más de 10 años de experiencia en el campo de seguridad de la información adquirida a través de una amplia gama de industrias. Como CEO y Fundador de Cycubix, que ayuda a los clientes de todo el mundo mediante la evaluación de la seguridad de las aplicaciones desarrolladas internamente o por terceros, la definición de políticas y normas, la implementación de iniciativas de gestión de riesgos, así como la capacitación sobre el tema para desarrolladores, auditores , ejecutivos y profesionales de la seguridad. <br><br />
Como miembro de la Fundación OWASP, Fabio es parte de la Comisión de Educación Global, cuya misión es proporcionar formación y servicios educativos a las empresas, los gobiernos y las instituciones educativas en la seguridad de la aplicación, y ha sido nombrado Líder del Capítulo OWASP Irlanda desde principios de 2010.<br />
Posee una Maestría en Ingeniería Informática por la UCA y se ha obtenido los certificados CISSP y CSSLP por (ISC)2. <br><br />
<br />
* '''Duracion:''' 8 horas (El taller iniciará a las 09:00 am y finaliza a las 6:00pm)<br />
<br />
* '''Precio:''' U$S200 (Miembros OWASP). $250 (Público en General).<br />
<br />
* '''Para mayor informacion : ''' Por favor comuniquese al correo owasp.peru@gmail.com<br />
<br />
* '''Link de Registro''': [https://www.regonline.com/owasplatamtour15lima'''REGISTRESE AL TALLER AQUI!'''] '''<br> <br><br />
|-<br />
|}<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> '''CONFERENCIAS (Sábado 18)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | Sábado 18 de Abril<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Universidad Tecnológica del Peru - Esquina Av. 28 de Julio con Av. Petit Thouars, Lima – Perú'''<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Precio y Registro'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | El ingreso a las conferencias es '''GRATUITO''' - El proceso de registro lo podrá ubicar en el siguiente link : <br><br />
[https://www.regonline.com/owasplatamtour15lima'''EL REGISTRO SE ENCUENTRA ABIERTO!''']<br />
<br><br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Promociones'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | OFERTA ESPECIAL - Durante todo el OWASP Latam Tour el costo de la membresía anual es de solamente U$D 20. Utilice el código de descuento "LATAM" durante el proceso de registro electrónico como miembro individual en el enlace disponible a continuación.<br><br />
[http://myowasp.force.com/memberappregion Hágase MIEMBRO DE OWASP AQUÍ] <br><br />
'''Si usted aun no es miembro OWASP, por favor considere unirse a nuestra organización.'''<br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''DETALLES DE LA JORNADA'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | ''' - '''<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Ponente'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 9:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | OWASP PERU<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Presentación del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/John_Vargas John Vargas]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cyber War in Web and Mobile Applications <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/stinguer88 Jesús González (ESP)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30 am<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Desarrollo Rápido y Seguro de Aplicaciones – Es posible tener las dos cosas?<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |[https://twitter.com/fcerullo Fabio Cerullo (ARG)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Seguridad en Aplicaciones Moviles<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/pITea_security Juan Pablo Quiñe]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Todos a Sh3ll34r!<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/gabsitus Gabriel Lazo]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Se verán distintas técnicas utilizadas por atacantes maliciosos para lograr subir shells y obtener acceso a servidores web.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | OWASP Zap <br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/Alonso_ReYDeS Alonso Caballero]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 17:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hackeando Carros en Latinoamérica<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [https://twitter.com/DragonJAR Andrés Restrepo (COL) (DragonJAR)]<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|}<br />
<br />
=URUGUAY=<br />
<br />
== '''Conferencia: 15 de abril de 2015 ''' ==<br />
El evento más importante de la región llega nuevamente a Uruguay, OWASP Latam tour 2015!. Expositores internacionales estarán presentando conferencias sobre los temas más importantes en Seguridad en Aplicaciones.<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA REGISTRARSE AL EVENTO HAGA CLIC AQUI! - SIN COSTO''']<br />
<br />
'''¿Dónde?''' <br />
<br />
[http://www.ucu.edu.uy/ Universidad Católica del Uruguay]<br><br />
Av. 8 de Octubre 2738<br><br />
Montevideo 11600 Montevideo, Uruguay. <br><br />
Ver en [https://www.google.com/maps/place/Universidad+Cat%C3%B3lica+del+Uruguay/@-34.888694,-56.159218,17z/data=!3m1!4b1!4m2!3m1!1s0x0:0x13508c3340b76e45 Google Maps]<br />
<br><br />
<br />
== '''Conferencias: Miércoles 15 de abril''' ==<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| style="width:90%" valign="middle" height="40" bgcolor="#4B0082" align="center" colspan="6" | <span style="color:#ffffff"> '''DETALLES DE LA CONFERENCIA - Miércoles 15 de Abril (Universidad Católica del Uruguay)'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Horario''' <br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Expositor'''<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Titulo'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 17:30 - 18:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Acreditación<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:00 - 18:45<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Cristian Borghello<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Certificate Pinning: ¿tenemos el c...ertificado roto?<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esta charla pretende demostrar en vivo la explotación de distintas vulnerabilidades en una aplicación móvil de tal manera que podamos revisar las causas y consecuencias, ademas recomendar las medidas de seguridad pertinentes.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:45 - 19:15<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Edgar Salazar<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Inseguridad en Aplicaciones Móviles<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Esta charla pretende demostrar en vivo la explotación de distintas vulnerabilidades en una aplicación móvil de tal manera que podamos revisar las causas y consecuencias, ademas recomendar las medidas de seguridad pertinentes.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | 19:15 - 19:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | Coffee - Break<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 19:30 - 20:15<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Carlos Eduardo Santiago<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | (IN)secure Development<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Forget Injection and XSS<br />
This lecture aims to demonstrate simple traps in web development, and bad practices in addition to some factors are likely to cause critical security flaws. We will analyze some cases and demonstrate ways to mitigate and correct such failures.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 20:15 - 21:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Ricardo Supo Picón<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Hacking Efectivo<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Los dominios windows están presentes en gran cantidad de organizaciones, en estos la autenticación de usuarios esta disponible en muchos servicios. En esta charla analizaremos los distintos tipos de autenticación de windows y como obtener credenciales locales y de dominio así mismo como a partir de una sola credencial se puede obtener más credenciales hasta obtener un administrador de dominio. Así mismo se detallará como poder realizar intrusiones masivas en red de computadores que ayudan a que un sólo hacker pueda multiplicar sus actividades y conseguir su objetivo en un sólo día, presentación de la herramienta Domainator.<br />
|-|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 21:00 - 21:30<br />
| style="width:27%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Victor Rojo<br />
| style="width:23%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | ¿Porque la seguridad en software es tan importante?<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Enfoque Tecnico y Ecónomico para maximizar el retorno de la inversión en hacking etico, pentesting, desarrollo seguro, análisis del código, pruebas de seguridad.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 21:30 - 22:00<br />
| style="width:27%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Cierre del evento<br />
| style="width:23%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Sorteo de Premios<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="6" | <span style="color:#ffffff"> '''TALLERES (Jueves 16 de Abril)'''</span><br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Tema'''<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
| style="width:30%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Detalles'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 16 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | TRAINING 1: Hacking de aplicaciones web basado en OWASP Top 10 (Costo: USD 250) by Cristian Borghello<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Universidad Católica del Uruguay<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Los desarrolladores son una raza extraña. Los Pentesters viven en una burbuja. Este entrenamiento ayuda a los desarrolladores a conocer sobre seguridad en el desarrollo web y a los Pentesters a probar aplicaciones web de forma adecuada.<br />
<br />
Objetivos: - Conocer OWASP Top 10 (quick summary) - Aprender cómo comprobar cada vulnerabilidad desde el punto de vista del Desarrollador y del Pentester - Conocer recomendaciones desde el punto de vista del Pentester - Conocer recomendaciones desde el punto de vista del Desarrollador<br />
<br />
Orientado a desarrolladores, pentesters y personas relacionados con el ciclo de vida del desarrollo de software o sus pruebas de seguridad. <br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Jueves 16 de Abril '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | TRAINING 2: BYOX101/Construya su propio xploit 101/Build Your Own Xploit 101 (Costo: USD 250) by Mauricio Campiglia<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | Universidad Católica del Uruguay<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | ¿Alguna vez te preguntaste de dónde salen ese montón de numeritos que por arte de magia te dejan en una línea de comandos con privilegios? Esta es tu oportunidad para conocer de dónde salen y porqué están ahí y no en otro lugar. Este entrenamiento te guía desde cero hasta la creación de exploits sencillos e intermedios aprendiendo en el recorrido los por qué de cada paso. No se verán exploits de dia cero ni muy complejos, nos concentraremos en lo probado y conocido pues el objetivo es entender el proceso de creación de un exploit.<br />
<br />
Detalles:<br />
<br />
Entrenamiento mayormente práctico de creación básica de exploits para sistemas MS Windows. Se usarán ejemplos conocidos pero fiables y se crearán programas de ejemplo vulnerables a propósito.<br />
<br />
Conocimientos obtenidos:<br />
<br />
Quienes asistan entenderán el proceso de creación de un exploit entendiendo en el camino la confirmación de memoria de sistemas MS Windows y las protecciones de este sistema. ¿Por qué participar de este entrenamiento?<br />
<br />
La habilidad de creación de exploits no es algo que se encuentre facilmente en un curso.<br />
Entender este proceso te da la flexibilidad de adaptarte cuando un ataque no funciona tal como te lo dieron.<br />
Desenmarañar el porqué de un montón de números sin sentido que te dan un acceso que no tienes es mágico.<br />
<br />
|}<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA REGISTRARSE AL EVENTO HAGA CLIC AQUI! - SIN COSTO''']<br />
<br />
== '''Trainings: Jueves 16 de abril de 8am a 5pm''' ==<br />
<br />
=== TRAINING 1: Hacking de aplicaciones web basado en OWASP Top 10 (Costo: USD 250) ===<br />
<br />
'''Instructor:''' Christian Borghello<br />
<br />
Los desarrolladores son una raza extraña. Los Pentesters viven en una burbuja. Este entrenamiento ayuda a los desarrolladores a conocer sobre seguridad en el desarrollo web y a los Pentesters a probar aplicaciones web de forma adecuada.<br />
<br />
Objetivos: - Conocer OWASP Top 10 (quick summary) - Aprender cómo comprobar cada vulnerabilidad desde el punto de vista del Desarrollador y del Pentester - Conocer recomendaciones desde el punto de vista del Pentester - Conocer recomendaciones desde el punto de vista del Desarrollador <br />
<br />
Orientado a desarrolladores, pentesters y personas relacionados con el ciclo de vida del desarrollo de software o sus pruebas de seguridad. <br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA INSCRIBIRSE HAGA CLIC AQUI!''']<br />
<br />
=== TRAINING 2: BYOX101/Construya su propio xploit 101/Build Your Own Xploit 101 (Costo: USD 250) ===<br />
<br />
'''Instructor:''' Mauricio Campiglia<br />
<br />
¿Alguna vez te preguntaste de dónde salen ese montón de numeritos que por arte de magia te dejan en una línea de comandos con privilegios? Esta es tu oportunidad para conocer de dónde salen y porqué están ahí y no en otro lugar. Este entrenamiento te guía desde cero hasta la creación de exploits sencillos e intermedios aprendiendo en el recorrido los por qué de cada paso. No se verán exploits de dia cero ni muy complejos, nos concentraremos en lo probado y conocido pues el objetivo es entender el proceso de creación de un exploit.<br />
<br />
'''Detalles''':<br /><br />
<br />
Entrenamiento mayormente práctico de creación básica de exploits para<br />
sistemas MS Windows. Se usarán ejemplos conocidos pero fiables y se crearán<br />
programas de ejemplo vulnerables a propósito.<br />
<br />
'''Conocimientos obtenidos''':<br /><br />
<br />
Quienes asistan entenderán el proceso de creación de un exploit entendiendo en el camino la confirmación de memoria de sistemas MS Windows y las protecciones de este sistema. ¿Por qué participar de este entrenamiento?<br />
* La habilidad de creación de exploits no es algo que se encuentre facilmente en un curso.<br />
* Entender este proceso te da la flexibilidad de adaptarte cuando un ataque no funciona tal como te lo dieron.<br />
* Desenmarañar el porqué de un montón de números sin sentido que te dan un acceso que no tienes es mágico.<br />
<br />
[https://www.regonline.com/owasplatamtour15uruguay'''PARA INSCRIBIRSE HAGA CLIC AQUI!''']<br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd 2015''' ==<br />
[[File:bwoltv.png| center |bwoltv.png ]]<br />
<br><br />
<br />
== Registro ==<br />
El registro es totalmente gratis, nos complacería mucho que nos acompañaras este día. <br />
<br />
Te esperamos!!!<br />
<br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGISTRATE AQUI''']<br />
<br><br />
<br><br />
<br />
== UBICACIÓN ==<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
<br />
[[File:UbicacionLatamCaracas.png]]<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<table width="804" border="0"><br />
<tr><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Registro 8:30 am</td><br />
</tr><br />
<tr><br />
<td width="96" bgcolor="#CED7EF" style="text-align: center">9:00 am</td><br />
<td width="212" bgcolor="#CED7EF">OWASP Venezuela & UCV</td><br />
<td width="482" bgcolor="#CED7EF"><b>Palabras de Bienvenida</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">9:15-9:55 am</td><br />
<td bgcolor="#CED7EF"> Jair Garcia</td><br />
<td bgcolor="#CED7EF" ><b>Hacking Etico: Cacería de Vulnerabilidades</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">10:00-9:35 am</td><br />
<td bgcolor="#CED7EF"> Randy Ortega</td><br />
<td bgcolor="#CED7EF"><b>Sessión Hijacking: Peligro en la web</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">10:40-11:10am</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">11:15-11:50 am</td><br />
<td bgcolor="#CED7EF">Michael Hidalgo (Costa Rica)</td><br />
<td bgcolor="#CED7EF"><b>Ataques de denegación de servicio a través de expresiones regulares: De la explotación a la corrección</b></td><br />
</tr><br />
<br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">12:00-1:30 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Almuerzo Libre</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">1:35-2:10 pm</td><br />
<td bgcolor="#CED7EF">Josmell Chavarri</td><br />
<td bgcolor="#CED7EF"><b>Conociendo al Enemigo: Honeypots</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">2:15-2:40 pm</td><br />
<td bgcolor="#CED7EF" > Rodrigo Bravo y Eliezer Romero</td><br />
<td bgcolor="#CED7EF" > <b>Programación Segura en Python</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">2:45-3:20 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Coffee Break</td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">3:35-4:10 pm</td><br />
<td bgcolor="#CED7EF">Maximiliano Anlonzo (Uruguay) </td><br />
<td bgcolor="#CED7EF"><b>Peligro: software en construcción</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#CED7EF" style="text-align: center">4:15-4:40 pm</td><br />
<td bgcolor="#CED7EF">Carlos Suárez</td><br />
<td bgcolor="#CED7EF"><b>Beef como framework de explotación xss</b></td><br />
</tr><br />
<tr><br />
<td bgcolor="#FBF1D7" style="text-align: center">4:45-5:00 pm</td><br />
<td colspan="3" bgcolor="#FBF1D7" style="text-align: center">Palabras de cierre</td><br />
</tr><br />
</table><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
= CTF =<br />
<br />
Do you have an interest in security or are you a security professional? Either way, you have something to gain from the OWASP Security Shepherd LATAM Tour CTF. OWASP Security Shepherd has been designed and implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn or to improve upon existing manual penetration testing skills. The OWASP Security Shepherd leaders have created a customised version of the project for this CTF. This CTF is for everyone and anyone, so check it out! Just ensure that you follow these rules when you take part;<br />
<br />
CTF Rules <br />
- No Denial of Service Attacks.<br />
- No automated Scans (you might get banned).<br />
- Do not generate large amounts of traffic.<br />
- No destructive attacks (don't delete stuff).<br />
- Confine hacking on the tasks that are explicitly free to hack.<br />
- If you find a cheat or trick to solve things more easily, please report it for Bonus Points.<br />
- The organizers might change the rules throughout the challenge.<br />
- Participants breaking these rules might be penalized or excluded from the competition.<br />
<br />
Follow the CTF twitter feed for CTF news: https://twitter.com/LatamTourCtf<br />
Enjoying the CTF? Want to contribute? More information on the project here: https://www.owasp.org/index.php/OWASP_Security_Shepherd<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015_Sponsors&diff=192051LatamTour2015 Sponsors2015-03-24T17:41:16Z<p>Fabio.e.cerullo: </p>
<hr />
<div><br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image: Akamai-Logo-Faster-Forward-RGB.jpeg|300px|link= http://spanish.akamai.com/enes//]] [[Image: Best_Resolution_-_Final_Logo.jpg|300px|link= http://www.checkmarx.com//]] [[Image: Logohp2015.png|150px|link= http://www8.hp.com/us/en/software-solutions/enterprise-security.html//]]<br />
<br />
== Gold Sponsors ==<br />
<br />
== Silver Sponsors ==<br />
<br />
[[Image: Logo_inzafe.png|200px|link= http://inzafe.cl]]<br />
<br />
== Coffee Break Sponsor ==<br />
<br />
<br />
<br />
<br />
== Educational Supporters ==<br />
<br />
[[Image:LogoUPB.png |200px|link=http://www.upb.edu.co/]]<br />
[[Image:Logo_Uncoma.png |200px|link=http://www.uncoma.edu.ar/]]<br />
[[Image:DUOCUC.jpg|250px|link=http://www.duoc.cl/]]<br />
[[Image:UCUDAL.jpg|200px|link=http://www.ucu.edu.uy//]]<br />
[[Image:Logo_UTP_2015.png|200px|link=http://www.utp.edu.pe/]]<br />
<br />
-<br />
[[Image:logo-ug.png|200px|link=https://www.galileo.edu/]]<br />
[[Image:universidad-marina-mercante-200x200.jpg|200px|link=http://www.udemm.edu.ar/]]<br />
[[Image:Logo_NUR.jpg|200px|link=http://www.nur.edu//]]<br />
[[Image:Ucv-logo.jpg |150px|link=http://www.ucv.ve///]]<br />
[[Image:Logoucostarica.jpg |150px|link=http://www.ucr.ac.cr/acerca-u/campus.html/]]<br />
<br />
[[Image: Fontlogo.png|300px|link=http://securityresearch.ie/]]<br />
<br />
== Community Supporters ==<br />
&nbsp;<br />
&nbsp;<br />
<br><br><br />
-<br />
[[Image:Logo-segu-info-alta.jpg|250px|link=http://www.segu-info.com.ar/]]<br />
[[Image:dragonjar.png|250px|link=http://www.dragonjar.org/]]<br />
<br />
<br />
== Supporting Partners ==<br />
<br />
[[Image:MUNDO_HACKER_LOGO.jpg|250px|link=http://www.mundohacker.es/]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=189994LatamTour20152015-02-19T22:54:28Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |750px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st-22nd 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
<br />
===Speakers===<br />
'''Viernes 10 de abril'''<br><br />
Andres Riancho - Análisis de seguridad en aplicaciones WEB<br><br />
Claudio Caracciolo - El mercado del Malware en las Apps de los Store para Android<br><br />
Cristian Borghello - Certificate Pinning: ¿tenemos el c...ertificado roto?<br><br />
Gustavo Sorondo - Mobile Apps and how to Pentest them<br><br />
Marcelo Campetella - Aspectos Legales de la Seguridad informática<br><br />
Mauro Graziosi - CIOs vs CISOs: OWASP al rescate<br><br />
<br />
===Training===<br />
'''Sabado 11 de abril'''<br><br />
Cristian Borghello - Hacking de aplicaciones web basado en OWASP Top 10<br><br />
<br />
===¿Dónde?===<br />
<br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
<br><br />
===REGISTRO===<br />
Recuerde que el ingreso al evento es <b>totalmente gratuito, sólo debe registrarse previamente</b>.<br><br />
[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']<br />
<br><br />
<br><br />
<br />
===CONFERENCIAS===<br />
<br />
Diego Ademir Duarte Santana | <b>OWASP ASVS 2.0 Web Application Standard</b><br />
<br><br />
Jhon César Arango Serna | <b>IPv6 Ventaja o Amenaza</b><br />
<br><br />
Javier Orlando Mantilla P. | <b>Seguridad en desarrollo de aplicaciones web usando Apache Tomee</b><br />
<br><br />
Hugo Armando Rodriguez Vera | <b>Por definir tema (Leyes y Seguridad Informática)</b><br />
<br><br />
Ronald Escalona | <b>Hardening del Servidor Web, enfoque práctico con jail/chroot para entornos multisitios</b><br />
<br><br />
German Alonso Suárez Guerrero | <b>OWASP Proactive Controls</b><br />
<br><br />
<br><br />
<b>Tendremos algunas otras sorpresas más relacionadas con SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD !!!!</b><br />
<br><br />
<u>Si te interesa participar como CONFERENCISTA, puedes escribir a [mailto:dadhemir@owasp.org dadhemir@owasp.org]</u><br />
<br><br />
<br><br />
Horario<br />
<br><br />
08:15 a 12:00<br />
<br><br />
14:00 a 18:00<br />
<br><br />
<br><br />
Se contará con <b>transmisión vía streaming</b> para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===PATROCINIO===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
<br />
[[File:Santa.jpg]]<br />
<br><br />
<br><br />
<br><br />
Lugar: Universidad NUR<br />
<br><br />
Dirección: Av. Banzer, Victorino Rivero 100<br />
<br><br />
Santa Cruz de la Sierra, Bolivia<br />
<br><br />
Fecha: 17 y 18 de abril del 2015<br />
<br><br />
<br><br />
[[File:Mapa.jpg]]<br />
<br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<br />
<table width="761" border="1" cellpadding="0" cellspacing="0" ><br />
<tr style="background-color: #30608f;<br />
color:#FFF;"><br />
<td>Nro</td><br />
<td>Nombre</td><br />
<td>Ciudad</td><br />
<td>Tema</td><br />
</tr><br />
<tr><br />
<td width="25">1</td><br />
<td width="200">Alvaro Machaca Tola</td><br />
<td width="187">La Paz ,Bolivia</td><br />
<td width="321">Análisis de riesgos aplicando la metodología OWASP</td><br />
</tr><br />
<tr><br />
<td>2</td><br />
<td>Deyvi Bustamante Perez</td><br />
<td>Sucre , Bolivia</td><br />
<td>Exploit development</td><br />
</tr><br />
<tr><br />
<td>3</td><br />
<td>Walter Camama Menacho</td><br />
<td>Trinidad, Bolivia</td><br />
<td>MiTM a nivel de browser con beef y metasploit</td><br />
</tr><br />
<tr><br />
<td>4</td><br />
<td>Leonardo Camilo Quenta Alarcon</td><br />
<td>La Paz, Bolivia</td><br />
<td>Seguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP</td><br />
</tr><br />
<tr><br />
<td>5</td><br />
<td>Hernán Marcelo Leytón Balderrama</td><br />
<td>Potosí, Bolivia</td><br />
<td>Seguridad en los Satélites de Comunicación</td><br />
</tr><br />
<tr><br />
<td>6</td><br />
<td>Jaime Iván Mendoza Ribera</td><br />
<td>Santa Cruz, Bolivia</td><br />
<td>Análisis de vulnerabilidades web</td><br />
</tr><br />
<tr><br />
<td>7</td><br />
<td>Juan Pablo Barriga Sapiencia</td><br />
<td>Sucre , Bolivia</td><br />
<td>Riesgos en TI</td><br />
</tr><br />
<tr><br />
<td>8</td><br />
<td>Richard Villca Apaza</td><br />
<td>La Paz, Bolivia</td><br />
<td>Rompiendo el modelo de negocios: Debugging Android Apps</td><br />
</tr><br />
<tr><br />
<td>9</td><br />
<td>Alex Villegas y Roller Ibanez</td><br />
<td>Cochabamba , Bolivia</td><br />
<td>Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301</td><br />
</tr><br />
<tr><br />
<td>10</td><br />
<td>Daniel Torres Sandi</td><br />
<td>Sucre , Bolivia</td><br />
<td>Headers seguros en HTTP</td><br />
</tr><br />
<tr><br />
<td>11</td><br />
<td>Gonzalo Nina Mamani</td><br />
<td>Cochabamba , Bolivia</td><br />
<td>Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web</td><br />
</tr><br />
<tr><br />
<td>12</td><br />
<td>Cristhian Lima Saravia</td><br />
<td>Cochabamba, Bolivia</td><br />
<td>Framework Pleni</td><br />
</tr><br />
<tr><br />
<td>13</td><br />
<td>Elvin Vidal Mollinedo Mencia</td><br />
<td>Santa Cruz de la Sierra, Bolivia</td><br />
<td>Los 7 pecados de un desarrollador Web</td><br />
</tr><br />
<tr><br />
<td>14</td><br />
<td>Erick Calderon Mostajo</td><br />
<td>La Paz, Bolivia</td><br />
<td>Herramientas de Aprendizaje OWASP.</td><br />
</tr><br />
<tr><br />
<td>15</td><br />
<td>Dennis Ariel Ruiz Vasquez</td><br />
<td>La Paz , Bolivia</td><br />
<td>Whitehat vs Blackhat</td><br />
</tr><br />
<tr><br />
<td>16</td><br />
<td>Juan Alberto Fajardo Canaza</td><br />
<td>Potosí, Bolivia</td><br />
<td>WAF Testing Framework</td><br />
</tr><br />
<tr><br />
<td>17</td><br />
<td>Gabriel Labrada Hernandez</td><br />
<td>Mexico</td><br />
<td>Seguridad en Hardware y los servicios en la nube</td><br />
</tr><br />
<tr><br />
<td>18</td><br />
<td>Jaime Andres Restrepo Gomez</td><br />
<td>Colombia</td><br />
<td>Hackeando carros en Latinoamérica</td><br />
</tr><br />
</table><br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Católica del Uruguay]<br><br />
Av. 8 de Octubre 2738, <br><br />
Montevideo 11600 Montevideo, Uruguay. <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
[[File:BannerLatamTourVenezuela.jpg| center |BannerLatamTourVenezuela.jpg ]]<br />
<br><br />
<br />
<br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGISTRATE''']<br />
<br><br />
<br><br />
<br />
<br />
== UBICACIÓN ==<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
<br />
[[File:UbicacionLatamCaracas.png]]<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<br />
<table width="761" border="1" cellpadding="0" cellspacing="0" ><br />
<tr style="background-color: #30608f;<br />
color:#FFF;"><br />
<td>Hora</td><br />
<td>Nombre</td><br />
<td>Ciudad</td><br />
<td>Tema</td><br />
</tr><br />
<tr><br />
<td width="25"></td><br />
<td width="200"></td><br />
<td width="187"></td><br />
<td width="321"></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
</table><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=189993LatamTour20152015-02-19T22:52:37Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |750px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st-22nd 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
<br />
===Speakers===<br />
'''Viernes 10 de abril'''<br><br />
Andres Riancho - Análisis de seguridad en aplicaciones WEB<br><br />
Claudio Caracciolo - El mercado del Malware en las Apps de los Store para Android<br><br />
Cristian Borghello - Certificate Pinning: ¿tenemos el c...ertificado roto?<br><br />
Gustavo Sorondo - Mobile Apps and how to Pentest them<br><br />
Marcelo Campetella - Aspectos Legales de la Seguridad informática<br><br />
Mauro Graziosi - CIOs vs CISOs: OWASP al rescate<br><br />
<br />
===Training===<br />
'''Sabado 11 de abril'''<br><br />
Cristian Borghello - Hacking de aplicaciones web basado en OWASP Top 10<br><br />
<br />
===¿Dónde?===<br />
<br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
<br><br />
===REGISTRO===<br />
Recuerde que el ingreso al evento es <b>totalmente gratuito, sólo debe registrarse previamente</b>.<br><br />
[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']<br />
<br><br />
<br><br />
<br />
===CONFERENCIAS===<br />
<br />
Diego Ademir Duarte Santana | <b>OWASP ASVS 2.0 Web Application Standard</b><br />
<br><br />
Jhon César Arango Serna | <b>IPv6 Ventaja o Amenaza</b><br />
<br><br />
Javier Orlando Mantilla P. | <b>Seguridad en desarrollo de aplicaciones web usando Apache Tomee</b><br />
<br><br />
Hugo Armando Rodriguez Vera | <b>Por definir tema (Leyes y Seguridad Informática)</b><br />
<br><br />
Ronald Escalona | <b>Hardening del Servidor Web, enfoque práctico con jail/chroot para entornos multisitios</b><br />
<br><br />
German Alonso Suárez Guerrero | <b>OWASP Proactive Controls</b><br />
<br><br />
<br><br />
<b>Tendremos algunas otras sorpresas más relacionadas con SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD !!!!</b><br />
<br><br />
<!--<u>Si te interesa participar como CONFERENCISTA, puedes escribir a [mailto:dadhemir@owasp.org dadhemir@owasp.org]</u>--!><br />
<br><br />
<br><br />
Horario<br />
<br><br />
08:15 a 12:00<br />
<br><br />
14:00 a 18:00<br />
<br><br />
<br><br />
Se contará con <b>transmisión vía streaming</b> para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===PATROCINIO===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
<br />
[[File:Santa.jpg]]<br />
<br><br />
<br><br />
<br><br />
Lugar: Universidad NUR<br />
<br><br />
Dirección: Av. Banzer, Victorino Rivero 100<br />
<br><br />
Santa Cruz de la Sierra, Bolivia<br />
<br><br />
Fecha: 17 y 18 de abril del 2015<br />
<br><br />
<br><br />
[[File:Mapa.jpg]]<br />
<br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<br />
<table width="761" border="1" cellpadding="0" cellspacing="0" ><br />
<tr style="background-color: #30608f;<br />
color:#FFF;"><br />
<td>Nro</td><br />
<td>Nombre</td><br />
<td>Ciudad</td><br />
<td>Tema</td><br />
</tr><br />
<tr><br />
<td width="25">1</td><br />
<td width="200">Alvaro Machaca Tola</td><br />
<td width="187">La Paz ,Bolivia</td><br />
<td width="321">Análisis de riesgos aplicando la metodología OWASP</td><br />
</tr><br />
<tr><br />
<td>2</td><br />
<td>Deyvi Bustamante Perez</td><br />
<td>Sucre , Bolivia</td><br />
<td>Exploit development</td><br />
</tr><br />
<tr><br />
<td>3</td><br />
<td>Walter Camama Menacho</td><br />
<td>Trinidad, Bolivia</td><br />
<td>MiTM a nivel de browser con beef y metasploit</td><br />
</tr><br />
<tr><br />
<td>4</td><br />
<td>Leonardo Camilo Quenta Alarcon</td><br />
<td>La Paz, Bolivia</td><br />
<td>Seguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP</td><br />
</tr><br />
<tr><br />
<td>5</td><br />
<td>Hernán Marcelo Leytón Balderrama</td><br />
<td>Potosí, Bolivia</td><br />
<td>Seguridad en los Satélites de Comunicación</td><br />
</tr><br />
<tr><br />
<td>6</td><br />
<td>Jaime Iván Mendoza Ribera</td><br />
<td>Santa Cruz, Bolivia</td><br />
<td>Análisis de vulnerabilidades web</td><br />
</tr><br />
<tr><br />
<td>7</td><br />
<td>Juan Pablo Barriga Sapiencia</td><br />
<td>Sucre , Bolivia</td><br />
<td>Riesgos en TI</td><br />
</tr><br />
<tr><br />
<td>8</td><br />
<td>Richard Villca Apaza</td><br />
<td>La Paz, Bolivia</td><br />
<td>Rompiendo el modelo de negocios: Debugging Android Apps</td><br />
</tr><br />
<tr><br />
<td>9</td><br />
<td>Alex Villegas y Roller Ibanez</td><br />
<td>Cochabamba , Bolivia</td><br />
<td>Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301</td><br />
</tr><br />
<tr><br />
<td>10</td><br />
<td>Daniel Torres Sandi</td><br />
<td>Sucre , Bolivia</td><br />
<td>Headers seguros en HTTP</td><br />
</tr><br />
<tr><br />
<td>11</td><br />
<td>Gonzalo Nina Mamani</td><br />
<td>Cochabamba , Bolivia</td><br />
<td>Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web</td><br />
</tr><br />
<tr><br />
<td>12</td><br />
<td>Cristhian Lima Saravia</td><br />
<td>Cochabamba, Bolivia</td><br />
<td>Framework Pleni</td><br />
</tr><br />
<tr><br />
<td>13</td><br />
<td>Elvin Vidal Mollinedo Mencia</td><br />
<td>Santa Cruz de la Sierra, Bolivia</td><br />
<td>Los 7 pecados de un desarrollador Web</td><br />
</tr><br />
<tr><br />
<td>14</td><br />
<td>Erick Calderon Mostajo</td><br />
<td>La Paz, Bolivia</td><br />
<td>Herramientas de Aprendizaje OWASP.</td><br />
</tr><br />
<tr><br />
<td>15</td><br />
<td>Dennis Ariel Ruiz Vasquez</td><br />
<td>La Paz , Bolivia</td><br />
<td>Whitehat vs Blackhat</td><br />
</tr><br />
<tr><br />
<td>16</td><br />
<td>Juan Alberto Fajardo Canaza</td><br />
<td>Potosí, Bolivia</td><br />
<td>WAF Testing Framework</td><br />
</tr><br />
<tr><br />
<td>17</td><br />
<td>Gabriel Labrada Hernandez</td><br />
<td>Mexico</td><br />
<td>Seguridad en Hardware y los servicios en la nube</td><br />
</tr><br />
<tr><br />
<td>18</td><br />
<td>Jaime Andres Restrepo Gomez</td><br />
<td>Colombia</td><br />
<td>Hackeando carros en Latinoamérica</td><br />
</tr><br />
</table><br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Católica del Uruguay]<br><br />
Av. 8 de Octubre 2738, <br><br />
Montevideo 11600 Montevideo, Uruguay. <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
[[File:BannerLatamTourVenezuela.jpg| center |BannerLatamTourVenezuela.jpg ]]<br />
<br><br />
<br />
<br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGISTRATE''']<br />
<br><br />
<br><br />
<br />
<br />
== UBICACIÓN ==<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
<br />
[[File:UbicacionLatamCaracas.png]]<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<br />
<table width="761" border="1" cellpadding="0" cellspacing="0" ><br />
<tr style="background-color: #30608f;<br />
color:#FFF;"><br />
<td>Hora</td><br />
<td>Nombre</td><br />
<td>Ciudad</td><br />
<td>Tema</td><br />
</tr><br />
<tr><br />
<td width="25"></td><br />
<td width="200"></td><br />
<td width="187"></td><br />
<td width="321"></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
</table><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015_Sponsors&diff=188950LatamTour2015 Sponsors2015-02-03T10:56:04Z<p>Fabio.e.cerullo: </p>
<hr />
<div><br />
<br />
== Platinum Sponsors ==<br />
<br />
[[Image: Akamai-Logo-Faster-Forward-RGB.jpeg|300px|link= http://spanish.akamai.com/enes//]]<br />
<br />
== Gold Sponsors ==<br />
<br />
<br />
<br />
<br />
== Silver Sponsors ==<br />
<br />
<br />
<br />
<br />
== Coffee Break Sponsor ==<br />
<br />
<br />
<br />
<br />
== Educational Supporters ==<br />
<br />
<br />
<br />
[[Image:LogoUPB.png |200px|link=http://www.upb.edu.co/]]<br />
[[Image:Logo_Uncoma.png |200px|link=http://www.uncoma.edu.ar/]]<br />
[[Image:EPG-UTP.JPG|200px|link=http://www.postgradoutp.edu.pe]]<br />
[[Image:DUOCUC.jpg|200px|link=http://www.duoc.cl/]]<br />
[[Image:UCUDAL.jpg|200px|link=http://www.ucu.edu.uy//]]<br />
<br />
-<br />
[[Image:logo-ug.png|200px|link=https://www.galileo.edu/]]<br />
[[Image:universidad-marina-mercante-200x200.jpg|200px|link=http://www.udemm.edu.ar/]]<br />
[[Image:Logo_NUR.jpg|200px|link=http://www.nur.edu//]]<br />
[[Image:Ucv-logo.jpg |150px|link=http://www.ucv.ve///]]<br />
[[Image:Logoucostarica.jpg |150px|link=http://www.ucr.ac.cr/acerca-u/campus.html/]]<br />
<br />
== Community Supporters ==<br />
&nbsp;<br />
&nbsp;<br />
<br><br><br />
-<br />
[[Image:Logo-segu-info-alta.jpg|250px|link=http://www.segu-info.com.ar/]]<br />
[[Image:dragonjar.png|250px|link=http://www.dragonjar.org/]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=188949LatamTour20152015-02-03T10:55:25Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |750px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
<br />
===Speakers===<br />
'''Viernes 10 de abril'''<br><br />
Andres Riancho - Análisis de seguridad en aplicaciones WEB<br><br />
Claudio Caracciolo - El mercado del Malware en las Apps de los Store para Android<br><br />
Cristian Borghello - Certificate Pinning: ¿tenemos el c...ertificado roto?<br><br />
Gustavo Sorondo - Mobile Apps and how to Pentest them<br><br />
Marcelo Campetella - Aspectos Legales de la Seguridad informática<br><br />
Mauro Graziosi - CIOs vs CISOs: OWASP al rescate<br><br />
<br />
===Training===<br />
'''Sabado 11 de abril'''<br><br />
Cristian Borghello - Hacking de aplicaciones web basado en OWASP Top 10<br><br />
<br />
===¿Dónde?===<br />
<br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
<br><br />
===Registro===<br />
[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']<br><br />
Recuerde que el ingreso al evento es <b>totalmente gratuito, sólo debe registrarse previamente</b>.<br />
<br><br />
<br><br />
===Agenda===<br />
<br />
HORARIO (Pendiente por definir charlas)<br />
<br />
08:00 a 12:00<br><br />
14:00 a 18:00<br />
<br><br />
<br><br />
Se contará con transmisión vía streaming para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
=='''Santa Cruz de las Sierras: April, 17th-18th 2015'''==<br />
<br />
[http://www.nur.edu/scz/ Universidad Nur Sede Santa Cruz]<br />
<br />
Av. Cristo Redentor N° 100<br><br />
Santa Cruz de las Sierras , Bolivia<br><br />
<br><br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<br />
• Alvaro Machaca Tola La Paz ,Bolivia - '''Análisis de riesgos aplicando la metodología OWASP'''<br />
<br />
• Deyvi Bustamante Perez Sucre , Bolivia - '''Exploit development'''<br />
<br />
• Walter Camama Menacho Trinidad, Bolivia - '''MiTM a nivel de browser con beef y metasploit'''<br />
<br />
• Leonardo Camilo Quenta Alarcon La Paz, Bolivia - S'''eguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP'''<br />
<br />
• Hernán Marcelo Leytón Balderrama Potosí, Bolivia - '''Seguridad en los Satélites de Comunicación'''<br />
<br />
• Jaime Iván Mendoza Ribera Santa Cruz, Bolivia - '''Análisis de vulnerabilidades web'''<br />
<br />
• Juan Pablo Barriga Sapiencia Sucre , Bolivia - '''Riesgos en TI'''<br />
<br />
• Richard Villca Apaza, La Paz, Bolivia – '''Rompiendo el modelo de negocios: Debugging Android Apps'''<br />
<br />
• Alex Villegas y Roller Ibanez Cochabamba , Bolivia- '''Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301'''<br />
<br />
• Daniel Torres Sandi Sucre , Bolivia - '''Headers seguros en HTTP'''<br />
<br />
• Gonzalo Nina Mamani Cochabamba , Bolivia – '''Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web'''<br />
<br />
• Cristhian Lima Saravia Cochabamba, Bolivia - '''Framework Pleni'''<br />
<br />
• Elvin Vidal Mollinedo Mencia Santa Cruz de la Sierra, Bolivia - '''Los 7 pecados de un desarrollador Web'''<br />
<br />
• Erick Calderon Mostajo La Paz, Bolivia - '''Herramientas de Aprendizaje OWASP.'''<br />
<br />
• Dennis Ariel Ruiz Vasquez La Paz , Bolivia - '''Whitehat vs Blackhat'''<br />
<br />
• Juan Alberto Fajardo Canaza, Potosí, Bolivia - '''WAF Testing Framework'''<br />
<br />
• Gabriel Labrada Hernandez, Mexico - '''Seguridad en Hardware y los servicios en la nube Rodolfo Ceceña Solano Ensenada-Mexico - Same Origin policy y html injection'''<br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Catolica de Uruguay]<br><br />
Av. 8 de Octubre 2738, <br><br />
Montevideo 11600 Montevideo, Urugua, <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=188948LatamTour20152015-02-03T10:55:14Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |700px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
<br />
===Speakers===<br />
'''Viernes 10 de abril'''<br><br />
Andres Riancho - Análisis de seguridad en aplicaciones WEB<br><br />
Claudio Caracciolo - El mercado del Malware en las Apps de los Store para Android<br><br />
Cristian Borghello - Certificate Pinning: ¿tenemos el c...ertificado roto?<br><br />
Gustavo Sorondo - Mobile Apps and how to Pentest them<br><br />
Marcelo Campetella - Aspectos Legales de la Seguridad informática<br><br />
Mauro Graziosi - CIOs vs CISOs: OWASP al rescate<br><br />
<br />
===Training===<br />
'''Sabado 11 de abril'''<br><br />
Cristian Borghello - Hacking de aplicaciones web basado en OWASP Top 10<br><br />
<br />
===¿Dónde?===<br />
<br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
<br><br />
===Registro===<br />
[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']<br><br />
Recuerde que el ingreso al evento es <b>totalmente gratuito, sólo debe registrarse previamente</b>.<br />
<br><br />
<br><br />
===Agenda===<br />
<br />
HORARIO (Pendiente por definir charlas)<br />
<br />
08:00 a 12:00<br><br />
14:00 a 18:00<br />
<br><br />
<br><br />
Se contará con transmisión vía streaming para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
=='''Santa Cruz de las Sierras: April, 17th-18th 2015'''==<br />
<br />
[http://www.nur.edu/scz/ Universidad Nur Sede Santa Cruz]<br />
<br />
Av. Cristo Redentor N° 100<br><br />
Santa Cruz de las Sierras , Bolivia<br><br />
<br><br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<br />
• Alvaro Machaca Tola La Paz ,Bolivia - '''Análisis de riesgos aplicando la metodología OWASP'''<br />
<br />
• Deyvi Bustamante Perez Sucre , Bolivia - '''Exploit development'''<br />
<br />
• Walter Camama Menacho Trinidad, Bolivia - '''MiTM a nivel de browser con beef y metasploit'''<br />
<br />
• Leonardo Camilo Quenta Alarcon La Paz, Bolivia - S'''eguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP'''<br />
<br />
• Hernán Marcelo Leytón Balderrama Potosí, Bolivia - '''Seguridad en los Satélites de Comunicación'''<br />
<br />
• Jaime Iván Mendoza Ribera Santa Cruz, Bolivia - '''Análisis de vulnerabilidades web'''<br />
<br />
• Juan Pablo Barriga Sapiencia Sucre , Bolivia - '''Riesgos en TI'''<br />
<br />
• Richard Villca Apaza, La Paz, Bolivia – '''Rompiendo el modelo de negocios: Debugging Android Apps'''<br />
<br />
• Alex Villegas y Roller Ibanez Cochabamba , Bolivia- '''Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301'''<br />
<br />
• Daniel Torres Sandi Sucre , Bolivia - '''Headers seguros en HTTP'''<br />
<br />
• Gonzalo Nina Mamani Cochabamba , Bolivia – '''Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web'''<br />
<br />
• Cristhian Lima Saravia Cochabamba, Bolivia - '''Framework Pleni'''<br />
<br />
• Elvin Vidal Mollinedo Mencia Santa Cruz de la Sierra, Bolivia - '''Los 7 pecados de un desarrollador Web'''<br />
<br />
• Erick Calderon Mostajo La Paz, Bolivia - '''Herramientas de Aprendizaje OWASP.'''<br />
<br />
• Dennis Ariel Ruiz Vasquez La Paz , Bolivia - '''Whitehat vs Blackhat'''<br />
<br />
• Juan Alberto Fajardo Canaza, Potosí, Bolivia - '''WAF Testing Framework'''<br />
<br />
• Gabriel Labrada Hernandez, Mexico - '''Seguridad en Hardware y los servicios en la nube Rodolfo Ceceña Solano Ensenada-Mexico - Same Origin policy y html injection'''<br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Catolica de Uruguay]<br><br />
Av. 8 de Octubre 2738, <br><br />
Montevideo 11600 Montevideo, Urugua, <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=188947LatamTour20152015-02-03T10:55:02Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |800px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
<br />
===Speakers===<br />
'''Viernes 10 de abril'''<br><br />
Andres Riancho - Análisis de seguridad en aplicaciones WEB<br><br />
Claudio Caracciolo - El mercado del Malware en las Apps de los Store para Android<br><br />
Cristian Borghello - Certificate Pinning: ¿tenemos el c...ertificado roto?<br><br />
Gustavo Sorondo - Mobile Apps and how to Pentest them<br><br />
Marcelo Campetella - Aspectos Legales de la Seguridad informática<br><br />
Mauro Graziosi - CIOs vs CISOs: OWASP al rescate<br><br />
<br />
===Training===<br />
'''Sabado 11 de abril'''<br><br />
Cristian Borghello - Hacking de aplicaciones web basado en OWASP Top 10<br><br />
<br />
===¿Dónde?===<br />
<br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
<br><br />
===Registro===<br />
[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']<br><br />
Recuerde que el ingreso al evento es <b>totalmente gratuito, sólo debe registrarse previamente</b>.<br />
<br><br />
<br><br />
===Agenda===<br />
<br />
HORARIO (Pendiente por definir charlas)<br />
<br />
08:00 a 12:00<br><br />
14:00 a 18:00<br />
<br><br />
<br><br />
Se contará con transmisión vía streaming para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
=='''Santa Cruz de las Sierras: April, 17th-18th 2015'''==<br />
<br />
[http://www.nur.edu/scz/ Universidad Nur Sede Santa Cruz]<br />
<br />
Av. Cristo Redentor N° 100<br><br />
Santa Cruz de las Sierras , Bolivia<br><br />
<br><br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<br />
• Alvaro Machaca Tola La Paz ,Bolivia - '''Análisis de riesgos aplicando la metodología OWASP'''<br />
<br />
• Deyvi Bustamante Perez Sucre , Bolivia - '''Exploit development'''<br />
<br />
• Walter Camama Menacho Trinidad, Bolivia - '''MiTM a nivel de browser con beef y metasploit'''<br />
<br />
• Leonardo Camilo Quenta Alarcon La Paz, Bolivia - S'''eguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP'''<br />
<br />
• Hernán Marcelo Leytón Balderrama Potosí, Bolivia - '''Seguridad en los Satélites de Comunicación'''<br />
<br />
• Jaime Iván Mendoza Ribera Santa Cruz, Bolivia - '''Análisis de vulnerabilidades web'''<br />
<br />
• Juan Pablo Barriga Sapiencia Sucre , Bolivia - '''Riesgos en TI'''<br />
<br />
• Richard Villca Apaza, La Paz, Bolivia – '''Rompiendo el modelo de negocios: Debugging Android Apps'''<br />
<br />
• Alex Villegas y Roller Ibanez Cochabamba , Bolivia- '''Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301'''<br />
<br />
• Daniel Torres Sandi Sucre , Bolivia - '''Headers seguros en HTTP'''<br />
<br />
• Gonzalo Nina Mamani Cochabamba , Bolivia – '''Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web'''<br />
<br />
• Cristhian Lima Saravia Cochabamba, Bolivia - '''Framework Pleni'''<br />
<br />
• Elvin Vidal Mollinedo Mencia Santa Cruz de la Sierra, Bolivia - '''Los 7 pecados de un desarrollador Web'''<br />
<br />
• Erick Calderon Mostajo La Paz, Bolivia - '''Herramientas de Aprendizaje OWASP.'''<br />
<br />
• Dennis Ariel Ruiz Vasquez La Paz , Bolivia - '''Whitehat vs Blackhat'''<br />
<br />
• Juan Alberto Fajardo Canaza, Potosí, Bolivia - '''WAF Testing Framework'''<br />
<br />
• Gabriel Labrada Hernandez, Mexico - '''Seguridad en Hardware y los servicios en la nube Rodolfo Ceceña Solano Ensenada-Mexico - Same Origin policy y html injection'''<br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Catolica de Uruguay]<br><br />
Av. 8 de Octubre 2738, <br><br />
Montevideo 11600 Montevideo, Urugua, <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=188946LatamTour20152015-02-03T10:54:44Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[Image:Banner_latam_2015.jpg |600px|link=https://www.owasp.org/index.php/LatamTour2015]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli via [https://docs.google.com/forms/d/1ncVFYKsBv6aUsf3WBI657yRHUQLkazjkT9VMu4Vdp9I/viewform '''this Google form''']<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
<br />
===Speakers===<br />
'''Viernes 10 de abril'''<br><br />
Andres Riancho - Análisis de seguridad en aplicaciones WEB<br><br />
Claudio Caracciolo - El mercado del Malware en las Apps de los Store para Android<br><br />
Cristian Borghello - Certificate Pinning: ¿tenemos el c...ertificado roto?<br><br />
Gustavo Sorondo - Mobile Apps and how to Pentest them<br><br />
Marcelo Campetella - Aspectos Legales de la Seguridad informática<br><br />
Mauro Graziosi - CIOs vs CISOs: OWASP al rescate<br><br />
<br />
===Training===<br />
'''Sabado 11 de abril'''<br><br />
Cristian Borghello - Hacking de aplicaciones web basado en OWASP Top 10<br><br />
<br />
===¿Dónde?===<br />
<br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/bucaramanga Universidad Pontifica Bolivariana]<br><br />
Seccional Bucaramanga <br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bloque K - 605 <br><br />
[http://goo.gl/EwBpTu'''Mapa :: Ubicación del evento''']<br />
<br><br />
<br><br />
===Registro===<br />
[https://www.regonline.com/owasplatamtour15colombia'''Pulsa aquí para registrarte al evento''']<br><br />
Recuerde que el ingreso al evento es <b>totalmente gratuito, sólo debe registrarse previamente</b>.<br />
<br><br />
<br><br />
===Agenda===<br />
<br />
HORARIO (Pendiente por definir charlas)<br />
<br />
08:00 a 12:00<br><br />
14:00 a 18:00<br />
<br><br />
<br><br />
Se contará con transmisión vía streaming para las personas ubicadas fuera de la ciudad.<br><br />
<br><br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta pueden escribir a [mailto:dadhemir@owasp.org Diego Ademir Duarte Santana] .<br />
<br><br />
<br />
=BOLIVIA=<br />
=='''Santa Cruz de las Sierras: April, 17th-18th 2015'''==<br />
<br />
[http://www.nur.edu/scz/ Universidad Nur Sede Santa Cruz]<br />
<br />
Av. Cristo Redentor N° 100<br><br />
Santa Cruz de las Sierras , Bolivia<br><br />
<br><br />
<br />
[https://www.regonline.com/owasplatamtour15bolivia'''REGISTARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
<br />
<br />
== LISTADO DE SPEAKERS ==<br />
<br />
<br />
• Alvaro Machaca Tola La Paz ,Bolivia - '''Análisis de riesgos aplicando la metodología OWASP'''<br />
<br />
• Deyvi Bustamante Perez Sucre , Bolivia - '''Exploit development'''<br />
<br />
• Walter Camama Menacho Trinidad, Bolivia - '''MiTM a nivel de browser con beef y metasploit'''<br />
<br />
• Leonardo Camilo Quenta Alarcon La Paz, Bolivia - S'''eguridad en sistemas financieros. Buenas prácticas de programación y aplicación de pruebas de penetración OWASP'''<br />
<br />
• Hernán Marcelo Leytón Balderrama Potosí, Bolivia - '''Seguridad en los Satélites de Comunicación'''<br />
<br />
• Jaime Iván Mendoza Ribera Santa Cruz, Bolivia - '''Análisis de vulnerabilidades web'''<br />
<br />
• Juan Pablo Barriga Sapiencia Sucre , Bolivia - '''Riesgos en TI'''<br />
<br />
• Richard Villca Apaza, La Paz, Bolivia – '''Rompiendo el modelo de negocios: Debugging Android Apps'''<br />
<br />
• Alex Villegas y Roller Ibanez Cochabamba , Bolivia- '''Gestión de continuidad del negocio un enfoque resilente basado en el estándar ISO 22301'''<br />
<br />
• Daniel Torres Sandi Sucre , Bolivia - '''Headers seguros en HTTP'''<br />
<br />
• Gonzalo Nina Mamani Cochabamba , Bolivia – '''Sistema para la recolección de información orientado a la mejora en la evaluación de seguridad en aplicaciones Web'''<br />
<br />
• Cristhian Lima Saravia Cochabamba, Bolivia - '''Framework Pleni'''<br />
<br />
• Elvin Vidal Mollinedo Mencia Santa Cruz de la Sierra, Bolivia - '''Los 7 pecados de un desarrollador Web'''<br />
<br />
• Erick Calderon Mostajo La Paz, Bolivia - '''Herramientas de Aprendizaje OWASP.'''<br />
<br />
• Dennis Ariel Ruiz Vasquez La Paz , Bolivia - '''Whitehat vs Blackhat'''<br />
<br />
• Juan Alberto Fajardo Canaza, Potosí, Bolivia - '''WAF Testing Framework'''<br />
<br />
• Gabriel Labrada Hernandez, Mexico - '''Seguridad en Hardware y los servicios en la nube Rodolfo Ceceña Solano Ensenada-Mexico - Same Origin policy y html injection'''<br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Catolica de Uruguay]<br><br />
Av. 8 de Octubre 2738, <br><br />
Montevideo 11600 Montevideo, Urugua, <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015_Sponsors&diff=188466LatamTour2015 Sponsors2015-01-23T20:38:19Z<p>Fabio.e.cerullo: /* Community Supporters */</p>
<hr />
<div><br />
<br />
== Platinum Sponsors ==<br />
<br />
<br />
<br />
<br />
== Gold Sponsors ==<br />
<br />
<br />
<br />
<br />
== Silver Sponsors ==<br />
<br />
<br />
<br />
<br />
== Coffee Break Sponsor ==<br />
<br />
<br />
<br />
<br />
== Educational Supporters ==<br />
<br />
<br />
<br />
<br />
== Community Supporters ==<br />
&nbsp;<br />
&nbsp;<br />
<br><br><br />
-<br />
[[Image:Logo-segu-info-alta.jpg|200px|link=http://www.segu-info.com.ar/]]<br />
[[Image:dragonjar.png|200px|link=http://www.dragonjar.org/]]</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=188465LatamTour20152015-01-23T20:33:28Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[File:Banner_latam_2015.jpg]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* Santa Cruz, '''Bolivia''': April 17th -18th 2015 <br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
<br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli [martin.tartarelli@owasp.org]<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
===Registrarse===<br />
Los interesados en asistir al evento deben registrarse en:<br> <br />
[https://www.regonline.com/owasplatamtour15patagonia https://www.regonline.com/owasplatamtour15patagonia]<br><br />
<br />
===Speakers===<br />
'''Viernes 10 de abril'''<br><br />
Andres Riancho - Análisis de seguridad en aplicaciones WEB<br><br />
Claudio Caracciolo - El mercado del Malware en las Apps de los Store para Android<br><br />
Cristian Borghello - Certificate Pinning: ¿tenemos el c...ertificado roto?<br><br />
Gustavo Sorondo - Mobile Apps and how to Pentest them<br><br />
Marcelo Campetella - Aspectos Legales de la Seguridad informática<br><br />
Mauro Graziosi - CIOs vs CISOs: OWASP al rescate<br><br />
<br />
===Training===<br />
'''Sabado 11 de abril'''<br><br />
Cristian Borghello - Hacking de aplicaciones web basado en OWASP Top 10<br><br />
<br />
===¿Dónde?===<br />
<br />
[[File:Ubicacion.png|link=https://www.google.com.ar/maps/place/38%C2%B056'26.2%22S+68%C2%B003'15.5%22W/@-38.940623,-68.054305,228m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0]]<br />
<br />
===Patrocinio===<br />
Los interesados en participar con un stand en el evento y su logo en la página del Tour (entre otras posibilidades), pueden revisar las <br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf oportunidades de patrocinio]<br />
<br><br><br />
Cualquier consulta no duden en escribir a [mailto:gaston.toth@owasp.org Gaston Toth] o a [mailto:diego.dinardo@patagoniasec.com.ar Diego Di Nardo].<br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''RESITARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/portal/page?_pageid=954,1&_dad=portal&_schema=PORTAL Universidad Pontifica Bolivariana]<br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bucaramanga<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15colombia'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=BOLIVIA=<br />
=='''Santa Cruz de las Sierras: April, 17th-18th 2015'''==<br />
<br />
=COSTA RICA=<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Catolica de Uruguay]<br><br />
Avenida 8 de Octubre, <br><br />
Montevideo 11600, <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=188078LatamTour20152015-01-14T15:35:44Z<p>Fabio.e.cerullo: </p>
<hr />
<div>__NOTOC__ <br />
<br />
[[File:Banner_latam_2015.jpg]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPERS & TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli [martin.tartarelli@owasp.org]<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
[http://faiweb.uncoma.edu.ar/ Facultad de Informatica. Universidad de Comahue]<br><br />
Salón Azul de la Biblioteca <br><br />
Buenos Aires 1400<br><br />
(8300) Neuquén<br><br><br />
'''Fechas'''<br />
*10/4: Conferencias libres y gratuitas. <br />
*11/4: Curso "Hacking de aplicaciones web basado en OWASP Top 10", por Cristian Borghello.<br />
<br><br />
[https://www.regonline.com/owasplatamtour15patagonia'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''RESITARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/portal/page?_pageid=954,1&_dad=portal&_schema=PORTAL Universidad Pontifica Bolivariana]<br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bucaramanga<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15colombia'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COSTA RICA=<br />
<br />
<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Catolica de Uruguay]<br><br />
Avenida 8 de Octubre, <br><br />
Montevideo 11600, <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=187941LatamTour20152015-01-12T23:08:20Z<p>Fabio.e.cerullo: /* Questions */</p>
<hr />
<div>__NOTOC__ <br />
<br />
[[File:Banner_latam_2015.jpg]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to andrea.villar@owasp.org / fcerullo@owasp.org<br />
<br><br />
<br><br />
<br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPAERS & CALL FOR TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli [martin.tartarelli@owasp.org]<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
[http://faiweb.uncoma.edu.ar/ Facultad de Informatica. Universidad de Comahue]<br><br />
Salón Azul de la Biblioteca <br><br />
Buenos Aires 1400<br><br />
(8300) Neuquén<br><br><br />
'''Fechas'''<br />
*10/4: Conferencias libres y gratuitas. <br />
*11/4: Curso "Hacking de aplicaciones web basado en OWASP Top 10", por Cristian Borghello.<br />
<br><br />
[https://www.regonline.com/owasplatamtour15patagonia'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''RESITARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/portal/page?_pageid=954,1&_dad=portal&_schema=PORTAL Universidad Pontifica Bolivariana]<br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bucaramanga<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15colombia'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COSTA RICA=<br />
<br />
<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Catolica de Uruguay]<br><br />
Avenida 8 de Octubre, <br><br />
Montevideo 11600, <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=LatamTour2015&diff=187940LatamTour20152015-01-12T23:07:19Z<p>Fabio.e.cerullo: /* Do you want to give a talk or a training session in Latin America? */</p>
<hr />
<div>__NOTOC__ <br />
<br />
[[File:Banner_latam_2015.jpg]]<br />
<br />
=WELCOME= <br />
<br />
<br />
<br />
== '''Schedule''' ==<br />
<br />
* Santiago, '''Chile''': April, 8th-9th 2015<br />
* Patagonia, '''Argentina''': April, 10th-11th 2015<br />
* Bucaramanga, '''Colombia''': April, 14th 2015<br />
* Montevideo, '''Uruguay''': April, 15th-16th 2015<br />
* Lima, '''Peru''': April, 17th-18th 2015<br />
* San Jose, '''Costa Rica''': April, 21st 2015<br />
* Guatemala, '''Guatemala''': April, 21st-22nd 2015<br />
* Buenos Aires, '''Argentina''': April, 23rd-24th 2015<br />
* Caracas, '''Venezuela''': April, 23rd-24th 2015<br />
<br><br />
<br><br />
<br />
'''REGISTRATION IS NOW OPEN, PLEASE CHECK THE LOCATION TAB YOU ARE INTERESTED IN'''<br />
<br><br />
<br><br />
== '''Latam Tour Objective''' ==<br />
<br />
The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).<br />
<br><br />
<br><br />
<br />
=='''Who Should Attend the Latam Tour?'''==<br />
<br />
*Application Developers <br />
*Application Testers and Quality Assurance <br />
*Application Project Management and Staff <br />
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff <br />
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance <br />
*Security Managers and Staff <br />
*Executives, Managers, and Staff Responsible for IT Security Governance <br />
*IT Professionals Interesting in Improving IT Security<br />
*Anyone interested in learning about or promoting Web Application Security<br><br />
<br><br />
<br><br />
== '''Become an OWASP Member''' ==<br />
<br />
<br />
As part of the OWASP Latam Tour, you could '''become an OWASP Member by ONLY paying 20 U$D'''. Show your support and become an OWASP member today!<br />
<br />
[[Image:Join_button.jpg|100px|link=http://sl.owasp.org/newmember]] [[Image:Renewal.jpg |100px|link=http://sl.owasp.org/renewmember]]<br />
<br><br />
<br><br />
<br />
== '''Questions''' ==<br />
<br />
*If you have any questions about the Latam Tour 2015, please send an email to laura.grau@owasp.org<br />
<br><br />
<br><br />
== '''Social Media''' ==<br />
<br />
'''[http://twitter.com/search?q=%23LATAMTOUR #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?) <br />
<br />
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter><br />
<br />
= CALL FOR PAPAERS & CALL FOR TRAININGS =<br />
<br />
== '''Do you want to give a talk or a training session in Latin America?''' ==<br />
<br> <br />
<br />
'''Please send your proposals to the corresponding chapter leader before February 1st 2015:'''<br />
<br><br />
<br><br />
<br />
* '''Argentina''' (Buenos Aires): Martin Tartarelli [martin.tartarelli@owasp.org]<br />
* '''Argentina''' (Patagonia): Gaston Toth [gaston.toth@owasp.org]<br />
* '''Colombia''': Diego Ademir Duarte [dadhemir@owasp.org]<br />
* '''Costa Rica''': Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* '''Chile''': Carlos Allendes [carlos.allendes@owasp.org]<br />
* '''Guatemala''': Pablo Barrera [pbarrera@gmail.com]<br />
* '''Peru''': John Vargas [john.vargas@owasp.org]<br />
* '''Uruguay''': Mateo Martinez [mateo.martinez@owasp.org]<br />
* '''Venezuela''': Edgar Salazar [edgar.salazar@owasp.org]<br />
<br><br />
<br />
''By your submission you agree to the [https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf '''OWASP Speaker Agreement'''] or [https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf '''Instructor Agreement'''].<br />
<br />
=TEAM=<br />
<br />
'''Chapter Leaders'''<br />
<br />
* Bucaramanga, Colombia: Diego Ademir Duarte [dadhemir@owasp.org]<br />
* Santiago, Chile: Carlos Allendes [carlos.allendes@owasp.org]<br />
* Guatemala, Guatemala: Pablo Barrera [pbarrera@gmail.com]<br />
* San Jose, Costa Rica: Michael Hidalgo [michael.hidalgo@owasp.org]<br />
* Montevideo, Uruguay: Mateo Martinez [mateo.martinez@owasp.org]<br />
* Caracas, Venezuela: Edgar Salazar [edgar.salazar@owasp.org]<br />
* Buenos Aires, Argentina: Martin Tartarelli [martin.tartarelli@gmail.com]<br />
* Patagonia, Argentina: Gaston Toth [gaston.toth@owasp.org]<br />
* Lima, Peru: John Vargas [john.vargas@owasp.org]<br />
<br />
<br />
'''Operations'''<br />
<br />
*[[User:Fabio.e.cerullo|Fabio Cerullo]], <br><br />
* Laura Grau<br />
* Kate Hartmann<br />
* [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]<br />
<br />
=ARGENTINA=<br />
<br />
<br />
=='''Patagonia: April, 10th-11th 2015'''==<br />
<br />
[http://faiweb.uncoma.edu.ar/ Facultad de Informatica. Universidad de Comahue]<br><br />
Salón Azul de la Biblioteca <br><br />
Buenos Aires 1400<br><br />
(8300) Neuquén<br><br><br />
'''Fechas'''<br />
*10/4: Conferencias libres y gratuitas. <br />
*11/4: Curso "Hacking de aplicaciones web basado en OWASP Top 10", por Cristian Borghello.<br />
<br><br />
[https://www.regonline.com/owasplatamtour15patagonia'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
== '''Buenos Aires: April, 23rd-24th 2015'''==<br />
<br />
[http://www.udemm.edu.ar/ Universidad de la Marina Mercante]<br><br />
Av. Rivadavia 2258<br><br />
Buenos Aires, C <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15argentina '''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=CHILE=<br />
<br />
=='''Santiago: April, 8th-9th 2015'''==<br />
<br />
<br />
[http://www.duoc.cl/escuela/escuela-de-informatica-y-telecomunicaciones Duoc UC]<br><br />
Alonso Ovalle Nro.1586<br><br />
Santiago de Chile<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15chile'''RESITARTION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COLOMBIA=<br />
<br />
<br />
== '''Bucaramanga: April, 14th 2015''' ==<br />
<br />
<br />
[http://www.upb.edu.co/portal/page?_pageid=954,1&_dad=portal&_schema=PORTAL Universidad Pontifica Bolivariana]<br><br />
Autopista Piedecuesta Kilometro 7 <br><br />
Bucaramanga<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15colombia'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=COSTA RICA=<br />
<br />
<br />
== '''San Jose: April, 21st 2015''' ==<br />
<br />
<br />
[http://www.ucr.ac.cr/acerca-u/campus.html Universidad de Costa Rica]<br><br />
Ciudad universitaria Rodrigo Facio Brenes<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15costarica'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=GUATEMALA=<br />
<br />
<br />
== '''Ciudad de Guatemala: April, 21st-22nd 2015''' ==<br />
<br />
<br />
[http://www.galileo.edu/ Universidad Galileo]<br><br />
4A Calle 7a. Avenida, calle Dr. Eduardo Suger Cofiño, <br><br />
Ciudad de Guatemala 01010<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15guatemala'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=PERU=<br />
<br />
== '''Lima: April, 17th-18th 2015''' ==<br />
<br />
<br />
[http://www.utp.edu.pe/ Escuela de Postgrado de la Universidad Tecnológica del Perú - UTP]<br><br />
Av. Petit Thouars 313-355<br><br />
Cercado de Lima<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15lima'''REGISTRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br><br />
<br />
=URUGUAY=<br />
<br />
== '''Montevideo: April 15th-16th 2015''' ==<br />
<br />
[http://www.ucu.edu.uy/ Universidad Catolica de Uruguay]<br><br />
Avenida 8 de Octubre, <br><br />
Montevideo 11600, <br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15uruguay'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=VENEZUELA=<br />
<br />
<br />
== '''Caracas: April, 23rd-24th 2015''' ==<br />
<br />
<br />
[http://www.ucv.ve/ Universidad Central de Venezuela]<br><br />
Facultad de Ciencias <br><br />
Auditórium Tobías Lasser<br><br />
Paseo Los Ilustres Urb. Valle Abajo. <br><br />
1040 Caracas<br><br />
<br><br />
[https://www.regonline.com/owasplatamtour15venezuela'''REGSITRATION IS NOW OPEN''']<br />
<br><br />
<br><br />
<br />
=SPONSORS=<br />
<br />
==We are looking for Sponsors for the Latam Tour 2015==<br />
<br><br />
<br />
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Latin-America region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.<br />
<br><br />
<br><br />
<br />
* ''' Sponsorship benefits for organizations specializing in IT & Security:'''<br />
<br />
** Opportunity to use the latest technological trends for professional training / development<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your business development strategy with leading information from the security industry<br />
** Get networking and headhunting opportunities with world-class specialists and professionals<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Increase your image as a professional company through this unique branding opportunity<br />
<br><br />
<br><br />
* '''Sponsorship benefits for organizations utilizing the internet in their business:'''<br />
<br />
** Opportunity to increase the international brand awareness and conduct business networking<br />
** Strengthen your company strategy by learning the latest trends in web software security<br />
** Improve your service development by understanding the latest trends in security issues & risks<br />
** Contribute to information society as a company by developing safe and secure services<br />
** Get the chance to interact with high-need discerning users to improve product development<br />
** Opportunity to brand your company as one that focuses on the highest standards in technology<br />
<br />
<br />
Make your company part of the conversation. Become a sponsor of the tour today! [https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf'''SPONSOR OPPORTUNITIES''']<br />
[https://www.owasp.org/images/6/67/Latam_Tour_2015_Oportunidades_de_Patrocinio.pdf '''OPORTUNIDADES DE PATROCINIO''']<br />
<br />
<br />
<br />
<headertabs /><br />
<br />
{{:LatamTour2015 Sponsors}}</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=OWASP_Code_Kids_2015_Ideas&diff=185023OWASP Code Kids 2015 Ideas2014-11-10T09:25:29Z<p>Fabio.e.cerullo: </p>
<hr />
<div>=Task Categories=<br />
<br />
The tasks are grouped into the categories described below. '''Please make sure each task is assigned a category.'''<br />
<br />
'''Code:''' Tasks related to writing or refactoring code.<br />
<br />
'''Documentation/Training:''' Tasks related to creating/editing documents and helping others learn more<br />
<br />
'''Outreach/Research:''' Tasks related to community management, outreach/marketing, or studying problems and recommending solutions<br />
<br />
'''Quality Assurance:''' Tasks related to testing and ensuring code is of high quality<br />
<br />
'''User Interface:''' Tasks related to user experience research or user interface design and interaction<br />
<br />
== OWASP ZAP ==<br />
<br />
=== OWASP ZAP Task 1 ===<br />
<br />
'''Brief description:'''<br />
<br />
Write a blogpost about CMS-scnanning techniques, this will include web-apps fingerprinting methods, vulnerability checking using on-line databases and a survey of existing tools.<br />
<br />
'''Task Category:'''<br />
<br />
Documentation <br />
<br />
'''Expected Results:'''<br />
<br />
A professional blogpost that will be published on OWASP website <br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Good understanding of web security basics, Knowledge on how do CMSs work and good writing skills.<br />
<br />
'''Mentors:''' Abdelhadi<br />
<br />
<br />
=== OWASP ZAP Task 2 ===<br />
<br />
'''Brief description:'''<br />
<br />
Rebuild the CMSscanner GUI including a progress bar that shows scanning progress and a textzone to display tried strings and paths used by the scanner in real time <br />
<br />
'''Task Category:'''<br />
<br />
Code/Design<br />
<br />
'''Expected Results:'''<br />
<br />
New GUI with progress bar and displaying paths when scanning <br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Java language, GUI design.<br />
<br />
'''Mentors:''' Abdelhadi<br />
<br />
=== OWASP ZAP Task 3 ===<br />
<br />
'''Brief description:'''<br />
<br />
In this task you are required to reproduce vulnerabilities in OWASP web goat using Owasp ZAP and zest scripts. The chosen challenge must be solved using ZAP and the resolution must be stored as a zest script. This task should help documenting of web goat and providing some working examples of Mozilla Zest scripts.<br />
<br />
'''Task Category:'''<br />
<br />
Code<br />
<br />
'''Expected Results:'''<br />
<br />
Zest scripts which reproduces some of the vulnerabilities challange of Owasp WebGoat.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Comfortable in Javascript and HTML. Good understanding of Application Security and related vulnerabilities.<br />
<br />
'''Mentors:''' Alessandro Secco<br />
<br />
== OWASP OWTF ==<br />
<br />
=== OWASP OWTF Task 1 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Task description<br />
<br />
'''Task Category:'''<br />
<br />
Eg. Code Category<br />
<br />
'''Expected Results:'''<br />
<br />
Describe the expected results of the task<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities. <br />
<br />
'''Mentors:''' XXXXXX<br />
<br />
== OWASP WIKI ==<br />
<br />
=== Task 1: Latam Tour 2015 logo ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Design a new logo for the Latam Tour 2015. The logo must resemble previous editions of the Tour and represent the Latin America region. It would be better if the new logo is based on the OWASP logo. As a reference, here is the Latam Tour 2014 Logo:<br />
<br />
https://www.owasp.org/images/f/f3/OWASP_Latam_Tour_Logo_2014.png<br />
<br />
'''Task Category:'''<br />
<br />
Design<br />
<br />
'''Expected Results:'''<br />
<br />
Latam Tour 2015 logo in either psd or jpeg format.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Familiarity with Photoshop/GIMP or any other designing software.<br />
<br />
'''Mentors:''' Fabio Cerullo<br />
<br />
== OWASP WebGoatPHP ==<br />
<br />
=== Task 1: Implement "remember me" feature ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Implement a secure "Remember me" feature in user login form using cookies. At present the remember me check box is present in the form but it does nothing.<br />
<br />
'''Task Category:'''<br />
<br />
Code<br />
<br />
'''Expected Results:'''<br />
<br />
If user checks the "remember me" check box when logging in, then the user will not be required to login every time he visits the application within X days.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities. <br />
<br />
'''Reference:'''<br />
<br />
https://github.com/shivamdixit/WebGoatPHP/issues/45<br />
<br />
'''Code:'''<br />
<br />
app/control/user/login.php<br />
<br />
'''Mentors:''' Shivam Dixit<br />
<br />
<br />
=== Task 2: Make workshop mode dashboard responsive ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
In workshop mode of the application, the side panel of admin dashboard is not responsive i.e it does not fits well in smaller size screen resolutions. If the screen size is small the side panel should shrink into a smaller panel preferably at the bottom of the application.<br />
<br />
'''Task Category:'''<br />
<br />
Code<br />
<br />
'''Expected Results:'''<br />
<br />
Panel perfectly adjusts on small screen resolutions.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
CSS (media queries), HTML<br />
<br />
'''Reference:'''<br />
<br />
https://github.com/shivamdixit/WebGoatPHP/issues/26<br />
<br />
'''Code:'''<br />
<br />
style/dashboard.css<br />
<br />
'''Mentors:''' Shivam Dixit<br />
<br />
<br />
=== Task 3: WebGoatPHP logo ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Design a new logo for the application. The logo must resemble various aspects of the application. It would be better if the new logo is based on the OWASP logo. <br />
<br />
'''Task Category:'''<br />
<br />
Design<br />
<br />
'''Expected Results:'''<br />
<br />
WebGoatPHP logo in either psd or jpeg format.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Familiarity with Photoshop/GIMP or any other designing software.<br />
<br />
'''Mentors:''' Shivam Dixit<br />
<br />
=== Task 4: WebGoatPHP deployment screencast ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Deploy the application on the local server without using vagrant and record a screencast of the process. Upload to a video streaming service and comment link on the melange for mentor to review.<br />
<br />
'''Task Category:'''<br />
<br />
Code<br />
<br />
'''Expected Results:'''<br />
<br />
The screencast should clearly contain all the steps required for the deployment and how to troubleshoot most common errors in the whole process.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Familiarity with an operating system (Linux/Windows)<br />
<br />
'''Mentors:''' Shivam Dixit<br />
<br />
<br />
=== Task 5: Create a SQL injection challenge ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Single user mode of WebGoatPHP consist of set of challenges. These challenges simulate various real world security vulnerabilities in web applications. You have to add a challenge under category "Injection Attacks" which simulates a SQL injection vulnerability in single user mode. The input data must be of type string and the challenge should mimic some real world scenario.<br />
<br />
'''Task Category:'''<br />
<br />
Code<br />
<br />
'''Expected Results:'''<br />
<br />
A challenge which helps user understand SQLi vulnerability by allowing him to exploit the vulnerability.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities. <br />
<br />
'''Reference:'''<br />
<br />
https://www.owasp.org/index.php/SQL_Injection<br />
<br />
https://github.com/shivamdixit/WebGoatPHP/blob/master/README.md#adding-a-lessonchallenge<br />
<br />
'''Mentors:''' Shivam Dixit<br />
<br />
<br />
=== Task 6-20: WebGoatPHP challenges screencast series ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
In this task you are required to record screencast of how to solve a particular single user mode challenge. The screencast should start by providing an overview of the vulnerability that will be exploited, then step by step instructions on how to exploit the vulnerability. The screencast should conclude on a note that how to avoid this vulnerability in your application. The length of the screencast would vary according to the challenge but it should neither be too long nor too short.<br />
<br />
Task - Screencast of challenge.....<br />
<br />
Task 6 - HTTP Basic<br />
<br />
Task 7 - Using Access Control Matrix<br />
<br />
Task 8 - Business Layer Access Control<br />
<br />
Task 9 - Path Based Access Control<br />
<br />
Task 10 - Same Origin Policy Protection<br />
<br />
Task 11 - Forgot Password<br />
<br />
Task 12 - Discover clues in HTML<br />
<br />
Task 13 - JS Obfuscation<br />
<br />
Task 14 - XSS 1 (Reflected)<br />
<br />
Task 15 - XSS 2 (Stored)<br />
<br />
Task 16 - XSS 3 (DOM)<br />
<br />
Task 17 - Fail Open Authentication<br />
<br />
Task 18 - Log Spoofing<br />
<br />
Task 19 - Numeric SQL Injection<br />
<br />
Task 20 - XPATH injection<br />
<br />
'''Task Category:'''<br />
<br />
Code<br />
<br />
'''Expected Results:'''<br />
<br />
A screencast explaining the vulnerability involved in a particular challenge.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Comfortable in PHP, HTML and possibly Javascript. Good understanding of Application Security and related vulnerabilities. <br />
<br />
'''Mentors:''' Shivam Dixit<br />
<br />
== OWASP CSRF Protector ==<br />
<br />
=== Task 1-2: CSRF Protector logo ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Design logos for the for CSRF Protector Project, possibly two versions one for php library and another one for Apache module.<br />
Both of them should resemble OWASP logo.<br />
<br />
'''Task Category:'''<br />
<br />
Design<br />
<br />
'''Expected Results:'''<br />
<br />
OWASP CSRF Protector logo in either psd or jpeg format.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Familiarity with Photoshop/GIMP or any other designing software.<br />
<br />
'''Mentors:''' Minhaz<br />
<br />
=== Task 3: Porting CSRF Protector PHP Wiki (from Github) to OWASP Wiki ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Currently we have wiki on how to use and deploy, at github. The task is to port them to OWASP Wiki as well so that it can be accessed directly.<br />
<br />
'''Task Category:'''<br />
<br />
Documentation<br />
<br />
'''Expected Results:'''<br />
<br />
Wiki for CSRF Protector php library in OWASP.ORG .<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Familiarity with wiki.<br />
<br />
'''Reference'''<br />
<br />
[https://github.com/mebjas/CSRF-Protector-PHP/wiki Github wiki for CSRF Protector php]<br />
<br />
'''Mentors:''' Minhaz<br />
<br />
=== Task 4: Porting mod_csrfprotector Wiki (from Github) to OWASP Wiki ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Currently we have wiki on how to use and deploy, at github. The task is to port them to OWASP Wiki as well so that it can be accessed directly.<br />
<br />
'''Task Category:'''<br />
<br />
Documentation<br />
<br />
'''Expected Results:'''<br />
<br />
Wiki for mod_csrfprotector library in OWASP.ORG .<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Familiarity with wiki.<br />
<br />
'''References'''<br />
<br />
[https://github.com/mebjas/mod_csrfprotector/wiki Github wiki for mod_csrfprotector]<br />
<br />
'''Mentors:''' Minhaz<br />
<br />
=== Task 5-6: Create screencasts on how to deploy both version of CSRF Protector individually ===<br />
'''Brief Explanation:'''<br />
<br />
Create two screencasts, one for each, which explains how to deploy CSRF Protector in your existing web application.<br />
<br />
'''Task Category:'''<br />
<br />
Screencast<br />
<br />
'''Expected Results:'''<br />
<br />
Screencasts explaining how to use CSRF Protector with existing web applications.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Experience with php, HTML, and Apache (for mod_csrfprotector)<br />
<br />
<br />
'''Mentors:''' Minhaz<br />
<br />
== OWASP Code Review Project ==<br />
https://www.owasp.org/index.php/OWASP_Code_review_V2_Project<br />
<br />
=== Task 1: Code Samples ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Code review guide has example code in .Net and Java and in some cases C++. We also want to include sample code in PHP and Ruby. We have existing example code in Java, .Net c#.<br />
<br />
'''Task Category:'''<br />
<br />
Code<br />
<br />
'''Expected Results:'''<br />
<br />
Follow existing code samples we need you to create Ruby and PHP where needed. All work will be shown in code review guide wiki. Please review code samples in code review guide wiki.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
php, and or Ruby<br />
<br />
'''Mentors:''' Larry Conklin, Gary Robinson<br />
<br />
=== Task 1.1: Code Samples ===<br />
Session Handling. Need php and Java code examples<br />
https://www.owasp.org/index.php/CRV2_SessionHandling<br />
<br />
=== Task 1.2: Code Samples ===<br />
Input validation. Need php code examples<br />
https://www.owasp.org/index.php/CRV2_InputValIntro<br />
<br />
=== Task 1.3: Code Samples ===<br />
Handling Error Messages. Need pho code examples<br />
https://www.owasp.org/index.php/CRV2_ErrorHandlingMessages<br />
<br />
=== Task 1.4: Code Samples ===<br />
Persistent – The Anti pattern. Need Ruby code examples.<br />
https://www.owasp.org/index.php/CRV2_RevCodePersistentAntiPatternRuby<br />
<br />
=== Task 1.5: Code Samples ===<br />
Reflected - The Anti pattern. Need Ruby code examples.<br />
https://www.owasp.org/index.php/CRV2_RevCodeReflectedAntiPatternIRuby<br />
<br />
=== Task 1.6: Code Samples ===<br />
Ruby - AntiPatttern<br />
https://www.owasp.org/index.php/CRV2_AntiPatternPHP<br />
<br />
=== Task 2: Documentation ===<br />
Reviewing by Technical Control<br />
https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents#Reviewing_by_Technical_Control<br />
<br />
Reviewing by Vulnerability<br />
https://www.owasp.org/index.php/OWASP_Code_review_V2_Table_of_Contents#Reviewing_by_Vulnerability<br />
We need content from last two sections pulled from the wiki and added to a word doc and if possible have the content put into the following word doc template. Email me and I will send you the word template.<br />
<br />
We realize that all of the content will not easily fit into the word template but they can do the best they can and that will be fine with us. We only have three rules.<br />
<br />
Don’t delete anything even if you don’t agree with it.<br />
Don’t add anything unless it is well marked that you added it.<br />
Have fun and please ask questions. Please remember we have full time jobs and families. We will answer questions but maybe not as quickly as you would like. Yea, we are old grouchy men.<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
Basic understanding wiki editing, word understanding and ability to format text.<br />
<br />
'''Mentors:''' Larry Conklin, Gary Robinson</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Google_Code_In_2014&diff=185022Google Code In 20142014-11-10T09:17:39Z<p>Fabio.e.cerullo: /* Mentors */</p>
<hr />
<div><br />
[[File:Googlecodeinlogo.JPG]]<br />
<br />
=Welcome To OWASP!!=<br />
<br />
Hi there! if you are a young, fierce and creative youngster looking for action and hacking adventures this is your place.<br />
OWASP is an organization that create awareness providing learning tools to programmers and developers on how to code secure and avoid being hacked.<br />
<br />
Many of the tasks you will find in this page are about 'hacking' and protecting web applications.<br />
<br />
If you want to learn more about web security and how to protect web applications and software from 'evil' hackers, this is a great place to be.<br />
<br />
Be sure to read carefully all the rules related to the Google Code In program and talk to your parents or legal guardian about your participation. We strongly advise you to check the [http://www.google-melange.com/gci/document/show/gci_program/google/gci2014/terms_and_conditions Google Code-in Terms & Conditions].<br />
<br />
<br />
You can contact us on the [https://groups.google.com/forum/#!forum/owasp-gci OWASP Google Code-in discussion group] or via IRC on freenode (channel #owasp-gci) if you have any questions about the program. The Google Code-in 2014 contest will run from '''December 1, 2014 to January 19, 2015'''.<br />
<br />
=Task Categories=<br />
<br />
The tasks are grouped into the following categories:<br />
<br />
'''Code:''' Tasks related to writing or refactoring code.<br />
<br />
'''Documentation/Training:''' Tasks related to creating/editing documents and helping others learn more<br />
<br />
'''Outreach/Research:''' Tasks related to community management, outreach/marketing, or studying problems and recommending solutions<br />
<br />
'''Quality Assurance:''' Tasks related to testing and ensuring code is of high quality<br />
<br />
'''User Interface:''' Tasks related to user experience research or user interface design and interaction<br />
<br />
=Participating Projects=<br />
<br />
You could check the full list of participating projects and suggested tasks in the URL below:<br />
<br />
https://www.owasp.org/index.php/GCI2014_Ideas<br />
<br />
=Mentors=<br />
<br />
The mentors confirmed for GCI 2014 are:<br />
<br />
- Lucas Ferreira<br />
<br />
- Shivam Dixit<br />
<br />
- Azzeddine Ramrami<br />
<br />
- Alessandro Secco<br />
<br />
- Abraham Aranguren<br />
<br />
- Kevin Wall<br />
<br />
- Simon Bennetts<br />
<br />
- Fabio Cerullo<br />
<br />
- Mateo Martinez<br />
<br />
- Ramana Subramanyam<br />
<br />
- Aalekh Nigam<br />
<br />
- Cornel Punga<br />
<br />
- Cosmin Stefan<br />
<br />
- Rauf Butt<br />
<br />
- Pulasthi Mahawithana<br />
<br />
=Org Admin=<br />
<br />
- Kate Hartmann<br />
<br />
- Fabio Cerullo</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Google_Code_In_2014&diff=185010Google Code In 20142014-11-09T18:29:05Z<p>Fabio.e.cerullo: /* Welcome To OWASP!! */</p>
<hr />
<div><br />
[[File:Googlecodeinlogo.JPG]]<br />
<br />
=Welcome To OWASP!!=<br />
<br />
Hi there! if you are a young, fierce and creative youngster looking for action and hacking adventures this is your place.<br />
OWASP is an organization that create awareness providing learning tools to programmers and developers on how to code secure and avoid being hacked.<br />
<br />
Many of the tasks you will find in this page are about 'hacking' and protecting web applications.<br />
<br />
If you want to learn more about web security and how to protect web applications and software from 'evil' hackers, this is a great place to be.<br />
<br />
Be sure to read carefully all the rules related to the Google Code In program and talk to your parents or legal guardian about your participation. We strongly advise you to check the [http://www.google-melange.com/gci/document/show/gci_program/google/gci2014/terms_and_conditions Google Code-in Terms & Conditions].<br />
<br />
<br />
You can contact us on the [https://groups.google.com/forum/#!forum/owasp-gci OWASP Google Code-in discussion group] or via IRC on freenode (channel #owasp-gci) if you have any questions about the program. The Google Code-in 2014 contest will run from '''December 1, 2014 to January 19, 2015'''.<br />
<br />
=Task Categories=<br />
<br />
The tasks are grouped into the following categories:<br />
<br />
'''Code:''' Tasks related to writing or refactoring code.<br />
<br />
'''Documentation/Training:''' Tasks related to creating/editing documents and helping others learn more<br />
<br />
'''Outreach/Research:''' Tasks related to community management, outreach/marketing, or studying problems and recommending solutions<br />
<br />
'''Quality Assurance:''' Tasks related to testing and ensuring code is of high quality<br />
<br />
'''User Interface:''' Tasks related to user experience research or user interface design and interaction<br />
<br />
=Participating Projects=<br />
<br />
You could check the full list of participating projects and suggested tasks in the URL below:<br />
<br />
https://www.owasp.org/index.php/GCI2014_Ideas<br />
<br />
=Mentors=<br />
<br />
The mentors confirmed for GCI 2014 are:<br />
<br />
- Lucas Ferreira<br />
<br />
- Shivam Dixit<br />
<br />
- Azzeddine Ramrami<br />
<br />
- Alessandro Secco<br />
<br />
- Abraham Aranguren<br />
<br />
- Kevin Wall<br />
<br />
- Simon Bennetts<br />
<br />
- Fabio Cerullo<br />
<br />
- Mateo Martinez<br />
<br />
- Ramana Subramanyam<br />
<br />
- Aalekh Nigam<br />
<br />
- Cornel Punga<br />
<br />
=Org Admin=<br />
<br />
- Kate Hartmann<br />
<br />
- Fabio Cerullo</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Google_Code_In_2014&diff=184977Google Code In 20142014-11-08T01:37:17Z<p>Fabio.e.cerullo: /* Mentors */</p>
<hr />
<div><br />
[[File:Googlecodeinlogo.JPG]]<br />
<br />
=Welcome To OWASP!!=<br />
<br />
Hi there! if you are a young, fierce and creative youngster looking for action and hacking adventures this is your place.<br />
OWASP is an organization that create awareness providing learning tools to programmers and developers on how to code secure and avoid being hacked.<br />
<br />
Many of the tasks you will find in this page are about 'hacking' and protecting web applications.<br />
<br />
If you want to learn more about web security and how to protect web applications and software from 'evil' hackers, this is a great place to be.<br />
<br />
Be sure to read carefully all the rules related to the Google Code In program and talk to your parents or legal guardian about your participation. We strongly advise you to check the [http://www.google-melange.com/gci/document/show/gci_program/google/gci2014/terms_and_conditions Google Code-in Terms & Conditions].<br />
<br />
<br />
You can contact us on the [https://groups.google.com/forum/#!forum/owasp-gci OWASP Google Code-in discussion group] if you have any questions about the program. The Google Code-in 2014 contest will run from '''December 1, 2014 to January 19, 2015'''.<br />
<br />
=Task Categories=<br />
<br />
The tasks are grouped into the following categories:<br />
<br />
'''Code:''' Tasks related to writing or refactoring code.<br />
<br />
'''Documentation/Training:''' Tasks related to creating/editing documents and helping others learn more<br />
<br />
'''Outreach/Research:''' Tasks related to community management, outreach/marketing, or studying problems and recommending solutions<br />
<br />
'''Quality Assurance:''' Tasks related to testing and ensuring code is of high quality<br />
<br />
'''User Interface:''' Tasks related to user experience research or user interface design and interaction<br />
<br />
=Participating Projects=<br />
<br />
You could check the full list of participating projects and suggested tasks in the URL below:<br />
<br />
https://www.owasp.org/index.php/GCI2014_Ideas<br />
<br />
=Mentors=<br />
<br />
The mentors confirmed for GCI 2014 are:<br />
<br />
- Lucas Ferreira<br />
<br />
- Shivam Dixit<br />
<br />
- Azzeddine Ramrami<br />
<br />
- Alessandro Secco<br />
<br />
- Abraham Aranguren<br />
<br />
- Kevin Wall<br />
<br />
- Simon Bennetts<br />
<br />
- Fabio Cerullo<br />
<br />
- Mateo Martinez<br />
<br />
- Ramana Subramanyam<br />
<br />
- Aalekh Nigam<br />
<br />
- Cornel Punga<br />
<br />
=Org Admin=<br />
<br />
- Kate Hartmann<br />
<br />
- Fabio Cerullo</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Google_Code_In_2014&diff=184965Google Code In 20142014-11-07T18:25:17Z<p>Fabio.e.cerullo: </p>
<hr />
<div><br />
[[File:Googlecodeinlogo.JPG]]<br />
<br />
=Welcome To OWASP!!=<br />
<br />
Hi there! if you are a young, fierce and creative youngster looking for action and hacking adventures this is your place.<br />
OWASP is an organization that create awareness providing learning tools to programmers and developers on how to code secure and avoid being hacked.<br />
<br />
Many of the tasks you will find in this page are about 'hacking' and protecting web applications.<br />
<br />
If you want to learn more about web security and how to protect web applications and software from 'evil' hackers, this is a great place to be.<br />
<br />
Be sure to read carefully all the rules related to the Google Code In program and talk to your parents or legal guardian about your participation. We strongly advise you to check the [http://www.google-melange.com/gci/document/show/gci_program/google/gci2014/terms_and_conditions Google Code-in Terms & Conditions].<br />
<br />
<br />
You can contact us on the [https://groups.google.com/forum/#!forum/owasp-gci OWASP Google Code-in discussion group] if you have any questions about the program. The Google Code-in 2014 contest will run from '''December 1, 2014 to January 19, 2015'''.<br />
<br />
=Task Categories=<br />
<br />
The tasks are grouped into the following categories:<br />
<br />
'''Code:''' Tasks related to writing or refactoring code.<br />
<br />
'''Documentation/Training:''' Tasks related to creating/editing documents and helping others learn more<br />
<br />
'''Outreach/Research:''' Tasks related to community management, outreach/marketing, or studying problems and recommending solutions<br />
<br />
'''Quality Assurance:''' Tasks related to testing and ensuring code is of high quality<br />
<br />
'''User Interface:''' Tasks related to user experience research or user interface design and interaction<br />
<br />
=Participating Projects=<br />
<br />
You could check the full list of participating projects and suggested tasks in the URL below:<br />
<br />
https://www.owasp.org/index.php/GCI2014_Ideas<br />
<br />
=Mentors=<br />
<br />
The mentors confirmed for GCI 2014 are:<br />
<br />
- Lucas Ferreira<br />
<br />
- Shivam Dixit<br />
<br />
- Azzeddine Ramrami<br />
<br />
- Alessandro Secco<br />
<br />
- Abraham Aranguren<br />
<br />
- Kevin Wall<br />
<br />
- Simon Bennetts<br />
<br />
- Fabio Cerullo<br />
<br />
- Mateo Martinez<br />
<br />
=Org Admin=<br />
<br />
- Kate Hartmann<br />
<br />
- Fabio Cerullo</div>Fabio.e.cerullohttps://wiki.owasp.org/index.php?title=Google_Code_In_2014&diff=184964Google Code In 20142014-11-07T18:24:59Z<p>Fabio.e.cerullo: </p>
<hr />
<div><br />
[[File:Googlecodeinlogo.JPG]]<br />
<br />
=Welcome To OWASP!!=<br />
<br />
Hi there! if you are a young, fierce and creative youngster looking for action and hacking adventures this is your place.<br />
OWASP is an organization that create awareness providing learning tools to programmers and developers on how to code secure and avoid being hacked.<br />
<br />
Many of the tasks you will find in this page are about 'hacking' and protecting web applications.<br />
<br />
If you want to learn more about web security and how to protect web applications and software from 'evil' hackers, this is a great place to be.<br />
<br />
Be sure to read carefully all the rules related to the Google Code In program and talk to your parents or legal guardian about your participation. We strongly advise you to check the [http://www.google-melange.com/gci/document/show/gci_program/google/gci2014/terms_and_conditions Google Code-in Terms & Conditions].<br />
<br />
<br />
You can contact us on the [https://groups.google.com/forum/#!forum/owasp-gci OWASP Google Code-in discussion group] if you have any questions about the program. The Google Code-in 2014 contest will run from '''December 1, 2014 to January 19, 2015'''.<br />
<br />
=Task Categories=<br />
<br />
The tasks are grouped into the following categories:<br />
<br />
'''Code:''' Tasks related to writing or refactoring code.<br />
<br />
'''Documentation/Training:''' Tasks related to creating/editing documents and helping others learn more<br />
<br />
'''Outreach/Research:''' Tasks related to community management, outreach/marketing, or studying problems and recommending solutions<br />
<br />
'''Quality Assurance:''' Tasks related to testing and ensuring code is of high quality<br />
<br />
'''User Interface:''' Tasks related to user experience research or user interface design and interaction<br />
<br />
=Participating Projects=<br />
<br />
You could check the full list of participating projects and suggested tasks in the URL below:<br />
<br />
https://www.owasp.org/index.php/GCI2014_Ideas<br />
<br />
=Mentors=<br />
<br />
The mentors confirmed for GCI 2014 are:<br />
<br />
- Lucas Ferreira<br />
<br />
- Shivam Dixit<br />
<br />
- Azzeddine Ramrami<br />
<br />
- Alessandro Secco<br />
<br />
- Abraham Aranguren<br />
<br />
- Kevin Wall<br />
<br />
- Simon Bennetts<br />
<br />
- Fabio Cerullo<br />
<br />
=Org Admin=<br />
<br />
- Kate Hartmann<br />
<br />
- Fabio Cerullo</div>Fabio.e.cerullo