https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Fiona+CollinsOWASP - User contributions [en]2026-04-24T00:29:41ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193807Women In AppSec2015-04-21T21:22:32Z<p>Fiona Collins: /* Current Program */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
The program us currently being re-launched for AppSec EU 2015<br><br />
'''There is still work to be done - what can we do to Make it Happen?'''<br><br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
===Panel: "Women in AppSec - Making it Happen"===<br />
During this panel session we will discuss what can be done to Make it Happen for Women in AppSec going forward. What have those currently working in the field done to Make it Happen for themselves and other women; what tips and advice do they have to help you do to make a career for yourself or encourage those around you (sister, friend, daughter, etc…) to pursue a career in AppSec? What can we as professionals can do to help encourage girls to go for a career in AppSec?<br />
<br />
===Workshop===<br />
During the workshop we hope to introduce female attendees of the conference to what a career in App Sec can involve. We will teach them about application security and the many career paths available. We will be there to share our experiences and answer their questions to hopefully get them started on a career in AppSec. We hope to build relationships that may lead to a mentoring program for these women. <br />
<br />
==== Past Eligibility Criteria====<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the sessions during the event. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to do during the event - that will determine the budget. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
<br />
==During the conference==<br />
Be sure the engage the women attending the conference in the sessions you have organized: encourage them to not only attend but to be active participants. It's not all about the women try and encourage some men to get involved and attend also, for this initiative to be successful it must be inclusive.<br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the participants to make sure they enjoyed the experience. Ask them for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future.<br />
<br />
=ON THE DAY=<br />
We want to be sure to engage the women there in the sessions organized, encourage them to not only attend but to be active participants. Its not all about the women so try and encourage some men to participate too, for this initiative to be successful it must be inclusive.<br />
<br />
==Panel: "Women in AppSec - Making it Happen"==<br />
During this panel session we will discuss what can be done to Make it Happen for Women in AppSec going forward. What have those currently working in the field done to Make it Happen for themselves and other women; what tips and advice do they have to help you do to make a career for yourself or encourage those around you (sister, friend, daughter, etc…) to pursue a career in AppSec? What can we as professionals can do to help encourage girls to go for a career in AppSec?<br />
<br />
==Workshop==<br />
During the workshop we hope to introduce female attendees of the conference to what a career in App Sec can involve. We will teach them about application security and the many career paths available. We will be there to share our experiences and answer their questions to hopefully get them started on a career in AppSec. We hope to build relationships that may lead to a mentoring program for these women. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193806Women In AppSec2015-04-21T21:22:02Z<p>Fiona Collins: </p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
The program us currently being re-launched for AppSec EU 2015<br><br />
'''There is still work to be done - what can we do to Make it Happen?'''<br><br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
===Panel: "Women in AppSec - Making it Happen"===<br />
During this panel session we will discuss what can be done to Make it Happen for Women in AppSec going forward. What have those currently working in the field done to Make it Happen for themselves and other women; what tips and advice do they have to help you do to make a career for yourself or encourage those around you (sister, friend, daughter, etc…) to pursue a career in AppSec? What can we as professionals can do to help encourage girls to go for a career in AppSec?<br />
<br />
<br />
===Workshop===<br />
During the workshop we hope to introduce female attendees of the conference to what a career in App Sec can involve. We will teach them about application security and the many career paths available. We will be there to share our experiences and answer their questions to hopefully get them started on a career in AppSec. We hope to build relationships that may lead to a mentoring program for these women. <br />
<br />
=== Past Eligibility Criteria===<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the sessions during the event. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to do during the event - that will determine the budget. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
<br />
==During the conference==<br />
Be sure the engage the women attending the conference in the sessions you have organized: encourage them to not only attend but to be active participants. It's not all about the women try and encourage some men to get involved and attend also, for this initiative to be successful it must be inclusive.<br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the participants to make sure they enjoyed the experience. Ask them for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future.<br />
<br />
=ON THE DAY=<br />
We want to be sure to engage the women there in the sessions organized, encourage them to not only attend but to be active participants. Its not all about the women so try and encourage some men to participate too, for this initiative to be successful it must be inclusive.<br />
<br />
==Panel: "Women in AppSec - Making it Happen"==<br />
During this panel session we will discuss what can be done to Make it Happen for Women in AppSec going forward. What have those currently working in the field done to Make it Happen for themselves and other women; what tips and advice do they have to help you do to make a career for yourself or encourage those around you (sister, friend, daughter, etc…) to pursue a career in AppSec? What can we as professionals can do to help encourage girls to go for a career in AppSec?<br />
<br />
==Workshop==<br />
During the workshop we hope to introduce female attendees of the conference to what a career in App Sec can involve. We will teach them about application security and the many career paths available. We will be there to share our experiences and answer their questions to hopefully get them started on a career in AppSec. We hope to build relationships that may lead to a mentoring program for these women. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193805Women In AppSec2015-04-21T21:17:33Z<p>Fiona Collins: /* Current Program */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
The program us currently being re-launched for AppSec EU 2015<br><br />
'''There is still work to be done - what can we do to Make it Happen?'''<br><br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
===Panel: "Women in AppSec - Making it Happen"===<br />
During this panel session we will discuss what can be done to Make it Happen for Women in AppSec going forward. What have those currently working in the field done to Make it Happen for themselves and other women; what tips and advice do they have to help you do to make a career for yourself or encourage those around you (sister, friend, daughter, etc…) to pursue a career in AppSec? What can we as professionals can do to help encourage girls to go for a career in AppSec?<br />
<br />
<br />
===Workshop===<br />
During the workshop we hope to introduce female attendees of the conference to what a career in App Sec can involve. We will teach them about application security and the many career paths available. We will be there to share our experiences and answer their questions to hopefully get them started on a career in AppSec. We hope to build relationships that may lead to a mentoring program for these women. <br />
<br />
=== Past Eligibility Criteria===<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the sessions during the event. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to do during the event - that will determine the budget. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
<br />
==During the conference==<br />
Be sure the engage the women there in the sessions you have organized, encourage them to not only attend but to be active participants. Its not all about the women try and encourage some men too, for this initiative to be successful it must be inclusive.<br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the participants to make sure they enjoyed the experience. Ask them for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future.<br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193804Women In AppSec2015-04-21T21:16:39Z<p>Fiona Collins: /* ABOUT THE PROGRAM */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
The program us currently being re-launched for AppSec EU 2015<br />
'There is still work to be done - what can we do to Make it Happen?'<br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
===Panel: "Women in AppSec - Making it Happen"===<br />
During this panel session we will discuss what can be done to Make it Happen for Women in AppSec going forward. What have those currently working in the field done to Make it Happen for themselves and other women; what tips and advice do they have to help you do to make a career for yourself or encourage those around you (sister, friend, daughter, etc…) to pursue a career in AppSec? What can we as professionals can do to help encourage girls to go for a career in AppSec?<br />
<br />
<br />
===Workshop===<br />
During the workshop we hope to introduce female attendees of the conference to what a career in App Sec can involve. We will teach them about application security and the many career paths available. We will be there to share our experiences and answer their questions to hopefully get them started on a career in AppSec. We hope to build relationships that may lead to a mentoring program for these women. <br />
<br />
=== Past Eligibility Criteria===<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the sessions during the event. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to do during the event - that will determine the budget. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
<br />
==During the conference==<br />
Be sure the engage the women there in the sessions you have organized, encourage them to not only attend but to be active participants. Its not all about the women try and encourage some men too, for this initiative to be successful it must be inclusive.<br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the participants to make sure they enjoyed the experience. Ask them for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future.<br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193802Women In AppSec2015-04-21T21:10:41Z<p>Fiona Collins: /* During the conference */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
The program us currently being re-launched for AppSec EU 2015<br />
===There is still work to be done - what can we do to Make it Happen?===<br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
=== Past Eligibility Criteria===<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the sessions during the event. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to do during the event - that will determine the budget. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
<br />
==During the conference==<br />
Be sure the engage the women there in the sessions you have organized, encourage them to not only attend but to be active participants. Its not all about the women try and encourage some men too, for this initiative to be successful it must be inclusive.<br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the participants to make sure they enjoyed the experience. Ask them for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future.<br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193801Women In AppSec2015-04-21T21:10:22Z<p>Fiona Collins: /* PLANNING */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
The program us currently being re-launched for AppSec EU 2015<br />
===There is still work to be done - what can we do to Make it Happen?===<br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
=== Past Eligibility Criteria===<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the sessions during the event. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to do during the event - that will determine the budget. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
<br />
===During the conference===<br />
Be sure the engage the women there in the sessions you have organized, encourage them to not only attend but to be active participants. Its not all about the women try and encourage some men too, for this initiative to be successful it must be inclusive. <br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the participants to make sure they enjoyed the experience. Ask them for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future.<br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193799Women In AppSec2015-04-21T21:03:54Z<p>Fiona Collins: /* ABOUT THE PROGRAM */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
The program us currently being re-launched for AppSec EU 2015<br />
===There is still work to be done - what can we do to Make it Happen?===<br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
=== Past Eligibility Criteria===<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the candidates. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
'''Grading Proces'''<br />
<br />
While everyone on the committee will be involved in grading, one person will be in charge of the grading process. They will create spreadsheets similar to those originally created for the selection committee, and for making sure everyone has what they need for the grading process. This team will also be responsible for making sure the grading is complete on schedule, and that the announcement of the winners is made before the event. <br />
<br />
'''Call for Entries'''<br />
<br />
Finally, one to two people will be in charge of the call for entries. Depending on the amount of entries, this might work better with two people as it requires collecting entries, arranging them, and sorting them out to the other graders. The call for entries team is responsible for making the forms, and for developing at least the first draft of the selection criteria. <br />
<br />
====Award Details====<br />
<br />
This is the fun bit. You and your team will need to decide on the details of the awards. This involves making decisions such as if the winners will be provided travel and accommodation, or free training and conference attendance. Typically, we have covered both travel and accommodation for the two winners as well as one training class. We also provided the winners with a free conference pass; however, the award you choose to sponsor depends on the funds you are able to raise. It is also dependent on what your team decides is the best award package to give away based on your resources. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to award each winner. I recommend raising at least $6,000 USD to cover the expenses for each winner if you are going to cover travel and accommodation as well as conference passes and a free training class. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
====Application Process====<br />
You will need to start developing the application process while the sponsorship activities are going on. Make sure to develop the application timeline with deadlines for each stage. Deadlines are critically important, and there has to be a cut off point. Create a deadline for when submissions should be in, for when letters of recommendation should be received, the timeline for the grading process, the date the top 5 will be selected, and the date the final winners will be selected and announced. You will also need to develop a set of selection criteria that the team will use to grade all of the applicants against. Be specific on the criteria you are looking for in candidates. Especially note that only women in the region that the conference is being held can submitted for consideration. After you have all of these details sorted out, you will need to start the Call for Entries. Make sure create an online form where applicants can submit their details to the team. <br />
<br />
[https://docs.google.com/a/owasp.org/document/d/1iZDNogemeAoHBnrfn2dVe212Bct4ZJiXeVNj3j5JsWg/edit Sample Selection Criteria]<br />
<br />
====Selection Process====<br />
<br />
The selection of the winners can be a very lengthy process especially if you have received more than 30 applicants. In the past, the grading has been split between each program team member. Each member will be randomly allocated a handful of applicants which they will grade using the pre-determined selection criteria. Once the grading is complete, you can make the final selection on candidates and announce the winners as a team. <br />
<br />
After the winners have been selected and announced, the team will need to help the winners arrange travel, accommodations, and event logistics. Upon their arrival at the conference center, insure they are taken care of by an OWASP volunteer, someone who will get them settled and that they make it to panels and trainings without issue. The bigger the conference, the more important it is to make sure the winners are not lost in the crowd. <br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the winners to make sure they enjoyed the experience. Ask the winners for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future. <br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193797Women In AppSec2015-04-21T21:01:42Z<p>Fiona Collins: /* ABOUT THE PROGRAM */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
There is still work to be done - what can we do to Make it Happen?<br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
=== Past Eligibility Criteria===<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the candidates. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
'''Grading Proces'''<br />
<br />
While everyone on the committee will be involved in grading, one person will be in charge of the grading process. They will create spreadsheets similar to those originally created for the selection committee, and for making sure everyone has what they need for the grading process. This team will also be responsible for making sure the grading is complete on schedule, and that the announcement of the winners is made before the event. <br />
<br />
'''Call for Entries'''<br />
<br />
Finally, one to two people will be in charge of the call for entries. Depending on the amount of entries, this might work better with two people as it requires collecting entries, arranging them, and sorting them out to the other graders. The call for entries team is responsible for making the forms, and for developing at least the first draft of the selection criteria. <br />
<br />
====Award Details====<br />
<br />
This is the fun bit. You and your team will need to decide on the details of the awards. This involves making decisions such as if the winners will be provided travel and accommodation, or free training and conference attendance. Typically, we have covered both travel and accommodation for the two winners as well as one training class. We also provided the winners with a free conference pass; however, the award you choose to sponsor depends on the funds you are able to raise. It is also dependent on what your team decides is the best award package to give away based on your resources. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to award each winner. I recommend raising at least $6,000 USD to cover the expenses for each winner if you are going to cover travel and accommodation as well as conference passes and a free training class. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
====Application Process====<br />
You will need to start developing the application process while the sponsorship activities are going on. Make sure to develop the application timeline with deadlines for each stage. Deadlines are critically important, and there has to be a cut off point. Create a deadline for when submissions should be in, for when letters of recommendation should be received, the timeline for the grading process, the date the top 5 will be selected, and the date the final winners will be selected and announced. You will also need to develop a set of selection criteria that the team will use to grade all of the applicants against. Be specific on the criteria you are looking for in candidates. Especially note that only women in the region that the conference is being held can submitted for consideration. After you have all of these details sorted out, you will need to start the Call for Entries. Make sure create an online form where applicants can submit their details to the team. <br />
<br />
[https://docs.google.com/a/owasp.org/document/d/1iZDNogemeAoHBnrfn2dVe212Bct4ZJiXeVNj3j5JsWg/edit Sample Selection Criteria]<br />
<br />
====Selection Process====<br />
<br />
The selection of the winners can be a very lengthy process especially if you have received more than 30 applicants. In the past, the grading has been split between each program team member. Each member will be randomly allocated a handful of applicants which they will grade using the pre-determined selection criteria. Once the grading is complete, you can make the final selection on candidates and announce the winners as a team. <br />
<br />
After the winners have been selected and announced, the team will need to help the winners arrange travel, accommodations, and event logistics. Upon their arrival at the conference center, insure they are taken care of by an OWASP volunteer, someone who will get them settled and that they make it to panels and trainings without issue. The bigger the conference, the more important it is to make sure the winners are not lost in the crowd. <br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the winners to make sure they enjoyed the experience. Ask the winners for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future. <br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193796Women In AppSec2015-04-21T21:01:11Z<p>Fiona Collins: /* ABOUT THE PROGRAM */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
There is still work to be done - what can we do to Make it Happen?<br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build support for the women around us. <br />
<br />
== Past Eligibility Criteria==<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the candidates. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
'''Grading Proces'''<br />
<br />
While everyone on the committee will be involved in grading, one person will be in charge of the grading process. They will create spreadsheets similar to those originally created for the selection committee, and for making sure everyone has what they need for the grading process. This team will also be responsible for making sure the grading is complete on schedule, and that the announcement of the winners is made before the event. <br />
<br />
'''Call for Entries'''<br />
<br />
Finally, one to two people will be in charge of the call for entries. Depending on the amount of entries, this might work better with two people as it requires collecting entries, arranging them, and sorting them out to the other graders. The call for entries team is responsible for making the forms, and for developing at least the first draft of the selection criteria. <br />
<br />
====Award Details====<br />
<br />
This is the fun bit. You and your team will need to decide on the details of the awards. This involves making decisions such as if the winners will be provided travel and accommodation, or free training and conference attendance. Typically, we have covered both travel and accommodation for the two winners as well as one training class. We also provided the winners with a free conference pass; however, the award you choose to sponsor depends on the funds you are able to raise. It is also dependent on what your team decides is the best award package to give away based on your resources. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to award each winner. I recommend raising at least $6,000 USD to cover the expenses for each winner if you are going to cover travel and accommodation as well as conference passes and a free training class. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
====Application Process====<br />
You will need to start developing the application process while the sponsorship activities are going on. Make sure to develop the application timeline with deadlines for each stage. Deadlines are critically important, and there has to be a cut off point. Create a deadline for when submissions should be in, for when letters of recommendation should be received, the timeline for the grading process, the date the top 5 will be selected, and the date the final winners will be selected and announced. You will also need to develop a set of selection criteria that the team will use to grade all of the applicants against. Be specific on the criteria you are looking for in candidates. Especially note that only women in the region that the conference is being held can submitted for consideration. After you have all of these details sorted out, you will need to start the Call for Entries. Make sure create an online form where applicants can submit their details to the team. <br />
<br />
[https://docs.google.com/a/owasp.org/document/d/1iZDNogemeAoHBnrfn2dVe212Bct4ZJiXeVNj3j5JsWg/edit Sample Selection Criteria]<br />
<br />
====Selection Process====<br />
<br />
The selection of the winners can be a very lengthy process especially if you have received more than 30 applicants. In the past, the grading has been split between each program team member. Each member will be randomly allocated a handful of applicants which they will grade using the pre-determined selection criteria. Once the grading is complete, you can make the final selection on candidates and announce the winners as a team. <br />
<br />
After the winners have been selected and announced, the team will need to help the winners arrange travel, accommodations, and event logistics. Upon their arrival at the conference center, insure they are taken care of by an OWASP volunteer, someone who will get them settled and that they make it to panels and trainings without issue. The bigger the conference, the more important it is to make sure the winners are not lost in the crowd. <br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the winners to make sure they enjoyed the experience. Ask the winners for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future. <br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193795Women In AppSec2015-04-21T21:00:57Z<p>Fiona Collins: /* ABOUT THE PROGRAM */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
==Current Program==<br />
There is still work to be done - what can we do to Make it Happen?<br />
During AppSec EU there will be a panel discussion and workshop supported by the Women in AppSec initiative. Through these sessions we hope to encourage women to pursue a career in AppSec and help them realize it is an option for them. These sessions will be open to all so we can help build sipport for the women around us. <br />
<br />
== Past Eligibility Criteria==<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the candidates. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
'''Grading Proces'''<br />
<br />
While everyone on the committee will be involved in grading, one person will be in charge of the grading process. They will create spreadsheets similar to those originally created for the selection committee, and for making sure everyone has what they need for the grading process. This team will also be responsible for making sure the grading is complete on schedule, and that the announcement of the winners is made before the event. <br />
<br />
'''Call for Entries'''<br />
<br />
Finally, one to two people will be in charge of the call for entries. Depending on the amount of entries, this might work better with two people as it requires collecting entries, arranging them, and sorting them out to the other graders. The call for entries team is responsible for making the forms, and for developing at least the first draft of the selection criteria. <br />
<br />
====Award Details====<br />
<br />
This is the fun bit. You and your team will need to decide on the details of the awards. This involves making decisions such as if the winners will be provided travel and accommodation, or free training and conference attendance. Typically, we have covered both travel and accommodation for the two winners as well as one training class. We also provided the winners with a free conference pass; however, the award you choose to sponsor depends on the funds you are able to raise. It is also dependent on what your team decides is the best award package to give away based on your resources. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to award each winner. I recommend raising at least $6,000 USD to cover the expenses for each winner if you are going to cover travel and accommodation as well as conference passes and a free training class. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
====Application Process====<br />
You will need to start developing the application process while the sponsorship activities are going on. Make sure to develop the application timeline with deadlines for each stage. Deadlines are critically important, and there has to be a cut off point. Create a deadline for when submissions should be in, for when letters of recommendation should be received, the timeline for the grading process, the date the top 5 will be selected, and the date the final winners will be selected and announced. You will also need to develop a set of selection criteria that the team will use to grade all of the applicants against. Be specific on the criteria you are looking for in candidates. Especially note that only women in the region that the conference is being held can submitted for consideration. After you have all of these details sorted out, you will need to start the Call for Entries. Make sure create an online form where applicants can submit their details to the team. <br />
<br />
[https://docs.google.com/a/owasp.org/document/d/1iZDNogemeAoHBnrfn2dVe212Bct4ZJiXeVNj3j5JsWg/edit Sample Selection Criteria]<br />
<br />
====Selection Process====<br />
<br />
The selection of the winners can be a very lengthy process especially if you have received more than 30 applicants. In the past, the grading has been split between each program team member. Each member will be randomly allocated a handful of applicants which they will grade using the pre-determined selection criteria. Once the grading is complete, you can make the final selection on candidates and announce the winners as a team. <br />
<br />
After the winners have been selected and announced, the team will need to help the winners arrange travel, accommodations, and event logistics. Upon their arrival at the conference center, insure they are taken care of by an OWASP volunteer, someone who will get them settled and that they make it to panels and trainings without issue. The bigger the conference, the more important it is to make sure the winners are not lost in the crowd. <br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the winners to make sure they enjoyed the experience. Ask the winners for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future. <br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Women_In_AppSec&diff=193793Women In AppSec2015-04-21T20:58:04Z<p>Fiona Collins: /* Women in Application Security Program */</p>
<hr />
<div>=WELCOME=<br />
==Women in Application Security Program==<br />
<br />
The purpose of the Women in AppSec Program is to increase the participation of women in the field of application security. The program was successfully launched in 2011 at AppSec USA, and the aim is to run the program at every OWASP Global AppSec going forward. The Women in AppSec program is for any female interested in getting involved in AppSec or those already involved but looking to boost their career. This includes female undergraduate and graduate students, instructors, and professionals who are dedicated to information security or application development. <br />
<br />
In 2015, this program is being re-launched at AppSec EU in Amsterndam, May 19 - 22 with the theme "Women in AppSec - Making it Happen". <br />
<br />
Regional conferences are encouraged to host the Women in AppSec program, as well. We encourage you to read this page in full, and reach out to us via the [http://www.tfaforms.com/308703 Contact Form] or [mailto:support@owasp.org OWASP Support] if you have any questions on how to successfully run the program at your event. <br />
<br />
<br />
{|<br />
|-<br />
! width="400" align="left" | <br />
! width="400" align="left" | <br />
|-<br />
| align="left" | [[Image:WiAAPAC3.jpg| left|330px]] <br/><br />
| align="left" | [[Image:IMG_5579.JPG|left|325px]]<br />
| align="left" | [[Image:WiAAPAC2.jpg|left|330px]] <br />
<br />
<br />
|}<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
==Links==<br />
*[https://www.isc2.org/PressReleaseDetails.aspx?id=11240 (ISC)²® Report Reveals Women's Perspective and Skills are Transforming the Information Security Industry October 29, 2013].<br />
<br />
*[https://www.youtube.com/watch?v=62i4o15NbgA&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=42 Women in AppSec Panel at AppSec USA 2013: Women in Information Security: Who Are We? Where Are We Going? Why? -- Joan Goodchild (Audio Only)]<br />
<br />
=ABOUT THE PROGRAM=<br />
==Women in AppSec==<br />
The OWASP Foundation, in recognition of value to both organizations and society, is working to support and enhance programs that increase the participation of women in the field of information and application security. The OWASP Foundation Women in AppSec Program provides merit-based funding for women to attend participating OWASP AppSec conferences. OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. Interested applicants are encouraged to apply to the program running within their region of residence.<br />
<br />
== Past Eligibility Criteria==<br />
[[Image:IMG_5746.JPG|right|500x260px]]<br />
Below is the list of eligibility criteria used to select the winners in 2013. <br />
<br />
* Has provided 2 responsive contacts as reference, and both references are familiar with the candidate, application security, and OWASP.<br />
* Both references have provided letters of recommendation.<br />
* Has relevant/appropriate achievement goals for attending the conference.<br />
* Is the applicant from the region that the conference is taking place in.<br />
* Has background in volunteering for OWASP or similar organizations.<br />
* Has participated in one of OWASP's programs or activities?<br />
* Is either studying, wishing to study, working in AppSec, or interested in working in AppSec.<br />
* Has financial need.<br />
* Is a paid OWASP member, and/or employer/school is an OWASP sponsor.<br />
* Has an interest in exploring application security<br />
<br />
We encourage you to create your own set of criteria that will fit the Women In AppSec that you are planning within your region. The criteria above is meant to be a guideline of what has been used in the past.<br />
<br />
==Winners==<br />
<br />
In the past, we have typically had two winners selected for the sponsorship award; however, the number of winners depends on how much you can afford to sponsor. We recommend that you raise $3000 USD for each winner, at least. In the past, we have given each winner a free conference pass, one free training, and free travel and accommodation to attend the event. <br />
<br />
<!-- <br />
=GLOBAL CONFERENCES=<br />
==Global AppSec Conferences==<br />
<br />
[[Image:Appsec_APAC.jpg|right|x375px]] <br />
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in software security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific. Additionally, regional events are held in locations such as Brazil, China, India, Ireland, Israel, and Washington D.C just to name a few. The aim of the foundation is to bring the Women in AppSec Program to each of the four global conference taking place in 2014.<br />
<br />
==AppSec APAC==<br />
<br />
The AppSec APAC global conference takes place in the Asian-Pacific region. This conference is a reunion of local software security leaders, and aims to present cutting-edge ideas to attendees. OWASP events attract a worldwide audience interested in “what’s next”, and this global conference is no different. The conference is expected to draw 200-250 technologists each year from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many more. Women from the Asia-Pacific region are encouraged to apply to the program taking place during AppSec APAC. <br />
<br />
==AppSec EU==<br />
<br />
The AppSec EU global conference take place in the European region. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers, travel to hear the cutting-edge ideas presented by the software security industry's top talent. This conference is expected to draw 400-500 attendees each year from various regions within the Europe and beyond. Women from the European region are encouraged to apply to the program taking place during AppSec EU Research <br />
<br />
==AppSec Latam==<br />
<br />
The AppSec LATAM global conference takes place in the Latin American region. AppSec LATAM is a reunion of Latin American, software security leaders, providing a platform to discuss, participate in, and innovate within the software security industry. The conference is expected to draw 200-250 attendees from the Latin American region and beyond. Women in the Latin American region are encouraged to apply to the program taking place during AppSec LATAM. <br />
<br />
==AppSec USA==<br />
<br />
The AppSec USA global conference takes place in the North American region. AppSec USA is a world-class software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices. This conference is expected to draw over 300 attendees within the North American region. AppSec USA is typically OWASP's biggest conference of the year so women are encouraged to apply to the program taking place during AppSec USA if they live or will be traveling from within North America.<br />
--><br />
<br />
=PLANNING=<br />
==Pre-Conference==<br />
<br />
The majority of the planning involved in running the Women in AppSec Program occurs before the conference or regional event. Below, you will find a brief outline of the tasks your team will have to take on. <br />
<br />
====Planning & Selection Team====<br />
<br />
The first step you will need to take care of is the selection of your planning and selection team. These are the individuals that will be helping you manage the pre-event planning process and the selection of the candidates. You will typically need a team of 5-6 people. The selection committee will then be broken down into several sub-teams of one to two people who will then work on sponsorship, marketing, the grading process, and the call for entries. <br />
<br />
==== Sub-Team Roles ====<br />
<br />
'''Sponsorship'''<br />
<br />
Two people should be responsible for developing the materials and seeking out sponsorships for the program. They will be in charge of creating the sponsorship packages, flyers, and seeking out sponsorship from other chapters and organizations.<br />
<br />
'''Marketing'''<br />
<br />
At least two people should be responsible for marketing the event. Their job will consist of putting together press releases, keeping the event planners updated on progress, and <br />
communicating progress to the overall community. They will also be responsible for getting the message out when the team is ready to start accepting applicants. <br />
<br />
'''Grading Proces'''<br />
<br />
While everyone on the committee will be involved in grading, one person will be in charge of the grading process. They will create spreadsheets similar to those originally created for the selection committee, and for making sure everyone has what they need for the grading process. This team will also be responsible for making sure the grading is complete on schedule, and that the announcement of the winners is made before the event. <br />
<br />
'''Call for Entries'''<br />
<br />
Finally, one to two people will be in charge of the call for entries. Depending on the amount of entries, this might work better with two people as it requires collecting entries, arranging them, and sorting them out to the other graders. The call for entries team is responsible for making the forms, and for developing at least the first draft of the selection criteria. <br />
<br />
====Award Details====<br />
<br />
This is the fun bit. You and your team will need to decide on the details of the awards. This involves making decisions such as if the winners will be provided travel and accommodation, or free training and conference attendance. Typically, we have covered both travel and accommodation for the two winners as well as one training class. We also provided the winners with a free conference pass; however, the award you choose to sponsor depends on the funds you are able to raise. It is also dependent on what your team decides is the best award package to give away based on your resources. <br />
<br />
====Budget====<br />
As mentioned above, it is up to your team to decide what it is you wish to award each winner. I recommend raising at least $6,000 USD to cover the expenses for each winner if you are going to cover travel and accommodation as well as conference passes and a free training class. <br />
<br />
====Sponsorship====<br />
It is very important to start reaching out to the overall OWASP community and their corporate contacts as potential sponsorship leads. Develop a Sponsorship Strategy and put together a sponsorship flyer outlining the program, what you are seeking, and the benefits of sponsorship. Give incentive for sponsorship and details about the program to get potential sponsors interested. Make sure to include the successes of past Women in AppSec conference events. Once you have your materials and sponsorship packages sorted, you can get started with sponsorship seeking activities. Below you will find an example of the Women in AppSec 2013 sponsorship flyer we sent out to potential sponsors. <br />
<br />
[http://appsecusa.org/2013/wp-content/uploads/2013/06/women-in-appsec-sponsorship.pdf Sample of 2013 Sponsorship Flyer]<br />
<br />
====Application Process====<br />
You will need to start developing the application process while the sponsorship activities are going on. Make sure to develop the application timeline with deadlines for each stage. Deadlines are critically important, and there has to be a cut off point. Create a deadline for when submissions should be in, for when letters of recommendation should be received, the timeline for the grading process, the date the top 5 will be selected, and the date the final winners will be selected and announced. You will also need to develop a set of selection criteria that the team will use to grade all of the applicants against. Be specific on the criteria you are looking for in candidates. Especially note that only women in the region that the conference is being held can submitted for consideration. After you have all of these details sorted out, you will need to start the Call for Entries. Make sure create an online form where applicants can submit their details to the team. <br />
<br />
[https://docs.google.com/a/owasp.org/document/d/1iZDNogemeAoHBnrfn2dVe212Bct4ZJiXeVNj3j5JsWg/edit Sample Selection Criteria]<br />
<br />
====Selection Process====<br />
<br />
The selection of the winners can be a very lengthy process especially if you have received more than 30 applicants. In the past, the grading has been split between each program team member. Each member will be randomly allocated a handful of applicants which they will grade using the pre-determined selection criteria. Once the grading is complete, you can make the final selection on candidates and announce the winners as a team. <br />
<br />
After the winners have been selected and announced, the team will need to help the winners arrange travel, accommodations, and event logistics. Upon their arrival at the conference center, insure they are taken care of by an OWASP volunteer, someone who will get them settled and that they make it to panels and trainings without issue. The bigger the conference, the more important it is to make sure the winners are not lost in the crowd. <br />
<br />
==Post-Conference==<br />
<br />
After the conference, it is very important to gather feedback from the winners to make sure they enjoyed the experience. Ask the winners for a brief description about their experience, with a picture attached for the website. Then write up a review and lessons learned page to document the experience with the program. Make sure to include what can be improved upon in the future. <br />
<br />
=ON THE DAY=<br />
==Training Days==<br />
Prior to the conference, the winners will arrive during the training workshops. Upon their arrival an OWASP volunteer will be around to greet them and take them to the trainings. This is to ensure that the winners are taken care of, and that they feel welcome and comfortable. The two training days prior to the conference should give the winners a chance to get to know local chapter volunteers and early attendees. Winners are encouraged to attend trainings that interest them and to mingle with fellow trainees. If there is a welcome event, winners should be encouraged to attend as well.<br />
<br />
==Conference Days==<br />
During the two days of the conference an OWASP volunteer will be available to show the winners around, introduce them to staff members, and get them acquainted with conference goers. The volunteer will also be responsible for getting the winners to the Women in AppSec scheduled activities, if any are planned. The volunteers should be made available if the winners have any questions or need help with anything. It is important that the winners get the full OWASP AppSec experience. This includes attending sessions of interests and encouraging winners to participate in the various activities provided at the Global AppSecs. <br />
<br />
=PAST WINNERS=<br />
==Previous Women in AppSec Winners==<br />
Following their experience at AppSec, winners are encouraged to write a short piece about their experience at the conference and their participation in the Women in AppSec program. Here, they outline their experience with the Women in AppSec Program in their own words. <br />
<br />
==Carrie Schaper, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Carrie Schaper Small.jpg|100px]]<br />
| align="justify" |"OWASP Appsec proved to be a great experience for me, uniting and interacting with friends, professionals, and colleagues from the Information Security space from across the US and Internationally whom were in attendance. The huge space and well organized functions such as the: trainings, expert talks, panels, bug-bounty, lock-picking village and social events all enhanced the conference experience. Participating on the Women in IT panel was a wonderful experience, as many women were in attendance and participated in collaborative discussions. OWASP Appsec held in NY this year, was a premier NY conference not to be missed. Thank you to OWASP, its attendees and organizers."<br />
|}<br />
<br><br />
<br />
==Nancy Lornston, 2013 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Nancy Lorntson Small.jpg|100px]]<br />
| align="justify" |"AppSec 2013 was an awesome experience! Nowhere in the world can you find the top security experts all in one place at one time (and participate in a marriage proposal!). The conference presentations were well organized and the speakers were prepared to share pros, cons, successes and failures of their work in order to advance the application security domain. The variety of vendors was terrific as well.<br />
<br />
The Women in AppSec panel was an opportunity to advance women's position in the community. Each speaker shared some very candid remarks about their personal experiences and by the end, it was clear that while more work needs to be done, there is a sincere interest by companies, universities and the industry in general to work on doing the things needed to attract more women to the profession.<br />
<br />
The training course I attended (Open source tools) lived up to it's billing and I came away with several invaluable tips and strategies to improve our program.<br />
<br />
A huge thank you to the Women in App Sec Panel and OWASP in general for this opportunity to attend the premier Application Security Conference in the world."<br />
|}<br />
<br><br />
<br />
==Tara Wilson, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Tara wilson.jpg|100px]]<br />
| align="justify" |“Being fortunate enough to receive the Women in AppSec sponsorhsip is a unique and valuable experience. It is a great opportunity for women to have a chance to bolster their skills and dive deep into the world of application security. I found that attending the conference was not only a great way to experience what the OWASP community has to offer, but it also gives students a chance to network with a great group of people who are passionate about their field and willing to share a wealth of information.” <br />
|}<br />
<br><br />
<br />
==Chandni Bhowmik, 2011 Winner==<br />
{| style="background-color: transparent"<br />
|-<br />
! width="200" align="center" | <br> <br />
! width="1000" align="center" | <br><br />
|-<br />
| align="center" | [[Image:Chandni_bhowmik.jpg|100px]]<br />
| align="justify" |Chandni Bhowmik is currently completing an M.S. in Computer Security and Information Assurance at the Rochester Institute of Technology (RIT). Her first introduction to OWASP was through the project WebScarab during an application security lab last spring at RIT and her interest in OWASP grew ever since. Over the summer, she started programming open source web applications using built-in security features of Django and Python. She is interested in becoming an information security researcher, and hopes to leverage learning at OWASP AppSec USA 2011 in ad-hoc architecture, mobile platforms and over-all concepts of web application security. Besides secure programming, Chandni enjoys her current research involving digital image forensics and machine learning. In addition to attending school, she has interned in IT security and compliance at Paychex, a Rochester based payroll processing company, and gained industrial experience working an assistant systems engineer for Tata Consultancy Services, a global IT firm. <br />
|}<br />
<br><br />
<br />
=CONTACT=<br />
<br />
==Contact Us==<br />
<br />
If you are interested in another piece of OWASP design for your event or project, please let us know by using the [http://owasp4.owasp.org/contactus.html OWASP Contact Us form]. <br />
<br />
<br />
<headertabs /></div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Cork&diff=192691Cork2015-04-03T13:25:56Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Cork|extra= [[File:Owasp_logo_ireland_small.jpg]]| The chapter leaders are [mailto:fiona.collins@owasp.org Fiona Collins] and [mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cork|emailarchives=http://lists.owasp.org/pipermail/owasp-Cork}}<br />
<br />
'''Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting. <br><br />
We currently have the following sponsorship options available: <br><br />
€250 for an individual meeting sponsorship<br><br />
€1500 for annual chapter sponsorship<br><br />
Contact any of the board members below for more information. <br>'''<br />
<br />
<br />
== OWASP Cork Board ==<br />
<br />
Should you have a question about the local chapter, would like to get more involved contact any of the following people below <br><br><br />
<br />
'''Chapter Leads''': <br />
<br />
*[mailto:fiona.collins(at)owasp.org Fiona Collins]<br><br />
*[mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick]<br><br><br />
<br />
'''Details and registration for all chapter meetingsis available on our Meet-Up page: http://www.meetup.com/OWASP-Cork/'''<br />
<br />
== Chapter Meetings - 2015 ==<br />
<br />
=== Cork Security Event - Mach 24 ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Amalgamating IT Security Best Practices Within an Organisation''' <br />
|-<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
On March 24th we held a joing security event with CorkSec, ISACA, and (ISC)2. <br />
Slides from the talks are available here: <br><br />
[https://drive.google.com/file/d/0B2v5SuBDC0ejWHUyUkJtLThpSUE/view?usp=sharing, Securing Innovation] <br><br />
[https://drive.google.com/file/d/0B2v5SuBDC0ejYXhRUEhtOEdTWVU/view?usp=sharing, The Weakest Link] <br><br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc. <br />
|-<br />
|}<br />
<br />
== Chapter Meetings - 2014 ==<br />
<br />
'''Details and registration for all chapter meetingsis available on our Meet-Up page: http://www.meetup.com/OWASP-Cork/'''<br />
<br />
=== OWASP December Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - December 11 2014''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 11 December 2014<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC, Western Gateway Building, Room G04<br><br />
Venue Address: Western Road, Cork'''<br><br />
Venue Map: [https://www.google.com/maps/place/Western+Gateway+Building+-+UCC/@51.8934237,-8.4990742,17z/ Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/218796493/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The next OWASP Cork Chapter meeting is taking place on Thursday December 11th in UCC (Western Gateway Building, WGB G04) at 7PM. <br />
<br />
Hope to see you there. <br />
There are two talks lined up:<br />
<br />
Talk 1: Eoin Carroll - Android Webview Exploitation<br />
<br />
Bio:<br />
<br />
Eoin Carroll is an IT Security Engineer and member of OWASP since 2009. Based in Cork and works on all things security with keen interests in the Android Stack, Threat Modeling, HTML5, Cryptanalysis, Reversing and Exploitation.<br />
<br />
Eoin has 13 years’ experience spanning across the IT, Semi-Conductor and Medical Device industries, working as an Electronic Engineer for 10 yrs and in Security for the last 3 years.<br />
<br />
Android Webview Exploitation<br />
<br />
This talk will focus on the AddJavascriptInterface which is remotely exploitable leading to Shell and Cross Application Scripting (XAS). Eoin will discuss the importance of Threat Modeling with cross platform development frameworks such as Phonegap/Cordova as well as security tools such as Drozer and AFE (Android Exploitation Framework).<br />
<br />
The session will finish with a MITM demo exploiting the AddJavascriptInterface.<br />
<br />
Slides are available here: [https://drive.google.com/file/d/0B2v5SuBDC0ejVFN5WlZaSTJyYU0/view?usp=sharing, OWASP Android Webview Explotiation]<br />
<br />
<br />
<br />
Talk 2: Eoin Keary & Rahim Jina - 2014 EdgeScan Vulnerability Stats Report<br />
<br />
Eoin Keary - BCC Risk Advisory / OWASP<br />
<br />
Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org), and during his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, and the OWASP Cheat Sheet Series. <br />
Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world's largest financial services and consumer products companies. He was a senior manager, responsible for penetration testing in EMEA for a “big 4” professional services firm for 4.5 years. He is the CTO and founder of BCC Risk Advisory Ltd (bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training. <br />
Eoin has delivered security training and talks for OWASP to over 600 developers in the past year including events such as RSA (2013), RSA Europe, OWASP EU (2013), OWASP Dublin 2013.<br />
<br />
Rahim Jina - BCC Risk Advisory / OWASP<br />
<br />
Rahim is a member of OWASP and has contributed to many open source security projects over the past 8 years such as the OWASP Testing and Security Code Review Guides and also OWASP SAMM. Previously Rahim was a senior consultant at a “big 4” professional services for and the head of security for a large VoIP/IPT company in Los Angeles, USA and now works as the Director of information security for BCC Risk Advisory (bccriskadvisory.com). His is also responsible for the security architecture of the edgescan.com vulnerability management solution.<br />
<br />
<br />
We will go along to the Woolshed bar for some drinks and chats after the talk: (http://www.woolshedbaa.com/cork/)<br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc. <br />
|-<br />
|}<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - September 22 2014''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Monday 22nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC (WGB G.14)<br><br />
Venue Address: Western Gateway Building, UCC, Western Rd, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.com/maps/place/Western+Gateway+Building+-+UCC/@51.8934237,-8.4990742,17z/ Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/207323992/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The next OWASP Cork Chapter meeting is taking place on Monday September 22nd in UCC (WGB G.14) at 7PM. <br />
<br />
We would like to treat all attendees to some beer and pizza after the talks in the Woolshed bar (Mardyke - http://www.woolshedbaa.com/cork/)<br />
<br />
Hope to see you there.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Introduction to OWASP ZAP<br />
<br />
Overview of the OWASP ZAP tool. <br />
<br />
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.<br />
<br />
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.<br />
<br />
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.<br />
<br />
<br />
<br />
Talk 2: Mark Denihan - OWASP Security Shepherd<br />
<br />
The OWASP Security Shepherd project has been designed and implemented with the aim of fostering and improving security awareness among a varied skill set demographic. Shepherd covers the OWASP Top Ten web app risks and has recently been injected with totally new content to cover the OWASP Top Ten Mobile risks as well. Many of these levels include insufficient mitigations and protections to these risks, such as blacklist filters, atrocious encoding schemes, barbaric security mechanisms and poor security configuration. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. In this presentation we're going to look at the Shepherd platform itself from both a learning and teaching perspective. Some of Shepherd's lessons and challenges will be demonstrated and we'll also walkthrough how easy it is to stand up a Security Shepherd instance and how it can be tailored to suit any web/mobile app sec teaching environments. <br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc.<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - Joint event with CorkSec''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 2nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: SoHo<br><br />
Venue Address: Grand Parade, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.ie/maps/place/SoHo+Bar+%26+Restaurant/@51.897763,-8.47554,17z/data=!3m1!4b1!4m2!3m1!1s0x4844901091595791:0xd69636673a833492 Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/203006902/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The first OWASP Cork Chapter meeting is taking place on Tuesday September 1st upstairs in SoHo bar on Grand Parade. This meeting is a joint event with the CorkSec group (http://www.meetup.com/CorkSec/). We would love if you could stay around after for a chat and some networking.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Web to Shell by Darren Fitzpatrick<br />
<br />
Darren will introduce the concept of getting a shell through a website. This basically means remotely taking over the server on which a web application is installed. After a little theory, he will go about delivering demonstrations of this in action. Demos will include common attack vectors of this type and one recent and quite common ruby on rails specific remote exploit.<br />
<br />
<br />
Talk 2: How I got into Security by Jack Baylor<br />
<br />
In this short talk I'll be covering:<br />
<br />
* my education and previous work experience<br />
* what courses I wish I'd covered but didn't<br />
* how I got interested initially<br />
* how I started researching and networking<br />
* how I came about working in Qualcomm<br />
* how some others broke into security (through polling others here and through talking to people on LinkedIn etc...), <br />
* what courses I intend to take in the next 1, 2 and 5 years<br />
|-<br />
|}<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
== Other OWASP Chapters in Ireland ==<br />
<br />
'''OWASP Dublin'''<br />
<br />
https://www.owasp.org/index.php/Ireland-Dublin<br />
<br />
*'''Chapter Lead''' [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury] +353876605277<br><br />
*'''Board Member/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br><br />
*'''Board Member''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br><br />
*'''Board Member''' [mailto:Mark.Denihan(at)owasp.org Mark Denihan]<br><br />
<br />
<br />
'''OWASP Limerick'''<br />
<br />
https://www.owasp.org/index.php/Limerick<br />
<br />
*'''Chapter Lead''' [mailto:marian.ventuneac(at)owasp.org Marian Ventuneac]<br><br><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Europe]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Cork&diff=187632Cork2015-01-06T16:08:09Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Cork|extra= [[File:Owasp_logo_ireland_small.jpg]]| The chapter leaders are [mailto:fiona.collins@owasp.org Fiona Collins] and [mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cork|emailarchives=http://lists.owasp.org/pipermail/owasp-Cork}}<br />
<br />
'''Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting. <br><br />
We currently have the following sponsorship options available: <br><br />
€250 for an individual meeting sponsorship<br><br />
€1500 for annual chapter sponsorship<br><br />
Contact any of the board members below for more information. <br>'''<br />
<br />
<br />
== OWASP Cork Board ==<br />
<br />
Should you have a question about the local chapter, would like to get more involved contact any of the following people below <br><br><br />
<br />
'''Chapter Leads''': <br />
<br />
*[mailto:fiona.collins(at)owasp.org Fiona Collins]<br><br />
*[mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick]<br><br><br />
<br />
<br />
<br />
== Chapter Meetings - 2014 ==<br />
<br />
'''Details and registration for all chapter meetingsis available on our Meet-Up page: http://www.meetup.com/OWASP-Cork/'''<br />
<br />
=== OWASP December Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - December 11 2014''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 11 December 2014<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC, Western Gateway Building, Room G04<br><br />
Venue Address: Western Road, Cork'''<br><br />
Venue Map: [https://www.google.com/maps/place/Western+Gateway+Building+-+UCC/@51.8934237,-8.4990742,17z/ Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/218796493/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The next OWASP Cork Chapter meeting is taking place on Thursday December 11th in UCC (Western Gateway Building, WGB G04) at 7PM. <br />
<br />
Hope to see you there. <br />
There are two talks lined up:<br />
<br />
Talk 1: Eoin Carroll - Android Webview Exploitation<br />
<br />
Bio:<br />
<br />
Eoin Carroll is an IT Security Engineer and member of OWASP since 2009. Based in Cork and works on all things security with keen interests in the Android Stack, Threat Modeling, HTML5, Cryptanalysis, Reversing and Exploitation.<br />
<br />
Eoin has 13 years’ experience spanning across the IT, Semi-Conductor and Medical Device industries, working as an Electronic Engineer for 10 yrs and in Security for the last 3 years.<br />
<br />
Android Webview Exploitation<br />
<br />
This talk will focus on the AddJavascriptInterface which is remotely exploitable leading to Shell and Cross Application Scripting (XAS). Eoin will discuss the importance of Threat Modeling with cross platform development frameworks such as Phonegap/Cordova as well as security tools such as Drozer and AFE (Android Exploitation Framework).<br />
<br />
The session will finish with a MITM demo exploiting the AddJavascriptInterface.<br />
<br />
Slides are available here: [https://drive.google.com/file/d/0B2v5SuBDC0ejVFN5WlZaSTJyYU0/view?usp=sharing, OWASP Android Webview Explotiation]<br />
<br />
<br />
<br />
Talk 2: Eoin Keary & Rahim Jina - 2014 EdgeScan Vulnerability Stats Report<br />
<br />
Eoin Keary - BCC Risk Advisory / OWASP<br />
<br />
Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org), and during his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, and the OWASP Cheat Sheet Series. <br />
Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world's largest financial services and consumer products companies. He was a senior manager, responsible for penetration testing in EMEA for a “big 4” professional services firm for 4.5 years. He is the CTO and founder of BCC Risk Advisory Ltd (bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training. <br />
Eoin has delivered security training and talks for OWASP to over 600 developers in the past year including events such as RSA (2013), RSA Europe, OWASP EU (2013), OWASP Dublin 2013.<br />
<br />
Rahim Jina - BCC Risk Advisory / OWASP<br />
<br />
Rahim is a member of OWASP and has contributed to many open source security projects over the past 8 years such as the OWASP Testing and Security Code Review Guides and also OWASP SAMM. Previously Rahim was a senior consultant at a “big 4” professional services for and the head of security for a large VoIP/IPT company in Los Angeles, USA and now works as the Director of information security for BCC Risk Advisory (bccriskadvisory.com). His is also responsible for the security architecture of the edgescan.com vulnerability management solution.<br />
<br />
<br />
We will go along to the Woolshed bar for some drinks and chats after the talk: (http://www.woolshedbaa.com/cork/)<br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc. <br />
|-<br />
|}<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - September 22 2014''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Monday 22nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC (WGB G.14)<br><br />
Venue Address: Western Gateway Building, UCC, Western Rd, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.com/maps/place/Western+Gateway+Building+-+UCC/@51.8934237,-8.4990742,17z/ Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/207323992/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The next OWASP Cork Chapter meeting is taking place on Monday September 22nd in UCC (WGB G.14) at 7PM. <br />
<br />
We would like to treat all attendees to some beer and pizza after the talks in the Woolshed bar (Mardyke - http://www.woolshedbaa.com/cork/)<br />
<br />
Hope to see you there.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Introduction to OWASP ZAP<br />
<br />
Overview of the OWASP ZAP tool. <br />
<br />
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.<br />
<br />
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.<br />
<br />
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.<br />
<br />
<br />
<br />
Talk 2: Mark Denihan - OWASP Security Shepherd<br />
<br />
The OWASP Security Shepherd project has been designed and implemented with the aim of fostering and improving security awareness among a varied skill set demographic. Shepherd covers the OWASP Top Ten web app risks and has recently been injected with totally new content to cover the OWASP Top Ten Mobile risks as well. Many of these levels include insufficient mitigations and protections to these risks, such as blacklist filters, atrocious encoding schemes, barbaric security mechanisms and poor security configuration. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. In this presentation we're going to look at the Shepherd platform itself from both a learning and teaching perspective. Some of Shepherd's lessons and challenges will be demonstrated and we'll also walkthrough how easy it is to stand up a Security Shepherd instance and how it can be tailored to suit any web/mobile app sec teaching environments. <br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc.<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - Joint event with CorkSec''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 2nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: SoHo<br><br />
Venue Address: Grand Parade, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.ie/maps/place/SoHo+Bar+%26+Restaurant/@51.897763,-8.47554,17z/data=!3m1!4b1!4m2!3m1!1s0x4844901091595791:0xd69636673a833492 Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/203006902/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The first OWASP Cork Chapter meeting is taking place on Tuesday September 1st upstairs in SoHo bar on Grand Parade. This meeting is a joint event with the CorkSec group (http://www.meetup.com/CorkSec/). We would love if you could stay around after for a chat and some networking.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Web to Shell by Darren Fitzpatrick<br />
<br />
Darren will introduce the concept of getting a shell through a website. This basically means remotely taking over the server on which a web application is installed. After a little theory, he will go about delivering demonstrations of this in action. Demos will include common attack vectors of this type and one recent and quite common ruby on rails specific remote exploit.<br />
<br />
<br />
Talk 2: How I got into Security by Jack Baylor<br />
<br />
In this short talk I'll be covering:<br />
<br />
* my education and previous work experience<br />
* what courses I wish I'd covered but didn't<br />
* how I got interested initially<br />
* how I started researching and networking<br />
* how I came about working in Qualcomm<br />
* how some others broke into security (through polling others here and through talking to people on LinkedIn etc...), <br />
* what courses I intend to take in the next 1, 2 and 5 years<br />
|-<br />
|}<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
== Other OWASP Chapters in Ireland ==<br />
<br />
'''OWASP Dublin'''<br />
<br />
https://www.owasp.org/index.php/Ireland-Dublin<br />
<br />
*'''Chapter Lead''' [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury] +353876605277<br><br />
*'''Board Member/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br><br />
*'''Board Member''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br><br />
*'''Board Member''' [mailto:Mark.Denihan(at)owasp.org Mark Denihan]<br><br />
<br />
<br />
'''OWASP Limerick'''<br />
<br />
https://www.owasp.org/index.php/Limerick<br />
<br />
*'''Chapter Lead''' [mailto:marian.ventuneac(at)owasp.org Marian Ventuneac]<br><br><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Europe]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Cork&diff=186120Cork2014-11-28T12:49:38Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Cork|extra= [[File:Owasp_logo_ireland_small.jpg]]| The chapter leaders are [mailto:fiona.collins@owasp.org Fiona Collins] and [mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cork|emailarchives=http://lists.owasp.org/pipermail/owasp-Cork}}<br />
<br />
'''Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting. <br><br />
We currently have the following sponsorship options available: <br><br />
€250 for an individual meeting sponsorship<br><br />
€1500 for annual chapter sponsorship<br><br />
Contact any of the board members below for more information. <br>'''<br />
<br />
<br />
== OWASP Cork Board ==<br />
<br />
Should you have a question about the local chapter, would like to get more involved contact any of the following people below <br><br><br />
<br />
'''Chapter Leads''': <br />
<br />
*[mailto:fiona.collins(at)owasp.org Fiona Collins]<br><br />
*[mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick]<br><br><br />
<br />
<br />
<br />
== Chapter Meetings - 2014 ==<br />
<br />
'''Details and registration for all chapter meetingsis available on our Meet-Up page: http://www.meetup.com/OWASP-Cork/'''<br />
<br />
=== OWASP December Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - December 11 2014''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 11 December 2014<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC, Western Gateway Building, Room G04<br><br />
Venue Address: Western Road, Cork'''<br><br />
Venue Map: [https://www.google.com/maps/place/Western+Gateway+Building+-+UCC/@51.8934237,-8.4990742,17z/ Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/218796493/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The next OWASP Cork Chapter meeting is taking place on Thursday December 11th in UCC (Western Gateway Building, WGB G04) at 7PM. <br />
<br />
Hope to see you there. <br />
There are two talks lined up:<br />
<br />
Talk 1: Eoin Carroll - Android Webview Exploitation<br />
<br />
Bio:<br />
<br />
Eoin Carroll is an IT Security Engineer and member of OWASP since 2009. Based in Cork and works on all things security with keen interests in the Android Stack, Threat Modeling, HTML5, Cryptanalysis, Reversing and Exploitation.<br />
<br />
Eoin has 13 years’ experience spanning across the IT, Semi-Conductor and Medical Device industries, working as an Electronic Engineer for 10 yrs and in Security for the last 3 years.<br />
<br />
Android Webview Exploitation<br />
<br />
This talk will focus on the AddJavascriptInterface which is remotely exploitable leading to Shell and Cross Application Scripting (XAS). Eoin will discuss the importance of Threat Modeling with cross platform development frameworks such as Phonegap/Cordova as well as security tools such as Drozer and AFE (Android Exploitation Framework).<br />
<br />
The session will finish with a MITM demo exploiting the AddJavascriptInterface.<br />
<br />
<br />
<br />
Talk 2: Eoin Keary & Rahim Jina - 2014 EdgeScan Vulnerability Stats Report<br />
<br />
Eoin Keary - BCC Risk Advisory / OWASP<br />
<br />
Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org), and during his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, and the OWASP Cheat Sheet Series. <br />
Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world's largest financial services and consumer products companies. He was a senior manager, responsible for penetration testing in EMEA for a “big 4” professional services firm for 4.5 years. He is the CTO and founder of BCC Risk Advisory Ltd (bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training. <br />
Eoin has delivered security training and talks for OWASP to over 600 developers in the past year including events such as RSA (2013), RSA Europe, OWASP EU (2013), OWASP Dublin 2013.<br />
<br />
Rahim Jina - BCC Risk Advisory / OWASP<br />
<br />
Rahim is a member of OWASP and has contributed to many open source security projects over the past 8 years such as the OWASP Testing and Security Code Review Guides and also OWASP SAMM. Previously Rahim was a senior consultant at a “big 4” professional services for and the head of security for a large VoIP/IPT company in Los Angeles, USA and now works as the Director of information security for BCC Risk Advisory (bccriskadvisory.com). His is also responsible for the security architecture of the edgescan.com vulnerability management solution.<br />
<br />
<br />
We will go along to the Woolshed bar for some drinks and chats after the talk: (http://www.woolshedbaa.com/cork/)<br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc. <br />
|-<br />
|}<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - September 22 2014''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Monday 22nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC (WGB G.14)<br><br />
Venue Address: Western Gateway Building, UCC, Western Rd, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.com/maps/place/Western+Gateway+Building+-+UCC/@51.8934237,-8.4990742,17z/ Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/207323992/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The next OWASP Cork Chapter meeting is taking place on Monday September 22nd in UCC (WGB G.14) at 7PM. <br />
<br />
We would like to treat all attendees to some beer and pizza after the talks in the Woolshed bar (Mardyke - http://www.woolshedbaa.com/cork/)<br />
<br />
Hope to see you there.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Introduction to OWASP ZAP<br />
<br />
Overview of the OWASP ZAP tool. <br />
<br />
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.<br />
<br />
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.<br />
<br />
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.<br />
<br />
<br />
<br />
Talk 2: Mark Denihan - OWASP Security Shepherd<br />
<br />
The OWASP Security Shepherd project has been designed and implemented with the aim of fostering and improving security awareness among a varied skill set demographic. Shepherd covers the OWASP Top Ten web app risks and has recently been injected with totally new content to cover the OWASP Top Ten Mobile risks as well. Many of these levels include insufficient mitigations and protections to these risks, such as blacklist filters, atrocious encoding schemes, barbaric security mechanisms and poor security configuration. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. In this presentation we're going to look at the Shepherd platform itself from both a learning and teaching perspective. Some of Shepherd's lessons and challenges will be demonstrated and we'll also walkthrough how easy it is to stand up a Security Shepherd instance and how it can be tailored to suit any web/mobile app sec teaching environments. <br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc.<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - Joint event with CorkSec''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 2nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: SoHo<br><br />
Venue Address: Grand Parade, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.ie/maps/place/SoHo+Bar+%26+Restaurant/@51.897763,-8.47554,17z/data=!3m1!4b1!4m2!3m1!1s0x4844901091595791:0xd69636673a833492 Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/203006902/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The first OWASP Cork Chapter meeting is taking place on Tuesday September 1st upstairs in SoHo bar on Grand Parade. This meeting is a joint event with the CorkSec group (http://www.meetup.com/CorkSec/). We would love if you could stay around after for a chat and some networking.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Web to Shell by Darren Fitzpatrick<br />
<br />
Darren will introduce the concept of getting a shell through a website. This basically means remotely taking over the server on which a web application is installed. After a little theory, he will go about delivering demonstrations of this in action. Demos will include common attack vectors of this type and one recent and quite common ruby on rails specific remote exploit.<br />
<br />
<br />
Talk 2: How I got into Security by Jack Baylor<br />
<br />
In this short talk I'll be covering:<br />
<br />
* my education and previous work experience<br />
* what courses I wish I'd covered but didn't<br />
* how I got interested initially<br />
* how I started researching and networking<br />
* how I came about working in Qualcomm<br />
* how some others broke into security (through polling others here and through talking to people on LinkedIn etc...), <br />
* what courses I intend to take in the next 1, 2 and 5 years<br />
|-<br />
|}<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
== Other OWASP Chapters in Ireland ==<br />
<br />
'''OWASP Dublin'''<br />
<br />
https://www.owasp.org/index.php/Ireland-Dublin<br />
<br />
*'''Chapter Lead''' [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury] +353876605277<br><br />
*'''Board Member/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br><br />
*'''Board Member''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br><br />
*'''Board Member''' [mailto:Mark.Denihan(at)owasp.org Mark Denihan]<br><br />
<br />
<br />
'''OWASP Limerick'''<br />
<br />
https://www.owasp.org/index.php/Limerick<br />
<br />
*'''Chapter Lead''' [mailto:marian.ventuneac(at)owasp.org Marian Ventuneac]<br><br><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Europe]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Cork&diff=185639Cork2014-11-20T10:35:57Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Cork|extra= [[File:Owasp_logo_ireland_small.jpg]]| The chapter leaders are [mailto:fiona.collins@owasp.org Fiona Collins] and [mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cork|emailarchives=http://lists.owasp.org/pipermail/owasp-Cork}}<br />
<br />
'''Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting. <br><br />
We currently have the following sponsorship options available: <br><br />
€250 for an individual meeting sponsorship<br><br />
€1500 for annual chapter sponsorship<br><br />
Contact any of the board members below for more information. <br>'''<br />
<br />
<br />
== OWASP Cork Board ==<br />
<br />
Should you have a question about the local chapter, would like to get more involved contact any of the following people below <br><br><br />
<br />
'''Chapter Leads''': <br />
<br />
*[mailto:fiona.collins(at)owasp.org Fiona Collins]<br><br />
*[mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick]<br><br><br />
<br />
<br />
<br />
== Chapter Meetings - 2014 ==<br />
<br />
=== OWASP Decemberr Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - December 11 2014''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 11 December 2014<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC, Western Gateway Building, Room G04<br><br />
Venue Address: Western Road, Cork'''<br><br />
Venue Map: [https://www.google.com/maps/place/Western+Gateway+Building+-+UCC/@51.8934237,-8.4990742,17z/ Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/218796493/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The next OWASP Cork Chapter meeting is taking place on Thursday December 11th in UCC (Western Gateway Building, WGB G04) at 7PM. <br />
<br />
Hope to see you there. <br />
There are two talks lined up:<br />
<br />
Talk 1: Eoin Carroll - Android Webview Exploitation<br />
<br />
Bio:<br />
<br />
Eoin Carroll is an IT Security Engineer and member of OWASP since 2009. Based in Cork and works on all things security with keen interests in the Android Stack, Threat Modeling, HTML5, Cryptanalysis, Reversing and Exploitation.<br />
<br />
Eoin has 13 years’ experience spanning across the IT, Semi-Conductor and Medical Device industries, working as an Electronic Engineer for 10 yrs and in Security for the last 3 years.<br />
<br />
Android Webview Exploitation<br />
<br />
This talk will focus on the AddJavascriptInterface which is remotely exploitable leading to Shell and Cross Application Scripting (XAS). Eoin will discuss the importance of Threat Modeling with cross platform development frameworks such as Phonegap/Cordova as well as security tools such as Drozer and AFE (Android Exploitation Framework).<br />
<br />
The session will finish with a MITM demo exploiting the AddJavascriptInterface.<br />
<br />
<br />
<br />
Talk 2: Eoin Keary & Rahim Jina - 2014 EdgeScan Vulnerability Stats Report<br />
<br />
Eoin Keary - BCC Risk Advisory / OWASP<br />
<br />
Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org), and during his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, and the OWASP Cheat Sheet Series. <br />
Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world's largest financial services and consumer products companies. He was a senior manager, responsible for penetration testing in EMEA for a “big 4” professional services firm for 4.5 years. He is the CTO and founder of BCC Risk Advisory Ltd (bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training. <br />
Eoin has delivered security training and talks for OWASP to over 600 developers in the past year including events such as RSA (2013), RSA Europe, OWASP EU (2013), OWASP Dublin 2013.<br />
<br />
Rahim Jina - BCC Risk Advisory / OWASP<br />
<br />
Rahim is a member of OWASP and has contributed to many open source security projects over the past 8 years such as the OWASP Testing and Security Code Review Guides and also OWASP SAMM. Previously Rahim was a senior consultant at a “big 4” professional services for and the head of security for a large VoIP/IPT company in Los Angeles, USA and now works as the Director of information security for BCC Risk Advisory (bccriskadvisory.com). His is also responsible for the security architecture of the edgescan.com vulnerability management solution.<br />
<br />
<br />
We will go along to the Woolshed bar for some drinks and chats after the talk: (http://www.woolshedbaa.com/cork/)<br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc. <br />
|-<br />
|}<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - September 22 2014''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Monday 22nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC (WGB G.14)<br><br />
Venue Address: Western Gateway Building, UCC, Western Rd, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.com/maps/place/Western+Gateway+Building+-+UCC/@51.8934237,-8.4990742,17z/ Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/207323992/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The next OWASP Cork Chapter meeting is taking place on Monday September 22nd in UCC (WGB G.14) at 7PM. <br />
<br />
We would like to treat all attendees to some beer and pizza after the talks in the Woolshed bar (Mardyke - http://www.woolshedbaa.com/cork/)<br />
<br />
Hope to see you there.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Introduction to OWASP ZAP<br />
<br />
Overview of the OWASP ZAP tool. <br />
<br />
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.<br />
<br />
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.<br />
<br />
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.<br />
<br />
<br />
<br />
Talk 2: Mark Denihan - OWASP Security Shepherd<br />
<br />
The OWASP Security Shepherd project has been designed and implemented with the aim of fostering and improving security awareness among a varied skill set demographic. Shepherd covers the OWASP Top Ten web app risks and has recently been injected with totally new content to cover the OWASP Top Ten Mobile risks as well. Many of these levels include insufficient mitigations and protections to these risks, such as blacklist filters, atrocious encoding schemes, barbaric security mechanisms and poor security configuration. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. In this presentation we're going to look at the Shepherd platform itself from both a learning and teaching perspective. Some of Shepherd's lessons and challenges will be demonstrated and we'll also walkthrough how easy it is to stand up a Security Shepherd instance and how it can be tailored to suit any web/mobile app sec teaching environments. <br />
<br />
<br />
Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc.<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - Joint event with CorkSec''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 2nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: SoHo<br><br />
Venue Address: Grand Parade, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.ie/maps/place/SoHo+Bar+%26+Restaurant/@51.897763,-8.47554,17z/data=!3m1!4b1!4m2!3m1!1s0x4844901091595791:0xd69636673a833492 Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/203006902/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The first OWASP Cork Chapter meeting is taking place on Tuesday September 1st upstairs in SoHo bar on Grand Parade. This meeting is a joint event with the CorkSec group (http://www.meetup.com/CorkSec/). We would love if you could stay around after for a chat and some networking.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Web to Shell by Darren Fitzpatrick<br />
<br />
Darren will introduce the concept of getting a shell through a website. This basically means remotely taking over the server on which a web application is installed. After a little theory, he will go about delivering demonstrations of this in action. Demos will include common attack vectors of this type and one recent and quite common ruby on rails specific remote exploit.<br />
<br />
<br />
Talk 2: How I got into Security by Jack Baylor<br />
<br />
In this short talk I'll be covering:<br />
<br />
* my education and previous work experience<br />
* what courses I wish I'd covered but didn't<br />
* how I got interested initially<br />
* how I started researching and networking<br />
* how I came about working in Qualcomm<br />
* how some others broke into security (through polling others here and through talking to people on LinkedIn etc...), <br />
* what courses I intend to take in the next 1, 2 and 5 years<br />
|-<br />
|}<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
== Other OWASP Chapters in Ireland ==<br />
<br />
'''OWASP Dublin'''<br />
<br />
https://www.owasp.org/index.php/Ireland-Dublin<br />
<br />
*'''Chapter Lead''' [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury] +353876605277<br><br />
*'''Board Member/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br><br />
*'''Board Member''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br><br />
*'''Board Member''' [mailto:Mark.Denihan(at)owasp.org Mark Denihan]<br><br />
<br />
<br />
'''OWASP Limerick'''<br />
<br />
https://www.owasp.org/index.php/Limerick<br />
<br />
*'''Chapter Lead''' [mailto:marian.ventuneac(at)owasp.org Marian Ventuneac]<br><br><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Europe]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Cork&diff=181424Cork2014-08-29T09:23:40Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Cork|extra= [[File:Owasp_logo_ireland_small.jpg]]| The chapter leaders are [mailto:fiona.collins@owasp.org Fiona Collins] and [mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cork|emailarchives=http://lists.owasp.org/pipermail/owasp-Cork}}<br />
<br />
'''Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting. <br><br />
We currently have the following sponsorship options available: <br><br />
€250 for an individual meeting sponsorship<br><br />
€1500 for annual chapter sponsorship<br><br />
Contact any of the board members below for more information. <br>'''<br />
<br />
<br />
== OWASP Cork Board ==<br />
<br />
Should you have a question about the local chapter, would like to get more involved contact any of the following people below <br><br><br />
<br />
'''Chapter Leads''': <br />
<br />
*[mailto:fiona.collins(at)owasp.org Fiona Collins]<br><br />
*[mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick]<br><br><br />
<br />
== Other OWASP Chapters in Ireland ==<br />
<br />
'''OWASP Dublin'''<br />
<br />
https://www.owasp.org/index.php/Ireland-Dublin<br />
<br />
*'''Chapter Lead''' [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury] +353876605277<br><br />
*'''Board Member/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br><br />
*'''Board Member''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br><br />
*'''Board Member''' [mailto:Mark.Denihan(at)owasp.org Mark Denihan]<br><br />
<br />
<br />
'''OWASP Limerick'''<br />
<br />
https://www.owasp.org/index.php/Limerick<br />
<br />
*'''Chapter Lead''' [mailto:marian.ventuneac(at)owasp.org Marian Ventuneac]<br><br><br />
<br />
== Chapter Meetings - 2014 ==<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - Joint event with CorkSec''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 2nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: SoHo<br><br />
Venue Address: Grand Parade, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.ie/maps/place/SoHo+Bar+%26+Restaurant/@51.897763,-8.47554,17z/data=!3m1!4b1!4m2!3m1!1s0x4844901091595791:0xd69636673a833492 Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/203006902/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The first OWASP Cork Chapter meeting is taking place on Tuesday September 1st upstairs in SoHo bar on Grand Parade. This meeting is a joint event with the CorkSec group (http://www.meetup.com/CorkSec/). We would love if you could stay around after for a chat and some networking.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Web to Shell by Darren Fitzpatrick<br />
<br />
Darren will introduce the concept of getting a shell through a website. This basically means remotely taking over the server on which a web application is installed. After a little theory, he will go about delivering demonstrations of this in action. Demos will include common attack vectors of this type and one recent and quite common ruby on rails specific remote exploit.<br />
<br />
<br />
Talk 2: How I got into Security by Jack Baylor<br />
<br />
In this short talk I'll be covering:<br />
<br />
* my education and previous work experience<br />
* what courses I wish I'd covered but didn't<br />
* how I got interested initially<br />
* how I started researching and networking<br />
* how I came about working in Qualcomm<br />
* how some others broke into security (through polling others here and through talking to people on LinkedIn etc...), <br />
* what courses I intend to take in the next 1, 2 and 5 years<br />
|-<br />
|}<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Europe]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Cork&diff=181089Cork2014-08-25T13:20:22Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Cork|extra=The chapter leaders are [mailto:fiona.collins@owasp.org Fiona Collins] and [mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cork|emailarchives=http://lists.owasp.org/pipermail/owasp-Cork}}<br />
<br />
== Chapter Meetings - 2014 ==<br />
<br />
=== OWASP September Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Meeting - Joint event with CorkSec''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 2nd September<br><br>''' Doors: 19:00 <br>Talks start: 19:15<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: SoHo<br><br />
Venue Address: Grand Parade, Cork, Ireland'''<br><br />
Venue Map: [https://www.google.ie/maps/place/SoHo+Bar+%26+Restaurant/@51.897763,-8.47554,17z/data=!3m1!4b1!4m2!3m1!1s0x4844901091595791:0xd69636673a833492 Google Maps] <br><br />
''(Registration. [http://www.meetup.com/OWASP-Cork/events/203006902/ Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | <br />
<br />
The first OWASP Cork Chapter meeting is taking place on Tuesday September 1st upstairs in SoHo bar on Grand Parade. This meeting is a joint event with the CorkSec group (http://www.meetup.com/CorkSec/). We would love if you could stay around after for a chat and some networking.<br />
<br />
There are two talks lined up:<br />
<br />
Talk 1: Web to Shell by Darren Fitzpatrick<br />
<br />
Darren will introduce the concept of getting a shell through a website. This basically means remotely taking over the server on which a web application is installed. After a little theory, he will go about delivering demonstrations of this in action. Demos will include common attack vectors of this type and one recent and quite common ruby on rails specific remote exploit.<br />
<br />
<br />
Talk 2: How I got into Security by Jack Baylor<br />
<br />
In this short talk I'll be covering:<br />
<br />
* my education and previous work experience<br />
* what courses I wish I'd covered but didn't<br />
* how I got interested initially<br />
* how I started researching and networking<br />
* how I came about working in Qualcomm<br />
* how some others broke into security (through polling others here and through talking to people on LinkedIn etc...), <br />
* what courses I intend to take in the next 1, 2 and 5 years<br />
|-<br />
|}<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Europe]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Cork&diff=179929Cork2014-08-05T07:03:06Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Cork|extra=The chapter leaders are [mailto:fiona.collins@owasp.org Fiona Collins] and [mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cork|emailarchives=http://lists.owasp.org/pipermail/owasp-Cork}}<br />
<br />
== Local News ==<br />
<br />
'''Meeting Location'''<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:Europe]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Dublin&diff=175127Dublin2014-05-15T20:01:13Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Ireland|extra= [[File:Owasp_logo_ireland_small.jpg]]| mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-ireland}} become a [http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters Member or Annual Chapter Sponsor(s)]. <br><br />
Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting. <br><br />
We currently have the following sponsorship options available: <br><br />
€250 for an individual meeting sponsorship<br><br />
€1500 for annual chapter sponsorship<br><br />
Contact any of the board members below for more information. <br><br />
<br />
== OWASP Ireland Board ==<br />
<br />
Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below <br><br><br />
<br />
*'''Chapter Lead''' [mailto:fiona.collins(at)owasp.org Fiona Collins]<br><br />
*'''Board Member/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br><br />
*'''Board Member''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br><br />
*'''Board Member''' [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury]<br><br />
*'''Board Member''' [mailto:Darren.Fitzpatrick(at)owasp.org Darren Fitzpatrick]<br><br />
<br />
*'''Advisor''' [mailto:rahim.jina(at)owasp.org Rahim Jina]<br><br />
<br />
<br />
<br>'''OWASP Ireland'''<br>23 The Chandler, Rahtborne Village <br>Ashtown, Dublin 15, Ireland <br>Tel: +353877817468 | Fax: +353877817468 <br><paypal>Ireland</paypal> <br><br />
<br />
== OWASP Dublin Chapter 2014 ==<br />
<br />
=== OWASP May Event (2)===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Event - Matt Johansen Sr. Manager for the Threat Research Center at WhiteHat Security''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 22nd May<br><br>''' Registration: 18:30 <br>Talk: 19:00<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: Morgan McKinley Dublin office <br><br />
Venue Address: Morgan McKinley, Connaught House, No.1 Burlington Road, Dublin 4 (off the canal, across from the Mespil Hotel. On the second floor.)'''<br><br />
Venue Map: [https://www.google.ie/maps/place/Connaught+House/@53.332691,-6.2473347,17z/data=!3m1!4b1!4m2!3m1!1s0x48670ebdacbb7d5f:0x5c32fa5458ed31b9 Google Maps] <br><br />
''(Registration. [https://www.eventbrite.ie/e/owasp-chapter-meeting-may-tickets-11644682559 Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | There will be networking afterwards, with beer and pizza thanks to WhiteHat Security - https://www.whitehatsec.com/ <br><br />
<br />
'''*"Top 10 Web Hacks of 2013"*'''<br />
<br />
'''Matt Johansen Sr. Manager for the Threat Research Center at WhiteHat Security'''<br />
<br />
Matt Johansen is a Sr. Manager for the Threat Research Center at WhiteHat Security where he manages a team of Application Security Specialists, Engineers and Supervisors to prevent website security attacks and protect companies' and their customers' data. Before this he was an Application Security Engineer where he oversaw and assessed more than 35,000 web applications that WhiteHat has under contract for many Fortune 500 companies across a range of technologies.<br />
<br />
He was previously a security consultant for VerSprite, where he was responsible for performing network and web application penetration tests. Mr. Johansen is also an instructor of Web Application Security at Adelphi University, where he received his Bachelor of Science in Computer Science, and San Jose State University. He has also been utilized by the SANS Institute as an industry expert for certification review.<br />
<br />
List of past talks including videos/slides - http://mattjay.github.io/talks/ (BlackHat, DEFCON, RSA, SXSW, Many BSides, etc.<br />
<br />
Abstract:<br />
<br />
Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivalents. Beyond individual vulnerabilities with CVE numbers or system compromises, we are solely focused on new and creative methods of Web-based attack. Now in its eighth year, the Top 10 Web Hacking Techniques list encourages information sharing, provides a centralized knowledge base, and recognizes researchers who contribute excellent work.<br />
<br />
In this talk, We will do a technical deep dive and take you through the Top 10 Web Hacks of 2013 as picked by an expert panel of judges.<br />
<br />
This year’s winners are:<br />
<br />
1 - Mario Heiderich – Mutation XSS<br><br />
2 - Angelo Prado, Neal Harris, Yoel Gluck – BREACH<br><br />
3 - Pixel Perfect Timing Attacks with HTML5<br><br />
4 - Lucky 13 Attack<br><br />
5 - Weaknesses in RC4<br><br />
6 - Timur Yunusov and Alexey Osipov – XML Out of Band Data Retrieval<br><br />
7 - Million Browser Botnet<br><br />
8 - Large Scale Detection of DOM based XSS<br><br />
9 - Tor Hidden-Service Passive De-Cloaking<br><br />
10 - HTML5 Hard Disk Filler™ API<br><br />
<br />
<br />
<br />
|-<br />
|}<br />
<br />
=== OWASP May Event (1)===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Event - Eoin Kearyof BCC Risk Advisory and Matej Saksida of Realex''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 1st May<br><br>''' Registration: 18:30 <br>Talk: 19:00<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
''(Registration. [https://www.eventbrite.ie/e/owasp-chapter-meeting-may-tickets-11354041243 Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | There will be networking afterwards, with beer and pizza thanks to BCC Risk Advisory (http://www.bccriskadvisory.com/) <br><br />
<br />
'''Talk 1: *"Top 10 defensive Java developer controls"*'''<br />
<br />
'''Eoin Keary - BCC Risk Advisory - (http://ie.linkedin.com/in/eoinkeary)'''<br />
<br />
OWASP board member since 2009. Elected to position of global Vice Chair, September 2011. A long time member of OWASP. Based in Dublin and director of BCC Risk Advisory Ltd.<br />
Eoin Keary has been with OWASP since 2004. He is based in Ireland and runs a software security practice, bccriskadvisory.com. He is currently on the global board of the OWASP foundation, he was elected to the board in 2009. During this time Eoin assisted in founding the OWASP legal entity in Europe and has helped provide structure to OWASPs finances and strategy. <br />
<br />
Abstract:<br />
<br />
In this talk Eoin shall go through a list of developer controls in order to help prevent common security vulnerabilities such those focused in the<br />
OWASP Top 10 2013. From input validation to contextual output encoding to crypto-secure storage, Eoin shall call out what developers can do to help<br />
mitigate such issues. Many of the mitigations are simple and use established API's such that developer need not be security experts and just<br />
use core components to help improve their security posture.<br />
<br />
[[File:Top_Ten_Java_Defenses.pdf|200px|thumb|left|Eoin Keary BCC Risk Advisory talk]]<br />
<br />
<br />
<br />
'''Talk 2: *"Social Engineering - The Art of Human Hacking".*'''<br />
<br />
'''Matej Saksida - Realex Payments - (http://ie.linkedin.com/pub/matej-saksida-cism/20/412/176)'''<br />
<br />
Abstract:<br />
<br />
Nowadays if you want to hack a corporation or damage a personal "enemy" fast, Social Engineering techniques work every time and more often than not<br />
it works the first time. In this talk Matej shall go through what is social engineering is, types of social engineering and related threats.<br />
Matej shall call out practical example how to use Facebook to ruin someone's life and what countermeasures can be used against social engineering attacks.<br />
<br />
[[File:Presentation_Social_Engineering.pdf|200px|thumb|left|Matej Saksida Realex talk]]<br />
<br />
|-<br />
|}<br />
<br />
=== OWASP March Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Event - Rahim Jina of BCC Risk Advisory and Stephen Scott of Espion''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 13th March<br><br>''' Registration: 18:30 <br>Talk: 19:00<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
''(Registration. [https://www.eventbrite.ie/e/owasp-chapter-meeting-tickets-10802455435 Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | There will be networking afterwards, with beer and pizza thanks to Espion (http://www.espiongroup.com/)<br />
<br />
Talk 1: Building a shield of security - Vulnerability Management by the numbers and dumb robots!<br />
<br />
Rahim Jina - BCC Risk Advisory<br />
<br />
Rahim has been an active member of OWASP since 2008 and has contributed to many projects such as the OWASP Security Code Review Guide and is an ex-board member of the Irish Chapter. Previously Rahim was a senior security consultant at a “big 4” professional services firm and more recently, the head of security for Fonality Inc, a VoIP service provider based in Los Angeles. Rahim is currently a director for BCC Risk Advisory (bccriskadvisory.com), based in Dublin, Ireland. He is also responsible for the security architecture of the edgescan.comvulnerability management solution.<br />
<br />
Abstract: <br />
<br />
This presentation discusses how builders, breakers and defenders should look at vulnerability management when attempting to keep hackers at bay. We discuss the most common vulnerabilities which are not detected by security tools nor automation but nevertheless are common and can be used to commit real fraud resulting in financial loss. We will see that Web Application Firewalls are ineffective against such attacks and why the only practical solution is to apply a layered approach across all aspects of the SDLC.<br />
<br />
[[File:BCC_Risk_Advisory_-_OWASP_Dublin_-_Vulnerability_Management_by_the_numbers_and_dumb_robots!.pdf|200px|thumb|left|Rahim BCC Risk Advisory talk]]<br />
<br />
Talk 2: "PCI's Changing Environment - What You Need to Know & Why You Need To Know It".<br />
<br />
Stephen Scott - Senior Consultant and PCI QSA in Espion's Information Government practice<br />
<br />
Stephen Scott, Consultancy Team lead in Espion, is an experienced information security, risk and compliance consultant whose experience spans across many different areas including, PCI DSS, information security, risk management, group internal audit, IT service management and regulatory compliance. Stephen has extensive experience with information security, internal control testing, compliance programmes, information risk management, and process improvement. Stephen has worked across a wide range of industry verticals, including financial, industrial and insurance.<br />
<br />
Abstract:<br />
<br />
PCI DSS – The Payment Card Industry Data Security Standard sets common requirements for securing payment card information (credit, debit, some gift cards), and lays out a range of controls relating to auditing, scanning and assessment.<br />
<br />
This presentation discusses the ever evolving PCI environment, specifically focusing on the changes in the recent release of version 3 of the PCI DSS standard. Stephen will start off by giving a brief background to PCI, including motivators for merchant and service providers to adhere to the standard. In addition to this, the presentation will highlight what security considerations are relevant to application and information security practitioners.<br />
<br />
[[File:PCIs_Changing_Environment_-_What_You_Need_to_Know_&_Why_You_Need_To_Know_It..ppt|200px|thumb|left|Stephen Espion Talk]]<br />
<br />
<br />
|-<br />
|}<br />
<br />
<br />
== OWASP Ireland 2013 Agenda ==<br />
<br />
=== OWASP July Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Event - Jeremiah Grossman - Another Year in Web Security''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 4th July<br><br>''' Registration: 17:30 <br>Talk: 18:00<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
''(Registration. [http://www.eventbrite.com/event/7127672059 Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | Jeremiah Grossman of WhiteHat Security will be in Dublin and will be talking at our next chapter event. His talk "Another Year In Web Security: What did 2012 teach us about survival in the coming years?" promises a great insight into the future of web security.<br />
<br />
Jeremiah Grossman, founder and CTO of WhiteHat Security, is a world-renowned expert in web application security and a founding member of the Web Application Security Consortium (WASC). At WhiteHat, Mr. Grossman is responsible for web application security R&D and industry evangelism. He is a frequent speaker at industry events including the BlackHat Briefings, ISACA's Networks Security Conference, NASA, ISSA and Defcon. <br />
<br />
A trusted media resource, Mr. Grossman has been featured in USA Today, the Washington Post, Information Week, NBC Nightly News, and many others. Mr. Grossman is also a featured expert and frequent contributor on TechTarget'sSearchAppSecurity.com.<br />
|-<br />
|}<br />
<br />
=== OWASP June Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training. [https://www.owasp.org/index.php/EUTour2013#Training Info about the training session])'' <br>'''Wednesday 26th June''' ''(Conference. [https://www.owasp.org/index.php/EUTour2013#Dublin Info and registration link for the conference])''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
|}<br />
<br />
=== OWASP May Event ===<br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''TRAINING & TALKS''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Dublin - Realex Payments Application Security Workshop''' == <br />
'''Thursday 30th May'''<br> ''('''Training'''. 1:30pm- 5:00pm)'' <br>('''Talks'''. 6:00pm - 8:00pm)''<br>[http://www.eventbrite.com/event/6665658163/eorg Click here for more information]<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''Training'''<br />
<br />
Eoin Keary will be delivering free application security training between 2pm and 5pm on the 30th May. Eoin was the founder of OWASP Ireland and is currently the global vice chair for OWASP (amongst many other things! https://www.owasp.org/index.php/Eoin_Keary). He has delivered application security training to many developers and security professionals around the world and recently delivered a training course to over 400 people at the RSA Conference.<br />
<br />
The training will focus on secure application development and why we can't hack ourselves secure. It will be covering why penetration testing on its own does not work approaches to improvement including "knowing what you don't know" and how to measure change.<br />
<br />
It will be technical training covering XSS eradication, client side security and browser DOM curiosities.<br />
<br />
'''Talks'''<br />
<br />
The talks will be starting at 6pm in our office and OWASP have arranged two very interesting talks! Diarmaid McManus https://twitter.com/elephant_rb from Realex Payments will be expanding his award winning SecurityBSides London Rookie Track talk https://www.securityninja.co.uk/application-security/securitybsides-london-esp-security-plugin/ to include more details about static analysis approaches and his research and development work on ESP: Security Plugin https://github.com/diarmaid-mcmanus/ESPSecurityPlugin.<br />
<br />
Hugh Pearse https://twitter.com/hughpearse will be talking about Low Level Exploits and this looks like it will be a great talk:<br />
<br />
“In 2010 Mr Haroon Meer from thinkst.com presented a timeline of memory corruption vulnerabilities and their mitigation techniques dating from 1985 to 2010. In his 35 page publication he referenced almost 150 events in low level information security history. The scope of the presentation "Low Level Exploits" is to explain in detail some of the most significant attacks in from Haroon Meers research. The attacks covered in this presentation include buffer overflows on the stack, heap overflows, integer overflows, format strings, null pointers and ROP chains. This brings us to exploits in the present day where researchers are looking for the successor of the buffer overflow attack, next big exploit.”<br />
|-<br />
|}<br />
<br />
<br />
<br />
== OWASP Ireland 2011 Agenda ==<br />
<br />
=== [[Ireland/Training/OWASP projects and resources you can use TODAY]] ===<br />
<br />
[[Image:Owasp logo Ireland Training 11 March 2010.gif]]<br />
<br />
*'''Overview & Goal'''<br />
**Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle. <br />
**This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them. <br />
**The course will be very practical where demonstration and hands-on exercises will be provided for the tools covered. <br />
**If you are interested in participating in the hands on portion of the course, please bring a laptop. <br />
*'''Dates'''<br />
**March, 2011, 11<br />
*'''Course Main Content and Registration'''<br />
**[[Ireland/Training/OWASP projects and resources you can use TODAY|Click here]]<br />
<br />
== OWASP Ireland 2010 ==<br />
<br />
[[Image:Dublin2010.gif]]<br />
<br />
Click [[OWASP IRELAND 2010]] for more information <br><br><br />
<br />
== OWASP Ireland 2010 Agenda ==<br />
<br />
<br><br />
<br />
==== AUG 2010 ====<br />
== OWASP August Event ==<br />
<br />
'''When:''' 11/8/2010 6:00pm - 8:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br />
<br><br />
'''Title:''' OWASP ESAPI Swingset: Introduction & Demo by Cathal Courtney<br />
<br><br />
'''Abstract:''' The ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library. The application is intended for Java Developers. The goal of the application is to teach developers about the functionality of the ESAPI library and give users a practical understanding of how it can be used to protect web applications against common security vulnerabilities. During the talk, Cathal will demonstrate how to install and use ESAPI Swingset in your organization. A copy of the latest version will be also provided to the attendees.<br />
<br><br />
'''Presenter:''' Cathal is an experienced developer working at AIB and is currently the ESAPI Swingset project leader. More information about this project could be found here: [http://www.owasp.org/index.php/ESAPI_Swingset Esapi SwingSet]<br />
<br><br />
'''Download Presentation:''' Not available<br />
<br><br><br />
'''Title:''' Security Implications for Web Applications based on SOA by John Marmelstein<br />
<br><br />
'''Abstract:''' The main point of SOA (in this context) is combining systems and applications to make new applications, or a big 'overall' application.This higher inter-operability does (by default) lower security. For a start, a request originating from a web user might end up at several back end systems, which do not know who or what the request came from.<br />
<br><br />
Each back end system might have no access to the customer data, have a different security models, and serve serveral front end. Each of the above systems could be under different ownership, thus the owners have different concerns and priorities. Also, the basic solution at a technical level include single sign on, or security as a service. This can be costly, give limited coverage and have a performance hit. But is pretty much the only way to do it. The other thing to do (probably in tandem) is strict management, and delegation of authority.<br />
<br><br />
'''Presenter:''' John has about 13 years in IT. Most of this in distributed systems and 'Middleware' integration software. Including BEA (now owned by Oracle). Mainly working on Enterprise Java and more recently on Microsoft BizTalk. Various industries, incuding financials, public services, and a fish farm.<br />
<br><br />
'''Download Presentation:''' <br />
<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== SEP 2010 ====<br />
<br />
== APPSEC IRELAND 2010 ==<br />
<br />
Due to popular demand we are hosting the 2nd OWASP IRELAND event, '''OWASP Ireland 2010'''. <br>Continuing last years highly successful conference, with more than 150 attendees from across the globe OWASP is happy to repeat this positive experience. <br>Delegates from numerous industry verticals attended the 2009 event; from government to finance to telecoms. Share your thoughts at this open event with some of the most experienced individuals in the information security industry. <br />
<br />
[http://www.owasp.org/index.php/OWASP_IRELAND_2010 [[Image:Dublin2010.gif]]]<br>[[OWASP_IRELAND_2010]]<br><br />
<br />
'''When:''' '''September 17th 2010'''<br><br />
<br />
'''Where:''' Trinity College Dublin, The Hamilton Building <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [[Eoin Keary|Eoin Keary]]. <br><br />
<br />
'''Subscribe to the OWASP Ireland [https://lists.owasp.org/mailman/listinfo/owasp-ireland mail list] for the up-to-date information.''' <br />
<br />
<br><br />
<br />
==== OCT 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== NOV 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== DEC 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br><br />
<br />
==== 2010 Chapter Plan ====<br />
<br />
'''Special Project:'''Educational Outreach<br>Summary: Drive education awareness of OWASP among Irish Universities and Third Level Institutions. <br>Plan: &lt;insert plan&gt; <br>Next Milestone: Update the plan<br>Participants: Fabio Cerullo <br><br><br />
<br />
'''Special Project:'''Industry Outreach<br>Summary: Raise awareness of OWASP among Irish industry.<br>Plan: &lt;insert plan&gt; <br>Next Milestone: Update the plan<br>Participants: Eoin Keary<br><br><br />
<br />
'''Special Project:'''Membership Drive <br>Summary: Increase local chapter members individuals and corporate supporters <br>Plan: &lt;insert&gt; <br>Next Milestone: Update the plan<br>Project Participants: Rahim Jina<br><br><br />
<br />
'''Special Project:'''Hands-On Training<br>Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes<br>Next Milestone: Organize Training Offerings<br>Project Participants: Fabio Cerullo<br><br><br />
<br />
<br>Call For Presentations for 2010 is now open - please contact fcerullo(@)owasp.org / +353877817468 if you would like to speak or can host a meeting. <br><br>*Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes. The OWASP Foundation, Ireland chapter focuses on implementation of efforts defined by the [http://www.owasp.org/index.php/Global_Committee_Pages Global Committee] as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved <br />
<br />
==== FEB 2010 ====<br />
<br />
== OWASP Ireland Event - What is the O2 Platform? ==<br />
<br />
'''When:''' 19/2/2010 3:00pm - 5:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' OWASP O2 Platform - Open Platform for automating application security knowledge and workflows <br>'''Abstract:''' In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC. <br />
<br />
'''Presenter:''' Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development. For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers. Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences. At OWASP, Dinis is the leader of the [[OWASP O2 Platform]] project, member of the OWASP [[Global Projects Committee]], chair of the [[OWASP Connections Committee]] and member of the [[About The Open Web Application Security Project#Global_Board_Members|OWASP Board]]. <br />
<br />
'''Download Presentation:''' http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf <br />
<br />
== IISF/OWASP – February Chapter Meeting ==<br />
<br />
'''When:''' 25/2/2010 2:00pm - 4:00pm <br><br />
<br />
'''Where:''' Georgian Suite, Buswells Hotel, Molesworth St., Dublin 2 <br />
<br />
'''Title:''' An overview of Web Application Security threats and technologies. Practical advice and techniques for improving Application Security, presented by OWASP. <br />
<br />
2:00 - Introduction by IISF Chairman <br />
<br />
2:05 - Presentation&nbsp;: “Practical advice for improving Application Security” - Introduction to OWASP and OWASP Top Ten - Demonstration video of typical web based attacks with high level explanation - Live SQL injection demo using WebGoat &amp; WebScarab - Live Cross Site Scripting demo using WebGoat &amp; WebScarab <br />
<br />
'''Download Presentation:''' [[Image:IISF 250210 part1.ppt]] <br />
<br />
3:00 - Coffee <br />
<br />
3:20 – Presentation continues - Application Security: "The problems we are faced with" - The Application Security Verification Standard - SDLC &amp; Security Assurance Maturity Model - Code Review versus traditional Runtime Testing. - Q&amp;A <br />
<br />
'''Download Presentation:''' [[Image:IISF 250210 part2.pptx]] <br />
<br />
4:00 - Close of Meeting <br />
<br />
4:05 - Traditional networking in Buswells Bar <br />
<br />
<br><br />
<br />
==== MAR 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP - 26/3/2010 ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== APR 2010 ====<br />
<br />
== OWASP Live CD - An open environment for Web Application Security ==<br />
<br />
'''When:''' 16/4/2010 2:30pm - 5:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' OWASP Live CD - An open environment for Web Application Security <br>'''Abstract:''' This CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. This presentation aims to provide a showcase for the great OWASP tools and documentation materials available in the CD, tips and tricks, and also some introductory stuff regarding code review and penetration testing. <br>Training is aimed at introductory /intermediate level in terms of pen testing, code review and tools. <br />
<br />
'''Presenters:''' <br />
<br />
'''Rahim Jina''' <br>Rahim Jina currently works as a senior consultant for Ernst &amp; Young's Risk Advisory Services in Dublin. He has worked there for nearly four years primarily delivering penetration testing services to clients globally, focusing on web applications and secure code review. He has been involved with OWASP for the past two years, being involved in the Summer of Code 2008 as lead reviewer for the Code Review Guide 2009. He has also made contributions to the SAMM project (OpenSAMM). He holds an MSC in Security and Forensic Computing from DCU and a degree in computer science from Trinity college. <br>'''Eoin Keary''' <br>Eoin is a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. He is based in Dublin, Ireland and run the Ernst &amp; Young application security team across Europe. His OWASP contributions to date include the OWASP Code Review Guide, OWASP Testing Guide, OWASP SAMM, and OWASP ASVS. He is a member of the OWASP Global Industry Committee, chair of the OWASP Conferences Committee and member of the OWASP Global Board. Eoin founded the OWASP Ireland chapter back in 2004 and currently serves as Vice President of the OWASP Ireland Board. <br />
<br />
'''Pictures from the event:''' <br />
<center><br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
[http://www.owasp.org/images/d/db/P1040923_1024.JPG [[Image:|P1040923_small.jpg]]]<br>[http://www.owasp.org/images/d/db/P1040923_1024.JPG zoom]<br />
<br />
| <br />
[http://www.owasp.org/images/f/f3/P1040927_1024.JPG [[Image:|P1040927_small.jpg]]]<br>[http://www.owasp.org/images/f/f3/P1040927_1024.JPG zoom]<br />
<br />
| <br />
[http://www.owasp.org/images/6/64/P1040929_1024.JPG [[Image:|P1040929_small.jpg]]]<br>[http://www.owasp.org/images/6/64/P1040929_1024.JPG zoom]<br />
<br />
|}<br />
</center><br />
'''Download Presentation:''' [http://www.owasp.org/images/e/ee/OWASP_Live_CD.pptx [[Image:|Download.png]]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''When:''' After OWASP Live CD training <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== MAY 2010 ====<br />
<br />
== OWASP Event: Trials &amp; Tribulations of WAF Implementation ==<br />
<br />
'''When:''' 20/5/2010 6:30pm - 7:30pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' Trials &amp; Tribulations of WAF Implementation<br>'''Abstract:''' A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.<br>Mark will be presenting on his experience in implementing a Web Application Firewall solution through all phases from research to implementation. <br />
<br />
'''Presenters:''' <br />
<br />
'''Mark Hillick - Application Networking Team, Citrix Systems''' <br>Mark Hillick has 10 years experience in relation to Internet, networking, systems administration and security engineering. <br />
<br />
Mark graduated from Queen's University, where he studied Mathematics. <br />
<br />
Mark joined AIB from Queen's where he joined the Internet Infrastructure team, where he was responsible for designing, building and securing the Internet service in and out of AIB. He is a prominent member of the IT Security community in Ireland and has presented at several local security forums such as IISF and Owasp. Mark is one of the founding members of IRISS CERT, where he is also a Volunteer Incident Handler. He helped organise IRISSCon 2009, where he also designed and built HackEire 2009, the first Ethical Hacking 'Capture The Flag' contest in Ireland.<br><br />
<br />
'''Pictures from the event:''' <br />
<br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
[[Image:20052010017.jpg|thumb|A caption from Mark's talk]]<br />
<br />
|}<br />
<br />
<br><br />
<br />
'''Download Presentation:''' [http://docs.google.com/fileview?id=0B3vrVYEosFeEZDMyZjIzYTktMzNkZC00ZjBlLWFiYTgtNThjZGE4YTE1NmFj [[Image:|Download.png]]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''When:''' After WAF presentation <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br><br />
<br />
==== JUN 2010 ====<br />
<br />
== OWASP Event: Define Security Requirements - A practical approach ==<br />
<br />
'''When:''' 20/5/2010 6:30pm - 7:30pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' Define Security Requirements - A practical approach<br>'''Abstract:''' The Data Protection Act states that "appropriate security measures" must be taken to protect personal data. How do you specify the appropriate security measures for a website which processes personal data? It is an important step in a development project, but is often neglected. In this talk, Alexis will descibe his own experiences of assessing web application, and will also look in more detail at what the Data Protection Commissioner says. He will then take a fictional website and look at a practical approach to specifying the security requirements that the fictional application should meet. This will use the kind of risk-based techniques outlined by OWASP or the Microsoft Secure Development Lifecycle (SDL). Issues discussed will include encryption, authentication, access control, audit, etc. The result will be a list of security requirements that can be carried into the design and development phases. Attendees should be able to apply the ideas to their own development projects. <br />
<br />
'''Presenters:''' <br />
<br />
'''Alexis Fitzgerald - Rits Information Security Group''' <br>For the last six years Alexis has worked for Rits Information Security Group, where he performs application penetration testing assignments as well as advising clients on application security issues. Before that, he spent many years as a developer (mainly in the financial sector), and he continues to be involved in development. Alexis holds an MSc in Information Security from the University of London, Royal Holloway.<br><br />
<br />
'''Pictures from the event:''' <br />
<br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
|}<br />
<br />
<br><br />
<br />
'''Download Presentation:''' [[Image:OWASP Ireland June10.pdf]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' After Alexis presentation <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== JUL 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br />
<br><br />
<br />
<br><br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:Ireland]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Dublin&diff=170693Dublin2014-03-24T11:04:20Z<p>Fiona Collins: Added sponsorship detail</p>
<hr />
<div>{{Chapter Template|chaptername=Ireland|extra= [[File:Owasp_logo_ireland_small.jpg]]| mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-ireland}} become a [http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters Member or Annual Chapter Sponsor(s)]. <br><br />
Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting. <br><br />
We currently have the following sponsorship options available: <br><br />
€250 for an individual meeting sponsorship<br><br />
€1500 for annual chapter sponsorship<br><br />
Contact any of the board members below for more information. <br><br />
<br />
== OWASP Ireland Board ==<br />
<br />
Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below <br><br><br />
<br />
*'''Chapter Lead''' [mailto:fiona.collins(at)owasp.org Fiona Collins]<br><br />
*'''Board Member/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br><br />
*'''Board Member''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br><br />
*'''Board Member''' [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury]<br><br />
*'''Board Member''' [mailto:Darren.Fitzpatrick(at)owasp.org Darren Fitzpatrick]<br><br />
<br />
*'''Advisor''' [mailto:rahim.jina(at)owasp.org Rahim Jina]<br><br />
<br />
<br />
<br>'''OWASP Ireland'''<br>23 The Chandler, Rahtborne Village <br>Ashtown, Dublin 15, Ireland <br>Tel: +353877817468 | Fax: +353877817468 <br><paypal>Ireland</paypal> <br><br />
<br />
== OWASP Dublin Chapter 2014 ==<br />
<br />
=== OWASP March Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Event - Rahim Jina of BCC Risk Advisory and Stephen Scott of Espion''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 13th March<br><br>''' Registration: 18:30 <br>Talk: 19:00<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
''(Registration. [https://www.eventbrite.ie/e/owasp-chapter-meeting-tickets-10802455435 Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | There will be networking afterwards, with beer and pizza thanks to Espion (http://www.espiongroup.com/)<br />
<br />
Talk 1: Building a shield of security - Vulnerability Management by the numbers and dumb robots!<br />
<br />
Rahim Jina - BCC Risk Advisory<br />
<br />
Rahim has been an active member of OWASP since 2008 and has contributed to many projects such as the OWASP Security Code Review Guide and is an ex-board member of the Irish Chapter. Previously Rahim was a senior security consultant at a “big 4” professional services firm and more recently, the head of security for Fonality Inc, a VoIP service provider based in Los Angeles. Rahim is currently a director for BCC Risk Advisory (bccriskadvisory.com), based in Dublin, Ireland. He is also responsible for the security architecture of the edgescan.comvulnerability management solution.<br />
<br />
Abstract: <br />
<br />
This presentation discusses how builders, breakers and defenders should look at vulnerability management when attempting to keep hackers at bay. We discuss the most common vulnerabilities which are not detected by security tools nor automation but nevertheless are common and can be used to commit real fraud resulting in financial loss. We will see that Web Application Firewalls are ineffective against such attacks and why the only practical solution is to apply a layered approach across all aspects of the SDLC.<br />
<br />
[[File:BCC_Risk_Advisory_-_OWASP_Dublin_-_Vulnerability_Management_by_the_numbers_and_dumb_robots!.pdf|200px|thumb|left|Rahim BCC Risk Advisory talk]]<br />
<br />
Talk 2: "PCI's Changing Environment - What You Need to Know & Why You Need To Know It".<br />
<br />
Stephen Scott - Senior Consultant and PCI QSA in Espion's Information Government practice<br />
<br />
Stephen Scott, Consultancy Team lead in Espion, is an experienced information security, risk and compliance consultant whose experience spans across many different areas including, PCI DSS, information security, risk management, group internal audit, IT service management and regulatory compliance. Stephen has extensive experience with information security, internal control testing, compliance programmes, information risk management, and process improvement. Stephen has worked across a wide range of industry verticals, including financial, industrial and insurance.<br />
<br />
Abstract:<br />
<br />
PCI DSS – The Payment Card Industry Data Security Standard sets common requirements for securing payment card information (credit, debit, some gift cards), and lays out a range of controls relating to auditing, scanning and assessment.<br />
<br />
This presentation discusses the ever evolving PCI environment, specifically focusing on the changes in the recent release of version 3 of the PCI DSS standard. Stephen will start off by giving a brief background to PCI, including motivators for merchant and service providers to adhere to the standard. In addition to this, the presentation will highlight what security considerations are relevant to application and information security practitioners.<br />
<br />
[[File:PCIs_Changing_Environment_-_What_You_Need_to_Know_&_Why_You_Need_To_Know_It..ppt|200px|thumb|left|Stephen Espion Talk]]<br />
<br />
<br />
|-<br />
|}<br />
<br />
<br />
== OWASP Ireland 2013 Agenda ==<br />
<br />
=== OWASP July Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Event - Jeremiah Grossman - Another Year in Web Security''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 4th July<br><br>''' Registration: 17:30 <br>Talk: 18:00<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
''(Registration. [http://www.eventbrite.com/event/7127672059 Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | Jeremiah Grossman of WhiteHat Security will be in Dublin and will be talking at our next chapter event. His talk "Another Year In Web Security: What did 2012 teach us about survival in the coming years?" promises a great insight into the future of web security.<br />
<br />
Jeremiah Grossman, founder and CTO of WhiteHat Security, is a world-renowned expert in web application security and a founding member of the Web Application Security Consortium (WASC). At WhiteHat, Mr. Grossman is responsible for web application security R&D and industry evangelism. He is a frequent speaker at industry events including the BlackHat Briefings, ISACA's Networks Security Conference, NASA, ISSA and Defcon. <br />
<br />
A trusted media resource, Mr. Grossman has been featured in USA Today, the Washington Post, Information Week, NBC Nightly News, and many others. Mr. Grossman is also a featured expert and frequent contributor on TechTarget'sSearchAppSecurity.com.<br />
|-<br />
|}<br />
<br />
=== OWASP June Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training. [https://www.owasp.org/index.php/EUTour2013#Training Info about the training session])'' <br>'''Wednesday 26th June''' ''(Conference. [https://www.owasp.org/index.php/EUTour2013#Dublin Info and registration link for the conference])''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
|}<br />
<br />
=== OWASP May Event ===<br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''TRAINING & TALKS''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Dublin - Realex Payments Application Security Workshop''' == <br />
'''Thursday 30th May'''<br> ''('''Training'''. 1:30pm- 5:00pm)'' <br>('''Talks'''. 6:00pm - 8:00pm)''<br>[http://www.eventbrite.com/event/6665658163/eorg Click here for more information]<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''Training'''<br />
<br />
Eoin Keary will be delivering free application security training between 2pm and 5pm on the 30th May. Eoin was the founder of OWASP Ireland and is currently the global vice chair for OWASP (amongst many other things! https://www.owasp.org/index.php/Eoin_Keary). He has delivered application security training to many developers and security professionals around the world and recently delivered a training course to over 400 people at the RSA Conference.<br />
<br />
The training will focus on secure application development and why we can't hack ourselves secure. It will be covering why penetration testing on its own does not work approaches to improvement including "knowing what you don't know" and how to measure change.<br />
<br />
It will be technical training covering XSS eradication, client side security and browser DOM curiosities.<br />
<br />
'''Talks'''<br />
<br />
The talks will be starting at 6pm in our office and OWASP have arranged two very interesting talks! Diarmaid McManus https://twitter.com/elephant_rb from Realex Payments will be expanding his award winning SecurityBSides London Rookie Track talk https://www.securityninja.co.uk/application-security/securitybsides-london-esp-security-plugin/ to include more details about static analysis approaches and his research and development work on ESP: Security Plugin https://github.com/diarmaid-mcmanus/ESPSecurityPlugin.<br />
<br />
Hugh Pearse https://twitter.com/hughpearse will be talking about Low Level Exploits and this looks like it will be a great talk:<br />
<br />
“In 2010 Mr Haroon Meer from thinkst.com presented a timeline of memory corruption vulnerabilities and their mitigation techniques dating from 1985 to 2010. In his 35 page publication he referenced almost 150 events in low level information security history. The scope of the presentation "Low Level Exploits" is to explain in detail some of the most significant attacks in from Haroon Meers research. The attacks covered in this presentation include buffer overflows on the stack, heap overflows, integer overflows, format strings, null pointers and ROP chains. This brings us to exploits in the present day where researchers are looking for the successor of the buffer overflow attack, next big exploit.”<br />
|-<br />
|}<br />
<br />
<br />
<br />
== OWASP Ireland 2011 Agenda ==<br />
<br />
=== [[Ireland/Training/OWASP projects and resources you can use TODAY]] ===<br />
<br />
[[Image:Owasp logo Ireland Training 11 March 2010.gif]]<br />
<br />
*'''Overview & Goal'''<br />
**Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle. <br />
**This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them. <br />
**The course will be very practical where demonstration and hands-on exercises will be provided for the tools covered. <br />
**If you are interested in participating in the hands on portion of the course, please bring a laptop. <br />
*'''Dates'''<br />
**March, 2011, 11<br />
*'''Course Main Content and Registration'''<br />
**[[Ireland/Training/OWASP projects and resources you can use TODAY|Click here]]<br />
<br />
== OWASP Ireland 2010 ==<br />
<br />
[[Image:Dublin2010.gif]]<br />
<br />
Click [[OWASP IRELAND 2010]] for more information <br><br><br />
<br />
== OWASP Ireland 2010 Agenda ==<br />
<br />
<br><br />
<br />
==== AUG 2010 ====<br />
== OWASP August Event ==<br />
<br />
'''When:''' 11/8/2010 6:00pm - 8:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br />
<br><br />
'''Title:''' OWASP ESAPI Swingset: Introduction & Demo by Cathal Courtney<br />
<br><br />
'''Abstract:''' The ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library. The application is intended for Java Developers. The goal of the application is to teach developers about the functionality of the ESAPI library and give users a practical understanding of how it can be used to protect web applications against common security vulnerabilities. During the talk, Cathal will demonstrate how to install and use ESAPI Swingset in your organization. A copy of the latest version will be also provided to the attendees.<br />
<br><br />
'''Presenter:''' Cathal is an experienced developer working at AIB and is currently the ESAPI Swingset project leader. More information about this project could be found here: [http://www.owasp.org/index.php/ESAPI_Swingset Esapi SwingSet]<br />
<br><br />
'''Download Presentation:''' Not available<br />
<br><br><br />
'''Title:''' Security Implications for Web Applications based on SOA by John Marmelstein<br />
<br><br />
'''Abstract:''' The main point of SOA (in this context) is combining systems and applications to make new applications, or a big 'overall' application.This higher inter-operability does (by default) lower security. For a start, a request originating from a web user might end up at several back end systems, which do not know who or what the request came from.<br />
<br><br />
Each back end system might have no access to the customer data, have a different security models, and serve serveral front end. Each of the above systems could be under different ownership, thus the owners have different concerns and priorities. Also, the basic solution at a technical level include single sign on, or security as a service. This can be costly, give limited coverage and have a performance hit. But is pretty much the only way to do it. The other thing to do (probably in tandem) is strict management, and delegation of authority.<br />
<br><br />
'''Presenter:''' John has about 13 years in IT. Most of this in distributed systems and 'Middleware' integration software. Including BEA (now owned by Oracle). Mainly working on Enterprise Java and more recently on Microsoft BizTalk. Various industries, incuding financials, public services, and a fish farm.<br />
<br><br />
'''Download Presentation:''' <br />
<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== SEP 2010 ====<br />
<br />
== APPSEC IRELAND 2010 ==<br />
<br />
Due to popular demand we are hosting the 2nd OWASP IRELAND event, '''OWASP Ireland 2010'''. <br>Continuing last years highly successful conference, with more than 150 attendees from across the globe OWASP is happy to repeat this positive experience. <br>Delegates from numerous industry verticals attended the 2009 event; from government to finance to telecoms. Share your thoughts at this open event with some of the most experienced individuals in the information security industry. <br />
<br />
[http://www.owasp.org/index.php/OWASP_IRELAND_2010 [[Image:Dublin2010.gif]]]<br>[[OWASP_IRELAND_2010]]<br><br />
<br />
'''When:''' '''September 17th 2010'''<br><br />
<br />
'''Where:''' Trinity College Dublin, The Hamilton Building <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [[Eoin Keary|Eoin Keary]]. <br><br />
<br />
'''Subscribe to the OWASP Ireland [https://lists.owasp.org/mailman/listinfo/owasp-ireland mail list] for the up-to-date information.''' <br />
<br />
<br><br />
<br />
==== OCT 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== NOV 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== DEC 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br><br />
<br />
==== 2010 Chapter Plan ====<br />
<br />
'''Special Project:'''Educational Outreach<br>Summary: Drive education awareness of OWASP among Irish Universities and Third Level Institutions. <br>Plan: &lt;insert plan&gt; <br>Next Milestone: Update the plan<br>Participants: Fabio Cerullo <br><br><br />
<br />
'''Special Project:'''Industry Outreach<br>Summary: Raise awareness of OWASP among Irish industry.<br>Plan: &lt;insert plan&gt; <br>Next Milestone: Update the plan<br>Participants: Eoin Keary<br><br><br />
<br />
'''Special Project:'''Membership Drive <br>Summary: Increase local chapter members individuals and corporate supporters <br>Plan: &lt;insert&gt; <br>Next Milestone: Update the plan<br>Project Participants: Rahim Jina<br><br><br />
<br />
'''Special Project:'''Hands-On Training<br>Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes<br>Next Milestone: Organize Training Offerings<br>Project Participants: Fabio Cerullo<br><br><br />
<br />
<br>Call For Presentations for 2010 is now open - please contact fcerullo(@)owasp.org / +353877817468 if you would like to speak or can host a meeting. <br><br>*Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes. The OWASP Foundation, Ireland chapter focuses on implementation of efforts defined by the [http://www.owasp.org/index.php/Global_Committee_Pages Global Committee] as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved <br />
<br />
==== FEB 2010 ====<br />
<br />
== OWASP Ireland Event - What is the O2 Platform? ==<br />
<br />
'''When:''' 19/2/2010 3:00pm - 5:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' OWASP O2 Platform - Open Platform for automating application security knowledge and workflows <br>'''Abstract:''' In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC. <br />
<br />
'''Presenter:''' Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development. For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers. Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences. At OWASP, Dinis is the leader of the [[OWASP O2 Platform]] project, member of the OWASP [[Global Projects Committee]], chair of the [[OWASP Connections Committee]] and member of the [[About The Open Web Application Security Project#Global_Board_Members|OWASP Board]]. <br />
<br />
'''Download Presentation:''' http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf <br />
<br />
== IISF/OWASP – February Chapter Meeting ==<br />
<br />
'''When:''' 25/2/2010 2:00pm - 4:00pm <br><br />
<br />
'''Where:''' Georgian Suite, Buswells Hotel, Molesworth St., Dublin 2 <br />
<br />
'''Title:''' An overview of Web Application Security threats and technologies. Practical advice and techniques for improving Application Security, presented by OWASP. <br />
<br />
2:00 - Introduction by IISF Chairman <br />
<br />
2:05 - Presentation&nbsp;: “Practical advice for improving Application Security” - Introduction to OWASP and OWASP Top Ten - Demonstration video of typical web based attacks with high level explanation - Live SQL injection demo using WebGoat &amp; WebScarab - Live Cross Site Scripting demo using WebGoat &amp; WebScarab <br />
<br />
'''Download Presentation:''' [[Image:IISF 250210 part1.ppt]] <br />
<br />
3:00 - Coffee <br />
<br />
3:20 – Presentation continues - Application Security: "The problems we are faced with" - The Application Security Verification Standard - SDLC &amp; Security Assurance Maturity Model - Code Review versus traditional Runtime Testing. - Q&amp;A <br />
<br />
'''Download Presentation:''' [[Image:IISF 250210 part2.pptx]] <br />
<br />
4:00 - Close of Meeting <br />
<br />
4:05 - Traditional networking in Buswells Bar <br />
<br />
<br><br />
<br />
==== MAR 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP - 26/3/2010 ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== APR 2010 ====<br />
<br />
== OWASP Live CD - An open environment for Web Application Security ==<br />
<br />
'''When:''' 16/4/2010 2:30pm - 5:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' OWASP Live CD - An open environment for Web Application Security <br>'''Abstract:''' This CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. This presentation aims to provide a showcase for the great OWASP tools and documentation materials available in the CD, tips and tricks, and also some introductory stuff regarding code review and penetration testing. <br>Training is aimed at introductory /intermediate level in terms of pen testing, code review and tools. <br />
<br />
'''Presenters:''' <br />
<br />
'''Rahim Jina''' <br>Rahim Jina currently works as a senior consultant for Ernst &amp; Young's Risk Advisory Services in Dublin. He has worked there for nearly four years primarily delivering penetration testing services to clients globally, focusing on web applications and secure code review. He has been involved with OWASP for the past two years, being involved in the Summer of Code 2008 as lead reviewer for the Code Review Guide 2009. He has also made contributions to the SAMM project (OpenSAMM). He holds an MSC in Security and Forensic Computing from DCU and a degree in computer science from Trinity college. <br>'''Eoin Keary''' <br>Eoin is a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. He is based in Dublin, Ireland and run the Ernst &amp; Young application security team across Europe. His OWASP contributions to date include the OWASP Code Review Guide, OWASP Testing Guide, OWASP SAMM, and OWASP ASVS. He is a member of the OWASP Global Industry Committee, chair of the OWASP Conferences Committee and member of the OWASP Global Board. Eoin founded the OWASP Ireland chapter back in 2004 and currently serves as Vice President of the OWASP Ireland Board. <br />
<br />
'''Pictures from the event:''' <br />
<center><br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
[http://www.owasp.org/images/d/db/P1040923_1024.JPG [[Image:|P1040923_small.jpg]]]<br>[http://www.owasp.org/images/d/db/P1040923_1024.JPG zoom]<br />
<br />
| <br />
[http://www.owasp.org/images/f/f3/P1040927_1024.JPG [[Image:|P1040927_small.jpg]]]<br>[http://www.owasp.org/images/f/f3/P1040927_1024.JPG zoom]<br />
<br />
| <br />
[http://www.owasp.org/images/6/64/P1040929_1024.JPG [[Image:|P1040929_small.jpg]]]<br>[http://www.owasp.org/images/6/64/P1040929_1024.JPG zoom]<br />
<br />
|}<br />
</center><br />
'''Download Presentation:''' [http://www.owasp.org/images/e/ee/OWASP_Live_CD.pptx [[Image:|Download.png]]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''When:''' After OWASP Live CD training <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== MAY 2010 ====<br />
<br />
== OWASP Event: Trials &amp; Tribulations of WAF Implementation ==<br />
<br />
'''When:''' 20/5/2010 6:30pm - 7:30pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' Trials &amp; Tribulations of WAF Implementation<br>'''Abstract:''' A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.<br>Mark will be presenting on his experience in implementing a Web Application Firewall solution through all phases from research to implementation. <br />
<br />
'''Presenters:''' <br />
<br />
'''Mark Hillick - Application Networking Team, Citrix Systems''' <br>Mark Hillick has 10 years experience in relation to Internet, networking, systems administration and security engineering. <br />
<br />
Mark graduated from Queen's University, where he studied Mathematics. <br />
<br />
Mark joined AIB from Queen's where he joined the Internet Infrastructure team, where he was responsible for designing, building and securing the Internet service in and out of AIB. He is a prominent member of the IT Security community in Ireland and has presented at several local security forums such as IISF and Owasp. Mark is one of the founding members of IRISS CERT, where he is also a Volunteer Incident Handler. He helped organise IRISSCon 2009, where he also designed and built HackEire 2009, the first Ethical Hacking 'Capture The Flag' contest in Ireland.<br><br />
<br />
'''Pictures from the event:''' <br />
<br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
[[Image:20052010017.jpg|thumb|A caption from Mark's talk]]<br />
<br />
|}<br />
<br />
<br><br />
<br />
'''Download Presentation:''' [http://docs.google.com/fileview?id=0B3vrVYEosFeEZDMyZjIzYTktMzNkZC00ZjBlLWFiYTgtNThjZGE4YTE1NmFj [[Image:|Download.png]]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''When:''' After WAF presentation <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br><br />
<br />
==== JUN 2010 ====<br />
<br />
== OWASP Event: Define Security Requirements - A practical approach ==<br />
<br />
'''When:''' 20/5/2010 6:30pm - 7:30pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' Define Security Requirements - A practical approach<br>'''Abstract:''' The Data Protection Act states that "appropriate security measures" must be taken to protect personal data. How do you specify the appropriate security measures for a website which processes personal data? It is an important step in a development project, but is often neglected. In this talk, Alexis will descibe his own experiences of assessing web application, and will also look in more detail at what the Data Protection Commissioner says. He will then take a fictional website and look at a practical approach to specifying the security requirements that the fictional application should meet. This will use the kind of risk-based techniques outlined by OWASP or the Microsoft Secure Development Lifecycle (SDL). Issues discussed will include encryption, authentication, access control, audit, etc. The result will be a list of security requirements that can be carried into the design and development phases. Attendees should be able to apply the ideas to their own development projects. <br />
<br />
'''Presenters:''' <br />
<br />
'''Alexis Fitzgerald - Rits Information Security Group''' <br>For the last six years Alexis has worked for Rits Information Security Group, where he performs application penetration testing assignments as well as advising clients on application security issues. Before that, he spent many years as a developer (mainly in the financial sector), and he continues to be involved in development. Alexis holds an MSc in Information Security from the University of London, Royal Holloway.<br><br />
<br />
'''Pictures from the event:''' <br />
<br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
|}<br />
<br />
<br><br />
<br />
'''Download Presentation:''' [[Image:OWASP Ireland June10.pdf]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' After Alexis presentation <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== JUL 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br />
<br><br />
<br />
<br><br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:Ireland]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=Dublin&diff=169957Dublin2014-03-11T21:42:43Z<p>Fiona Collins: </p>
<hr />
<div>{{Chapter Template|chaptername=Ireland|extra= [[File:Owasp_logo_ireland_small.jpg]]| mailinglistsite=https://lists.owasp.org/mailman/listinfo/owasp-ireland}} become a [http://www.owasp.org/index.php/Membership#Categories_of_Membership_.26_Supporters Member or Annual Chapter Sponsor(s)]. <br><br />
<br />
== OWASP Ireland Board ==<br />
<br />
Should you have a question about the local chapter, would like to get more involved contact ANY of the following people below <br><br><br />
<br />
*'''Chapter Lead''' [mailto:fiona.walsh(at)owasp.org Fiona Walsh]<br><br />
*'''Board Member/Global Board Member''' [[User:EoinKeary|Eoin Keary]] <br><br />
*'''Board Member''' [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468<br><br />
*'''Board Member''' [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury]<br><br />
*'''Board Member''' [mailto:Darren.Fitzpatrick(at)owasp.org Darren Fitzpatrick]<br><br />
<br />
*'''Advisor''' [mailto:rahim.jina(at)owasp.org Rahim Jina]<br><br />
<br />
<br />
<br>'''OWASP Ireland'''<br>23 The Chandler, Rahtborne Village <br>Ashtown, Dublin 15, Ireland <br>Tel: +353877817468 | Fax: +353877817468 <br><paypal>Ireland</paypal> <br><br />
<br />
== OWASP Dublin Chapter 2014 ==<br />
<br />
=== OWASP March Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Event - Rahim Jina of BCC Risk Advisory and Stephen Scott of Espion''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 13th March<br><br>''' Registration: 18:30 <br>Talk: 19:00<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
''(Registration. [https://www.eventbrite.ie/e/owasp-chapter-meeting-tickets-10802455435 Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | There will be networking afterwards, with beer and pizza thanks to Espion (http://www.espiongroup.com/)<br />
<br />
Talk 1: Building a shield of security - Vulnerability Management by the numbers and dumb robots!<br />
<br />
Rahim Jina - BCC Risk Advisory<br />
<br />
Rahim has been an active member of OWASP since 2008 and has contributed to many projects such as the OWASP Security Code Review Guide and is an ex-board member of the Irish Chapter. Previously Rahim was a senior security consultant at a “big 4” professional services firm and more recently, the head of security for Fonality Inc, a VoIP service provider based in Los Angeles. Rahim is currently a director for BCC Risk Advisory (bccriskadvisory.com), based in Dublin, Ireland. He is also responsible for the security architecture of the edgescan.comvulnerability management solution.<br />
<br />
Abstract: <br />
<br />
This presentation discusses how builders, breakers and defenders should look at vulnerability management when attempting to keep hackers at bay. We discuss the most common vulnerabilities which are not detected by security tools nor automation but nevertheless are common and can be used to commit real fraud resulting in financial loss. We will see that Web Application Firewalls are ineffective against such attacks and why the only practical solution is to apply a layered approach across all aspects of the SDLC.<br />
<br />
<br />
<br />
Talk 2: "PCI's Changing Environment - What You Need to Know & Why You Need To Know It".<br />
<br />
Stephen Scott - Senior Consultant and PCI QSA in Espion's Information Government practice<br />
<br />
Stephen Scott, Consultancy Team lead in Espion, is an experienced information security, risk and compliance consultant whose experience spans across many different areas including, PCI DSS, information security, risk management, group internal audit, IT service management and regulatory compliance. Stephen has extensive experience with information security, internal control testing, compliance programmes, information risk management, and process improvement. Stephen has worked across a wide range of industry verticals, including financial, industrial and insurance.<br />
<br />
Abstract:<br />
<br />
PCI DSS – The Payment Card Industry Data Security Standard sets common requirements for securing payment card information (credit, debit, some gift cards), and lays out a range of controls relating to auditing, scanning and assessment.<br />
<br />
This presentation discusses the ever evolving PCI environment, specifically focusing on the changes in the recent release of version 3 of the PCI DSS standard. Stephen will start off by giving a brief background to PCI, including motivators for merchant and service providers to adhere to the standard. In addition to this, the presentation will highlight what security considerations are relevant to application and information security practitioners.<br />
|-<br />
|}<br />
<br />
<br />
== OWASP Ireland 2013 Agenda ==<br />
<br />
=== OWASP July Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''Chapter Event - Jeremiah Grossman - Another Year in Web Security''' <br />
|-<br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday 4th July<br><br>''' Registration: 17:30 <br>Talk: 18:00<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
''(Registration. [http://www.eventbrite.com/event/7127672059 Register here])''<br />
|-<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | Jeremiah Grossman of WhiteHat Security will be in Dublin and will be talking at our next chapter event. His talk "Another Year In Web Security: What did 2012 teach us about survival in the coming years?" promises a great insight into the future of web security.<br />
<br />
Jeremiah Grossman, founder and CTO of WhiteHat Security, is a world-renowned expert in web application security and a founding member of the Web Application Security Consortium (WASC). At WhiteHat, Mr. Grossman is responsible for web application security R&D and industry evangelism. He is a frequent speaker at industry events including the BlackHat Briefings, ISACA's Networks Security Conference, NASA, ISSA and Defcon. <br />
<br />
A trusted media resource, Mr. Grossman has been featured in USA Today, the Washington Post, Information Week, NBC Nightly News, and many others. Mr. Grossman is also a featured expert and frequent contributor on TechTarget'sSearchAppSecurity.com.<br />
|-<br />
|}<br />
<br />
=== OWASP June Event ===<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training. [https://www.owasp.org/index.php/EUTour2013#Training Info about the training session])'' <br>'''Wednesday 26th June''' ''(Conference. [https://www.owasp.org/index.php/EUTour2013#Dublin Info and registration link for the conference])''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
|}<br />
<br />
=== OWASP May Event ===<br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''TRAINING & TALKS''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Dublin - Realex Payments Application Security Workshop''' == <br />
'''Thursday 30th May'''<br> ''('''Training'''. 1:30pm- 5:00pm)'' <br>('''Talks'''. 6:00pm - 8:00pm)''<br>[http://www.eventbrite.com/event/6665658163/eorg Click here for more information]<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''Training'''<br />
<br />
Eoin Keary will be delivering free application security training between 2pm and 5pm on the 30th May. Eoin was the founder of OWASP Ireland and is currently the global vice chair for OWASP (amongst many other things! https://www.owasp.org/index.php/Eoin_Keary). He has delivered application security training to many developers and security professionals around the world and recently delivered a training course to over 400 people at the RSA Conference.<br />
<br />
The training will focus on secure application development and why we can't hack ourselves secure. It will be covering why penetration testing on its own does not work approaches to improvement including "knowing what you don't know" and how to measure change.<br />
<br />
It will be technical training covering XSS eradication, client side security and browser DOM curiosities.<br />
<br />
'''Talks'''<br />
<br />
The talks will be starting at 6pm in our office and OWASP have arranged two very interesting talks! Diarmaid McManus https://twitter.com/elephant_rb from Realex Payments will be expanding his award winning SecurityBSides London Rookie Track talk https://www.securityninja.co.uk/application-security/securitybsides-london-esp-security-plugin/ to include more details about static analysis approaches and his research and development work on ESP: Security Plugin https://github.com/diarmaid-mcmanus/ESPSecurityPlugin.<br />
<br />
Hugh Pearse https://twitter.com/hughpearse will be talking about Low Level Exploits and this looks like it will be a great talk:<br />
<br />
“In 2010 Mr Haroon Meer from thinkst.com presented a timeline of memory corruption vulnerabilities and their mitigation techniques dating from 1985 to 2010. In his 35 page publication he referenced almost 150 events in low level information security history. The scope of the presentation "Low Level Exploits" is to explain in detail some of the most significant attacks in from Haroon Meers research. The attacks covered in this presentation include buffer overflows on the stack, heap overflows, integer overflows, format strings, null pointers and ROP chains. This brings us to exploits in the present day where researchers are looking for the successor of the buffer overflow attack, next big exploit.”<br />
|-<br />
|}<br />
<br />
<br />
<br />
== OWASP Ireland 2011 Agenda ==<br />
<br />
=== [[Ireland/Training/OWASP projects and resources you can use TODAY]] ===<br />
<br />
[[Image:Owasp logo Ireland Training 11 March 2010.gif]]<br />
<br />
*'''Overview & Goal'''<br />
**Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle. <br />
**This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them. <br />
**The course will be very practical where demonstration and hands-on exercises will be provided for the tools covered. <br />
**If you are interested in participating in the hands on portion of the course, please bring a laptop. <br />
*'''Dates'''<br />
**March, 2011, 11<br />
*'''Course Main Content and Registration'''<br />
**[[Ireland/Training/OWASP projects and resources you can use TODAY|Click here]]<br />
<br />
== OWASP Ireland 2010 ==<br />
<br />
[[Image:Dublin2010.gif]]<br />
<br />
Click [[OWASP IRELAND 2010]] for more information <br><br><br />
<br />
== OWASP Ireland 2010 Agenda ==<br />
<br />
<br><br />
<br />
==== AUG 2010 ====<br />
== OWASP August Event ==<br />
<br />
'''When:''' 11/8/2010 6:00pm - 8:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br />
<br><br />
'''Title:''' OWASP ESAPI Swingset: Introduction & Demo by Cathal Courtney<br />
<br><br />
'''Abstract:''' The ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library. The application is intended for Java Developers. The goal of the application is to teach developers about the functionality of the ESAPI library and give users a practical understanding of how it can be used to protect web applications against common security vulnerabilities. During the talk, Cathal will demonstrate how to install and use ESAPI Swingset in your organization. A copy of the latest version will be also provided to the attendees.<br />
<br><br />
'''Presenter:''' Cathal is an experienced developer working at AIB and is currently the ESAPI Swingset project leader. More information about this project could be found here: [http://www.owasp.org/index.php/ESAPI_Swingset Esapi SwingSet]<br />
<br><br />
'''Download Presentation:''' Not available<br />
<br><br><br />
'''Title:''' Security Implications for Web Applications based on SOA by John Marmelstein<br />
<br><br />
'''Abstract:''' The main point of SOA (in this context) is combining systems and applications to make new applications, or a big 'overall' application.This higher inter-operability does (by default) lower security. For a start, a request originating from a web user might end up at several back end systems, which do not know who or what the request came from.<br />
<br><br />
Each back end system might have no access to the customer data, have a different security models, and serve serveral front end. Each of the above systems could be under different ownership, thus the owners have different concerns and priorities. Also, the basic solution at a technical level include single sign on, or security as a service. This can be costly, give limited coverage and have a performance hit. But is pretty much the only way to do it. The other thing to do (probably in tandem) is strict management, and delegation of authority.<br />
<br><br />
'''Presenter:''' John has about 13 years in IT. Most of this in distributed systems and 'Middleware' integration software. Including BEA (now owned by Oracle). Mainly working on Enterprise Java and more recently on Microsoft BizTalk. Various industries, incuding financials, public services, and a fish farm.<br />
<br><br />
'''Download Presentation:''' <br />
<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== SEP 2010 ====<br />
<br />
== APPSEC IRELAND 2010 ==<br />
<br />
Due to popular demand we are hosting the 2nd OWASP IRELAND event, '''OWASP Ireland 2010'''. <br>Continuing last years highly successful conference, with more than 150 attendees from across the globe OWASP is happy to repeat this positive experience. <br>Delegates from numerous industry verticals attended the 2009 event; from government to finance to telecoms. Share your thoughts at this open event with some of the most experienced individuals in the information security industry. <br />
<br />
[http://www.owasp.org/index.php/OWASP_IRELAND_2010 [[Image:Dublin2010.gif]]]<br>[[OWASP_IRELAND_2010]]<br><br />
<br />
'''When:''' '''September 17th 2010'''<br><br />
<br />
'''Where:''' Trinity College Dublin, The Hamilton Building <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [[Eoin Keary|Eoin Keary]]. <br><br />
<br />
'''Subscribe to the OWASP Ireland [https://lists.owasp.org/mailman/listinfo/owasp-ireland mail list] for the up-to-date information.''' <br />
<br />
<br><br />
<br />
==== OCT 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== NOV 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== DEC 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br><br />
<br />
==== 2010 Chapter Plan ====<br />
<br />
'''Special Project:'''Educational Outreach<br>Summary: Drive education awareness of OWASP among Irish Universities and Third Level Institutions. <br>Plan: &lt;insert plan&gt; <br>Next Milestone: Update the plan<br>Participants: Fabio Cerullo <br><br><br />
<br />
'''Special Project:'''Industry Outreach<br>Summary: Raise awareness of OWASP among Irish industry.<br>Plan: &lt;insert plan&gt; <br>Next Milestone: Update the plan<br>Participants: Eoin Keary<br><br><br />
<br />
'''Special Project:'''Membership Drive <br>Summary: Increase local chapter members individuals and corporate supporters <br>Plan: &lt;insert&gt; <br>Next Milestone: Update the plan<br>Project Participants: Rahim Jina<br><br><br />
<br />
'''Special Project:'''Hands-On Training<br>Summary: Provide 1-day, 3-day and 5-day hands-on classroom / online training classes<br>Next Milestone: Organize Training Offerings<br>Project Participants: Fabio Cerullo<br><br><br />
<br />
<br>Call For Presentations for 2010 is now open - please contact fcerullo(@)owasp.org / +353877817468 if you would like to speak or can host a meeting. <br><br>*Note meeting hosts are provided with annual chapter sponsorship and free seats in training classes. The OWASP Foundation, Ireland chapter focuses on implementation of efforts defined by the [http://www.owasp.org/index.php/Global_Committee_Pages Global Committee] as well as new concepts and ideas defined locally. Below are a list of ACTIVE projects assigned to individual active members and teams within the local chapter. If you would like to help out on ANY of these efforts, contact them directly to get involved <br />
<br />
==== FEB 2010 ====<br />
<br />
== OWASP Ireland Event - What is the O2 Platform? ==<br />
<br />
'''When:''' 19/2/2010 3:00pm - 5:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' OWASP O2 Platform - Open Platform for automating application security knowledge and workflows <br>'''Abstract:''' In this talk Dinis Cruz will show the OWASP O2 Platform which is an open source toolkit specifically designed for developers and security consultants to be able to perform quick, effective and thorough 'source-code-driven' application security reviews. The OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) consumes results from the scanning engines from Ounce Labs, Microsoft's CAT.NET tool, FindBugs, CodeCrawler and AppScan DE, and also provides limited support for Fortify and OWASP WebScarab dumps. In the past, there has been a very healthy skepticism on the usability of Source Code analysis engines to find commonly found vulnerablities in real world applications. This presentation will show that with some creative and powerful tools, it IS possible to use O2 to discover those issues. This presentation will also show O2's advanced support for Struts and Spring MVC. <br />
<br />
'''Presenter:''' Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development. For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers. Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences. At OWASP, Dinis is the leader of the [[OWASP O2 Platform]] project, member of the OWASP [[Global Projects Committee]], chair of the [[OWASP Connections Committee]] and member of the [[About The Open Web Application Security Project#Global_Board_Members|OWASP Board]]. <br />
<br />
'''Download Presentation:''' http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf <br />
<br />
== IISF/OWASP – February Chapter Meeting ==<br />
<br />
'''When:''' 25/2/2010 2:00pm - 4:00pm <br><br />
<br />
'''Where:''' Georgian Suite, Buswells Hotel, Molesworth St., Dublin 2 <br />
<br />
'''Title:''' An overview of Web Application Security threats and technologies. Practical advice and techniques for improving Application Security, presented by OWASP. <br />
<br />
2:00 - Introduction by IISF Chairman <br />
<br />
2:05 - Presentation&nbsp;: “Practical advice for improving Application Security” - Introduction to OWASP and OWASP Top Ten - Demonstration video of typical web based attacks with high level explanation - Live SQL injection demo using WebGoat &amp; WebScarab - Live Cross Site Scripting demo using WebGoat &amp; WebScarab <br />
<br />
'''Download Presentation:''' [[Image:IISF 250210 part1.ppt]] <br />
<br />
3:00 - Coffee <br />
<br />
3:20 – Presentation continues - Application Security: "The problems we are faced with" - The Application Security Verification Standard - SDLC &amp; Security Assurance Maturity Model - Code Review versus traditional Runtime Testing. - Q&amp;A <br />
<br />
'''Download Presentation:''' [[Image:IISF 250210 part2.pptx]] <br />
<br />
4:00 - Close of Meeting <br />
<br />
4:05 - Traditional networking in Buswells Bar <br />
<br />
<br><br />
<br />
==== MAR 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP - 26/3/2010 ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== APR 2010 ====<br />
<br />
== OWASP Live CD - An open environment for Web Application Security ==<br />
<br />
'''When:''' 16/4/2010 2:30pm - 5:00pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' OWASP Live CD - An open environment for Web Application Security <br>'''Abstract:''' This CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. This presentation aims to provide a showcase for the great OWASP tools and documentation materials available in the CD, tips and tricks, and also some introductory stuff regarding code review and penetration testing. <br>Training is aimed at introductory /intermediate level in terms of pen testing, code review and tools. <br />
<br />
'''Presenters:''' <br />
<br />
'''Rahim Jina''' <br>Rahim Jina currently works as a senior consultant for Ernst &amp; Young's Risk Advisory Services in Dublin. He has worked there for nearly four years primarily delivering penetration testing services to clients globally, focusing on web applications and secure code review. He has been involved with OWASP for the past two years, being involved in the Summer of Code 2008 as lead reviewer for the Code Review Guide 2009. He has also made contributions to the SAMM project (OpenSAMM). He holds an MSC in Security and Forensic Computing from DCU and a degree in computer science from Trinity college. <br>'''Eoin Keary''' <br>Eoin is a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. He is based in Dublin, Ireland and run the Ernst &amp; Young application security team across Europe. His OWASP contributions to date include the OWASP Code Review Guide, OWASP Testing Guide, OWASP SAMM, and OWASP ASVS. He is a member of the OWASP Global Industry Committee, chair of the OWASP Conferences Committee and member of the OWASP Global Board. Eoin founded the OWASP Ireland chapter back in 2004 and currently serves as Vice President of the OWASP Ireland Board. <br />
<br />
'''Pictures from the event:''' <br />
<center><br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
[http://www.owasp.org/images/d/db/P1040923_1024.JPG [[Image:|P1040923_small.jpg]]]<br>[http://www.owasp.org/images/d/db/P1040923_1024.JPG zoom]<br />
<br />
| <br />
[http://www.owasp.org/images/f/f3/P1040927_1024.JPG [[Image:|P1040927_small.jpg]]]<br>[http://www.owasp.org/images/f/f3/P1040927_1024.JPG zoom]<br />
<br />
| <br />
[http://www.owasp.org/images/6/64/P1040929_1024.JPG [[Image:|P1040929_small.jpg]]]<br>[http://www.owasp.org/images/6/64/P1040929_1024.JPG zoom]<br />
<br />
|}<br />
</center><br />
'''Download Presentation:''' [http://www.owasp.org/images/e/ee/OWASP_Live_CD.pptx [[Image:|Download.png]]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''When:''' After OWASP Live CD training <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== MAY 2010 ====<br />
<br />
== OWASP Event: Trials &amp; Tribulations of WAF Implementation ==<br />
<br />
'''When:''' 20/5/2010 6:30pm - 7:30pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' Trials &amp; Tribulations of WAF Implementation<br>'''Abstract:''' A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.<br>Mark will be presenting on his experience in implementing a Web Application Firewall solution through all phases from research to implementation. <br />
<br />
'''Presenters:''' <br />
<br />
'''Mark Hillick - Application Networking Team, Citrix Systems''' <br>Mark Hillick has 10 years experience in relation to Internet, networking, systems administration and security engineering. <br />
<br />
Mark graduated from Queen's University, where he studied Mathematics. <br />
<br />
Mark joined AIB from Queen's where he joined the Internet Infrastructure team, where he was responsible for designing, building and securing the Internet service in and out of AIB. He is a prominent member of the IT Security community in Ireland and has presented at several local security forums such as IISF and Owasp. Mark is one of the founding members of IRISS CERT, where he is also a Volunteer Incident Handler. He helped organise IRISSCon 2009, where he also designed and built HackEire 2009, the first Ethical Hacking 'Capture The Flag' contest in Ireland.<br><br />
<br />
'''Pictures from the event:''' <br />
<br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
[[Image:20052010017.jpg|thumb|A caption from Mark's talk]]<br />
<br />
|}<br />
<br />
<br><br />
<br />
'''Download Presentation:''' [http://docs.google.com/fileview?id=0B3vrVYEosFeEZDMyZjIzYTktMzNkZC00ZjBlLWFiYTgtNThjZGE4YTE1NmFj [[Image:|Download.png]]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''When:''' After WAF presentation <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br><br />
<br />
==== JUN 2010 ====<br />
<br />
== OWASP Event: Define Security Requirements - A practical approach ==<br />
<br />
'''When:''' 20/5/2010 6:30pm - 7:30pm <br><br />
<br />
'''Where:''' Ernst &amp; Young, Harcourt Street, Dublin 2, Opposite the Odeon Pub, Dublin, Ireland <br />
<br />
'''Sponsors:''' [[Image:Ey logo.gif]]<br><br />
<br />
'''Title:''' Define Security Requirements - A practical approach<br>'''Abstract:''' The Data Protection Act states that "appropriate security measures" must be taken to protect personal data. How do you specify the appropriate security measures for a website which processes personal data? It is an important step in a development project, but is often neglected. In this talk, Alexis will descibe his own experiences of assessing web application, and will also look in more detail at what the Data Protection Commissioner says. He will then take a fictional website and look at a practical approach to specifying the security requirements that the fictional application should meet. This will use the kind of risk-based techniques outlined by OWASP or the Microsoft Secure Development Lifecycle (SDL). Issues discussed will include encryption, authentication, access control, audit, etc. The result will be a list of security requirements that can be carried into the design and development phases. Attendees should be able to apply the ideas to their own development projects. <br />
<br />
'''Presenters:''' <br />
<br />
'''Alexis Fitzgerald - Rits Information Security Group''' <br>For the last six years Alexis has worked for Rits Information Security Group, where he performs application penetration testing assignments as well as advising clients on application security issues. Before that, he spent many years as a developer (mainly in the financial sector), and he continues to be involved in development. Alexis holds an MSc in Information Security from the University of London, Royal Holloway.<br><br />
<br />
'''Pictures from the event:''' <br />
<br />
{| class="FCK__ShowTableBorders"<br />
|-<br />
| <br />
|}<br />
<br />
<br><br />
<br />
'''Download Presentation:''' [[Image:OWASP Ireland June10.pdf]] <br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' After Alexis presentation <br><br />
<br />
'''Where:''' Odeon Pub <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
==== JUL 2010 ====<br />
<br />
== APPSEC IRELAND INFORMAL MEET-UP ==<br />
<br />
This is a informal gathering to meet others in information security and have a pint&nbsp;;) all are welcome <br><br />
<br />
'''When:''' TBD <br><br />
<br />
'''Where:''' TBD <br><br />
<br />
'''Sponsors:''' In case you want to sponsor this event, please contact [mailto:fcerullo(at)owasp.org Fabio Cerullo]. <br><br />
<br />
<br />
<br><br />
<br />
<br><br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:Ireland]]</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=154419EUTour2013 Dublin Agenda2013-06-25T18:13:41Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training. [https://www.owasp.org/index.php/EUTour2013#Training Info about the training session])'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''Training (Wednesday 25th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 25th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
|-<br />
<br><br />
| align="center" bgcolor="#EEEEEE" colspan="2"| '''DEFENSIVE PROGRAMMING – JAVASCRIPT AND HTML5'''<br><br><br />
<br />
HTML5 is the fifth revision of the HTML standard. HTML5, and its integration with JavaScript, introduces new <br />
security risks that we need to carefully consider when writing web front-end code. Modern web-based software, including <br />
mobile web front-end applications, makes heavy use of innovative JavaScript and HTML5 browser support to deliver <br />
advanced user experiences. Front-end developers focus their efforts on creating this experience and are generally not aware <br />
of the security implications of the technologies they use. <br><br />
<br />
The Defensive Programming – JavaScript/HTML5 course helps web front-end developers understand the risks involved with <br />
manipulating the HTML Document Object Model (DOM) and using the advanced features of JavaScript and HTML 5 such as <br />
cross-domain requests and local storage. The course reinforces some important security aspects of modern browser <br />
architecture and presents the student with defensive programming techniques that can be immediately applied to prevent common vulnerabilities from being introduced. Additionally, the course provides a detailed description of typical JavaScript sources and sinks and explains how they can be used to detect problems in code.<br><br />
<br />
'''For more information about the training please see''' [https://www.owasp.org/index.php/EUTour2013#Training Further training information]<br />
<br><br />
<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | '''Price:''' 350€ Non members / 300€ OWASP members. <br><br />
<br />
'''Duration:''' 8 hours (09:00h - 18:00h)<br />
<br><br />
'''Registration Link to the Europe Tour training''': [http://regonline.com/owaspeutourdublindefensiveprogramming Register Here]'''<br><br />
<br><br />
|-<br />
|} <br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [http://www.regonline.com/owaspeutourdublin Register Here]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details - Times are subject to change '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:30 <br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 10:00 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:15 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Interactive Workshop - Ultimate Fighting Championship: Bugs vs Flaws<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | Abstract<br />
<br />
We see a lot of defects in software and they fall broadly into two categories: bugs or flaws. How well we understand the defects and our correct categorisation influences how successful we will be fixing them. If we mistake a flaw for a bug and offer a point solution, we'll be back in the same situation as before, only with more broken code. If we mistake a bug for a flaw, we condemn ourselves to reengineering hunks of our system when a localised patch would do. Spend time with Paco Hope analysing defects from real systems. Create rules that distinguish bugs from flaws and cast your vote. Argue about what to do with them. Climb into the ring with that defect and pin it to the mat!<br />
<br />
Learning Objectives<br />
<br />
* Identify a small set of rules that will help distinguish flaws from bugs<br />
* Classify defects clearly into one class or the other<br />
* Articulate why something belongs in one class or another<br />
* Articulate the difference between flaws and bugs<br />
<br />
Pre-Requisites<br />
<br />
All security and software developers should be prepared for this. Prior experience in mixed martial arts is not necessary. :)<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 11:15 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Using the browser as a platform for security tools <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 12:30 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Lunch<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:30 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lesson learned from the trenches of targeted attack <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Robert McArdle<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.<br />
<br />
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.<br />
<br />
KEY QUESTIONS<br />
1) What is the reality (not the hype) of a modern targeted attack<br><br />
2) You will understand the Modus Operandi of a two main types of Cybercriminals<br><br />
3) You will understand how investigators and security companies investigate these high profile attacks<br><br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 14:30 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:45 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Building Security In Maturity Model (BSIMM)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.<br />
<br />
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:45 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Needles in haystacks, why we are not solving the appsec problem & html hacking the<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Eoin Keary<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? <br><br><br />
<br />
Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!!<br><br> Why do we do this and make security bugs over complex?<br><br />
Why are we still happy with “Testing security out” rather than the more superior “building security in”? <br><br><br />
We shall also look at mark up attacks which break CSP controls.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 16:45 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Close<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="left" colspan="0" | <br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=154198EUTour2013 Dublin Agenda2013-06-20T20:14:20Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training. [https://www.owasp.org/index.php/EUTour2013#Training Info about the training session])'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''Training (Wednesday 25th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 25th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
|-<br />
<br><br />
| align="center" bgcolor="#EEEEEE" colspan="2"| '''DEFENSIVE PROGRAMMING – JAVASCRIPT AND HTML5'''<br><br><br />
<br />
HTML5 is the fifth revision of the HTML standard. HTML5, and its integration with JavaScript, introduces new <br />
security risks that we need to carefully consider when writing web front-end code. Modern web-based software, including <br />
mobile web front-end applications, makes heavy use of innovative JavaScript and HTML5 browser support to deliver <br />
advanced user experiences. Front-end developers focus their efforts on creating this experience and are generally not aware <br />
of the security implications of the technologies they use. <br><br />
<br />
The Defensive Programming – JavaScript/HTML5 course helps web front-end developers understand the risks involved with <br />
manipulating the HTML Document Object Model (DOM) and using the advanced features of JavaScript and HTML 5 such as <br />
cross-domain requests and local storage. The course reinforces some important security aspects of modern browser <br />
architecture and presents the student with defensive programming techniques that can be immediately applied to prevent common vulnerabilities from being introduced. Additionally, the course provides a detailed description of typical JavaScript sources and sinks and explains how they can be used to detect problems in code.<br><br />
<br />
'''For more information about the training please see''' [https://www.owasp.org/index.php/EUTour2013#Training Further training information]<br />
<br><br />
<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | '''Price:''' 350€ Non members / 300€ OWASP members. <br><br />
<br />
'''Duration:''' 8 hours (09:00h - 18:00h)<br />
<br><br />
'''Registration Link to the Europe Tour training''': [http://regonline.com/owaspeutourdublindefensiveprogramming Register Here]'''<br><br />
<br><br />
|-<br />
|} <br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [http://www.regonline.com/owaspeutourdublin Register Here]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details - Times are subject to change '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:30 <br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 10:00 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:15 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Needles in haystacks, why we are not solving the appsec problem & html hacking the<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Eoin Keary<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? <br><br><br />
<br />
Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!!<br><br> Why do we do this and make security bugs over complex?<br><br />
Why are we still happy with “Testing security out” rather than the more superior “building security in”? <br><br><br />
We shall also look at mark up attacks which break CSP controls.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 11:15 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30 <br>(60 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Realex Payments Application Security story<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | David Rook<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | As the old British Telecom adverts used to say it's good to talk so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I'd do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach.<br />
<br />
The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we've ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland.<br />
<br />
This isn't an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments.<br />
<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 12:30 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Lunch<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:30 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lesson learned from the trenches of targeted attack <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Robert McArdle<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.<br />
<br />
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.<br />
<br />
KEY QUESTIONS<br />
1) What is the reality (not the hype) of a modern targeted attack<br><br />
2) You will understand the Modus Operandi of a two main types of Cybercriminals<br><br />
3) You will understand how investigators and security companies investigate these high profile attacks<br><br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 14:30 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:45 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Using the browser as a platform for security tools <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:45 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Building Security In Maturity Model (BSIMM)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.<br />
<br />
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 16:45 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Close<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="left" colspan="0" | <br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=154197EUTour2013 Dublin Agenda2013-06-20T20:13:17Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training. [https://www.owasp.org/index.php/EUTour2013#Training Info about the training session])'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''Training (Wednesday 25th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Tuesday 25th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br><br />
|-<br />
<br><br />
| align="center" bgcolor="#EEEEEE" colspan="2"| '''DEFENSIVE PROGRAMMING – JAVASCRIPT AND HTML5'''<br><br><br />
<br />
HTML5 is the fifth revision of the HTML standard. HTML5, and its integration with JavaScript, introduces new <br />
security risks that we need to carefully consider when writing web front-end code. Modern web-based software, including <br />
mobile web front-end applications, makes heavy use of innovative JavaScript and HTML5 browser support to deliver <br />
advanced user experiences. Front-end developers focus their efforts on creating this experience and are generally not aware <br />
of the security implications of the technologies they use. <br><br />
<br />
The Defensive Programming – JavaScript/HTML5 course helps web front-end developers understand the risks involved with <br />
manipulating the HTML Document Object Model (DOM) and using the advanced features of JavaScript and HTML 5 such as <br />
cross-domain requests and local storage. The course reinforces some important security aspects of modern browser <br />
architecture and presents the student with defensive programming techniques that can be immediately applied to prevent common vulnerabilities from being introduced. Additionally, the course provides a detailed description of typical JavaScript sources and sinks and explains how they can be used to detect problems in code.<br><br />
<br />
'''For more information about the training please see''' [https://www.owasp.org/index.php/EUTour2013#Training Further training information]<br />
<br><br />
<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | '''Price:''' 350€ Non members / 300€ OWASP members. <br><br />
<br />
'''Duration:''' 8 hours (09:00h - 18:00h)<br />
<br><br />
'''Registration Link to the Europe Tour training''': [http://regonline.com/owaspeutourdublindefensiveprogramming Register Here]'''<br><br />
<br><br />
|-<br />
|} <br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [http://www.regonline.com/owaspeutourdublin Register Here]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details - Times are subject to change '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:30 <br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 10:00 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:15 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Needles in haystacks, why we are not solving the appsec problem & html hacking the<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Eoin Keary<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? <br><br><br />
<br />
Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!!<br><br> Why do we do this and make security bugs over complex?<br><br />
Why are we still happy with “Testing security out” rather than the more superior “building security in”? <br><br><br />
We shall also look at mark up attacks which break CSP controls.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 11:15 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30 <br>(60 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Realex Payments Application Security story<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | David Rook<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | As the old British Telecom adverts used to say it's good to talk so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I'd do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach.<br />
<br />
The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we've ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland.<br />
<br />
This isn't an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments.<br />
<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 12:30 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Lunch<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:30 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lesson learned from the trenches of targeted attack <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Robert McArdle<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.<br />
<br />
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.<br />
<br />
KEY QUESTIONS<br />
1) What is the reality (not the hype) of a modern targeted attack<br><br />
2) You will understand the Modus Operandi of a two main types of Cybercriminals<br><br />
3) You will understand how investigators and security companies investigate these high profile attacks<br><br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 14:30 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:45 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Using the browser as a platform for security tools <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:45 <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Building Security In Maturity Model (BSIMM)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.<br />
<br />
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 16:45 <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Close<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | <br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=152183EUTour2013 Dublin Agenda2013-05-23T22:58:37Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training)'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details - Times are subject to change '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:30 am<br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 am<br>(45 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Realex Payments Application Security story<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | David Rook<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | As the old British Telecom adverts used to say it's good to talk so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I'd do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach.<br />
<br />
The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we've ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland.<br />
<br />
This isn't an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Building Security In Maturity Model (BSIMM) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.<br />
<br />
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.<br />
<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30AM <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Using the browser as a platform for security tools <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:30AM <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lunch<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:30AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lesson learned from the trenches of targeted attack<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Robert McArdle<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.<br />
<br />
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.<br />
<br />
KEY QUESTIONS<br />
1) What is the reality (not the hype) of a modern targeted attack<br><br />
2) You will understand the Modus Operandi of a two main types of Cybercriminals<br><br />
3) You will understand how investigators and security companies investigate these high profile attacks<br><br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:15AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Eoin Keary<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:00AM <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | <br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=152182EUTour2013 Dublin Agenda2013-05-23T22:55:28Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training)'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details - Times are subject to change '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:30 am<br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 am<br>(45 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Realex Payments Application Security story<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | David Rook<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | As the old British Telecom adverts used to say it's good to talk so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I'd do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach.<br />
<br />
The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we've ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland.<br />
<br />
This isn't an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Building Security In Maturity Model (BSIMM) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.<br />
<br />
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.<br />
<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30AM <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:30AM <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lunch<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:30AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lesson learned from the trenches of targeted attack<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Robert McArdle<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.<br />
<br />
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.<br />
<br />
KEY QUESTIONS<br />
1) What is the reality (not the hype) of a modern targeted attack<br><br />
2) You will understand the Modus Operandi of a two main types of Cybercriminals<br><br />
3) You will understand how investigators and security companies investigate these high profile attacks<br><br />
|}<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 14:15AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Eoin Keary<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 15:00AM <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Robert McArdle<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | Targeted attacks are now a major worry for organisations. In this talk we will describe</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=151981EUTour2013 Dublin Agenda2013-05-21T19:04:36Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training)'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details - Times are subject to change '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:30 am<br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 am<br>(45 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Realex Payments Application Security story<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | David Rook<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | As the old British Telecom adverts used to say it's good to talk so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I'd do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach.<br />
<br />
The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we've ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland.<br />
<br />
This isn't an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Building Security In Maturity Model (BSIMM) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.<br />
<br />
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.<br />
<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30AM <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:30AM <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lunch<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:30AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lesson learned from the trenches of targeted attack<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Robert McArdle<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="left" colspan="0" | Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.<br />
<br />
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.<br />
<br />
KEY QUESTIONS<br />
1) What is the reality (not the hype) of a modern targeted attack<br><br />
2) You will understand the Modus Operandi of a two main types of Cybercriminals<br><br />
3) You will understand how investigators and security companies investigate these high profile attacks<br><br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=151978EUTour2013 Dublin Agenda2013-05-21T18:40:55Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training)'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details - Times are subject to change '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:30 am<br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 am<br>(45 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Realex Payments Application Security story<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | David Rook<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | As the old British Telecom adverts used to say it's good to talk so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I'd do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach.<br />
<br />
The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we've ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland.<br />
<br />
This isn't an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments.<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Building Security In Maturity Model (BSIMM) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.<br />
<br />
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.<br />
<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30AM <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:30AM <br>(60 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lunch<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 13:30AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lesson learned from the trenches of targeted attack<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Robert McArdle<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Targeted attacks are now a major worry for organisations. In this talk we will describe real life case studies of some of the largest and more sophisticated targeted attacks, including how we infiltrated and mapped criminal networks, and live demos of some such mapping in action.<br />
<br />
In this talk we will discuss some of the major ongoing and previous targeted attack campaigns that have been uncovered by Trend Micro in the last year or so, such as Luckycat, Tinba and others. We will discuss in-depth the modus operandi of the criminals in these so called APT attacks, show how we mapped and infiltrated their infrastructure, and demo some of the tools and techniques that we use when carrying out these type of investigations. All of this presentation will focus on real technical details from real cases studies, and this presentation will also include live demos.<br />
<br />
KEY QUESTIONS<br />
<br />
1) What is the reality (not the hype) of a modern targeted attack<br />
2) You will understand the Modus Operandi of a two main types of Cybercriminals<br />
3) You will understand how investigators and security companies investigate these high profile attacks<br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=151957EUTour2013 Dublin Agenda2013-05-21T07:17:18Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training)'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details - Times are subject to change '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:30 am<br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00 am<br>(45 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The Building Security In Maturity Model (BSIMM) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Paco Hope<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | How do you know what security activities belong in your software lifecycle? How do you measure what you're doing? Begun in 2009, the BSIMM, is an observation-based scientific model directly describing the collective software security activities of more than sixty software security initiatives. Used as a measuring tool, BSIMM helps an organisation understand and plan their software security initiative. It covers the full framework of software development from requirements, architecture, code and test, to release management, governance, and training. This talk will introduce the measurements, explain what is measured, how it is measured, and how the measurement can be used to create or improve a software security initiative.<br />
<br />
Paco Hope is a Principal Consultant at Cigital, helping Fortune 500 companies secure their software for over 10 years in a variety of industries like online gaming, financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook and a frequent conference speaker. As and a member of (ISC)²'s Application Security Advisory Board, he helps create and advise on the direction of the CSSLP certification. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software.<br />
<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Mark Goodwin<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30AM <br>(15 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Coffee Break<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:45AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 12:30AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Lunch<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | <br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=151764EUTour2013 Dublin Agenda2013-05-16T19:04:07Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training)'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 am<br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 9:45 am<br>(45 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:15AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=151763EUTour2013 Dublin Agenda2013-05-16T19:03:14Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training)'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''When''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Where'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: TCube<br><br />
Venue Address: , 32 - 34 Castle Street, Dublin 2, Ireland'''<br><br />
Venue Map: [https://maps.google.ie/maps?q=32+-+34+Castle+Street,+Dublin+2,+Ireland&hl=en&ll=53.343391,-6.269084&spn=0.004977,0.013679&sll=53.343392,-6.269086&sspn=0.009954,0.027359&hnear=34+Castle+St,+Dublin+2,+County+Dublin&t=m&z=17 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 am<br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 9:45 am<br>(45 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:15AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
|}</div>Fiona Collinshttps://wiki.owasp.org/index.php?title=EUTour2013_Dublin_Agenda&diff=151095EUTour2013 Dublin Agenda2013-05-06T21:24:06Z<p>Fiona Collins: </p>
<hr />
<div><noinclude>{{:EUTour2013 header}}</noinclude><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" height="30" style="background:#CCCCEE;" colspan="2" | '''CONFERENCE AND TRAINING''' <br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | <br />
== '''OWASP Europe Tour - Dublin 2013''' == <br />
'''Tuesday 25th June''' ''(Training)'' <br>'''Wednesday 26th June''' ''(Conference)''<br />
|-<br />
| valign="center" bgcolor="#CCCCEE" align="center" colspan="2" | '''DESCRIPTION'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" | '''OWASP Europe TOUR,''' is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.<br />
<br />
*Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.<br />
<br />
* This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.<br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''OWASP MEMBERSHIP'''<br />
|-<br />
| valign="left" height="80" bgcolor="#EEEEEE" align="center" colspan="2" | During the OWASP Europe Tour you could become a member and support our mission.<br><br />
[https://www.cvent.com/Events/ContactPortal/Login.aspx?cwstub=15bbcfd1-f49b-4636-ba4e-c9ce70a265e5 Become an OWASP member by clicking here] <br><br />
|}<br />
<br><br />
<br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"<br />
|-<br />
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff"> <br />
'''CONFERENCE (Wednesday 26th June)''' </span><br />
|-<br />
|-<br />
| style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha''' <br />
| style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''<br />
|-<br />
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Wednesday 26th June '''<br />
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: XXX<br><br />
Venue Address: XXX'''<br><br />
Venue Map: [http://g.co/maps/ajq42 Google Maps] <br />
|-<br />
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''<br />
|-<br />
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br><br />
'''Registration Link to the Europe Tour''': [TBD REGISTER HERE!]'''<br><br />
<br><br />
|-<br />
|} <br />
<br><br />
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"<br />
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | '''Conference Details '''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time''' <br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''<br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 am<br>(30 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration<br />
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 9:45 am<br>(45 mins) <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA <br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
|-<br />
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:15AM <br>(45 mins)<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA<br />
|}</div>Fiona Collins