File:PUCRS2.jpg

2011-08-24T20:54:10Z

Rafael Dreher: uploaded a new version of "File:PUCRS2.jpg"

AppSecLatam2011

2011-08-24T20:53:39Z

Rafael Dreher:

__NOTOC__

{|
|-
! width="700" align="center" | 
! width="500" align="center" | 
|-
| align="center" | [[Image:AppSec Brasil 11 medio.png]]
| align="center" |
 '''Language: [http://www.owasp.org/index.php?title=AppSecLatam2011 http://www.owasp.org/images/8/88/Bandeira_reino_unido.png]
[http://www.owasp.org/index.php?title=AppSecLatam2011_(pt-br) http://www.owasp.org/images/4/49/Bandeira_brasil.png] [http://www.owasp.org/index.php?title=AppSecLatam2011_(es) http://www.owasp.org/images/1/1c/Bandeira_espanha.png] 

*[http://www.owasp.org/images/1/19/AppSecLatam_2011_Announcement.pdf Press Release]
*[[AppSecLA2011/Media Mentions|Media Mentions]]
*[[AppSecLA2011/Archived|Archived]]

 '''Follow us: [http://www.twitter.com/AppSecLatam http://www.owasp.org/images/f/f7/Twitter.png]
[http://www.facebook.com/event.php?eid=155195651207509 http://www.owasp.org/images/5/55/Facebook.png] [http://events.linkedin.com/OWASP-Global-AppSec-Latin-America-2011/pub/607738 http://www.owasp.org/images/1/1a/Linkedin.png]

|}

 

==== Welcome ====

{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
We are pleased to announce that the [http://www.owasp.org/index.php/Porto_Alegre OWASP Porto Alegre Local Chapter] will organize the '''Global AppSec Latin America 2011 Conference''' in Porto Alegre-RS, Brazil. 

The Global AppSec Latin America 2011 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 200-250 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals. 

A OWASP Global AppSec Latin América 2011 will be happens in Brazil at Porto Alegre city, Rio Grande do Sul state [http://maps.google.com/maps?f=q&source=s_q&hl=pt-BR&geocode=&q=Porto+Alegre&ie=UTF8&hq=&hnear=Porto+Alegre+-+Rio+Grande+do+Sul,+Brasil&z=11 map] in October 4th to 7th 2011. The trainings will be in October 04 and 05, and the presentations will be in October 06 and 07.

 If you have any questions, please email the conference chair: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org] 

 '''Who Should Attend Global AppSec Latin América 2011:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interested in Improving IT Security 



|}



| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | 
[[Image:Owasp-poa-eng.png]]

{{#ev:youtube|pXQ9z8sPcHI}}

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use the '''[http://search.twitter.com/search?q=%23AppSecLatam #AppSecLatam]''' hashtag for your tweets for Global AppSec Latin America 2011 (What are [http://hashtags.org/ hashtags]?)

'''@AppSecLatAm Twitter Feed ([http://twitter.com/AppSecLatam Follow us on Twitter!])''' <twitter>262394051</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | 
|}

 

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | 
|}

 

==== CFT & CFP ====

== CFT ==

Read the Call for Trainings in: [https://www.owasp.org/index.php/AppSecLatam2011/CFT https://www.owasp.org/index.php/AppSecLatam2011/CFT]

We are doing a research about subjects of the trainings. You can help us, answering the questions in the follow address:

[http://www.surveymonkey.com/s/3RCZ9RR http://www.surveymonkey.com/s/3RCZ9RR]

== CFP ==

Read the Call for Presentations in: [https://www.owasp.org/index.php/AppSecLatam2011/CFP https://www.owasp.org/index.php/AppSecLatam2011/CFP]

 

== Program Committee ==

*Kuai Hinojosa
*Leandro Gomes
*Leonardo Buonsanti
*Leonardo Lemes
*Luiz Eduardo
*Luiz Otávio Duarte
*Mateo Martinez
*Rodrigo Rubira

 

==== Keynotes ====

== '''Keynotes''' ==

== Bryan Sullivan ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/3/36/Bryan-sullivan.jpg
| align="justify" | [http://www.linkedin.com/in/bryanjsullivan Bryan Sullivan ] is a Senior Security Researcher with Adobe Systems, where he focuses on cloud security issues. Prior to Adobe, he was a program manager on Microsoft's Security Development Lifecycle team, and a development manager at HP, where he helped to design HP's vulnerability scanning tools WebInspect and DevInspect.
Bryan has spoken at security industry conferences such as Black Hat, RSA Conference, BlueHat and TechEd on a diverse range of topics including NoSQL, RIA architecture, REST, cryptography, denial-of-service defense, URL rewriting, and applying secure development processes to Agile projects. He was the author of the MSDN Magazine column Security Briefs, and is the coauthor of the books Ajax Security (Addison-Wesley, 2007) and the upcoming Secure Web Applications, A Beginner's Guide (McGraw-Hill, 2011). [http://www.linkedin.com/in/bryanjsullivan Linkedin]

|}

 

== '''Guest Speakers''' ==

== Chris Evans ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/4/48/ChrisEvans1.png
| align="justify" | [http://www.linkedin.com/in/scarybeast Chris Evans] - Troublemaker, Google Inc. Chris Evan is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. His work includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at [http://scarybeastsecurity.blogspot.com http://scarybeastsecurity.blogspot.com]. At Google, Chris currently leads security for Google Chrome. He has presented at various conferences (PacSec, HiTB Dubai, HiTB Malaysia, BlackHat Europe, HiTB Amsterdam, OWASP, etc.) and is on the HiTB and WOOT paper selection panels. [http://www.linkedin.com/in/scarybeast Linkedin]
|}

== Michael Craigue ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/0/0c/MichaelCraigue.jpg
| align="justify" | [http://www.linkedin.com/in/craigue Michael Craigue] (CISSP/CSSLP) is Director of the Security Consulting group at Dell, with 14 team members in Brazil, India, Malaysia, and the US. He and his team have responsibility for consulting with all of Dell’s internal organizations, including IT, Product Group, Services, and Mergers and Acquisitions, with a particular focus on the Secure Software Development Lifecycle. He has taught Database Management and Business Intelligence / Knowledge Management at St. Edward’s University in their MBA / MS CIS programs. Prior to joining Dell’s information security team, he spent a decade building Web and database applications. He has a PhD from the University of Texas at Austin in Higher Education Administration / Finance. [http://www.linkedin.com/in/craigue Linkedin]
|}

==== October 4th-5th (Training) ====

== Schedule ==

'''Training 1 - ModSecurity Training'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor''': Breno Silva

'''Abstract''':
This is a Hands-On traning about ModSecurity (WAF). People in this class will learn the main topics of ModSecurity, including installation, modes of deployment, configuration, rule customization and logging.

'''1. O que é ModSecurity?'''
* Como instalar
* Arquiteturas
* Exercicio 1

'''2. Configurando ModSecurity'''
* Principais diretivas de configuração
* Core Rule Set (CRS)
* Exercicio 1
* Exercicio 2

'''3. Customizando regras'''
* Sintaxe
* Fases
* Principais variáveis
* Principais operadores
* Principais ações
* Funções de transformação
* Exercicio 1
* Exercicio 2
* Exercicio 3
* Exercicio 4

'''4. Logging'''
* Entendendo as Log parts
* Exercicio 1

'''About the instructor''':
Breno is a computer scientist with over 8 years experience in Information Technology, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a deep mathematical education, supporting research and algorithm design for network anomaly detection mechanisms in high-speed networks. Breno is currently a security researcher for TrustWave Spiderlabs team, also the maintainer of ModSecurity, developement team member of Suricata IDS/IPS. He worked as a computer incidente response team member for the Telecom Industry in Latin America. Breno resides in Brasília, Brazil.

------------------------------
'''Training 2 - Introduction to Web Application Security'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Spanish

'''Instructor:''' Fabio Cerullo

'''Abstract''':
This training will help you will gain skills on how to assess applications from a hacker's point of view, understand application security vulnerabilities and learn how to close these security holes in your Java or .Net applications so they are never exploited by a hacker. This intensive one day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.
?Hands on
The students will participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities and then use proxy tools (i.e., Webscarab) to complete the exercises.

'''About the instructor''':
Fabio is currently working as an Information Security Specialist at AIB Bank (Dublin, Ireland). His tasks include performing risk analysis, assessing the security of web applications developed internally or purchased from third parties, define policies and standards on secure coding, as well as providing training on web application security to developers, auditors, executives and security professionals. Prior to joining AIB, he worked as a Security Engineer at the European headquarters of Symantec Security Response analyzing malicious code, blended threats, security risks and vulnerabilities in various applications. Before moving to Ireland, he worked in the development of different training programs and activities with emphasis on secure software development in his native Argentina. As a member of the OWASP organization, Fabio is part of Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security; he coordinates international conferences around this topic, and since early 2010 has been appointed chairman of OWASP Chapter in Ireland. Fabio is a graduate in Computer Engineering from the Universidad Católica Argentina and has been granted the CISSP by (ISC) 2 back in 2006.

-------------------------------------
'''Training 3 - Introdução à criptografia ilustrada em Java para programadores web'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Alexandre Melo Braga

'''Abstract''':
A criptografia é a única tecnologia capaz de proteger dados em trânsito. O mimicurso terá o seguinte conteúdo geral: criptografia simétrica, criptografia assimétrica, modos de operação de cifras de bloco, funções de hash, funções MAC, geradores números pseudo-aleatórios e protocolos de acordo de chaves e SSL. Uma vez que se trata de um treinamento para programadores, todo o conteúdo será exemplificado em Java e será dada ênfase à identificação de maus usos de criptografia. O minicurso tem o aspecto prático de que todos os programas serão manipulados no treinamento, não apenas e PPT.

'''About the instructor''':
Professor de graduação em tecnologia e segurança por 10 anos
Professor de pós-graduação em desenvolvimento seguro de software e criptografia há 5 anos.
Autor de diversos artigos científicos
Instrutor de diversos treinamentos para organizações privadas no Brasil e no exterior assim como para instituições educacionais.

-----------------------------------
'''Training 4 - OWASP Top 10 + Java EE'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Magno Rodrigues

'''Abstract''':
The goal of this training is to give a better understanding about the top 10 risks that are more critical to web applications using the OWASP Top 10 v.2010 document, that describes them, their impacts and how to avoid them. We will go through all 10 risks, showing what they are with practical examples and detailed explanation. Participants will have the opportunity to practice the search and fixing of theses risks with a vulnerable web application called WebGoat, which is also an OWASP Project developed in Java EE. All the examples will be in Java, so previous knowledge of this programming language is a plus but not mandatory.

'''About the instructor''':
Magno Rodrigues de Oliveira é Líder e Fundador do Capítulo da OWASP na Paraíba. Pós-Graduando em Segurança da Informação pela Faculdade de Tecnologia de João Pessoa. Realizou um curso de 1 (um) ano em Forense Computacional em Nova York, EUA. Formado em Tecnologia em Sistemas para Internet pelo Instituto Federal de Educação, Ciência e Tecnologia da Paraíba. Trabalha atualmente como Analista de Sistemas da Politec, prestando serviços para a Secretaria de Estado da Receita da Paraíba.

---------------------------------
'''Training 5 - Protecting Java Web Applications against known (and unknown) vulnerabilities with the new Mod_Security for Java.'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Spanish

'''Instructor:''' Juan Carlos Calderon

'''Abstract''':
Explanation on how Mod_Security for Java works, when is more suitable, how to install it, configure it and create rules in both XML and Mod_Security format to protect a java application against common vulnerabilities in OWASP Top 10 and SANS/CWE 25. Also an introduction to OWASP Mod_Security Core Ruleset to protect application on dangerous patterns that can lead to vulnerabilities not publicly available right now.

'''About the instructor''':
Professional with 11 years of application security expertise working for multinational companies in the Financial, Aviation, Media and transportation industries, supporter of OWASP as project leader since 5 years ago and CSSLP certified.

------------------------------------
'''Training 6 - Uso da OWASP ESAPI (Enterprise Security API) para prover segurança em aplicações Web'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Tarcizio Vieira Neto

'''Abstract''':
A evolução da tecnologia no desenvolvimento de aplicações WEB tem contribuído com o aumento significativo do uso dessa tecnologia para atender os mais diversificados propósitos. Porém, essa tecnologia está sujeita a diversas vulnerabilidades de segurança críticas, principalmente quando pesquisas recentes apontam que a maioria das vulnerabilidades estão presentes na própria aplicação.
A biblioteca ESAPI (Enterprise Security API), da OWASP, surge neste cenário como uma biblioteca de segurança open source disponível para diversas linguagens, como Java EE, PHP, .NET, ASP Clássico, Python, Ruby, entre outras. O minicurso aborda de modo prático as vulnerabilidades causadas por erros comuns no desenvolvimento de aplicações e os mecanismos de controle de segurança providos pela biblioteca ESAPI com o foco na tecnologia Java. Os princípios gerais aprendidos no curso podem ser aplicados no contexto das demais linguagens de programação.

'''About the instructor''':
Tarcizio Vieira Neto é graduado em Ciência da Computação pela Universidade Federal de Goiás (UFG), em Goiânia. Atualmente trabalha no SERPRO, desde novembro de 2009, como Analista de Desenvolvimento, na Coordenação Estratégica de Tecnologia CETEC, desenvolvendo trabalhos sobre o tema segurança no desenvolvimento de aplicações, envolvendo aspectos processuais e técnicos, como também participa da prospecção de ferramentas que dão suporte à segurança no desenvolvimento de aplicações Web.
Participou também como instrutor no treinamento de novos empregados e auxiliou na elaboração do material do curso em Ensino a Distância na universidade corporativa do SERPRO (UniSERPRO).
Participou da primeira versão da tradução do OWASP Secure Coding Principles Quick Reference Guide, para o português brasileiro e liderou o projeto de revisão da tradução do mesmo documento.
Possui especialização em gestão da segurança da informação pela Universidade de Brasília (UnB).

==== October 6th ====

== Schedule ==

To be published soon.

==== October 7th ====

== Schedule ==

To be published soon.

==== Venue ====

The event will be held in Porto Alegre, RS, Brazil at [http://www.pucrs.br PUCRS University] - Building 50 Auditorium.

You can check the location at [http://maps.google.com.br/maps?oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&hl=en&biw=1440&bih=760&ie=UTF-8&q=PUCRS&fb=1&gl=br&hq=PUCRS&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+Rio+Grande+do+Sul&cid=0,0,13248223140037344003&ei=y1JVTq7yBaOtsQLS6Im3Bw&sa=X&oi=local_result&ct=image&ved=0CAQQ_BI Google Maps]

==== Registration ====

== Online Registration ==

Registration form is available at http://registration2011.appseclatam.org/

== Conference Fees ==

'''Access to conference:'''

* Before Aug 31st: 250.00 BRL
* Before Sep 30th: 350.00 BRL
* After Oct 1st: 450.00 BRL

'''Trainings'''

* One day: 450.00 BRL
* Two days: 900.00 BRL

''Please check the registration form for information about conference packages.''

'''Discounts'''

* OWASP Member: 100.00 BRL (Note: This discount is greater than the OWASP USD 50.00 annual fee. Check [http://www.google.com.br/#q=50+usd+in+brl&fp=1 here]
* Student: 100.00 BRL (Note: student ID required).
* Special discounts available for groups registrations. Please send inquiries to appsec2011@appseclatam.org

==== Practical Info ====

== Visitors' Guide ==

Gate for tourists in the state of Rio Grande do Sul in Brazil, and only 120 miles from the pleasant Serra Gaucha, Porto Alegre is a bustling hub of services and infrastructure with quality recognized, and a base of large national and international companies and a major destination for international events in Brazil.

Usefull links:

[http://www2.portoalegre.rs.gov.br/turismo http://www2.portoalegre.rs.gov.br/turismo]

[https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre]

 60 Minutes recent report about Brazil and his development potencial: {{#ev:youtube|DMM7OJ_Kj9I}}

 Tourist video about Porto Alegre City: {{#ev:youtube|pXQ9z8sPcHI}}

== Electric Outlet ==

[http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html https://www.owasp.org/images/0/0f/Tomadas_diversas.jpg] 
Reference: [http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html]

== Weather ==

== Trip ==

== Accommodation ==

'''NOVOTEL PORTO ALEGRE''' 
Av. Soledade, 575 
Três Figueiras 
Phone: (51) 3327-9292 

Single / Double 
R$243,00 / R$289,00 
Cortesy breakfast 

General Conditions 
. Diárias expressas em reais (R$), por dia e por apartamento; . Diárias iniciam e terminam às 12 horas; . Taxa de Turismo (opcional) - R$2,50 por dia/apartamento; . Imposto Municipal: acrescer 5% ISS; . O acesso à internet nas áreas sociais e nos apartamentos é cortesia; . Estacionamento: R$16,00 por carro ao dia (com manobrista); . Terceira pessoa no apartamento: Mediante disponibilidade. Cobrada taxa diária de R$47,00 + 5% ISS e será acomodada em cama extra ou sofá cama; . Forma de Pagamento: Depósito antecipado ou pagamento direto; . Garantia de No Show: Todas as reservas deverão ter garantia de no show. Em caso de não comparecimento, poderá ser cobrado o período integral reservado; . Não aceitamos cheques; . Duas crianças de até 16 anos no Novotel e uma criança de até 12 anos no Mercure acompanhadas dos pais/responsáveis no mesmo apartamento serão cortesia.
Necessária apresentação de documentação de identificação no check-in; . Valores pagos não serão reembolsáveis ou dados como créditos para próximas hospedagens; 

Map link: 
http://maps.google.com.br/maps?hl=pt-BR&um=1&ie=UTF-8&q=novotel+porto+alegre&fb=1&gl=br&hq=novotel&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+RS&cid=0,0,11722004907679800889&ei=GKn4TfaHDIP20gGF9pXDCw&sa=X&oi=local_result&ct=image&resnum=1&ved=0CDAQnwIwAA

https://www.owasp.org/images/3/33/Novohotel.jpg

==== Social Events ====

Information will be published here.

==== Sponsoring ====

We are looking for sponsors for 2011 edition of Global AppSec Latin America. See more details about sponsor opportunities.

If you are interested to sponsor Global AppSec Latin America 2011, please contact the conference chair: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org].

To find out more about the different sponsorship opportunities please check the document below: [http://www.owasp.org/images/4/4f/OWASP_AppSec_2011_Sponsorship_English.pdf OWASP AppSec 2011 Sponsorship English.pdf]

 

== Diamond Sponsors ==
 
<center>
[[Image:elipse_logo3.png|link=http://www.elipse.com.br]]
</center>
 

== Platinum Sponsors ==
 
== Gold Sponsors ==
 
<center>
[[Image:IT2S.png|link=http://www.it2s.com.br]]  
[[Image:trustwaveappseclatam.jpg|link=https://www.trustwave.com]]
</center>
 

== Silver Sponsors ==
 
<center>
[[Image:Adobe_logo5.png|link=http://www.adobe.com]]  
[[Image:PUCRS2.jpg|link=http://www.pucrs.br]]
</center>
 

== Conference Kit Sponsors ==
 
<center>
[[Image:LogotipoConvisoCor.png‎|200px|link=http://www.conviso.com.br]]   [[Image:LgClavis.jpg‎|link=http://www.clavis.com.br]]
</center>
 

== Local Promotion ==
 
<center>
[[Image:Logo-PoaSec2.png|link=http://www.poasec.org]]
</center>
 

==== Team ====
[mailto:abc@elipse.com.br Alexandre Balestrin Correa] 
[http://cassiogoldschmidt.com/ Cassio Goldschmidt] [http://www.owasp.org/index.php/User:Jeronimo_Zucco Jerônimo Zucco ] [http://www.owasp.org/index.php/User:Gustavo_Barbato L. Gustavo C. Barbato ] [http://www.owasp.org/index.php/User:Sapao Lucas C. Ferreira ] [http://www.owasp.org/index.php/User:Rafael_Dreher Rafael Dreher ] 

==== Chapter Leader Workshop ====

=='''What is the Chapter Leader Workshop?''' ==
On '''Wednesday, October 5,2011 at 13:30h-16:30h''' the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. ''Please note that this Workshop will take place on the day before the Conference starts.''

'''Items that will be discussed are:'''
* How to improve the current Chapter Leader Handbook?
* How to start and support new chapters within Latin America?
* How to support inactive chapters within Latin America?
* What Governance model is required for OWASP chapters?
* How can the Global Chapters Committee facilitate the Latin American chapters?
* ...

Additionally we hope to make time and space available to do hands-on work revising the [[Chapter Leader Handbook]], details TBA.

== '''Funding to Attend the Workshop''' ==

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Latin America, please submit a request to [mailto:tin.zaw@owasp.org Tin Zaw] and [mailto:sarah.baso@owasp.org Sarah Baso] by '''August 22, 2011'''.

Funding for your attendance to the workshop should be worked out in the following order.

# Ask your employer to fund your trip to AppSec Latin America conference.
# Utilize your chapter funds.
# Ask the chapter committee for funding assistance.

While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 22, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP.

== '''RSVP and Details''' ==

To RSVP and view more details about the Workshop, go to the '''[[AppSecLatam2011 chapters workshop agenda]]'''.

== '''Contact''' ==

Email [mailto:sarah.baso@owasp.org Sarah Baso] or [mailto:tin.zaw@owasp.org Tin Zaw] for more details.

<headertabs />

[[Category:OWASP_AppSec_Conference]]

File:PUCRS2.jpg

2011-08-24T20:45:16Z

Rafael Dreher: uploaded a new version of "File:PUCRS2.jpg"

AppSecLatam2011 (es)

2011-08-24T20:43:33Z

Rafael Dreher:

__NOTOC__

{|
|-
! align="center" width="700" | 
! align="center" width="500" | 
|-
| align="center" | [[Image:AppSec Brasil 11 medio.png]]
| align="center" |
 '''Lenguaje: [http://www.owasp.org/index.php?title=AppSecLatam2011 http://www.owasp.org/images/8/88/Bandeira_reino_unido.png]
[http://www.owasp.org/index.php?title=AppSecLatam2011_(pt-br) http://www.owasp.org/images/4/49/Bandeira_brasil.png] [http://www.owasp.org/index.php?title=AppSecLatam2011_(es) http://www.owasp.org/images/1/1c/Bandeira_espanha.png] 

*[http://www.owasp.org/images/1/19/AppSecLatam_2011_Announcement.pdf Comunicado de Prensa]
*[[AppSecLA2011/Media Mentions|Menciones de Medios]]
*[[AppSecLA2011/Archived|Archivos]]

 '''Síganos: [http://www.twitter.com/AppSecLatam http://www.owasp.org/images/f/f7/Twitter.png]
[http://www.facebook.com/event.php?eid=155195651207509 http://www.owasp.org/images/5/55/Facebook.png] [http://events.linkedin.com/OWASP-Global-AppSec-Latin-America-2011/pub/607738 http://www.owasp.org/images/1/1a/Linkedin.png]

|}

 

==== Bienvenido ====

{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
Nos complace en anunciar que el [http://www.owasp.org/index.php/Porto_Alegre Capítulo Local de OWASP Puerto Alegre] organizará '''Global AppSec Latín America 2011 Conference''' en Puerto Alegre-RS, Brasil. 

La Global AppSec Latín America 2011 Conference será un encuentro de líderes de América Latína en Seguridad de la Información, donde se presentarán ideas de vanguardia. Los eventos organizados por OWASP atraen a la audiencia interesada en las últimas novedades. Se espera la presencia de 200-250 personas de diferentes ámbitos, Gubernamentales, Servicios Financieros, Medios de Comunicación, Farmacia, Salud, Tecnología, entre otros. 

OWASP Global AppSec Latín América 2011 se realizará en la ciudad de Puerto Alegre, estado de Río Grande del Sur, Brasil [http://maps.google.es/maps?f=q&source=s_q&geocode=&q=Porto+Alegre&ie=UTF8&hq=&hnear=Porto+Alegre+-+Rio+Grande+do+Sul,+Brasil&z=11 mapa] del 4 a 7 de Octubre de 2011. Las capacitaciones serán 4 y 5, mientras que la conferencia será 6 y 7 de Octubre.

 Sí usted tiene alguna pregunta, por favor, envíe un email a la organización: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org] 

 '''Quién debería asistir a Global AppSec Latín América 2011:'''

*Desarrolladores de Aplicaciones
*Probadores de Aplicación y Aseguradores de Calidad
*Administradores de Proyectos y Personal
*Directores de Seguridad de la Información, Jefes de Tecnología
*Directores de Finanzas, Auditores, Responsables de Seguridad
*Administradores de Seguridad
*Ejecutivos, Gerentes, personal responsable de Gobierno de Seguridad
*Profesionales de TI interesados en la mejora de la Seguridad 



|}



| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | 
[[Image:Owasp-poa-eng.png]]

{{#ev:youtube|pXQ9z8sPcHI}}

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Utilice el siguiente hashtag '''[http://search.twitter.com/search?q=%23AppSecLatam #AppSecLatam]''' para twittear acerca de Global AppSec Latín América 2011 (Qué son los [http://hashtags.org/ hashtags]?)

'''@AppSecLatAm Twitter Feed ([http://twitter.com/AppSecLatam Síguenos en Twitter!])''' <twitter>262394051</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | 
|}

 

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | 
|}

 

==== CFT & CFP ====

== CFT ==

Lea la LLamada a las Capacitaciones (Call for Trainings) en: [https://www.owasp.org/index.php/AppSecLatam2011/CFT_es https://www.owasp.org/index.php/AppSecLatam2011/CFT_es]

Estamos realizando una investigación sobre los tópicos de las capacitaciones. Usted puede ayudarnos respondiendo las preguntas en la siguiente dirección:

[http://www.surveymonkey.com/s/3RCZ9RR http://www.surveymonkey.com/s/3RCZ9RR]

== CFP ==

Lea la Llamada a las Presentaciones en [https://www.owasp.org/index.php/AppSecLatam2011/CFP_es https://www.owasp.org/index.php/AppSecLatam2011/CFP_es]

 

== Comité del Programa ==

*Kuai Hinojosa
*Leandro Gomes
*Leonardo Buonsanti
*Leonardo Lemes
*Luiz Eduardo
*Luiz Otávio Duarte
*Mateo Martinez
*Rodrigo Rubira

 

==== Conferencias Destacadas ====

== '''Conferencias Destacadas''' ==

== Bryan Sullivan ==

{| style="background-color: transparent"
|-
! align="center" width="200" | 
! align="center" width="1000" | 
|-
| align="center" | https://www.owasp.org/images/3/36/Bryan-sullivan.jpg
| align="justify" | [http://www.linkedin.com/in/bryanjsullivan Bryan Sullivan ] es Investigador Señor de Seguridad en Adobe Systems, donde él está focalizado en cuestiones de seguridad en la nube. Antes de Abobe, trabajó como Director del equipo de Desarrollo Seguro de Microsoft (SDL), y Jefe de Desarrollo en HP, donde ha ayudado a diseñar los escáneres de vulnerabilidades WebInspect y DevInspect.
Bryan ha sido orador en conferencias de seguridad como Black Hat, RSA Conference, BlueHat y TechEd sobre diversos tópicos incluyendo NoSQL, RIA, REST, Criptografía, Defensa de DoS, reescritura de URLs, y aplicación de desarrollo seguro a Proyectos Ágiles. Autor de la columna "Security Briefs" en MSDN Magazine, y es el coautor de los libros Ajax Security (Addison-Wesley, 2007) y el próximo a publicarse Secure Web Applications, A Beginner's Guide (McGraw-Hill, 2011). [http://www.linkedin.com/in/bryanjsullivan Linkedin]

|}

 

== '''Oradores Invitados''' ==

== Chris Evans ==

{| style="background-color: transparent"
|-
! align="center" width="200" | 
! align="center" width="1000" | 
|-
| align="center" | https://www.owasp.org/images/4/48/ChrisEvans1.png
| align="justify" | [http://www.linkedin.com/in/scarybeast Chris Evans] - Troublemaker, Google Inc. Chris Evans es conocido por varios trabajos en la comunidad de la seguridad. En particular, él es investigador de seguridad y autor de vsftpd. Los detalles de vsftpd pueden encontrarse en http://vsftpd.beasts.org/. Su trabajo incluye vulnerabilidades en los principales navegadores (Firefox, Safari, Internet Explorer, Opera, Chrome); los núcleos de los sistemas operativos Linux y OpenBSD; la JDK de Sun; y varios paquetes de código abierto. Él publica sus trabajos en el Blog [http://scarybeastsecurity.blogspot.com http://scarybeastsecurity.blogspot.com]. En Google, Chris actualmente lidera la seguridad de Google Chrome. Se ha presentado en varias conferencias (PacSec, HiTB Dubai, HiTB Malaysia, BlackHat Europe, HiTB Amsterdam, OWASP, etc.) mientras que en HiTB y WOOT forma parte del panel de selección de los trabajos. [http://www.linkedin.com/in/scarybeast Linkedin]
|}

 

== Michael Craigue ==

{| style="background-color: transparent"
|-
! align="center" width="200" | 
! align="center" width="1000" | 
|-
| align="center" | https://www.owasp.org/images/0/0c/MichaelCraigue.jpg
| align="justify" | [http://www.linkedin.com/in/craigue Michael Craigue] (CISSP/CSSLP) es Director del grupo de Consultoría en Seguridad de Dell, con 14 miembros del equipo en Brasil, India, Malasia, y Estados Unidos. Él y su equipo tienen la responsabilidad de los departamentos internos de Dell incluyendo TI, Grupo de Productos, Servicios, y Funciones y Adquisiciones, con un enfoque particular en el Ciclo de Vida de Desarrollo de Software Seguro. Ha sido profesor en Administración de Base de Datos e Inteligencia Artificial / Gestión del Conocimiento en St. Edward's University en los programas de MBA (Master in Business Administration) / MS CIS (Master of Science in Computer Information Systems). Antes de unirse al equipo de seguridad de la información de Dell, desarrolló por más de una década Aplicaciones Web y de Base de Datos. Tiene un doctorado en la Universidad de Texas en Austin, en Higher Education Administration / Finance. [http://www.linkedin.com/in/craigue Linkedin]
|}

==== 4-5 de Octubre (Capacitaciones) ====

== Agenda ==

'''Capacitación 1 - ModSecurity Training'''

'''Fecha:''' 05 de Octubre de 2011 - 9h hasta las 17:30 h

'''Idioma:''' Portugués

'''Instructor''': Breno Silva

'''Resumen''':
Es una capacitación práctica sobre ModSecurity (WAF). Los estudiantes aprenderán los principales temas de ModSecurity, incluyendo instalación, modos de implementación, configuración y registros.

'''1. Qué es ModSecurity?'''
* Cómo instalar
* Arquitecturas
* Ejercicio 1

'''2. Configurando ModSecurity'''
* Principales directrices de configuración
* Core Rule Set (CRS)
* Ejercicio 1
* Ejercicio 2

'''3. Personalización de las Reglas'''
* Sintaxis
* Fases
* Principales Variables
* Principales Operadores
* Principales Acciones
* Funciones de Transformación
* Ejercicio 1
* Ejercicio 2
* Ejercicio 3
* Ejercicio 4

'''4. Registro'''
* Extendiendo el Registro
* Ejercicio

'''Sobre el Instructor''':
Breno es un científico informático con más de 8 años de experiencia en Tecnología de la Información, con experiencia en una gran variedad de técnicas de desarrollo de software y lenguajes, sistemas de seguridad y tecnologías de red. Breno actualmente es un Investigador de Seguridad del equipo TrustWave Spiderlabs, también el responsable de ModSecurity, miembro del equipo de desarrollo Suricata IDS/IPS. Trabajó en el equipo de respuesta ante incidente para Telecom en América Latina. Breno vive en Brasilia, Brasil.

------------------------------
'''Capacitación 2 - Introducción a la Seguridad de Aplicaciones Web'''

'''Fecha:''' 05 de Octubre de 2011 - 9h hasta las 17:30 h

'''Idioma:''' Español

'''Instructor:''' Fabio Cerullo

'''Resumen''':
Esta capacitación le ayudará a adquirir habilidades sobre la manera de evaluar las aplicaciones desde el punto de vista del hacker, entender las vulnerabilidades de seguridad en aplicaciones y aprender cómo remediar esos agujeros de seguridad en sus aplicaciones Java o .NET y que no sean explotados por un hacker. Este curso intensivo de un día se centra en los problemas seguridad de aplicaciones Web más comunes, incluidos los aspectos de OWASP Top Ten (2010) y el Top 25 de MITRE.

Prácticas: Los estudiantes participarán de varios ejercicios de prueba de seguridad donde ellos atacarán aplicaciones reales (como WebGoat), que ha sido diseñado con diferentes vulnerabilidades y así utilizar Proxies (como Webscarab) para completar el ejercicio.

'''Sobre el Instructor''':
Fabio actualmente trabaja como Especialista de Seguridad de la Información en AIB Bank (Dublin, Irlanda). Sus tareas incluyen el análisis de riesgos, evaluación de seguridad de aplicaciones Web desarrolladas internamente o adquiridas a terceros, definición de políticas y normas de código seguro, como así también la capacitación en seguridad de aplicaciones Web para desarrolladores, auditores, ejecutivos y profesionales de la seguridad. Antes de ingresar al AIB, trabajó como Ingeniero de Seguridad en el Symantec Security Response analizando código malicioso, amenazas, riesgos de seguridad y vulnerabilidades en varias aplicaciones. Antes de transladarse a Irlanda, trabajó en el desarrollo de diferentes programas de capacitación y actividades que apoyaban el desarrollo de software seguro en Argentina, su país de origen. Como miembro de OWASP, Fabio es parte del Comité de Educación Global cuya misión es proveer servicios de educación y capacitación a empresas, gobiernos e instituciones educativas en seguridad de aplicaciones; él coordina las conferencias internacionales en relación a este tema; y desde el 2010 es el líder del Capítulo de OWASP en Irlanda. Fabio está graudado en Ingeniería en Informática por la Universidad Católica Argentina y ha obtenido la certificación CISSP por (ISC) 2 en el 2006.

-------------------------------------
'''Capacitación 3 - Introducción a la Criptografía ilustrada en Java para Desarrolladores Web'''

'''Fecha:''' 05 de Octubre de 2011 - 9h hasta las 17:30 h

'''Idioma:''' Portugués

'''Instructor:''' Alexandre Melo Braga

'''Resumen''':
La criptografía es la única tecnología capaz de proteger los datos en tránsito. A criptografia é a única tecnologia capaz de proteger dados em trânsito. El mimicurso tendrá contenido de carácter general: cifrado simétrico, cifrado asimétrico, modos de operación de cifrado de bloques, las funciones hash, funciones MAC, generadores pseudo-aleatorios de números y protocolos de acuerdo clave y SSL. Ya que es un capacitación para programadores, todo el contenido se ejemplifica en Java y se hará hincapié en la identificación de mal uso de la criptografía. El curso tiene foco en lo práctico y no sólo en las presentaciones (PPT).

'''Sobre el Instructor''':
Profesor Universitario de Tecnología y Seguridad por 10 años.
Profesor Universitario de Desarrollo Seguro de Software y Criptografía por 5 años.
Autor de numerosos artículos científicos.
Instructor de capacitaciones para diversas organizaciones privadas de Brasil y del exterior, como así también instituciones educativas.

-----------------------------------
'''Capacitación 4 - OWASP Top 10 + Java EE'''

'''Fecha:''' 04 de Octubre de 2011 - 9h hasta las 17:30 h

'''Idioma:''' Portugués

'''Instructor:''' Magno Rodrigues

'''Resumen''':
El objetivo de esta capacitación es brindar una comprensión correcta sobre el Top 10 de los principales riesgos en Aplicaciones Web usando el documento OWASP Top 10 v.2010, que describe a estos, su impacto y cómo evitarlos. Pasaremos por los 10 riesgos, mostrando ejemplos prácticos y su explicación detallada. Los estudiantes tendrán la oportunidad de practicar investigando y corrigiendo estas vulnerabilidades con WebGoat, el cual también es un Proyecto de OWASP desarrollado en Java EE. Todos los ejemplos serán en Java, por lo tanto un conocimiento en este lenguaje es una ventaja, pero no obligatorio.

'''Sobre el Instructor''':
Magno Rodrigues de Oliveira es el líder y fundador del Capítulo de OWASP Paraíba. Postgrado en Seguridad de la Información por la Facultad de Tecnología de Joao Pessoa. Realizó un curso de 1 (un) año en Informática Forense en Nueva York, EEUU. Título en Sistemas Tecnológicos para Internet por el Instituto Federal de Educación, Ciencia y Tecnología de Paraíba. Actualmente se desempeña como Analista de Sistemas de Politec, para la Secretaría de Hacienda de Estado en Paraíba.

---------------------------------
'''Capacitación 5 - Protegiendo Aplicaciones Web Java contra vulnerabilidades conocidas (y desconocidas) con el nuevo Mod_Security para Java.'''

'''Fecha:''' 04 de Octubre de 2011 - 9h hasta las 17:30 h

'''Idioma:''' Español

'''Instructor:''' Juan Carlos Calderon

'''Resumen''':
Explicación sobre cómo funciona Mod_Security para Java, cuándo es conveniente utilizarlo, cómo instalarlo, configurarlo y crear reglas en XML y formato Mod_Security para proteger aplicaciones java contra vulnerabilidades del OWASP Top 10 y SANS/CWE 25. También una introducción a OWASP Mod_Security Core Ruleset para proteger aplicaciónes sobre posibles patrones que puedan exponer nuevas vulnerabilidades.

'''Sobre el Instructor''':
Profesional con 11 años de experiencia en Seguridad de Apliciones, trabajando para empresas multinacionales en sectores financieros, aviación, medios de comunicación y transporte, participa en OWASP como líder de proyecto desde hace 5 años y certificado CSSLP.

------------------------------------
'''Capacitación 6 - Uso de OWASP ESAPI (Enterprise Security API) para Proporcionar Seguridad en Aplicaciones Web'''

'''Fecha:''' 04 de Octubre de 2011 - 9h hasta las 17:30 h

'''Idioma:''' Portugués

'''Instructor:''' Tarcizio Vieira Neto

'''Resumen''':
La evolución de la tecnología en el desarrollo de aplicaciones Web ha contribuido a un aumento significativo en el uso de esta tecnología para satisfacer los más diversos propósitos. Sin embargo, esta tecnología está sujeta a varias vulnerabilidades de seguridad críticas, sobre todo cuando las encuestas recientes muestran que la mayoría de las vulnerabilidades están presentes en la propia aplicación.
La librería ESAPI (Enterprise Security API) de OWASP surge en este escenario, como una librería de código abierto disponible para varios lenguajes como Java EE, PHP, .NET, ASP, Python, Ruby, entre otros. El curso cubre de forma práctica las vulnerabilidades causadas por errores comunes en el desarrollo de aplicaciones y los mecanismos de seguridad proporcionados por la librería ESAPI con un enfoque en Java. Los principios generales aprendidos en el curso se puede aplicar en el contexto de otros lenguajes de programación.

'''Sobre el Instructor''':
Tarcizio Vieira Neto es Licenciado en Ciencias de la Computación de la Universidad Federal de Goiás (UFG), Goiânia. Actualmente trabaja en SERPRO desde noviembre de 2009, como Analista de Desarrollo, Coordinación Estratégica de Tecnología CETEC, focalizando su trabajo en el desarrollo seguro de aplicaciones, aspectos técnicos y de procedimientos, como así también en la investigación de herramientas para el desarrollo seeguro de aplicaciones Web.
También ha participado como instructor en la capacitación de nuevos empleados y la asistencia en la preparación del material del curso en Educación a Distancia en la Universidad SERPRO (UniSERPRO).
Participó en la primera versión de la traducción de OWASP Secure Coding Principles Quick Reference Guide para Portugués (BR) y lideró el proyecto de revisión del mismo documento.
Cuenta con experiencia en Gestión de Seguridad de la Información de la Universidad de Brasilia (UnB).

==== 6 de Octubre ====

== Agenda ==

Será publicada a la brevedad.

==== 7 de Octubre ====

== Agenda ==

Será publicada a la brevedad.

==== Local ====

La conferencia será en Porto Alegre, Rio Grande do Sul, Brasil, en el auditorio del edificio 50 de la [http://www.pucrs.br PUCRS].

Ver localización en [http://maps.google.com.br/maps?oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&hl=en&biw=1440&bih=760&ie=UTF-8&q=PUCRS&fb=1&gl=br&hq=PUCRS&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+Rio+Grande+do+Sul&cid=0,0,13248223140037344003&ei=y1JVTq7yBaOtsQLS6Im3Bw&sa=X&oi=local_result&ct=image&ved=0CAQQ_BI Google Maps]

==== Registración ====

El formulario de inscripción está disponible en http://appseclatam2011-registration.poasec.org/

== Valores ==

'''Sólo la conferencia:'''

* Antes de 31 de Agosto: 250.00 BRL
* Antes de 30 de Septiembre: 350.00 BRL
* Después de 1 de Octubre: 450.00 BRL

'''Capacitaciones'''

* Un (1) día: 450.00 BRL
* Dos (2) días: 900.00 BRL

''Por favor, consulte el formulario de inscripción para obtener información sobre valores de paquetes de suscripción.''

'''Descuentos'''

* Miembro de OWASP: R$ 100,00 (Nota: Este descuento es mayor que la anual USD 50.00. Compruébelo [http://www.google.com.br/#q=50+usd+in+brl&fp=1 aqui]
* Estudiantes: R$ 100.00 (Nota: Será necesario presentar comprobante de matrícula ).
* Descuentos especiales para grupos, por favor póngase en contacto con nosotros por correo electrónico appsec2011@appseclatam.org

==== Información Útil ====

== Guía para Visitantes ==

Puerta para turistas en el estado de Rio Grande del Sur en Brasil, y a sólo 200 KM de la agradable Sierra Gaucha, Puerto Alegre tiene un centro de servicios y una infraestructura con calidad reconocida, y una base de grandes empresas nacionales e internacionales junto con una importante cantidad de eventos internacionales en Brasil.

Enlaces útiles:

[http://www2.portoalegre.rs.gov.br/turismo http://www2.portoalegre.rs.gov.br/turismo]

[https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre]

 Informe sobre Brasil y su potencial desarrollo (60 Minutos): {{#ev:youtube|DMM7OJ_Kj9I}}

 Video Turístico sobre la Ciudad de Puerto Alegre: {{#ev:youtube|pXQ9z8sPcHI}}

== Corriente Eléctrica ==

[http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html https://www.owasp.org/images/0/0f/Tomadas_diversas.jpg] 
Referencia: [http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html]

== Estado del Tiempo ==

== Viaje ==

== Alojamiento ==

'''NOVOTEL PORTO ALEGRE''' 
Av. Soledade, 575 
Três Figueiras 
Phone: (51) 3327-9292 

Single / Double 
R$243,00 / R$289,00 
Cortesy breakfast 

General Conditions 
. Diárias expressas em reais (R$), por dia e por apartamento; . Diárias iniciam e terminam às 12 horas; . Taxa de Turismo (opcional) - R$2,50 por dia/apartamento; . Imposto Municipal: acrescer 5% ISS; . O acesso à internet nas áreas sociais e nos apartamentos é cortesia; . Estacionamento: R$16,00 por carro ao dia (com manobrista); . Terceira pessoa no apartamento: Mediante disponibilidade. Cobrada taxa diária de R$47,00 + 5% ISS e será acomodada em cama extra ou sofá cama; . Forma de Pagamento: Depósito antecipado ou pagamento direto; . Garantia de No Show: Todas as reservas deverão ter garantia de no show. Em caso de não comparecimento, poderá ser cobrado o período integral reservado; . Não aceitamos cheques; . Duas crianças de até 16 anos no Novotel e uma criança de até 12 anos no Mercure acompanhadas dos pais/responsáveis no mesmo apartamento serão cortesia.
Necessária apresentação de documentação de identificação no check-in; . Valores pagos não serão reembolsáveis ou dados como créditos para próximas hospedagens; 

Map link: 
http://maps.google.com.br/maps?hl=pt-BR&um=1&ie=UTF-8&q=novotel+porto+alegre&fb=1&gl=br&hq=novotel&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+RS&cid=0,0,11722004907679800889&ei=GKn4TfaHDIP20gGF9pXDCw&sa=X&oi=local_result&ct=image&resnum=1&ved=0CDAQnwIwAA

https://www.owasp.org/images/3/33/Novohotel.jpg

==== Eventos Sociales ====

La información será publicada aquí.

==== Patrocinio ====

Estamos buscando patrocinadores para la edición de Global AppSec América Latína 2011. Ver más detalles sobre oportunidades de patrocinio.

Sí usted está interesado en ser Patrocinador de Global AppSec Latín America 2011, por favor contáctese: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org].

Para saber más sobre las oportunidades de patrocinio por favor consulte el siguiente documento: [https://www.owasp.org/images/7/70/OWASP_AppSec_2011_Sponsorship_Spanish.pdf OWASP AppSec 2011 Patrocinio Español.pdf]

 

== Patrocinio Diamante ==
 
<center>
[[Image:elipse_logo3.png|link=http://www.elipse.com.br]]
</center>
 

== Patrocinio Platina ==
 

== Patrocinio Ouro ==
 
<center>
[[Image:IT2S.png|link=http://www.it2s.com.br]]  
[[Image:trustwaveappseclatam.jpg|link=https://www.trustwave.com]]
</center>
 

== Patrocinio Prata ==
 
<center>
[[Image:Adobe_logo5.png|link=http://www.adobe.com]]  
[[Image:PUCRS2.jpg|100px|link=http://www.pucrs.br]]
</center>
 

== Patrocinadores kit conferencia ==
 
<center>
[[Image:LogotipoConvisoCor.png?|200px|link=http://www.conviso.com.br]]   [[Image:LgClavis.jpg?|link=http://www.clavis.com.br]]
</center>
 

== Promoción Local ==
<center>
[[Image:Logo-PoaSec2.png|Logo-PoaSec.png]]
</center>
 

==== Equipo ====

[mailto:abc@elipse.com.br Alexandre Balestrin Correa] [http://cassiogoldschmidt.com/ Cassio Goldschmidt] [http://www.owasp.org/index.php/User:Jeronimo_Zucco Jerônimo Zucco ] [http://www.owasp.org/index.php/User:Gustavo_Barbato L. Gustavo C. Barbato ] [http://www.owasp.org/index.php/User:Sapao Lucas C. Ferreira ] [http://www.owasp.org/index.php/User:Rafael_Dreher Rafael Dreher ] 

==== Chapter Leader Workshop ====

=='''What is the Chapter Leader Workshop?''' ==
On '''Wednesday, October 5,2011 at 13:30h-16:30h''' the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. ''Please note that this Workshop will take place on the day before the Conference starts.''

'''Items that will be discussed are:'''
* How to improve the current Chapter Leader Handbook?
* How to start and support new chapters within Latin America?
* How to support inactive chapters within Latin America?
* What Governance model is required for OWASP chapters?
* How can the Global Chapters Committee facilitate the Latin American chapters?
* ...

Additionally we hope to make time and space available to do hands-on work revising the [[Chapter Leader Handbook]], details TBA.

== '''Funding to Attend the Workshop''' ==

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Latin America, please submit a request to [mailto:tin.zaw@owasp.org Tin Zaw] and [mailto:sarah.baso@owasp.org Sarah Baso] by '''August 22, 2011'''.

Funding for your attendance to the workshop should be worked out in the following order.

# Ask your employer to fund your trip to AppSec Latin America conference.
# Utilize your chapter funds.
# Ask the chapter committee for funding assistance.

While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 22, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP.

== '''RSVP and Details''' ==

To RSVP and view more details about the Workshop, go to the '''[[AppSecLatam2011 chapters workshop agenda]]'''.

== '''Contact''' ==

Email [mailto:sarah.baso@owasp.org Sarah Baso] or [mailto:tin.zaw@owasp.org Tin Zaw] for more details.

<headertabs />

[[Category:OWASP_AppSec_Conference]]

AppSecLatam2011 (pt-br)

2011-08-24T20:42:20Z

Rafael Dreher:

__NOTOC__

{|
|-
! align="center" width="700" |
! align="center" width="500" |
|-
| align="center" | [[Image:AppSec Brasil 11 medio.png]]
| align="center" |
 '''Língua: [http://www.owasp.org/index.php?title=AppSecLatam2011 http://www.owasp.org/images/8/88/Bandeira_reino_unido.png]
[http://www.owasp.org/index.php?title=AppSecLatam2011_(pt-br) http://www.owasp.org/images/4/49/Bandeira_brasil.png] [http://www.owasp.org/index.php?title=AppSecLatam2011_(es) http://www.owasp.org/images/1/1c/Bandeira_espanha.png] | 

*[http://www.owasp.org/images/1/19/AppSecLatam_2011_Announcement.pdf Comunicado de Imprensa]
*[[AppSecLatam2011/Media Mentions|Menções na mídia]]
*[[AppSecLatam2011/Archived|Arquivos]]

 '''Siga-nos: [http://www.twitter.com/AppSecLatam http://www.owasp.org/images/f/f7/Twitter.png]
[http://www.facebook.com/event.php?eid=155195651207509 http://www.owasp.org/images/5/55/Facebook.png] [http://events.linkedin.com/OWASP-Global-AppSec-Latin-America-2011/pub/607738 http://www.owasp.org/images/1/1a/Linkedin.png]

|}

 

==== Apresentação ====

{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
Temos o prazer de anunciar que o [http://www.owasp.org/index.php/Porto_Alegre Capítulo OWASP de Porto Alegre] irá organizar a '''Conferência Global AppSec Latin America 2011''' em Porto Alegre-RS, Brasil. 

A conferência Global AppSec Latin América 2011 será uma reunião de líderes latino-americanos na área de Segurança da Informação, e irá apresentar temas e idéias de vanguarda sobre o assunto. Eventos OWASP atraem público do mundo todo interessados nas tendências da área. A conferência espera atrair 200 a 250 tecnólogos do governo, serviços financeiros, mídia, indústria farmacêutica, saúde, tecnologia, e muitas outras áreas. 

A OWASP Global AppSec Latin América 2011 irá acontecer no Brasil na cidade de Porto Alegre, estado do Rio Grande do Sul ([http://maps.google.com/maps?f=q&source=s_q&hl=pt-BR&geocode=&q=Porto+Alegre&ie=UTF8&hq=&hnear=Porto+Alegre+-+Rio+Grande+do+Sul,+Brasil&z=11 mapa]) nos dias 04 à 07 de outubro de 2011. Ocorrerão cursos no dias 4 e 5 de outubro, e as sessões plenárias nos dias 6 e 7 de outubro.

 Se você tiver algum questionamento, por favor entre em contato com a organização do evento através do e-mail: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org].

 '''Quem deve atender a Global AppSec Latin América 2011:'''

*Desenvolvedores de Aplicativos
*Testadores de Aplicativos e de Qualidade
*Gerentes de Projetos de Aplicativos e Funcionários
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputados, Associados and Membros
*Chief Financial Officers, Auditores, e Pessoas Responsáveis pela Segurança de TI e Compliance
*Gerentes de Segurança e Pessoal
*Executivos, Gerentes e Pessoas Responsáveis pela Governança de TI
*Profissionais de TI Interessados em Aprofundar seus Conhecimentos em Segurança 



|}



| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | 
[[Image:Owasp-poa-eng.png]]

{{#ev:youtube|pXQ9z8sPcHI}}

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use o '''[http://search.twitter.com/search?q=%23AppSecLatam #AppSecLatam]''' hashtag para seus tweets para a Global AppSec Latin America 2011 (O que é [http://hashtags.org/ hashtags]?)

'''@AppSecLatAm Twitter Feed ([http://twitter.com/AppSecLatam Siga-nos no Twitter!])''' <twitter>262394051</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


==== CFT e CFP ====

== CFT ==
Leia a chamada de mini-cursos completa em [https://www.owasp.org/index.php/AppSecLatam2011_(pt-br)/CFT https://www.owasp.org/index.php/AppSecLatam2011_(pt-br)/CFT].

Estamos realizando uma pesquisa sobre os temas para treinamentos. Você pode ajudar, respondendo a pesquisa no seguinte endereço:

[http://www.surveymonkey.com/s/3RCZ9RR http://www.surveymonkey.com/s/3RCZ9RR]

== CFP ==

Leia a chamada de trabalhos para apresentações completa em [https://www.owasp.org/index.php/AppSecLatam2011_(pt-br)/CFP https://www.owasp.org/index.php/AppSecLatam2011_(pt-br)/CFP].
 

== Comitê de Programa ==

* Kuai Hinojosa
* Leandro Gomes
* Leonardo Buonsanti
* Leonardo Lemes
* Luiz Eduardo
* Luiz Otávio Duarte
* Mateo Martinez
* Rodrigo Rubira

==== Keynotes ====

== '''Keynotes''' ==

== Bryan Sullivan ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/3/36/Bryan-sullivan.jpg
| align="justify" | [http://www.linkedin.com/in/bryanjsullivan Bryan Sullivan ] is a Senior Security Researcher with Adobe Systems, where he focuses on cloud security issues. Prior to Adobe, he was a program manager on Microsoft's Security Development Lifecycle team, and a development manager at HP, where he helped to design HP's vulnerability scanning tools WebInspect and DevInspect.
Bryan has spoken at security industry conferences such as Black Hat, RSA Conference, BlueHat and TechEd on a diverse range of topics including NoSQL, RIA architecture, REST, cryptography, denial-of-service defense, URL rewriting, and applying secure development processes to Agile projects. He was the author of the MSDN Magazine column Security Briefs, and is the coauthor of the books Ajax Security (Addison-Wesley, 2007) and the upcoming Secure Web Applications, A Beginner's Guide (McGraw-Hill, 2011). [http://www.linkedin.com/in/bryanjsullivan Linkedin]

|}

 

== '''Guest Speakers''' ==

== Chris Evans ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/4/48/ChrisEvans1.png
| align="justify" | [http://www.linkedin.com/in/scarybeast Chris Evans] - Troublemaker, Google Inc. Chris Evan is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. His work includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at [http://scarybeastsecurity.blogspot.com http://scarybeastsecurity.blogspot.com]. At Google, Chris currently leads security for Google Chrome. He has presented at various conferences (PacSec, HiTB Dubai, HiTB Malaysia, BlackHat Europe, HiTB Amsterdam, OWASP, etc.) and is on the HiTB and WOOT paper selection panels. [http://www.linkedin.com/in/scarybeast Linkedin]
|}

== Michael Craigue ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/0/0c/MichaelCraigue.jpg
| align="justify" | [http://www.linkedin.com/in/craigue Michael Craigue] (CISSP/CSSLP) is Director of the Security Consulting group at Dell, with 14 team members in Brazil, India, Malaysia, and the US. He and his team have responsibility for consulting with all of Dell’s internal organizations, including IT, Product Group, Services, and Mergers and Acquisitions, with a particular focus on the Secure Software Development Lifecycle. He has taught Database Management and Business Intelligence / Knowledge Management at St. Edward’s University in their MBA / MS CIS programs. Prior to joining Dell’s information security team, he spent a decade building Web and database applications. He has a PhD from the University of Texas at Austin in Higher Education Administration / Finance. [http://www.linkedin.com/in/craigue Linkedin]
|}

==== 04 à 05 de Outubro (Treinamentos) ====

== Agenda ==

'''Treinamento 1 - ModSecurity Training'''

'''Data:''' 05 de Outubro de 2011 - 9h até 17h30min

'''Idioma:''' Português

'''Instrutor''': Breno Silva

'''Resumo''':
This is a Hands-On traning about ModSecurity (WAF). People in this class will learn the main topics of ModSecurity, including installation, modes of deployment, configuration, rule customization and logging.

'''1. O que é ModSecurity?'''
* Como instalar
* Arquiteturas
* Exercicio 1

'''2. Configurando ModSecurity'''
* Principais diretivas de configuração
* Core Rule Set (CRS)
* Exercicio 1
* Exercicio 2

'''3. Customizando regras'''
* Sintaxe
* Fases
* Principais variáveis
* Principais operadores
* Principais ações
* Funções de transformação
* Exercicio 1
* Exercicio 2
* Exercicio 3
* Exercicio 4

'''4. Logging'''
* Entendendo as Log parts
* Exercicio 1

'''Sobre o instrutor''':
Breno is a computer scientist with over 8 years experience in Information Technology, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a deep mathematical education, supporting research and algorithm design for network anomaly detection mechanisms in high-speed networks. Breno is currently a security researcher for TrustWave Spiderlabs team, also the maintainer of ModSecurity, developement team member of Suricata IDS/IPS. He worked as a computer incidente response team member for the Telecom Industry in Latin America. Breno resides in Brasília, Brazil.

------------------------------
'''Treinamento 2 - Introduction to Web Application Security'''

'''Data:''' 05 de Outubro de 2011 - 9h até 17h30min

'''Idioma:''' Espanhol

'''Instrutor:''' Fabio Cerullo

'''Resumo''':
This training will help you will gain skills on how to assess applications from a hacker's point of view, understand application security vulnerabilities and learn how to close these security holes in your Java or .Net applications so they are never exploited by a hacker. This intensive one day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.
?Hands on
The students will participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities and then use proxy tools (i.e., Webscarab) to complete the exercises.

'''Sobre o instrutor''':
Fabio is currently working as an Information Security Specialist at AIB Bank (Dublin, Ireland). His tasks include performing risk analysis, assessing the security of web applications developed internally or purchased from third parties, define policies and standards on secure coding, as well as providing training on web application security to developers, auditors, executives and security professionals. Prior to joining AIB, he worked as a Security Engineer at the European headquarters of Symantec Security Response analyzing malicious code, blended threats, security risks and vulnerabilities in various applications. Before moving to Ireland, he worked in the development of different training programs and activities with emphasis on secure software development in his native Argentina. As a member of the OWASP organization, Fabio is part of Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security; he coordinates international conferences around this topic, and since early 2010 has been appointed chairman of OWASP Chapter in Ireland. Fabio is a graduate in Computer Engineering from the Universidad Católica Argentina and has been granted the CISSP by (ISC) 2 back in 2006.

-------------------------------------
'''Treinamento 3 - Introdução à criptografia ilustrada em Java para programadores web'''

'''Data:''' 05 de Outubro de 2011 - 9h até 17h30min

'''Idioma:''' Português

'''Instrutor:''' Alexandre Melo Braga

'''Resumo''':
A criptografia é a única tecnologia capaz de proteger dados em trânsito. O mimicurso terá o seguinte conteúdo geral: criptografia simétrica, criptografia assimétrica, modos de operação de cifras de bloco, funções de hash, funções MAC, geradores números pseudo-aleatórios e protocolos de acordo de chaves e SSL. Uma vez que se trata de um treinamento para programadores, todo o conteúdo será exemplificado em Java e será dada ênfase à identificação de maus usos de criptografia. O minicurso tem o aspecto prático de que todos os programas serão manipulados no treinamento, não apenas e PPT.

'''Sobre o instrutor''':
Professor de graduação em tecnologia e segurança por 10 anos
Professor de pós-graduação em desenvolvimento seguro de software e criptografia há 5 anos.
Autor de diversos artigos científicos
Instrutor de diversos treinamentos para organizações privadas no Brasil e no exterior assim como para instituições educacionais.

-----------------------------------
'''Treinamento 4 - OWASP Top 10 + Java EE'''

'''Data:''' 04 de Outubro de 2011 - 9h até 17h30min

'''Idioma:''' Português

'''Instrutor:''' Magno Rodrigues

'''Resumo''':
The goal of this training is to give a better understanding about the top 10 risks that are more critical to web applications using the OWASP Top 10 v.2010 document, that describes them, their impacts and how to avoid them. We will go through all 10 risks, showing what they are with practical examples and detailed explanation. Participants will have the opportunity to practice the search and fixing of theses risks with a vulnerable web application called WebGoat, which is also an OWASP Project developed in Java EE. All the examples will be in Java, so previous knowledge of this programming language is a plus but not mandatory.

'''Sobre o Instrutor''':
Magno Rodrigues de Oliveira é Líder e Fundador do Capítulo da OWASP na Paraíba. Pós-Graduando em Segurança da Informação pela Faculdade de Tecnologia de João Pessoa. Realizou um curso de 1 (um) ano em Forense Computacional em Nova York, EUA. Formado em Tecnologia em Sistemas para Internet pelo Instituto Federal de Educação, Ciência e Tecnologia da Paraíba. Trabalha atualmente como Analista de Sistemas da Politec, prestando serviços para a Secretaria de Estado da Receita da Paraíba.

---------------------------------
'''Treinamento 5 - Protecting Java Web Applications against known (and unknown) vulnerabilities with the new Mod_Security for Java.'''

'''Data:''' 04 de Outubro de 2011 - 9h até 17h30min

'''Idioma:''' Espanhol

'''Instrutor:''' Juan Carlos Calderon

'''Resumo''':
Explanation on how Mod_Security for Java works, when is more suitable, how to install it, configure it and create rules in both XML and Mod_Security format to protect a java application against common vulnerabilities in OWASP Top 10 and SANS/CWE 25. Also an introduction to OWASP Mod_Security Core Ruleset to protect application on dangerous patterns that can lead to vulnerabilities not publicly available right now.

'''Sobre o instrutor''':
Professional with 11 years of application security expertise working for multinational companies in the Financial, Aviation, Media and transportation industries, supporter of OWASP as project leader since 5 years ago and CSSLP certified.

------------------------------------
'''Treinamento 6 - Uso da OWASP ESAPI (Enterprise Security API) para prover segurança em aplicações Web'''

'''Data:''' 04 de Outubro de 2011 - 9h até 17h30min

'''Idioma:''' Português

'''Instrutor:''' Tarcizio Vieira Neto

'''Resumo''':
A evolução da tecnologia no desenvolvimento de aplicações WEB tem contribuído com o aumento significativo do uso dessa tecnologia para atender os mais diversificados propósitos. Porém, essa tecnologia está sujeita a diversas vulnerabilidades de segurança críticas, principalmente quando pesquisas recentes apontam que a maioria das vulnerabilidades estão presentes na própria aplicação.
A biblioteca ESAPI (Enterprise Security API), da OWASP, surge neste cenário como uma biblioteca de segurança open source disponível para diversas linguagens, como Java EE, PHP, .NET, ASP Clássico, Python, Ruby, entre outras. O minicurso aborda de modo prático as vulnerabilidades causadas por erros comuns no desenvolvimento de aplicações e os mecanismos de controle de segurança providos pela biblioteca ESAPI com o foco na tecnologia Java. Os princípios gerais aprendidos no curso podem ser aplicados no contexto das demais linguagens de programação.

'''Sobre o instrutor''':
Tarcizio Vieira Neto é graduado em Ciência da Computação pela Universidade Federal de Goiás (UFG), em Goiânia. Atualmente trabalha no SERPRO, desde novembro de 2009, como Analista de Desenvolvimento, na Coordenação Estratégica de Tecnologia CETEC, desenvolvendo trabalhos sobre o tema segurança no desenvolvimento de aplicações, envolvendo aspectos processuais e técnicos, como também participa da prospecção de ferramentas que dão suporte à segurança no desenvolvimento de aplicações Web.
Participou também como instrutor no treinamento de novos empregados e auxiliou na elaboração do material do curso em Ensino a Distância na universidade corporativa do SERPRO (UniSERPRO).
Participou da primeira versão da tradução do OWASP Secure Coding Principles Quick Reference Guide, para o português brasileiro e liderou o projeto de revisão da tradução do mesmo documento.
Possui especialização em gestão da segurança da informação pela Universidade de Brasília (UnB).

==== 06 de Outubro ====

== Agenda ==

Será divulgada em breve.

==== 07 de Outubro ====

== Agenda ==

Será divulgada em breve.

==== Local ====

A conferência será em Porto Alegre, Rio Grande do Sul, no auditório do prédio 50 da [http://www.pucrs.br PUCRS].

Veja a localização no [http://maps.google.com.br/maps?oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&hl=en&biw=1440&bih=760&ie=UTF-8&q=PUCRS&fb=1&gl=br&hq=PUCRS&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+Rio+Grande+do+Sul&cid=0,0,13248223140037344003&ei=y1JVTq7yBaOtsQLS6Im3Bw&sa=X&oi=local_result&ct=image&ved=0CAQQ_BI Google Maps]

==== Inscrições ====

O formulário de inscrição está disponível em http://registration2011.appseclatam.org/

== Valores ==

'''Apenas a conferência:'''

* Antes de 31 de Agosto: 250.00 BRL
* Antes de 30 de Setembro: 350.00 BRL
* Depois de 1 de Outubro: 450.00 BRL

'''Treinamentos'''

* Um (1) dia: 450.00 BRL
* Dois (2) dias: 900.00 BRL

''Por favor verifique o formulário de inscrições para informações sobre valores de pacotes de inscrição''

'''Descontos'''

* Membro do OWASP: R$ 100,00 (Nota: Este desconto é maior do que a taxa anual de USD 50.00. Confira [http://www.google.com.br/#q=50+usd+in+brl&fp=1 aqui]
* Estudantes: R$ 100.00 (Nota: Será necessário apresentar comprovante de matrícula).
* Descontos especiais para grupos: entre em contato conosco pelo email appsec2011@appseclatam.org

==== Informações ====

== Guia Turístico ==

Portão de entrada de turistas no Estado e a apenas 120 quilômetros da aprazível Serra Gaúcha, Porto Alegre é um movimentado pólo de serviços e de infraestrutura de qualidade reconhecidas, base de grandes empresas nacionais e internacionais e um dos principais destinos de eventos internacionais no Brasil.

Links úteis: [http://www2.portoalegre.rs.gov.br/turismo http://www2.portoalegre.rs.gov.br/turismo]

[https://secure.wikimedia.org/wikipedia/pt/wiki/Porto_Alegre https://secure.wikimedia.org/wikipedia/pt/wiki/Porto_Alegre]

 
 Recente reportagem do programa americano 60 Minutes sobre o potencial de crescimento do Brasil: 
{{#ev:youtube|DMM7OJ_Kj9I}}

 Vídeo turístico sobre Porto Alegre: 
{{#ev:youtube|pXQ9z8sPcHI}}

== Tomadas Elétricas ==

[http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html https://www.owasp.org/images/0/0f/Tomadas_diversas.jpg] 
Referência: [http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html]

== Previsão do Tempo ==

== Viagem ==

== Acomodações ==

'''NOVOTEL PORTO ALEGRE''' 
Av. Soledade, 575 
Três Figueiras 
Fone: (51) 3327-9292 

Single / Double 
R$243,00 / R$289,00 
Café da manhã cortesia 

CONDIÇÕES GERAIS 
. Diárias expressas em reais (R$), por dia e por apartamento; . Diárias iniciam e terminam às 12 horas; . Taxa de Turismo (opcional) - R$2,50 por dia/apartamento; . Imposto Municipal: acrescer 5% ISS; . O acesso à internet nas áreas sociais e nos apartamentos é cortesia; . Estacionamento: R$16,00 por carro ao dia (com manobrista); . Terceira pessoa no apartamento: Mediante disponibilidade. Cobrada taxa diária de R$47,00 + 5% ISS e será acomodada em cama extra ou sofá cama; . Forma de Pagamento: Depósito antecipado ou pagamento direto; . Garantia de No Show: Todas as reservas deverão ter garantia de no show. Em caso de não comparecimento, poderá ser cobrado o período integral reservado; . Não aceitamos cheques; . Duas crianças de até 16 anos no Novotel e uma criança de até 12 anos no Mercure acompanhadas dos pais/responsáveis no mesmo apartamento serão cortesia.
Necessária apresentação de documentação de identificação no check-in; . Valores pagos não serão reembolsáveis ou dados como créditos para próximas hospedagens; 

Link do mapa: 
http://maps.google.com.br/maps?hl=pt-BR&um=1&ie=UTF-8&q=novotel+porto+alegre&fb=1&gl=br&hq=novotel&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+RS&cid=0,0,11722004907679800889&ei=GKn4TfaHDIP20gGF9pXDCw&sa=X&oi=local_result&ct=image&resnum=1&ved=0CDAQnwIwAA

https://www.owasp.org/images/3/33/Novohotel.jpg

==== Eventos Sociais ====

Serão divulgados em breve.

==== Patrocínios ====

Estamos atualmente buscado patrocinadores para a edição 2011 da Global AppSec Latin América. Veja mais detalhes sobre as oportunidades de patrocínio.

Se estiver interessado em patrocinar o Global AppSec Latin América 2011, por favor entre em contato com a equipe organizadora da conferência pelo email [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org].

Para mais detalhes sobre diferentes oportunidades de patrocínio, por favor verifique o documento abaixo:
 
[http://www.owasp.org/images/c/cf/OWASP_AppSec_2011_Sponsorship_Portuguese.pdf OWASP AppSec 2011 Sponsorship Portuguese.pdf]
 

== Patrocínio Diamante ==
 
<center>
[[Image:elipse_logo3.png|link=http://www.elipse.com.br]]
</center>
 

== Patrocínio Platina ==
 

== Patrocínio Ouro ==
 
<center>
[[Image:IT2S.png|link=http://www.it2s.com.br]]  
[[Image:trustwaveappseclatam.jpg|link=https://www.trustwave.com]]
</center>
 

== Patrocínio Prata ==
 
<center>
[[Image:Adobe_logo5.png|link=http://www.adobe.com]]  
[[Image:PUCRS2.jpg|100px|link=http://www.pucrs.br]]
</center>
 

== Patrocinadores do kit da conferência ==
 
<center>
[[Image:LogotipoConvisoCor.png‎|200px|link=http://www.conviso.com.br]]   [[Image:LgClavis.jpg‎|link=http://www.clavis.com.br]]
</center>
 

== Organização Local ==
<center>
[[Image:Logo-PoaSec2.png|link=http://www.poasec.org]]
</center>
 
==== Organizadores ====

[mailto:abc@elipse.com.br Alexandre Balestrin Correa] 
[http://cassiogoldschmidt.com/ Cassio Goldschmidt] [http://www.owasp.org/index.php/User:Jeronimo_Zucco Jerônimo Zucco ] [http://www.owasp.org/index.php/User:Gustavo_Barbato L. Gustavo C. Barbato ] [http://www.owasp.org/index.php/User:Sapao Lucas C. Ferreira ] [http://www.owasp.org/index.php/User:Rafael_Dreher Rafael Dreher ] 

==== Chapter Leader Workshop ====

=='''What is the Chapter Leader Workshop?''' ==
On '''Wednesday, October 5,2011 at 13:30h-16:30h''' the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. ''Please note that this Workshop will take place on the day before the Conference starts.''

'''Items that will be discussed are:'''
* How to improve the current Chapter Leader Handbook?
* How to start and support new chapters within Latin America?
* How to support inactive chapters within Latin America?
* What Governance model is required for OWASP chapters?
* How can the Global Chapters Committee facilitate the Latin American chapters?
* ...

Additionally we hope to make time and space available to do hands-on work revising the [[Chapter Leader Handbook]], details TBA.

== '''Funding to Attend the Workshop''' ==

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Latin America, please submit a request to [mailto:tin.zaw@owasp.org Tin Zaw] and [mailto:sarah.baso@owasp.org Sarah Baso] by '''August 22, 2011'''.

Funding for your attendance to the workshop should be worked out in the following order.

# Ask your employer to fund your trip to AppSec Latin America conference.
# Utilize your chapter funds.
# Ask the chapter committee for funding assistance.

While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 22, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP.

== '''RSVP and Details''' ==

To RSVP and view more details about the Workshop, go to the '''[[AppSecLatam2011 chapters workshop agenda]]'''.

== '''Contact''' ==

Email [mailto:sarah.baso@owasp.org Sarah Baso] or [mailto:tin.zaw@owasp.org Tin Zaw] for more details.

<headertabs />

[[Category:OWASP_AppSec_Conference]]

AppSecLatam2011

2011-08-24T20:40:01Z

Rafael Dreher:

__NOTOC__

{|
|-
! width="700" align="center" | 
! width="500" align="center" | 
|-
| align="center" | [[Image:AppSec Brasil 11 medio.png]]
| align="center" |
 '''Language: [http://www.owasp.org/index.php?title=AppSecLatam2011 http://www.owasp.org/images/8/88/Bandeira_reino_unido.png]
[http://www.owasp.org/index.php?title=AppSecLatam2011_(pt-br) http://www.owasp.org/images/4/49/Bandeira_brasil.png] [http://www.owasp.org/index.php?title=AppSecLatam2011_(es) http://www.owasp.org/images/1/1c/Bandeira_espanha.png] 

*[http://www.owasp.org/images/1/19/AppSecLatam_2011_Announcement.pdf Press Release]
*[[AppSecLA2011/Media Mentions|Media Mentions]]
*[[AppSecLA2011/Archived|Archived]]

 '''Follow us: [http://www.twitter.com/AppSecLatam http://www.owasp.org/images/f/f7/Twitter.png]
[http://www.facebook.com/event.php?eid=155195651207509 http://www.owasp.org/images/5/55/Facebook.png] [http://events.linkedin.com/OWASP-Global-AppSec-Latin-America-2011/pub/607738 http://www.owasp.org/images/1/1a/Linkedin.png]

|}

 

==== Welcome ====

{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
We are pleased to announce that the [http://www.owasp.org/index.php/Porto_Alegre OWASP Porto Alegre Local Chapter] will organize the '''Global AppSec Latin America 2011 Conference''' in Porto Alegre-RS, Brazil. 

The Global AppSec Latin America 2011 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 200-250 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals. 

A OWASP Global AppSec Latin América 2011 will be happens in Brazil at Porto Alegre city, Rio Grande do Sul state [http://maps.google.com/maps?f=q&source=s_q&hl=pt-BR&geocode=&q=Porto+Alegre&ie=UTF8&hq=&hnear=Porto+Alegre+-+Rio+Grande+do+Sul,+Brasil&z=11 map] in October 4th to 7th 2011. The trainings will be in October 04 and 05, and the presentations will be in October 06 and 07.

 If you have any questions, please email the conference chair: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org] 

 '''Who Should Attend Global AppSec Latin América 2011:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interested in Improving IT Security 



|}



| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | 
[[Image:Owasp-poa-eng.png]]

{{#ev:youtube|pXQ9z8sPcHI}}

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use the '''[http://search.twitter.com/search?q=%23AppSecLatam #AppSecLatam]''' hashtag for your tweets for Global AppSec Latin America 2011 (What are [http://hashtags.org/ hashtags]?)

'''@AppSecLatAm Twitter Feed ([http://twitter.com/AppSecLatam Follow us on Twitter!])''' <twitter>262394051</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | 
|}

 

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | 
|}

 

==== CFT & CFP ====

== CFT ==

Read the Call for Trainings in: [https://www.owasp.org/index.php/AppSecLatam2011/CFT https://www.owasp.org/index.php/AppSecLatam2011/CFT]

We are doing a research about subjects of the trainings. You can help us, answering the questions in the follow address:

[http://www.surveymonkey.com/s/3RCZ9RR http://www.surveymonkey.com/s/3RCZ9RR]

== CFP ==

Read the Call for Presentations in: [https://www.owasp.org/index.php/AppSecLatam2011/CFP https://www.owasp.org/index.php/AppSecLatam2011/CFP]

 

== Program Committee ==

*Kuai Hinojosa
*Leandro Gomes
*Leonardo Buonsanti
*Leonardo Lemes
*Luiz Eduardo
*Luiz Otávio Duarte
*Mateo Martinez
*Rodrigo Rubira

 

==== Keynotes ====

== '''Keynotes''' ==

== Bryan Sullivan ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/3/36/Bryan-sullivan.jpg
| align="justify" | [http://www.linkedin.com/in/bryanjsullivan Bryan Sullivan ] is a Senior Security Researcher with Adobe Systems, where he focuses on cloud security issues. Prior to Adobe, he was a program manager on Microsoft's Security Development Lifecycle team, and a development manager at HP, where he helped to design HP's vulnerability scanning tools WebInspect and DevInspect.
Bryan has spoken at security industry conferences such as Black Hat, RSA Conference, BlueHat and TechEd on a diverse range of topics including NoSQL, RIA architecture, REST, cryptography, denial-of-service defense, URL rewriting, and applying secure development processes to Agile projects. He was the author of the MSDN Magazine column Security Briefs, and is the coauthor of the books Ajax Security (Addison-Wesley, 2007) and the upcoming Secure Web Applications, A Beginner's Guide (McGraw-Hill, 2011). [http://www.linkedin.com/in/bryanjsullivan Linkedin]

|}

 

== '''Guest Speakers''' ==

== Chris Evans ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/4/48/ChrisEvans1.png
| align="justify" | [http://www.linkedin.com/in/scarybeast Chris Evans] - Troublemaker, Google Inc. Chris Evan is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. His work includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at [http://scarybeastsecurity.blogspot.com http://scarybeastsecurity.blogspot.com]. At Google, Chris currently leads security for Google Chrome. He has presented at various conferences (PacSec, HiTB Dubai, HiTB Malaysia, BlackHat Europe, HiTB Amsterdam, OWASP, etc.) and is on the HiTB and WOOT paper selection panels. [http://www.linkedin.com/in/scarybeast Linkedin]
|}

== Michael Craigue ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/0/0c/MichaelCraigue.jpg
| align="justify" | [http://www.linkedin.com/in/craigue Michael Craigue] (CISSP/CSSLP) is Director of the Security Consulting group at Dell, with 14 team members in Brazil, India, Malaysia, and the US. He and his team have responsibility for consulting with all of Dell’s internal organizations, including IT, Product Group, Services, and Mergers and Acquisitions, with a particular focus on the Secure Software Development Lifecycle. He has taught Database Management and Business Intelligence / Knowledge Management at St. Edward’s University in their MBA / MS CIS programs. Prior to joining Dell’s information security team, he spent a decade building Web and database applications. He has a PhD from the University of Texas at Austin in Higher Education Administration / Finance. [http://www.linkedin.com/in/craigue Linkedin]
|}

==== October 4th-5th (Training) ====

== Schedule ==

'''Training 1 - ModSecurity Training'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor''': Breno Silva

'''Abstract''':
This is a Hands-On traning about ModSecurity (WAF). People in this class will learn the main topics of ModSecurity, including installation, modes of deployment, configuration, rule customization and logging.

'''1. O que é ModSecurity?'''
* Como instalar
* Arquiteturas
* Exercicio 1

'''2. Configurando ModSecurity'''
* Principais diretivas de configuração
* Core Rule Set (CRS)
* Exercicio 1
* Exercicio 2

'''3. Customizando regras'''
* Sintaxe
* Fases
* Principais variáveis
* Principais operadores
* Principais ações
* Funções de transformação
* Exercicio 1
* Exercicio 2
* Exercicio 3
* Exercicio 4

'''4. Logging'''
* Entendendo as Log parts
* Exercicio 1

'''About the instructor''':
Breno is a computer scientist with over 8 years experience in Information Technology, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a deep mathematical education, supporting research and algorithm design for network anomaly detection mechanisms in high-speed networks. Breno is currently a security researcher for TrustWave Spiderlabs team, also the maintainer of ModSecurity, developement team member of Suricata IDS/IPS. He worked as a computer incidente response team member for the Telecom Industry in Latin America. Breno resides in Brasília, Brazil.

------------------------------
'''Training 2 - Introduction to Web Application Security'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Spanish

'''Instructor:''' Fabio Cerullo

'''Abstract''':
This training will help you will gain skills on how to assess applications from a hacker's point of view, understand application security vulnerabilities and learn how to close these security holes in your Java or .Net applications so they are never exploited by a hacker. This intensive one day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.
?Hands on
The students will participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities and then use proxy tools (i.e., Webscarab) to complete the exercises.

'''About the instructor''':
Fabio is currently working as an Information Security Specialist at AIB Bank (Dublin, Ireland). His tasks include performing risk analysis, assessing the security of web applications developed internally or purchased from third parties, define policies and standards on secure coding, as well as providing training on web application security to developers, auditors, executives and security professionals. Prior to joining AIB, he worked as a Security Engineer at the European headquarters of Symantec Security Response analyzing malicious code, blended threats, security risks and vulnerabilities in various applications. Before moving to Ireland, he worked in the development of different training programs and activities with emphasis on secure software development in his native Argentina. As a member of the OWASP organization, Fabio is part of Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security; he coordinates international conferences around this topic, and since early 2010 has been appointed chairman of OWASP Chapter in Ireland. Fabio is a graduate in Computer Engineering from the Universidad Católica Argentina and has been granted the CISSP by (ISC) 2 back in 2006.

-------------------------------------
'''Training 3 - Introdução à criptografia ilustrada em Java para programadores web'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Alexandre Melo Braga

'''Abstract''':
A criptografia é a única tecnologia capaz de proteger dados em trânsito. O mimicurso terá o seguinte conteúdo geral: criptografia simétrica, criptografia assimétrica, modos de operação de cifras de bloco, funções de hash, funções MAC, geradores números pseudo-aleatórios e protocolos de acordo de chaves e SSL. Uma vez que se trata de um treinamento para programadores, todo o conteúdo será exemplificado em Java e será dada ênfase à identificação de maus usos de criptografia. O minicurso tem o aspecto prático de que todos os programas serão manipulados no treinamento, não apenas e PPT.

'''About the instructor''':
Professor de graduação em tecnologia e segurança por 10 anos
Professor de pós-graduação em desenvolvimento seguro de software e criptografia há 5 anos.
Autor de diversos artigos científicos
Instrutor de diversos treinamentos para organizações privadas no Brasil e no exterior assim como para instituições educacionais.

-----------------------------------
'''Training 4 - OWASP Top 10 + Java EE'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Magno Rodrigues

'''Abstract''':
The goal of this training is to give a better understanding about the top 10 risks that are more critical to web applications using the OWASP Top 10 v.2010 document, that describes them, their impacts and how to avoid them. We will go through all 10 risks, showing what they are with practical examples and detailed explanation. Participants will have the opportunity to practice the search and fixing of theses risks with a vulnerable web application called WebGoat, which is also an OWASP Project developed in Java EE. All the examples will be in Java, so previous knowledge of this programming language is a plus but not mandatory.

'''About the instructor''':
Magno Rodrigues de Oliveira é Líder e Fundador do Capítulo da OWASP na Paraíba. Pós-Graduando em Segurança da Informação pela Faculdade de Tecnologia de João Pessoa. Realizou um curso de 1 (um) ano em Forense Computacional em Nova York, EUA. Formado em Tecnologia em Sistemas para Internet pelo Instituto Federal de Educação, Ciência e Tecnologia da Paraíba. Trabalha atualmente como Analista de Sistemas da Politec, prestando serviços para a Secretaria de Estado da Receita da Paraíba.

---------------------------------
'''Training 5 - Protecting Java Web Applications against known (and unknown) vulnerabilities with the new Mod_Security for Java.'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Spanish

'''Instructor:''' Juan Carlos Calderon

'''Abstract''':
Explanation on how Mod_Security for Java works, when is more suitable, how to install it, configure it and create rules in both XML and Mod_Security format to protect a java application against common vulnerabilities in OWASP Top 10 and SANS/CWE 25. Also an introduction to OWASP Mod_Security Core Ruleset to protect application on dangerous patterns that can lead to vulnerabilities not publicly available right now.

'''About the instructor''':
Professional with 11 years of application security expertise working for multinational companies in the Financial, Aviation, Media and transportation industries, supporter of OWASP as project leader since 5 years ago and CSSLP certified.

------------------------------------
'''Training 6 - Uso da OWASP ESAPI (Enterprise Security API) para prover segurança em aplicações Web'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Tarcizio Vieira Neto

'''Abstract''':
A evolução da tecnologia no desenvolvimento de aplicações WEB tem contribuído com o aumento significativo do uso dessa tecnologia para atender os mais diversificados propósitos. Porém, essa tecnologia está sujeita a diversas vulnerabilidades de segurança críticas, principalmente quando pesquisas recentes apontam que a maioria das vulnerabilidades estão presentes na própria aplicação.
A biblioteca ESAPI (Enterprise Security API), da OWASP, surge neste cenário como uma biblioteca de segurança open source disponível para diversas linguagens, como Java EE, PHP, .NET, ASP Clássico, Python, Ruby, entre outras. O minicurso aborda de modo prático as vulnerabilidades causadas por erros comuns no desenvolvimento de aplicações e os mecanismos de controle de segurança providos pela biblioteca ESAPI com o foco na tecnologia Java. Os princípios gerais aprendidos no curso podem ser aplicados no contexto das demais linguagens de programação.

'''About the instructor''':
Tarcizio Vieira Neto é graduado em Ciência da Computação pela Universidade Federal de Goiás (UFG), em Goiânia. Atualmente trabalha no SERPRO, desde novembro de 2009, como Analista de Desenvolvimento, na Coordenação Estratégica de Tecnologia CETEC, desenvolvendo trabalhos sobre o tema segurança no desenvolvimento de aplicações, envolvendo aspectos processuais e técnicos, como também participa da prospecção de ferramentas que dão suporte à segurança no desenvolvimento de aplicações Web.
Participou também como instrutor no treinamento de novos empregados e auxiliou na elaboração do material do curso em Ensino a Distância na universidade corporativa do SERPRO (UniSERPRO).
Participou da primeira versão da tradução do OWASP Secure Coding Principles Quick Reference Guide, para o português brasileiro e liderou o projeto de revisão da tradução do mesmo documento.
Possui especialização em gestão da segurança da informação pela Universidade de Brasília (UnB).

==== October 6th ====

== Schedule ==

To be published soon.

==== October 7th ====

== Schedule ==

To be published soon.

==== Venue ====

The event will be held in Porto Alegre, RS, Brazil at [http://www.pucrs.br PUCRS University] - Building 50 Auditorium.

You can check the location at [http://maps.google.com.br/maps?oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&hl=en&biw=1440&bih=760&ie=UTF-8&q=PUCRS&fb=1&gl=br&hq=PUCRS&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+Rio+Grande+do+Sul&cid=0,0,13248223140037344003&ei=y1JVTq7yBaOtsQLS6Im3Bw&sa=X&oi=local_result&ct=image&ved=0CAQQ_BI Google Maps]

==== Registration ====

== Online Registration ==

Registration form is available at http://registration2011.appseclatam.org/

== Conference Fees ==

'''Access to conference:'''

* Before Aug 31st: 250.00 BRL
* Before Sep 30th: 350.00 BRL
* After Oct 1st: 450.00 BRL

'''Trainings'''

* One day: 450.00 BRL
* Two days: 900.00 BRL

''Please check the registration form for information about conference packages.''

'''Discounts'''

* OWASP Member: 100.00 BRL (Note: This discount is greater than the OWASP USD 50.00 annual fee. Check [http://www.google.com.br/#q=50+usd+in+brl&fp=1 here]
* Student: 100.00 BRL (Note: student ID required).
* Special discounts available for groups registrations. Please send inquiries to appsec2011@appseclatam.org

==== Practical Info ====

== Visitors' Guide ==

Gate for tourists in the state of Rio Grande do Sul in Brazil, and only 120 miles from the pleasant Serra Gaucha, Porto Alegre is a bustling hub of services and infrastructure with quality recognized, and a base of large national and international companies and a major destination for international events in Brazil.

Usefull links:

[http://www2.portoalegre.rs.gov.br/turismo http://www2.portoalegre.rs.gov.br/turismo]

[https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre]

 60 Minutes recent report about Brazil and his development potencial: {{#ev:youtube|DMM7OJ_Kj9I}}

 Tourist video about Porto Alegre City: {{#ev:youtube|pXQ9z8sPcHI}}

== Electric Outlet ==

[http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html https://www.owasp.org/images/0/0f/Tomadas_diversas.jpg] 
Reference: [http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html]

== Weather ==

== Trip ==

== Accommodation ==

'''NOVOTEL PORTO ALEGRE''' 
Av. Soledade, 575 
Três Figueiras 
Phone: (51) 3327-9292 

Single / Double 
R$243,00 / R$289,00 
Cortesy breakfast 

General Conditions 
. Diárias expressas em reais (R$), por dia e por apartamento; . Diárias iniciam e terminam às 12 horas; . Taxa de Turismo (opcional) - R$2,50 por dia/apartamento; . Imposto Municipal: acrescer 5% ISS; . O acesso à internet nas áreas sociais e nos apartamentos é cortesia; . Estacionamento: R$16,00 por carro ao dia (com manobrista); . Terceira pessoa no apartamento: Mediante disponibilidade. Cobrada taxa diária de R$47,00 + 5% ISS e será acomodada em cama extra ou sofá cama; . Forma de Pagamento: Depósito antecipado ou pagamento direto; . Garantia de No Show: Todas as reservas deverão ter garantia de no show. Em caso de não comparecimento, poderá ser cobrado o período integral reservado; . Não aceitamos cheques; . Duas crianças de até 16 anos no Novotel e uma criança de até 12 anos no Mercure acompanhadas dos pais/responsáveis no mesmo apartamento serão cortesia.
Necessária apresentação de documentação de identificação no check-in; . Valores pagos não serão reembolsáveis ou dados como créditos para próximas hospedagens; 

Map link: 
http://maps.google.com.br/maps?hl=pt-BR&um=1&ie=UTF-8&q=novotel+porto+alegre&fb=1&gl=br&hq=novotel&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+RS&cid=0,0,11722004907679800889&ei=GKn4TfaHDIP20gGF9pXDCw&sa=X&oi=local_result&ct=image&resnum=1&ved=0CDAQnwIwAA

https://www.owasp.org/images/3/33/Novohotel.jpg

==== Social Events ====

Information will be published here.

==== Sponsoring ====

We are looking for sponsors for 2011 edition of Global AppSec Latin America. See more details about sponsor opportunities.

If you are interested to sponsor Global AppSec Latin America 2011, please contact the conference chair: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org].

To find out more about the different sponsorship opportunities please check the document below: [http://www.owasp.org/images/4/4f/OWASP_AppSec_2011_Sponsorship_English.pdf OWASP AppSec 2011 Sponsorship English.pdf]

 

== Diamond Sponsors ==
 
<center>
[[Image:elipse_logo3.png|link=http://www.elipse.com.br]]
</center>
 

== Platinum Sponsors ==
 
== Gold Sponsors ==
 
<center>
[[Image:IT2S.png|link=http://www.it2s.com.br]]  
[[Image:trustwaveappseclatam.jpg|link=https://www.trustwave.com]]
</center>
 

== Silver Sponsors ==
 
<center>
[[Image:Adobe_logo5.png|link=http://www.adobe.com]]  
[[Image:PUCRS2.jpg|100px|link=http://www.pucrs.br]]
</center>
 

== Conference Kit Sponsors ==
 
<center>
[[Image:LogotipoConvisoCor.png‎|200px|link=http://www.conviso.com.br]]   [[Image:LgClavis.jpg‎|link=http://www.clavis.com.br]]
</center>
 

== Local Promotion ==
 
<center>
[[Image:Logo-PoaSec2.png|link=http://www.poasec.org]]
</center>
 

==== Team ====
[mailto:abc@elipse.com.br Alexandre Balestrin Correa] 
[http://cassiogoldschmidt.com/ Cassio Goldschmidt] [http://www.owasp.org/index.php/User:Jeronimo_Zucco Jerônimo Zucco ] [http://www.owasp.org/index.php/User:Gustavo_Barbato L. Gustavo C. Barbato ] [http://www.owasp.org/index.php/User:Sapao Lucas C. Ferreira ] [http://www.owasp.org/index.php/User:Rafael_Dreher Rafael Dreher ] 

==== Chapter Leader Workshop ====

=='''What is the Chapter Leader Workshop?''' ==
On '''Wednesday, October 5,2011 at 13:30h-16:30h''' the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. ''Please note that this Workshop will take place on the day before the Conference starts.''

'''Items that will be discussed are:'''
* How to improve the current Chapter Leader Handbook?
* How to start and support new chapters within Latin America?
* How to support inactive chapters within Latin America?
* What Governance model is required for OWASP chapters?
* How can the Global Chapters Committee facilitate the Latin American chapters?
* ...

Additionally we hope to make time and space available to do hands-on work revising the [[Chapter Leader Handbook]], details TBA.

== '''Funding to Attend the Workshop''' ==

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Latin America, please submit a request to [mailto:tin.zaw@owasp.org Tin Zaw] and [mailto:sarah.baso@owasp.org Sarah Baso] by '''August 22, 2011'''.

Funding for your attendance to the workshop should be worked out in the following order.

# Ask your employer to fund your trip to AppSec Latin America conference.
# Utilize your chapter funds.
# Ask the chapter committee for funding assistance.

While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 22, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP.

== '''RSVP and Details''' ==

To RSVP and view more details about the Workshop, go to the '''[[AppSecLatam2011 chapters workshop agenda]]'''.

== '''Contact''' ==

Email [mailto:sarah.baso@owasp.org Sarah Baso] or [mailto:tin.zaw@owasp.org Tin Zaw] for more details.

<headertabs />

[[Category:OWASP_AppSec_Conference]]

AppSecLatam2011

2011-08-24T20:36:45Z

Rafael Dreher:

__NOTOC__

{|
|-
! width="700" align="center" | 
! width="500" align="center" | 
|-
| align="center" | [[Image:AppSec Brasil 11 medio.png]]
| align="center" |
 '''Language: [http://www.owasp.org/index.php?title=AppSecLatam2011 http://www.owasp.org/images/8/88/Bandeira_reino_unido.png]
[http://www.owasp.org/index.php?title=AppSecLatam2011_(pt-br) http://www.owasp.org/images/4/49/Bandeira_brasil.png] [http://www.owasp.org/index.php?title=AppSecLatam2011_(es) http://www.owasp.org/images/1/1c/Bandeira_espanha.png] 

*[http://www.owasp.org/images/1/19/AppSecLatam_2011_Announcement.pdf Press Release]
*[[AppSecLA2011/Media Mentions|Media Mentions]]
*[[AppSecLA2011/Archived|Archived]]

 '''Follow us: [http://www.twitter.com/AppSecLatam http://www.owasp.org/images/f/f7/Twitter.png]
[http://www.facebook.com/event.php?eid=155195651207509 http://www.owasp.org/images/5/55/Facebook.png] [http://events.linkedin.com/OWASP-Global-AppSec-Latin-America-2011/pub/607738 http://www.owasp.org/images/1/1a/Linkedin.png]

|}

 

==== Welcome ====

{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
We are pleased to announce that the [http://www.owasp.org/index.php/Porto_Alegre OWASP Porto Alegre Local Chapter] will organize the '''Global AppSec Latin America 2011 Conference''' in Porto Alegre-RS, Brazil. 

The Global AppSec Latin America 2011 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 200-250 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals. 

A OWASP Global AppSec Latin América 2011 will be happens in Brazil at Porto Alegre city, Rio Grande do Sul state [http://maps.google.com/maps?f=q&source=s_q&hl=pt-BR&geocode=&q=Porto+Alegre&ie=UTF8&hq=&hnear=Porto+Alegre+-+Rio+Grande+do+Sul,+Brasil&z=11 map] in October 4th to 7th 2011. The trainings will be in October 04 and 05, and the presentations will be in October 06 and 07.

 If you have any questions, please email the conference chair: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org] 

 '''Who Should Attend Global AppSec Latin América 2011:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interested in Improving IT Security 



|}



| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | 
[[Image:Owasp-poa-eng.png]]

{{#ev:youtube|pXQ9z8sPcHI}}

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use the '''[http://search.twitter.com/search?q=%23AppSecLatam #AppSecLatam]''' hashtag for your tweets for Global AppSec Latin America 2011 (What are [http://hashtags.org/ hashtags]?)

'''@AppSecLatAm Twitter Feed ([http://twitter.com/AppSecLatam Follow us on Twitter!])''' <twitter>262394051</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | 
|}

 

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" | 
|}

 

==== CFT & CFP ====

== CFT ==

Read the Call for Trainings in: [https://www.owasp.org/index.php/AppSecLatam2011/CFT https://www.owasp.org/index.php/AppSecLatam2011/CFT]

We are doing a research about subjects of the trainings. You can help us, answering the questions in the follow address:

[http://www.surveymonkey.com/s/3RCZ9RR http://www.surveymonkey.com/s/3RCZ9RR]

== CFP ==

Read the Call for Presentations in: [https://www.owasp.org/index.php/AppSecLatam2011/CFP https://www.owasp.org/index.php/AppSecLatam2011/CFP]

 

== Program Committee ==

*Kuai Hinojosa
*Leandro Gomes
*Leonardo Buonsanti
*Leonardo Lemes
*Luiz Eduardo
*Luiz Otávio Duarte
*Mateo Martinez
*Rodrigo Rubira

 

==== Keynotes ====

== '''Keynotes''' ==

== Bryan Sullivan ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/3/36/Bryan-sullivan.jpg
| align="justify" | [http://www.linkedin.com/in/bryanjsullivan Bryan Sullivan ] is a Senior Security Researcher with Adobe Systems, where he focuses on cloud security issues. Prior to Adobe, he was a program manager on Microsoft's Security Development Lifecycle team, and a development manager at HP, where he helped to design HP's vulnerability scanning tools WebInspect and DevInspect.
Bryan has spoken at security industry conferences such as Black Hat, RSA Conference, BlueHat and TechEd on a diverse range of topics including NoSQL, RIA architecture, REST, cryptography, denial-of-service defense, URL rewriting, and applying secure development processes to Agile projects. He was the author of the MSDN Magazine column Security Briefs, and is the coauthor of the books Ajax Security (Addison-Wesley, 2007) and the upcoming Secure Web Applications, A Beginner's Guide (McGraw-Hill, 2011). [http://www.linkedin.com/in/bryanjsullivan Linkedin]

|}

 

== '''Guest Speakers''' ==

== Chris Evans ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/4/48/ChrisEvans1.png
| align="justify" | [http://www.linkedin.com/in/scarybeast Chris Evans] - Troublemaker, Google Inc. Chris Evan is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. His work includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at [http://scarybeastsecurity.blogspot.com http://scarybeastsecurity.blogspot.com]. At Google, Chris currently leads security for Google Chrome. He has presented at various conferences (PacSec, HiTB Dubai, HiTB Malaysia, BlackHat Europe, HiTB Amsterdam, OWASP, etc.) and is on the HiTB and WOOT paper selection panels. [http://www.linkedin.com/in/scarybeast Linkedin]
|}

== Michael Craigue ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/0/0c/MichaelCraigue.jpg
| align="justify" | [http://www.linkedin.com/in/craigue Michael Craigue] (CISSP/CSSLP) is Director of the Security Consulting group at Dell, with 14 team members in Brazil, India, Malaysia, and the US. He and his team have responsibility for consulting with all of Dell’s internal organizations, including IT, Product Group, Services, and Mergers and Acquisitions, with a particular focus on the Secure Software Development Lifecycle. He has taught Database Management and Business Intelligence / Knowledge Management at St. Edward’s University in their MBA / MS CIS programs. Prior to joining Dell’s information security team, he spent a decade building Web and database applications. He has a PhD from the University of Texas at Austin in Higher Education Administration / Finance. [http://www.linkedin.com/in/craigue Linkedin]
|}

==== October 4th-5th (Training) ====

== Schedule ==

'''Training 1 - ModSecurity Training'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor''': Breno Silva

'''Abstract''':
This is a Hands-On traning about ModSecurity (WAF). People in this class will learn the main topics of ModSecurity, including installation, modes of deployment, configuration, rule customization and logging.

'''1. O que é ModSecurity?'''
* Como instalar
* Arquiteturas
* Exercicio 1

'''2. Configurando ModSecurity'''
* Principais diretivas de configuração
* Core Rule Set (CRS)
* Exercicio 1
* Exercicio 2

'''3. Customizando regras'''
* Sintaxe
* Fases
* Principais variáveis
* Principais operadores
* Principais ações
* Funções de transformação
* Exercicio 1
* Exercicio 2
* Exercicio 3
* Exercicio 4

'''4. Logging'''
* Entendendo as Log parts
* Exercicio 1

'''About the instructor''':
Breno is a computer scientist with over 8 years experience in Information Technology, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a deep mathematical education, supporting research and algorithm design for network anomaly detection mechanisms in high-speed networks. Breno is currently a security researcher for TrustWave Spiderlabs team, also the maintainer of ModSecurity, developement team member of Suricata IDS/IPS. He worked as a computer incidente response team member for the Telecom Industry in Latin America. Breno resides in Brasília, Brazil.

------------------------------
'''Training 2 - Introduction to Web Application Security'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Spanish

'''Instructor:''' Fabio Cerullo

'''Abstract''':
This training will help you will gain skills on how to assess applications from a hacker's point of view, understand application security vulnerabilities and learn how to close these security holes in your Java or .Net applications so they are never exploited by a hacker. This intensive one day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.
?Hands on
The students will participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities and then use proxy tools (i.e., Webscarab) to complete the exercises.

'''About the instructor''':
Fabio is currently working as an Information Security Specialist at AIB Bank (Dublin, Ireland). His tasks include performing risk analysis, assessing the security of web applications developed internally or purchased from third parties, define policies and standards on secure coding, as well as providing training on web application security to developers, auditors, executives and security professionals. Prior to joining AIB, he worked as a Security Engineer at the European headquarters of Symantec Security Response analyzing malicious code, blended threats, security risks and vulnerabilities in various applications. Before moving to Ireland, he worked in the development of different training programs and activities with emphasis on secure software development in his native Argentina. As a member of the OWASP organization, Fabio is part of Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security; he coordinates international conferences around this topic, and since early 2010 has been appointed chairman of OWASP Chapter in Ireland. Fabio is a graduate in Computer Engineering from the Universidad Católica Argentina and has been granted the CISSP by (ISC) 2 back in 2006.

-------------------------------------
'''Training 3 - Introdução à criptografia ilustrada em Java para programadores web'''

'''Date:''' October 5th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Alexandre Melo Braga

'''Abstract''':
A criptografia é a única tecnologia capaz de proteger dados em trânsito. O mimicurso terá o seguinte conteúdo geral: criptografia simétrica, criptografia assimétrica, modos de operação de cifras de bloco, funções de hash, funções MAC, geradores números pseudo-aleatórios e protocolos de acordo de chaves e SSL. Uma vez que se trata de um treinamento para programadores, todo o conteúdo será exemplificado em Java e será dada ênfase à identificação de maus usos de criptografia. O minicurso tem o aspecto prático de que todos os programas serão manipulados no treinamento, não apenas e PPT.

'''About the instructor''':
Professor de graduação em tecnologia e segurança por 10 anos
Professor de pós-graduação em desenvolvimento seguro de software e criptografia há 5 anos.
Autor de diversos artigos científicos
Instrutor de diversos treinamentos para organizações privadas no Brasil e no exterior assim como para instituições educacionais.

-----------------------------------
'''Training 4 - OWASP Top 10 + Java EE'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Magno Rodrigues

'''Abstract''':
The goal of this training is to give a better understanding about the top 10 risks that are more critical to web applications using the OWASP Top 10 v.2010 document, that describes them, their impacts and how to avoid them. We will go through all 10 risks, showing what they are with practical examples and detailed explanation. Participants will have the opportunity to practice the search and fixing of theses risks with a vulnerable web application called WebGoat, which is also an OWASP Project developed in Java EE. All the examples will be in Java, so previous knowledge of this programming language is a plus but not mandatory.

'''About the instructor''':
Magno Rodrigues de Oliveira é Líder e Fundador do Capítulo da OWASP na Paraíba. Pós-Graduando em Segurança da Informação pela Faculdade de Tecnologia de João Pessoa. Realizou um curso de 1 (um) ano em Forense Computacional em Nova York, EUA. Formado em Tecnologia em Sistemas para Internet pelo Instituto Federal de Educação, Ciência e Tecnologia da Paraíba. Trabalha atualmente como Analista de Sistemas da Politec, prestando serviços para a Secretaria de Estado da Receita da Paraíba.

---------------------------------
'''Training 5 - Protecting Java Web Applications against known (and unknown) vulnerabilities with the new Mod_Security for Java.'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Spanish

'''Instructor:''' Juan Carlos Calderon

'''Abstract''':
Explanation on how Mod_Security for Java works, when is more suitable, how to install it, configure it and create rules in both XML and Mod_Security format to protect a java application against common vulnerabilities in OWASP Top 10 and SANS/CWE 25. Also an introduction to OWASP Mod_Security Core Ruleset to protect application on dangerous patterns that can lead to vulnerabilities not publicly available right now.

'''About the instructor''':
Professional with 11 years of application security expertise working for multinational companies in the Financial, Aviation, Media and transportation industries, supporter of OWASP as project leader since 5 years ago and CSSLP certified.

------------------------------------
'''Training 6 - Uso da OWASP ESAPI (Enterprise Security API) para prover segurança em aplicações Web'''

'''Date:''' October 4th 2011 - 9AM to 5:30PM

'''Language:''' Portuguese

'''Instructor:''' Tarcizio Vieira Neto

'''Abstract''':
A evolução da tecnologia no desenvolvimento de aplicações WEB tem contribuído com o aumento significativo do uso dessa tecnologia para atender os mais diversificados propósitos. Porém, essa tecnologia está sujeita a diversas vulnerabilidades de segurança críticas, principalmente quando pesquisas recentes apontam que a maioria das vulnerabilidades estão presentes na própria aplicação.
A biblioteca ESAPI (Enterprise Security API), da OWASP, surge neste cenário como uma biblioteca de segurança open source disponível para diversas linguagens, como Java EE, PHP, .NET, ASP Clássico, Python, Ruby, entre outras. O minicurso aborda de modo prático as vulnerabilidades causadas por erros comuns no desenvolvimento de aplicações e os mecanismos de controle de segurança providos pela biblioteca ESAPI com o foco na tecnologia Java. Os princípios gerais aprendidos no curso podem ser aplicados no contexto das demais linguagens de programação.

'''About the instructor''':
Tarcizio Vieira Neto é graduado em Ciência da Computação pela Universidade Federal de Goiás (UFG), em Goiânia. Atualmente trabalha no SERPRO, desde novembro de 2009, como Analista de Desenvolvimento, na Coordenação Estratégica de Tecnologia CETEC, desenvolvendo trabalhos sobre o tema segurança no desenvolvimento de aplicações, envolvendo aspectos processuais e técnicos, como também participa da prospecção de ferramentas que dão suporte à segurança no desenvolvimento de aplicações Web.
Participou também como instrutor no treinamento de novos empregados e auxiliou na elaboração do material do curso em Ensino a Distância na universidade corporativa do SERPRO (UniSERPRO).
Participou da primeira versão da tradução do OWASP Secure Coding Principles Quick Reference Guide, para o português brasileiro e liderou o projeto de revisão da tradução do mesmo documento.
Possui especialização em gestão da segurança da informação pela Universidade de Brasília (UnB).

==== October 6th ====

== Schedule ==

To be published soon.

==== October 7th ====

== Schedule ==

To be published soon.

==== Venue ====

The event will be held in Porto Alegre, RS, Brazil at [http://www.pucrs.br PUCRS University] - Building 50 Auditorium.

You can check the location at [http://maps.google.com.br/maps?oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&hl=en&biw=1440&bih=760&ie=UTF-8&q=PUCRS&fb=1&gl=br&hq=PUCRS&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+Rio+Grande+do+Sul&cid=0,0,13248223140037344003&ei=y1JVTq7yBaOtsQLS6Im3Bw&sa=X&oi=local_result&ct=image&ved=0CAQQ_BI Google Maps]

==== Registration ====

== Online Registration ==

Registration form is available at http://registration2011.appseclatam.org/

== Conference Fees ==

'''Access to conference:'''

* Before Aug 31st: 250.00 BRL
* Before Sep 30th: 350.00 BRL
* After Oct 1st: 450.00 BRL

'''Trainings'''

* One day: 450.00 BRL
* Two days: 900.00 BRL

''Please check the registration form for information about conference packages.''

'''Discounts'''

* OWASP Member: 100.00 BRL (Note: This discount is greater than the OWASP USD 50.00 annual fee. Check [http://www.google.com.br/#q=50+usd+in+brl&fp=1 here]
* Student: 100.00 BRL (Note: student ID required).
* Special discounts available for groups registrations. Please send inquiries to appsec2011@appseclatam.org

==== Practical Info ====

== Visitors' Guide ==

Gate for tourists in the state of Rio Grande do Sul in Brazil, and only 120 miles from the pleasant Serra Gaucha, Porto Alegre is a bustling hub of services and infrastructure with quality recognized, and a base of large national and international companies and a major destination for international events in Brazil.

Usefull links:

[http://www2.portoalegre.rs.gov.br/turismo http://www2.portoalegre.rs.gov.br/turismo]

[https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre]

 60 Minutes recent report about Brazil and his development potencial: {{#ev:youtube|DMM7OJ_Kj9I}}

 Tourist video about Porto Alegre City: {{#ev:youtube|pXQ9z8sPcHI}}

== Electric Outlet ==

[http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html https://www.owasp.org/images/0/0f/Tomadas_diversas.jpg] 
Reference: [http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html]

== Weather ==

== Trip ==

== Accommodation ==

'''NOVOTEL PORTO ALEGRE''' 
Av. Soledade, 575 
Três Figueiras 
Phone: (51) 3327-9292 

Single / Double 
R$243,00 / R$289,00 
Cortesy breakfast 

General Conditions 
. Diárias expressas em reais (R$), por dia e por apartamento; . Diárias iniciam e terminam às 12 horas; . Taxa de Turismo (opcional) - R$2,50 por dia/apartamento; . Imposto Municipal: acrescer 5% ISS; . O acesso à internet nas áreas sociais e nos apartamentos é cortesia; . Estacionamento: R$16,00 por carro ao dia (com manobrista); . Terceira pessoa no apartamento: Mediante disponibilidade. Cobrada taxa diária de R$47,00 + 5% ISS e será acomodada em cama extra ou sofá cama; . Forma de Pagamento: Depósito antecipado ou pagamento direto; . Garantia de No Show: Todas as reservas deverão ter garantia de no show. Em caso de não comparecimento, poderá ser cobrado o período integral reservado; . Não aceitamos cheques; . Duas crianças de até 16 anos no Novotel e uma criança de até 12 anos no Mercure acompanhadas dos pais/responsáveis no mesmo apartamento serão cortesia.
Necessária apresentação de documentação de identificação no check-in; . Valores pagos não serão reembolsáveis ou dados como créditos para próximas hospedagens; 

Map link: 
http://maps.google.com.br/maps?hl=pt-BR&um=1&ie=UTF-8&q=novotel+porto+alegre&fb=1&gl=br&hq=novotel&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+RS&cid=0,0,11722004907679800889&ei=GKn4TfaHDIP20gGF9pXDCw&sa=X&oi=local_result&ct=image&resnum=1&ved=0CDAQnwIwAA

https://www.owasp.org/images/3/33/Novohotel.jpg

==== Social Events ====

Information will be published here.

==== Sponsoring ====

We are looking for sponsors for 2011 edition of Global AppSec Latin America. See more details about sponsor opportunities.

If you are interested to sponsor Global AppSec Latin America 2011, please contact the conference chair: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org].

To find out more about the different sponsorship opportunities please check the document below: [http://www.owasp.org/images/4/4f/OWASP_AppSec_2011_Sponsorship_English.pdf OWASP AppSec 2011 Sponsorship English.pdf]

 

== Diamond Sponsors ==
 
<center>
[[Image:elipse_logo3.png|link=http://www.elipse.com.br]]
</center>
 

== Platinum Sponsors ==
 
== Gold Sponsors ==
 
<center>
[[Image:IT2S.png|link=http://www.it2s.com.br]]  
[[Image:trustwaveappseclatam.jpg|link=https://www.trustwave.com]]
</center>
 

== Silver Sponsors ==
 
<center>
[[Image:Adobe_logo5.png|link=http://www.adobe.com]]   [[Image:PUCRS2.jpg|100px|link=http://www.pucrs.br]]
</center>
 

== Conference Kit Sponsors ==
 
<center>
[[Image:LogotipoConvisoCor.png‎|200px|link=http://www.conviso.com.br]]   [[Image:LgClavis.jpg‎|link=http://www.clavis.com.br]]
</center>
 

== Local Promotion ==
 
<center>
[[Image:Logo-PoaSec2.png|link=http://www.poasec.org]]
</center>
 

==== Team ====
[mailto:abc@elipse.com.br Alexandre Balestrin Correa] 
[http://cassiogoldschmidt.com/ Cassio Goldschmidt] [http://www.owasp.org/index.php/User:Jeronimo_Zucco Jerônimo Zucco ] [http://www.owasp.org/index.php/User:Gustavo_Barbato L. Gustavo C. Barbato ] [http://www.owasp.org/index.php/User:Sapao Lucas C. Ferreira ] [http://www.owasp.org/index.php/User:Rafael_Dreher Rafael Dreher ] 

==== Chapter Leader Workshop ====

=='''What is the Chapter Leader Workshop?''' ==
On '''Wednesday, October 5,2011 at 13:30h-16:30h''' the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. ''Please note that this Workshop will take place on the day before the Conference starts.''

'''Items that will be discussed are:'''
* How to improve the current Chapter Leader Handbook?
* How to start and support new chapters within Latin America?
* How to support inactive chapters within Latin America?
* What Governance model is required for OWASP chapters?
* How can the Global Chapters Committee facilitate the Latin American chapters?
* ...

Additionally we hope to make time and space available to do hands-on work revising the [[Chapter Leader Handbook]], details TBA.

== '''Funding to Attend the Workshop''' ==

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Latin America, please submit a request to [mailto:tin.zaw@owasp.org Tin Zaw] and [mailto:sarah.baso@owasp.org Sarah Baso] by '''August 22, 2011'''.

Funding for your attendance to the workshop should be worked out in the following order.

# Ask your employer to fund your trip to AppSec Latin America conference.
# Utilize your chapter funds.
# Ask the chapter committee for funding assistance.

While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 22, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP.

== '''RSVP and Details''' ==

To RSVP and view more details about the Workshop, go to the '''[[AppSecLatam2011 chapters workshop agenda]]'''.

== '''Contact''' ==

Email [mailto:sarah.baso@owasp.org Sarah Baso] or [mailto:tin.zaw@owasp.org Tin Zaw] for more details.

<headertabs />

[[Category:OWASP_AppSec_Conference]]

2011-08-20T23:22:25Z

Rafael Dreher:

__NOTOC__

{|
|-
! align="center" width="700" |
! align="center" width="500" |
|-
| align="center" | [[Image:AppSec Brasil 11 medio.png]]
| align="center" |
 '''Língua: [http://www.owasp.org/index.php?title=AppSecLatam2011 http://www.owasp.org/images/8/88/Bandeira_reino_unido.png]
[http://www.owasp.org/index.php?title=AppSecLatam2011_(pt-br) http://www.owasp.org/images/4/49/Bandeira_brasil.png] [http://www.owasp.org/index.php?title=AppSecLatam2011_(es) http://www.owasp.org/images/1/1c/Bandeira_espanha.png] | 

*[http://www.owasp.org/images/1/19/AppSecLatam_2011_Announcement.pdf Comunicado de Imprensa]
*[[AppSecLatam2011/Media Mentions|Menções na mídia]]
*[[AppSecLatam2011/Archived|Arquivos]]

 '''Siga-nos: [http://www.twitter.com/AppSecLatam http://www.owasp.org/images/f/f7/Twitter.png]
[http://www.facebook.com/event.php?eid=155195651207509 http://www.owasp.org/images/5/55/Facebook.png] [http://events.linkedin.com/OWASP-Global-AppSec-Latin-America-2011/pub/607738 http://www.owasp.org/images/1/1a/Linkedin.png]

|}

 

==== Apresentação ====

{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
Temos o prazer de anunciar que o [http://www.owasp.org/index.php/Porto_Alegre Capítulo OWASP de Porto Alegre] irá organizar a '''Conferência Global AppSec Latin America 2011''' em Porto Alegre-RS, Brasil. 

A conferência Global AppSec Latin América 2011 será uma reunião de líderes latino-americanos na área de Segurança da Informação, e irá apresentar temas e idéias de vanguarda sobre o assunto. Eventos OWASP atraem público do mundo todo interessados nas tendências da área. A conferência espera atrair 200 a 250 tecnólogos do governo, serviços financeiros, mídia, indústria farmacêutica, saúde, tecnologia, e muitas outras áreas. 

A OWASP Global AppSec Latin América 2011 irá acontecer no Brasil na cidade de Porto Alegre, estado do Rio Grande do Sul ([http://maps.google.com/maps?f=q&source=s_q&hl=pt-BR&geocode=&q=Porto+Alegre&ie=UTF8&hq=&hnear=Porto+Alegre+-+Rio+Grande+do+Sul,+Brasil&z=11 mapa]) nos dias 04 à 07 de outubro de 2011. Ocorrerão cursos no dias 4 e 5 de outubro, e as sessões plenárias nos dias 6 e 7 de outubro.

 Se você tiver algum questionamento, por favor entre em contato com a organização do evento através do e-mail: [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org].

 '''Quem deve atender a Global AppSec Latin América 2011:'''

*Desenvolvedores de Aplicativos
*Testadores de Aplicativos e de Qualidade
*Gerentes de Projetos de Aplicativos e Funcionários
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputados, Associados and Membros
*Chief Financial Officers, Auditores, e Pessoas Responsáveis pela Segurança de TI e Compliance
*Gerentes de Segurança e Pessoal
*Executivos, Gerentes e Pessoas Responsáveis pela Governança de TI
*Profissionais de TI Interessados em Aprofundar seus Conhecimentos em Segurança 



|}



| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | 
[[Image:Owasp-poa-eng.png]]

{{#ev:youtube|pXQ9z8sPcHI}}

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use o '''[http://search.twitter.com/search?q=%23AppSecLatam #AppSecLatam]''' hashtag para seus tweets para a Global AppSec Latin America 2011 (O que é [http://hashtags.org/ hashtags]?)

'''@AppSecLatAm Twitter Feed ([http://twitter.com/AppSecLatam Siga-nos no Twitter!])''' <twitter>262394051</twitter>

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


==== CFT e CFP ====

== CFT ==
Leia a chamada de mini-cursos completa em [https://www.owasp.org/index.php/AppSecLatam2011_(pt-br)/CFT https://www.owasp.org/index.php/AppSecLatam2011_(pt-br)/CFT].

Estamos realizando uma pesquisa sobre os temas para treinamentos. Você pode ajudar, respondendo a pesquisa no seguinte endereço:

[http://www.surveymonkey.com/s/3RCZ9RR http://www.surveymonkey.com/s/3RCZ9RR]

== CFP ==

Leia a chamada de trabalhos para apresentações completa em [https://www.owasp.org/index.php/AppSecLatam2011_(pt-br)/CFP https://www.owasp.org/index.php/AppSecLatam2011_(pt-br)/CFP].
 

== Comitê de Programa ==

* Kuai Hinojosa
* Leandro Gomes
* Leonardo Buonsanti
* Leonardo Lemes
* Luiz Eduardo
* Luiz Otávio Duarte
* Mateo Martinez
* Rodrigo Rubira

==== Keynotes ====

== '''Keynotes''' ==

== Bryan Sullivan ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/3/36/Bryan-sullivan.jpg
| align="justify" | [http://www.linkedin.com/in/bryanjsullivan Bryan Sullivan ] is a Senior Security Researcher with Adobe Systems, where he focuses on cloud security issues. Prior to Adobe, he was a program manager on Microsoft's Security Development Lifecycle team, and a development manager at HP, where he helped to design HP's vulnerability scanning tools WebInspect and DevInspect.
Bryan has spoken at security industry conferences such as Black Hat, RSA Conference, BlueHat and TechEd on a diverse range of topics including NoSQL, RIA architecture, REST, cryptography, denial-of-service defense, URL rewriting, and applying secure development processes to Agile projects. He was the author of the MSDN Magazine column Security Briefs, and is the coauthor of the books Ajax Security (Addison-Wesley, 2007) and the upcoming Secure Web Applications, A Beginner's Guide (McGraw-Hill, 2011). [http://www.linkedin.com/in/bryanjsullivan Linkedin]

|}

 

== '''Guest Speakers''' ==

== Chris Evans ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/4/48/ChrisEvans1.png
| align="justify" | [http://www.linkedin.com/in/scarybeast Chris Evans] - Troublemaker, Google Inc. Chris Evan is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. His work includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at [http://scarybeastsecurity.blogspot.com http://scarybeastsecurity.blogspot.com]. At Google, Chris currently leads security for Google Chrome. He has presented at various conferences (PacSec, HiTB Dubai, HiTB Malaysia, BlackHat Europe, HiTB Amsterdam, OWASP, etc.) and is on the HiTB and WOOT paper selection panels. [http://www.linkedin.com/in/scarybeast Linkedin]
|}

== Michael Craigue ==

{| style="background-color: transparent"
|-
! width="200" align="center" | 
! width="1000" align="center" | 
|-
| align="center" | https://www.owasp.org/images/0/0c/MichaelCraigue.jpg
| align="justify" | [http://www.linkedin.com/in/craigue Michael Craigue] (CISSP/CSSLP) is Director of the Security Consulting group at Dell, with 14 team members in Brazil, India, Malaysia, and the US. He and his team have responsibility for consulting with all of Dell’s internal organizations, including IT, Product Group, Services, and Mergers and Acquisitions, with a particular focus on the Secure Software Development Lifecycle. He has taught Database Management and Business Intelligence / Knowledge Management at St. Edward’s University in their MBA / MS CIS programs. Prior to joining Dell’s information security team, he spent a decade building Web and database applications. He has a PhD from the University of Texas at Austin in Higher Education Administration / Finance. [http://www.linkedin.com/in/craigue Linkedin]
|}

==== 04 à 05 de Outubro (Treinamentos) ====

== Agenda ==

'''Treinamento 1''':

'''Instrutor''': Breno Silva

'''Título''': ModSecurity training

'''Resumo''':
This is a Hands-On traning about ModSecurity (WAF). People in this class will learn the main topics of ModSecurity, including installation, modes of deployment, configuration, rule customization and logging.

'''1. O que é ModSecurity?'''
* Como instalar
* Arquiteturas
* Exercicio 1

'''2. Configurando ModSecurity'''
* Principais diretivas de configuração
* Core Rule Set (CRS)
* Exercicio 1
* Exercicio 2

'''3. Customizando regras'''
* Sintaxe
* Fases
* Principais variáveis
* Principais operadores
* Principais ações
* Funções de transformação
* Exercicio 1
* Exercicio 2
* Exercicio 3
* Exercicio 4

'''4. Logging'''
* Entendendo as Log parts
* Exercicio 1

'''Sobre o instrutor''':
Breno is a computer scientist with over 8 years experience in Information Technology, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a deep mathematical education, supporting research and algorithm design for network anomaly detection mechanisms in high-speed networks. Breno is currently a security researcher for TrustWave Spiderlabs team, also the maintainer of ModSecurity, developement team member of Suricata IDS/IPS. He worked as a computer incidente response team member for the Telecom Industry in Latin America. Breno resides in Brasília, Brazil.

------------------------------
'''Treinamento 2''':

'''Instrutor''': Fabio Cerullo

'''Título''': Introduction to Web Application Security

'''Resumo''':
This training will help you will gain skills on how to assess applications from a hacker's point of view, understand application security vulnerabilities and learn how to close these security holes in your Java or .Net applications so they are never exploited by a hacker. This intensive one day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.
?Hands on
The students will participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities and then use proxy tools (i.e., Webscarab) to complete the exercises.

'''Sobre o instrutor''':
Fabio is currently working as an Information Security Specialist at AIB Bank (Dublin, Ireland). His tasks include performing risk analysis, assessing the security of web applications developed internally or purchased from third parties, define policies and standards on secure coding, as well as providing training on web application security to developers, auditors, executives and security professionals. Prior to joining AIB, he worked as a Security Engineer at the European headquarters of Symantec Security Response analyzing malicious code, blended threats, security risks and vulnerabilities in various applications. Before moving to Ireland, he worked in the development of different training programs and activities with emphasis on secure software development in his native Argentina. As a member of the OWASP organization, Fabio is part of Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security; he coordinates international conferences around this topic, and since early 2010 has been appointed chairman of OWASP Chapter in Ireland. Fabio is a graduate in Computer Engineering from the Universidad Católica Argentina and has been granted the CISSP by (ISC) 2 back in 2006.

---------------------------------
'''Treinamento 3''':

'''Instrutor''': Juan Carlos Calderon

'''Título''': Protecting Java Web Applications against known (and unknown) vulnerabilities with the new Mod_Security for Java.

'''Resumo''':
Explanation on how Mod_Security for Java works, when is more suitable, how to install it, configure it and create rules in both XML and Mod_Security format to protect a java application against common vulnerabilities in OWASP Top 10 and SANS/CWE 25. Also an introduction to OWASP Mod_Security Core Ruleset to protect application on dangerous patterns that can lead to vulnerabilities not publicly available right now.

'''Sobre o instrutor''':
Professional with 11 years of application security expertise working for multinational companies in the Financial, Aviation, Media and transportation industries, supporter of OWASP as project leader since 5 years ago and CSSLP certified.

-----------------------------------
'''Treinamento 4''':

'''Instrutor''': Magno Rodrigues

'''Título''': OWASP Top 10 + Java EE

'''Resumo''':
The goal of this training is to give a better understanding about the top 10 risks that are more critical to web applications using the OWASP Top 10 v.2010 document, that describes them, their impacts and how to avoid them. We will go through all 10 risks, showing what they are with practical examples and detailed explanation. Participants will have the opportunity to practice the search and fixing of theses risks with a vulnerable web application called WebGoat, which is also an OWASP Project developed in Java EE. All the examples will be in Java, so previous knowledge of this programming language is a plus but not mandatory.

'''Sobre o Instrutor''':
Magno Rodrigues de Oliveira é Líder e Fundador do Capítulo da OWASP na Paraíba. Pós-Graduando em Segurança da Informação pela Faculdade de Tecnologia de João Pessoa. Realizou um curso de 1 (um) ano em Forense Computacional em Nova York, EUA. Formado em Tecnologia em Sistemas para Internet pelo Instituto Federal de Educação, Ciência e Tecnologia da Paraíba. Trabalha atualmente como Analista de Sistemas da Politec, prestando serviços para a Secretaria de Estado da Receita da Paraíba.

-------------------------------------
'''Treinamento 5''':

'''Instrutor''': Alexandre Melo Braga

'''Título''': Introdução à criptografia ilustrada em Java para programadores web

'''Resumo''':
A criptografia é a única tecnologia capaz de proteger dados em trânsito. O mimicurso terá o seguinte conteúdo geral: criptografia simétrica, criptografia assimétrica, modos de operação de cifras de bloco, funções de hash, funções MAC, geradores números pseudo-aleatórios e protocolos de acordo de chaves e SSL. Uma vez que se trata de um treinamento para programadores, todo o conteúdo será exemplificado em Java e será dada ênfase à identificação de maus usos de criptografia. O minicurso tem o aspecto prático de que todos os programas serão manipulados no treinamento, não apenas e PPT.

'''Sobre o instrutor''':
Professor de graduação em tecnologia e segurança por 10 anos
Professor de pós-graduação em desenvolvimento seguro de software e criptografia há 5 anos.
Autor de diversos artigos científicos
Instrutor de diversos treinamentos para organizações privadas no Brasil e no exterior assim como para instituições educacionais.

------------------------------------
'''Treinamento 6''':

'''Instrutor''': Tarcizio Vieira Neto

'''Título''': Uso da OWASP ESAPI (Enterprise Security API) para prover segurança em aplicações Web

'''Resumo''':
A evolução da tecnologia no desenvolvimento de aplicações WEB tem contribuído com o aumento significativo do uso dessa tecnologia para atender os mais diversificados propósitos. Porém, essa tecnologia está sujeita a diversas vulnerabilidades de segurança críticas, principalmente quando pesquisas recentes apontam que a maioria das vulnerabilidades estão presentes na própria aplicação.
A biblioteca ESAPI (Enterprise Security API), da OWASP, surge neste cenário como uma biblioteca de segurança open source disponível para diversas linguagens, como Java EE, PHP, .NET, ASP Clássico, Python, Ruby, entre outras. O minicurso aborda de modo prático as vulnerabilidades causadas por erros comuns no desenvolvimento de aplicações e os mecanismos de controle de segurança providos pela biblioteca ESAPI com o foco na tecnologia Java. Os princípios gerais aprendidos no curso podem ser aplicados no contexto das demais linguagens de programação.

'''Sobre o instrutor''':
Tarcizio Vieira Neto é graduado em Ciência da Computação pela Universidade Federal de Goiás (UFG), em Goiânia. Atualmente trabalha no SERPRO, desde novembro de 2009, como Analista de Desenvolvimento, na Coordenação Estratégica de Tecnologia CETEC, desenvolvendo trabalhos sobre o tema segurança no desenvolvimento de aplicações, envolvendo aspectos processuais e técnicos, como também participa da prospecção de ferramentas que dão suporte à segurança no desenvolvimento de aplicações Web.
Participou também como instrutor no treinamento de novos empregados e auxiliou na elaboração do material do curso em Ensino a Distância na universidade corporativa do SERPRO (UniSERPRO).
Participou da primeira versão da tradução do OWASP Secure Coding Principles Quick Reference Guide, para o português brasileiro e liderou o projeto de revisão da tradução do mesmo documento.
Possui especialização em gestão da segurança da informação pela Universidade de Brasília (UnB).

==== 06 de Outubro ====

== Agenda ==

Será divulgada em breve.

==== 07 de Outubro ====

== Agenda ==

Será divulgada em breve.

==== Inscrições ====

Será divulgada em breve.

=== Preços ===

Serão divulgados em breve.

==== Informações ====

== Guia Turístico ==

Portão de entrada de turistas no Estado e a apenas 120 quilômetros da aprazível Serra Gaúcha, Porto Alegre é um movimentado pólo de serviços e de infraestrutura de qualidade reconhecidas, base de grandes empresas nacionais e internacionais e um dos principais destinos de eventos internacionais no Brasil.

Links úteis: [http://www2.portoalegre.rs.gov.br/turismo http://www2.portoalegre.rs.gov.br/turismo]

[https://secure.wikimedia.org/wikipedia/pt/wiki/Porto_Alegre https://secure.wikimedia.org/wikipedia/pt/wiki/Porto_Alegre]

 
 Recente reportagem do programa americano 60 Minutes sobre o potencial de crescimento do Brasil: 
{{#ev:youtube|DMM7OJ_Kj9I}}

 Vídeo turístico sobre Porto Alegre: 
{{#ev:youtube|pXQ9z8sPcHI}}

== Tomadas Elétricas ==

[http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html https://www.owasp.org/images/0/0f/Tomadas_diversas.jpg] 
Referência: [http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html]

== Previsão do Tempo ==

== Viagem ==

== Acomodações ==

'''NOVOTEL PORTO ALEGRE''' 
Av. Soledade, 575 
Três Figueiras 
Fone: (51) 3327-9292 

Single / Double 
R$243,00 / R$289,00 
Café da manhã cortesia 

CONDIÇÕES GERAIS 
. Diárias expressas em reais (R$), por dia e por apartamento; . Diárias iniciam e terminam às 12 horas; . Taxa de Turismo (opcional) - R$2,50 por dia/apartamento; . Imposto Municipal: acrescer 5% ISS; . O acesso à internet nas áreas sociais e nos apartamentos é cortesia; . Estacionamento: R$16,00 por carro ao dia (com manobrista); . Terceira pessoa no apartamento: Mediante disponibilidade. Cobrada taxa diária de R$47,00 + 5% ISS e será acomodada em cama extra ou sofá cama; . Forma de Pagamento: Depósito antecipado ou pagamento direto; . Garantia de No Show: Todas as reservas deverão ter garantia de no show. Em caso de não comparecimento, poderá ser cobrado o período integral reservado; . Não aceitamos cheques; . Duas crianças de até 16 anos no Novotel e uma criança de até 12 anos no Mercure acompanhadas dos pais/responsáveis no mesmo apartamento serão cortesia.
Necessária apresentação de documentação de identificação no check-in; . Valores pagos não serão reembolsáveis ou dados como créditos para próximas hospedagens; 

Link do mapa: 
http://maps.google.com.br/maps?hl=pt-BR&um=1&ie=UTF-8&q=novotel+porto+alegre&fb=1&gl=br&hq=novotel&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+RS&cid=0,0,11722004907679800889&ei=GKn4TfaHDIP20gGF9pXDCw&sa=X&oi=local_result&ct=image&resnum=1&ved=0CDAQnwIwAA

https://www.owasp.org/images/3/33/Novohotel.jpg

==== Eventos Sociais ====

Serão divulgados em breve.

==== Patrocínios ====

Estamos atualmente buscado patrocinadores para a edição 2011 da Global AppSec Latin América. Veja mais detalhes sobre as oportunidades de patrocínio.

Se estiver interessado em patrocinar o Global AppSec Latin América 2011, por favor entre em contato com a equipe organizadora da conferência pelo email [mailto:AppSec2011@AppSecLatam.org AppSec2011@AppSecLatam.org].

Para mais detalhes sobre diferentes oportunidades de patrocínio, por favor verifique o documento abaixo:
 
[http://www.owasp.org/images/c/cf/OWASP_AppSec_2011_Sponsorship_Portuguese.pdf OWASP AppSec 2011 Sponsorship Portuguese.pdf]
 

== Patrocínio Diamante ==
 
<center>
[[Image:elipse_logo3.png|link=http://www.elipse.com.br]]
</center>
 

== Patrocínio Platina ==
 

== Patrocínio Ouro ==
 
<center>
[[Image:IT2S.png|link=http://www.it2s.com.br]]  
[[Image:trustwaveappseclatam.jpg|link=https://www.trustwave.com]]
</center>
 

== Patrocínio Prata ==
 
<center>
[[Image:Adobe_logo5.png|link=http://www.adobe.com]]
</center>
 

== Patrocinadores do kit da conferência ==
 
<center>
[[Image:LogotipoConvisoCor.png‎|200px|link=http://www.conviso.com.br]]   [[Image:LgClavis.jpg‎|link=http://www.clavis.com.br]]
</center>
 

== Organização Local ==
<center>
[[Image:Logo-PoaSec2.png|link=http://www.poasec.org]]
</center>
 
==== Organizadores ====

[mailto:abc@elipse.com.br Alexandre Balestrin Correa] 
[http://cassiogoldschmidt.com/ Cassio Goldschmidt] [http://www.owasp.org/index.php/User:Jeronimo_Zucco Jerônimo Zucco ] [http://www.owasp.org/index.php/User:Gustavo_Barbato L. Gustavo C. Barbato ] [http://www.owasp.org/index.php/User:Sapao Lucas C. Ferreira ] [http://www.owasp.org/index.php/User:Rafael_Dreher Rafael Dreher ] 

==== Chapter Leader Workshop ====

=='''What is the Chapter Leader Workshop?''' ==
On '''Wednesday, October 5,2011 at 13:30h-16:30h''' the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. ''Please note that this Workshop will take place on the day before the Conference starts.''

'''Items that will be discussed are:'''
* How to improve the current Chapter Leader Handbook?
* How to start and support new chapters within Latin America?
* How to support inactive chapters within Latin America?
* What Governance model is required for OWASP chapters?
* How can the Global Chapters Committee facilitate the Latin American chapters?
* ...

Additionally we hope to make time and space available to do hands-on work revising the [[Chapter Leader Handbook]], details TBA.

== '''Funding to Attend the Workshop''' ==

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Latin America, please submit a request to [mailto:tin.zaw@owasp.org Tin Zaw] and [mailto:sarah.baso@owasp.org Sarah Baso] by '''August 22, 2011'''.

Funding for your attendance to the workshop should be worked out in the following order.

# Ask your employer to fund your trip to AppSec Latin America conference.
# Utilize your chapter funds.
# Ask the chapter committee for funding assistance.

While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 22, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP.

== '''RSVP and Details''' ==

To RSVP and view more details about the Workshop, go to the '''[[AppSecLatam2011 chapters workshop agenda]]'''.

== '''Contact''' ==

Email [mailto:sarah.baso@owasp.org Sarah Baso] or [mailto:tin.zaw@owasp.org Tin Zaw] for more details.

<headertabs />

[[Category:OWASP_AppSec_Conference]]