OWASP - User contributions [en]

OWASP Connections Committee - Application 2

2010-01-05T00:55:32Z

Wayne huang:

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----

{| style="width:100%" border="0" align="center"
|-
! colspan="2" align="center" style="background:#4058A0; color:white" | '''COMMITTEE APPLICATION FORM'''
|-
| style="width:25%; background:#7B8ABD" align="center" | '''Applicant's Name'''
| colspan="1" style="width:85%; background:#cccccc" align="left" | Robert Hansen
|-
| style="width:25%; background:#7B8ABD" align="center" | '''Current and past OWASP Roles'''
| colspan="1" style="width:85%; background:#cccccc" align="left" | List here.
|-
| style="width:25%; background:#7B8ABD" align="center" | '''Committee Applying for'''
| colspan="1" style="width:85%; background:#cccccc" align="left" | OWASP Connection Committee
|}

----

 

----

Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. An incomplete application will not be considered for vote.

----

 

----

{| style="width:100%" border="0" align="center"
|-
! colspan="8" align="center" style="background:#4058A0; color:white" | '''COMMITTEE RECOMMENDATIONS'''
|-
! align="center" style="background:white; color:white" | 
! align="center" style="background:#7B8ABD; color:white" | '''Who Recommends/Name'''
! align="center" style="background:#7B8ABD; color:white" | '''Role in OWASP'''
! align="center" style="background:#7B8ABD; color:white" | '''Recommendation Content'''
|-
| style="width:3%; background:#cccccc" align="center" | '''1'''
| style="width:20%; background:#cccccc" align="center" | Mano Paul
| style="width:20%; background:#cccccc" align="center" | Global Education Committee, OWASP
| style="width:57%; background:#cccccc" align="center" | Robert Hansen (RSnake) needs no introduction to those in the web application security world. His contributions to the world of security is commendable and for him to be part of the OWASP Connection Committee is a natural fit, one that I believe will be mutually beneficial. His background will undoubtedly be a value add to achieving the goals and objectives of the OWASP Connections committee. RSnake has my highest recommendation. 
|-
| style="width:3%; background:#cccccc" align="center" | '''1'''
| style="width:20%; background:#cccccc" align="center" | James Wickett
| style="width:20%; background:#cccccc" align="center" | Chapter President, Austin OWASP
| style="width:57%; background:#cccccc" align="center" | Robert has been a valuable asset to the Austin OWASP chapter and would be a great person to be on the OWASP Connection Committee.  He has been instrumental in helping our chapter implement new events that help build community and integrate people socially in the group. 
|-
| style="width:3%; background:#cccccc" align="center"|'''2'''
| style="width:20%; background:#cccccc" align="center"|Josh Sokol
| style="width:20%; background:#cccccc" align="center"|Chapter President, Austin OWASP
| style="width:57%; background:#cccccc" align="center"|Robert has been working with the Austin OWASP Chapter board members for the past couple of years and has provided immeasurable assistance to the chapter in drumming up membership, getting top-notch presenters, and generally supporting our activities. He is a stand up person and is amongst the smartest security people I know. I think he would be an excellent fit for the OWASP Connections Committee role and he has my highest recommendation for this position.
|-
| style="width:3%; background:#cccccc" align="center" | '''3'''
| style="width:20%; background:#cccccc" align="center" |Wayne Huang
| style="width:20%; background:#cccccc" align="center" |Global Conferences Committee, OWASP
| style="width:57%; background:#cccccc" align="center" |As Manu said it--Robert needs no introduction to those in the web application security world. I believe Robert will be an important asset to OWASP. Robert came to Taipei to support OWASP Asia 2008. We all know how hard it is to get good speakers to fly out to this region. Robert was willing to support on quite a short notice, and provided valuable suggestions in the Asia chapter leader's meeting. I felt Robert knows exactly how he can contribute in an organization such as OWASP, and his experiences and connections will be highly valuable to us. With his knowledge, expertise, and devotion, and his very direct and straight way of communication, he has earned his respect in the security community. I strongly recommend him for this position.
|-
| style="width:3%; background:#cccccc" align="center" | '''4'''
| style="width:20%; background:#cccccc" align="center" |
| style="width:20%; background:#cccccc" align="center" |
| style="width:57%; background:#cccccc" align="center" |
|-
| style="width:3%; background:#cccccc" align="center" | '''5'''
| style="width:20%; background:#cccccc" align="center" |
| style="width:20%; background:#cccccc" align="center" |
| style="width:57%; background:#cccccc" align="center" |
|}

----

OWASP AppSec Asia 2008 - Taiwan

2008-10-17T02:15:15Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.

[[Image:Map2.png|center]]

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, Foundstone, A Division of McAfee]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

== Conference T-Shirt ==
[[Image:OWAS AppSec Asia Tshirt.png]]

== Conference Location ==

'''NTUH International Convention Center'''

'''Address:''' No. 2, Xuzhou Road, Zhongzheng District 101, Taipei City

'''[http://www.thcc.net.tw/en/index.htm Website]'''

'''[http://www.thcc.net.tw/en/about04.htm Map and transport Information]'''

== Welcome to Taiwan==
And WELCOME TO TAIWAN! Please check out [http://tw.youtube.com/watch?v=wRc0q9xQEQ4 this video] about interesting places in Taiwan.
If you need suggestions on how to plan out your trip, please feel free to [mailto:wayne.owasp@gmail.com '''contact us!''']

How to Host a Conference

2008-10-15T00:49:55Z

Wayne huang:

'''
== CONGRATULATIONS! YOU'RE GOING TO HAVE A CONFERENCE! ==
'''
Now what? Read on for some helpful guidelines to assist you in putting together the perfect conference.

== '''Preamble''' ==

Our intent in posting the guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host a conference. I've also included some issues that arise only at the larger conferences. We’ve left the comments mixed together so you can use what you need and to appreciate what you don't have to use.

We’ve also prepared a [Conference Planning Table] that summarizes these guidelines and gives you a check sheet to use as you plan your conference.

''Finally, make sure to utilize the resources at the end of the page to help facilitate your event.''

== '''General''' ==

The amount of planning, committee work, advance deadlines, etc., in part depends on the size conference you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

== '''Permission''' ==

Depending on the size and scope of the conference, you may be required to have OWASP permission before hosting a conference. Even if not required, it's important to talk with OWASP Board before committing to host a conference.

== '''Set a Date''' ==

The general dates and time of the conference should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to schedule a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP calendar to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your conference. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

== '''Organize''' ==

Organize a conference committee as early as possible.

Communicate regularly with the OWASP leadership. There's lots of history that you can use to your advantage such as format, what works and what doesn't, etc. Also, remember that you're the host, but it's not your conference; you should be working with them (the organization's leadership) to meet their objectives.

Establish regular planning/reporting meetings. Set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

== '''Reserve Rooms''' ==

One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating.

== '''Program''' ==

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction.

A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard, or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

== '''Presenters and Presentations''' ==

Make sure every presenter knows rules enforced by OWASP Conferences. Email a Speaker Agreement to each presenter and make sure they reply their consents; you can modify from the standard OWASP [[Speaker Agreement]]. Note that the standard agreement implies you will be providing the presenters with a Powerpoint template. A startdard OWASP Powerpoint template is [[Media:Presentation_template.ppt | available here]]. You are free to modify the standard speaker agreement and the Powerpoint template, but make sure you have it approved by the '''Overall OWASP Conferences Chair''' ([mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security).

Also note that according to the standard OWASP [[Speaker Agreement]], presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to [[:Category:OWASP Presentations | OWASP Presentations]].

== '''Design Components''' ==

In designing your own Powerpoint templates, tshirts, bags, badges, banners, flags, carpets and what have you, find the original vector graphic of the OWASP logo (in EPS and AI formats) [[Media:OWASP_Logo.zip | here]]. Please do [[OWASP Conference Design Components|share them with the other conference chairs]]!

== '''Promotions''' ==

Promoting your conference begins as soon as you have selected a conference site and date. Post the date and location on the OWASP web site. If you have the expertise and resources, you should consider setting up your own conference wiki page for up-to-date information, on-line registration, proposal submissions, etc. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.

== '''Housing''' ==

Estimate the number of people you think might attend (review previous conference attendance) and make arrangements accordingly. In addition to blocking some rooms at a local motel/hotel consider economy lodging (dorms, conference centers, etc., if available), for those who prefer that kind of housing.

When making reservations with local hotels, negotiate other amenities if possible such as shuttle services (from airports, to conference sessions).

Be careful to avoid making reservations that require guarantees or other financial obligations. In fact, it's best to let the housing/hotel organization handle their own reservations and billing. Find out how long reservations can be held, cancellation deadlines, etc.

== '''Travel''' ==

Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

== '''Food''' ==

Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. Your own college may be willing to sponsor one such event. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway.

If you do have group meals, be sure to allow for special dietary considerations.

== '''Management Tools''' ==

Larger, OWASP lead conferences can be processed through the Cvent system. For smaller conferences (less than 50 people) an Excel spreadsheet should work fine to manage registrants. If you would like the OWASP office to manage registration for you, please contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to set up your on-line registration process.

== '''Money''' ==

Before sending out the conference brochure/announcement, you must determine a conference registration fee. On the one hand, you want to cover your costs. But on the other, you want to keep the costs low so that as many people as possible can afford to come. Try to find a balance between providing the amenities, and keeping costs down. Be sure to include the following costs: Publicity (brochure, printing, mailing), speaker fees or accommodations, facilities (equipment rentals), transportation, meals (snacks, meals), conference materials (packets, name tags, etc.)

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations.

A special account can be set up through OWASP just for your conference. You can use this account to process sponsorship, donations, manage expenses, and help you keep tabs on vendor costs. Again, contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to get this set up.

Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

== '''Vendor Displays''' ==

An exhibit hall must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).

== '''Conference Materials''' ==

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

== '''Name Tags''' ==

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.

== '''Equipment and Support''' ==

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. Then when you confirm conference presentations, ask presenters to provide you with a list of equipment they need.

== '''Entertainment''' ==

Depending on the size and scope of the conference, you may need to provide for one or more social activities for attendees.

At smaller conferences, organized dinners at local restaurants can be enjoyable. For larger conferences, a banquet may be in order. At the very least, provide a list of recommended local eateries for those who want to venture out on their own.

You should also consider whether your locale has something uniquely interesting to offer. If feasible, you could organize a group outing to a play, local site, etc. Be sure to determine whether costs are included in the registration, or if it is to be a separate (and therefore optional) cost.

Whatever you plan, however, be sure to include some free time for people to do things on their own.

=== '''Conference Organizer's Kit''' ===

== '''Presenters and Presentations''' ==

'''Overall OWASP Conferences Chair''' is ([mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security).

* Stadard [[Speaker Agreement]]
* [[Media:Presentation_template.ppt | Standard Powerpoint template]]
* Slides should be uploaded to [[:Category:OWASP Presentations | OWASP Presentations]].
* Original vector graphic of the OWASP logo (in EPS and AI formats) [[Media:OWASP_Logo.zip | here]]. Please do [[OWASP Conference Design Components|share them with the other conference chairs]]!

'''
== Helpful links ==
'''
[[Conference Planning Timeline]]

[[Speaker Template]]

[[Sponsor information]]

[[Suggestions for wiki]]

How to Host a Conference

2008-10-15T00:45:33Z

Wayne huang: /* '''Design Components''' */

'''
== CONGRATULATIONS! YOU'RE GOING TO HAVE A CONFERENCE! ==
'''
Now what? Read on for some helpful guidelines to assist you in putting together the perfect conference.

== '''Preamble''' ==

Our intent in posting the guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host a conference. I've also included some issues that arise only at the larger conferences. We’ve left the comments mixed together so you can use what you need and to appreciate what you don't have to use.

We’ve also prepared a [Conference Planning Table] that summarizes these guidelines and gives you a check sheet to use as you plan your conference.

''Finally, make sure to utilize the resources at the end of the page to help facilitate your event.''

== '''General''' ==

The amount of planning, committee work, advance deadlines, etc., in part depends on the size conference you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

== '''Permission''' ==

Depending on the size and scope of the conference, you may be required to have OWASP permission before hosting a conference. Even if not required, it's important to talk with OWASP Board before committing to host a conference.

== '''Set a Date''' ==

The general dates and time of the conference should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to schedule a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP calendar to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your conference. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

== '''Organize''' ==

Organize a conference committee as early as possible.

Communicate regularly with the OWASP leadership. There's lots of history that you can use to your advantage such as format, what works and what doesn't, etc. Also, remember that you're the host, but it's not your conference; you should be working with them (the organization's leadership) to meet their objectives.

Establish regular planning/reporting meetings. Set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

== '''Reserve Rooms''' ==

One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating.

== '''Program''' ==

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction.

A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard, or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

== '''Presenters and Presentations''' ==

Make sure every presenter knows rules enforced by OWASP Conferences. Email a Speaker Agreement to each presenter and make sure they reply their consents; you can modify from the standard OWASP [[Speaker Agreement]]. Note that the standard agreement implies you will be providing the presenters with a Powerpoint template. A startdard OWASP Powerpoint template is [[Media:Presentation_template.ppt | available here]]. You are free to modify the standard speaker agreement and the Powerpoint template, but make sure you have it approved by the '''Overall OWASP Conferences Chair''' ([mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security).

Also note that according to the standard OWASP [[Speaker Agreement]], presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to [[:Category:OWASP Presentations | OWASP Presentations]].

== '''Design Components''' ==

In designing your own Powerpoint templates, tshirts, bags, badges, banners, flags, carpets and what have you, find the original vector graphic of the OWASP logo (in EPS and AI formats) [[Media:OWASP_Logo.zip | here]]. Please do [[OWASP Conference Design Components|share them with the other conference chairs]]!

== '''Promotions''' ==

Promoting your conference begins as soon as you have selected a conference site and date. Post the date and location on the OWASP web site. If you have the expertise and resources, you should consider setting up your own conference wiki page for up-to-date information, on-line registration, proposal submissions, etc. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.

== '''Housing''' ==

Estimate the number of people you think might attend (review previous conference attendance) and make arrangements accordingly. In addition to blocking some rooms at a local motel/hotel consider economy lodging (dorms, conference centers, etc., if available), for those who prefer that kind of housing.

When making reservations with local hotels, negotiate other amenities if possible such as shuttle services (from airports, to conference sessions).

Be careful to avoid making reservations that require guarantees or other financial obligations. In fact, it's best to let the housing/hotel organization handle their own reservations and billing. Find out how long reservations can be held, cancellation deadlines, etc.

== '''Travel''' ==

Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

== '''Food''' ==

Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. Your own college may be willing to sponsor one such event. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway.

If you do have group meals, be sure to allow for special dietary considerations.

== '''Management Tools''' ==

Larger, OWASP lead conferences can be processed through the Cvent system. For smaller conferences (less than 50 people) an Excel spreadsheet should work fine to manage registrants. If you would like the OWASP office to manage registration for you, please contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to set up your on-line registration process.

== '''Money''' ==

Before sending out the conference brochure/announcement, you must determine a conference registration fee. On the one hand, you want to cover your costs. But on the other, you want to keep the costs low so that as many people as possible can afford to come. Try to find a balance between providing the amenities, and keeping costs down. Be sure to include the following costs: Publicity (brochure, printing, mailing), speaker fees or accommodations, facilities (equipment rentals), transportation, meals (snacks, meals), conference materials (packets, name tags, etc.)

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations.

A special account can be set up through OWASP just for your conference. You can use this account to process sponsorship, donations, manage expenses, and help you keep tabs on vendor costs. Again, contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to get this set up.

Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

== '''Vendor Displays''' ==

An exhibit hall must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).

== '''Conference Materials''' ==

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

== '''Name Tags''' ==

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.

== '''Equipment and Support''' ==

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. Then when you confirm conference presentations, ask presenters to provide you with a list of equipment they need.

== '''Entertainment''' ==

Depending on the size and scope of the conference, you may need to provide for one or more social activities for attendees.

At smaller conferences, organized dinners at local restaurants can be enjoyable. For larger conferences, a banquet may be in order. At the very least, provide a list of recommended local eateries for those who want to venture out on their own.

You should also consider whether your locale has something uniquely interesting to offer. If feasible, you could organize a group outing to a play, local site, etc. Be sure to determine whether costs are included in the registration, or if it is to be a separate (and therefore optional) cost.

Whatever you plan, however, be sure to include some free time for people to do things on their own.

'''
== Helpful links ==
'''
[[Conference Planning Timeline]]

[[Speaker Template]]

[[Sponsor information]]

[[Suggestions for wiki]]

How to Host a Conference

2008-10-15T00:43:56Z

Wayne huang: /* '''Design Components''' */

'''
== CONGRATULATIONS! YOU'RE GOING TO HAVE A CONFERENCE! ==
'''
Now what? Read on for some helpful guidelines to assist you in putting together the perfect conference.

== '''Preamble''' ==

Our intent in posting the guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host a conference. I've also included some issues that arise only at the larger conferences. We’ve left the comments mixed together so you can use what you need and to appreciate what you don't have to use.

We’ve also prepared a [Conference Planning Table] that summarizes these guidelines and gives you a check sheet to use as you plan your conference.

''Finally, make sure to utilize the resources at the end of the page to help facilitate your event.''

== '''General''' ==

The amount of planning, committee work, advance deadlines, etc., in part depends on the size conference you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

== '''Permission''' ==

Depending on the size and scope of the conference, you may be required to have OWASP permission before hosting a conference. Even if not required, it's important to talk with OWASP Board before committing to host a conference.

== '''Set a Date''' ==

The general dates and time of the conference should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to schedule a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP calendar to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your conference. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

== '''Organize''' ==

Organize a conference committee as early as possible.

Communicate regularly with the OWASP leadership. There's lots of history that you can use to your advantage such as format, what works and what doesn't, etc. Also, remember that you're the host, but it's not your conference; you should be working with them (the organization's leadership) to meet their objectives.

Establish regular planning/reporting meetings. Set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

== '''Reserve Rooms''' ==

One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating.

== '''Program''' ==

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction.

A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard, or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

== '''Presenters and Presentations''' ==

Make sure every presenter knows rules enforced by OWASP Conferences. Email a Speaker Agreement to each presenter and make sure they reply their consents; you can modify from the standard OWASP [[Speaker Agreement]]. Note that the standard agreement implies you will be providing the presenters with a Powerpoint template. A startdard OWASP Powerpoint template is [[Media:Presentation_template.ppt | available here]]. You are free to modify the standard speaker agreement and the Powerpoint template, but make sure you have it approved by the '''Overall OWASP Conferences Chair''' ([mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security).

Also note that according to the standard OWASP [[Speaker Agreement]], presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to [[:Category:OWASP Presentations | OWASP Presentations]].

== '''Design Components''' ==

In designing your own Powerpoint templates, tshirts, bags, badges, banners, flags, carpets and what have you, find the original vector graphic of the OWASP logo (in EPS and AI formats) [[image:OWASP_Logo.zip|here]]. Please do [[OWASP Conference Design Components|share them with the other conference chairs]]!

== '''Promotions''' ==

Promoting your conference begins as soon as you have selected a conference site and date. Post the date and location on the OWASP web site. If you have the expertise and resources, you should consider setting up your own conference wiki page for up-to-date information, on-line registration, proposal submissions, etc. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.

== '''Housing''' ==

Estimate the number of people you think might attend (review previous conference attendance) and make arrangements accordingly. In addition to blocking some rooms at a local motel/hotel consider economy lodging (dorms, conference centers, etc., if available), for those who prefer that kind of housing.

When making reservations with local hotels, negotiate other amenities if possible such as shuttle services (from airports, to conference sessions).

Be careful to avoid making reservations that require guarantees or other financial obligations. In fact, it's best to let the housing/hotel organization handle their own reservations and billing. Find out how long reservations can be held, cancellation deadlines, etc.

== '''Travel''' ==

Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

== '''Food''' ==

Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. Your own college may be willing to sponsor one such event. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway.

If you do have group meals, be sure to allow for special dietary considerations.

== '''Management Tools''' ==

Larger, OWASP lead conferences can be processed through the Cvent system. For smaller conferences (less than 50 people) an Excel spreadsheet should work fine to manage registrants. If you would like the OWASP office to manage registration for you, please contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to set up your on-line registration process.

== '''Money''' ==

Before sending out the conference brochure/announcement, you must determine a conference registration fee. On the one hand, you want to cover your costs. But on the other, you want to keep the costs low so that as many people as possible can afford to come. Try to find a balance between providing the amenities, and keeping costs down. Be sure to include the following costs: Publicity (brochure, printing, mailing), speaker fees or accommodations, facilities (equipment rentals), transportation, meals (snacks, meals), conference materials (packets, name tags, etc.)

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations.

A special account can be set up through OWASP just for your conference. You can use this account to process sponsorship, donations, manage expenses, and help you keep tabs on vendor costs. Again, contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to get this set up.

Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

== '''Vendor Displays''' ==

An exhibit hall must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).

== '''Conference Materials''' ==

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

== '''Name Tags''' ==

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.

== '''Equipment and Support''' ==

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. Then when you confirm conference presentations, ask presenters to provide you with a list of equipment they need.

== '''Entertainment''' ==

Depending on the size and scope of the conference, you may need to provide for one or more social activities for attendees.

At smaller conferences, organized dinners at local restaurants can be enjoyable. For larger conferences, a banquet may be in order. At the very least, provide a list of recommended local eateries for those who want to venture out on their own.

You should also consider whether your locale has something uniquely interesting to offer. If feasible, you could organize a group outing to a play, local site, etc. Be sure to determine whether costs are included in the registration, or if it is to be a separate (and therefore optional) cost.

Whatever you plan, however, be sure to include some free time for people to do things on their own.

'''
== Helpful links ==
'''
[[Conference Planning Timeline]]

[[Speaker Template]]

[[Sponsor information]]

[[Suggestions for wiki]]

How to Host a Conference

2008-10-15T00:43:12Z

Wayne huang:

'''
== CONGRATULATIONS! YOU'RE GOING TO HAVE A CONFERENCE! ==
'''
Now what? Read on for some helpful guidelines to assist you in putting together the perfect conference.

== '''Preamble''' ==

Our intent in posting the guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host a conference. I've also included some issues that arise only at the larger conferences. We’ve left the comments mixed together so you can use what you need and to appreciate what you don't have to use.

We’ve also prepared a [Conference Planning Table] that summarizes these guidelines and gives you a check sheet to use as you plan your conference.

''Finally, make sure to utilize the resources at the end of the page to help facilitate your event.''

== '''General''' ==

The amount of planning, committee work, advance deadlines, etc., in part depends on the size conference you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

== '''Permission''' ==

Depending on the size and scope of the conference, you may be required to have OWASP permission before hosting a conference. Even if not required, it's important to talk with OWASP Board before committing to host a conference.

== '''Set a Date''' ==

The general dates and time of the conference should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to schedule a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP calendar to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your conference. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

== '''Organize''' ==

Organize a conference committee as early as possible.

Communicate regularly with the OWASP leadership. There's lots of history that you can use to your advantage such as format, what works and what doesn't, etc. Also, remember that you're the host, but it's not your conference; you should be working with them (the organization's leadership) to meet their objectives.

Establish regular planning/reporting meetings. Set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

== '''Reserve Rooms''' ==

One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating.

== '''Program''' ==

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction.

A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard, or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

== '''Presenters and Presentations''' ==

Make sure every presenter knows rules enforced by OWASP Conferences. Email a Speaker Agreement to each presenter and make sure they reply their consents; you can modify from the standard OWASP [[Speaker Agreement]]. Note that the standard agreement implies you will be providing the presenters with a Powerpoint template. A startdard OWASP Powerpoint template is [[Media:Presentation_template.ppt | available here]]. You are free to modify the standard speaker agreement and the Powerpoint template, but make sure you have it approved by the '''Overall OWASP Conferences Chair''' ([mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security).

Also note that according to the standard OWASP [[Speaker Agreement]], presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to [[:Category:OWASP Presentations | OWASP Presentations]].

== '''Design Components''' ==

In designing your own Powerpoint templates, tshirts, bags, badges, banners, flags, carpets and what have you, find the original vector graphic of the OWASP logo (in EPS and AI formats) [[http://www.owasp.org/images/2/28/OWASP_Logo.zip|here]]. Please do [[OWASP Conference Design Components|share them with the other conference chairs]]!

== '''Promotions''' ==

Promoting your conference begins as soon as you have selected a conference site and date. Post the date and location on the OWASP web site. If you have the expertise and resources, you should consider setting up your own conference wiki page for up-to-date information, on-line registration, proposal submissions, etc. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.

== '''Housing''' ==

Estimate the number of people you think might attend (review previous conference attendance) and make arrangements accordingly. In addition to blocking some rooms at a local motel/hotel consider economy lodging (dorms, conference centers, etc., if available), for those who prefer that kind of housing.

When making reservations with local hotels, negotiate other amenities if possible such as shuttle services (from airports, to conference sessions).

Be careful to avoid making reservations that require guarantees or other financial obligations. In fact, it's best to let the housing/hotel organization handle their own reservations and billing. Find out how long reservations can be held, cancellation deadlines, etc.

== '''Travel''' ==

Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

== '''Food''' ==

Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. Your own college may be willing to sponsor one such event. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway.

If you do have group meals, be sure to allow for special dietary considerations.

== '''Management Tools''' ==

Larger, OWASP lead conferences can be processed through the Cvent system. For smaller conferences (less than 50 people) an Excel spreadsheet should work fine to manage registrants. If you would like the OWASP office to manage registration for you, please contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to set up your on-line registration process.

== '''Money''' ==

Before sending out the conference brochure/announcement, you must determine a conference registration fee. On the one hand, you want to cover your costs. But on the other, you want to keep the costs low so that as many people as possible can afford to come. Try to find a balance between providing the amenities, and keeping costs down. Be sure to include the following costs: Publicity (brochure, printing, mailing), speaker fees or accommodations, facilities (equipment rentals), transportation, meals (snacks, meals), conference materials (packets, name tags, etc.)

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations.

A special account can be set up through OWASP just for your conference. You can use this account to process sponsorship, donations, manage expenses, and help you keep tabs on vendor costs. Again, contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to get this set up.

Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

== '''Vendor Displays''' ==

An exhibit hall must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).

== '''Conference Materials''' ==

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

== '''Name Tags''' ==

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.

== '''Equipment and Support''' ==

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. Then when you confirm conference presentations, ask presenters to provide you with a list of equipment they need.

== '''Entertainment''' ==

Depending on the size and scope of the conference, you may need to provide for one or more social activities for attendees.

At smaller conferences, organized dinners at local restaurants can be enjoyable. For larger conferences, a banquet may be in order. At the very least, provide a list of recommended local eateries for those who want to venture out on their own.

You should also consider whether your locale has something uniquely interesting to offer. If feasible, you could organize a group outing to a play, local site, etc. Be sure to determine whether costs are included in the registration, or if it is to be a separate (and therefore optional) cost.

Whatever you plan, however, be sure to include some free time for people to do things on their own.

'''
== Helpful links ==
'''
[[Conference Planning Timeline]]

[[Speaker Template]]

[[Sponsor information]]

[[Suggestions for wiki]]

How to Host a Conference

2008-10-15T00:37:56Z

Wayne huang: /* '''Presenters and Presentations''' */

'''
== CONGRATULATIONS! YOU'RE GOING TO HAVE A CONFERENCE! ==
'''
Now what? Read on for some helpful guidelines to assist you in putting together the perfect conference.

== '''Preamble''' ==

Our intent in posting the guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host a conference. I've also included some issues that arise only at the larger conferences. We’ve left the comments mixed together so you can use what you need and to appreciate what you don't have to use.

We’ve also prepared a [Conference Planning Table] that summarizes these guidelines and gives you a check sheet to use as you plan your conference.

''Finally, make sure to utilize the resources at the end of the page to help facilitate your event.''

== '''General''' ==

The amount of planning, committee work, advance deadlines, etc., in part depends on the size conference you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

== '''Permission''' ==

Depending on the size and scope of the conference, you may be required to have OWASP permission before hosting a conference. Even if not required, it's important to talk with OWASP Board before committing to host a conference.

== '''Set a Date''' ==

The general dates and time of the conference should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to schedule a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP calendar to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your conference. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

== '''Organize''' ==

Organize a conference committee as early as possible.

Communicate regularly with the OWASP leadership. There's lots of history that you can use to your advantage such as format, what works and what doesn't, etc. Also, remember that you're the host, but it's not your conference; you should be working with them (the organization's leadership) to meet their objectives.

Establish regular planning/reporting meetings. Set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

== '''Reserve Rooms''' ==

One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating.

== '''Program''' ==

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction.

A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard, or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

== '''Presenters and Presentations''' ==

Make sure every presenter knows rules enforced by OWASP Conferences. Email a Speaker Agreement to each presenter and make sure they reply their consents; you can modify from the standard OWASP [[Speaker Agreement]]. Note that the standard agreement implies you will be providing the presenters with a Powerpoint template. A startdard OWASP Powerpoint template is [[Media:Presentation_template.ppt | available here]]. You are free to modify the standard speaker agreement and the Powerpoint template, but make sure you have it approved by the '''Overall OWASP Conferences Chair''' ([mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security).

Also note that according to the standard OWASP [[Speaker Agreement]], presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to [[:Category:OWASP Presentations | OWASP Presentations]].

== '''Promotions''' ==

Promoting your conference begins as soon as you have selected a conference site and date. Post the date and location on the OWASP web site. If you have the expertise and resources, you should consider setting up your own conference wiki page for up-to-date information, on-line registration, proposal submissions, etc. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.

== '''Housing''' ==

Estimate the number of people you think might attend (review previous conference attendance) and make arrangements accordingly. In addition to blocking some rooms at a local motel/hotel consider economy lodging (dorms, conference centers, etc., if available), for those who prefer that kind of housing.

When making reservations with local hotels, negotiate other amenities if possible such as shuttle services (from airports, to conference sessions).

Be careful to avoid making reservations that require guarantees or other financial obligations. In fact, it's best to let the housing/hotel organization handle their own reservations and billing. Find out how long reservations can be held, cancellation deadlines, etc.

== '''Travel''' ==

Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

== '''Food''' ==

Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. Your own college may be willing to sponsor one such event. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway.

If you do have group meals, be sure to allow for special dietary considerations.

== '''Management Tools''' ==

Larger, OWASP lead conferences can be processed through the Cvent system. For smaller conferences (less than 50 people) an Excel spreadsheet should work fine to manage registrants. If you would like the OWASP office to manage registration for you, please contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to set up your on-line registration process.

== '''Money''' ==

Before sending out the conference brochure/announcement, you must determine a conference registration fee. On the one hand, you want to cover your costs. But on the other, you want to keep the costs low so that as many people as possible can afford to come. Try to find a balance between providing the amenities, and keeping costs down. Be sure to include the following costs: Publicity (brochure, printing, mailing), speaker fees or accommodations, facilities (equipment rentals), transportation, meals (snacks, meals), conference materials (packets, name tags, etc.)

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations.

A special account can be set up through OWASP just for your conference. You can use this account to process sponsorship, donations, manage expenses, and help you keep tabs on vendor costs. Again, contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to get this set up.

Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

== '''Vendor Displays''' ==

An exhibit hall must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).

== '''Conference Materials''' ==

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

== '''Name Tags''' ==

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.

== '''Equipment and Support''' ==

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. Then when you confirm conference presentations, ask presenters to provide you with a list of equipment they need.

== '''Entertainment''' ==

Depending on the size and scope of the conference, you may need to provide for one or more social activities for attendees.

At smaller conferences, organized dinners at local restaurants can be enjoyable. For larger conferences, a banquet may be in order. At the very least, provide a list of recommended local eateries for those who want to venture out on their own.

You should also consider whether your locale has something uniquely interesting to offer. If feasible, you could organize a group outing to a play, local site, etc. Be sure to determine whether costs are included in the registration, or if it is to be a separate (and therefore optional) cost.

Whatever you plan, however, be sure to include some free time for people to do things on their own.

'''
== Helpful links ==
'''
[[Conference Planning Timeline]]

[[Speaker Template]]

[[Sponsor information]]

[[Suggestions for wiki]]

OWASP AppSec Asia 2008 - Taiwan

2008-10-14T03:57:58Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.

[[Image:Map2.png|center]]

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, Foundstone, A Division of McAfee]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

== Conference Location ==

'''NTUH International Convention Center'''

'''Address:''' No. 2, Xuzhou Road, Zhongzheng District 101, Taipei City

'''[http://www.thcc.net.tw/en/index.htm Website]'''

'''[http://www.thcc.net.tw/en/about04.htm Map and transport Information]'''

== Conference Tshirt ==
[[Image:OWAS AppSec Asia Tshirt.png]]

File:OWAS AppSec Asia Tshirt.png

2008-10-14T03:56:33Z

Wayne huang:

OWASP AppSec Asia 2008 - Taiwan

2008-10-14T00:33:14Z

Wayne huang: /* OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) */

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.

[[Image:Map2.png|center]]

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, Foundstone, A Division of McAfee]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

== Conference Location ==

'''NTUH International Convention Center'''

'''Address:''' No. 2, Xuzhou Road, Zhongzheng District 101, Taipei City

'''[http://www.thcc.net.tw/en/index.htm Website]'''

'''[http://www.thcc.net.tw/en/about04.htm Map and transport Information]'''

YM Chen, Director, Foundstone, A Division of McAfee

2008-10-14T00:31:57Z

Wayne huang: YM Chen, Director, McAfee Foundstone moved to YM Chen, Director, Foundstone, A Division of McAfee

'''YM Chen'''

Yen-Ming joined Foundstone as a consultant in 2000 and is now a Director. In client engagements, Yen-Ming helps clients align their security strategies with their business goals. Yen-Ming established the first Foundstone Asian Pacific office in Singapore. He has been instrumental in developing and growing new markets like China, Hong Kong, Singapore, Indonesia, and Saudi Arabia. He has also managed regional distributors and resellers of the Foundstone vulnerability scanner and helped them increase regional sales revenues. In addition, he served as a Lead Instructor for Foundstone’s Ultimate Hacking, Ultimate Hacking Expert, Ultimate Web Hacking and Ultimate Hacking: Incident Response classes.

Prior to joining Foundstone, Yen-Ming worked in the CyberSecurity Center at Carnegie Mellon University. He created the prototype for an intrusion detection system appliance and wrote the first intrusion detection log correlation and analysis program, snort-stat for Snort.

Yen-Ming is a published author and sought-after speaker in both North America and the Pacific Rim. His articles have been published by SecurityFocus, SysAdmin, UnixReview, DevX, PCWeek, CNET Taiwan, ITHome, and other technology magazines in both North America and Asia Pacific. Yen-Ming has been interviewed by BBC and other media across the globe, and he has been a featured presenter at conferences, including PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI, APAC Regional Conference on Electronic Safety and Soundness for Financial Services, Hong Kong CERT, and ICST conferences. Yen-Ming has contributed to several books, including: Hacking Exposed, 3rd ed., Hacking Exposed for Web Applications, Windows XP Professional Security, and HackNotes: Web Application Security.

Yen-Ming is currently a professional member of ACM and he previous held Certified Information Systems Security Professional (2001-2004) and Microsoft Certified Systems Engineer. Yen-Ming holds a BS in mathematics from National Central University in Taiwan, and an MS in information networking from Carnegie Mellon University.

YM Chen, Director, McAfee Foundstone

2008-10-14T00:31:57Z

Wayne huang: YM Chen, Director, McAfee Foundstone moved to YM Chen, Director, Foundstone, A Division of McAfee

#REDIRECT [[YM Chen, Director, Foundstone, A Division of McAfee]]

OWASP AppSec Asia 2008 - Taiwan

2008-10-14T00:30:20Z

Wayne huang: Undo revision 43220 by Wayne huang (Talk)

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.

[[Image:Map2.png|center]]

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone | YM Chen, Director, Foundstone, A Division of McAfee]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

== Conference Location ==

'''NTUH International Convention Center'''

'''Address:''' No. 2, Xuzhou Road, Zhongzheng District 101, Taipei City

'''[http://www.thcc.net.tw/en/index.htm Website]'''

'''[http://www.thcc.net.tw/en/about04.htm Map and transport Information]'''

OWASP AppSec Asia 2008 - Taiwan

2008-10-14T00:27:02Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.

[[Image:Map2.png|center]]

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, Foundstone, A Division of McAfee]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

== Conference Location ==

'''NTUH International Convention Center'''

'''Address:''' No. 2, Xuzhou Road, Zhongzheng District 101, Taipei City

'''[http://www.thcc.net.tw/en/index.htm Website]'''

'''[http://www.thcc.net.tw/en/about04.htm Map and transport Information]'''

How to Host a Conference

2008-10-12T19:35:39Z

Wayne huang:

'''
== CONGRATULATIONS! YOU'RE GOING TO HAVE A CONFERENCE! ==
'''
Now what? Read on for some helpful guidelines to assist you in putting together the perfect conference.

== '''Preamble''' ==

Our intent in posting the guidelines at the OWASP web site is to give conference planners something more than "Good Luck" as they prepare to host a conference. I've also included some issues that arise only at the larger conferences. We’ve left the comments mixed together so you can use what you need and to appreciate what you don't have to use.

We’ve also prepared a [Conference Planning Table] that summarizes these guidelines and gives you a check sheet to use as you plan your conference.

''Finally, make sure to utilize the resources at the end of the page to help facilitate your event.''

== '''General''' ==

The amount of planning, committee work, advance deadlines, etc., in part depends on the size conference you are planning. A general rule is to allow about a month for every 20 participants. For example, if you are expecting 200 attendees, you should begin to prepare at least 10 months in advance.

== '''Permission''' ==

Depending on the size and scope of the conference, you may be required to have OWASP permission before hosting a conference. Even if not required, it's important to talk with OWASP Board before committing to host a conference.

== '''Set a Date''' ==

The general dates and time of the conference should be suggested by local variables as well as OWASP speaker availability. For example, it may not be a good idea to schedule a conference in Wisconsin in January or Texas in August due to potential weather conditions. Check the OWASP calendar to make sure there are not any conflicting events. If you plan to invite out of town speakers, it’s best to arrange them months in advance. Good speakers and instructors are often booked up to a year in advance.

Consider the size and scope of your conference. Small groups can be hosted nearly any time. But larger groups will require housing, transportation, and food services that might conflict with other events. Make sure to check the local community events to ensure there will be adequate accessibility to these needs.

== '''Organize''' ==

Organize a conference committee as early as possible.

Communicate regularly with the OWASP leadership. There's lots of history that you can use to your advantage such as format, what works and what doesn't, etc. Also, remember that you're the host, but it's not your conference; you should be working with them (the organization's leadership) to meet their objectives.

Establish regular planning/reporting meetings. Set up email lists. Always make it clear who is supposed to do what and when. Keep minutes/notes of your meetings and use them to follow up. The more you communicate with each other, the less likely you'll have slip ups.

== '''Reserve Rooms''' ==

One of your very first items of business should be to reserve necessary rooms for plenary sessions, breakout sessions, classroom sessions, tech expo, breaks, receptions, and conference headquarters/registration.

Adapt your conference to the facilities you have available. For example, good plenary sessions can be better than breakout sessions that don't have adequate facilities.

Try to keep conference costs down by using rooms that are free. Again, this may require some adapting or negotiating.

== '''Program''' ==

International meetings usually have a general theme. However, for regional meetings, you may want to choose a theme that reflects your chapter's particular strengths or interests.

A good program is critical. Look for variety, interest, timeliness. What do your members need or want to leave with? Try to balance lectures with discussions, hands on, social activities, and time for colleague interaction.

A general call for presenters should have a deadline that gives you ample time to recruit and to fill in gaps should you not get all the good proposals you need. Network with other members of your organization to identify people who might be invited to make presentations. Immediately after the deadline, begin organizing the conference schedule. Select the proposals you want to use and contact them to verify their availability. Create a tentative schedule, matching presenters to the facilities. You may want to lay out your schedule on a whiteboard, or use 3x5 cards on a corkboard so you can visualize how things fit together. Make sure you plan time for attendees to talk with each other, such as at breaks, before and after dinners, at receptions, etc.

Send a formal acceptance note to each participant, and ask them to confirm by sending an abstract (if you didn't get that as part of their submission) and submitting a request for any special equipment (AV, computer, etc.)

== '''Presenters and Presentations''' ==

Make sure every presenter knows rules enforced by OWASP Conferences. Email the OWASP [[Speaker Agreement]] to each presenter and make sure they reply their consents. Note that the agreement implies you will be providing the presenters with a Powerpoint template. A startdard template is [[Media:Presentation_template.ppt | available here]]. If you wish to make your modifications, you must have it approved by the '''Overall OWASP Conferences Chair''' ([mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security).

Also note that according to the OWASP [[Speaker Agreement]], presenters must submit their presentations (in Powerpoint format) at least 60 days prior to the conference. Submissions should be uploaded to [[:Category:OWASP Presentations | OWASP Presentations]].

== '''Promotions''' ==

Promoting your conference begins as soon as you have selected a conference site and date. Post the date and location on the OWASP web site. If you have the expertise and resources, you should consider setting up your own conference wiki page for up-to-date information, on-line registration, proposal submissions, etc. Make sure to review pages for other conferences for great ideas and to allow for continuity in page style.

The first wave of publicity comes with the call for presentations.

The next wave comes as you send out the conference announcement, with as much detail as you have, including a tentative program. This is important if you want to convince people they should come. Set a registration deadline that accounts for your own deadlines (food services, etc.) You may have to consider a higher fee for those who are late, especially if that really does incur additional costs for you.

== '''Housing''' ==

Estimate the number of people you think might attend (review previous conference attendance) and make arrangements accordingly. In addition to blocking some rooms at a local motel/hotel consider economy lodging (dorms, conference centers, etc., if available), for those who prefer that kind of housing.

When making reservations with local hotels, negotiate other amenities if possible such as shuttle services (from airports, to conference sessions).

Be careful to avoid making reservations that require guarantees or other financial obligations. In fact, it's best to let the housing/hotel organization handle their own reservations and billing. Find out how long reservations can be held, cancellation deadlines, etc.

== '''Travel''' ==

Your conference venue usually has maps and travel information on how to get to the location. If there aren't adequate limo or shuttle services to your venue from the airport, you may need to make your own arrangements.

== '''Food''' ==

Well-planned meals and snacks are critical to a successful conference. Consult with your venue food services, or with a local caterer, determine what is needed, and what it will cost. Let food services or the caterer do the work.

Be sure to negotiate food services in such a way that you are not liable for food costs beyond what you can cover through conference fees. Usually food planners will allow up to 10% more people than you contract for (e.g., for late registrations), but be sure this is clear up front.

To reduce costs, seek sponsors for specific meals where possible. Some larger vendors are happy to get the publicity that comes from sponsoring a breakfast, lunch, reception, or even a dinner. Your own college may be willing to sponsor one such event. In any case, it doesn't hurt to ask. If the sponsor desires it, let the sponsor choose the caterer and take care of the arrangements.

For small conferences, many if not most of the meals can be left up to the attendees. Be sure to provide a good list of local eateries. Include information about which are within walking distance, which are not, and how to get to those that are not.

Strategically scheduled snack breaks, with drinks and fruit or cookies, can add a touch of class to your conference. These don't usually cost too much, and can be covered by registration fees. Don't skimp on the time allotted for breaks, since attendees will want to network and will take the time anyway.

If you do have group meals, be sure to allow for special dietary considerations.

== '''Management Tools''' ==

Larger, OWASP lead conferences can be processed through the Cvent system. For smaller conferences (less than 50 people) an Excel spreadsheet should work fine to manage registrants. If you would like the OWASP office to manage registration for you, please contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to set up your on-line registration process.

== '''Money''' ==

Before sending out the conference brochure/announcement, you must determine a conference registration fee. On the one hand, you want to cover your costs. But on the other, you want to keep the costs low so that as many people as possible can afford to come. Try to find a balance between providing the amenities, and keeping costs down. Be sure to include the following costs: Publicity (brochure, printing, mailing), speaker fees or accommodations, facilities (equipment rentals), transportation, meals (snacks, meals), conference materials (packets, name tags, etc.)

Attendees should be expected to pay their registration fees in advance. This helps provide an accurate picture of the number who will attend because the attendees are more committed to attending. You can consider a slightly higher fee for late registrations or registrations onsite, if your food and facilities planning can handle extra last-minute registrations.

A special account can be set up through OWASP just for your conference. You can use this account to process sponsorship, donations, manage expenses, and help you keep tabs on vendor costs. Again, contact [mailto:kate.hartmann@owasp.org Kate Hartmann] as soon as possible to get this set up.

Don't minimize the importance of a detailed accounting of your conference funds. Setting things up right before you begin to receive registrations fees can make things a lot easier during and after the conference.

== '''Vendor Displays''' ==

An exhibit hall must be easily accessible and must have adequate space to accommodate vendor booths. There may be costs associated with such a hall. Some facilities require that their own people set things up. Make sure you know what is included with any rental costs, and what you may have to pay extra for.

Make sure that there is adequate time for attendees to visit the exhibits and to talk with vendors. Directing breaks and snacks into the vendor expo will encourage participants to visit the exhibits. Depending on the benefits to the vendors, you may ask that they pay for exhibit space, or leverage their participation by asking them to sponsor one or more conference activities (reception, meal, etc.).

== '''Conference Materials''' ==

At a minimum, you need to provide some sort of printed program. For most conferences, the following is usually adequate: a simple folder with program, maps, lists of local restaurants and attractions, a name tag, and writing materials (pen and pad). For larger, conferences you may want to include a conference bag that includes OWASP books or handouts. Be sure to allow ample time for printing and shipping of OWASP materials. International shipping can take several weeks.

== '''Name Tags''' ==

If you plan properly, you should be able to generate name tags to be printed from your conference database program. If you process your registrations through the OWASP office, they can create your nametags.

Keep the name tag layout simple: a small conference logo or title, the person's full name in LARGE, readable letters, and the person's institution. Don't make people squint to read names on name tags.

The actual type of name tag (paper stick-on, pin on plastic case, hang-around-the-neck, etc.) depends on your preferences and budget. If you do provide stick-on tags, you may want to generate at least one tag for each day of the conference since they won't be able to reuse the tags. If you use plastic badges, you can invite attendees to recycle them at the end of the conference.

== '''Equipment and Support''' ==

This is another critically important part of the conference, especially in our technology-driven organization. You should assign a member of your committee to head this up since it's a demanding and time-consuming responsibility.

To the extent that you can, schedule conference sessions in rooms that have basic AV equipment (overhead projectors and screens, for example). If the rooms already have computers and computer/video projection, that's even better. Then assign conference sessions to the appropriate rooms.

Determine ahead of time what portable equipment you have available, and whether you have to rent equipment. Then when you confirm conference presentations, ask presenters to provide you with a list of equipment they need.

== '''Entertainment''' ==

Depending on the size and scope of the conference, you may need to provide for one or more social activities for attendees.

At smaller conferences, organized dinners at local restaurants can be enjoyable. For larger conferences, a banquet may be in order. At the very least, provide a list of recommended local eateries for those who want to venture out on their own.

You should also consider whether your locale has something uniquely interesting to offer. If feasible, you could organize a group outing to a play, local site, etc. Be sure to determine whether costs are included in the registration, or if it is to be a separate (and therefore optional) cost.

Whatever you plan, however, be sure to include some free time for people to do things on their own.

'''
== Helpful links ==
'''
[[Conference Planning Timeline]]

[[Speaker Template]]

[[Sponsor information]]

[[Suggestions for wiki]]

Category:OWASP AppSec Conference

2008-10-09T02:41:54Z

Wayne huang: /* Upcoming Conferences */

The OWASP AppSec conference series is dedicated to bringing together industry, government, and security researchers to discuss the state of the art in application security. This series was launched in the U.S. in the Fall of 2004 and in Europe in the Spring of 2005. All of the presentations from our previous conferences can be downloaded from the agenda pages for each conference.

More information about conference sponsorship is available [[OWASP AppSec Conference Sponsors|here]].

==Current Schedule==
OWASP launched its OWASP AppSec conferences series in 2004 and this has rapidly grown into a world wide phenomenon which now includes the U.S., Europe, Asia, Australia, and Israel. If you'd like to host a conference, we're always looking for great locations and enthusiastic local organizers. Please contact [[User:Wichers|Dave Wichers]], the OWASP Conferences Chair at dave.wichers 'at' owasp.org.

===Upcoming Conferences===
; May 2009 - OWASP AppSec Europe 2009 - Poland
: May 11th - 14th - Conference and Training, Qubus Hotel, Krakow, Poland

; March 2009 - OWASP Front Range Conference
: March 5th, 2nd Annual 1-Day Conference in Denver, Colorado

; February 2009 - OWASP AppSec Australia 2009 - Gold Coast
: Training & Conference, Gold Coast Convention Center, QLD Australia

; November 2008 - [[OWASP_Germany_2008_Conference | OWASP Germany Conference]]
: November 25th - 1-Day Conference in Frankfurt, Germany

; November 2008 - [[OWASP_EU_Summit_2008 | OWASP Summit 2008 - Portugal]]
: November 3rd - 7th - Working Sessions, Conference & Training, Algarve, Portugal

; October 2008 - [[OWASP AppSec Asia 2008 - Taiwan]]
: October 27th - 28th - NTUH International Convention Centre, Taipei, Taiwan

; October 2008 - [[OWASP_Minneapolis_St_Paul_2008_Conference | OWASP Minnesota Conference]]
: October 21st - University of Minnesota's St. Paul Student Center

===Previous Conferences===
; September 2008 - [[OWASP_NYC_AppSec_2008_Conference | OWASP AppSec U.S. 2008 - New York City]]
: September 22nd - 25th - Conference & Training, Pace University, NYC

; September 2008 - [[OWASP_Israel_2008_Conference | OWASP Israel 2008 - Herzliya, Israel]]
: September 14th - The Interdisciplinary Center Herzliya, Israel

; August 2008 - [[OWASP_AppSec_India_Conference_2008 | OWASP AppSec India 2008 - Delhi, India]]
: August 20th - 21st - Conference & Training

; May 2008 - [[OWASP_AppSec_Europe_2008_-_Belgium | OWASP AppSec Europe 2008 - Ghent, Belgium]]
: May 19th - 22nd - Conference & Training, Ghent University, Belgium (view [[OWASP_AppSec_Europe_2008_-_Belgium#Agenda_and_Presentations_-_May_21-22|agenda and presentations]])

; February 2008 - [[OWASP_Australia_AppSec_2008_Conference | OWASP Australia AppSec 2008 Conference]]
: February 27th-29th - Training & Conference, Gold Coast Convention Center, QLD Australia

== 2007 ==
; December 2007 - [[OWASP_Israel_2007_Conference | OWASP Israel AppSec 2007 Conference]]
: December 3rd, 2007 - Interdisciplinary Center (IDC) Herzliya, Israel

; November 2007 - [[OWASP & WASC AppSec 2007 Conference | OWASP & WASC AppSec U.S. 2007 - San Jose, California]]
: November 12-15 - at eBay in San Jose, CA. (view [[7th_OWASP_AppSec_Conference_-_San_Jose_2007/Agenda#OWASP_.26_WASC_AppSec_2007_Conference_Schedule_-_Nov_14-15_.28San_Jose_2007.29|agenda and presentations]])

; September 2007 - [[OWASP_AppSec_Asia_2007 | OWASP AppSec Asia 2007 - Taiwan]]
: September 27 - in Taipei, Taiwan.

; May 2007 - [[6th OWASP AppSec Conference - Italy 2007 | OWASP AppSec Europe 2007 - Italy]]
: May 15th-17th - in Milan, Italy. (view [[6th_OWASP_AppSec_Conference_-_Italy_2007/Agenda|agenda and presentations]])

== 2004-2006 ==

; October 2006 - [[OWASP AppSec Seattle 2006| OWASP AppSec U.S. 2006 - Seattle, Washington]]
: October 16th-18th - in Seattle, Washington. (view [[OWASP_AppSec_Seattle_2006/Agenda|agenda and presentations]])

; May 2006 - [[OWASP AppSec Europe 2006| OWASP AppSec Europe 2006 - Belgium ]]
: Held in Leuven, Belgium (view [[AppSec Europe 2006/Agenda|agenda and presentations]])

; October 2005 - [[OWASP AppSec Washington 2005|OWASP AppSec U.S. 2005 - Washington D.C.]]
: Held at NIST in Gaithersburg, MD (view [[AppSec Washington 2005/Agenda|agenda and presentations]])

; April 2005 - [[OWASP AppSec Europe 2005|OWASP AppSec Europe 2005 - London]]
: Held at Royal Holloway University in London (view [[AppSec Europe 2005/Agenda|agenda and presentations]])

; November 2004 - [[OWASP AppSec NYC 2004|OWASP AppSec U.S. 2004 - New York City]]
: Held at Stevens Institute in New Jersey (view [[AppSec NYC 2004|agenda and presentations]])

==Other Events==
The following lists other events that OWASP members have heavily participated in, and presented about OWASP or on OWASP Projects:

; June 10th 2008 - [http://www.owasp.org/index.php/Front_Range_Web_Application_Security_Summit_Planning_Page Front Range Web Application Security Conference] - Denver, CO

;March 12-14 2008 - [http://sourceboston.com/ SOURCE Boston 2008][http://sourceboston.com/ [[image:Logo.JPG|100px]]]
: Boston's first security conference features a series of panels, keynotes and networking events divided into three distinct tracks; business, technology and web app sec. This conference has been organized by former members of @Stake, L0pht, NSA, as well as current members of OWASP and Veracode.
:A Few Highlights:
:* L0pht reunion and panel discussion
:* Richard Clarke
:* Dan Geer
:* Stephen Levy
:* Jeremiah Grossman

; Jan 14 2008 - [https://www.owasp.org/index.php/Minneapolis_St_Paul Bruce Schneier - The Economics of Information Security]

; November 22, 2007 - OWASP Presentations at InfoSecurity Paris 2007
: Sebastien GIORIA from French Chapter will introduce a table workshop about WebServices and Web Security.

; October 3-4, 2007 - [http://www.RochesterSecurity.org/ Rochester Security Summit 2007]
: Rochester OWASP Chapter partners with Rochester Security Summit
: Includes several OWASP and Web App Sec presentations:
:* Rohyt Belani of Intrepidus Group - Phishing 2.0: Beyond Identity Theft
:* Andrea Cogliati - Security in Software Development Life Cycle (SDLC)
:* Ralph Durkee - 2007 OWASP Top 10 & Live Web Application Attacks
:* James Kist - Cross Site Scripting Attacks and Defenses

; February 2007 - [[InfoSecurity Milano 2007|OWASP Presentations at InfoSecurity Milan 2007]]
: Dave Wichers from the OWASP Foundation presented the new OWASP Top 10 2007 release. Members of the OWASP Italy Chapter presented a number of other presentations.

==Papers==
If you're interested in presenting at a future conference, please contact OWASP at: conferences 'at' owasp.org. If you're interested in submitting a paper to the refereed papers track for the next U.S. or European conference, please contact Frank Piessens, the OWASP Conferences Refereed Papers Chair: Frank.Piessens 'at' cs.kuleuven.ac.be.

==Conference Guidelines==
Chapter leaders wanting to host a conference click [[How_to_Host_a_Conference|here]].

Sponsors and potential sponsors click [[Speaker_Agreement|here]].

==Conference Leaders==
OWASP Conferences Chair: [mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security.

OWASP Conferences Refereed Papers Chair: [mailto:frank.piessens@cs.kuleuven.ac.be Frank Piessens], KU Leuven.

==Conference Project Sponsors==
The OWASP Conferences project is sponsored by:

[http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif] and
[http://www.kuleuven.be/english https://www.owasp.org/images/9/97/Kuleuven.jpg]

==Conference Sponsors==
The 7th OWASP AppSec Conference held in San Jose, CA in Nov 2007 was sponsored by:

{{Template:OWASP_Conference_Sponsors_2007_San_Jose}}

[[Category:OWASP AppSec Conference]]



==Sponsor a Conference==

<paypal>an OWASP Conference</paypal>

OWASP AppSec Asia 2008 - Taiwan

2008-10-09T02:40:39Z

Wayne huang: OWASP AppSec Asia 2008 moved to OWASP AppSec Asia 2008 - Taiwan: add location of conference

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

[[Image:OWASP_AppSec_Asia_2008_Map_Design.png|center]]

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008

2008-10-09T02:40:39Z

Wayne huang: OWASP AppSec Asia 2008 moved to OWASP AppSec Asia 2008 - Taiwan: add location of conference

#REDIRECT [[OWASP AppSec Asia 2008 - Taiwan]]

OWASP AppSec Asia 2008 - Taiwan

2008-10-08T18:22:11Z

Wayne huang: /* OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) */

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

[[Image:OWASP_AppSec_Asia_2008_Map_Design.png|center]]

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

File:OWASP AppSec Asia 2008 Map Design.png

2008-10-08T18:19:50Z

Wayne huang:

Category:OWASP AppSec Conference

2008-10-08T18:11:07Z

Wayne huang: /* Upcoming Conferences */

The OWASP AppSec conference series is dedicated to bringing together industry, government, and security researchers to discuss the state of the art in application security. This series was launched in the U.S. in the Fall of 2004 and in Europe in the Spring of 2005. All of the presentations from our previous conferences can be downloaded from the agenda pages for each conference.

More information about conference sponsorship is available [[OWASP AppSec Conference Sponsors|here]].

==Current Schedule==
OWASP launched its OWASP AppSec conferences series in 2004 and this has rapidly grown into a world wide phenomenon which now includes the U.S., Europe, Asia, Australia, and Israel. If you'd like to host a conference, we're always looking for great locations and enthusiastic local organizers. Please contact [[User:Wichers|Dave Wichers]], the OWASP Conferences Chair at dave.wichers 'at' owasp.org.

===Upcoming Conferences===
; May 2009 - OWASP AppSec Europe 2009 - Poland
: May 11th - 14th - Conference and Training, Qubus Hotel, Krakow, Poland

; March 2009 - OWASP Front Range Conference
: March 5th, 2nd Annual 1-Day Conference in Denver, Colorado

; February 2009 - OWASP AppSec Australia 2009 - Gold Coast
: Training & Conference, Gold Coast Convention Center, QLD Australia

; November 2008 - [[OWASP_Germany_2008_Conference | OWASP Germany Conference]]
: November 25th - 1-Day Conference in Frankfurt, Germany

; November 2008 - [[OWASP_EU_Summit_2008 | OWASP Summit 2008 - Portugal]]
: November 3rd - 7th - Working Sessions, Conference & Training, Algarve, Portugal

; October 2008 - [[OWASP AppSec Asia 2008 | OWASP AppSec Asia 2008 - Taiwan]]
: October 27th - 28th - NTUH International Convention Centre, Taipei, Taiwan

; October 2008 - [[OWASP_Minneapolis_St_Paul_2008_Conference | OWASP Minnesota Conference]]
: October 21st - University of Minnesota's St. Paul Student Center

===Previous Conferences===
; September 2008 - [[OWASP_NYC_AppSec_2008_Conference | OWASP AppSec U.S. 2008 - New York City]]
: September 22nd - 25th - Conference & Training, Pace University, NYC

; September 2008 - [[OWASP_Israel_2008_Conference | OWASP Israel 2008 - Herzliya, Israel]]
: September 14th - The Interdisciplinary Center Herzliya, Israel

; August 2008 - [[OWASP_AppSec_India_Conference_2008 | OWASP AppSec India 2008 - Delhi, India]]
: August 20th - 21st - Conference & Training

; May 2008 - [[OWASP_AppSec_Europe_2008_-_Belgium | OWASP AppSec Europe 2008 - Ghent, Belgium]]
: May 19th - 22nd - Conference & Training, Ghent University, Belgium (view [[OWASP_AppSec_Europe_2008_-_Belgium#Agenda_and_Presentations_-_May_21-22|agenda and presentations]])

; February 2008 - [[OWASP_Australia_AppSec_2008_Conference | OWASP Australia AppSec 2008 Conference]]
: February 27th-29th - Training & Conference, Gold Coast Convention Center, QLD Australia

== 2007 ==
; December 2007 - [[OWASP_Israel_2007_Conference | OWASP Israel AppSec 2007 Conference]]
: December 3rd, 2007 - Interdisciplinary Center (IDC) Herzliya, Israel

; November 2007 - [[OWASP & WASC AppSec 2007 Conference | OWASP & WASC AppSec U.S. 2007 - San Jose, California]]
: November 12-15 - at eBay in San Jose, CA. (view [[7th_OWASP_AppSec_Conference_-_San_Jose_2007/Agenda#OWASP_.26_WASC_AppSec_2007_Conference_Schedule_-_Nov_14-15_.28San_Jose_2007.29|agenda and presentations]])

; September 2007 - [[OWASP_AppSec_Asia_2007 | OWASP AppSec Asia 2007 - Taiwan]]
: September 27 - in Taipei, Taiwan.

; May 2007 - [[6th OWASP AppSec Conference - Italy 2007 | OWASP AppSec Europe 2007 - Italy]]
: May 15th-17th - in Milan, Italy. (view [[6th_OWASP_AppSec_Conference_-_Italy_2007/Agenda|agenda and presentations]])

== 2004-2006 ==

; October 2006 - [[OWASP AppSec Seattle 2006| OWASP AppSec U.S. 2006 - Seattle, Washington]]
: October 16th-18th - in Seattle, Washington. (view [[OWASP_AppSec_Seattle_2006/Agenda|agenda and presentations]])

; May 2006 - [[OWASP AppSec Europe 2006| OWASP AppSec Europe 2006 - Belgium ]]
: Held in Leuven, Belgium (view [[AppSec Europe 2006/Agenda|agenda and presentations]])

; October 2005 - [[OWASP AppSec Washington 2005|OWASP AppSec U.S. 2005 - Washington D.C.]]
: Held at NIST in Gaithersburg, MD (view [[AppSec Washington 2005/Agenda|agenda and presentations]])

; April 2005 - [[OWASP AppSec Europe 2005|OWASP AppSec Europe 2005 - London]]
: Held at Royal Holloway University in London (view [[AppSec Europe 2005/Agenda|agenda and presentations]])

; November 2004 - [[OWASP AppSec NYC 2004|OWASP AppSec U.S. 2004 - New York City]]
: Held at Stevens Institute in New Jersey (view [[AppSec NYC 2004|agenda and presentations]])

==Other Events==
The following lists other events that OWASP members have heavily participated in, and presented about OWASP or on OWASP Projects:

; June 10th 2008 - [http://www.owasp.org/index.php/Front_Range_Web_Application_Security_Summit_Planning_Page Front Range Web Application Security Conference] - Denver, CO

;March 12-14 2008 - [http://sourceboston.com/ SOURCE Boston 2008][http://sourceboston.com/ [[image:Logo.JPG|100px]]]
: Boston's first security conference features a series of panels, keynotes and networking events divided into three distinct tracks; business, technology and web app sec. This conference has been organized by former members of @Stake, L0pht, NSA, as well as current members of OWASP and Veracode.
:A Few Highlights:
:* L0pht reunion and panel discussion
:* Richard Clarke
:* Dan Geer
:* Stephen Levy
:* Jeremiah Grossman

; Jan 14 2008 - [https://www.owasp.org/index.php/Minneapolis_St_Paul Bruce Schneier - The Economics of Information Security]

; November 22, 2007 - OWASP Presentations at InfoSecurity Paris 2007
: Sebastien GIORIA from French Chapter will introduce a table workshop about WebServices and Web Security.

; October 3-4, 2007 - [http://www.RochesterSecurity.org/ Rochester Security Summit 2007]
: Rochester OWASP Chapter partners with Rochester Security Summit
: Includes several OWASP and Web App Sec presentations:
:* Rohyt Belani of Intrepidus Group - Phishing 2.0: Beyond Identity Theft
:* Andrea Cogliati - Security in Software Development Life Cycle (SDLC)
:* Ralph Durkee - 2007 OWASP Top 10 & Live Web Application Attacks
:* James Kist - Cross Site Scripting Attacks and Defenses

; February 2007 - [[InfoSecurity Milano 2007|OWASP Presentations at InfoSecurity Milan 2007]]
: Dave Wichers from the OWASP Foundation presented the new OWASP Top 10 2007 release. Members of the OWASP Italy Chapter presented a number of other presentations.

==Papers==
If you're interested in presenting at a future conference, please contact OWASP at: conferences 'at' owasp.org. If you're interested in submitting a paper to the refereed papers track for the next U.S. or European conference, please contact Frank Piessens, the OWASP Conferences Refereed Papers Chair: Frank.Piessens 'at' cs.kuleuven.ac.be.

==Conference Guidelines==
Chapter leaders wanting to host a conference click [[How_to_Host_a_Conference|here]].

Sponsors and potential sponsors click [[Speaker_Agreement|here]].

==Conference Leaders==
OWASP Conferences Chair: [mailto:dave.wichers@owasp.org Dave Wichers], Aspect Security.

OWASP Conferences Refereed Papers Chair: [mailto:frank.piessens@cs.kuleuven.ac.be Frank Piessens], KU Leuven.

==Conference Project Sponsors==
The OWASP Conferences project is sponsored by:

[http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif] and
[http://www.kuleuven.be/english https://www.owasp.org/images/9/97/Kuleuven.jpg]

==Conference Sponsors==
The 7th OWASP AppSec Conference held in San Jose, CA in Nov 2007 was sponsored by:

{{Template:OWASP_Conference_Sponsors_2007_San_Jose}}

[[Category:OWASP AppSec Conference]]



==Sponsor a Conference==

<paypal>an OWASP Conference</paypal>

Category:OWASP AppSec Conference

2008-10-08T18:09:38Z

Wayne huang: /* Upcoming Conferences */

OWASP AppSec Asia 2008 - Taiwan

2008-10-08T07:01:17Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM], Frank Fan '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-08T06:16:51Z

Wayne huang: /* OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) */

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Frank Fan, OWASP China]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM], Frank Fan '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

Best Practices for OWASP Chapter Leaders

2008-10-08T02:31:02Z

Wayne huang: /* Working Session Participants */

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#b3b3b3; color:white"|'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''Best Practices for OWASP Chapter Leaders'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The aim of the Workshop is to identify existing material, prepare some ideas and compile a "Chapter Best Practices Guideline" together after the Summit.
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|[[:Category:OWASP_Chapter|OWASP Chapters]]
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
| style="width:25%; background:#cccccc" align="center"|'''Chair''' [mailto:georg.hess(at)artofdefence.com '''Georg Heß''']
| style="width:25%; background:#cccccc" align="center"|'''Secretary''' [mailto:seba(at)owasp.org '''Sebastien Deleersnyder''']
| style="width:25%; background:#cccccc" align="center"|'''Mailing list''' [https://lists.owasp.org/mailman/listinfo/owasp-leaders '''Subscription Page''']
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION SPECIFICS'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
You´ve already started a local Chapter and know the Chapter rules "by heart". However, you most certainly have questions about growing, financing and "local" vs. "board" decision-making processes... The aim of the Workshop is to identify existing material, prepare some ideas and compile a "Chapter Best Practices Guideline" together after the Summit. Typical challenges are:
* Money: Where can I get funds from for growing my chapter - e.g. marketing efforts, organisational costs, etc... e.g. OWASP membership fees of local members/portions of it to be credited to the local chapter
* "Local" decisions: What can the local chapter decide upon e.g. "local PR messages (non English), (local) projects (perhaps as a start of international projects) - using professional help for setting up conferences etc.
* covering costs for "reasonable" translation efforts..
* Creating a local "OWASP Foundation" non-profit organisation vs. working as part of the global "OWASP Foundation"
* Best practices building "local boards" etc.
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
| style="width:25%; background:#cccccc" align="center"|'''Venue''' [[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
| style="width:25%; background:#cccccc" align="center"|'''Date&Time''' November 5 & 7, 2008 Time TBD
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model''' "Participants + Attendees"
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}

{|style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OPERATIONAL RESOURCES'''
|-
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION ADDITIONAL DETAILS'''
|-
| style="width:100%; background:#cccccc" align="center"|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution
|}
{| style="width:100%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES'''
|-
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group'''
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Best Practices for OWASP Chapter Leaders.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|}
== Working Session Participants ==
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION PARTICIPANTS'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:15%; background:#cccccc" align="center"|'''Name'''
| style="width:15%; background:#cccccc" align="center"|'''Company'''
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''
|-
| style="width:7%; background:#7B8ABD" align="center"|1
| style="width:15%; background:#cccccc" align="center"| Tom Brennan
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|2
| style="width:15%; background:#cccccc" align="center"| Wayne Huang
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|3
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|4
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|5
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|6
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|7
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|8
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|9
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|10
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|}
If needed add here more lines.

OWASP AppSec Asia 2008 - Taiwan

2008-10-08T02:19:30Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''China, Delhi, Hong Kong, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-08T01:07:57Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank Beijing, Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Beijing, Delhi, Hong Kong, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-08T01:07:16Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Beijing, Delhi, Hong Kong, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-07T17:12:13Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:wayne.owasp@gmail.com email us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Delhi, Hong Kong, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-07T17:11:42Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please email [mailto:wayne.owasp@gmail.com us].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Delhi, Hong Kong, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-07T16:49:08Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please email [mailto:wayne.owasp@gmail.com Wayne].

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Delhi, Hong Kong, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-07T16:45:05Z

Wayne huang: /* OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) */

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in attending, please email [mailto:wayne.owasp@gmail.com Wayne].

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Delhi, Hong Kong, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}

==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-07T16:29:26Z

Wayne huang: /* (2008/10/27) - Day 1 */

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in attending, please email [mailto:wayne.owasp@gmail.com Wayne].

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand Chapter]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Delhi, Hong Kong, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}
==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-07T16:28:36Z

Wayne huang: /* (2008/10/27) - Day 1 */

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in attending, please email [mailto:wayne.owasp@gmail.com Wayne].

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand Chapter]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Delhi, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}
==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-07T16:28:02Z

Wayne huang: /* (2008/10/27) - Day 1 */

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in attending, please email [mailto:wayne.owasp@gmail.com Wayne].

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand Chapter]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor Yarochkin(Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Delhi, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |

=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}
==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

OWASP AppSec Asia 2008 - Taiwan

2008-10-07T15:18:16Z

Wayne huang:

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in attending, please email [mailto:wayne.owasp@gmail.com Wayne].

== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/27) - Day 1 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:30- 09:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Opening welcome and an introduction to this year’s program]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Wayne Huang, Conference Chair]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:40-09:50''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Institute for Information Industry '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:50-10:00''' || style="width:30%; background:#A7BFDE" align="center" | '''Welcome by Information Security Consortium, Information Service Industry Association '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[YM Chen, Director, McAfee Foundstone]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | ''' [[Wayne Huang, OWASP Taiwan Chapter]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Tim Bass, OWASP Thailand Chapter]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[PK (Taiwan Criminal Investigation Bureau)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Fyodor (Guard-Info)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''Delhi, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" |
=== (2008/10/28) - Day 2 ===
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Robert "RSnake" Hansen (SecTheory)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Chenxi Wang, Ph.D. (Forrester Research)]] '''
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[KK Mookhey (OWASP Mumbai)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Alexander Meisel (OWASP Germany)]] '''
|-
|-
{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
|-
{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4F81BD; color:white" |

|-
| align="center" style="width:33%; background:#4F81BD; color:white" | '''TIME''' || style="width:33%; background:#4F81BD; color:white" align="center" | '''SESSION'''
| style="width:33%; background:#4F81BD; color:white" align="center" | '''SPEAKER'''

|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[[Steven Adair (ShadowServer Foundation)]] '''
|-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]] '''
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor], [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] '''
|-

|}
==Conference Fees & Registration==

=== Conference Fees ===

The fee for the two days conference is USD 35, which includes:
*Two lunches
*Coffee breaks
*Conference T-Shirt

=== Registration ===

Registration is now open!! Please [mailto:wayne.owasp@gmail.com '''contact us'''] for the registration.

Taiwan

2008-09-30T19:08:37Z

Wayne huang:

[[Image:OWASP_TW_Banner.png]]

歡迎加入OWASP台灣分會！「網站安全的第一步，從加入OWASP台灣分會開始」。

台灣分會會長[mailto:wayne@owasp.org.tw 黃耀文先生（Wayne Huang）]暨分會工作同仁衷心肯定您的參與，不管您在何處，甚至您僅曾留下網路足跡於台灣，感謝您願意跟大家一起分享，讓我們用更多不同的角度來檢視Web安全的趨勢、威脅、問題與解決方案。

== 歡迎光臨 OWASP 台灣分會 ==

== 最新活動 ==
=== [[OWASP_AppSec_Asia_2007|第一屆OWASP官方亞洲年會(OWASP Asia 2007)]] ===
'''Security 3.0 in Web 2.0 Age — Practices and Challenges of Web 2.0 Security'''

[OWASP_AppSec_Asia_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png]

Whitehat Security、美國運通(American Express)、阿碼科技(Armorize)、Qualys等跨國企業與資安公司的高階主管與首席研究員齊聚台灣，您知道他們如何看待Web 2.0時代之 Security 3.0嗎？對台灣與全球的含意是什麼？我政府、企業與一般使用者又該如何因應？從下面這些2007年的資安界大新聞，透露著怎樣的訊息？
* 5月11日起，Google開始監控遭駭網站，並貼上危險網站之標籤!
* 5月15日月OWASP公佈2007年最新的十大Web弱點，跨站腳本攻擊(XSS)登上榜首!
* 6月6日IBM購併Watchfire，HP隨即於6月19日購併SPI Dynamics!而僅存的Cenzic以滲透測試技術於6月18日獲得美國專利!
* Web 2.0的資安威脅？因應之道？Security 3.0？成功的實務案例？
[[OWASP_AppSec_Asia_2007|第一屆OWASP官方亞洲年會]]將於9月27日(週四)下午1點於台大醫院國際會議中心201室(台北市中正區徐州路二號)'''舉辦，歡迎您來共襄盛舉，滿載而歸![[OWASP_AppSec_Asia_2007|還有更多...]]

=== [http://hitcon.org 第三屆台灣駭客年會(HIT 2007)] ===

[http://hitcon.org 第三屆台灣駭客年會(HIT 2007)]已於2007年7月21日(週六)至22日(週日)在國立臺灣科技大學公館校區圓滿落幕，活動盛況空前，詳情請見 HIT 2007 官方網站:
[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org

== 歡迎您的參與 ==
加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士，
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講，
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。
若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁，
所有的活動討論與活動地點將透過這個清單來討論，
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。
最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== 有關OWASP (About OWASP) ==
OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利性組織，目前全球有82個分會近萬名會員，其主要目標是研議協助解決Web軟體安全之標準、工具與技術文件，長期致力於協助政府或企業瞭解並改善網頁應用程式與網頁服務的安全性。由於應用範圍日廣，網頁應用安全已經逐漸的受到重視，並漸漸成為在安全領域的一個熱門話題，在此同時，駭客們也悄悄的將焦點轉移到網頁應用程式開發時所會產生的弱點來進行攻擊與破壞。

美國聯邦貿易委員會(FTC)強烈建議所有企業需遵循OWASP所發佈的十大Web弱點防護守則、美國國防部亦列為最佳實務，國際信用卡資料安全技術PCI標準更將其列為必要元件。目前OWASP有30多個進行中的計畫，包括最知名的OWASP Top 10(十大Web弱點)、WebGoat(代罪羔羊)練習平台、安全PHP/Java/ASP.Net等計畫，針對不同的軟體安全問題在進行討論與研究。

當貴單位決定開放網頁服務時，就必須讓來自於全球的網頁請求進入單位內部的網頁伺服器。駭客可以藉由隱藏在合法的網頁請求內，通過防火牆、入侵偵測系統或其他防禦系統的偵測，堂而皇之的進入單位內部或藉由單位網站充當跳板與中繼站而向其他受害者發動攻擊。這意味著企業的網頁程式碼也必須成為機關(構)單位周邊的安全防護之一，當單位網頁服務的規模與複雜性增加時，單位暴露於外的風險也逐漸增加。

== OWASP 台灣分會 (OWASP Taiwan Chapter) ==
*網頁:http://www.owasp.org.tw
*電郵:info@owasp.org.tw
*群組:owasp-taiwan@lists.owasp.org
*住址:台北市115南港區三重路19-13號(南港軟體園區)E棟5樓554室

{{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto:wayne@owasp.org.tw Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}}

Chapter meetings are held several times a year, typically in the offices of our sponsor.

Please subscribe to the mailing list for meeting announcements.

== 免費加入OWASP台灣分會 ==



'''加入OWASP台灣分會不需任何費用'''
'''加入會員方法請見本頁下方''' '''[[#如何加入會員|如何加入會員]]'''

加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士， 
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講， 
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。

若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁， 
所有的活動討論與活動地點將透過這個清單來討論， 
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。

最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== OWASP台灣分會部落格 blog ==
需要一手資安情報，技術分析，市場資訊嗎？

歡迎常來 [http://www.owasp.org.tw/blog OWASP台灣分會部落格 blog]

[http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png]


== 如何加入會員 ==
歡迎免費加入OWASP Taiwan台灣分會！加入方式有三種，線上報名，email報名以及傳真報名：
工作同仁會持續通知所有會員有關OWASP最新活動資訊與座談會議程.

=== 線上報名 ===
請[http://www.owasp.org.tw/member/registration.php 按此填寫線上報名單]

=== Email報名 ===
請email：[mailto:info@owasp.org.tw info@owasp.org.tw]加入台灣分會,請註明下列資訊.
#姓名
#單位
#職稱
#電子郵件
#聯絡電話

=== 傳真報名 ===
請列印此報名表,填寫後傳真至(02)6616-1100即可.

[[Image:owasp_taiwan_opening.jpg|800px]]

== 近期消息 ==

*Web應用程式安全研討會:在2008年7月22日起，行政院研考會與資通安全會報技服中心舉辦之[http://www.icst.org.tw/content/application/icst2005/a1001001100110151/guest-cnt-browse.php?var=0,1001,111,100100110017,3353,plan&PHPSESSID=d4815b38629332871cf75bb829fd5546 政府機關軟體安全技術研討會]，透過Web 應用程式安全參考指引導入案例，瞭解Web應用程式可能弱點，提供各機關(構)委外管理參考。

*Web安全新聞:在2007年6月11日，iThome報導「[http://www.ithome.com.tw/itadm/article.php?c=43813 網站安全潰堤，不安全就沒顧客]」，深入追蹤Google搜尋引擎因應惡意網站之新措施，其搜尋結果會為有資安問題的網站貼上警告標籤，並阻止使用者直接瀏覽。

*OWASP台灣分會參展:在2007年4月16至18日，台北國際資安展(http://www.secutech.com/tw/is/index.asp) 隆重登場，OWASP台灣分會邀您蒞臨攤位A402與A404，即可獲得Web資安光碟一張，並親自動手體驗比滲透測試、弱點稽核等傳統資安檢測方式更為優異的自動源碼檢測技術。

*Web安全新聞:在2007年4月11日，iThome報導「[http://www.ithome.com.tw/itadm/article.php?c=42866 OWASP台灣分會成立會員免費招募中，盼助我國Web安全防護跟上國際趨勢]」。

*Web安全新聞:在2007年4月9日，蘋果日報報導台灣已有ESPN體育台等許多與民眾生活息息相關的二十七個官網，三月以來陸續遭駭客植入木馬後門，藉由軟體廠商尚無修補程式的「零時差攻擊」（Zero-Day Attack），無辜使用者只要連上網瀏覽，電腦就中獎，輕者帳號、密碼遭竊，身分被盜用；重者機敏資料外洩或財物損失。

*Web應用程式安全研討會:在2007年3月27至4月11日，行政院研考會與資通安全會報技服中心舉辦之[http://sid.iii.org.tw/96Q1_ISMS/ 政府資通安全防護巡迴研討會－資安發展趨勢及網路應用服務資訊安全]，歡迎政府機關(構)負責資通安全相關人員踴躍參加。NEW![https://www.owasp.org/images/b/b1/%E5%B7%A1%E8%BF%B4%E7%A0%94%E8%A8%8E%E6%9C%83%E8%AC%9B%E7%BE%A9_Web.pdf 研討會講義下載]

*Web安全新聞:在2007年3月21日，中國時報報導「上網最不安全國家，台灣高居第二」，由法務部調查局、刑事局等單位共同針對台灣網路安全進行觀察發現，台灣網路的資訊安全威脅，高居亞洲第二，僅次於中國。2007年初至今，平均每天都會發生5件駭客入侵事件。

*Web安全新聞:在2007年3月8日，東森新聞報導「台灣駭客攻擊事件四小龍之冠，90％銀行曾遭入侵」，然而許多企業都以沒有預算為由，不願意增加防護設備與人力，被駭客竄改入侵網頁，不瞭解背後嚴重的意義，網頁改回後，並沒有增加防護設備，甚至還有單一企業被駭連續高達82次。[http://www.ettoday.com/2007/03/08/339-2063921.htm 原新聞連結]

[[Image:Owasp taiwan first gathering.png]]

== 網站與Web服務的五大資安困境 ==
#IT人員不足
#缺乏資安領域專業知識
#功能性驗收為主
#缺乏自動化工具
#成本、效率導向專案模式不利確保專案品質

==最新2007年OWASP十大Web資安漏洞 (2007 OWASP Top 10)==
===十大Web資安漏洞列表===
*A1. 跨網站的入侵字串(Cross Site Scripting，簡稱XSS，亦稱為跨站腳本攻擊)：Web應用程式直接將來自使用者的執行請求送回瀏覽器執行，使得攻擊者可擷取使用者的Cookie或Session資料而能假冒直接登入為合法使用者。
*A2. 注入缺失(Injection Flaw)：Web應用程式執行來自外部包括資料庫在內的惡意指令，SQL Injection與Command Injection等攻擊包括在內。
*A3. 惡意檔案執行(Malicious File Execution)：Web應用程式引入來自外部的惡意檔案並執行檔案內容。
*A4. 不安全的物件參考(Insecure Direct Object Reference)：攻擊者利用Web應用程式本身的檔案讀取功能任意存取檔案或重要資料，案例包括http://example/read.php?file=../../../../../../../c:\boot.ini。
*A5. 跨網站的偽造要求 (Cross-Site Request Forgery，簡稱CSRF): 已登入Web應用程式的合法使用者執行到惡意的HTTP指令，但Web應用程式卻當成合法需求處理，使得惡意指令被正常執行，案例包括社交網站分享的 QuickTime、Flash影片中藏有惡意的HTTP請求。
*A6. 資訊揭露與不適當錯誤處置 (Information Leakage and Improper Error Handling)：Web應用程式的執行錯誤訊息包含敏感資料，案例包括:系統檔案路徑的揭露或資料庫欄位名稱。
*A7. 遭破壞的鑑別與連線管理(Broken Authentication and Session Management)：Web應用程式中自行撰寫的身分驗證相關功能有缺陷。
*A8. 不安全的密碼儲存器 (Insecure Cryptographic Storage)：Web應用程式沒有對敏感性資料使用加密、使用較弱的加密演算法或將金鑰儲存於容易被取得之處。
*A9. 不安全的通訊(Insecure Communication)：傳送敏感性資料時並未使用HTTPS或其他加密方式。
*A10. 疏於限制URL存取(Failure to Restrict URL Access)：某些網頁因為沒有權限控制，使得攻擊者可透過網址直接存取，案例包括允許直接修改Wiki或Blog網頁內容。

這次OWASP公布新版Top 10反映出目前的攻擊現況，以今年為例，Cross-Site Scripting(XSS)調整為10大攻擊之首，真實的反映出目前網路釣魚與詐欺的攻擊濫用XSS的情形，事實上，美國國防部的BSI計畫(Build-Security In,https://buildsecurityin.us-cert.gov/) 及Mitre研究機構的CVE資安脆弱性列表(http://cve.mitre.org/) 亦顯示1)Cross Site Scripting與2)SQL Injection已連續兩年列為全球頭號嚴重資安弱點.

===直接與程式碼安全品質有關===
*[必要*]A1. 跨網站的入侵字串(Cross Site Scripting)
*[必要*]A2. 注入缺失(Injection Flaw)
*[建議*]A3. 惡意檔案執行(Malicious File Execution)
*[建議*]A4. 不安全的物件參考(Insecure Direct Object Reference)
*[選擇*]A5. 跨網站的偽造要求 (Cross-Site Request Forgery)

<nowiki>*</nowiki>OWASP台灣分會強烈建議各單位在進行源碼檢測時，尤以政府機關(構)，應遵循政府資通安全作業規範(http://www.giscc.org.tw) 之「Web應用程式安全參考指引」，並將1與2列為必要檢測項目，3與4列為建議檢測項目，而5列為選擇檢測項目。

＊在實務案例上，檢測並修正1與2即可避免絕大多數的Web資安威脅。

===因上述漏洞間接造成或與Web伺服器及外部設定有關===
*Information Leakage and Improper Error Handling
*Broken Authentication and Session Management
*Insecure Cryptographic Storage
*Insecure Communications
*Failure to Restrict URL Access

== 會員列表 (Member List) ==
Coming up soon!

[http://www.owasp.org.tw http://www.owasp.org.tw/dot.png]

Taiwan

2008-09-30T19:06:39Z

Wayne huang: /* 第一屆OWASP官方亞洲年會(OWASP Asia 2007) */

[[Image:OWASP_TW_Banner.png]]

歡迎加入OWASP台灣分會！「網站安全的第一步，從加入OWASP台灣分會開始」。

台灣分會會長[mailto:wayne@owasp.org.tw 黃耀文先生（Wayne Huang）]暨分會工作同仁衷心肯定您的參與，不管您在何處，甚至您僅曾留下網路足跡於台灣，感謝您願意跟大家一起分享，讓我們用更多不同的角度來檢視Web安全的趨勢、威脅、問題與解決方案。

== 歡迎光臨 OWASP 台灣分會 ==

== 最新活動 ==
=== [[OWASP_AppSec_Asia_2007|第一屆OWASP官方亞洲年會(OWASP Asia 2007)]] ===
'''Security 3.0 in Web 2.0 Age — Practices and Challenges of Web 2.0 Security'''

[OWASP_AppSec_Asia_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png]

Whitehat Security、美國運通(American Express)、阿碼科技(Armorize)、Qualys等跨國企業與資安公司的高階主管與首席研究員齊聚台灣，您知道他們如何看待Web 2.0時代之 Security 3.0嗎？對台灣與全球的含意是什麼？我政府、企業與一般使用者又該如何因應？從下面這些2007年的資安界大新聞，透露著怎樣的訊息？
* 5月11日起，Google開始監控遭駭網站，並貼上危險網站之標籤!
* 5月15日月OWASP公佈2007年最新的十大Web弱點，跨站腳本攻擊(XSS)登上榜首!
* 6月6日IBM購併Watchfire，HP隨即於6月19日購併SPI Dynamics!而僅存的Cenzic以滲透測試技術於6月18日獲得美國專利!
* Web 2.0的資安威脅？因應之道？Security 3.0？成功的實務案例？
[[OWASP_AppSec_Asia_2007|第一屆OWASP官方亞洲年會]]將於9月27日(週四)下午1點於台大醫院國際會議中心201室(台北市中正區徐州路二號)'''舉辦，歡迎您來共襄盛舉，滿載而歸![[Taiwan_OWASP_2007|還有更多...]]

=== [http://hitcon.org 第三屆台灣駭客年會(HIT 2007)] ===

[http://hitcon.org 第三屆台灣駭客年會(HIT 2007)]已於2007年7月21日(週六)至22日(週日)在國立臺灣科技大學公館校區圓滿落幕，活動盛況空前，詳情請見 HIT 2007 官方網站:
[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org

== 歡迎您的參與 ==
加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士，
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講，
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。
若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁，
所有的活動討論與活動地點將透過這個清單來討論，
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。
最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== 有關OWASP (About OWASP) ==
OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利性組織，目前全球有82個分會近萬名會員，其主要目標是研議協助解決Web軟體安全之標準、工具與技術文件，長期致力於協助政府或企業瞭解並改善網頁應用程式與網頁服務的安全性。由於應用範圍日廣，網頁應用安全已經逐漸的受到重視，並漸漸成為在安全領域的一個熱門話題，在此同時，駭客們也悄悄的將焦點轉移到網頁應用程式開發時所會產生的弱點來進行攻擊與破壞。

美國聯邦貿易委員會(FTC)強烈建議所有企業需遵循OWASP所發佈的十大Web弱點防護守則、美國國防部亦列為最佳實務，國際信用卡資料安全技術PCI標準更將其列為必要元件。目前OWASP有30多個進行中的計畫，包括最知名的OWASP Top 10(十大Web弱點)、WebGoat(代罪羔羊)練習平台、安全PHP/Java/ASP.Net等計畫，針對不同的軟體安全問題在進行討論與研究。

當貴單位決定開放網頁服務時，就必須讓來自於全球的網頁請求進入單位內部的網頁伺服器。駭客可以藉由隱藏在合法的網頁請求內，通過防火牆、入侵偵測系統或其他防禦系統的偵測，堂而皇之的進入單位內部或藉由單位網站充當跳板與中繼站而向其他受害者發動攻擊。這意味著企業的網頁程式碼也必須成為機關(構)單位周邊的安全防護之一，當單位網頁服務的規模與複雜性增加時，單位暴露於外的風險也逐漸增加。

== OWASP 台灣分會 (OWASP Taiwan Chapter) ==
*網頁:http://www.owasp.org.tw
*電郵:info@owasp.org.tw
*群組:owasp-taiwan@lists.owasp.org
*住址:台北市115南港區三重路19-13號(南港軟體園區)E棟5樓554室

{{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto:wayne@owasp.org.tw Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}}

Chapter meetings are held several times a year, typically in the offices of our sponsor.

Please subscribe to the mailing list for meeting announcements.

Our chapter is sponsored by [http://www.armorize.com/?utm_source=OWASP%2BTW%2BMain&utm_medium=web Armorize Technologies].
感謝[http://www.armorize.com/?utm_source=OWASP%2BTW%2BMain&utm_medium=web 美商阿碼科技]提供會議茶水、食物與活動贊助!

== 免費加入OWASP台灣分會 ==



'''加入OWASP台灣分會不需任何費用'''
'''加入會員方法請見本頁下方''' '''[[#如何加入會員|如何加入會員]]'''

加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士， 
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講， 
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。

若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁， 
所有的活動討論與活動地點將透過這個清單來討論， 
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。

最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== OWASP台灣分會部落格 blog ==
需要一手資安情報，技術分析，市場資訊嗎？

歡迎常來 [http://www.owasp.org.tw/blog OWASP台灣分會部落格 blog]

[http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png]


== 如何加入會員 ==
歡迎免費加入OWASP Taiwan台灣分會！加入方式有三種，線上報名，email報名以及傳真報名：
工作同仁會持續通知所有會員有關OWASP最新活動資訊與座談會議程.

=== 線上報名 ===
請[http://www.owasp.org.tw/member/registration.php 按此填寫線上報名單]

=== Email報名 ===
請email：[mailto:info@owasp.org.tw info@owasp.org.tw]加入台灣分會,請註明下列資訊.
#姓名
#單位
#職稱
#電子郵件
#聯絡電話

=== 傳真報名 ===
請列印此報名表,填寫後傳真至(02)6616-1100即可.

[[Image:owasp_taiwan_opening.jpg|800px]]

== 近期消息 ==

*Web應用程式安全研討會:在2008年7月22日起，行政院研考會與資通安全會報技服中心舉辦之[http://www.icst.org.tw/content/application/icst2005/a1001001100110151/guest-cnt-browse.php?var=0,1001,111,100100110017,3353,plan&PHPSESSID=d4815b38629332871cf75bb829fd5546 政府機關軟體安全技術研討會]，透過Web 應用程式安全參考指引導入案例，瞭解Web應用程式可能弱點，提供各機關(構)委外管理參考。

*Web安全新聞:在2007年6月11日，iThome報導「[http://www.ithome.com.tw/itadm/article.php?c=43813 網站安全潰堤，不安全就沒顧客]」，深入追蹤Google搜尋引擎因應惡意網站之新措施，其搜尋結果會為有資安問題的網站貼上警告標籤，並阻止使用者直接瀏覽。

*OWASP台灣分會參展:在2007年4月16至18日，台北國際資安展(http://www.secutech.com/tw/is/index.asp) 隆重登場，OWASP台灣分會邀您蒞臨攤位A402與A404，即可獲得Web資安光碟一張，並親自動手體驗比滲透測試、弱點稽核等傳統資安檢測方式更為優異的自動源碼檢測技術。

*Web安全新聞:在2007年4月11日，iThome報導「[http://www.ithome.com.tw/itadm/article.php?c=42866 OWASP台灣分會成立會員免費招募中，盼助我國Web安全防護跟上國際趨勢]」。

*Web安全新聞:在2007年4月9日，蘋果日報報導台灣已有ESPN體育台等許多與民眾生活息息相關的二十七個官網，三月以來陸續遭駭客植入木馬後門，藉由軟體廠商尚無修補程式的「零時差攻擊」（Zero-Day Attack），無辜使用者只要連上網瀏覽，電腦就中獎，輕者帳號、密碼遭竊，身分被盜用；重者機敏資料外洩或財物損失。

*Web應用程式安全研討會:在2007年3月27至4月11日，行政院研考會與資通安全會報技服中心舉辦之[http://sid.iii.org.tw/96Q1_ISMS/ 政府資通安全防護巡迴研討會－資安發展趨勢及網路應用服務資訊安全]，歡迎政府機關(構)負責資通安全相關人員踴躍參加。NEW![https://www.owasp.org/images/b/b1/%E5%B7%A1%E8%BF%B4%E7%A0%94%E8%A8%8E%E6%9C%83%E8%AC%9B%E7%BE%A9_Web.pdf 研討會講義下載]

*Web安全新聞:在2007年3月21日，中國時報報導「上網最不安全國家，台灣高居第二」，由法務部調查局、刑事局等單位共同針對台灣網路安全進行觀察發現，台灣網路的資訊安全威脅，高居亞洲第二，僅次於中國。2007年初至今，平均每天都會發生5件駭客入侵事件。

*Web安全新聞:在2007年3月8日，東森新聞報導「台灣駭客攻擊事件四小龍之冠，90％銀行曾遭入侵」，然而許多企業都以沒有預算為由，不願意增加防護設備與人力，被駭客竄改入侵網頁，不瞭解背後嚴重的意義，網頁改回後，並沒有增加防護設備，甚至還有單一企業被駭連續高達82次。[http://www.ettoday.com/2007/03/08/339-2063921.htm 原新聞連結]

[[Image:Owasp taiwan first gathering.png]]

== 網站與Web服務的五大資安困境 ==
#IT人員不足
#缺乏資安領域專業知識
#功能性驗收為主
#缺乏自動化工具
#成本、效率導向專案模式不利確保專案品質

==最新2007年OWASP十大Web資安漏洞 (2007 OWASP Top 10)==
===十大Web資安漏洞列表===
*A1. 跨網站的入侵字串(Cross Site Scripting，簡稱XSS，亦稱為跨站腳本攻擊)：Web應用程式直接將來自使用者的執行請求送回瀏覽器執行，使得攻擊者可擷取使用者的Cookie或Session資料而能假冒直接登入為合法使用者。
*A2. 注入缺失(Injection Flaw)：Web應用程式執行來自外部包括資料庫在內的惡意指令，SQL Injection與Command Injection等攻擊包括在內。
*A3. 惡意檔案執行(Malicious File Execution)：Web應用程式引入來自外部的惡意檔案並執行檔案內容。
*A4. 不安全的物件參考(Insecure Direct Object Reference)：攻擊者利用Web應用程式本身的檔案讀取功能任意存取檔案或重要資料，案例包括http://example/read.php?file=../../../../../../../c:\boot.ini。
*A5. 跨網站的偽造要求 (Cross-Site Request Forgery，簡稱CSRF): 已登入Web應用程式的合法使用者執行到惡意的HTTP指令，但Web應用程式卻當成合法需求處理，使得惡意指令被正常執行，案例包括社交網站分享的 QuickTime、Flash影片中藏有惡意的HTTP請求。
*A6. 資訊揭露與不適當錯誤處置 (Information Leakage and Improper Error Handling)：Web應用程式的執行錯誤訊息包含敏感資料，案例包括:系統檔案路徑的揭露或資料庫欄位名稱。
*A7. 遭破壞的鑑別與連線管理(Broken Authentication and Session Management)：Web應用程式中自行撰寫的身分驗證相關功能有缺陷。
*A8. 不安全的密碼儲存器 (Insecure Cryptographic Storage)：Web應用程式沒有對敏感性資料使用加密、使用較弱的加密演算法或將金鑰儲存於容易被取得之處。
*A9. 不安全的通訊(Insecure Communication)：傳送敏感性資料時並未使用HTTPS或其他加密方式。
*A10. 疏於限制URL存取(Failure to Restrict URL Access)：某些網頁因為沒有權限控制，使得攻擊者可透過網址直接存取，案例包括允許直接修改Wiki或Blog網頁內容。

這次OWASP公布新版Top 10反映出目前的攻擊現況，以今年為例，Cross-Site Scripting(XSS)調整為10大攻擊之首，真實的反映出目前網路釣魚與詐欺的攻擊濫用XSS的情形，事實上，美國國防部的BSI計畫(Build-Security In,https://buildsecurityin.us-cert.gov/) 及Mitre研究機構的CVE資安脆弱性列表(http://cve.mitre.org/) 亦顯示1)Cross Site Scripting與2)SQL Injection已連續兩年列為全球頭號嚴重資安弱點.

===直接與程式碼安全品質有關===
*[必要*]A1. 跨網站的入侵字串(Cross Site Scripting)
*[必要*]A2. 注入缺失(Injection Flaw)
*[建議*]A3. 惡意檔案執行(Malicious File Execution)
*[建議*]A4. 不安全的物件參考(Insecure Direct Object Reference)
*[選擇*]A5. 跨網站的偽造要求 (Cross-Site Request Forgery)

<nowiki>*</nowiki>OWASP台灣分會強烈建議各單位在進行源碼檢測時，尤以政府機關(構)，應遵循政府資通安全作業規範(http://www.giscc.org.tw) 之「Web應用程式安全參考指引」，並將1與2列為必要檢測項目，3與4列為建議檢測項目，而5列為選擇檢測項目。

＊在實務案例上，檢測並修正1與2即可避免絕大多數的Web資安威脅。

===因上述漏洞間接造成或與Web伺服器及外部設定有關===
*Information Leakage and Improper Error Handling
*Broken Authentication and Session Management
*Insecure Cryptographic Storage
*Insecure Communications
*Failure to Restrict URL Access

== 會員列表 (Member List) ==
Coming up soon!

[http://www.owasp.org.tw http://www.owasp.org.tw/dot.png]

Taiwan

2008-09-30T19:04:07Z

Wayne huang:

[[Image:OWASP_TW_Banner.png]]

歡迎加入OWASP台灣分會！「網站安全的第一步，從加入OWASP台灣分會開始」。

台灣分會會長[mailto:wayne@owasp.org.tw 黃耀文先生（Wayne Huang）]暨分會工作同仁衷心肯定您的參與，不管您在何處，甚至您僅曾留下網路足跡於台灣，感謝您願意跟大家一起分享，讓我們用更多不同的角度來檢視Web安全的趨勢、威脅、問題與解決方案。

== 歡迎光臨 OWASP 台灣分會 ==

== 最新活動 ==
=== [[OWASP_AppSec_Asia_2007|第一屆OWASP官方亞洲年會(OWASP Asia 2007)]] ===
'''Security 3.0 in Web 2.0 Age — Practices and Challenges of Web 2.0 Security'''

[http://www.owasp.org/index.php/Taiwan_OWASP_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png]

Whitehat Security、美國運通(American Express)、阿碼科技(Armorize)、Qualys等跨國企業與資安公司的高階主管與首席研究員齊聚台灣，您知道他們如何看待Web 2.0時代之 Security 3.0嗎？對台灣與全球的含意是什麼？我政府、企業與一般使用者又該如何因應？從下面這些2007年的資安界大新聞，透露著怎樣的訊息？
* 5月11日起，Google開始監控遭駭網站，並貼上危險網站之標籤!
* 5月15日月OWASP公佈2007年最新的十大Web弱點，跨站腳本攻擊(XSS)登上榜首!
* 6月6日IBM購併Watchfire，HP隨即於6月19日購併SPI Dynamics!而僅存的Cenzic以滲透測試技術於6月18日獲得美國專利!
* Web 2.0的資安威脅？因應之道？Security 3.0？成功的實務案例？
[[Taiwan_OWASP_2007|第一屆OWASP官方亞洲年會]]將於9月27日(週四)下午1點於台大醫院國際會議中心201室(台北市中正區徐州路二號)'''舉辦，歡迎您來共襄盛舉，滿載而歸![[Taiwan_OWASP_2007|還有更多...]]

=== [http://hitcon.org 第三屆台灣駭客年會(HIT 2007)] ===

[http://hitcon.org 第三屆台灣駭客年會(HIT 2007)]已於2007年7月21日(週六)至22日(週日)在國立臺灣科技大學公館校區圓滿落幕，活動盛況空前，詳情請見 HIT 2007 官方網站:
[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org

== 歡迎您的參與 ==
加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士，
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講，
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。
若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁，
所有的活動討論與活動地點將透過這個清單來討論，
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。
最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== 有關OWASP (About OWASP) ==
OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利性組織，目前全球有82個分會近萬名會員，其主要目標是研議協助解決Web軟體安全之標準、工具與技術文件，長期致力於協助政府或企業瞭解並改善網頁應用程式與網頁服務的安全性。由於應用範圍日廣，網頁應用安全已經逐漸的受到重視，並漸漸成為在安全領域的一個熱門話題，在此同時，駭客們也悄悄的將焦點轉移到網頁應用程式開發時所會產生的弱點來進行攻擊與破壞。

美國聯邦貿易委員會(FTC)強烈建議所有企業需遵循OWASP所發佈的十大Web弱點防護守則、美國國防部亦列為最佳實務，國際信用卡資料安全技術PCI標準更將其列為必要元件。目前OWASP有30多個進行中的計畫，包括最知名的OWASP Top 10(十大Web弱點)、WebGoat(代罪羔羊)練習平台、安全PHP/Java/ASP.Net等計畫，針對不同的軟體安全問題在進行討論與研究。

當貴單位決定開放網頁服務時，就必須讓來自於全球的網頁請求進入單位內部的網頁伺服器。駭客可以藉由隱藏在合法的網頁請求內，通過防火牆、入侵偵測系統或其他防禦系統的偵測，堂而皇之的進入單位內部或藉由單位網站充當跳板與中繼站而向其他受害者發動攻擊。這意味著企業的網頁程式碼也必須成為機關(構)單位周邊的安全防護之一，當單位網頁服務的規模與複雜性增加時，單位暴露於外的風險也逐漸增加。

== OWASP 台灣分會 (OWASP Taiwan Chapter) ==
*網頁:http://www.owasp.org.tw
*電郵:info@owasp.org.tw
*群組:owasp-taiwan@lists.owasp.org
*住址:台北市115南港區三重路19-13號(南港軟體園區)E棟5樓554室

{{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto:wayne@owasp.org.tw Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}}

Chapter meetings are held several times a year, typically in the offices of our sponsor.

Please subscribe to the mailing list for meeting announcements.

Our chapter is sponsored by [http://www.armorize.com/?utm_source=OWASP%2BTW%2BMain&utm_medium=web Armorize Technologies].
感謝[http://www.armorize.com/?utm_source=OWASP%2BTW%2BMain&utm_medium=web 美商阿碼科技]提供會議茶水、食物與活動贊助!

== 免費加入OWASP台灣分會 ==



'''加入OWASP台灣分會不需任何費用'''
'''加入會員方法請見本頁下方''' '''[[#如何加入會員|如何加入會員]]'''

加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士， 
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講， 
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。

若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁， 
所有的活動討論與活動地點將透過這個清單來討論， 
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。

最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== OWASP台灣分會部落格 blog ==
需要一手資安情報，技術分析，市場資訊嗎？

歡迎常來 [http://www.owasp.org.tw/blog OWASP台灣分會部落格 blog]

[http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png]


== 如何加入會員 ==
歡迎免費加入OWASP Taiwan台灣分會！加入方式有三種，線上報名，email報名以及傳真報名：
工作同仁會持續通知所有會員有關OWASP最新活動資訊與座談會議程.

=== 線上報名 ===
請[http://www.owasp.org.tw/member/registration.php 按此填寫線上報名單]

=== Email報名 ===
請email：[mailto:info@owasp.org.tw info@owasp.org.tw]加入台灣分會,請註明下列資訊.
#姓名
#單位
#職稱
#電子郵件
#聯絡電話

=== 傳真報名 ===
請列印此報名表,填寫後傳真至(02)6616-1100即可.

[[Image:owasp_taiwan_opening.jpg|800px]]

== 近期消息 ==

*Web應用程式安全研討會:在2008年7月22日起，行政院研考會與資通安全會報技服中心舉辦之[http://www.icst.org.tw/content/application/icst2005/a1001001100110151/guest-cnt-browse.php?var=0,1001,111,100100110017,3353,plan&PHPSESSID=d4815b38629332871cf75bb829fd5546 政府機關軟體安全技術研討會]，透過Web 應用程式安全參考指引導入案例，瞭解Web應用程式可能弱點，提供各機關(構)委外管理參考。

*Web安全新聞:在2007年6月11日，iThome報導「[http://www.ithome.com.tw/itadm/article.php?c=43813 網站安全潰堤，不安全就沒顧客]」，深入追蹤Google搜尋引擎因應惡意網站之新措施，其搜尋結果會為有資安問題的網站貼上警告標籤，並阻止使用者直接瀏覽。

*OWASP台灣分會參展:在2007年4月16至18日，台北國際資安展(http://www.secutech.com/tw/is/index.asp) 隆重登場，OWASP台灣分會邀您蒞臨攤位A402與A404，即可獲得Web資安光碟一張，並親自動手體驗比滲透測試、弱點稽核等傳統資安檢測方式更為優異的自動源碼檢測技術。

*Web安全新聞:在2007年4月11日，iThome報導「[http://www.ithome.com.tw/itadm/article.php?c=42866 OWASP台灣分會成立會員免費招募中，盼助我國Web安全防護跟上國際趨勢]」。

*Web安全新聞:在2007年4月9日，蘋果日報報導台灣已有ESPN體育台等許多與民眾生活息息相關的二十七個官網，三月以來陸續遭駭客植入木馬後門，藉由軟體廠商尚無修補程式的「零時差攻擊」（Zero-Day Attack），無辜使用者只要連上網瀏覽，電腦就中獎，輕者帳號、密碼遭竊，身分被盜用；重者機敏資料外洩或財物損失。

*Web應用程式安全研討會:在2007年3月27至4月11日，行政院研考會與資通安全會報技服中心舉辦之[http://sid.iii.org.tw/96Q1_ISMS/ 政府資通安全防護巡迴研討會－資安發展趨勢及網路應用服務資訊安全]，歡迎政府機關(構)負責資通安全相關人員踴躍參加。NEW![https://www.owasp.org/images/b/b1/%E5%B7%A1%E8%BF%B4%E7%A0%94%E8%A8%8E%E6%9C%83%E8%AC%9B%E7%BE%A9_Web.pdf 研討會講義下載]

*Web安全新聞:在2007年3月21日，中國時報報導「上網最不安全國家，台灣高居第二」，由法務部調查局、刑事局等單位共同針對台灣網路安全進行觀察發現，台灣網路的資訊安全威脅，高居亞洲第二，僅次於中國。2007年初至今，平均每天都會發生5件駭客入侵事件。

*Web安全新聞:在2007年3月8日，東森新聞報導「台灣駭客攻擊事件四小龍之冠，90％銀行曾遭入侵」，然而許多企業都以沒有預算為由，不願意增加防護設備與人力，被駭客竄改入侵網頁，不瞭解背後嚴重的意義，網頁改回後，並沒有增加防護設備，甚至還有單一企業被駭連續高達82次。[http://www.ettoday.com/2007/03/08/339-2063921.htm 原新聞連結]

[[Image:Owasp taiwan first gathering.png]]

== 網站與Web服務的五大資安困境 ==
#IT人員不足
#缺乏資安領域專業知識
#功能性驗收為主
#缺乏自動化工具
#成本、效率導向專案模式不利確保專案品質

==最新2007年OWASP十大Web資安漏洞 (2007 OWASP Top 10)==
===十大Web資安漏洞列表===
*A1. 跨網站的入侵字串(Cross Site Scripting，簡稱XSS，亦稱為跨站腳本攻擊)：Web應用程式直接將來自使用者的執行請求送回瀏覽器執行，使得攻擊者可擷取使用者的Cookie或Session資料而能假冒直接登入為合法使用者。
*A2. 注入缺失(Injection Flaw)：Web應用程式執行來自外部包括資料庫在內的惡意指令，SQL Injection與Command Injection等攻擊包括在內。
*A3. 惡意檔案執行(Malicious File Execution)：Web應用程式引入來自外部的惡意檔案並執行檔案內容。
*A4. 不安全的物件參考(Insecure Direct Object Reference)：攻擊者利用Web應用程式本身的檔案讀取功能任意存取檔案或重要資料，案例包括http://example/read.php?file=../../../../../../../c:\boot.ini。
*A5. 跨網站的偽造要求 (Cross-Site Request Forgery，簡稱CSRF): 已登入Web應用程式的合法使用者執行到惡意的HTTP指令，但Web應用程式卻當成合法需求處理，使得惡意指令被正常執行，案例包括社交網站分享的 QuickTime、Flash影片中藏有惡意的HTTP請求。
*A6. 資訊揭露與不適當錯誤處置 (Information Leakage and Improper Error Handling)：Web應用程式的執行錯誤訊息包含敏感資料，案例包括:系統檔案路徑的揭露或資料庫欄位名稱。
*A7. 遭破壞的鑑別與連線管理(Broken Authentication and Session Management)：Web應用程式中自行撰寫的身分驗證相關功能有缺陷。
*A8. 不安全的密碼儲存器 (Insecure Cryptographic Storage)：Web應用程式沒有對敏感性資料使用加密、使用較弱的加密演算法或將金鑰儲存於容易被取得之處。
*A9. 不安全的通訊(Insecure Communication)：傳送敏感性資料時並未使用HTTPS或其他加密方式。
*A10. 疏於限制URL存取(Failure to Restrict URL Access)：某些網頁因為沒有權限控制，使得攻擊者可透過網址直接存取，案例包括允許直接修改Wiki或Blog網頁內容。

這次OWASP公布新版Top 10反映出目前的攻擊現況，以今年為例，Cross-Site Scripting(XSS)調整為10大攻擊之首，真實的反映出目前網路釣魚與詐欺的攻擊濫用XSS的情形，事實上，美國國防部的BSI計畫(Build-Security In,https://buildsecurityin.us-cert.gov/) 及Mitre研究機構的CVE資安脆弱性列表(http://cve.mitre.org/) 亦顯示1)Cross Site Scripting與2)SQL Injection已連續兩年列為全球頭號嚴重資安弱點.

===直接與程式碼安全品質有關===
*[必要*]A1. 跨網站的入侵字串(Cross Site Scripting)
*[必要*]A2. 注入缺失(Injection Flaw)
*[建議*]A3. 惡意檔案執行(Malicious File Execution)
*[建議*]A4. 不安全的物件參考(Insecure Direct Object Reference)
*[選擇*]A5. 跨網站的偽造要求 (Cross-Site Request Forgery)

<nowiki>*</nowiki>OWASP台灣分會強烈建議各單位在進行源碼檢測時，尤以政府機關(構)，應遵循政府資通安全作業規範(http://www.giscc.org.tw) 之「Web應用程式安全參考指引」，並將1與2列為必要檢測項目，3與4列為建議檢測項目，而5列為選擇檢測項目。

＊在實務案例上，檢測並修正1與2即可避免絕大多數的Web資安威脅。

===因上述漏洞間接造成或與Web伺服器及外部設定有關===
*Information Leakage and Improper Error Handling
*Broken Authentication and Session Management
*Insecure Cryptographic Storage
*Insecure Communications
*Failure to Restrict URL Access

== 會員列表 (Member List) ==
Coming up soon!

[http://www.owasp.org.tw http://www.owasp.org.tw/dot.png]

Taiwan

2008-09-30T18:42:19Z

Wayne huang:

[[Image:OWASP_TW_Banner.png]]

歡迎加入OWASP台灣分會！「網站安全的第一步，從加入OWASP台灣分會開始」。

台灣分會會長[mailto:wayne@owasp.org.tw 黃耀文先生（Wayne Huang）]暨分會工作同仁衷心肯定您的參與，不管您在何處，甚至您僅曾留下網路足跡於台灣，感謝您願意跟大家一起分享，讓我們用更多不同的角度來檢視Web安全的趨勢、威脅、問題與解決方案。

== 歡迎光臨 OWASP 台灣分會 ==

== 最新活動 ==
=== [[Taiwan_OWASP_2007|第一屆OWASP官方亞洲年會(OWASP Asia 2007)]] ===
'''Security 3.0 in Web 2.0 Age — Practices and Challenges of Web 2.0 Security'''

[http://www.owasp.org/index.php/Taiwan_OWASP_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png]

Whitehat Security、美國運通(American Express)、阿碼科技(Armorize)、Qualys等跨國企業與資安公司的高階主管與首席研究員齊聚台灣，您知道他們如何看待Web 2.0時代之 Security 3.0嗎？對台灣與全球的含意是什麼？我政府、企業與一般使用者又該如何因應？從下面這些2007年的資安界大新聞，透露著怎樣的訊息？
* 5月11日起，Google開始監控遭駭網站，並貼上危險網站之標籤!
* 5月15日月OWASP公佈2007年最新的十大Web弱點，跨站腳本攻擊(XSS)登上榜首!
* 6月6日IBM購併Watchfire，HP隨即於6月19日購併SPI Dynamics!而僅存的Cenzic以滲透測試技術於6月18日獲得美國專利!
* Web 2.0的資安威脅？因應之道？Security 3.0？成功的實務案例？
[[Taiwan_OWASP_2007|第一屆OWASP官方亞洲年會]]將於9月27日(週四)下午1點於台大醫院國際會議中心201室(台北市中正區徐州路二號)'''舉辦，歡迎您來共襄盛舉，滿載而歸![[Taiwan_OWASP_2007|還有更多...]]

=== [http://hitcon.org 第三屆台灣駭客年會(HIT 2007)] ===

[http://hitcon.org 第三屆台灣駭客年會(HIT 2007)]已於2007年7月21日(週六)至22日(週日)在國立臺灣科技大學公館校區圓滿落幕，活動盛況空前，詳情請見 HIT 2007 官方網站:
[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org

== 歡迎您的參與 ==
加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士，
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講，
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。
若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁，
所有的活動討論與活動地點將透過這個清單來討論，
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。
最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== 有關OWASP (About OWASP) ==
OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利性組織，目前全球有82個分會近萬名會員，其主要目標是研議協助解決Web軟體安全之標準、工具與技術文件，長期致力於協助政府或企業瞭解並改善網頁應用程式與網頁服務的安全性。由於應用範圍日廣，網頁應用安全已經逐漸的受到重視，並漸漸成為在安全領域的一個熱門話題，在此同時，駭客們也悄悄的將焦點轉移到網頁應用程式開發時所會產生的弱點來進行攻擊與破壞。

美國聯邦貿易委員會(FTC)強烈建議所有企業需遵循OWASP所發佈的十大Web弱點防護守則、美國國防部亦列為最佳實務，國際信用卡資料安全技術PCI標準更將其列為必要元件。目前OWASP有30多個進行中的計畫，包括最知名的OWASP Top 10(十大Web弱點)、WebGoat(代罪羔羊)練習平台、安全PHP/Java/ASP.Net等計畫，針對不同的軟體安全問題在進行討論與研究。

當貴單位決定開放網頁服務時，就必須讓來自於全球的網頁請求進入單位內部的網頁伺服器。駭客可以藉由隱藏在合法的網頁請求內，通過防火牆、入侵偵測系統或其他防禦系統的偵測，堂而皇之的進入單位內部或藉由單位網站充當跳板與中繼站而向其他受害者發動攻擊。這意味著企業的網頁程式碼也必須成為機關(構)單位周邊的安全防護之一，當單位網頁服務的規模與複雜性增加時，單位暴露於外的風險也逐漸增加。

== OWASP 台灣分會 (OWASP Taiwan Chapter) ==
*網頁:http://www.owasp.org.tw
*電郵:info@owasp.org.tw
*群組:owasp-taiwan@lists.owasp.org
*住址:台北市115南港區三重路19-13號(南港軟體園區)E棟5樓554室

{{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto:wayne@owasp.org.tw Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}}

Chapter meetings are held several times a year, typically in the offices of our sponsor.

Please subscribe to the mailing list for meeting announcements.

Our chapter is sponsored by [http://www.armorize.com/?utm_source=OWASP%2BTW%2BMain&utm_medium=web Armorize Technologies].
感謝[http://www.armorize.com/?utm_source=OWASP%2BTW%2BMain&utm_medium=web 美商阿碼科技]提供會議茶水、食物與活動贊助!

== 免費加入OWASP台灣分會 ==



'''加入OWASP台灣分會不需任何費用'''
'''加入會員方法請見本頁下方''' '''[[#如何加入會員|如何加入會員]]'''

加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士， 
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講， 
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。

若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁， 
所有的活動討論與活動地點將透過這個清單來討論， 
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。

最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== OWASP台灣分會部落格 blog ==
需要一手資安情報，技術分析，市場資訊嗎？

歡迎常來 [http://www.owasp.org.tw/blog OWASP台灣分會部落格 blog]

[http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png]


== 如何加入會員 ==
歡迎免費加入OWASP Taiwan台灣分會！加入方式有三種，線上報名，email報名以及傳真報名：
工作同仁會持續通知所有會員有關OWASP最新活動資訊與座談會議程.

=== 線上報名 ===
請[http://www.owasp.org.tw/member/registration.php 按此填寫線上報名單]

=== Email報名 ===
請email：[mailto:info@owasp.org.tw info@owasp.org.tw]加入台灣分會,請註明下列資訊.
#姓名
#單位
#職稱
#電子郵件
#聯絡電話

=== 傳真報名 ===
請列印此報名表,填寫後傳真至(02)6616-1100即可.

[[Image:owasp_taiwan_opening.jpg|800px]]

== 近期消息 ==

*Web應用程式安全研討會:在2008年7月22日起，行政院研考會與資通安全會報技服中心舉辦之[http://www.icst.org.tw/content/application/icst2005/a1001001100110151/guest-cnt-browse.php?var=0,1001,111,100100110017,3353,plan&PHPSESSID=d4815b38629332871cf75bb829fd5546 政府機關軟體安全技術研討會]，透過Web 應用程式安全參考指引導入案例，瞭解Web應用程式可能弱點，提供各機關(構)委外管理參考。

*Web安全新聞:在2007年6月11日，iThome報導「[http://www.ithome.com.tw/itadm/article.php?c=43813 網站安全潰堤，不安全就沒顧客]」，深入追蹤Google搜尋引擎因應惡意網站之新措施，其搜尋結果會為有資安問題的網站貼上警告標籤，並阻止使用者直接瀏覽。

*OWASP台灣分會參展:在2007年4月16至18日，台北國際資安展(http://www.secutech.com/tw/is/index.asp) 隆重登場，OWASP台灣分會邀您蒞臨攤位A402與A404，即可獲得Web資安光碟一張，並親自動手體驗比滲透測試、弱點稽核等傳統資安檢測方式更為優異的自動源碼檢測技術。

*Web安全新聞:在2007年4月11日，iThome報導「[http://www.ithome.com.tw/itadm/article.php?c=42866 OWASP台灣分會成立會員免費招募中，盼助我國Web安全防護跟上國際趨勢]」。

*Web安全新聞:在2007年4月9日，蘋果日報報導台灣已有ESPN體育台等許多與民眾生活息息相關的二十七個官網，三月以來陸續遭駭客植入木馬後門，藉由軟體廠商尚無修補程式的「零時差攻擊」（Zero-Day Attack），無辜使用者只要連上網瀏覽，電腦就中獎，輕者帳號、密碼遭竊，身分被盜用；重者機敏資料外洩或財物損失。

*Web應用程式安全研討會:在2007年3月27至4月11日，行政院研考會與資通安全會報技服中心舉辦之[http://sid.iii.org.tw/96Q1_ISMS/ 政府資通安全防護巡迴研討會－資安發展趨勢及網路應用服務資訊安全]，歡迎政府機關(構)負責資通安全相關人員踴躍參加。NEW![https://www.owasp.org/images/b/b1/%E5%B7%A1%E8%BF%B4%E7%A0%94%E8%A8%8E%E6%9C%83%E8%AC%9B%E7%BE%A9_Web.pdf 研討會講義下載]

*Web安全新聞:在2007年3月21日，中國時報報導「上網最不安全國家，台灣高居第二」，由法務部調查局、刑事局等單位共同針對台灣網路安全進行觀察發現，台灣網路的資訊安全威脅，高居亞洲第二，僅次於中國。2007年初至今，平均每天都會發生5件駭客入侵事件。

*Web安全新聞:在2007年3月8日，東森新聞報導「台灣駭客攻擊事件四小龍之冠，90％銀行曾遭入侵」，然而許多企業都以沒有預算為由，不願意增加防護設備與人力，被駭客竄改入侵網頁，不瞭解背後嚴重的意義，網頁改回後，並沒有增加防護設備，甚至還有單一企業被駭連續高達82次。[http://www.ettoday.com/2007/03/08/339-2063921.htm 原新聞連結]

[[Image:Owasp taiwan first gathering.png]]

== 網站與Web服務的五大資安困境 ==
#IT人員不足
#缺乏資安領域專業知識
#功能性驗收為主
#缺乏自動化工具
#成本、效率導向專案模式不利確保專案品質

==最新2007年OWASP十大Web資安漏洞 (2007 OWASP Top 10)==
===十大Web資安漏洞列表===
*A1. 跨網站的入侵字串(Cross Site Scripting，簡稱XSS，亦稱為跨站腳本攻擊)：Web應用程式直接將來自使用者的執行請求送回瀏覽器執行，使得攻擊者可擷取使用者的Cookie或Session資料而能假冒直接登入為合法使用者。
*A2. 注入缺失(Injection Flaw)：Web應用程式執行來自外部包括資料庫在內的惡意指令，SQL Injection與Command Injection等攻擊包括在內。
*A3. 惡意檔案執行(Malicious File Execution)：Web應用程式引入來自外部的惡意檔案並執行檔案內容。
*A4. 不安全的物件參考(Insecure Direct Object Reference)：攻擊者利用Web應用程式本身的檔案讀取功能任意存取檔案或重要資料，案例包括http://example/read.php?file=../../../../../../../c:\boot.ini。
*A5. 跨網站的偽造要求 (Cross-Site Request Forgery，簡稱CSRF): 已登入Web應用程式的合法使用者執行到惡意的HTTP指令，但Web應用程式卻當成合法需求處理，使得惡意指令被正常執行，案例包括社交網站分享的 QuickTime、Flash影片中藏有惡意的HTTP請求。
*A6. 資訊揭露與不適當錯誤處置 (Information Leakage and Improper Error Handling)：Web應用程式的執行錯誤訊息包含敏感資料，案例包括:系統檔案路徑的揭露或資料庫欄位名稱。
*A7. 遭破壞的鑑別與連線管理(Broken Authentication and Session Management)：Web應用程式中自行撰寫的身分驗證相關功能有缺陷。
*A8. 不安全的密碼儲存器 (Insecure Cryptographic Storage)：Web應用程式沒有對敏感性資料使用加密、使用較弱的加密演算法或將金鑰儲存於容易被取得之處。
*A9. 不安全的通訊(Insecure Communication)：傳送敏感性資料時並未使用HTTPS或其他加密方式。
*A10. 疏於限制URL存取(Failure to Restrict URL Access)：某些網頁因為沒有權限控制，使得攻擊者可透過網址直接存取，案例包括允許直接修改Wiki或Blog網頁內容。

這次OWASP公布新版Top 10反映出目前的攻擊現況，以今年為例，Cross-Site Scripting(XSS)調整為10大攻擊之首，真實的反映出目前網路釣魚與詐欺的攻擊濫用XSS的情形，事實上，美國國防部的BSI計畫(Build-Security In,https://buildsecurityin.us-cert.gov/) 及Mitre研究機構的CVE資安脆弱性列表(http://cve.mitre.org/) 亦顯示1)Cross Site Scripting與2)SQL Injection已連續兩年列為全球頭號嚴重資安弱點.

===直接與程式碼安全品質有關===
*[必要*]A1. 跨網站的入侵字串(Cross Site Scripting)
*[必要*]A2. 注入缺失(Injection Flaw)
*[建議*]A3. 惡意檔案執行(Malicious File Execution)
*[建議*]A4. 不安全的物件參考(Insecure Direct Object Reference)
*[選擇*]A5. 跨網站的偽造要求 (Cross-Site Request Forgery)

<nowiki>*</nowiki>OWASP台灣分會強烈建議各單位在進行源碼檢測時，尤以政府機關(構)，應遵循政府資通安全作業規範(http://www.giscc.org.tw) 之「Web應用程式安全參考指引」，並將1與2列為必要檢測項目，3與4列為建議檢測項目，而5列為選擇檢測項目。

＊在實務案例上，檢測並修正1與2即可避免絕大多數的Web資安威脅。

===因上述漏洞間接造成或與Web伺服器及外部設定有關===
*Information Leakage and Improper Error Handling
*Broken Authentication and Session Management
*Insecure Cryptographic Storage
*Insecure Communications
*Failure to Restrict URL Access

== 會員列表 (Member List) ==
Coming up soon!

[http://www.owasp.org.tw http://www.owasp.org.tw/dot.png]

OWASP Asia 2007

2007-06-30T00:38:13Z

Wayne huang: /* Yen-Ming Chen (McAfee資安諮詢部門主任、前Foundstone首席資安顧問) */

== 第一屆OWASP台灣分會高峰會議 (OWASP-TW 2007) （完全免費）==
'''Security 3.0 in Web 2.0 Age — Practices and Challenges of Web 2.0 Security'''

[[Image:owasp_taiwan_2007.jpg|800px]]

OWASP將於台灣召開第一屆的台灣分會高峰會議，將邀請國內外重量級專家齊聚一堂與會員分享與交流最新資安趨勢與實務案例。

「Web 2.0時代之Security 3.0 — 從實務經驗看Web資安防護之挑戰

* 2007年5月11日，Google開始監控遭駭網站，並貼上危險網站之標籤，政府及企業該如何應對？
* 2007年5月15日，OWASP公佈2007年最新的十大Web弱點，跨站腳本攻擊(XSS)登上榜首，對台灣及全球的含意為何？
* 2007年6月6日，IBM購併Watchfire，HP隨即於6月19日購併SPI Dynamics？為何在短短一個月內，重量級資訊巨人跨足資安產業？而僅存的Cenzic以滲透測試技術於6月18日甫獲美國專利，又將對產業有何影響？
* Web 2.0面臨哪些新的資安威脅？其因應之道是什麼？什麼是Security 3.0？又有哪些成功的實務案例？
<hr>
第一屆OWASP台灣分會高峰會議暨會員大會將於2007年7月20日（週五）下午1點至5點舉行，會議地點定於國立臺灣科技大學公館校區-國際廳，將由國內外知名專家一同與您探討，目前規劃演講者包含任職於國內外產、官、學的資安專家，詳細內容如下。

'''OWASP為國際非營利組織，參加此次活動係完全免費，會場寬敞明亮，備有舒適席次。'''

'''然由於場地限制，席次僅提供前200名來信報名者，還請包涵。'''

'''請各位欲參加之會員朋友，務必儘速來信報名參加。報名方式請見頁尾。'''

===OWASP台灣分會會長致詞===
====黃耀文(Wayne Huang) ([http://www.armorize.com/?utm_source=HIT&utm_medium=web 阿碼科技]創辦人兼執行長)====
[[Image:owasp_taiwan_wayne.jpg|100px]]

'''簡介''': Wayne Huang is first author of two award-winning security papers in the International WWW Conference (2003, 2004) and the co-author of "Computer Security in the 21st Century". Wayne is the founder and CEO of [http://www.armorize.com/?utm_source=HIT&utm_medium=web Armorize Technologies]. He received the Microsoft Research Fellowship in 2005. He is a Ph.D. candidate at EE, National Taiwan University. He was the first author of many well-cited papers on web application security.
<hr>

===第一場時段講者(1:00pm-3:30pm)===
====Yen-Ming Chen (McAfee資安諮詢部門主任、Foundstone首席資安顧問)====
[[Image:owasp_taiwan_yenming.jpg|100px]]

'''題目''': '''''Trends in Web Application Security'''''

'''國際演說''':PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI, CERT, and ICST

'''暢銷書籍''':四本暢銷資安書籍之作者包括

[[Image:owasp_taiwan_yenming1.jpg|100px]][[Image:owasp_taiwan_yenming2.jpg|100px]][[Image:owasp_taiwan_yenming3.jpg|100px]][[Image:owasp_taiwan_yenming4.jpg|100px]]

'''講者簡介''': Yen-Ming leads Foundstone consultants to provide strategic security consulting services to the clients. His duties include managing all consulting and training activities, ranging from sales support to project execution. Yen-Ming joined Foundstone as a consultant in 2000. Yen-Ming brings extensive knowledge in both business and technology to his clients. He focuses primarily on generic security assessment. In client engagements, Yen-Ming helps clients align their security strategies with their business goals. He served as a Lead Instructor for Foundstone’s Ultimate Hacking, Ultimate Hacking Expert, Ultimate Web Hacking and Ultimate Hacking: Incident Response classes. Yen-Ming is a published author and sought-after speaker in both North America and the Pacific Rim. His articles have been published by SecurityFocus, SysAdmin, UnixReview, DevX, PCWeek, CNET Taiwan, ITHome, and other technology magazines in both North America and Asia Pacific. Yen-Ming has been interviewed by BBC and other media across the globe, and he has been a featured presenter at conferences, including PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI, APAC Regional Conference on Electronic Safety and Soundness for Financial Services, Hong Kong CERT, and ICST conferences. Yen-Ming has contributed to several books, including: Hacking Exposed, 3rd ed., Hacking Exposed for Web Applications, Windows XP Professional Security, and HackNotes: Web Application Security.
<hr>

==== Mike Shema (Qualys首席資安研究員)====
[[Image:owasp_taiwan_mike.jpg|100px]]

'''題目''': '''''Managing Web Application Security with Automated Tools'''''

'''國際演說''':BlackHat 2004, RSA 2005, IT Underground 2006, and SACIS 2007. Training at BlackHat conferences in the U.S. and Europe

'''暢銷書籍''':九本資安暢銷書籍之作者包括

[[Image:owasp_taiwan_mike1.jpg|100px]][[Image:owasp_taiwan_mike2.jpg|100px]][[Image:owasp_taiwan_mike3.jpg|100px]][[Image:owasp_taiwan_mike4.jpg|100px]][[Image:owasp_taiwan_mike5.jpg|100px]][[Image:owasp_taiwan_mike6.jpg|100px]][[Image:owasp_taiwan_mike7.png|100px]][[Image:owasp_taiwan_mike8.jpg|100px]][[Image:owasp_taiwan_mike9.jpg|100px]]

'''講者簡介''': Mr. Shema is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit, and the author of Hack Notes: Web Application Security. Mr. Shema worked for several years as a consultant and trainer at Foundstone where he conducted information security assessments across a variety of technologies and industries. He also worked at NT Objectives to develop assessment and mitigation strategies for all aspects of web application security. While his security background ranges across network penetration testing, wireless auditing, code review, and training, Mr. Shema primarily focuses on web application security. Mr. Shema is currently employed by Qualys, developing tools that automate the web application audit process.
<hr>

==== 何全德處長 (行政院研考會資訊處) ====
[[Image:owasp_taiwan_ho.gif|100px]]

'''題目''': '''''Security in Taiwan'''''

'''講者簡介''': 更新中...
<hr>

====吳怡芳主任 (中華電信資安專案辦公室)====
'''題目''': '''''From Internet Service Provider to Internet Security Provider'''''

'''講者簡介''': 更新中...
<hr>

===第二場時段講者(3:30pm-5:00pm)===
====Wayne Huang (OWASP台灣分會會長、[http://www.armorize.com/?utm_source=HIT&utm_medium=web 阿碼科技]創辦人兼執行長)====
[[Image:owasp_taiwan_wayne.jpg|100px]]

'''題目''': '''''Security 3.0 in Web 2.0 Age—Practices and Challenges of Web 2.0 Security'''''

'''國際演說''':RSA 2007, HITCon 2007, Zend PHP 2006, HITCon 2006, WWW 2004 and WWW 2003

'''暢銷書籍''':

[[Image:owasp_taiwan_wayne1.jpg|100px]]

'''簡介''': Wayne Huang is first author of two award-winning security papers in the International WWW Conference (2003, 2004) and the co-author of "Computer Security in the 21st Century". Wayne is the founder and CEO of [http://www.armorize.com/?utm_source=HIT&utm_medium=web Armorize Technologies]. He received the Microsoft Research Fellowship in 2005. He is a Ph.D. candidate at EE, National Taiwan University. He was the first author of many well-cited papers on web application security.
<hr>
====Ricardo Jenez (Google軟體工程部門主任)====
'''題目''': '''''Google's Approach to Secure Software Development Lifecycle'''''

'''講者簡介''': Mr. Jenez brings over 14 years of industry experience to eTime Capital , leveraging the latest technology to create highly effective business solutions for industry leaders. He also focuses on developing eTime Capital's strategic technology partnerships. Mr. Jenez was most recently at Netscape Communications as the Senior Development Manager responsible for the creation of a variety of e-commerce applications. Mr. Jenez was part of the core team that defined and implemented the architecture on which Netscape's B-to-B e-commerce applications - SellerXpert and BuyerXpert - were built. Prior to Netscape , Mr. Jenez held positions at General Magic , Tenfold , and Oracle Corporation. He also was the cofounder of Portacom Technologies , which manufactured some of the first Windows Accelerator graphics cards. His Eclipse II product was the recipient of the PC Magazine's Editor's Choice Award and ranked Number 74 on PC Computing's Top 200 PC Products of 1992". Prior to working at Oracle , Mr. Jenez was on the technical research staff of the MIT Laboratory for Computer Science , working on both hardware and software systems for multiprocessor computers. Mr. Jenez has two Bachelor of Science degrees from MIT , one in Computer Science and the other in Electrical Engineering.
<hr>

====李德財院士 (TWISC總召集人、中研院資訊所所長、IEEE Fellow、ACM Fellow)====
[[Image:owasp_taiwan_dtlee.jpg|100px]]

'''題目''': '''''Taiwan Information Security'''''

'''講者簡介''': Dr. Lee received his B.S. degree in Electrical Engineering from the National Taiwan University in 1971, and the M.S. and Ph. D. degrees in Computer Science from the University of Illinois at Urbana-Champaign in 1976 and 1978 respectively. Dr. Lee has been with the Institute of Information Science, Academia Sinica, Taiwan, where he is Director and a Distinguished Research Fellow since July 1, 1998. Prior to joining the Institute, he was a Professor of the Department of Electrical Engineering and Computer Science, Northwestern University, where he has worked since 1978. Dr. Lee also serves as Director of the Taiwan Information Security Center (TWISC), Acting Director of the Center for Information Technology Innovation, Academia Sinica, and also the Chief Executive Officer of the National Digital Archives Program, both sponsored by the National Science Council, Taiwan.
<hr>

====Jim Roskind (AOL副總裁暨技術長、前Netscape/Netcenter資安架構師、Java安全架構師)====
'''題目''': '''''How We Secured AOL's Web Infrastructure'''''

'''講者簡介''': 曾任Netscape副總裁暨首席科學家、創辦Infoseek...During 8 years at Netscape/AOL/TW, Dr. Jim Roskind had titles including VP/CTO of System Infrastructure for America Online, VP/Chief Scientist Netscape, Netscape/Netcenter Security Architect, and Netscape's Java Security Architect. Jim's time as the Java Security Architect in Netscape's Client Product Division, placed him in the near the epicenter of almost all security related problems that appeared in the browser. In addition to tasks involved with technically reconciling issues, he was also a common liaison with contributors that reported security issues (both real and imagined). His notable technical accomplishments at Netscape included the architecture and deployment of signed Java. Before joining Netscape in 1995, Jim was a co-founder of Infoseek Corporation, and later Chief Scientist. Dr. Roskind holds an SB Electrical Engineering, SB Computer Science, SM EECS (1980), and PhD EECS (1983), all from Massachusetts Institute of Technology. His current research and development focus is on his daughter Brianna and son Dylan, all studied in collaboration with his wife Melinda.
<hr>
'''OWASP為國際非營利組織，參加此次活動係完全免費，會場寬敞明亮，備有舒適席次(200名)。'''

'''然由於場地大小限制，席次僅提供來信報名者，同時請報名者於活動當天提早前往入席，還請包涵。'''

'''請各位欲參加之會員朋友，務必儘速來信報名參加。'''

===來信報名===
請email至[mailto:info@owasp.org.tw?subject=OWASP_Taiwan_Registration info@owasp.org.tw]，並註明下列資訊。
#中文姓名:
#英文姓名:
#單位:
#職稱:
#電子郵件:
#聯絡電話:
#免費加入OWASP台灣分會:(空白為願意加入，若不欲加入請填否)

'''鑑於報名人數踴躍，提醒各位務必準時報到以提早入席，目前大會仍並不強制安排座位，從12:30pm開始接受報到。'''

'''各位報名後，我們將統一於6/29(第一階段)與7/6(第二階段)發送email告知報名成功與報到序號。'''

===會場位置===
台灣科技大學國際會議廳，交通資訊請參考:[http://www.ntust.edu.tw/front/bin/ptlist.phtml?Category=16 http://www.ntust.edu.tw/front/bin/ptlist.phtml?Category=16]。

[[Image:owasp_taiwan_2007venue0.gif]]

[[Image:owasp_taiwan_2007venue2.jpg|800px]]

[[Image:owasp_taiwan_2007venue1.jpg|800px]]

== [http://hitcon.org 第三屆台灣駭客年會(HIT 2007)] ==

今年七月，除了第一屆OWASP台灣分會高峰會議外，[http://hitcon.org 第三屆台灣駭客年會(HIT 2007)]將緊接在OWASP高峰會議後的週末，
也就是2007年7月21日(週六)至22日(週日)舉行，會議地點定於國立臺灣科技大學公館校區-國際廳，歡迎各界人士踴躍報名參加。

詳情可上 HIT 2007 網站查詢:
[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org

== 有關OWASP (About OWASP) ==
OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利性組織，目前全球有82個分會近萬名會員，其主要目標是研議協助解決Web軟體安全之標準、工具與技術文件，長期致力於協助政府或企業瞭解並改善網頁應用程式與網頁服務的安全性。由於應用範圍日廣，網頁應用安全已經逐漸的受到重視，並漸漸成為在安全領域的一個熱門話題，在此同時，駭客們也悄悄的將焦點轉移到網頁應用程式開發時所會產生的弱點來進行攻擊與破壞。

== OWASP 台灣分會 (OWASP Taiwan Chapter) ==
*[http://www.owasp.org.tw/?utm_source=HIT&utm_medium=web OWASP台灣分會網頁(http://www.owasp.org.tw)]
*電郵:info@owasp.org.tw
*群組:owasp-taiwan@lists.owasp.org
*住址:台北市115南港區三重路19-13號(南港軟體園區)E棟5樓554室

OWASP Asia 2007

2007-06-27T04:54:33Z

Wayne huang: /* Ben Livshits (MSR微軟研究中心研究員、史丹佛大學博士候選人) */

== 第一屆OWASP台灣分會高峰會議 (OWASP-TW 2007) （完全免費）==
'''Security 3.0 in Web 2.0 Age — Practices and Challenges of Web 2.0 Security'''

[[Image:owasp_taiwan_2007.jpg|800px]]

OWASP將於台灣召開第一屆的台灣分會高峰會議，將邀請國內外重量級專家齊聚一堂與會員分享與交流最新資安趨勢與實務案例。

「Web 2.0時代之Security 3.0 — 從實務經驗看Web資安防護之挑戰

* 2007年5月11日，Google開始監控遭駭網站，並貼上危險網站之標籤，政府及企業該如何應對？
* 2007年5月15日，OWASP公佈2007年最新的十大Web弱點，跨站腳本攻擊(XSS)登上榜首，對台灣及全球的含意為何？
* 2007年6月6日，IBM購併Watchfire，HP隨即於6月19日購併SPI Dynamics？為何在短短一個月內，重量級資訊巨人跨足資安產業？而僅存的Cenzic以滲透測試技術於6月18日甫獲美國專利，又將對產業有何影響？
* Web 2.0面臨哪些新的資安威脅？其因應之道是什麼？什麼是Security 3.0？又有哪些成功的實務案例？
<hr>
第一屆OWASP台灣分會高峰會議暨會員大會將於2007年7月20日（週五）下午1點至5點舉行，會議地點定於國立臺灣科技大學公館校區-國際廳，將由國內外知名專家一同與您探討，目前規劃演講者包含任職於國內外產、官、學的資安專家，詳細內容如下。

'''OWASP為國際非營利組織，參加此次活動係完全免費，會場寬敞明亮，備有舒適席次。'''

'''然由於場地限制，席次僅提供前200名來信報名者，還請包涵。'''

'''請各位欲參加之會員朋友，務必儘速來信報名參加。報名方式請見頁尾。'''

===第一場時段講者(1:00pm-3:30pm)===
====Yen-Ming Chen (McAfee資安諮詢部門主任、前Foundstone首席資安顧問)====
[[Image:owasp_taiwan_yenming.jpg|100px]]

'''題目''': '''''Trends in Web Application Security'''''

'''國際演說''':PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI, CERT, and ICST

'''暢銷書籍''':四本暢銷資安書籍之作者包括

[[Image:owasp_taiwan_yenming1.jpg|100px]][[Image:owasp_taiwan_yenming2.jpg|100px]][[Image:owasp_taiwan_yenming3.jpg|100px]][[Image:owasp_taiwan_yenming4.jpg|100px]]

'''講者簡介''': Yen-Ming leads Foundstone consultants to provide strategic security consulting services to the clients. His duties include managing all consulting and training activities, ranging from sales support to project execution. Yen-Ming joined Foundstone as a consultant in 2000. Yen-Ming brings extensive knowledge in both business and technology to his clients. He focuses primarily on generic security assessment. In client engagements, Yen-Ming helps clients align their security strategies with their business goals. He served as a Lead Instructor for Foundstone’s Ultimate Hacking, Ultimate Hacking Expert, Ultimate Web Hacking and Ultimate Hacking: Incident Response classes. Yen-Ming is a published author and sought-after speaker in both North America and the Pacific Rim. His articles have been published by SecurityFocus, SysAdmin, UnixReview, DevX, PCWeek, CNET Taiwan, ITHome, and other technology magazines in both North America and Asia Pacific. Yen-Ming has been interviewed by BBC and other media across the globe, and he has been a featured presenter at conferences, including PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI, APAC Regional Conference on Electronic Safety and Soundness for Financial Services, Hong Kong CERT, and ICST conferences. Yen-Ming has contributed to several books, including: Hacking Exposed, 3rd ed., Hacking Exposed for Web Applications, Windows XP Professional Security, and HackNotes: Web Application Security.
<hr>

==== Mike Shema (Qualys首席資安研究員)====
[[Image:owasp_taiwan_mike.jpg|100px]]

'''題目''': '''''Managing Web Application Security with Automated Tools'''''

'''國際演說''':BlackHat 2004, RSA 2005, IT Underground 2006, and SACIS 2007. Training at BlackHat conferences in the U.S. and Europe

'''暢銷書籍''':九本資安暢銷書籍之作者包括

[[Image:owasp_taiwan_mike1.jpg|100px]][[Image:owasp_taiwan_mike2.jpg|100px]][[Image:owasp_taiwan_mike3.jpg|100px]][[Image:owasp_taiwan_mike4.jpg|100px]][[Image:owasp_taiwan_mike5.jpg|100px]][[Image:owasp_taiwan_mike6.jpg|100px]][[Image:owasp_taiwan_mike7.png|100px]][[Image:owasp_taiwan_mike8.jpg|100px]][[Image:owasp_taiwan_mike9.jpg|100px]]

'''講者簡介''': Mr. Shema is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit, and the author of Hack Notes: Web Application Security. Mr. Shema worked for several years as a consultant and trainer at Foundstone where he conducted information security assessments across a variety of technologies and industries. He also worked at NT Objectives to develop assessment and mitigation strategies for all aspects of web application security. While his security background ranges across network penetration testing, wireless auditing, code review, and training, Mr. Shema primarily focuses on web application security. Mr. Shema is currently employed by Qualys, developing tools that automate the web application audit process.
<hr>

==== 何全德處長 (行政院研考會資訊處) ====
[[Image:owasp_taiwan_ho.gif|100px]]

'''題目''': '''''Security in Taiwan'''''

'''講者簡介''': 更新中...
<hr>

====吳怡芳主任 (中華電信資安專案辦公室)====
'''題目''': '''''From Internet Service Provider to Internet Security Provider'''''

'''講者簡介''': 更新中...
<hr>

===第二場時段講者(3:30pm-5:00pm)===
====Wayne Huang (OWASP台灣分會會長、[http://www.armorize.com/?utm_source=HIT&utm_medium=web 阿碼科技]創辦人兼執行長)====
[[Image:owasp_taiwan_wayne.jpg|100px]]

'''題目''': '''''Security 3.0 in Web 2.0 Age—Practices and Challenges of Web 2.0 Security'''''

'''國際演說''':RSA 2007, HITCon 2007, Zend PHP 2006, HITCon 2006, WWW 2004 and WWW 2003

'''暢銷書籍''':

[[Image:owasp_taiwan_wayne1.jpg|100px]]

'''簡介''': Wayne Huang is first author of two award-winning security papers in the International WWW Conference (2003, 2004) and the co-author of "Computer Security in the 21st Century". Wayne is the founder and CEO of [http://www.armorize.com/?utm_source=HIT&utm_medium=web Armorize Technologies]. He received the Microsoft Research Fellowship in 2005. He is a Ph.D. candidate at EE, National Taiwan University. He was the first author of many well-cited papers on web application security.
<hr>
====Ricardo Jenez (Google軟體工程部門主任)====
'''題目''': '''''Google's Approach to Secure Software Development Lifecycle'''''

'''講者簡介''': Mr. Jenez brings over 14 years of industry experience to eTime Capital , leveraging the latest technology to create highly effective business solutions for industry leaders. He also focuses on developing eTime Capital's strategic technology partnerships. Mr. Jenez was most recently at Netscape Communications as the Senior Development Manager responsible for the creation of a variety of e-commerce applications. Mr. Jenez was part of the core team that defined and implemented the architecture on which Netscape's B-to-B e-commerce applications - SellerXpert and BuyerXpert - were built. Prior to Netscape , Mr. Jenez held positions at General Magic , Tenfold , and Oracle Corporation. He also was the cofounder of Portacom Technologies , which manufactured some of the first Windows Accelerator graphics cards. His Eclipse II product was the recipient of the PC Magazine's Editor's Choice Award and ranked Number 74 on PC Computing's Top 200 PC Products of 1992". Prior to working at Oracle , Mr. Jenez was on the technical research staff of the MIT Laboratory for Computer Science , working on both hardware and software systems for multiprocessor computers. Mr. Jenez has two Bachelor of Science degrees from MIT , one in Computer Science and the other in Electrical Engineering.
<hr>

====李德財院士 (TWISC總召集人、中研院資訊所所長、IEEE Fellow、ACM Fellow)====
[[Image:owasp_taiwan_dtlee.jpg|100px]]

'''題目''': '''''Taiwan Information Security'''''

'''講者簡介''': Dr. Lee received his B.S. degree in Electrical Engineering from the National Taiwan University in 1971, and the M.S. and Ph. D. degrees in Computer Science from the University of Illinois at Urbana-Champaign in 1976 and 1978 respectively. Dr. Lee has been with the Institute of Information Science, Academia Sinica, Taiwan, where he is Director and a Distinguished Research Fellow since July 1, 1998. Prior to joining the Institute, he was a Professor of the Department of Electrical Engineering and Computer Science, Northwestern University, where he has worked since 1978. Dr. Lee also serves as Director of the Taiwan Information Security Center (TWISC), Acting Director of the Center for Information Technology Innovation, Academia Sinica, and also the Chief Executive Officer of the National Digital Archives Program, both sponsored by the National Science Council, Taiwan.
<hr>

====Jim Roskind (AOL副總裁暨技術長、前Netscape副總裁暨首席科學家、創辦Infoseek)====
'''題目''': '''''How We Secured AOL's Web Infrastructure'''''

'''講者簡介''': During 8 years at Netscape/AOL/TW, Dr. Jim Roskind had titles including VP/CTO of System Infrastructure for America Online, VP/Chief Scientist Netscape, Netscape/Netcenter Security Architect, and Netscape's Java Security Architect. Jim's time as the Java Security Architect in Netscape's Client Product Division, placed him in the near the epicenter of almost all security related problems that appeared in the browser. In addition to tasks involved with technically reconciling issues, he was also a common liaison with contributors that reported security issues (both real and imagined). His notable technical accomplishments at Netscape included the architecture and deployment of signed Java. Before joining Netscape in 1995, Jim was a co-founder of Infoseek Corporation, and later Chief Scientist. Dr. Roskind holds an SB Electrical Engineering, SB Computer Science, SM EECS (1980), and PhD EECS (1983), all from Massachusetts Institute of Technology. His current research and development focus is on his daughter Brianna and son Dylan, all studied in collaboration with his wife Melinda.
<hr>
'''OWASP為國際非營利組織，參加此次活動係完全免費，會場寬敞明亮，備有舒適席次。'''

'''然由於場地限制，席次僅提供前200名來信報名者，還請包涵。'''

'''請各位欲參加之會員朋友，務必儘速來信報名參加。'''

===來信報名===
請email至[mailto:info@owasp.org.tw?subject=OWASP_Taiwan_Registration info@owasp.org.tw]，並註明下列資訊。
#中文姓名:
#英文姓名:
#單位:
#職稱:
#電子郵件:
#聯絡電話:
#免費加入OWASP台灣分會:(空白為願意加入，若不欲加入請填否)

===會場位置===
台灣科技大學國際會議廳，交通資訊請參考:[http://www.ntust.edu.tw/front/bin/ptlist.phtml?Category=16 http://www.ntust.edu.tw/front/bin/ptlist.phtml?Category=16]。

[[Image:owasp_taiwan_2007venue0.gif]]

[[Image:owasp_taiwan_2007venue2.jpg|800px]]

[[Image:owasp_taiwan_2007venue1.jpg|800px]]

== [http://hitcon.org 第三屆台灣駭客年會(HIT 2007)] ==

今年七月，除了第一屆OWASP台灣分會高峰會議外，[http://hitcon.org 第三屆台灣駭客年會(HIT 2007)]將緊接在OWASP高峰會議後的週末，
也就是2007年7月21日(週六)至22日(週日)舉行，會議地點定於國立臺灣科技大學公館校區-國際廳，歡迎各界人士踴躍報名參加。

詳情可上 HIT 2007 網站查詢:
[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org

== 有關OWASP (About OWASP) ==
OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利性組織，目前全球有82個分會近萬名會員，其主要目標是研議協助解決Web軟體安全之標準、工具與技術文件，長期致力於協助政府或企業瞭解並改善網頁應用程式與網頁服務的安全性。由於應用範圍日廣，網頁應用安全已經逐漸的受到重視，並漸漸成為在安全領域的一個熱門話題，在此同時，駭客們也悄悄的將焦點轉移到網頁應用程式開發時所會產生的弱點來進行攻擊與破壞。

== OWASP 台灣分會 (OWASP Taiwan Chapter) ==
*[http://www.owasp.org.tw/?utm_source=HIT&utm_medium=web OWASP台灣分會網頁(http://www.owasp.org.tw)]
*電郵:info@owasp.org.tw
*群組:owasp-taiwan@lists.owasp.org
*住址:台北市115南港區三重路19-13號(南港軟體園區)E棟5樓554室

OWASP Asia 2007

2007-06-26T15:58:35Z

Wayne huang: /* 第一屆OWASP台灣分會高峰會議 (OWASP-TW 2007) */

== 第一屆OWASP台灣分會高峰會議 (OWASP-TW 2007) （完全免費）==
'''Security 3.0 in Web 2.0 Age — Practices and Challenges of Web 2.0 Security'''

[[Image:owasp_taiwan_2007.png|800px]]

OWASP將於台灣召開第一屆的台灣分會高峰會議，將邀請國內外重量級專家齊聚一堂與會員分享與交流最新資安趨勢與實務案例。

「Web 2.0時代之Security 3.0 — 從實務經驗看Web資安防護之挑戰

* 2007年5月11日，Google開始監控遭駭網站，並貼上危險網站之標籤，政府及企業該如何應對？
* 2007年5月15日，OWASP公佈2007年最新的十大Web弱點，跨站腳本攻擊(XSS)登上榜首，對台灣及全球的含意為何？
* 2007年6月6日，IBM購併Watchfire，HP隨即於6月19日購併SPI Dynamics？為何在短短一個月內，重量級資訊巨人跨足資安產業？而僅存的Cenzic以滲透測試技術於6月18日甫獲美國專利，又將對產業有何影響？
* Web 2.0面臨哪些新的資安威脅？其因應之道是什麼？什麼是Security 3.0？又有哪些成功的實務案例？
<hr>
第一屆OWASP台灣分會高峰會議暨會員大會將於2007年7月20日（週五）下午1點至5點舉行，會議地點定於國立臺灣科技大學公館校區-國際廳，將由國內外知名專家一同與您探討，目前規劃演講者包含任職於國內外產、官、學的資安專家，詳細內容如下。

'''OWASP為國際非營利組織，參加此次活動係完全免費，會場寬敞明亮，備有舒適席次。'''

'''然由於場地限制，席次僅提供前200名來信報名者，還請包涵。'''

'''請各位欲參加之會員朋友，務必儘速來信報名參加。報名方式請見頁尾。'''

===第一場時段講者(1:00pm-3:30pm)===
====Yen-Ming Chen (McAfee資安諮詢部門主任、前Foundstone首席資安顧問)====
[[Image:owasp_taiwan_yenming.jpg|100px]]

'''題目''': '''''Trends in Web Application Security'''''

'''國際演說''':PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI, CERT, and ICST

'''暢銷書籍''':四本暢銷資安書籍之作者包括

[[Image:owasp_taiwan_yenming1.jpg|100px]][[Image:owasp_taiwan_yenming2.jpg|100px]][[Image:owasp_taiwan_yenming3.jpg|100px]][[Image:owasp_taiwan_yenming4.jpg|100px]]

'''講者簡介''': Yen-Ming leads Foundstone consultants to provide strategic security consulting services to the clients. His duties include managing all consulting and training activities, ranging from sales support to project execution. Yen-Ming joined Foundstone as a consultant in 2000. Yen-Ming brings extensive knowledge in both business and technology to his clients. He focuses primarily on generic security assessment. In client engagements, Yen-Ming helps clients align their security strategies with their business goals. He served as a Lead Instructor for Foundstone’s Ultimate Hacking, Ultimate Hacking Expert, Ultimate Web Hacking and Ultimate Hacking: Incident Response classes. Yen-Ming is a published author and sought-after speaker in both North America and the Pacific Rim. His articles have been published by SecurityFocus, SysAdmin, UnixReview, DevX, PCWeek, CNET Taiwan, ITHome, and other technology magazines in both North America and Asia Pacific. Yen-Ming has been interviewed by BBC and other media across the globe, and he has been a featured presenter at conferences, including PACSEC.JP, HITB, HACK.LU, HIT, CSI, MISTI, APAC Regional Conference on Electronic Safety and Soundness for Financial Services, Hong Kong CERT, and ICST conferences. Yen-Ming has contributed to several books, including: Hacking Exposed, 3rd ed., Hacking Exposed for Web Applications, Windows XP Professional Security, and HackNotes: Web Application Security.
<hr>

==== Mike Shema (Qualys首席資安研究員)====
[[Image:owasp_taiwan_mike.jpg|100px]]

'''題目''': '''''Managing Web Application Security with Automated Tools'''''

'''國際演說''':BlackHat 2004, RSA 2005, IT Underground 2006, and SACIS 2007. Training at BlackHat conferences in the U.S. and Europe

'''暢銷書籍''':九本資安暢銷書籍之作者包括

[[Image:owasp_taiwan_mike1.jpg|100px]][[Image:owasp_taiwan_mike2.jpg|100px]][[Image:owasp_taiwan_mike3.jpg|100px]][[Image:owasp_taiwan_mike4.jpg|100px]][[Image:owasp_taiwan_mike5.jpg|100px]][[Image:owasp_taiwan_mike6.jpg|100px]][[Image:owasp_taiwan_mike7.png|100px]][[Image:owasp_taiwan_mike8.jpg|100px]][[Image:owasp_taiwan_mike9.jpg|100px]]

'''講者簡介''': Mr. Shema is the co-author of Hacking Exposed: Web Applications, The Anti-Hacker Toolkit, and the author of Hack Notes: Web Application Security. Mr. Shema worked for several years as a consultant and trainer at Foundstone where he conducted information security assessments across a variety of technologies and industries. He also worked at NT Objectives to develop assessment and mitigation strategies for all aspects of web application security. While his security background ranges across network penetration testing, wireless auditing, code review, and training, Mr. Shema primarily focuses on web application security. Mr. Shema is currently employed by Qualys, developing tools that automate the web application audit process.
<hr>

==== 何全德處長 (行政院研考會資訊處) ====
[[Image:owasp_taiwan_ho.gif|100px]]

'''題目''': '''''Security in Taiwan'''''

'''講者簡介''': 更新中...
<hr>

====吳怡芳主任 (中華電信資安專案辦公室)====
'''題目''': '''''From Internet Service Provider to Internet Security Provider'''''

'''講者簡介''': 更新中...
<hr>

===第二場時段講者(3:30pm-5:00pm)===
====Wayne Huang (OWASP台灣分會會長、[http://www.armorize.com/?utm_source=HIT&utm_medium=web 阿碼科技]創辦人兼執行長)====
[[Image:owasp_taiwan_wayne.jpg|100px]]

'''題目''': '''''Security 3.0 in Web 2.0 Age—Practices and Challenges of Web 2.0 Security'''''

'''國際演說''':RSA 2007, HITCon 2007, Zend PHP 2006, HITCon 2006, WWW 2004 and WWW 2003

'''暢銷書籍''':

[[Image:owasp_taiwan_wayne1.jpg|100px]]

'''簡介''': Wayne Huang is first author of two award-winning security papers in the International WWW Conference (2003, 2004) and the co-author of "Computer Security in the 21st Century". Wayne is the founder and CEO of [http://www.armorize.com/?utm_source=HIT&utm_medium=web Armorize Technologies]. He received the Microsoft Research Fellowship in 2005. He is a Ph.D. candidate at EE, National Taiwan University. He was the first author of many well-cited papers on web application security.
<hr>
====Ricardo Jenez (Google軟體工程部門主任)====
'''題目''': '''''Engineering Simplicity'''''

'''講者簡介''': Mr. Jenez brings over 14 years of industry experience to eTime Capital , leveraging the latest technology to create highly effective business solutions for industry leaders. He also focuses on developing eTime Capital's strategic technology partnerships. Mr. Jenez was most recently at Netscape Communications as the Senior Development Manager responsible for the creation of a variety of e-commerce applications. Mr. Jenez was part of the core team that defined and implemented the architecture on which Netscape's B-to-B e-commerce applications - SellerXpert and BuyerXpert - were built. Prior to Netscape , Mr. Jenez held positions at General Magic , Tenfold , and Oracle Corporation. He also was the cofounder of Portacom Technologies , which manufactured some of the first Windows Accelerator graphics cards. His Eclipse II product was the recipient of the PC Magazine's Editor's Choice Award and ranked Number 74 on PC Computing's Top 200 PC Products of 1992". Prior to working at Oracle , Mr. Jenez was on the technical research staff of the MIT Laboratory for Computer Science , working on both hardware and software systems for multiprocessor computers. Mr. Jenez has two Bachelor of Science degrees from MIT , one in Computer Science and the other in Electrical Engineering.
<hr>
====Ben Livshits (MSR微軟研究中心研究員、史丹佛大學博士候選人)====
[[Image:owasp_taiwan_ben.jpg|100px]]

'''題目''': '''''SDL (Secure Development Lifecycle) in Microsoft'''''

'''講者簡介''': Benjamin Livshits is currently a Ph.D. candidate in computer science at Stanford University. Benjamin graduated summa cum laude with a B.A. degree in computer science and math from Cornell University in 1999. He obtained an M.S. from Stanford University in 2002. Benjamin's general research area is compilers and program analysis. His research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs. Lately he has focused on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (SQL injections, cross-site scriping, etc.) in Web-based applications. Benjamin has authored more than a dozen papers on program analysis for security and other uses, including finding memory errors, violations of API-specific patterns, software pattern mining, garbage collection, etc. Benjamin is a winner of the NSF graduate fellowship. His industrial experience involves working for companies including Yahoo!, Netscape, and Intel.
<hr>
====Jim Roskind (AOL副總裁暨技術長、前Netscape副總裁暨首席科學家、創辦Infoseek)====
'''題目''': '''''Ajax Security'''''

'''講者簡介''': During 8 years at Netscape/AOL/TW, Dr. Jim Roskind had titles including VP/CTO of System Infrastructure for America Online, VP/Chief Scientist Netscape, Netscape/Netcenter Security Architect, and Netscape's Java Security Architect. Jim's time as the Java Security Architect in Netscape's Client Product Division, placed him in the near the epicenter of almost all security related problems that appeared in the browser. In addition to tasks involved with technically reconciling issues, he was also a common liaison with contributors that reported security issues (both real and imagined). His notable technical accomplishments at Netscape included the architecture and deployment of signed Java. Before joining Netscape in 1995, Jim was a co-founder of Infoseek Corporation, and later Chief Scientist. Dr. Roskind holds an SB Electrical Engineering, SB Computer Science, SM EECS (1980), and PhD EECS (1983), all from Massachusetts Institute of Technology. His current research and development focus is on his daughter Brianna and son Dylan, all studied in collaboration with his wife Melinda.
<hr>
'''OWASP為國際非營利組織，參加此次活動係完全免費，會場寬敞明亮，備有舒適席次。'''

'''然由於場地限制，席次僅提供前200名來信報名者，還請包涵。'''

'''請各位欲參加之會員朋友，務必儘速來信報名參加。'''

===來信報名===
請email至[mailto:info@owasp.org.tw?subject=OWASP_Taiwan_Registration info@owasp.org.tw]，並註明下列資訊。
#姓名:
#單位:
#職稱:
#電子郵件:
#聯絡電話:
#免費加入OWASP台灣分會:(空白為願意加入，若不欲加入請填否)

===會場位置===
台灣科技大學國際會議廳，交通資訊請參考:[http://www.ntust.edu.tw/front/bin/ptlist.phtml?Category=16 http://www.ntust.edu.tw/front/bin/ptlist.phtml?Category=16]。

[[Image:owasp_taiwan_2007venue0.gif]]

[[Image:owasp_taiwan_2007venue2.jpg|800px]]

[[Image:owasp_taiwan_2007venue1.jpg|800px]]

== [http://hitcon.org 第三屆台灣駭客年會(HIT 2007)] ==

今年七月，除了第一屆OWASP台灣分會高峰會議外，[http://hitcon.org 第三屆台灣駭客年會(HIT 2007)]將緊接在OWASP高峰會議後的週末，
也就是2007年7月21日(週六)至22日(週日)舉行，會議地點定於國立臺灣科技大學公館校區-國際廳，歡迎各界人士踴躍報名參加。

詳情可上 HIT 2007 網站查詢:
[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org

== 有關OWASP (About OWASP) ==
OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利性組織，目前全球有82個分會近萬名會員，其主要目標是研議協助解決Web軟體安全之標準、工具與技術文件，長期致力於協助政府或企業瞭解並改善網頁應用程式與網頁服務的安全性。由於應用範圍日廣，網頁應用安全已經逐漸的受到重視，並漸漸成為在安全領域的一個熱門話題，在此同時，駭客們也悄悄的將焦點轉移到網頁應用程式開發時所會產生的弱點來進行攻擊與破壞。

== OWASP 台灣分會 (OWASP Taiwan Chapter) ==
*[http://www.owasp.org.tw/?utm_source=HIT&utm_medium=web OWASP台灣分會網頁(http://www.owasp.org.tw)]
*電郵:info@owasp.org.tw
*群組:owasp-taiwan@lists.owasp.org
*住址:台北市115南港區三重路19-13號(南港軟體園區)E棟5樓554室

Taiwan

2007-04-07T00:46:14Z

Wayne huang: /* 會員列表 (Member List) */

Taiwan

2007-04-07T00:45:13Z

Wayne huang: /* OWASP台灣分會部落格 blog */

File:OWASP Banner Blog.png

2007-04-07T00:44:20Z

Wayne huang:

Taiwan

2007-04-07T00:41:18Z

Wayne huang: /* OWASP 台灣分會 (OWASP Taiwan Chapter) */

Taiwan

2007-04-07T00:40:50Z

Wayne huang: /* OWASP 台灣分會 (OWASP Taiwan Chapter) */

Taiwan

2007-04-07T00:39:44Z

Wayne huang:

Taiwan

2007-04-04T13:04:17Z

Wayne huang:

[[Image:OWASP_TW_Banner.png]]

歡迎加入OWASP台灣分會！「安全Web軟體的第一步，從加入OWASP台灣分會開始」。

台灣分會會長[mailto:wayne@owasp.org.tw 黃耀文先生（Wayne Huang）]暨分會工作同仁衷心肯定您的參與，不管您在何處，甚至您僅曾留下網路足跡於台灣，感謝您願意跟大家一起分享，讓我們用更多不同的角度來檢視Web安全的趨勢、威脅、問題與解決方案。

{{Chapter Template|chaptername=台灣分會 OWASP Taiwan |extra=歡迎蒞臨OWASP台灣分會！台灣分會會長為 [mailto:wayne@owasp.org.tw 黃耀文先生（Wayne Huang）]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}}

== 有關OWASP (About OWASP) ==
OWASP(開放Web軟體安全計畫 - Open Web Application Security Project)是一個開放社群、非營利性組織，目前全球有82個分會近萬名會員，其主要目標是研議協助解決Web軟體安全之標準、工具與技術文件，長期致力於協助政府或企業瞭解並改善網頁應用程式與網頁服務的安全性。由於應用範圍日廣，網頁應用安全已經逐漸的受到重視，並漸漸成為在安全領域的一個熱門話題，在此同時，駭客們也悄悄的將焦點轉移到網頁應用程式開發時所會產生的弱點來進行攻擊與破壞。

美國聯邦貿易委員會(FTC)強烈建議所有企業需遵循OWASP所發佈的十大Web弱點防護守則、美國國防部亦列為最佳實務，國際信用卡資料安全技術PCI標準更將其列為必要元件。目前OWASP有30多個進行中的計畫，包括最知名的OWASP Top 10(十大Web弱點)、WebGoat(代罪羔羊)練習平台、安全PHP/Java/ASP.Net等計畫，針對不同的軟體安全問題在進行討論與研究。

當貴單位決定開放網頁服務時，就必須讓來自於全球的網頁請求進入單位內部的網頁伺服器。駭客可以藉由隱藏在合法的網頁請求內，通過防火牆、入侵偵測系統或其他防禦系統的偵測，堂而皇之的進入單位內部或藉由單位網站充當跳板與中繼站而向其他受害者發動攻擊。這意味著企業的網頁程式碼也必須成為機關(構)單位周邊的安全防護之一，當單位網頁服務的規模與複雜性增加時，單位暴露於外的風險也逐漸增加。

== OWASP 台灣分會 (OWASP Taiwan Chapter) ==
*網頁:http://www.owasp.org.tw
*電郵:info@owasp.org.tw
*群組:owasp-taiwan@lists.owasp.org
*住址:台北市115南港區三重路19-13號(南港軟體園區)E棟5樓554室

Chapter meetings are held several times a year, typically in the offices of our sponsor.

Please subscribe to the mailing list for meeting announcements.

Our chapter is sponsored by [http://www.armorize.com/?utm_source=OWASP%2BTW%2BMain&utm_medium=web Armorize Technologies].
感謝美商阿碼科技提供會議茶水、食物與活動贊助!

== 免費加入OWASP台灣分會、立刻啟用免費源碼資安檢測！ ==

[http://www.owasp.org.tw/member/registration.php http://www.owasp.org/images/f/f8/OWASP-TW-1.jpg]



'''加入OWASP台灣分會不需任何費用，會員可享有：'''

1. 配合Web安全宣導，政府機關(構)可獲免費資安源碼檢測（靜態分析）線上使用帳號。（廠商贊助，限台灣政府機構）

2. 不定期由OWASP台灣分會發行之Web攻防CDROM，目前為V1.0，填妥入會資料後會由工作人員郵寄送達。V1.0 CDROM內容包括：

##OWASP-Taiwan-Web安全簡介投影片
##OWASP-Taiwan-2007年首份研討會講義
##OWASP-Taiwan-免費Web安全工具
##OWASP-Top10-最新十大Web弱點
##OWASP-代罪羔羊(WebGoat)工具(免下載)
##OWASP-Guide-參考指引計畫內容
##OWASP測試計畫內容

[http://www.owasp.org.tw/member/registration.php http://www.owasp.org/images/d/d9/OWASP-TW-2.jpg]

3. OWASP台灣分會電子報。

'''加入會員方法請見本頁下方''' '''[[#如何加入會員|如何加入會員]]'''

加入OWASP台灣分會不需任何費用，會員資格完全開放給任何對於應用程式安全有興趣的人士， 
我們鼓勵會員於OWASP台灣分會分享他們的知識並提供專題演講， 
而在加入會員前，請您仔細閱讀[https://www.owasp.org/index.php/Chapter_Rules 分會會員手則]。

若要加入本分會的mailing list，請連結到[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網頁， 
所有的活動討論與活動地點將透過這個清單來討論， 
您也可以從[http://lists.owasp.org/pipermail/owasp-taiwan/ email 討論備份]中找到我們之前討論的備份。

最後提醒您，參加活動前，請再次檢查您mailing list的信件以確定活動地點與時間，或是任何有關活動記錄的事項。

== OWASP台灣分會部落格 blog ==
需要一手資安情報，技術分析，市場資訊嗎？

歡迎常來 [http://www.owasp.org.tw/blog OWASP台灣分會部落格 blog]

[http://www.owasp.org.tw/blog http://www.owasp.org/images/4/45/Owasp_taiwan_chapter_blog_banner_white.png]


== 如何加入會員 ==
歡迎免費加入OWASP Taiwan台灣分會！加入方式有三種，線上報名，email報名以及傳真報名：
工作同仁會持續通知所有會員有關OWASP最新活動資訊與座談會議程.

=== 線上報名 ===
請[http://www.owasp.org.tw/member/registration.php 按此填寫線上報名單]

=== Email報名 ===
請email：[mailto:info@owasp.org.tw info@owasp.org.tw]加入台灣分會,請註明下列資訊.
#姓名
#單位
#職稱
#電子郵件
#聯絡電話

=== 傳真報名 ===
請列印此報名表,填寫後傳真至(02)6616-1100即可.

[[Image:owasp_taiwan_opening.jpg|800px]]

== 近期消息 ==

*March 28 to April 11, 2007: We welcome your join to the [http://sid.iii.org.tw/96Q1_ISMS/ Web Application Security] seminar held by Taiwan government.
*在2007年3月27至4月11日，行政院研考會與資通安全會報技服中心舉辦之[http://sid.iii.org.tw/96Q1_ISMS/ 政府資通安全防護巡迴研討會－資安發展趨勢及網路應用服務資訊安全]，歡迎政府機關(構)負責資通安全相關人員踴躍參加。

*April 16 to 18, 2007: [http://www.owasp.org/index.php/Taiwan OWASP-Taiwan] charter hosts a booth ([http://www.secutech.com/tw/is/images/istw_b01.swf A402, A404], sponsored by [http://www.armorize.com/?utm_source=OWASP%2BTW%2BMain&utm_medium=web Armorize Technologies, Inc.]) at [http://www.secutech.com/tw/is/index.asp Info Security Taipei 2007]. Come and vist us~
*在2007年4月16至18日，台北國際資安展(http://www.secutech.com/tw/is/index.asp) 隆重登場，OWASP台灣分會邀您蒞臨攤位A402與A404，即可獲得Web資安光碟一張，並親自動手體驗比滲透測試、弱點稽核等傳統資安檢測方式更為優異的自動源碼檢測技術。

[[Image:Owasp taiwan first gathering.png]]

== 網站與Web服務的五大資安困境 ==
#IT人員不足
#缺乏資安領域專業知識
#功能性驗收為主
#缺乏自動化工具
#成本、效率導向專案模式不利確保專案品質

==最新2007年OWASP十大Web資安漏洞 (2007 OWASP Top 10)==
===直接與程式碼安全品質有關===
註:美國國防部的BSI計畫(Build-Security In,https://buildsecurityin.us-cert.gov/) 及Mitre研究機構的CVE資安脆弱性列表(http://cve.mitre.org/) 亦顯示1)Cross Site Scripting與2)SQL Injection已連續兩年列為全球頭號嚴重資安弱點.
*[必要*]Cross Site Scripting (XSS) – 跨站腳本攻擊(即XSS)
*[必要*]Injection Flaws – 注入弱點(如SQL Injection等資料隱碼攻擊)
*[建議*]Insecure Remote File Include – 不安全的遠端檔案匯入(如File Inclusion)
*[建議*]Insecure Direct Object Reference –不安全的物件參考(如File Injection)
*[選擇*]Cross Site Request Forgery (CSRF) – 跨站冒名請求(類似XSS破壞身份鑑別)
<nowiki>*</nowiki>OWASP台灣分會強烈建議各單位在進行源碼檢測時，尤以政府機關(構)，應遵循政府資通安全作業規範(http://www.giscc.org.tw) 之「Web應用程式安全參考指引」，並將1與2列為必要檢測項目，3與4列為建議檢測項目，而5列為選擇檢測項目。

＊在實務案例上，檢測並修正1與2即可避免絕大多數的Web資安威脅。

===因上述漏洞間接造成或與Web伺服器及外部設定有關===
*Information Leakage and Improper Error Handling
*Broken Authentication and Session Management
*Insecure Cryptographic Storage
*Insecure Communications
*Failure to Restrict URL Access

== 會員列表 (Member List) ==
Coming up soon!

[http://www.owasp.org.tw http://www.owasp.org.tw/dot.png]

[[ OWASP Taiwan Translation temporary page]]