OWASP - User contributions [en]

Global Industry Committee - Application 15

2011-12-05T16:16:13Z

Weilin Zhong: Weilin Zhong added endorsement for Frank.

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----
{| style="width:100%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white"|'''COMMITTEE APPLICATION FORM'''
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Frank Fan
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|OWASP China VP
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Global Industry Committee
|}
----

----
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''.
An incomplete application will not be considered for vote.
----

----
{| style="width:100%" border="0" align="center"
! colspan="8" align="center" style="background:#4058A0; color:white"|'''COMMITTEE RECOMMENDATIONS'''
|-
! align="center" style="background:white; color:white"|
! align="center" style="background:#7B8ABD; color:white"|'''Who Recommends/Name'''
! align="center" style="background:#7B8ABD; color:white"|'''Role in OWASP'''
! align="center" style="background:#7B8ABD; color:white"|'''Recommendation Content'''
|-
| style="width:3%; background:#cccccc" align="center"|'''1'''
| style="width:20%; background:#cccccc" align="center"| Helen Gao
| style="width:20%; background:#cccccc" align="center"| Long Island Chapter Founder & Leader, Global Membership Comittee
| style="width:57%; background:#cccccc" align="center"| I first met Frank at the OWASP conference in 2010. Frank is one of the most intelligent entrepreneurs and infosec experts I have ever met. Frank's company has been one of the main sponsors of the past two OWASP conferences in China. As a matter of fact, Frank has volunteered to host the OWASP submit in 2013. Frank's education and experience in both US and China is rare, especially among OWASP leaders. I am confident that he will be an asset to OWASP.
|-
| style="width:3%; background:#cccccc" align="center"|'''2'''
| style="width:20%; background:#cccccc" align="center"|Ivy Zhang
| style="width:20%; background:#cccccc" align="center"|Member of China Chapter
| style="width:57%; background:#cccccc" align="center"|Being the VP of China Chapter, Frank also has more than ten years experience in US. His experience and knowledge is crucial in OWASP's mission
|-
| style="width:3%; background:#cccccc" align="center"|'''3'''
| style="width:20%; background:#cccccc" align="center"|Tin Zaw
| style="width:20%; background:#cccccc" align="center"|Los Angeles Chapter Leader
| style="width:57%; background:#cccccc" align="center"|Frank is a highly-respected, well-connected, successful engineer/businessman in China and he is very committed to success of OWASP, in China and globally. These attributes make him an ideal candidate for the Industry Committee.
|-
| style="width:3%; background:#cccccc" align="center"|'''4'''
| style="width:20%; background:#cccccc" align="center"|Weilin Zhong
| style="width:20%; background:#cccccc" align="center"|Lead of Top 10 Chinese Project
| style="width:57%; background:#cccccc" align="center"|I worked with Frank for the OWASP China Summit 2010 hosted in Beijing. He was one of the key members of the summit organization committee and the local host. Frank was not only a security expert but also a security entrepreneur with rich understanding of both the American and the Chinese security industries and communities. He is resourceful and well-connected. He provided great support for the summit and showed strong commitment of promoting both OWASP and application security in the China and Asian areas. His unique combination of US and Chinese education backgrounds, industrial experiences and leaderships positions him well for prompting OWASP in a global level and connecting to international communities . I am sure he will be a great asset for OWASP.
|-
| style="width:3%; background:#cccccc" align="center"|'''5'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|}
----

Global Conferences Committee - Application 8

2011-03-12T02:19:53Z

Weilin Zhong:

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----
{| style="width:100%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white"|'''COMMITTEE APPLICATION FORM'''
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Zhendong Yu
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|One of the early OWASP DC chapter members, leader of OWASP Chinese project, organizer for OWASP China Summit 2010.
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Global Conferences Committee
|}
----

----
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''.
An incomplete application will not be considered for vote.
----

----
{| style="width:100%" border="0" align="center"
! colspan="8" align="center" style="background:#4058A0; color:white"|'''COMMITTEE RECOMMENDATIONS'''
|-
! align="center" style="background:white; color:white"|
! align="center" style="background:#7B8ABD; color:white"|'''Who Recommends/Name'''
! align="center" style="background:#7B8ABD; color:white"|'''Role in OWASP'''
! align="center" style="background:#7B8ABD; color:white"|'''Recommendation Content'''
|-
| style="width:3%; background:#cccccc" align="center"|'''1'''
| style="width:20%; background:#cccccc" align="center"| Helen Gao
| style="width:20%; background:#cccccc" align="center"| Leader of OWASP Chinese Project, Founder and leader of OWASP Long Island Chapter, Representative of OWASP China Chapter
| style="width:57%; background:#cccccc" align="center"| I worked with Zhendong when organizing the China conference last year as well as the Chinese Project. He is one of the smartest and most hardworking persons I know. He is fluent in Chinese and very familiar with the Chinese culture. I have no doubt that Zhendong will be instrumental in bridging OWASP and the vast Chinese community.
|-
| style="width:3%; background:#cccccc" align="center"|'''2'''
| style="width:20%; background:#cccccc" align="center"| Weilin Zhong
| style="width:20%; background:#cccccc" align="center"| Leader, OWASP Chinese Project; Overseas Organizer, OWASP China Summit 2010
| style="width:57%; background:#cccccc" align="center"| I have been working with Zhendong on different OWASP projects and highly recommend him. I believe he will further OWASP's cause in Asia, and the globe.
|-
| style="width:3%; background:#cccccc" align="center"|'''3'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|-
| style="width:3%; background:#cccccc" align="center"|'''4'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|-
| style="width:3%; background:#cccccc" align="center"|'''5'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|}
----

OWASP China Summit 2010

2010-10-15T08:56:02Z

Weilin Zhong: /* Kenny Lee */ - corrected the link to the Chinese Executive Summary

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
[http://www.owasp.org.cn/index.php?option=com_content&view=article&id=56&Itemid=82 '''Detailed Agenda in Chinese (详细会议日程)'''].

{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
*[http://www.owasp.org/images/c/c1/201008_DBIR_Executive_Summary_CHT_Final.pdf Executive Summary in Chinese (中文摘要）]
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].

== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.barracudanetworks.com/ http://www.owasp.org.cn/images/stories/logo.png]
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media:
[http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif]
[http://www.it168.com/ http://www.it168.com/himages/logo.gif]
[http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif]
[http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg]
[http://www.ccidnet.com/, http://image.ccidnet.com/www/logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-15T08:51:30Z

Weilin Zhong: /* Kenny Lee */ - linked a Chinese Executive Summary

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
[http://www.owasp.org.cn/index.php?option=com_content&view=article&id=56&Itemid=82 '''Detailed Agenda in Chinese (详细会议日程)'''].

{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
*[http://www.owasp.org/index.php/File:201008_DBIR_Executive_Summary_CHT_Final.pdf Executive Summary in Chinese (中文摘要）]
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].

== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.barracudanetworks.com/ http://www.owasp.org.cn/images/stories/logo.png]
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media:
[http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif]
[http://www.it168.com/ http://www.it168.com/himages/logo.gif]
[http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif]
[http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg]
[http://www.ccidnet.com/, http://image.ccidnet.com/www/logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-15T08:46:59Z

Weilin Zhong: /* Kenny Lee */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
[http://www.owasp.org.cn/index.php?option=com_content&view=article&id=56&Itemid=82 '''Detailed Agenda in Chinese (详细会议日程)'''].

{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
* [http://www.owasp.org/index.php/File:201008_DBIR_Executive_Summary_CHT_Final.pdf Chinese Executive Summary (中文摘要）]
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].

== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.barracudanetworks.com/ http://www.owasp.org.cn/images/stories/logo.png]
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media:
[http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif]
[http://www.it168.com/ http://www.it168.com/himages/logo.gif]
[http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif]
[http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg]
[http://www.ccidnet.com/, http://image.ccidnet.com/www/logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-15T08:45:54Z

Weilin Zhong: /* Kenny Lee */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
[http://www.owasp.org.cn/index.php?option=com_content&view=article&id=56&Itemid=82 '''Detailed Agenda in Chinese (详细会议日程)'''].

{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
* [http://www.owasp.org/index.php/File:201008_DBIR_Executive_Summary_CHT_Final.pdf Chinese Executive Summary (中文摘要）]

== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.barracudanetworks.com/ http://www.owasp.org.cn/images/stories/logo.png]
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media:
[http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif]
[http://www.it168.com/ http://www.it168.com/himages/logo.gif]
[http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif]
[http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg]
[http://www.ccidnet.com/, http://image.ccidnet.com/www/logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

File:201008 DBIR Executive Summary CHT Final.pdf

2010-10-15T08:44:25Z

Weilin Zhong:

OWASP China Summit 2010

2010-10-15T07:00:43Z

Weilin Zhong: /* Media Partners: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
[http://www.owasp.org.cn/index.php?option=com_content&view=article&id=56&Itemid=82 '''Detailed Agenda in Chinese (详细会议日程)'''].

{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.barracudanetworks.com/ http://www.owasp.org.cn/images/stories/logo.png]
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media:
[http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif]
[http://www.it168.com/ http://www.it168.com/himages/logo.gif]
[http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif]
[http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg]
[http://www.ccidnet.com/, http://image.ccidnet.com/www/logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-15T06:57:47Z

Weilin Zhong:

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
[http://www.owasp.org.cn/index.php?option=com_content&view=article&id=56&Itemid=82 '''Detailed Agenda in Chinese (详细会议日程)'''].

{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.barracudanetworks.com/ http://www.owasp.org.cn/images/stories/logo.png]
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-15T06:56:47Z

Weilin Zhong: Linked the Chinese Agenda in the Agenda page.

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
[http://www.owasp.org.cn/index.php?option=com_content&view=article&id=56&Itemid=82 '''Detailed Agenda in Chinese (中文会议日程)'''].

{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.barracudanetworks.com/ http://www.owasp.org.cn/images/stories/logo.png]
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-15T06:47:49Z

Weilin Zhong: /* Gold Sponsors: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.barracudanetworks.com/ http://www.owasp.org.cn/images/stories/logo.png]
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-12T15:40:51Z

Weilin Zhong: /* Conference Committee */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
* [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-12T15:35:44Z

Weilin Zhong: /* Organizers */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Chair]
**[mailto:Ivy@owasp.org.cn Ivy Zhang] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter Summit Secretary]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-11T20:02:33Z

Weilin Zhong: /* Organizers */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]
** [mailto:ggf.ish@gmail.com Zhendong Yu]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-11T08:58:05Z

Weilin Zhong: Updated Agenda for Verizon & Pravir's talk.

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/5/58/Bio_-_Kenny_Lee_2010.pdf Kenny Lee], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Building an effective SSA program in measurable iterations]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Kenny Lee =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
== Building an effective SSA program in measurable iterations ==
===== Pravir Chandra =====
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers.
To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

File:Bio - Kenny Lee 2010.pdf

2010-10-11T08:51:18Z

Weilin Zhong:

OWASP China Summit 2010

2010-10-08T16:12:27Z

Weilin Zhong: /* Sponsor US! */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/6/65/Mark_goudie.pdf Mark Goudie], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Mark Goudie =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/1/17/OWASP_China_Summit_2010_Investment_Guide.pdf English]][[http://www.owasp.org/images/6/66/OWASP_China_Summit_2010_Investment_Guide_Chinese.pdf Chinese]]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

File:OWASP China Summit 2010 Investment Guide Chinese.pdf

2010-10-08T16:08:43Z

Weilin Zhong:

File:OWASP China Summit 2010 Investment Guide.pdf

2010-10-08T16:03:49Z

Weilin Zhong:

OWASP China Summit 2010

2010-10-08T16:02:47Z

Weilin Zhong:

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf OWASP十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/6/65/Mark_goudie.pdf Mark Goudie], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Mark Goudie =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-08T15:59:49Z

Weilin Zhong:

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/OWASPTop10-2010-PressRelease OWASP TOP 10]
[http://www.owasp.org/images/a/a7/OWASP_Top_10_PR_Chinese.pdf 十大风险]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/6/65/Mark_goudie.pdf Mark Goudie], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Mark Goudie =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

File:OWASP Top 10 PR Chinese.pdf

2010-10-08T15:51:06Z

Weilin Zhong:

Category:OWASP Top Ten Project

2010-10-08T15:35:49Z

Weilin Zhong: Updated Weilin's Email.

{{OWASP Book|1400974}}

<center> '''Do You Recommend the OWASP TOP 10?''' Tweet a sign of support [http://twitter.com/home/?status=OWASP+has+FREE+practical+software+development+and+security+resources:+http://bit.ly/bMb0SM Click Here] </center> 

==== Main ====

'''Welcome to the OWASP Top Ten Project'''

== OWASP Top 10 for 2010 ==

On April 19, 2010 we released the final version of the OWASP Top 10 for 2010, and here is the associated [[OWASPTop10-2010-PressRelease | press release]]. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.

Click one of the links below to download from one of our mirrors:
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP_Top_10_-_2010.pdf (Google Code)]
* [https://docs.google.com/uc?export=download&id=0B3B7xlV22G8TNGUyOTFjMjAtZDJjMi00MjM4LTlmNGUtMzFiODdjMTA2OTZm OWASP_Top_10_-_2010.pdf (Google Docs)]

The OWASP Top 10 Web Application Security Risks for 2010 are:
*A1: Injection
*A2: Cross-Site Scripting (XSS)
*A3: Broken Authentication and Session Management
*A4: Insecure Direct Object References
*A5: Cross-Site Request Forgery (CSRF)
*A6: Security Misconfiguration
*A7: Insecure Cryptographic Storage
*A8: Failure to Restrict URL Access
*A9: Insufficient Transport Layer Protection
*A10: Unvalidated Redirects and Forwards

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the world!!!

As you help us spread the word, please emphasize:
* OWASP is reaching out to developers, not just the application security community
* The Top 10 is about managing risk, not just avoiding vulnerabilities
* To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

If you are interested in doing a presentation on the OWASP Top 10, please feel free to use all or parts of this: [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2010%20Presentation.pptx OWASP Top 10 - 2010 Presentation]

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2010 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

== Versions ==

Stable:

* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 2010 - PDF]
* [[Top_10_2010|OWASP Top 10 2010 - wiki]]

2010 Translations:
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF]
* [http://www.securityplus.or.kr/xe/?module=file&act=procFileDownload&file_srl=25999&sid=00866c962d596769cb97cd9fadb81947 OWASP Top 10 2010 - Korean PDF]

2010 Release Candidate:

* [http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf OWASP Top 10 2010 Release Candidate]
* [http://www.owasp.org/images/e/e1/OWASP_Top_10_RC-Public_Comments.docx OWASP Top 10 2010 Release Candidate Comments], except for one set of scanned comments [http://www.owasp.org/images/2/2e/OWASP_T10_-_2010_rc1_cmts_Kai_Jendrian.pdf which are here].

Old versions:

*[http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf OWASP Top 10 2007 - PDF]
*[[Top 10 2007|OWASP Top 10 2007 - wiki]]
*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Project_Details OWASP Top 10 2007 - PDF Translations are here]
*[[Top 10 2004|OWASP Top 10 2004 - wiki]]

== Users and Adopters ==

The U.S. Federal Trade Commission strongly recommends that all companies use the OWASP Top Ten and ensure that their partners do the same. In addition, the U.S. Defense Information Systems Agency (DISA) has listed the OWASP Top Ten as key best practices that should be used as part of the DoD Information Assurance Certification and Accreditation Process ([http://iase.disa.mil/diacap/ DIACAP]).

In the commercial market, the [http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf Payment Card Industry (PCI) standard] has adopted the OWASP Top Ten, and requires (among other things) that all merchants get a security code review for all their custom code. In addition, a broad range of companies and agencies around the globe are also using the OWASP Top Ten, including:

*A.G. Edwards
*Bank of Newport
*Best Software
*British Telecom
*Bureau of Alcohol, Tobacco, and Firearms (ATF)
*Citibank
*Cboss Internet
*Cognizant
*Contra Costa County, CA
*Corillian Corporation
*Digital Payment Technologies
*Foundstone Strategic Security
*HP
*IBM Global Services
*National Australia Bank
*Norfolk Southern
*OneSAS.com
*Online Business Systems
*Predictive Systems
*Price Waterhouse Coopers
*Recreational Equipment, Inc. (REI)
*SSP Solutions
*Samsung SDS (Korea)
*Sempra Energy
*Sprint
*Sun Microsystems
*Swiss Federal Institute of Technology
*Symantec
*Texas Dept of Human Services
*The Hartford
*Zapatec
*ZipForm
*...and many others

Several schools have also adopted the OWASP Top Ten as a part of their curriculum, including Michigan State University (MSU), and the University of California at San Diego (UCSD).

Several open source projects have adopted the OWASP Top Ten as part of their security audits, including:

*[http://plone.org Plone open source CMS project] (managed by the Plone Foundation)

== Feedback ==

Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to topten@lists.owasp.org Thanks!

To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]

== Project Sponsors ==
The OWASP Top Ten project is sponsored by [http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif] [http://www.softtek.com http://www.owasp.org/images/a/a8/AppSecDC2009-Sponsor-softtek.gif]


==== 2010 Translation Efforts ====

Efforts are underway in numerous languages to translate the OWASP Top 10. If you are interested in helping, please contact the other members of the team for the language you are interested in contribution to, or if you don't see your language listed, please let me know you want to help and we'll form a volunteer group for your language too!!

Volunteer Translators:
* French: sebastien.gioria@owasp.org, ludovic.petit@sfr.com, antonio.fontes@owasp.org, benoit.guerette@owasp.org, Jocelyn.aubert@owasp.org, Eric.Garreau@gemalto.com, Guillaume.Huysmans@gemalto.com
* German: kai.jendrian@secorvo.de
* Spanish: juan.calderon@ge.com, fcerullo@owasp.org, jaguasch@gmail.com, paulocoronado@gmail.com, rodrigo@rmarcos.com, vicente.aguilera@owasp.org
* Portuguese: carlos.j.serrao@gmail.com; wagner.elias@owasp.org; victoreufrasio@gmail.com; leo.cavallari@owasp.org; victoreufrasio@gmail.com;
* Greek: Konstantinos Papapanagiotou (conpap@di.uoa.gr)
* Turkish: bora@abi.com.tr
* Chinese: weilin.zhong@owasp.org
* Malay, Japanese, Vietnamese: cecil.su@owasp.org
* Korean: Hyungkeun Park, (mirrk1@gmail.com)

==== Project Details ====

{{:GPC_Project_Details/OWASP_Top10 | OWASP Project Identification Tab}}

==== Spanish Translation ====

La traduccion al español del OWASP Top 10 2010 ya esta en camino... visita esta pagina frecuentemente para visualizar los avances y obtener una copia de la ultima version.

El equipo de traductores esta compuesto por:

- Aguilera, Vicente

- Cabezas Molina, Daniel

- Calderon, Juan

- Cerullo, Fabio

- Coronado, Paulo

- Guasch, Jose Antonio

- Marcos, Rodrigo

==== How Are Companies/Projects/Vendors Using the OWASP Top 10? ====

Click the links for more details on each use!

Warning: these articles have not been rated for accuracy by OWASP. Product companies should be extremely careful about claiming to "cover" or "ensure compliance" with the OWASP Top 10. The current state-of-the-art for automated detection (scanners and static analysis) and prevention (waf) is nowhere near sufficient to claim adequate coverage of the issues in the Top 10. Nevertheless, using the Top 10 as a simple way to communicate security to end users is effective.

; [http://blogs.msdn.com/b/sdl/archive/2008/05/01/sdl-and-the-owasp-top-ten.aspx Microsoft]
: as a way to measure the coverage of their SDL and improve security

; [http://www.nsa.gov/applications/search/index.cfm?q=owasp NSA]
: in their developer guidance on web application security

; [https://www.pcisecuritystandards.org/index.shtml PCI Council]
: as part of the Payment Card Industry Data Security Standard (PCI DSS)

; [http://community.citrix.com/display/ocb/2010/06/02/NetScaler+Application+Firewall+and+the+OWASP+Top+10+2010 Citrix]
: in a guide showing how to configure their NetScalar product

; [http://msdn.microsoft.com/en-us/library/dd129898.aspx Microsoft]
: to show how "T10 threats are handled by the security design and test procedures of Microsoft"

; [http://www.web2py.com/examples/default/security web2py]
: to demonstrate the security of this Python web framework

; [http://www.owasp.org/index.php/Commentary_OWASP_Top_Ten_2004_Project Oracle]
: for developer awareness

; [http://www.theatremanagerhelp.com/book/export/html/1640 TheatreManager]
: to show how their product is secure for web use

; [http://knol.google.com/k/automated-vulnerabilty-scanners-and-the-owasp-top-10# WhiteHat]
: as a way to explain the coverage of their service

; [http://www.imperva.com/docs/TB_SecureSphere_OWASP_2010-Top-Ten.pdf Imperva]
: to show the coverage of the SecureSphere tool

; [http://blog.cenzic.com/public/item/254309 Cenzic]
: to enable "focused scans for compliance testing with the updated PCI standard"

__NOTOC__ <headertabs />

[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]]

OWASP China Summit 2010

2010-10-08T15:03:53Z

Weilin Zhong: /* Organizing Partners: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/6/65/Mark_goudie.pdf Mark Goudie], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Mark Goudie =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]
[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-08T15:03:11Z

Weilin Zhong: /* Gold Sponsors: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Application Security Market Trend 应用安全市场动态]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/6/65/Mark_goudie.pdf Mark Goudie], Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [[#2010 Data Breach Investigation Report]]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}

== Application Security Market Trend 应用安全市场动态 ==
=====Chenxi Wang, PhD=====
应用安全是很多企业安全部门的重要运行目标。在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品。我们将分析一些金融界和保险行业的成功案例，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难。最后我们还将讨论应用安全产品的发展和研究趋势。
== Outbound Monitoring of Web Servers: a Forgotten Child in Information Security? ==
===== Wong Onn Chee =====
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.
== 2010 Data Breach Investigation Report ==
===== Mark Goudie =====
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Mark Goudie, one of the co‐authors of the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse what we believe to be the world’s largest study of data breaches consisting of over 900 cases and 900 million compromised records across six years of first hand forensic investigations.
We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach.
More information can be found at [http://www.verizonbusiness.com/databreach/ Verizon Business website].
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
[http://www.honkwin.com/ http://www.honkwin.com/images/demo_03.gif]红科网安(北京)科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif] [http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
[http://www.nsace.org.cn http://www.nsace.org.cn/templets/images/toplogo.gif]

----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

User:Weilin Zhong

2010-10-08T15:00:07Z

Weilin Zhong: /* 资深应用安全专家钟卫林 */

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has rich R&D experience in various information security areas, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two boys and lives with her family in Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职于美国领先的应用安全咨询公司Apsect Security 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确了解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究中心做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

User:Weilin Zhong

2010-10-08T14:58:46Z

Weilin Zhong: /* 资深应用安全专家钟卫林 */

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has rich R&D experience in various information security areas, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two boys and lives with her family in Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职于美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确了解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究中心做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

User:Weilin Zhong

2010-10-08T14:38:04Z

Weilin Zhong:

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has rich R&D experience in various information security areas, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two boys and lives with her family in Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职于美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确了解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究中心做研究和开发工作，涉及多个信息安全领域，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

User:Weilin Zhong

2010-10-07T22:22:05Z

Weilin Zhong: /* Application Security Expert */

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has rich R&D experience in various information security areas, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two wonderful young boys and lives with her family in Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13 年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确理解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究中心做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

OWASP China Summit 2010

2010-10-07T22:19:10Z

Weilin Zhong: Updated the logistic page with hotel information.

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif] [http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Hotel Booking ===
* Mention attending the "OWASP China Summit", you can get the discount prices.
* The summit local team is happy to book the hotel for you, please contact:
** Peter Zhang
** Email: market02@owasp.org.cn
** Tel: 010-85655622
** Fax: +86-10-85653108
* For more detail information, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=58&Itemid=85 summit Chinese website (详情请见峰会中文网站）].

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T21:04:19Z

Weilin Zhong: /* Supporting Sponsors: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif] 华为

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif] [http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T21:03:49Z

Weilin Zhong: /* Diamond Sponsors: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif] [http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T21:03:26Z

Weilin Zhong: /* Diamond Sponsors: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息

[http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif] [http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T21:02:28Z

Weilin Zhong: /* Media Partners: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif] [http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: [http://www.chinabyte.com/ http://image.chinabyte.com/w/pic/logo.gif],[http://www.it168.com/ http://www.it168.com/himages/logo.gif][http://www.51cto.com http://images.51cto.com/images/index/Images/Logo.gif], [http://www.cww.net.cn/ http://www.cww.net.cn/images/top_logo.jpg], CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T20:57:09Z

Weilin Zhong: /* Educational Sponsors: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所 [http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif] [http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T20:56:44Z

Weilin Zhong: /* Organizing Partners: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所

[http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif] [http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T20:56:20Z

Weilin Zhong: /* Diamond Sponsors: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息 [http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所

[http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]

[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

User:Weilin Zhong

2010-10-07T20:47:38Z

Weilin Zhong: /* 资深应用安全专家钟卫林 */

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has rich R&D experience in various information security areas, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two wonderful young boys and lives with her family in Columbia Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13 年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确理解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究中心做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

User:Weilin Zhong

2010-10-07T20:46:12Z

Weilin Zhong: /* 资深应用安全专家钟卫林 */

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has rich R&D experience in various information security areas, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two wonderful young boys and lives with her family in Columbia Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13 年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确理解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究中心做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中科技大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

OWASP China Summit 2010

2010-10-07T20:43:02Z

Weilin Zhong: /* Gold Sponsors: */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息

[http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
[http://www.ankki.com/ http://www.owasp.org.cn/images/stories/ankkilog.png]深圳昂楷科技有限公司
----

=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所

[http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]

[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T20:37:46Z

Weilin Zhong: updated agenda.

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息

[http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
----
=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所

[http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]

[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T20:25:35Z

Weilin Zhong:

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.verizonbusiness.com/databreach/ 2010 Data Breach Investigation Report]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息

[http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
----
=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所

[http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]

[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T20:18:18Z

Weilin Zhong: /* Trainer Bios & Course Abstracts */

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the [http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83 summit Chinese website (详情请见峰会中文网站）].

----

==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | 2010 Data Breach Investigation Report
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息

[http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
----
=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所

[http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]

[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T20:14:11Z

Weilin Zhong: updated agenda

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the summit Chinese website (详情请见峰会中文网站）：
** http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83

----
==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research) Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP TOP 10]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | 2010 Data Breach Investigation Report
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM OWASP OpenSAMM Project]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息

[http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
----
=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所

[http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]

[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

OWASP China Summit 2010

2010-10-07T20:11:11Z

Weilin Zhong: Link speakers bios in the agenda & add hotel map.

__NOTOC__
[[Image:OWASP_China_logo.jpg]]

====Welcome====

===OWASP China Summit 2010 - Beijing China===

[http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]will host '''OWASP China Summit 2010''' in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

'''Press Release: [http://www.owasp.org/images/d/d8/OWASP_China_Summit_2010_Announcement.pdf OWASP China Summit 2010 Announcement]'''

====中文(Chinese)====

===中文网站===

本次会议设有专门的中文网站： [http://www.owasp.org.cn/ OWASP 2010 中国峰会中文网站]。

==== Registration ====

Please [http://www.eventbrite.com/event/735697491 register] yourself to attend the OWASP China Summit. General admission is FREE.

'''Who Should Attend OWASP China Summit 2010:'''

*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security
For student discount, attendees must present proof of enrollment when picking up your badge.

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

==== Training: Oct 20 - 21 ====
----
===== Training Agenda =====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Training Oct 20 - Oct 21'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Trainer
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Topic
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (Before Oct.10)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Price (After Oct.10)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Yuezhong Bao, Microsoft
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Secure Development Lifecycle
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 20
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Benson Wu, Armorize
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Code Review
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | AM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Xin Fang, VulnHunt
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | PM Oct 21
| style="width: 20%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Aaron, DBAppSecurity
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Security Testing
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1000 ($150)
| style="width: 15%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | RMB 1500 ($230)
|}

----

===== Enrollment & Questions: =====
* Ivy: 13510601178, Ivy@owasp.org.cn
* Rip: 13699898080, rip@owasp.org.cn

----
===== Trainer Bios & Course Abstracts =====
* More details, please see the summit Chinese website (详情请见峰会中文网站）：
** http://www.owasp.org.cn/index.php?option=com_content&view=article&id=57&Itemid=83

----
==== Agenda: Oct 22 ====
{| border="0" align="center" style="width: 80%;"
|-
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - Oct 22, 2010 Tentative'''

|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | Time
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Speaker
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Presentation
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Language
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:30-09:00
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Networking
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-09:10
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/China-Mainland, Rip Torn], OWASP China Chapter and [http://www.owasp.org/index.php/User:Brennan, Tom Brennan] OWASP Board
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Opening Statement: Welcome to OWASP China Summit 2010
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:10-10:00
| style="width: 40%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Keynote: [http://www.owasp.org/index.php/Chenxi_Wang,_Ph.D._(Forrester_Research), Chenxi Wang], PhD, Forrester Research
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Application Security Market Trends
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:40
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Weilin_Zhong, Weilin Zhong], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project, OWASP TOP 10]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:50-11:20
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/Frank_Yuan_Fan,_OWASP_China_Chapter, Frank Fan], DBAppSecurity
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Web Attack and Defense Trends
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-12:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/e/e4/WongOnnChee_Biodata.pdf Wong Onn Chee], [http://www.owasp.org/index.php/Singapore, OWASP Singapore Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Outbound Monitoring of Web Servers: a Forgotten Child in Information Security?
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese/English
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:00-13:30
| align="left" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Break
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:30-14:10
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Mark Goudie, Verizon Business
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | 2010 Data Breach Investigation Report
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:20-15:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/index.php/User:Pravir_Chandra, Pravir Chandra], OWASP
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | [http://www.owasp.org/index.php/SAMM, OWASP OpenSAMM Project]
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | English with real-time Chinese translation
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:40
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | [http://www.owasp.org/images/8/81/BioGaoWenInfoSec.pdf, Helen Gao], [http://www.owasp.org/index.php/Long_Island OWASP Long Island Chapter]
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | OWASP and OWASP Projects
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|-
| style="width: 20%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-17:00
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Panel
| align="center" style="width: 40%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Round Table: Web App Security - State of Art
| style="width: 10%; background: none repeat scroll 0% 0% rgb(92, 121, 187);" | Chinese
|}
==== Sponsors ====
----
=== Diamond Sponsors: ===
[http://www.dbappsecurity.com.cn/ http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif] 安恒信息

[http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]
----

=== Platinum Sponsors: ===
----

=== Gold Sponsors: ===
[http://www.venustech.com.cn/ http://www.owasp.org/images/4/4d/VenusTech_logo.gif]
----
=== Supporting Sponsors: ===
[http://www.huawei.com/ http://www.owasp.org/images/f/ff/Huawei_Logo.gif]

{{MemberLinks|link=http://www.microsoft.com|logo=Logo_microsoft.jpg}}微软中国

[http://www.vulnhunt.com/ '''南京翰海源''']

----

=== Educational Sponsors: ===
[http://www.is.cas.cn/ http://www.owasp.org/images/1/15/ISCAS_logo.gif]中国科学院软件研究所

[http://www.infosec.pku.edu.cn/ http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif]
----

=== Organizing Partners: ===
[http://www.idcquan.com/ http://www.idcquan.com/images/logo2009.gif]

[http://www.seczone.org http://www.seczone.org/templates/jsn_epic_pro/images/logo.png]
----

=== Media Partners: ===
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include:
* Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
* Network Media: IT168, 51CTO, Chinabyte, CTOCIO, Sina.com, 163.com, QQ.com, etc.
----

=== Sponsor US! ===
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [[http://www.owasp.org/images/d/df/OWASP_China_Summit_2010_Investment_Guide.doc English]][[http://www.owasp.org/images/5/53/OWASP_China_Summit_2010_Investment_Guide_Chinese.doc Chinese]]

Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!
----

==== Conference Committee ====

===Contact===
* [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

===Organizers===
* Local host:
**[mailto:rip@owasp.org Rip Torn] [http://www.owasp.org/index.php/China-Mainland OWASP China-Mainland Chapter]
* Overseas:
** [mailto:weilin.zhong@owasp.org Weilin Zhong]
** [mailto:heleng@owasp.org Helen Gao]

===Conference Committee===
* [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
* [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
* [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
* [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
* [mailto:ggfish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, co-founder of Innovative Query Inc, CISSP
* [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
* [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
* [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
* [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.

==== Volunteer ====

=== Volunteers Needed! ===

Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year!
E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

==== Logistics====

=== Venue ===

Hotel Nikko New Century Beijing Conference Center

=== Hotel ===

Hotel Nikko New Century Beijing
北京新世纪日航酒店北京市海淀区首体南路6号

* Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
* Tel: 86-10-6849 2001
* Fax: 86-10-6849 1103
* http://www.newcenturyhotel.com.cn

[http://www.newcenturyhotel.com.cn http://www.owasp.org.cn/images/stories/hotel.jpg]

=== Travel ===

How to obtain a visa for the event
* Invitation letter will be sent out for overseas attendees after registration.
* For detailed information on obtaining a business visa for this event, please refer to [http://www.china-embassy.org/eng/hzqz/zgqz/t84247.htm Chinese embassy]
* More questions, please contact [mailto:heleng@owasp.org Helen Gao]

<headertabs />

[[Category:OWASP AppSec Conference]][[Category:OWASP_China_Summit_2010]][[Category:China]]

File:BioGaoWenInfoSec.pdf

2010-10-07T20:04:08Z

Weilin Zhong:

User:Weilin Zhong

2010-10-07T19:57:35Z

Weilin Zhong: /* 资深应用安全专家钟卫林 */

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has rich R&D experience in various information security areas, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two wonderful young boys and lives with her family in Columbia Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13 年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确理解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究中心做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

User:Weilin Zhong

2010-10-07T19:52:48Z

Weilin Zhong:

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has rich R&D experience in various information security areas, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two wonderful young boys and lives with her family in Columbia Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13 年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确理解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

User:Weilin Zhong

2010-10-07T19:46:39Z

Weilin Zhong: /* 资深安全专家钟卫林 */

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has researched various information security topics, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two wonderful young boys and lives with her family in Columbia Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深应用安全专家钟卫林==

应用程序安全专家，13 年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确理解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。

User:Weilin Zhong

2010-10-07T19:44:13Z

Weilin Zhong: /* 美国富国银行资深安全专家钟卫林 */

==Application Security Expert==

Weilin is an application security expert with 13+ year's experience in information security and specializes in application security since 2002. She is an expert in security code review, penetration testing, vulnerability management, risk assessment and security process. Weilin has rich experience in application security consulting, helping organizations understand and mitigate their application security risks.

Weilin currently works in the security code review team at the Wells Fargo bank, serving business channels across the entire enterprise on application security risks and security coding issues. Prior to Wells Fargo, Weilin spent 6+ years working as a security consultant in Aspect Security and Cigital, providing application security services to customers across various industrial verticals.

Prior to her industrial experience, Weilin has spent 5 years in the academia as a research assistant in the Computer Science Department of University of Virginia and the Engineering Research Center of Information Security Technology (ERCIST) in Institute of Software, Chinese Academy of Sciences in Beijing China. She has researched various information security topics, including authentication, cryptography and network security.

Sharing the passion of application security, Weilin has been actively involved with OWASP since its early years. She is the creator of the OWASP Honeycomb Project, the lead of the OWASP Top 10 Chinese translation, the lead of the OWASP Chinese Project, the key organizer of [http://www.owasp.org/index.php/OWASP_China_Summit_2010 OWASP China Summit 2010], and an active contributor for [http://www.owasp.org/index.php/China-Mainland OWASP China-mainland Chapter].

Weilin received her M.S. in Computer Science from University of Virginia and M.S. in Computer Software from Institute of Software, Chinese Academy of Sciences in Beijing China. Weilin received her B.S. from Huazhong University of Science and Technology in Wuhan China. Weilin has been a Certified Information Systems Security Professional (CISSP) since 2003 and holds GIAC Secure Software Programmer (GSSP) – Java certification.

Weilin is a mother of two wonderful young boys and lives with her family in Columbia Maryland.

[mailto:weilin.zhong@owasp.org Email Weilin.]

==资深安全专家钟卫林==

应用程序安全专家，13 年以上丰富的信息安全经验。精通互联网应用程序的代码检测，入侵检测，漏洞分析和风险评估的工具和方法，并随时跟踪最新的互联网和安全技术发展动向。现任职于美国第四大银行富国银行安全部门，为富国银行各个部门的各种大型企业级互联网应用程序提供代码安全服务，执行代码检测，漏洞分析和风险评估。钟卫林有多年安全咨询经验，曾任职美国领先的应用安全咨询公司Apsect Secuirty 和 Cigital, 为各个行业的各大公司提供各种安全咨询服务，帮助企业正确理解应用安全风险，建立和评估企业安全流程，为各种大型企业级应用程序提供安全评估和安全解决方案。钟卫林还拥有多年信息安全研究和开发经验，曾在美国弗吉尼亚大学的计算机系和中科院软件所信息安全工程研究做多个信息安全领域的研究和开发工作，包括身份认证系统，密码学和网络安全。钟卫林拥有美国弗吉尼亚大学计算机科学硕士学位，中国科学院软件所计算机软件硕士学位和华中理工大学计算机科学学士学位。钟卫林拥有CISSP和GSSP-J证书。