AppSecIreland2012

OWASP is currently soliciting training & presentation proposals for the OWASP AppSec Ireland 2012 Conference which will take place at Trinity College Dublin in Ireland, on September 4th through September 6th 2012. There will be training courses on September 4th & 5th followed by plenary sessions on September 6th.

Topics

In accordance with the broader OWASP mission stemming from the 2011 OWASP Global Summit, AppSec Ireland is working to reflect the move of OWASP towards embracing all facets of Application Security, and not restricting it's content to strictly to the realm of web applications. Therefore we invite all practitioners of application security and those who work with or interact with all facets of application security to submit papers and training proposals to the conference.

Call for Papers

The AppSec Ireland 2012 Conference Committee is seeking presentations in the following subject areas:

• OWASP Projects
• Research in Application Security Defense (Defense & Countermeasures)
• Research in Application Security Offense (Vulnerabilities & Exploits)
• Web Application Security
• Critical Infrastructure Security
• Mobile Security
• Government Initiatives & Government Case Studies
• Effective Case studies in Policy, Governance, Architecture or Life Cycle
• and other application security topics

Call for Training

The AppSec Ireland 2012 Conference Committee is seeking trainings in the following subject areas:

- Security in Web 2.0, Web Services/XML - Advanced penetration testing - Static analysis for security - Threat modeling of applications - Secure coding practices - Security in J2EE/.NET patterns and frameworks - Application security with ESAPI - OWASP tools in practice

We will look favorably on laboratory-based/hands-on training.

Submission deadline and instructions

Submit papers/training proposals to http://cfp.appsecireland.org. Submission deadline is Wednesday June 6th 2012. Inquires can be made to ireland at owasp.org.

To submit a paper, you will have to sign up for an EasyChair account at https://www.easychair.org/account/signup.cgi.

Please specify in the form whether you are submitting a Training or a Presentation proposal. Eg. Title: "Training - Introduction to Web Application Security"

Special Note only for Training Proposals

To submit your training proposal please fill out the OWASP CFT Proposal document located below and attach it while filling out the online form. Upon acceptance you’ll be requested to fill out the Training Instructor Agreement where you’ll find details on revenue split etc.

http://www.appsecireland.org/wp-content/uploads/2012/05/OWASP_CFT_Proposal.doc

OWASP AppSec Ireland 2012 Secure Coding Competition

What’s this about?

OWASP AppSec Ireland 2012 will host a secure coding competition to give you and your friends the chance to test your secure coding skills and challenge other secure coders for the title of AppSec Ireland 2012 Secure Coding Competition (SCC) Champions. The competition is open to everybody and is designed to promote awareness of the benefits of designing and developing secure applications – a skill that all aspiring and accomplished software developers should aim to possess.

Tell me more...

You and your friends will form a team of between 2 and 4 people to design and develop the most secure Java or .NET application based on a web application requirement specification that will be handed out on the morning of the first day of the competition. The onus will be on developing a functioning and usable web application without sacrificing on security. Teams will be scored on functionality, usability, reliability and security.

If you'd like to take part in the competition but don't have a team to join, you can email one of the organising team and let us know. We will keep a list of people wanting to join a team and we can put you in touch with each other, after which the team can register.

How will it be judged?

Teams and their finished applications will scored on a number of areas:

• Short discussion with the esteemed judging panel on design approach and consideration for OWASP Top 10 web application vulnerabilities
• Demonstration of working functionality as per requirements
• Automated secure code review using a leading commercial static source code analysis tool
• Automated vulnerability scanning of application using a leading commercial application vulnerability scanner

Scoring will be designed to promote both a secure approach to, and implementation of, web applications. We want you to demonstrate that there does not need to be a trade-off between functionality and security.

When is it on?

The competition will be ran over the two training days of the conference on the 4th and 5th of September, with the results and prizes awarded on the day of the presentations, the 6th of September. Teams will need to be around the conference for short presentations to the judges on the 6th as well.

What do we need to bring with us?

You are allowed to bring any equipment you want and you can set up a local area network between your team if desired. In order to reflect the realities of the modern constantly connected world, Internet access will be allowed and will be provided. However, abuse of this privilege, such as attempts to plagiarize other applications, could lead to disqualification. Teams will be responsible for providing their own software (SDK, web server and database) and software licenses.

What can I win?

The winning team first and foremost will be showered with the adulation and adoration of the OWASP community. In addition, the winning team will receive a cash prize and goody bags, the inaugural trophy and be crowned OWASP AppSec Ireland 2012 SCC Champions! There will be runner-up prizes and goody bags for second and third place.

Who can enter?

The competition is open to everyone from academic, students, open-source and industry backgrounds. A registration fee of €100 per team is required in order to prevent teams signing up and then not showing up on the day. In some cases this registration fee may be waived - please contact the organising team for applicability. Due to the time and resources required to run this type of event places will be limited to 8 teams in total so registering early is vital if you want to reserve your place.

OK I'm interested. Where can I sign up?

Registration is now open here: http://reg.appsecireland.org (redirects to cevent.com). Just follow the usual registration process and select the "Secure Coding Competition" option and the give the details of your team. Make sure to read the longer list of rules in the fine print section below.

Who can I contact about this?

Please contact Niall Jordan ( niall.jordan at owasp dot org), Marian Ventuneac (marian.ventuneac at owasp dot org) or Eoin Keary (eoin.keary at owasp dot org) for any questions relating to the competition

So what's the sneaky fine print?

Here is fine print that we think you should know about before registering (it's not really sneaky):

• As stated already, you are responsible for providing your own software, hardware and licenses. As well as obviously requiring a SDK and a web application server, teams will also need to have some form of database software for the web application to interface with.
• A detailed requirements specification for the application will be provided to the teams on the first morning - Tuesday the 4th.
• A room will setup at the conference for the teams which will be open between 9am and 6:00pm. Participants will be allowed to take their equipment home at the end of the day as expecting people to do without their laptop during the evening is not realistic, along with the other concerns such as security and insurance.
• Internet access is allowed. Obvious signs of plagiarism will lead to disqualification so please only use it for reference and help. We will endeavour to provide wi-fi access to all teams but prudence would suggest bringing your own 3G access if possible.
• Teams are expected to produce the following deliverables to the judges by 6pm on Wednesday the 5th:
  • Buildable/compilable source code for manual and automated static code analysis
  • Working web application that is accessible to a browser and application vulnerability assessment tool. Networking equipment to create a LAN for judging purposes will be provided so teams just have to make sure it the application is externally accessible
• We don't wish to endorse one browser over another, but in the interests of uniformity we will be viewing all applications with Internet Explorer. We suggest you optimize the application to work on Internet Explorer 8 or later.
• As part of the judging process, teams will be expected to present and demonstrate their completed application to the judging panel, and answer any questions they may have. This will contribute a certain amount to your score. These presentation will take place on the morning of Thursday the 6th and should take no longer than 30 minutes for each team.
• In all cases the judging panel's decision will be final.
• The organising committee reserves the right to make changes to any of the rules and regulations without prior notice.
• The organising committee reserves the right to defer or cancel the competition due to Acts of God, health advisories by relevant Government authorities, or circumstances beyond our control.
• All submitted code must be original and not infringe any copyrights or any third party intellectual property rights. The applicants agree to indemnify the organising committee and supporting organisations against any disputes, liabilities or damages howsoever arising.
• Collaboration, copying/sharing across teams is disallowed. We don't mean to discourage sharing, but we need to be fair to everyone.
• Any infringement of the rules and regulations by any team members may result in the disqualification of the whole team.
• No substitution of team members is allowed once the competition starts.
• All team members must be present throughout the competition.
• Collaboration, copying/sharing across teams is disallowed.

OWASP is providing sponsors exclusive access to its audience in Trinity College Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers.Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.

The conference is expected to draw over 300 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.

Sponsorship opportunities are filling up rapidly. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit), driving funding for research grants, tools and documents, local chapters, and more.

All sponsorship opportunities feature significant discounts to OWASP members, allowing you year-round access the web application security’s top thinkers as well as use of OWASP materials in product and service delivery.

To find out more about the different sponsorship opportunities please check the document below:

https://www.owasp.org/images/9/93/Ireland_OWASP_sponsorship_2012.pdf

Registration is NOW open!

Registration Fees

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

* We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size :).

The Morgan Hotel:

Stay in one of the best luxury hotels in Dublin, The Morgan, Design hotel is located in Temple Bar. This 4 star Hotel Dublin offers an oasis of calm in a central location. The hotel’s cool modern interiors, chic design and boutique luxury hotel rooms are all part of an experience designed to pamper guests and breathe new life and style into hotel living.

This city centre Dublin hotel is just a few blocks away from Trinity College, Grafton Street, the main shopping thoroughfare, theatres, shopping, music and nightlife along with proximity to the IFSC, Dublin’s main business district. There is no other 4 star hotel Dublin quite like it!

Stay in the heart of the conference action at a hotel specially discounted for its attendees.

Rooms can be booked by emailing reservations@themorgan.com and quoting OWASP.

The contact in reservations is Bernadette Doyle and you could contact her for special requests at the following number: +353 1 643 7000

Special Rates: €130 Bed & Full Irish Breakfast – Single Occupancy €140 Bed & Full Irish Breakfast – Double Occupancy

The Morgan Hotel 10 Fleet st, Temple Bar, Dublin 2 Phone: +353 1 6437000 Fax: +353 1 6437060 http://www.themorgan.ie

Trinity College:

Accommodation is also available on the historic campus at Trinity College Dublin, located right in the centre of the city. The bedrooms, many of which have been recently renovated, are excellent value with prices ranging from Euro 55.00 to Euro 100.00 per night. Rooms are serviced daily and continental breakfast is included in room rates.

For more information visite: https://accommodation.tcd.ie/kxHotel/

Following the success of last year, we are going to host this adrenaline fueled event again!

Kylemore Karting, Ireland’s largest indoor Karting arena, has a choice of three 360 mtr tracks with flyovers, underpasses, hills and banked corners waiting for you.

Race for best time – Race for best crash – Race for fun

This is your chance to sit down, strap in and race for the finish line to “Rev Up” for AppSec Ireland 2012.

The doors open Wednesday 5th September at 7:30pm and there will be transportation available from Dublin city centre.

More info could be found here:

Kylemore Karting Unit 1A, Kylemore Industrial Estate, Killeen Road, Kylemore, Dublin 10 http://www.kylemore-karting.com

REGISTRATION IS NOT OPEN YET. Please visit URL below to register:

http://tbd

Countdown Challenges -- Free Tickets to Win!

You could check all challenges here: TBD

AppSec Ireland Conference Team

• Eoin Keary (eoin.keary at owasp.org)
  
• Fabio Cerullo (fcerullo at owasp.org)
  
• Fiona Walsh (fiona.walsh at owasp.org)
  
• Marian Ventuneac (marian.ventuneac at owasp.org)
  
• Kate Hartmann (kate.hartmann at owasp.org)
  
• Sarah Baso (sarah.baso at owasp.org)
  
• Ana Loza (ana.loza at owasp.org)
  
• Owen Pendlebury (owen.pendlebury at owasp.org)
  
• Niall Jordan (niall.jordan at owasp.org)
  
• Federico Feraboli (federico.feraboli at owasp.org)
  
• Adrian Hermoso (adrian.hermoso at owasp.org)
  
• Claire Woll (claire.woll at owasp.org)
  
• Michelle Fagan (michelle.fagan at owasp.org)