This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Italy OWASP Day 3

Jump to: navigation, search

Back to the Italian Chapter

OWASP Day III: "Web Application Security: research meets industry"

Hosted by:
Centro di Competenza ICT-Puglia - Dipartimento di Informatica
Università degli Studi di Bari

23rd February 2009 - Bari (Italy)

1.png 2.png 3.png 4.png 5.png

OWASP-Day Sponsors

Platinum Sponsors:


Gold Sponsors:

FortifyNew.JPG IBM.pngRational.gif S%26P.png


Welcome to the OWASP Day III Italy Conference for 2009. Following on from the great success of OWASP Day II in 2008 the third conference has taken place in February 2009.
Thanks to the collaboration with the Centro di Competenza ICT-Puglia - Dipartimento di Informatica Università degli Studi di Bari, last 23rd February we hosted the Conference: "Web Application Security: research meets industry".

Organization and goals:

  • The event showed several points of discussion: we talked from a research and industry point of view.
  • As conclusion of the day, we organized a round table discussing the more interesting subjects come out during the event.
  • Conference goal was that to create a debate on which will be the evolution of the research for the Web Application Security, what industry and University are doing and what they should do.


OWASP Day III Italy - Conference Schedule

9.00h"Welcome and opening of the works"
Prof. Giuseppe Visaggio - Università di Bari - Presidente del Centro di Competenza ICT-Puglia
9.20h"Introduction to the OWASP-Day III"
Matteo Meucci - OWASP-Italy Chair, CEO Minded Security
09.45h"Trusted Computing: tecnologia ed applicazione alla protezione del web"
Prof. Antonio Lioy - Politecnico di Torino
10.30hCoffe break
11.00h"L'implementazione di un modello di sicurezza in ambito bancario: l'esperienza multinazionale di Banca Antonveneta"
Manuele Cavallari - Responsabile IT Security Office - Consorzio Operativo Gruppo MPS
11.30h"Analisi forense dopo un cyber attack"
Ass. Davide Gabrini - Analista forense presso il Compartimento Polizia Postale e delle Comunicazioni di Milano
12.15h"A Software Security Maturity Model"
Brian Chess - Chief Scientist at Fortify Software
13.00hBusiness Lunch
14.00h"Http Parameter Injection"
Stefano Di Paola - CTO Minded Security
14.30h"SHIELDS: metrics, tools and Internet services to improve security in application developments"
Domenico Rotondi, Alessandra Bagnato, Eva Coscia, Cinzia Rubattino - TXT e-solutions Spa
15.00h"Secure Code Review: dalla teoria alla pratica"
Antonio Parata - Security Consultant Emaze Networks
15.30hCoffe break
16.00h"Automatic Generation of Test Cases for Web Application Security: a Software Engineering Perspective"
Prof. Corrado Aaron Visaggio - Università del Sannio
16.30h"Harden your Java Components!"
Pierre Parrend - SE FZI Karlsruhe
17:00hRound table:“La ricerca nella Web Application Security, qual’ è lo stato dell’arte? Quali progetti/iniziative per aiutare le aziende a creare applicazioni più sicure e a difendersi da nuove forme di attacchi? Cosa sta facendo l’Università in tal senso? Quanto sono vicini il mondo aziendale al mondo accademico?”

Panelist: Danilo Caivano - Università di Bari, Corrado Aaron Visaggio - Università del Sannio, Giorgio Fedon - COO Minded Security

Keynote: Matteo Meucci



The OWASP-Italy Day III will be hosted by:

Centro di Competenza ICT SUD - Puglia
Department of Informatics
University of Bari
Via E. Orabona, 4 70125 - Bari - Italy



The conference is open to all attendees for free (coffee break and business lunch are included) but it requires (mandatory) registration. In order to guaranty a well organized event, the unregistered attendees will not be allowed to access the conference.

To register at the conference please fill your information at the following form:

Goals and Topics:

The OWASP Days have always offered a forum for discussion and exchange of ideas among researchers and practitioners who present their experiences and discuss issues related to Web Application Security from a higher level to a technical point of view.

Conference topics include, but are not limited to:

  • The evolution of attacks and countermeasures for the security in the Web Application
  • Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.
  • Application Security Assessment Model
  • Data Privacy Enabling Technology
  • Experience report in applying OWASP guidelines to industries

Conference structure and schedule:

OWASP-Italy Day III will be all day Conference. The conference aims to provide a workshop-like atmosphere in which contributions can be presented and then time is allowed for constructive discussion of their results and processes.

It will be structured in two sections:

  • speakers presentations, questions/answers;
  • round table with international guests discussing the more interesting subjects and issues that arise during the event

During the conference two coffee break (one in the morning and one in the afternoon) and the business lunch will be served.

The detailed agenda of the conference will be available on the web site before the event.

Call For Sponsorships (CLOSE):

The aims of OWASP - Italy community is to guarantee access to the conference for free in order to allow for wide participation and empower the community itself. As so the OWASP - Italy community encourages Industries, Research Institutions and Individuals to sponsor their activities and events. Three types of sponsorships are available:

  • Silver sponsorship: 1500 euro. It Includes: the publication of the sponsor logo on the web site
  • Gold Sponsorship: 2500 euro. It includes: the publication of the sponsor logo in the agenda, on the web site, on the flyers and in all the official communications with the attendees at the conference. The possibility to distribute the Company brochures, CDs or other materials to the participants during the event.
  • Platinum Sponsorship: 3000 euro. It includes: the gold sponsorship, dedicated space for the Company to show their offering to the attendees.

Those who are interested in sponsoring OSWAP-Italy Day III Conference can contact the OWASP Italy Day III Organizing Committees:
Voice : +39 080 544 3270 or +39 080 544 2300
Fax : +39 080 544 2536
E-mail: [email protected]

Call for Paper (CLOSED) and review process:

OWASP solicit contributions on the above topics, or general matters of interest to the community. Those who are interested in participating as speakers to the conference can submit an abstract of the speech to the OWASP-Italy Board by email at: owasp-italy <at>
The email subject must be “OWASP Day 3: CFP” and the email body must contains the following information/sections:

  • Name and Surname
  • Affiliation
  • Address
  • Telephone number
  • email address
  • list of the author’s previous papers/articles/speeches on the same topics
  • Title of the contribution
  • Type of contribution: Technical or Informative
  • Abstract (max one A4 style page)
  • Why the contribution is relevant for OWASP-Italy Day 3

The submission will be reviewed by the OWASP-Italy Board and the 8-9 most interesting ones will be selected and invited for presentation

Important dates

  • Contributions submission deadline: 15th January 2008
  • Communication of acceptance for contributions: 3rd February 2009
  • Registration deadline: 20th February 2009
  • Conference Agenda due: 10th February 2009
  • Conference date: 23rd February 2009

OWASP Italy Day III Organizing Committees:

  • Maria Teresa Baldassarre – Department of Informatics - University of Bari
  • Danilo Caivano – Department of Informatics - University of Bari
  • Matteo Meucci – OWASP-Italy Chair
  • Corrado Aaron Visaggio – Engineering Department - University of Sannio
  • Nicola Quarantiello – ICT Security Consultant
  • Walter Lombardi – Polizia di Stato - Polizia delle Comunicazioni