This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AU Conference 2009

Jump to: navigation, search


Conference Overview

"Setting your Application Security Agenda in 2009."

Welcome to the OWASP 2009 Conference based in Australia. The conference this year follows on from an incredibly successful conference in 2008.

In 2009, we will be returning to the same venue, but will be including many more training sessions, interesting speakers both local and international. Our Agenda & Schedule are finished and online. Registrations open shortly (Jan 12th) and we have 6 weeks to the conference.

The OWASP 2009 AU conference has attracted attention from all around the world, and this year we will feature some of the most well known industry speakers and organizations to participate in the conference. No matter where you are in the world, this is the conference on security you must attend for the beginning of 2009. Bookmark this page, and keep up to date with all the relevant news for the conference. And don't forget to register.

If you have any questions relating to the conference or just want to help out, please email the AU conference chair, Justin Derry

Latest News & Information

The following latest news is available on the conference.

JAN2009 - Wiki for Conference updated, presentations online and registration open

JAN2009- Submissions have been selected, final details online and speakers allocated. Registration opens in a week.

NOV2008- Call For Papers, Presentations and Training is sent to everyone on OWASP.

NOV2008- OWASP Wiki is updated with all the relevant information about the 2009 Conference.

JUL2008- Gold Coast Convention Centre selected as the conference venue again for the 2009 event.

Conference Training & Workshops

Wednesday 25th February 2009. OWASP and selected training partners will provide training sessions for you to attend. Each course is provided at a low cost of $650 USD to attend per person.

We have two great courses on offer this year, presented by two very well respected traininers, Andrew Vanderstock (OWASP Guide Project) and Pravir Chandra (OWASP CLASP Project). You won't want to miss these courses.

Intermediate - Application Secure Architecture/Coding Course

At every other conference or training session, you've only learnt how to destroy applications by attacking their weaknesses. The days of shooting fish in a barrel are over! In this course, you'll learn how to :

Learn about how you can identity and protect your organization's crown jewels

Create secure architectures and designs

Learn about how to protect yourself using the OWASP Developer Guide, in particular touching on:

Authentication and Identity Management

Access Control

Session Management

Canonicalization, Input Validation and Encoding

Accountability, Logging and Error Handling

Secure the database and services

Secure communications and storage

The course will be demonstrating how to use OWASP's ESAPI as a fundamental building block to save you slash development time, save money and be secure all at once.

We will be using OWASP's WebGoat for the demos and class exercises, so please come with the latest version of WebGoat ready to go on your laptop if you want to do the hands on component.

(Course will be delivered by Andrew Vanderstock - OWASP Guide 3.0 Author, ESAPI Project etc)

Intermediate/Advanced - In-depth Assessment Techniques: Design, Code, and Runtime

This course is targeted at those wanting to enhance their software assessment skills. Specifically, the course teaches attendees techniques for design analysis, code review, and penetration testing that uncover a wide variety of vulnerabilities and weaknesses in applications. If you have pre-existing skills and want to learn more this course is perfect. The training course will generally focus on web applications, but most information applies to software of any type. In addition, attendees will learn general methods for protecting against the security issues uncovered by each assessment technique.

The course topics include:

System decomposition for analysis

Lightweight threat/risk modeling

Identifying interfaces/attack surface

Testing business logic and edge cases

Assessing for provision of security mechanisms

Assessing for key vulnerability classes

Risk classification and weighting

Root cause analysis and patching

The course has a primary focus on intermediate/advanced assessment and testing concepts for architects and developers. Automated security assessment tools will be discussed in context, but not demoed. Delivered by Pravir Chandra.

Conference Agenda

The Conference Agenda is online. (We still have some minor updates to complete however. Check it out at.. OWASP_AU_Conference_2009_Agenda

Wednesday 25th February 2009

  • Training courses with both basic and advanced training courses offered.
  • Evening Welcome drinks, Cocktail party and just an opportunity to meet everyone.

Thursday 26th February 2009

  • Conference begins with Keynote session, Welcome and three different tracks (Business, Technical and Workshops)
  • Evening Gala Dinner (A huge hit last year) at the conference center, included food, drinks and entertainment. (meet your peers in the industry)

Friday 27th February 2009

  • Conference continues with another keynote, and the three tracks.
  • Afternoon wrap up with a short cocktails event from a sponsor.

The entire event will be recorded to MP3 and Video this year with all presentations coming online during the conference. See you there.

More information on presentations can be found at OWASP_AU_Conference_2009_Presentations

Conference Location & Accomodation

The Conference will be located at the Gold Coast Convention Center (Surfers Paradise, Australia).

NEW OWASP OFFER - CONRAD JUPITERS CASINO $180.00 A NIGHT.. WHEN BOOKING DIRECTLY WITH THE HOTEL MENTION YOU ARE WITH THE OWASP GROUP. You can contact conrad jupiters reservations team at +61 7 5592 8100

OWASP has managed to secure rooms available at the following hotels. These are within walking distance of the conference and are good rates for the Gold Coast. To book you will need to download the following form ([| Hotel Booking Form]) and then fax to the details included in the form. This will allow you to receive cheaper rates and book under the OWASP group. Another place to try is the WOTIF.COM web site, these sometimes have special discount rates.

Resort: Mantra Phoenician Location: Broadbeach Apartment Type Standard 1 - 2 Nights $238.00 AUD per night 3+ Nights $166.00 AUD per night

Resort: BreakFree Savannah Location: Broadbeach Apartment Type Standard 1 - 2 Nights $180.00 AUD per night 3+ Nights $135.00 AUD per night


Cost & Registration

There are multiple options available for participation:

OWASP Members:

  • Conference: 2 days: 26th and 27th Feb 2009) $425.00 (USD)*Register before 02/07/09 and save an additional $25!
  • Training: 1 day: $650 USD


  • Conference: 2 days: 26th and 27th Feb 2009) $450.00 (USD)*Register before 02/07/09 and save an additional $25!
  • Training: 1 day: $650 USD

Non OWASP Members:

  • Conference: 2 days: 26th and 27th Feb 2009) $475.00 (USD)*Register before 02/07/09 and save an additional $25!
  • Training: 1 day: $650 USD

Conference Sponsors

Once again this year there will be a technology expo for all to join, as well as the opportunity for everyone to see the different technologies available in the software security market.

Sponsorship packages are available for the conference, please visit the sponsorship page for more information and contact the organizing committee Justin Derry

Platinum Sponsor: (To Be Confirmed)

Gold Sponsors: Fortify.png 170px-IBM_logo_svg.png

Associate Sponsor: Auscert-Header-logo.gif AISALogo_download01jul07.gif

Conference Contacts

For more information please contact the team below for conference details, sponsorship or registration.

Mr Justin Derry (Conference Chair)

Email: [email protected]

Kate Hartmann

OWASP Operations Director

9175 Guilford Road, Suite 300

Columbia, MD 21046, USA

Phone: +1-301-575-0189

Facsimile: +1-301-604-8033

Email: [email protected]