This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Day KL 2011

Jump to: navigation, search


OWASP DAY KL 2011 - Malaysia

OWASP Malaysia will host OWASP Day KL 2011 in Kuala Lumpur, Malaysia from Sep. 20 to Sep. 21, 2011 and colloborate with UniKL-MIIT & OSDCMY. The events will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from Malaysia and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Malaysia and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 200 people are expected to attend the events. exhibition and lunch will be held at the summit, providing sufficient networking opportunities.

Official Invitation Letter for OWASP Day KL 2011 English & Malay.

For the events day we have limited OWASP T-shirt from OWASP Foundation for the most twitter using hash-tag #owaspmy. We will calculate your twitter base on twitter status.

FaceBook Event Page OWASP Day KL 2011

Registration Now Open!!!

For more detail on the fee and workshop

Who Should Attend OWASP Day KL 2011:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security
  • Lecturer & Student it IT field

All the attendee will be provided Attendee Certificate by UniKL & OWASP Malaysia


Adli Wahid

Adli Wahid of Cybersecurity Malaysia VP CyberSecurity Responsive Services on a day to day basis. Our team provide incident handling service for anything related to .MY, watch and warn activities, and co-ordination with other security teams (FIRST, APCERT), research groups (i.e. The Honeynet Project) and interest groups (i.e. APWG, ShadowServer).

He specializes in malware, phishing and visualization and has designed and co-ordinated cyber drill exercise at the national and regional level.


CALL FOR Presentation

OWASP Day KL 2011 Conference will be a major international forum for the presentation of research results, cutting-edge ideas and in-depth discussions in the field of application security. OWASP Day KL 2011 Conference invites application security researchers, thought leaders and developers worldwide to submit papers for the opportunity of presenting to expected participants.

The topics we are seeking include, but are not limited to:

  1. Web Application Security
  2. Mobile Application Security
  3. Cloud Application Security
  4. Software and Architecture Patterns for Application Security
  5. Metrics for Application Security
  6. OWASP Tools and Projects
  7. Secure Coding Practices (J2EE/.NET)
  8. Application Security Testing
  9. New Attacks and Defense
  10. Other subjects related to OWASP and Application Security

To make a submission:

Call For Presentation CLOSED

Each talk should be limited to 40 minutes, followed by a 5 minute question session.

  • Submission deadline: August 20, 2011.
  • Notification of acceptance: August 22, 2011.
  • Presentation slides due: September 20, 2011.

CALL FOR Training

In-conjunction with OWASP Day KL 2011 also provided workshop. It will separate day with the seminar and will conduct 1 full day. It will 3 major topic on the workshop.

  • SQL Injection (Secure & Prevent)
  • Penetration Tester
  • IT Audit

Call For Training CLOSED

  • All the speaker & trainers will be given Speaker Honor Cert from UniKL & OWASP Malaysia

Suhas Desai

A distinguished Senior Consultant of Aujas Networks, At Aujas, he is handling Mobile Security Services. He is responsible for growth of Mobile Security Services. His extensive experience in Mobile Technology spreads across iApps Security, Mobile PKI, Mobile Apps (Android, J2ME), USSD/DSTK Apps, Mobile VAS, SIM card and Mobile Payment’s Security services. Prior to joining Aujas Networks, he has worked with Tech Mahindra. A frequent speaker at prominent industry and customer forums, Desai has been on technical advisory committees for prestigious National and International conferences. He has delivered over 350 conference talks on software & mobile security across the globe including OSSPAC’09, Singapore; INTEROP 2009, Mumbai; STeP-IN 2010 Bangalore; MOSC 2010, Kuala Lumpur; OSBizConference 2010, Malaysia; ‘Mobile VAS in Growth Markets summit’, 2010, Dubai ; ClubHack 2009, Pune; c0c0n 2010, Cochin and ‘4th Mobile Commerce Summit ASIA’, 2011, Kuala Lumpur. He is a proud author of several research papers for reputed journals and magazines in Security, RFID and Image Processing domain. He also contributes features for Linux for You, Linux+ and Linux Journal magazines.

Ahmad Azizan Idris

Ahmad Azizan graduated from International Islamic University Malaysia with Bachelor's Degree in Computer Science and is currently working as an Intrusion Analyst in Malaysia Computer Emergency Response Team (MyCERT) at CyberSecurity Malaysia. His works mainly concentrated in incident handling, malware analysis, security tools development and other security-related stuff. Currently he involves heavily in mitigating client-side attack specifically on Malicious PDF analysis.

Azam Abdul Rahim

Azril azam is currently works as the Global Response Center Development Team Leader with the International Multilateral Partnership Against Cyber Threats (IMPACT), an International Telecommunication Union (ITU) cybersecurity agenda agency. Previously, azril works as the senior researcher with MIMOS Berhad specialized in x86 system virtualization, trusted computing, and computer forensics. He is currently a GIAC certified forensics analyst and also the EC COUNCIL certified security instructor. He has wrote several papers pertain to system security, computer forensics and system virtualization. He also a firm believer in OSS where till this date has wrote several security software under the GNU license. His computer forensics software project called FIRST has won several international and demostic awards including gold award for invention at ITEX 2006 and best Malaysian open source software 2006. Currently at his sparetime, he is in the final stage in completing the next OSS project

Errazudin Ishak

Errazudin holds a Master`s degree in Computer Science (Software Engineering) and works as Solution Architect at Mimos Berhad, A Malaysia government research agency, in ICT and frontier technology. His job focuses on web application developement, deployment, performance and stability. He has spoken at several meetups and conferene and has worked with various back-end and web technologies. In his free time he loves to emulate Richard Gasquet`s backhand on court.

Walter Wong

Walter is a technical lead for Gain Secure based in Malaysia. The company specialized for providing secure application development and user experience (UX) consultation services to customers. Walter is a Microsoft MVP for developer security. Research on application development security is Walter's personal interest. He also successfully discovered many websites vulnerabilities including some high traffic websites over the past few years. Walter often speaks at technical conferences such as Visual Studio 2010 Launch, TechEd SEA, Security Symposium, TechNet/MSDN, Tech Insights and more.

Harisfazillah Jamel

Mohd Hafiz Tabrani

Mohd Hafiz Tabrani currently works as Senior Intrusion Analysis for Malaysia Computer Emergency and Response Team (MyCERT) under umbrella of CyberSecurity Malaysia. Prior to that, he worked as an Intrusion Analyst at MyCERT department. His education background comprises of Degree in Computer Science from National University of Malaysia in 2000.

Hafiz has been involved in the computer security field for over 5 years. His area of focus and interest is network security, honeynet, websecurity and malware analysis. He also engages in several penetration-testing exercises and to provide solutions for any vulnerability detected. Moreover, he is recognized for conducting numbers of training for organizations to talk on topics ranging from introduction to advanced security courses. He also involved as a GSOC (Google Summer of Code) mentor for Honeynet Project during 2010 mentoring on PHP Sandbox. He is also main contributor for CyberSecurity Malaysia Honeynet Project’s blog. He currently holds a GPEN certification from SANS Institute.

Adnan Mohd Shukor

Adnan Mohd Shukor is an Intrusion Analyst at Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia. His Education background comprises of Degree in Information Technology, majoring in Security Technology from Multimedia University. He is also a GIAC Certified Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH) and member of the SANS Advisory Board since 2009.

In the IT security line of work, he has plenty of experience in aspects of network security, penetration testing, web security, client side security, honeypot technology, system development and automation. He has contributed a lot in open source projects especially related to security and he is also the founder of DontPhishMe and MyPHPIPS

Alip Aswalid Asri

Alip Aswalid bin Asri is an Intrusion Analyst at Malaysian Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia. His works mainly concentrated in Incident Handling, Website Security, Penetration Testing and Security Tools Development. He is also familiar in web development using Ruby on Rails and PHP.

Syed Zainudeen Mohd Shaid

Syed Zainudeen Mohd Shaid is a member of Information Assurance and Security Research Group (IASRG) in Universiti Teknologi Malaysia (UTM). With a Software Reverse Engineering background, he is now active in Malware Research and Penetration Testing. He also does training on Ethical Hacking and give talks on Computer & Internet Security. He is currently the Web Security Advisor for UTM.

Mohd Ridzuan Isa

Mr. Mohd Ridzuan Isa was born in october 1978, entered IIUM for the programme of Bachelor of Engineering in Mechatronics, despite knowing his passion lies with computers. Graduated in 2004, he gained employment with UniKL-BMI. Since then, he dabbled in the arcane world of unix and linux, lived on the bleeding edge with knoppix, kanotix and sidux. These days, he's slowing down a bit, opting for Linux Mint for desktop and Debian stable and testing for server setups. Picked up CCNA instructor certificate along the way, he is currently on an infrastructure design research team for private cloud service.

Amir Haris Ahmad

Amir Haris Ahmad is a visionary in information technology and computer security fields, with particular interest in DNS technology and IPv6. Prior joining Localhost SDN BHD, He was a Senior Researcher at .my DOMAIN REGISTRY, doing research on DNS Security Extension (DNSSEC). A familiar trainer for DNSSEC workshop in Malaysia and some international training events. Amir's extensive technical background includes computer security, DNS, UNIX operating systems, IPv6, and software development in C/C++, ruby and web technology (rails3). He was also a speaker on DNSSEC related topics at few conferences such as MOSC, MYGOSSCON and Hack in The Box (SIGINT-HITB2010KL). At Localhost he is currently head his own development team on some potential projects that involve new technology such as DNS/DNSSEC appliance for .my registry (MYNIC). A registered member of Internet Society Malaysia Chapter (ISOC), Malaysian National Computer Confederation (MNCC), The Open Web Application Security Project (OWASP) and Information Security Professional Association of Malaysia (ISPA). At mean time Amir holds M.Sc, CNE6, GSEC, GCIH, LPIC1, CiSE, NCLA & MCP. He also will be presenting at APECTEL44, talking about DNSSEC related topic.

Final Program

Day 1 - 20 September 2011

      • Reminder: Workshop participants please bring your laptop during the workshop sessions
Web Security: Analysis and Incident Handling on web Attack/Incident by Adnan Mohd Shukor & Alip Aswalid Asri

Introduction IT Audit & Assesment by Harisfazellah Jamel

Introduction to Ethical Web Application Hacking "Pentest" by Syed Zainudeen Mohd Shaid

Registration (Level 7)
Lab 706
Lab 707
Lab 708
Morning break (Level 7)
Lab 706
Lab 707
Lab 708
Lunch (Level 7)
Lab 706
Lab 707
Lab 708
Tea Break (Level 7)
Lab 706
Lab 707
Lab 708
Training Ended

***Reminder: Workshop participants please bring your laptop during the workshop sessions

Day 2 - 21 September

Time Activity Location
8.00a.m Registration Bestari Lecture Hall, Lvl 2

Opening Ceremony

Recitation of Dua’

Welcoming Speech by Dr Shahrul Niza

Opening Speech by Mohd Fazli Azran


Montage & UNIKL-MIIT

Keynote Speech by Adli Wahid

Bestari Lecture Hall, Lvl 2
9.45a.m Morning Break (Corridor Bestari Lecture Hall Lvl 2, VVIP at Lvl 29, Banquet Room)

Suhas Desai

"Mitigating Security Risk in Mobile Payment Application"

Bestari Lecture Hall, Lvl 2

Ahmad Azizan

"Gallus: Analyzing Malicious PDF"

Bestari Lecture Hall, Lvl 2

Azril Azam Abdul Rahim

"Identify, Mitigate & Prevent DDOS Attack via libNetFilters Que"

Bestari Lecture Hall, Lvl 2

Mohd Hafiz Tabrani

"pKaji: Suspicious PHP Script Analyzer"

Bestari Lecture Hall, Lvl 2


Lunch Corridor Bestari Lecture Hall Lvl 2, VVIP at Lvl 29, Banquet Room


Errazudin Ishak

"Rise of the Planet of Anonymous"

Bestari Lecture Hall, Lvl 2

Walter Wong

"Tips and Tricks To Secure .Net Web Application"

Bestari Lecture Hall, Lvl 2

Tea Break Corridor Bestari Lecture Hall Lvl 2, VVIP at Lvl 29, Banquet Room


Mohd Redzuan Isa

"Cloud Computing: Covering Our Bases"

Bestari Lecture Hall, Lvl 2

Amir Haris Ahmad

"DNS Security"

Bestari Lecture Hall, Lvl 2
5.30p.m End of Events

Preliminary Program

  • Day1.png
  • Day2.png

The final program will be available before September 2011.

CyberSecurity Malaysia

Malaysia Computer Emergency Respond Team

EC-Council APAC

Panda Malaysia

Linux Professional Institute

University Kuala Lumpur

Computer Security System Club by Student UniKL-MIIT

Open Source Developer Community Malaysia

New in 2011, we are offering exclusive OWASP Day KL 2011 Sponsorships to provide additional benefits and streamline the planning process for our most supportive organizations.

Please contact us directly if you have any related question.

Intented Sponsors:

Registration Fee

If you are neither an OWASP member nor an OWASP Malaysia chapter member, please feel free to join us!

It is free for all OWASP Paid members and all OWASP Malaysia Paid chapter members.


Early Bird

(Before 10 Sept 2011)


(From 10 Sept 2011)

1. Seminar

a. Member
b. Non-Member


MYR 58


MYR 68

2. Workshop

a. Analysis & Incident Handling
b. Web Application Hacking (Pentest)
c. IT Audit & Assement


MYR 198
MYR 198
MYR 198


MYR 228
MYR 228
MYR 228

3.Workshop and Seminar

MYR 239

MYR 279


Please ensure that the information given are correct before submission.
Our staff will send confirmation email and payment MUST be made within 5 working days.
Method of payment:
A) cash deposit.
B) LO & PO for government only.
C) cheque deposit .
D) online money transfer.


For more inquiries on payment, please contact:
Mrs Dalilah bt Abdullah
No. Telephone : +603-21754363 / +60321754365 / +60321754370 / +60321754210
No. Fax : +603-21754441


Please check the local hotel website for detail information. For more details please check at logistic tab.


Universiti Kuala Lumpur



For the Hotel suggested near at the venue area:


How to obtain a visa for the event

  • Invitation letter will be sent out for overseas attendees after registration.
  • For detailed information on obtaining a business visa for this event, please refer to Malaysia embassy