SecurityByte and OWASP Asia AppSec Conference 2009

Hotel Crowne Plaza | Registrations

Announcement

2009 - OWASP India is back with more interesting and exciting stuff from AppSec World..

With the successful launch of OWASP India Conference in August 2008, organized in New Delhi with participation from 350+ attendees from 80+ companies and government sector. OWASP India now proudly announces the biggest Information security conference in India in association with an International Information Security Conference (www.securitybyte.org). Securitybyte and OWASP AppSec Asia Conference 2009 is planned for 17th - 20th November 2009 in New Delhi & NCR. Event will cover end-to-end Information Security tracks that includes Application Security, Network / Infrastructure Security, Cyber Terrorism, Cloud security,SOA Security, Cyber Forensics, Wi-Fi security, Risk Management & Compliance, etc.

• Only One Week Left ! Register Online today to grab your seat for India's best Security Conference.
  
  
• Honorable Former President of India, Dr. A.P.J Abdul Kalam to Inaugrate the India Technology Leadership Summit 2009. This event is an Invitation ONLY event.

Click Here for more information.

Welcome

Securitybyte & OWASP are proud to welcome you to the annual international information security conference – Securitybyte & OWASP AppSec Asia Conference 2009, Nov 17th through Nov 20th in Delhi & NCR, India.

This is a landmark event, as both Securitybyte and OWASP join hands to present India’s largest InfoSec event with world renowned and most regarded international speakers.

Securitybye & OWASP AppSec Asia Conference 2009 will be held at Hotel Crowne Plaza, Gurgaon, NCR, India. on 17th November through 20th November 2009.

Who Should Attend Securitybyte & OWASP AppSec Asia Conference 2009:

• Application Developers
• Security Researchers
• Application Testers and Quality Assurance
• Penetration Testers
• Application Project Management and Staff
• IT Security Professionals
• Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
• Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
• Security Managers and Staff
• Executives, Managers, and Staff Responsible for IT Security Governance
• IT Professionals Interesting in Improving IT Security

About

About Conference

Securitybyte and OWASP AppSec Asia Conference 2009 comprise of three parallel conference talks to be conducted in 3 separate halls for two days i.e . 17th & 18th November 2009. Attendees will carry the freedom to switch the halls as per their interest towards a particular talk. Conference talks are being delivered by world renowned and most regarded speakers from around the world.

About Trainings

Two days post-conference are dedicated towards best-of-breed trainings being conducted in association with SANS, ISC2 and other organizations. Trainings tracks have been made available as One-Day tracks and Two-Day tracks scheduled for 19th & 20th November 2009.

OWASP Asia AppSec Conference 2009 Organizing Committee

Committee has been formed by the volunteers who wish to contribute their efforts in organizing India's biggest InfoSec event.

Click Here To View Organizing Committee Members

Registrations

Registration is now open!

You can register here

• Click Here for Online Registrations.
• Click Here for Offline Registrations.
  

Please check out our Exclusive Discount Offer, available Starting October 6th - 15th, 2009. "SAVE BIG NOW !"

The below pricing reflects the Standard Registration Prices .

Two Days of Conference (17th and 18th November 2009)		Rs.8,500/- INR	General Public
Two Days of Conference (17th and 18th November 2009)		Rs.5,000/- INR	Students
Two-Day Training Tracks (19th and 20th November 2009)		Rs.25,000/- INR
One-Day Training Tracks (19th OR 20th November 2009)		Rs.12,500/- INR

** Service Tax @ 10.3% will be charged extra.

• ISC2 Members can avail a Special 15% discount on Conference & Training Registration.

(Please provide your ISC2 Certification ID number to avail the above Discount) For Registrations contact us at [email protected]

Exclusive Offers

- Group / Team Discounts available: Kindly contact us at [email protected]

Special University Student discount
- University Students can register for two days of conference for just Rs. 5000 (including taxes)
- Special 15 % Discounts for Training registration

Click here for details on the training courses that are available.

Who Should Attend Securitybyte & OWASP AppSec Asia Conference 2009:

• Application Developers
• Security Researchers
• Application Testers and Quality Assurance
• Penetration Testers
• Application Project Management and Staff
• IT Security Professionals
• Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
• Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
• Security Managers and Staff
• Executives, Managers, and Staff Responsible for IT Security Governance
• IT Professionals Interesting in Improving IT Security
  

For student discount, attendees must present proof of enrollment when picking up your badge.

Schedule

Three parallel conference talks are scheduled for 17th & 18th November 2009 in three different halls. Training tracks have been divided in one-day tracks scheduled for 19th or 20th November 2009 and two-day tracks those are schedule to continue for two days both on 19th & 20th November 2009. Follow the tabs to learn the details on both conference and trainings.

• Click here to view the Conference Schedule for 17th & 18th November 2009.

• Click here to view Training Schedule on 19th & 20th November 2009.

Conference

Two Days Conference

Securitybyte and OWASP AppSec Asia Conference 2009 comprise of three parallel training sessions to be conducted in 3 separate halls for two days i.e . 17th & 18th November 2009. Attendees will carry the freedom to switch the halls as per their interest towards a particular session. Conference talks are being delivered by world renowned and most regarded speakers from around the world. Below is the conference schedule listing confirmed speakers and talks. Couple of talks are under review by the CFP (Call For Papers) Committee and shall be available as soon as those are confirmed. Event also follows two days of InfoSec trainings to be delivered in association with SANS, ISC2 and other organizations.

 

Where >		Conference Hall 1			Conference Hall 2			Conference Hall 3:
Who >		(Security Researchers & Enthusiasts)			(Security Auditors, Developers, QA, Architects)			(Leaders, Managers, C&S professionals)
Schedule		Topic	Speaker		Topic	Speaker		Topic	Speaker
	9:00AM   - 10:30AM	Keynote Sessions
	10:30AM - 11:00AM	Tea break & Snacks on Exhibition Floor
	11:00AM - 12:00PM	Active Man in the Middle	Adi Sharabani, IBM		How To Blackbox Test Almost Anything	Aviram Jenik, Beyond Security		The International State of Cyber Security, Risk reduction in a high threat world	Howard A. Schmidt, Former Cyber Security Advisor to the White house
	12:00PM - 1:00PM	Reconsidering Network Defenses or NOT !	Cedric Blancher, EADS Innovation Works		Lust 2.0 – Desire for free WiFi and the threat of the Imposter	Lava Kumar Kuppan, Independent Security Researcher		Applications - The new cyber security frontier	Mano Paul, Software Assurance Advisor (ISC)2
	1:00PM    - 2:00PM	Lunch
	2:00PM    - 3:00PM	Exploiting Firefox Extensions	Roberto Suggi Liverani, Security-Assessment.com		Threat Modeling	Varun Sharma, Microsoft Corp.		Behind the scenes at the Microsoft Security Response Center	Dave Midturi and Suresh Venkateswaran, Microsoft Security Response Center
	3:00PM    - 4:00PM	SQL Server Forensics 2.0	Kevvie Fowler, TELUS & Ringzero		Vbootkit 2.0: Attacking Windows 7 Via Boot Sectors	Nitin Kumar/Vipin Kumar, Independent Security Researchers, Nvlabs		Business Case-Risk Management/Compliance at leading Education Group at AMITY	Dr J.S Sodhi, AMITY
	4:00PM    - 4:30PM				Business Continuity Case Study	Venkataram Arabolu, BSI		Usability and Privacy in Security	Ponnurangam Kumaraguru, IIIT
	4:30 PM   - 5:30 PM	Tea break & Snacks on Exhibition Floor
	7:00PM    - 10:00PM	India Technology Leadership Summit 2009 (Exclusive by invitation only) -" Information Security Concerns for Offshoring"
Where >		Conference Hall 1			Conference Hall 2			Conference Hall 3:
Who >		(Security Researchers & Enthusiasts)			(Security Auditors, Developers, QA, Architects)			(Leaders, Managers, C&S professionals)
Schedule		Topic	Speaker		Topic	Speaker		Topic	Speaker
	9:00AM   - 10:00AM	Round Table with Speakers / Industry Panel - "Security Today & Tomorrow'
	10:00AM - 10:30AM	Tea break & Snacks on Exhibition Floor
	10:30AM - 11:30AM	Ten Things Web Developers Still Aren't Doing	Frank Kim, ThinkSec Consulting		SANS Dshield Webhoneypot Project	Jason Lam, Independent Security Researcher		Critical Infrastructure Security “Danger Without borders”	John Bumgarner, US Cyber Consequence Unit (USCCU)
	11:30AM - 12:30PM	Cloud Hacking – Distributed Attack & Exploit Platform	Shreeraj Shah, Blueinfy Solutions		Testing JSON Applications For Security Holes	Aviram Jenik, Beyond Security		Critical Infrastructure Security “Danger Without borders”	John Bumgarner, US Cyber Consequence Unit (USCCU)
	12:30PM  - 1:30PM	Lunch
	1:30PM    - 2:30PM	All Your Packets Belong to Us - Attacking Backbone Technologies	Daniel Mende, Security Researcher, ERNW		Risk based Penetration Testing	K. K. Mookhey, Founder & Principal Consultant, NII Consulting		Wi-Fi security: the good, the bad and the ugly	Cedric Blancher, EADS Innovation Works
	2:30PM    - 3:30PM	Xprobe3 - What's New? Going Application Level	Fyodor Yarochkin, Armorize		OWASP SAMM	Pravir Chandra, OWASP		Do you wanna Play a Game Game theory and Cyberwar	Bryan K. Fite, HackSecKlahn
	3:30PM-4:00PM	Tea break & Snacks on Exhibition Floor
	4:00 PM   - 5:00PM	Rumbling Infections – Web Malware Ontology	Aditya K. Sood, COSEINC		Hacking Oracle From Web	Sid, Independent Security Researcher		Connected Information Security Framework	Anil Kumar Chintala, Microsoft
	5:00PM    - 5:30PM	Closing Remarks by Organizing Committee

Trainings

Two Day Trainings

Two days post-conference are dedicated towards best-of-breed trainings being conducted in association with SANS, ISC2 and other organizations. Trainings tracks have been made available as One-Day tracks and Two-Day tracks scheduled for 19th & 20th November 2009.

Day 1 - 19th Nov, 2009				Day 2 - 20th Nov, 2009
Course ID	Course Duration (# of Days)	Course Title	Instructor	Course ID	Course Duration (# of Days)	Course Title	Instructor
One Day Training Tracks
SB1DHSO	1 Day	ORACLE Hacking & Security	Sumit Sidharth,	SB1DAWH	1 Day	Advanced Web Hacking -Securing AJAX, RIA & SOA	Shreeraj Shah
SB1DAFT	1 Day	Advanced Forensics Techniques	Dr. Chandrasekhar Umapathy,	SB1DIAT	1 Day	In-depth Assessment Techniques: Design, Code, and Runtime	Fydor Yarochkin,
Two Day Training Tracks
SB2DNST	2 Days	Building advanced Network Security Tools	Daniel Mende,	SB2DNST	2 Days	Building advanced Network Security Tools	Daniel Mende,
SB2DCBC	2 Days	(ISC)2 CSSLP CBK Boot camp	Mano Paul,	SB2DCBC	2 Days	(ISC)2 CSSLP CBK Boot camp	Mano Paul,
SB2DSCJ / SANS Course ID : DEV530	2 Days	Essential Secure Coding in Java / JEE		SB2DSCJ / SANS Course ID : DEV530	2 Days	Essential Secure Coding in Java / JEE
SB2DWPT / SANS Course ID : DEV538	2 Days	Web Application Pen Testing Hands-On Immersion		SB2DWPT / SANS Course ID : DEV538	2 Days	Web Application Pen Testing Hands-On Immersion
SB2DSAB / SANS Course ID : AUD429	2 Days	IT Security Audit Essentials Bootcamp		SB2DSAB / SANS Course ID : AUD429	2 Days	IT Security Audit Essentials Bootcamp

Venue

Four Days Event is planned out at:

Hotel Crowne Plaza,
Site - 2, Sector - 29,
Gurgaon-122001 (National Capital Region), India
Hotel Front Desk: 91-124-4534000
Hotel Fax: 91-124-4304800

Sponsors

Hotel & Travel

Hotel Stay & Travel Information

To help our valued delegates with Hotel and Travel services, we have negotiated with some of the best and Budget Category Guest houses in Gurgaon that are located within a radius of 3 - 4 Kms from the venue.

Limited cheaper accommodation is available near the venue hotel in budget hotels/apartments area. The tariff of these hotels ranges from Rs.2000 onwards per room night (inclusive of Room Rent, Breakfast and Luxury Tax). Interested delegates / students can send a formal request for the desired accommodations and dates to our official travel agent.

OFFICIAL TRAVEL AGENT

Dreamz conference Management Pvt.Ltd will look after your hotel accommodation in Gurgaon and New Delhi, pre & post conference tours / travel needs in India for delegates and visitors independently. If you wish to go for sightseeing tour within New Delhi and around it to places like Agra, Jaipur, Rajasthan etc. However, we would encourage you to make early bookings which will be done on “first – come - first service” basis and let us know of your interest, since that would ultimately work in your favour. Early reservation is strongly recommended as November being a high demand period for hotels in Gurgaon.

For further details please contact:

DREAMZ CONFERENCE MANAGEMENT PVT.LTD

406, Ansal’s Majestic Tower, Vikas Puri, New Delhi – 110018

Tel: 91 – 11 – 41586401, 402, Fax: 91 – 11 – 41586400

Email: [email protected] / [email protected]

Website: www.dreamztravel.net

Contact Person: Jitin Batra ( +91 9810558569 )

Capture the Flag

HackHunt 2009

India's foremost Hacking Challenge

Your Shot to the Title of India's best hacker along with Prize money of more than Rs 150,000 up for grabs!

Search for India’s Best Ethical Hacker

HackHunt is India’s leading hacking competition and aims at awarding the best ethical hackers in the country. The competition is brought to you by Appin Security Group, a leading Information Security and Ethical Hacking Company and Securitybyte, a global Information Security Conference Company.

The competition will be conducted in 3 phases. The 1st two rounds will be online and the 3rd and final round will take place at“Securitybyte & OWASP Appsec Asia 2009” on November 17, 2009at Crowne Plaza, Gurgaon.

Level 1 – Knowledge Check All the participants will be answering a quiz and based on the score top 10% will be shortlisted to 2nd round.

Level 2 – Skill Check This stage will require an attacker to get to the final FLAG file which he/she would need to register for the event.

Level 3 – Final Round This stage will require the attackers to exploit a pre-announced SSID which has WPA (or wpa 2).

To participate and for more details visit website :- http://www.hackerscouncil.org/

PacketWars

First time in India brought to you by Securitybyte!
About PacketWars

PacketWars is an intense, real-time information warfare simulation. Unlike other “capture the flag” games, the battlegrounds featured in PacketWars use the same software and hardware you would encounter in the real world.

PacketWars is designed to operate like a sport. Think Formula One Racing meets professional golf with a dash of Ultimate Fighting thrown in for good measure. Serious fun!

Visit http://packetwars.com/ for more details. How To Play?

PacketWars is a Sport like nothing you have ever experienced! Games known as “BATTLES” pit individual players and teams against each other in a race to achieve defined objectives.

The rules of engagement are simple: - Illegal activity of any kind is prohibited - Protect yourself at all times - Battles are designed to be of a low, medium or high difficulty level based on the battle objectives and battle duration - Primary, Secondary and Tertiary objectives are defined and assigned points based on difficulty - Battles have time limits and other defined constraints - Constraints are sometimes known to the combatants and other times are not - Anything that is not expressly prohibited is allowed - Points are awarded for FLARE

Equipment Needed: - Most combants use a notebook and a BackTrack CD however you are only limited by your imagination and bank account - You need a battle field and a PacketMaster…Oh yeah, skillz come in handy also!How To Play

<b.How can I participate?</b>
PacketWars to be held at the Hotel Crowne Plaza, Gurgaon on Nov 17 & Nov 18, 2009. Participation is FREE! Schedule will be announced soon.

WebWar III

About Hackers attack, coders defend, when you get them together you end up with Web War III. WWIII is designed to put your Web Application attack and defense skills to the test.

Teams Each team consists of two players, an attacker and a defender. The attacker would be capable of identifying Web Application Vulnerabilities (OWASP Top 10). The defender would be capable of writing secure Java code.

Game Format

The game has two stages:

Stage 1: Each team is given a VM Ware image containing a web server hosting a vulnerable web application. During this stage each team identifies the vulnerabilities in their application. They try to fix the identified vulnerabilities by making code changes.

Stage 2: The IP addresses of the Web Server's of all the teams is announced. Each team looks for vulnerabilities in the Web Applications of the other teams. Vulnerabilities found on the opponents' application get positive points. Vulnerabilities found by the opponents on your application get negative points.

Team with the highest points at the end of Stage 2 wins.

Tools and Equipments

Each team should bring their own laptop with VM Ware installed. The attacker can use any tools they bring. The applications come with ESAPI to help the defenders fix the code quicker.

Leadership Summit 2009

India's top technology thought leaders coming together to discuss "Security concerns in off-shoring"

Honored Guests
-Honorable Former President of India, Dr. A.P.J Abdul Kalam to inaugrate the Leadership Summit 2009.
-Prof. Howard A. Schmidt(Advisor, NIST; Former Vice Chair - President’s Critical Infrastructure Board; Former Special Advisor – Cyberspace Security for White House)
-Mr. Hord Tipton, Executive Director (ISC)2

About the Event
An elite gathering of 200 technology leaders, decision makers & InfoSec experts from leading service providers, government agencies and various industry verticals.
Two hours of panel discussions between three panels of 12 distinguished industry experts representing outsourcing companies, service providers and the regulatory bodies. Panel discussions will be followed by networking dinner & cocktails.

Prof Howard A. Schmidt (Advisor, NIST; Former Vice Chair - President’s Critical Infrastructure Board; Former Special Advisor – Cyberspace Security for White House) will facilitate the panel discussions. Thought leaders participating in the panel discussions are:

Outsourcing Organizations
Mr. Raghavendra Vaidya, CIO - GE Capital India
Mr. CRN Vairavelu, VP - Ford Technology Services India
Mr. Pankaj Agrawal, CISO - Aircel Limited
TBD

Service Providers
Mr. Terry Thomas, Partner - Ernst & Young
Mr. Debashis Ghosh, Head (LS&H ISU) - Tata Consultancy Services
Mr. Sunil Gujral, EVP & CTO - Quatrro
Mr. Sunil Goyal, COO - Sopra group

Regulatory Bodies
Dr. Kamlesh Bajaj, CEO - DSCI (a NASSCOM initiative)
Dr. Gulshan Rai, Director - CERT-in
Mr. Hord Tipton, Executive Director - ISC2 (ex CIO, US Department of Interior)
Mr. Vakul Sharma, Lawyer - Supreme Court

The event is exclusive to industry leaders and is by private invitation only. If you are interested in attending the event, please email your business card to [email protected] This e-mail address is being protected from spambots.

Venue - Hotel Crowne Plaza, Gurgaon | Timings - 5:30PM - 9:00PM

Please contact Chair - OWASP India for sponsorship opportunities.

Category: OWASP India