AppSecLatam2012/es - Revision history

Felipe Zipitria at 12:04, 16 November 2012

2012-11-16T12:04:58Z

Felipe Zipitria at 20:32, 6 November 2012

2012-11-06T20:32:51Z

Felipe Zipitria at 20:28, 6 November 2012

2012-11-06T20:28:28Z

Felipe Zipitria at 20:27, 6 November 2012

2012-11-06T20:27:51Z

Felipe Zipitria: Elimino charla de David

2012-10-05T12:52:56Z

Elimino charla de David

Felipe Zipitria: Agrego título de charla de Cristian y actualizo bio

2012-09-26T17:47:49Z

Agrego título de charla de Cristian y actualizo bio

Felipe Zipitria at 17:51, 25 September 2012

2012-09-25T17:51:15Z

Show changes

Felipe Zipitria at 17:45, 25 September 2012

2012-09-25T17:45:12Z

Felipe Zipitria at 17:42, 25 September 2012

2012-09-25T17:42:05Z

Felipe Zipitria: Continuando con la traducción.

2012-09-17T14:50:30Z

Continuando con la traducción.

Show changes

@@ Line 36: / Line 36: @@
 *Ejecutivos, Managers, and Staff Responsible for IT Security Governance
 *Profesionales IT interesados en mejorar la postura de seguridad<br>
 </font>

@@ Line 132: / Line 132: @@
 ==¿Preguntas?==
 ¡Por favor, contáctenos a [mailto:appseclatam2012@owasp.org appseclatam2012@owasp.org] con su pregunta!
 = Charlas destacadas =

@@ Line 252: / Line 252: @@
 |-
 |'''Don't try to block out the sun with your fingers!: Information harvesting with Test-driven development tools and understanding how to avoid it''', ''Nicolas Rodriguez'' || I'm a Senior Security Consultant at Core Security (http://www.coresecurity.com). I have 22 years of programming experience (C/C++, Assembler, Pascal, Clipper, Visual Basic, C#, Visual Basic.NET, Lisp, Python, Ruby and Perl among others), 10 years as a Network Administrator (Linux, Unix and Windows physical and virtual servers) and for the last 6 years I've been working as a Security Consultant doing mostly Network and Applications Penetration Tests, Source Code Audits and Client-Side Penetration Tests.
 |-
 |'''Reducing Web Application Attack Surface with a HMAC based protocol''', ''Breno Silva'' || Breno is a computer scientist with over 9 years experience in Information Security, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a research history publishing articles in academic conferences like IEEE WIFS, IEEE ICMLC, IEEE INDIN, World Academy of Science, as well industry related conferences like OWASP AppSec Latam, OWASP AppSec Research and Ph-Neutral, involving areas as algorithm design for network anomaly detection mechanisms in high-speed networks, application security and malicious code detection. He was a member of Suricata IPS developer team (next-generation IPS funded by US-Homeland Security). Breno is currently a Security Researcher at Trustwave SpiderLabs Research team and maintainer of Apache ModSecurity.

@@ Line 152: / Line 152: @@
 <br>
-== Pravir Chandra  ==
+== Juliano Rizzo  ==
 {| style="background-color: transparent"
@@ Line 159: / Line 159: @@
 ! width="1000" align="center" | <br>
 |-
-| align="center" | https://www.owasp.org/images/7/75/PravirChandra_Headshot.jpg
+| align="center" |http://www.ekoparty.org//images/foto-juliano-rizzo.jpg
-| align="justify" | '''Everything you know about Injection Attack is wrong''': This casual talk will take a look at several mundane vulnerabilities that we all know about and ask a few deeper questions. What are the underlying mechanisms? Does our advice on preventing them *actually* work? Is there a better way when you think of software design patterns? By the end, we’ll challenge the audience to think past the surface of these code vulnerabilities and hopefully learn a little about how the right abstraction model can save tons of security headaches.
+| align="justify" | '''From FUN to CRIME'''. In this talk, Juliano Rizzo will share his experience researching and implementing new practical
-Pravir Chandra is a veteran in the security space and a long-time OWASP contributor, including his role as the creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project. Currently as security architect for the CTO of Bloomberg, he drives proactive security initiatives that demonstrate concrete value for the firm. Prior to this, Pravir was Director of Strategic Services at HP/Fortify where he lead software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.
+Juliano Rizzo has been involved in computer security for more than 12 years, working on vulnerability research, reverse engineering, source code review and development of high quality exploits for bugs of all classes. As a researcher he has published papers, security advisories and tools. His recent work includes the ASP.NET padding oracle exploit and the BEAST and CRIME attacks against the SSL/TLS protocol. Twitter: @julianor
 |}
 <br>

@@ Line 250: / Line 250: @@
 |-
 |'''Don't try to block out the sun with your fingers!: Information harvesting with Test-driven development tools and understanding how to avoid it''', ''Nicolas Rodriguez'' || I'm a Senior Security Consultant at Core Security (http://www.coresecurity.com). I have 22 years of programming experience (C/C++, Assembler, Pascal, Clipper, Visual Basic, C#, Visual Basic.NET, Lisp, Python, Ruby and Perl among others), 10 years as a Network Administrator (Linux, Unix and Windows physical and virtual servers) and for the last 6 years I've been working as a Security Consultant doing mostly Network and Applications Penetration Tests, Source Code Audits and Client-Side Penetration Tests.
 |-
 |'''Templates to Derive Security Metric based on Attack Patterns''', ''Raja Sekhar'' || Professor Department of Computer Science & Engineering KL University Andhra Pradesh, India. Working in the Academic field for the past 17 years. Interested to contribute in the area of security metrics and cryptography. Developed a security metric program based on Attack Patterns.

@@ Line 174: / Line 174: @@
 |-
 | align="center" | [[Image:Cristian-borghello-P.jpg|100px]]
-| align="justify" | Cristian F. Borghello, es Licenciado en Sistemas, desarrollador, Certified Information Systems Security Professional (CISSP) y Microsoft MVP Security (Most Valuable Professional).
+| align="justify" | '''Variables manchadas para encontrar funciones potencialmente vulnerables (PVF)'''. Se estudian los distintos caminos de analizar de forma estática el código fuente y encontrar vulnerabilidades a través de las variables de entradas y de funciones que pueden agregar vulnerabilidades potenciales en las aplicaciones web.
 Actualmente es Director de Segu-Info y se desempeña como consultor independiente en Seguridad de la Información.
 Escribe para diversos medios especializados e investiga en forma independiente sobre Seguridad Informática y de la Información.
 Ha disertado se congresos y seminarios nacionales e internacionales sobre la temática.
 El interés por la Seguridad Informática y su investigación lo ha llevado a mantener este sitio: [http://www.segu-info.com.ar/ http://www.segu-info.com.ar/]
 |}
 <br>

@@ Line 77: / Line 77: @@
-====Resumen del curso====
+==Resumen del curso==
 Audiencia: Técnica<br>
@@ Line 98: / Line 98: @@
-===Resumen del curso===
+==Resumen del curso==
 The Advanced Vulnerability Research and Exploit Development course offers security professionals an opportunity to test and develop their skills like never before. During this class, attendees will be provided with the latest knowledge and tools to discover vulnerabilities and then develop exploits for a wide range of software including complex Windows applications, interpreted languages, and critical Microsoft services.

@@ Line 68: / Line 68: @@
 = Entrenamientos =
 <font size=2pt>
-Por favor, rellene con cuidado el [https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dEYzOW1pRzFqelhBSElUdC01dzFGNEE6MQ Formulario de CFT] para enviar su propuesta de entrenamiento para la consideración en el OWASP AppSec Latam 2012 en Montevideo, Uruguay.
+Los entrenamietos se harán el 18 y 19 de noviembre de 2012 (Domingo y Lunes, respectivamente) en el edificio de la Torre de ANTEL, en el centro de Montevideo (las charlas de las conferencias serán el 20 y 21). En esta edición se estarán ofreciendo 3 cursos diferentes:
-Los entrenamientos se harán los días 18 y 19 de Noviembre de 2012 (Domingo y Lunes) en la torre de ANTEL en el centro de Montevideo (las presentaciones de la conferencia serán el 20 y 21 de Noviembre). Los entrenamientos serán de uno (8 horas) o dos (16 horas) días. Si su entrenamiento es seleccionado, enviaremos al sitio appseclatam.org un resumen de su entrenamiento, nombre, biografía, título del entrenamiento y resumen del entrenamiento. Si envía una URL o un Twitter handle, también se publicará si su entrenamiento es seleccionado.
+== Java Secure Coding ==
-'''The deadline for this Call for Training is August 24, 2012.''' If your training is selected, we will contact you to confirm, and need your completed Training Instructor Agreement before we open your class for registration.
+====Resumen del curso====
-Trainers get a 40% cut of the training revenue. Price for trainees will be $800 (USD) for a 2-day training course and $400 (USD) for a 1-day training course).
+In this class we discuss secure coding techniques using Java. It is a very hands-on course with many labs. Everything is done from a developers perspective, NOT a hackers perspective. We make an effort to show what to do, and avoid the usual security paradigm of only discussing what not to do.
-If you would like to submit multiple training proposals, please make multiple separate form submissions.
+The class is hands-on and will include labs. Attendees should have a laptop capable of running VMs. We will provide a VM at the beginning of the class.
-Trainers will receive one free admission (nontransferable) to the conference in return for delivering a one or two day training course.
+'''Detalles adicionales''' sobre esta clase, incluyendo una agenda detallada, está disponible '''[https://www.owasp.org/index.php/AppSecLatam2012/Training/Java_Secure_Coding Aquí]'''
-==Training Instructor Agreement==
+== Advanced Vulnerability Research and Exploit Development ==
-By submitting your training proposal through our CFT, you are consenting to stay within the guidelines of the Training Instructor Agreement. We will ask you to sign and complete the Agreement and email it back to us if your talk is selected and you accept.
+Instructor: Gianni Gnesa, [http://www.ptrace-security.com Ptrace Security]<br>
 ==¿Preguntas?==
@@ Line 101: / Line 134: @@
-= Llamado  =
+= Llamado =
 <font size=2pt>
 ==Envío de presentaciones==
@@ Line 129: / Line 162: @@
-= Keynotes  =
+= Charlas destacadas =
 <font size=2pt>
 == Jerry Hoff  ==
@@ Line 225: / Line 258: @@
 |-
 |'''Francisco Nunes''' || Critérios para Institucionalizar Segurança em Processos de Desenvolvimento de Software
 |-
 |'''Andres Riancho''' || Understanding HTML5 security