This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "LatamTour2012"

From OWASP
Jump to: navigation, search
 
(25 intermediate revisions by 3 users not shown)
Line 17: Line 17:
 
We are proposing a chapters training driven model in which the courses are free for OWASP members and students, the contents are OWASP projects focused and the costs are supported by a mix of funding i.e. local chapter budget, external sponsorship, trainers sponsorship i.e. trip and/or accommodation paid by themselves and local chapter members’ sponsorship i.e. taking trainers in as guests.
 
We are proposing a chapters training driven model in which the courses are free for OWASP members and students, the contents are OWASP projects focused and the costs are supported by a mix of funding i.e. local chapter budget, external sponsorship, trainers sponsorship i.e. trip and/or accommodation paid by themselves and local chapter members’ sponsorship i.e. taking trainers in as guests.
  
'''SPECIAL OFFER'''
+
'''Who Should Attend the Latam Tour?'''
  
*As part of the OWASP Latam Tour, you could become an OWASP Member by ONLY paying 20 U$D (normal price is 50 U$D). Show your support and become an OWASP member today! Please use discount code LATAM when registering as member in the URL below.
+
*Application Developers
 +
*Application Testers and Quality Assurance
 +
*Application Project Management and Staff
 +
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
 +
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 +
*Security Managers and Staff
 +
*Executives, Managers, and Staff Responsible for IT Security Governance
 +
*IT Professionals Interesting in Improving IT Security
 +
*Anyone interested in learning about or promoting Web Application Security<br>
 +
<br>
 +
 
 +
'''SPECIAL OFFER - BECOME AN OWASP MEMBER'''
 +
 
 +
*As part of the OWASP Latam Tour, you could become an OWASP Member by ONLY paying 20 U$D (normal price is 50 U$D). Show your support and become an OWASP member today! Please use discount code '''LATAM''' when registering as member to avail this special discount.
 +
 
 +
<center> [http://www.regonline.com/owasp_membership https://www.owasp.org/images/b/ba/Joinorrenew.png] </center>
  
 
'''PRIZES'''
 
'''PRIZES'''
 +
 +
*During the Latam Tour 2012 we will be giving away some amazing door prizes to some randomly selected OWASP members in attendance.
  
 
*There are going to be raffles among attendees for free tickets to OWASP AppSec Latam 2012 conference next November in Buenos Aires, special prize giveaways, t-shirts, pens and a great environment for networking with peers.
 
*There are going to be raffles among attendees for free tickets to OWASP AppSec Latam 2012 conference next November in Buenos Aires, special prize giveaways, t-shirts, pens and a great environment for networking with peers.
 +
 +
You HAVE to be an OWASP member to be eligible.
  
 
'''QUESTIONS'''
 
'''QUESTIONS'''
Line 41: Line 60:
 
| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->
 
| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->
 
<!-- There be dragons here -->
 
<!-- There be dragons here -->
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[Image:AppSecDC-160x160-banner-2012.jpg]]  
+
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[Image:Logo2012_small.png]]  
  
 
{|
 
{|
 
|-
 
|-
 
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |  
 
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |  
Use the '''[http://search.twitter.com/search?q=%23ASDC10 #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?)  
+
Use the '''[http://search.twitter.com/search?q=%23LATAMTOUR2012 #Latamtour]''' hashtag for your tweets for Latam Tour (What are [http://hashtags.org/ hashtags]?)  
  
 
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter>  
 
'''@AppSecLatam Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>34534108</twitter>  
Line 76: Line 95:
 
{{:LatamTour2012 LIM Agenda}}
 
{{:LatamTour2012 LIM Agenda}}
  
 +
=Quito=
  
= Registration  =
+
{{:LatamTour2012 QUI Agenda}}
  
== Register [http://reg.appsecdc.org Here]  ==
+
=Caracas=
  
 +
{{:LatamTour2012 VEN Agenda}}
  
Registration is now '''<span style="color:#0f0">OPEN</span>'''.<br>
+
= Hacking Lab =
You can register via at '''[http://reg.appsecdc.org http://reg.appsecdc.org]'''
 
  
===Registration Fees===
+
The OWASP 2012 online competition has started. If you login into Hacking-Lab as a registered user, you should now see all details about the challenges.   
{| class="wikitable"
 
|-
 
! Ticket Type
 
! Early (until 2/3)
 
! Regular Price (until 3/15)
 
! Late (after 3/15)
 
|-
 
| Non-Member
 
| style="background: #cef2e0;" | $445.00
 
| $495.00
 
| $545.00
 
|-
 
| Non-Member plus 1 year OWASP Membership!
 
| style="background: #cef2e0;" | $445.00
 
| $495.00
 
| $545.00
 
|-
 
| Active OWASP Member
 
| style="background: #cef2e0;" | $395.00
 
| $445.00
 
| $495.00
 
|-
 
| Student
 
| style="background: #cef2e0;" | $75.00
 
| $75.00
 
| $100.00
 
|}
 
  
{| class="wikitable"
+
The first users have already solved some Hackademic puzzles. See the scoring here
|-
 
! Course
 
! Fee
 
|-
 
| 1 Day Training
 
| $745
 
|-
 
| 2 Day Training
 
| $1495
 
|}
 
  
'''ATTENTION FEDERAL EMPLOYEES:  Enter code ASDC12FED for $100 off, limited time only!''' (must register with your .gov or .mil email address)
+
* https://www.hacking-lab.com/ranking/event.html?eventid=284
<br> For student discount, attendees must present proof of enrollment when picking up your badge.
+
 +
'''Competition Rules'''
  
'''Group Discounts'''
+
* https://www.hacking-lab.com/events/owasp-2012-online-competition.html
* 10% off for groups of 10-19
 
* 20% off for groups of 20-29
 
* 30% off for groups of 30 or more
 
  
===Who Should Attend AppSec DC 2012===
+
'''Winner Prize'''
  
*Application Developers
+
The winner can choose one ticket to either:
*Application Testers and Quality Assurance
 
*Application Project Management and Staff
 
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
 
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 
*Security Managers and Staff
 
*Executives, Managers, and Staff Responsible for IT Security Governance
 
*IT Professionals Interesting in Improving IT Security
 
*Anyone interested in learning about or promoting Web Application Security<br>
 
<br>
 
 
 
= Volunteer  =
 
 
 
== Volunteers Needed!  ==
 
  
Get involved!
+
*OWASP AppSec US
 +
*OWASP AppSec EU
 +
*OWASP AppSec Latin America.
 +
 +
'''Winner Announcement'''
  
We will take all the help we can get to pull off the best Web Application Security Conference of the year!
+
The winner will be informed/announced June 19, 2012. The competition ends next June 17th, 2012.
 
 
More opportunities and areas will be added as time goes on. Our [http://www.owasp.org/images/f/f1/OWASP_DCAppSec_Vol_Guide.pdf Volunteer Guide] can be downloaded which outlines some of the responsibilities and available positions.
 
 
 
To volunteer please email [mailto:[email protected] [email protected]]
 
 
 
= Schedule  =
 
 
 
{{:OWASP AppSec DC 2012 Schedule}}
 
 
 
= Training  =
 
 
 
== Training  ==
 
OWASP strives to provide world class training for a variety of skill levels and interests at its conferences.  From the novice to the expert, developers to managers, there is a training course at AppSec DC for you!  Classes will begin at 9 AM each day and run until 5 PM (Daily schedule set by the trainer).  Morning refreshments and lunch will be provided.  Check each course for the required materials.
 
 
 
Price per attendee (conference Registration is a separate item):
 
* 2-Day Class $1495
 
* 1-Day Class $745
 
 
 
== Special Free Training ==
 
==='''Certified Secure Software Lifecycle Professional (CSSLP) Clinic''' | FREE | [[OWASP_AppSec_DC_2012/Training/Certified Secure Software Lifecycle Professional (CSSLP) Clinic|Course Detail]] | Rm 204C ===
 
Educate yourself in Secure Software Design and Development  which are two of the seven domains from the Certified Secure Software Lifecycle Professional (CSSLP) certification.  This session will provide an in-depth education of these two tough domains of the CSSLP.  We will cover the skills and knowledge needed to design and develop secure code. In the Secure Software Design domain, you will learn the fundamentals of design principles when applied will save costly rework.  In the Secure Software Development domain, we will discuss the OWASP Top 10 threats and how to mitigate them effectively.
 
 
 
The Certified Secure Software Lifecycle Professional (CSSLP) is an (ISC)2 certification with 7 domains focusing on the topics needed to develop hacker resilient software.  CSSLPs are professionals who have validated their competency in incorporating security into each phase of the software lifecycle.
 
 
 
 
 
== 2 Day Classes ==
 
==='''Assessing and Exploiting Web Applications with Samurai-WTF''' | 2 Day | [[OWASP_AppSec_DC_2012/Training/Assessing and Exploiting Web Applications with Samurai-WTF|Course Detail]] | Rm 203A===
 
Come take the official Samurai-WTF training course given by the two founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.
 
 
 
==='''Building Secure Android Apps''' | 2 Day | [[OWASP_AppSec_DC_2012/Training/Building Secure Android Apps|Course Detail]] | Rm 203B===
 
The course focuses on building secure mobile applications for the Android platform.  Students will learn about the Android security model and platform security features. They will be introduced to mobile application threat modeling, and learn how to apply the outcomes of threat modeling directly into their design and development processes.  The OWASP Mobile Top 10 Risks and Controls will be covered at great length.<br> <br>After students are taught foundational information, they will learn how to properly use the various Android components and APIs to reduce the amount of vulnerabilities within production code.  Hands-on labs will use the vulnerable mobile Android applications provided by the OWASP GoatDroid project.  Students will learn many techniques for performing source code reviews, penetration testing, and forensic analysis of Android applications. Hands-on exercises represent a large portion of the course.  Each concept presented will include examples of insecure and secure code, along with strategies for remediation. By teaching students how to identify and exploit various security flaws, they will gain a greater understanding of how the security controls actually protect their applications.<br> <br>At the end of this two-day course, attendees should understand how to build secure applications, perform source code reviews, and perform penetration testing for Android applications. They will also understand and be able to demonstrate expertise at applying security controls to applications for addressing many security defects. Each student will ultimately take back with them to their workplace a repeatable and reliable methodology for building and maintaining secure Android applications.<br>
 
 
 
==='''The Art of exploiting Injection Flaws''' | 2 Day | [[OWASP_AppSec_DC_2012/Training/The Art of exploiting Injection Flaws|Course Detail]] | Rm 208A===
 
OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. http://www.owasp.org/index.php/Top_10_2010-A1.  This hands-on session will only focus on the injection flaws and the attendees will get an "in-depth" understanding of the flaws arising from this vulnerability. The topics covered in the class are, SQL Injection, XPATH Injection, LDAP Injection, Hibernate Query Language Injection, Direct OS Code Injection, and XML Entity Injection.  The workshop covers classical issues such as SQL Injection, which is an oldie yet very relevant in today's scenario as well as some lesser known injection flaws such as LDAP, XPATH and XML Injection.  During the 2 days course, the attendees will have access to a number of challenges for each flaw and they will learn a variety of exploitation techniques used by the attackers in the wild. Identify, extract, escalate, execute; we have got it all covered.
 
 
 
==='''Virtual Patching Workshop''' | 2 Day | [[OWASP_AppSec_DC_2012/Training/Virtual Patching Workshop|Course Detail]] | Rm 208B===
 
Identification of web application vulnerabilities is only half the battle with remediation efforts as the other. Let's face the facts, there are many real world business scenarios where it is not possible to update web application code in either a timely manner or at all. This is where the tactical use-case of implementing a web application firewall to address identified issues proves its worth.<br><br>This workshop is intended to provide an overview of the recommended practices for utilizing a web application firewall for virtual patching. After discussing the framework to use, we will then present a very interesting OWASP Summer of Code Project where the challenge was to attempt to mitigate as many of the OWASP WebGoat vulnerabilities as possible using the open source ModSecurity web application firewall. During the workshop, we will discuss both WebGoat and ModSecurity and provide in-depth walk-throughs of the complex fixes. Examples will include addressing not only attacks but the underlying vulnerabilities, using data persistence for multiple-step processes, content injection and even examples of the new LUA programming language API. The goal of this workshop is to both highlight cutting edge mitigation options using a web application firewall and to show how it can effectively be used by security consultants who traditionally could only offer source code fixes.
 
 
 
== 1 Day Classes ==
 
==='''Application Source Code Analysis - Discovering Vulnerabilities in Web 2.0, HTML5 and RIA ''' | 1 Day (4/2/2012) | [[OWASP_AppSec_DC_2012/Training/Application Source Code Analysis - Discovering Vulnerabilities in Web 2.0, HTML5 and RIA |Course Detail]] | Rm 204A===
 
Enterprise application source code, independent of languages and platforms, is a major source of vulnerabilities. The class is designed and developed to focus on enterprise architecture and application analytics to discover vulnerabilities across Web 2.0, RIA and HTML5.  We will be covering analysis techniques, with tools, for assessment and review of enterprise application source code. It is imperative to know source code review methodologies and strategies for analysis. The emphasis of the class would be to develop a complete understanding of source code analysis, techniques and tools to address top set of vulnerabilities. Knowledge gained would help in analyzing and securing next generation enterprise applications at all different stages - architecture, design and/or development. The course is designed and delivered by the author of "Web Hacking: Attacks and Defenses", ?Hacking Web Services? and ?Web 2.0 Security ? Defending Ajax, RIA and SOA?, bringing his experience in application security and research to the curriculum.
 
 
 
==='''Pratical Threat Modeling''' | 1 Day (4/2/2012) | [[OWASP_AppSec_DC_2012/Training/Pratical Threat Modeling|Course Detail]] | Rm 204B===
 
Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application ? including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Students will also be taught about Security Compass?s unique source-code/design-pattern level threat modeling.<br>
 
 
 
==='''Mobile Hacking and Securing''' | 1 Day (4/3/2012)| [[OWASP_AppSec_DC_2012/Training/Mobile Hacking and Securing|Course Detail]] | Rm 204A===
 
Students will discover mobile hacking techniques for Android and iPhone. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems.  This course will provide students with the knowledge necessary to assess mobile app security including what hackers look for in mobile apps. Hacking apps themselves will equip them with the skills required to protect their own apps from attacks.  Students will come out with an understanding of the pitfalls to mobile device security and the importance of developing mobile apps securely. They will learn the concepts necessary to securely develop mobile in your organization.<br>
 
 
 
==='''WebAppSec: Developing Secure Web Applications''' | 1 Day (4/3/2012)| [[OWASP_AppSec_DC_2012/Training/WebAppSec: Developing Secure Web Applications|Course Detail]] | Rm 204B===
 
Web applications continue to be the frontier of wide-spread security breaches. This tutorial will guide through development practices to ensure the security and integrity of web applications, in turn protecting user data and the infrastructure the application runs on. Several attack types and risks will be reviewed (including OWASP?s Top 10), along with how the proper development practices can mitigate their damage. Although examples covered are PHP-based, much of the content is also applicable to other languages.  <span style="color: #800000;">This course was sold out at AppSec USA 2011.</span>
 
 
 
= Special Events  =
 
== OWASP Mobile Security Project: Working Session | 4/4/2012 rm West Overlook ==
 
The working session will be held to reflect on achievements, discuss current initiatives, and to identify emerging areas of concern. If you are involved with the project or would like to get involved, the working session is the perfect place for your voice to be heard.
 
 
 
Through the OWASP Mobile Security Project, our goal is to raise visibility and awareness around mobile application security issues. With collaboration between many different industries, we are bringing together experts from many different areas to solve hard problems.
 
 
 
Join us in our efforts to make the mobile world a more secure place
 
 
 
= Contests  =
 
 
 
== OWASP Member Door Prizes! ==
 
Are you an [[Membership|OWASP Member]]?  At AppSecDC we will be giving away some amazing door prizes, including an Apple iPad "3" 4G to some randomly selected OWASP members in attendance.  You HAVE to be an OWASP member to be eligible, but if your not, you can easily add the $50 annual membership to your conference ticket and receive $50 off admission.  That's right, '''FREE OWASP MEMBERSHIP''' when combined with AppSec DC Registration!  So remember to [https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Register] today with your OWASP membership!
 
 
 
== Sponsor Passport ==
 
Please take a moment to visit our sponsors and thank them for their support of AppSec DC, OWASP and the Application Security Mission.  To help this along all attendees will receive a sponsor passport.  As you visit all of our Gold and Silver sponsor booths they will stamp your passport which you can turn in by noon on the 5th to be entered to win an Apple iPad "3" 4G!
 
 
 
== CTF ==
 
AppSec DC 2012 CTF will be a competition in which participants compete for prizes in a test of application and network hacking skills. The contestants will participate in real-world scenarios designed to simulate vulnerabilities discovered in production environments. The competition will focus on application security but participants should arrive ready with an arsenal of skill-sets to complete these challenges.
 
 
 
'''Rules:'''
 
 
 
The contest begins on April 4th at 1pm and ends the next day, April 5th at 1pm.
 
Competitors are allowed to team up with a other contestants but prizes are only available for four (4) participants. All participants must physically attending the conference and external access ot the system is not available. Additionally, we are bound by the Convention Center’s hours of operation to conduct the CTF so this will not be an all night competition.
 
 
 
The scoring system and any other system NOT designated as “In-Scope” is considered OFF-LIMITS and any malicious activity towards or on those systems will result in an immediate disqualification for the team from which the participant(s) exists.
 
 
 
Contestants will use their own equipment to compete with but it is HIGHLY recommended that contestants do not bring equipment which hosts personal or sensitive data.
 
Scoring will take place via a web-based scoreboard portal. Teams will have individual logins that will be required to submit points.
 
 
 
'''Resources:'''
 
 
 
Internet access will be offered at the conference as a means to obtain tools necessary for the competition, but we recommend that you bring the necessary tools to the event. We cannot guarantee access to all sites via the standard convention network, and visiting some sites you would normally obtain hacking tools from may be blocked from the normal convention Wi-Fi. OWASP AppSec DC will provide an isolated the environment and systems which will host the vulnerable applications.
 
 
 
 
 
Bring...
 
*Android SDK (Emulator)
 
*Any other Android related testing tools (Mallory, Eclipse & DDMS, etc.)
 
*Your toolkit, of course :-)
 
*Energy!
 
 
 
'''Registration:'''
 
 
 
Registration will be held up to the day of the competition 4/4/2012 at 12:30PM and can be done either by sending an email to [email protected] in the format listed below or in person in room 207A. We urge participants to register prior to the conference as space is limited.
 
 
 
Name: First, Last
 
Alias: Ex: 1337h4xx0r
 
Team Name: Ex: E4tU4br34kf4s7
 
Team Size: Max of 4
 
List Teammates: By Alias, if none, list N/A
 
 
 
= Venue  =
 
 
 
== Walter E. Washington Convention Center  ==
 
 
 
AppSec DC 2012 will be taking place at the [http://www.dcconvention.com/ Walter E. Washington Convention Center] in downtown Washington DC.
 
 
 
The convention center is located over the [http://www.wmata.com/rail/station_detail.cfm?station_id=70 Mount Vernon Square/Convention Center Metro stop] on the Green and Yellow lines of the [http://www.wmata.com DC Metro], and only a few blocks from our convention hotel, the [http://grandwashington.hyatt.com/hyatt/hotels/index.jsp Grand Hyatt Washington] (reserve rooms [https://resweb.passkey.com/Resweb.do?mode=welcome_ei_new&eventID=8131721 here]).
 
 
 
[http://www.dcconvention.com/ http://www.owasp.org/images/8/85/Screen_shot_2009-10-03_at_12.55.55_PM.png]
 
 
 
= Hotel  =
 
 
 
Rooms are available at the Grand Hyatt Washington at the GSA Rate for April of 2012.
 
 
 
Reserve Rooms [https://resweb.passkey.com/Resweb.do?mode=welcome_ei_new&eventID=8131721 here]!
 
 
 
Room Rates are only guaranteed through the first week of March. Rooms at the discounted rates are available three days before and after the conference dates for attendees wishing to enjoy Washington DC during the National Cherry Blossom Festival.
 
  
 
=Sponsors  =
 
=Sponsors  =
Line 277: Line 131:
 
== Sponsors  ==
 
== Sponsors  ==
  
We are currently soliciting sponsors for the AppSec DC Conference. Please refer to our '''[https://www.owasp.org/images/d/df/APPSEC_DC_2012_sponsorships_v1.pdf sponsorship opportunities]''' for details.
+
*'''The current sponsorship packages are:'''
Please contact us at [mailto:[email protected] [email protected]] for sponsorship opportunities.
 
 
 
The OWASP AppSec DC Conference is the premier gathering for Information Security leaders.  Executives from the US Government, Fortune 500 firms, technical thought leaders, security architects and lead developers, gather to share cutting-edge ideas, initiatives and technology advancements.  AppSec DC will be one of the first OWASP conferences to highlight the new OWASP scope expanding from web to all application security issues.
 
 
 
Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.  OWASP will also be hosting a “sponsor passport” game with a top prize to help encourage traffic to all of our Gold, Platinum and Diamond sponsors.  The conference is expected to draw over 600 national and international attendees; all with budgets dedicated to web application security and software assurance initiatives. Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals will be represented.
 
 
 
<center>[[Image:AppSecDC 2012 sponsor matrix.png]]</center>
 
 
 
{| cellspacing="10" border="0" valign="middle" align="center" style="background: none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;"
 
|-
 
| <h2>Gold Sponsors</h2>
 
| [[Image:Aspect_logo_owasp.jpg|link=http://www.aspectsecurity.com/]]
 
| [[Image:AppSecDC2009-Sponsor-securicon.gif|link=http://www.securicon.com]]
 
| [[Image:AppSecDC2009-Sponsor-mandiant.gif|link=http://www.mandiant.com/]]
 
| [[Image:AppSecDC2012-ISC2.gif|link=https://www.isc2.org/]]
 
|-
 
| &nbsp;
 
| <h2>Silver Sponsors</h2>
 
| [[Image:SPL-LOGO-MED.png|link=https://www.trustwave.com/]]
 
|-
 
| &nbsp;
 
| <h2>Small Business</h2>
 
| [[Image:AppSecDC2012-Sponsor-sideas.gif|link=http://www.secureideas.net]]
 
| [[Image:BayShoreNetworks.png|link=http://bayshorenetworks.com/]]
 
|-
 
| &nbsp;
 
| <h2>Exhibitors</h2>
 
| [[image:AppSecDC2012-Sponsor-coden.gif|link=http://www.codenomicon.com/ Codenomicon]]
 
| [[Image:WhiteHat Logo.png|link=https://www.whitehatsec.com/]]
 
| [[Image:AppSecDC2012-HP.jpg|link=https://hp.com/]]
 
| [[Image:WSI_-_Logo.jpg|125px|link=http://www.wasoftware.com/]]
 
|-
 
| &nbsp;
 
| <h2>Item Sponsors</h2>
 
| [[Image:AppSecDC2012-Sponsor-NVisium.png|link=https://www.nvisiumsecurity.com/]]
 
|-
 
| &nbsp;
 
| <h2>Event Supporters</h2>
 
| [[Image:AppSecDC2012-Cigital.jpg|link=https://www.cigital.com/]]
 
|}
 
 
 
= Travel  =
 
 
 
== Traveling to the DC Metro Area  ==
 
 
 
The Washington DC Area is serviced by three airports -- [http://www.metwashairports.com/national/ Reagan National (DCA)], [http://www.metwashairports.com/Dulles/ Dulles (IAD)], and [http://www.bwiairport.com/en Thurgood Marshall Baltimore/Washington International (BWI)]. All currently have available transportation to downtown DC via public transportation, shuttles, or cab.
 
 
 
Washington DC is also serviced by [http://www.amtrak.com Amtrak], [http://www.vre.org/ VRE], and [http://www.mtamaryland.com/services/marc/ MARC] train lines, which arrive in [http://www.wmata.com/rail/station_detail.cfm?station_id=25 Union Station], a few metro stops or a short cab ride away from the convention center and the Grand Hyatt.
 
 
 
If you live in the DC Metropolitan area, we suggest taking [http://www.wmata.com Metro] to the event. The convention center is located over the [http://www.wmata.com/rail/station_detail.cfm?station_id=70 Mount Vernon Square/Convention Center Metro stop] on the Green and Yellow lines of the [http://www.wmata.com DC Metro].
 
 
 
= Conference Committee =
 
 
 
===Organizers===
 
 
 
 
* [mailto:[email protected] Doug Wilson]
 
* [mailto:[email protected] Mark Bristow]
 
 
 
===Arch-Minions===
 
 
 
 
* Facilities ([mailto:[email protected]  [email protected]])
 
  
* Content ([mailto:[email protected]  [email protected]])
+
- Bronze (4 slots): Company logo displayed in Latam Tour wiki page & acknowledgments during the whole tour + 1 ticket for Global AppSec Latam 2012 = 500 usd
  
+
- Silver(2 slots): Bronze + Pens (1 slot) or Notepads (1 slot) co-branded with company & OWASP logo + 2 tickets for Global AppSec Latam 2012 = 1000 usd
  
* Registration/Info Desk ([mailto:[email protected] [email protected]])
+
- Gold(1 slot): Bronze + become an official supporter of a Latam Chapter for a year (*) + 4 tickets for Global AppSec Latam 2012 = 2000 usd
  
* Volunteer Coordinators ([mailto:[email protected] [email protected]])
+
= Team =
  
* Competitions/Contests/Events ([mailto:[email protected] [email protected]])
+
'''Latam Tour Team'''
  
* Marketing/Community Outreach ([mailto:[email protected] [email protected]])
+
'''Chapter Leaders'''
  
* Sponsorships ([mailto:[email protected] [email protected]])
+
*[[User:Tartamar|Martin Tartarelli]] (Argentina)<br>
 +
*[[User:jvargas|John Vargas]] (Peru)<br>
 +
*[[User:Mauro Flores|Mauro Flores]] (Uruguay)<br>
 +
*[[User:Carlos Allendes|Carlos Allendes]] (Chile)<br>
 +
*[[User:John Vargas|John Vargas]] (Peru)<br>
 +
*[[User:Diego_Ademir_Duarte_Santana|Diego Ademir]] (Colombia)<br>
 +
*[[User:Gabriella de Bem|Gabriella de Bem]] (Brazil)<br>
 +
*[[User:Diego Pullas|Diego Pullas]] (Ecuador)<br>
 +
*[[User:Ramiro Pulgar|Ramiro Pulgar]] (Ecuador)<br>
 +
*[[User:Edgar Salazar|Edgar Salazar]] (Venezuela) <br>
 +
*[[User:Carlos_Solís|Carlos Solís Salazar]] (Venezuela) <br>
  
=FAQ=
+
'''Operations'''
{{:OWASP AppSec DC 2012 - FAQ}}
 
  
<headertabs />  
+
*[[User:Kate Hartmann|Kate Hartmann]]<br>
 +
*[[User:Sarah Baso|Sarah Baso]]<br>
 +
*[[User:Fabio.e.cerullo|Fabio Cerullo]]<br>
 +
*[[User:Mateo Martínez|Mateo Martínez]]<br>
 +
*[[User:Kuai Hinojosa|Kuai Hinojosa]]<br>
  
 +
<headertabs />
  
{{:OWASP AppSec DC 2012 Footer}}
+
{{:LatamTour2012 Sponsors}}

Latest revision as of 17:04, 23 May 2012


Logo Latam2012.jpg

LATAM Tour Objective

The OWASP Latam Tour objective is to raise awareness about application security in the Latin America region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

We are proposing a chapters training driven model in which the courses are free for OWASP members and students, the contents are OWASP projects focused and the costs are supported by a mix of funding i.e. local chapter budget, external sponsorship, trainers sponsorship i.e. trip and/or accommodation paid by themselves and local chapter members’ sponsorship i.e. taking trainers in as guests.

Who Should Attend the Latam Tour?

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security
  • Anyone interested in learning about or promoting Web Application Security


SPECIAL OFFER - BECOME AN OWASP MEMBER

  • As part of the OWASP Latam Tour, you could become an OWASP Member by ONLY paying 20 U$D (normal price is 50 U$D). Show your support and become an OWASP member today! Please use discount code LATAM when registering as member to avail this special discount.
Joinorrenew.png

PRIZES

  • During the Latam Tour 2012 we will be giving away some amazing door prizes to some randomly selected OWASP members in attendance.
  • There are going to be raffles among attendees for free tickets to OWASP AppSec Latam 2012 conference next November in Buenos Aires, special prize giveaways, t-shirts, pens and a great environment for networking with peers.
You HAVE to be an OWASP member to be eligible.

QUESTIONS





                                                                                                                              File:Logo2012 small.png

Use the #Latamtour hashtag for your tweets for Latam Tour (What are hashtags?)

@AppSecLatam Twitter Feed (follow us on Twitter!) <twitter>34534108</twitter>

CURSO
OWASP Latam Tour Argentina 2012
Descripcion y Objetivo
  • Aparte del OWASP Top 10, la mayoría de los Proyectos OWASP no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial.
  • Este curso tiene como objetivo cambiar esta situación proporcionando una explicación sobre los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.
Fecha Lugar
14 de Mayo de 2012 Aula Magna - Universidad de la Marina Mercante (UdeMM) ubicado en Av. Rivadavia 2258, Ciudad Autónoma de Buenos Aires, Capital Federal, Argentina.
Precio y Registracion
GRATIS - Registrate AQUI


DETALLES DE LA JORNADA
Horario Modulo Ponente Detalles
09:00 - 09:15 Inició y presentación del evento Martín Tartarelli, Pablo Romanos
09:15 - 10:00 Post Explotation: PHP Backdoor Introduction Claudio Caracciolo File:CCaracciolo PHPBackdoor.pdf
10:00 - 10:45 Consecuencias de un Administrador "perezoso" Cristian Borghello File:CBorghello ConsecuenciasdeunAdmin.pdf
10:45 - 11:15 Break
11:15 - 11:45 Datos Personales en el Ciclo de Vida de Desarrollo Seguro Pablo Romanos File:PRomanos DatosPersonales.pdf
11:45 - 12:15 HTExploit - Bypassing htaccess and beyond Maximiliano Soler, Matias Katz File:MSoler MKatz HTExploit.pdf
12:15 - 12:45 Intro a HTML5 Andres Riancho File:OWASP Latam 2012 - HTML5 - Andres Riancho.pdf
12:45 - 14:00 Almuerzo
14:00 - 14:45 Tu sitio web: un arma para el cibercrimen Sebastian Bortnik TBD
14:45 - 15:30 Modelado de Amenazas: Una Introducción Hernan Racciatti File:HRacciatti ModeladodeAmenazas.pdf
15:30 - 16:15 Desarrollo seguro con herramientas y procesos OWASP Fabio Cerullo TBD
16:15 - 16:45 Break
16:45 - 17:45 Panel de Hacktivismo Hernan Racciatti, Ricardo Saenz, Daniel Monastersky, Mariano del Rio TBD
17:45 - 18:00 Entrega de premios y cierre del evento Martín Tartarelli
CURSO
OWASP Latam Tour Uruguay 2012
Descripcion y Objetivo
  • Aparte del OWASP Top 10, la mayoría de los Proyectos OWASP no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial.
  • Este curso tiene como objetivo cambiar esta situación proporcionando una explicación sobre los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.
Fecha Lugar
16 de Mayo de 2012 2º piso del módulo A del Aulario, Facultad de Ingenieria (FING)
Precio y Registracion
GRATIS - Registrate AQUI


DETALLES DE LA JORNADA
Horario Modulo Ponente Descripcion y Objetivo
18:00 - 18:30 Inicio y presentación del evento Mauro Flores Presentación de OWASP y de OWASP Uruguay
18:30 - 19:00 OWASP Top 10 Felipe Zipitría Presentación del proyecto OWASP Top 10
19:00 - 19:30 Seguridad en el ciclo de vida de desarrollo de software Mateo Martínez Seguridad en el SDLC
19:30 - 20:30 “80/20 in Web Application Security” Hernán M. Racciatti Conferencia con Demostraciones en Vivo
20:30 - 21:00 Preguntas y Consultas Todos los panelistas Preguntas y Consultas
CURSO
OWASP Latam Tour Florianopolis 2012
Descrição e Objetivo
  • Além do OWASP Top 10, a maioria dos Projetos OWASP não são amplamente utilizados nos ambientes corporativos. Na maioria dos casos isso não é devido a falta de qualidade nos projetos ou documentação disponível, mas sim aonde se encaixariam em um Ecosistema de Segurança de Aplicações empresarial.
  • Este curso tem como objetivo mudar essa situação proporcionando uma explicação sobre os projetos mais maduros do OWASP.
  • Se você tem interesse em participar da parte 'hands-on' do curso, por favor traga um laptop.
Data Lugar
22 de Maio de 2012 Auditório do CELTA

Parque Tecnológico Alfa
Rodovia SC 401 KM 1 - Itacorubi
Google Maps

Valor e Inscrição
GRATUITO - Clique para inscrição!


GRADE DE PALESTRAS
Horário Assunto Palestrante Detalhes
14:00 – 14:40 O que é a OWASP? Gabriella de Bem Objetivos e Missões da OWASP
14:40 – 15:20 OWASP TOP 10 Project Tiago Natel de Moura A4 - Insecure Direct Object References
15:20 – 16:00 Segurança no SDL Mateo Martínez Revisão de modelos exitentes,OpenSAMM e Guia de referência básica.
16:00 – 16:20 COFFEE BREAK
16:20 – 17:00 TEST TEST TEST
17:00 – 17:40 Automatizando Nmap com NSE Tiago Natel de Moura criação de scripts LUA para automatizar a análise de vulnerabilidades com Nmap.
17:40 – 18:20 Segurança em Banco de Dados Mateo Martínez TEST
18:20 – 19:00 OWASP TOP 10 Project Tiago Natel de Moura A5 - Cross Site Request Forgery
19:00 – 19:20 COFFEE BREAK
19:20 – 20:00 Snort Rodrigo Montoro (Sp0oKeR) Sistema de detecção de intrusos com snort.
20:00 – 20:40 Vulnerabilidades que você já conhece e ataques que você nunca viu Osvaldo Vilar TEST
20:40 – 21:20 Aplicações Android: O que os desenvolvedores já deveriam saber sobre segurança Antonio Carlos Martins TEST
21:20 – 21:30 ENCERRAMENTO
CURSO
OWASP Latam Tour Chile 2012
Descripcion y Objetivo
  • Aparte del OWASP Top 10, la mayoría de los Proyectos OWASP no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial.
  • Este curso tiene como objetivo cambiar esta situación proporcionando una explicación sobre los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.
Fecha Lugar
17 de Mayo de 2012 DUOC-UC sede Alonso Ovalle, Alonso de Ovalle 1586 (Metro Moneda).
Precio y Registracion
GRATIS - Registrate AQUI


DETALLES DE LA JORNADA
Horario Modulo Ponente Detalles
09:00-09:15 Registro de participantes

09:15-09:30

Palabras de bienvenida

Carlos Allendes Líder OWASP-Chile
09:30-10:15 Necesitas implantar PCI, ¿Te dijeron qué hacer? Alejandro Bedini

Nexus S.A.

10:20-11:05 Ingeniería Social: Hacking Psicológico Gustavo Inzunza TestGroup S.A.
11:05-11:25 Coffee Break
11:25-12:10 Seguridad en Bases de Datos Mateo Martinez

Líder OWASP Uruguay

12:10-12:55

Desarrollo Seguro usando OWASP

Fabio Cerullo

Líder OWASP-Irlanda

12:55-13:00

Cierre del evento

Texto en cursiva

EVENTO
OWASP Latam Tour Peru 2012
Descripción y Objetivo

OWASP LATAM TOUR, es una gira por Latino América que promueve la seguridad en aplicaciones web en diversas instituciones, como: universidades, organismos gubernamentales, empresas de TI y entidades financieras, buscando crear conciencia sobre la seguridad en las aplicaciones y puedan tomar decisiones informadas sobre los verdaderos riesgos de seguridad.

  • Aparte del OWASP Top 10, la mayoría de los Proyectos OWASP no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial.
  • Este evento tiene como objetivo cambiar esta situación proporcionando una explicación sobre algunos de los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.
Fecha y Hora Lugar
12 de Mayo de 2012
8:45 AM
Escuela de Postgrado - Universidad Tecnológica del Perú (UTP)

Av. Salaverry 2443 - San Isidro (A una cuadra del Hotel Meliá) Auditorio – 1er piso
Ver Mapa Google Maps

Precio y Registro
El ingreso al evento es GRATUITO - El proceso de registro lo podra ubicar en el siguiente link
Link de Registro al OWASP LATAM TOUR 2012: Registrarte AQUÍ

De requerir estacionamientos, se les solicita comunicarlo via email a [email protected], contamos con un cupo limitado de espacios.
Durante el evento se sortearan algunos obsequios y cursos brindados por nuestros sponsors.

Promociones
OFERTA ESPECIAL - Durante todo el OWASP Latam Tour el costo de la membresía anual es de solamente U$D 20. Utilice el código de descuento "LATAM" durante el proceso de registro electronico como miembro individual en el enlace disponible a continuación.

Hágase MIEMBRO DE OWASP AQUÍ
Si usted aun no es miembro OWASP, por favor considere unirse a nuestra organización.


DETALLES DE LA JORNADA
Horario Tema Ponente Detalles Presentaciones
08:45 am
(30 mins)
Registro del Evento
09:15 am
(15 mins)
Presentación y palabras de Bienvenida John Vargas (Perú) Chapter Leader OWASP Perú
Senior Security Consultant en Open-Sec
Descargar Slides - Que es OWASP
09:30AM
(45 mins)
Desarrollo Seguro usando OWASP - Fabio Cerullo (Argentina) Chapter Leader OWASP Ireland
OWASP Global Education Committee
CEO & Founder en Cycubix
Descargar Slides Desarrollo Seguro OWASP
10:15 am
(45 mins)
Optimización de Inyecciones SQL Cesar Neira (Perú) Web Application Security Researcher
Estudiante de Ing. Informática en UNMSM.
Integrante de San Marcux
Descargar PDF Optimizacion de SQLi Descargar Slides Optimizacion de SQLi
11:00 am
(15 mins)
COFFEE BREAK
11:15 am
(45 min)
Session Hijacking: Secuestro y robo de sesiones en aplicaciones web corporativas Omar Palomino (Perú) Informatión Security Consultant en Kunak Consulting Descargar Session Hijacking
12:00 am
(45 mins)
WATIQAY : Monitoring Web applications Carlos Ganoza (Perú) Malware Researcher en LimaSoft
Estudiante de Ing. Informática en UCSS.
Integrante de UCSSINUX
Descargar PDF WATIQAY
12:45 am
(45 mins)
OWASP Mantra – Security Framework Walter Cuestas (Perú) Owner and General Manager en Open-Sec Descargar Slides OWASP Mantra
01:30 am
(45 min)
Pentesting Web with Python Ricardo Supo (Perú) CSO en Consultoría LimaSoft

OWASP Perú Chapter Coordinator

Descargar Ricardo Supo - Python for Pentesting
14:15
(15min)
Cierre del evento OWASP PERU Local Chapter Staff
CURSO
OWASP Latam Tour Ecuador 2012
Descripcion y Objetivo
  • Aparte del OWASP Top 10, la mayoría de los Proyectos OWASP no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial.
  • Este curso tiene como objetivo cambiar esta situación proporcionando una explicación sobre los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.
Fecha Lugar
19 de Mayo de 2012 Aula Magna de la Facultad de Ingeniería Eléctrica y Electrónica de la Escuela Politécnica Nacional
Precio y Registracion
GRATIS - Registrate AQUI
Promociones
OFERTA ESPECIAL - Durante el OWASP Latam Tour el costo de la membresía anual es solamente U$D 20. Utilice el código de descuento "LATAM" durante el proceso de registro como miembro individual en el enlace disponible a continuación.

Hágase MIEMBRO DE OWASP AQUÍ
Si usted aun no es miembro OWASP, por favor considere unirse a nuestra organización.


DETALLES DE LA JORNADA
Horario Modulo Ponente Detalles
08:30 - 09:00 Registro OWASP Latam Tour 2012
09:00 - 10:00 Introducción de OWASP – ZAP y OWASP Top 10 Diego Pullas OWASP Ecuador
10:00 - 11:30 Desarrollo Seguro usando OWASP Fabio Cerullo OWASP Latam Tour
11:30 - 13:00 Web Application Firewall Ramiro Pulgar Blue Hat Consultores
13:00 - 14:30 Almuerzo Libre
14:30 - 15:30 PCI DSS Juan Carlos Inestroza OWASP Honduras
15:30 - 16:30 Investigación Forense en la Nube Luis Enriquez OWASP Ecuador
16:30 - 17:00 Discusión Abierta - Panelistas OWASP Latam Tour 2012
17:30 - 17:40 Cierre del Evento
CURSO
OWASP Latam Tour Venezuela 2012
Descripcion y Objetivo
  • Aparte del OWASP Top 10, la mayoría de los Proyectos OWASP no son ampliamente utilizados en los ambientes corporativos. En la mayoría de los casos esto no es debido a una falta de calidad en los proyectos o la documentación disponible, sino mas bien por desconocer donde se ubicaran en un Ecosistema de Seguridad de Aplicaciones empresarial.
  • Este curso tiene como objetivo cambiar esta situación proporcionando una explicación sobre los proyectos OWASP mas maduros y listos para ser utilizados en el ambito empresarial.
Fecha Lugar
26 de Mayo de 2012 Av. Urdaneta, Esquina de Mijares, Parroquia Altagracia, Colegio Universitario Francisco de Miranda (CUFM), Auditorio "Santiago Mariño". Caracas - Venezuela - Google Maps
Entrada Libre
Registrate AQUI


DETALLES DE LA JORNADA
Horario Modulo Ponente Detalles
09:00 - 09:15 Inició y presentación del evento
09:15 - 10:00 OWASP Mantra Security Framework Edgar Salazar Mantra es una colección de herramientas en un navegador Web. Es utilizado como framework de seguridad para las diferentes etapas de ataque: reconocimiento, escaneo y enumeración, acceso y escalación de privilegios.
10:00 - 10:45 Mundo web: ataques y defensas Diego Subero Relacionado a los tipos de ataques mas comunes en Venezuela y defensas de acción inmiediata
10:45 - 11:15 Break
11:15 - 12:00 Mi sitio web ha sido hackeado

¿Y ahora qué?

Carlos Solís Salazar Hablaremos de las cosas que se debe hacer relacionado con un ataque, como: la prevención, detectar el problema tan pronto sea posible y reaccionar rapidamente una vez que se descubra el problema
12:00 - 13:00 Almuerzo Libre
13:00 - 13:45 WepApp Penetration Testing Ruben Recabarren Introducción a las pruebas de penetración para aplicaciones web. Definiciones, principios y descripción de vulnerabilidades selectas junto con su impacto sobre nuestros activos de información.
13:45 - 14:30 Desarrollo seguro con herramientas y procesos OWASP Fabio Cerullo OWASP Latam Tour - Video-Conferencia
14:30 - 15:15 OWASP Testing Guide John Vargas OWASP Latam Tour
15:15 - 15:45 Break
15:45 - 16:45 Discusión Abierta - TBD
16:45 - 17:00 Cierre del Evento

The OWASP 2012 online competition has started. If you login into Hacking-Lab as a registered user, you should now see all details about the challenges.

The first users have already solved some Hackademic puzzles. See the scoring here

Competition Rules

Winner Prize

The winner can choose one ticket to either:

  • OWASP AppSec US
  • OWASP AppSec EU
  • OWASP AppSec Latin America.

Winner Announcement

The winner will be informed/announced June 19, 2012. The competition ends next June 17th, 2012.

Sponsors

  • The current sponsorship packages are:

- Bronze (4 slots): Company logo displayed in Latam Tour wiki page & acknowledgments during the whole tour + 1 ticket for Global AppSec Latam 2012 = 500 usd

- Silver(2 slots): Bronze + Pens (1 slot) or Notepads (1 slot) co-branded with company & OWASP logo + 2 tickets for Global AppSec Latam 2012 = 1000 usd

- Gold(1 slot): Bronze + become an official supporter of a Latam Chapter for a year (*) + 4 tickets for Global AppSec Latam 2012 = 2000 usd

Latam Tour Team

Chapter Leaders

Operations


 

Silver Sponsors

Bluehat.png Datasec-logo-formato editable.png Mfe logo.png
    Tempest1.png
 

Bronze Sponsors

ESETlogo small.gif Cycubix.png Rootsecure.png
    Secplus.png
 

Event Supporters

Udemm.png EPG-UTP.JPG Duoc.png Logo fing.gif
    LOGO EPN.jpg CUFMHeader.png