This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSecRiodelaPlata"

From OWASP
Jump to: navigation, search
(Created page with "__NOTOC__ {| |- ! width="700" align="center" | <br> ! width="500" align="center" | <br> |- | align="center" | 1100px | align="cen...")
 
m (2015 AppSec Rio de la Plata Conference Volunteer Team)
 
(26 intermediate revisions by 2 users not shown)
Line 1: Line 1:
__NOTOC__
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
{|
+
 
|-
+
Para sumarse a la lista de correo de OWASP Uruguay, '''registrarse aquí:''' [http://lists.owasp.org/mailman/listinfo/owasp-Uruguay Lista de correo OWASP Uruguay]
! width="700" align="center" | <br>
 
! width="500" align="center" | <br>
 
|-
 
| align="center" | [[Image:OWASPLatam_Banner_Screenshot.JPG|1100px]]
 
| align="center" |
 
  
|}
+
__NOTOC__
  
 
= Welcome  =
 
= Welcome  =
{| style="width: 100%;"
 
|-
 
| style="width: 100%; color: rgb(0, 0, 0);" |
 
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
 
|-
 
| style="width: 95%; color: rgb(0, 0, 0);" |
 
<font size=2pt>
 
We are pleased to announce that the [http://www.owasp.org/index.php/Uruguay OWASP Uruguay chapter] will host the OWASP AppSec Latam 2012 conference in Montevideo, Uruguay at  ANTEL National Telco Company. The event will be composed of 2 days of training (November 18-19), followed by 2 days of conference talks (November 20-21). 
 
  
  
The Global AppSec Latin America 2012 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 200-250 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.<br><br>
+
'''[https://myowasp.force.com/MN4__PublicEventRegistration?id=a2oU0000000TVyOIAW REGISTRATION HERE!]'''
 +
---
 +
 
 +
 
 +
<font size=2pt>
 +
We are pleased to announce that the [http://www.owasp.org/index.php/Uruguay OWASP Uruguay chapter] will host the OWASP AppSec Rio de la Plata 2015 conference in Montevideo, Uruguay at  ANTEL National Telco Company. The event will be composed of 2 days of training (November 31- December 1st), followed by 2 days of conference talks (December 2-3).
  
<br> If you have any questions, please email the conference committee: [mailto:[email protected] [email protected]]<br><br>
 
  
<br> '''Who Should Attend Global AppSec Latin América 2012:'''
+
The AppSec Rio de la Plata 2015 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 300-400 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.<br><br>  
  
*Application Developers
+
About our Call for Papers:
*Application Testers and Quality Assurance
+
- Submissions until October 8th, 2015.
*Application Project Management and Staff
+
- Accepted Proposals on October 9th, 2015.
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
+
- But, if you have a great one, send it at anytime! :)  '' [http://goo.gl/forms/tssG19izcf CALL FOR PAPERS SUBMIT]'''
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 
*Security Managers and Staff
 
*Executives, Managers, and Staff Responsible for IT Security Governance
 
*IT Professionals Interested in Improving IT Security<br>
 
  
 
</font>
 
</font>
Line 40: Line 27:
 
<!-- Mediawiki needs all these spaces -->  
 
<!-- Mediawiki needs all these spaces -->  
  
<br>
 
 
|}
 
 
<!-- Twitter Box -->
 
 
| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->
 
<!-- There be dragons here -->
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[Image:OWASPL_Latam2012_Logo.JPG|300px]]
 
 
{|
 
|-
 
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
 
Use the '''[http://search.twitter.com/search?q=%23AppSecLatam #AppSecLatam]''' hashtag for your tweets for AppSec Latin America 2012 (What are [http://hashtags.org/ hashtags]?)
 
 
'''@AppSecLatAm Twitter Feed ([http://twitter.com/AppSecLatam follow us on Twitter!])''' <twitter>262394051</twitter>
 
 
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 
|}
 
 
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 
|}
 
<!-- End Banner -->
 
 
 
= Trainings  =
 
<font size=2pt>
 
 
 
The trainings will be held November 18th and 19th, 2012  (Sunday and Monday) and will run from 8:30 AM to 5:30 PM each day.
 
 
 
AppSec Latam 2012 will be held in downtown Montevideo, Uruguay at the [http://www.antel.com.uy/antel/institucional/nuestra-empresa/complejo-torre Antel National Telco Company]. Directions are available through: [https://maps.google.com/maps?q=Auditorio+Torre+de+las+Telecomunicaciones,+Guatemala+1075,+Montevideo+11800,+Uruguay&hl=es-419&ll=-34.899448,-56.179104&spn=0.098412,0.181789&geocode=FaOW6_0dt4qm_A&hnear=Auditorio+Torre+de+las+Telecomunicaciones,+Guatemala+1075,+Montevideo+11800,+Uruguay&t=m&z=13 Google Maps]
 
<br>
 
 
<br>
 
<br>
  
The conference training and talks will be held in the conference auditorium and interactive room, which are adjacent to the Antel Tower.
+
= Keynotes  =
<br><br>
 
 
 
 
 
== Developing Secure Java Applications with ESAPI ==
 
'''Instructor:''' Fabio Cerullo
 
[[Image:Cerullof.jpg|150 px|right]]
 
  
Fabio helps customers around the globe by assessing the security of applications developed in-house or by third parties, defining policies and standards, implementing risk management initiatives, as well as providing training on the subject to developers, auditors, executives and security professionals.
 
  
As a member of the OWASP Fundation, Fabio is part of the Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security, and has been appointed OWASP Ireland Chapter Leader since early 2010.
 
  
He holds a Msc in Computer Engineering from UCA and has been granted the CISSP & CSSLP certificates by (ISC)2.
 
  
===Course Language===
 
'''The course will be delivered in SPANISH (español)''' with simultaneous translation in English (if necessary).
 
  
===Course Overview===
 
  
Training Audience: Technical<br>
+
== Jacobo Tibaquirá  ==
Required Skill Level: Intermediate<br>
 
  
This course aims to provide the knowledge and resources required to improve the security of Java applications using the OWASP Enterprise Security API (ESAPI) Libraries. These libraries are designed to make it easier for developers to retrofit security into existing applications, and also serve as a solid foundation for new development.
+
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" |
 +
| align="justify" | '''Attacking the Attackers''': In this talk, Jacobo Tibaquirá , who is part of DragonJar, will discuss the results of his investigation on countermeasures that can be used if a system administrator detects an attacker on his network.
  
===Course Contents===
+
Jacobo Tibaquirá from DragonJar will be teaching the workshop "From 0 to Ninja with Metasploit" Metasploit is the most widely used Framework for Information Security Experts around the world.
  
The participants, through theory and labs, will be able to identify critical vulnerabilities in web applications and implement the necessary corrective measures using the ESAPI libraries.
 
  
Topics Include:<br>
+
|}
 
<br>
 
<br>
- Introduction to ESAPI Architecture<br>
 
- Security Controls Overview<br>
 
- Authentication<br>
 
- Session Management<br>
 
- Access control<br>
 
- Input validation<br>
 
- Output encoding/escaping<br>
 
- Cryptography<br>
 
- Error handling and logging<br>
 
- Data Protection<br>
 
- HTTP security<br>
 
  
The class is hands-on and will include labs. Attendees should have a laptop capable of running VMs. We will provide a VM at the beginning of the class.
+
== Cristian Borghello ==
 
 
<br>
 
 
 
== Advanced Vulnerability Research and Exploit Development ==
 
<span style="color:red">UPDATE: THIS TRAINING HAS BEEN CANCELLED DUE TO LOW REGISTRATION NUMBERS </span>
 
 
 
'''Instructor: '''Gianni Gnesa, [http://www.ptrace-security.com Ptrace Security]<br>
 
[[Image:Owasp_training.jpg|frame|alt=Gianni Gnesa|right]]
 
Gianni Gnesa, BCS, MSCS, CEH, OSCP, OSEE, Network+, Linux+, is a security researcher and professional trainer at Ptrace Security, a Swiss-based company that offers specialized IT security services to customers worldwide. With several years of experience in vulnerability research, exploit development, and penetration testing, Gianni is an expert in exposing the vulnerabilities of complex commercial products and modern network infrastructures. In his spare time, Gianni conducts independent security research on kernel exploitation and rootkit detection.
 
 
 
 
 
 
 
 
 
==Hands on Web Application Testing: Assessing Web Apps the OWASP way==
 
Instructor: Matt Tesauro
 
[[Image:Matt-Tesauro.png|frame|alt=Matt Tesauro|right|Matt Tesauro]]
 
 
 
 
 
Matt Tesauro has worked in web application development and security since 2000. He has worn many different hats, from developer to DBA to System Administrator to Penetration Tester.  Matt also taught graduate and undergraduate classes on web application development and XML at Texas A&M University. Currently, he's focused on application security risk assessments at Praetorian. Outside work, he is the project lead for the OWASP Live CD / WTE, a member of the OWASP Foundation board, and part of the Austin OWASP chapter leadership.  Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University.  He is also has the CISSP, CEH (Certified Ethical Hacker), RHCE (Red Hat Certified Engineer), and Linux+ certifications.
 
 
 
 
 
 
 
===Course Abstract===
 
The goal of the training session is to teach students how to identify, test, and exploit web application vulnerabilities.  The creator and project lead of the OWASP Live CD, now recoined OWASP  WTE, will be the instructor for this course and WTE will be a major component of the class. Through lecture, demonstrations, and hands on labs, the session will cover the critical areas of web application security testing using the OWASP Testing Guide v3 as the framework and a custom version of OWASP WTE as the platform.  Students will be introduced to a number of open source web security testing tools and provided with hands on labs to sharpen their skills and reinforce what they’ve learned.  Students will also receive a complementary DVD containing the custom WTE training lab, a copy of the OWASP Testing Guide, handouts and cheat-sheets to use while testing plus several additional OWASP references.  Demonstrations and labs will cover both common and esoteric web vulnerabilities and includes topics such as Cross-Site Scripting (XSS), SQL injection, CSRF and Ajax vulnerabilities.  Students are encouraged to continue to use and share the custom WTE lab after the class to further hone their testing skills.
 
 
 
 
 
'''More details''' about this class including a detailed outline, are available '''[https://www.owasp.org/index.php/AppSecLatam2012/Training/Hands_On_Web_Application_Testing HERE]'''
 
 
 
= Conference Schedule =
 
<font size=2pt>
 
{{:AppSecLatam2012/Schedule_Tuesday_Nov_20,_2012}}
 
 
 
 
 
{{:AppSecLatam2012/Schedule_Wednesday_Nov_21,_2012}}
 
 
 
= Keynotes  =
 
<font size=2pt>
 
== Jerry Hoff ==
 
  
 
{| style="background-color: transparent"
 
{| style="background-color: transparent"
Line 163: Line 59:
 
! width="1000" align="center" | <br>
 
! width="1000" align="center" | <br>
 
|-
 
|-
| align="center" | [[Image:Jerry.png|100px]]
+
| align="center" |
| align="justify" | '''Building Security Into Frameworks: Who is doing it right'''. In this talk, Jerry Hoff, VP of the Static Code Analysis Division at WhiteHat Security, will discuss the importance of security controls in mobile and web frameworks. The talk features a tour through a spectrum of languages and frameworks.  A tip of the hat will be given to frameworks and security controls that demonstrably mitigate vulnerabilities, resulting in more secure code.  A wag of the finger will be given to frameworks that either lack essential security controls, or implement them improperly. 
+
| align="justify" | '''We all are Ashley Madison'''. In this talk, Cristian Borghello will present 2 cases where code review and the security consultant role are so critical and important. Which is the security consultant role? How can we motivate the team and show them that secure programming is possible? How can we prevent the same errors once and again?
  
Many of the OWASP Top 10 vulnerabilities and their corresponding security controls will be discussed.  Participants will walk away with a better understanding of the security libraries available across a wide array of popular web technologies.
 
  
 +
Cristian Borghello has been involved in computer security for more than 15 years, working on vulnerability research, pentesting, source code review and development. He is the CEO of Segu-Info [http://www.segu-info.com.ar|www.segu-info.com.ar]
  
Jerry Hoff is the VP of the Static Code Analysis Division at WhiteHat Security.  Prior to joining WhiteHat, he was a co-founder and managing partner at Infrared Security.  Jerry has worked at a number of fortune ten financial firms, along with years of hands-on security consulting, where he specialized in manual code review, web application penetration testing, and architecture reviews. Jerry also has years of development and teaching experience.  He taught for over seven years at Washington University's CAIT program, and the microcomputer program at University of Missouri in St. Louis. Jerry is the writer/producer of the popular OWASP Appsec Tutorial Series and the lead developer for the WebGoat.NET project. 
 
 
|}
 
|}
<br>
 
  
  
== Juliano Rizzo ==
+
= Speakers =
  
 +
= Keynotes  =
 +
<font size=2pt>
 +
==Jacobo Tibaquirá==
 
{| style="background-color: transparent"
 
{| style="background-color: transparent"
 
|-
 
|-
Line 181: Line 78:
 
! width="1000" align="center" | <br>
 
! width="1000" align="center" | <br>
 
|-
 
|-
| align="center" |http://www.ekoparty.org//images/foto-juliano-rizzo.jpg
+
| align="center" | [[Image:Jacobo Tibaquira.jpg|100px]]
| align="justify" | '''From FUN to CRIME'''. In this talk, Juliano Rizzo will share his experience researching and implementing new practical
+
| align="justify" | '''Attacking the Attackers''' In this talk, Jacobo Tibaquirá will discuss the results of his investigation on countermeasures that can be used if a system administrator detects an attacker on his network.  
cryptographic attacks against web applications and protocols.
 
  
 
Juliano Rizzo has been involved in computer security for more than 12 years, working on vulnerability research, reverse engineering, source code review and development of high quality exploits for bugs of all classes. As a researcher he has published papers, security advisories and tools. His recent work includes the ASP.NET padding oracle exploit and the BEAST and CRIME attacks against the SSL/TLS protocol. Twitter: @julianor
 
  
 
|}
 
|}
Line 198: Line 92:
 
|-
 
|-
 
| align="center" | [[Image:Cristian-borghello-P.jpg|100px]]
 
| align="center" | [[Image:Cristian-borghello-P.jpg|100px]]
| align="justify" | '''Tainted variables to find Potentially Vulnerable Functions (PVF)'''. We will study different ways to statically analyze the source code and
+
| align="justify" | '''We all are Ashley Madison'''. In this talk, Cristian Borghello will present 2 cases where code review and the security consultant role are so critical and important. Which is the security consultant role? How can we motivate the team and show them that secure programming is possible? How can we prevent the same errors once and again? Cristian F. Borghello, holds a degree in Information System,
find vulnerabilities through input variables and functions that can
 
add potential vulnerabilities in web applications. Cristian F. Borghello, holds a degree in Information System,
 
 
developer, Certified Information Systems Security Professional (CISSP)
 
developer, Certified Information Systems Security Professional (CISSP)
 
and Microsoft Security MVP (Most Valuable Professional).
 
and Microsoft Security MVP (Most Valuable Professional).
 +
  
 
Currently Director of Segu-Info and independent consultant in
 
Currently Director of Segu-Info and independent consultant in
Line 217: Line 110:
 
<br>
 
<br>
  
==Hernán M. Racciatti==
+
<br>
{| style="background-color: transparent"
+
 
|-
+
 
! width="200" align="center" | <br>
+
== Talks ==
! width="1000" align="center" | <br>
+
 
|-
+
Ricardo Supo (PERU)OWASP Peru Chapter Leader
| align="center" | [[Image:Photo_Hernan_Racciatti.jpg|100px]]
+
 
| align="justify" | '''The security of your company will be compromised'''. Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security.
+
"Hacking Windows Networks" is that easy when Ricardo is in place! Hacking techniques plus Domainator tool!
 +
 
 +
Mateo Martinez (URUGUAY)OWASP Uruguay
 +
'''SQL Injection Deep Dive''' Welcome to a Deep Dive on SQL Injection. A full tour across the most used SQL Injection Techniques.
 +
 
 +
Fabio Cerullo (IRLANDA)OWASP Board Member
 +
 
 +
'''Desarrollo Rápido y Seguro de Aplicaciones. ¿Es posible tener las dos cosas?'''
 +
 
 +
Josué Rojas Silva (PERU)amn3s1a
 +
 
 +
'''Browser hijacking 4 fun n profit''' Will present Hooking Techniques for Web Browser Control
 +
 
 +
Sheila Ayelen Berta (ARGENTINA)semecayounexploit.com
 +
 
 +
'''Threat Not Found''' is a great presentation about how can be possible to evade Antivirus.
 +
 
 +
Elvin Mollinedo (BOLIVIA)OWASP Bolivia Chapter Leader
 +
 
 +
"Creating Fake GSM Radio Bases with BTS Attacks"will be one of the more trendy and interesting talk about fake cells!.
 +
 
 +
Matias Katz (ARGENTINA)MKIT
 +
'''Social Engineering Attacks with Non-Verbal language''' Software have bugs... humans too!
 +
Cristian Amicelli (ARGENTINA)MKIT
 +
 
 +
'''NLTK Syntax Analysis''' Cristian will show his research about Natural Language Toolkit
 +
 
 +
Martin Tartarelli (ARGENTINA)OWASP Argentina Chapter
 +
'''Web Apps Continuos Scanning''' Research about Continuos Scanning
  
Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field.
+
Mauro Flores (URUGUAY)OWASP Uruguay
  
Among his contributions to the community, should be noted: active participation as a collaborator in some ISECOM´s project (OSSTMM-Open Source Security Testing Methodology Manual and Hacker High School), OISSG (ISSAF – Information Systems Security Assessment Framework), the development of small tools designed to secure information systems and several papers, articles and technical documents written for digital and print publications whit national and international circulation.
+
'''Cloud Security'''
 +
Javier Antunez (ARGENTINA)Porto y Asociados
  
During last year, he found and reported vulnerability in major commercial products.
+
'''SSL & TLS .. a long horror story'''
 +
Diego Bruno (ARGENTINA)Blackmantis Security
  
Hernan Marcelo Racciatti is member of the Core Team at ISECOM (Institute for Security and Open Methodologies), ISSAF Key Contributor at OISSG (Open Information System Security Group), President of CSA (Cloud Security Alliance) Argentina Chapter, Executive Committee Member of the ONG Argentina Cibersegura, ISSA (Information Systems Security Association) and OWASP (Open Web Application Security Project) Buenos Aires Chapter Member.
+
'''TBD'''
 +
Gustavo Nicolas Ogawa (ARGENTINA)Argentina
  
Learn more about Hernan at [http://www.hernanracciatti.com.ar/ http://www.hernanracciatti.com.ar/]
+
'''Facebook Hacking Tool'''
|}
 
<br>
 
  
= Speakers =
+
= Trainings  =
 
<font size=2pt>
 
<font size=2pt>
  
These are the selected presentations and are subject to confirmation from presenters.
+
We have 3 Awesome Trainings for you!
 +
 
 +
== Training 1: From 0 to Ninja on Metasploit==
 +
'''Instructor:''' Jacobo Tibaquirá
 +
 
 +
Jacobo Tibaquirá from DragonJar will be teaching the workshop "From 0 to Ninja with Metasploit" Metasploit is the most widely used Framework for Information Security Experts around the world.
 +
Who do not master this tool is losing a great resource that is freely available to make our work as Ethical Hackers or pentesters.
 +
In this course "From 0 to Ninja with Metasploit" you can shorten the learning curve tool, thanks to the transmission of knowledge and experience of the teachers you'll make the best of Metasploit from a level 0 / Novice to Ninja / Advanced
 +
 
 +
===Course Language===
 +
'''The course will be delivered in SPANISH (español)''' with simultaneous translation in English (if necessary).
 +
 
 +
===Course Overview===
  
{| style="background-color: transparent"
+
Training Audience: Technical<br>
|-
+
Required Skill Level: Intermediate<br>
| width="300" align="center" | '''Name & Title'''
 
| width="1000" align="justify" | '''Bio'''
 
|-
 
|- <br/> || <br/>
 
|-
 
|'''Assessing Application Security Risk''', ''Alex Bauert'' || Application Security Manager, Cargill. 20+ years in IT; localized software, sysadm, and app sec among some other roles. I have worked with application security at a software company, a large bank and currently Cargill. I am also active in the Minnesota OWASP chapter. In my free time I am a youth soccer coach.
 
|-
 
|'''Malware en dispositivos móviles''', ''Sebastian Bortnik'' || Sebastián Bortnik es CISM y el Gerente de Educación y Servicios de ESET para Latinoamérica.
 
|-
 
|'''Password Security Policies - Lessons learned from recent password leaks''', ''Flavio de Cristofaro'' ||  Flavio is the VP of Engineering for Professional Products at Core Securiry. His primary focus is on building and evolving CORE Impact Pro as well as introducing new professional products into the marketplace.
 
He has over 10 years of experience in penetration testing and IT security, having led onsite and remote penetration testing engagements for several clients worldwide. Prior to joining the Engineering team, he led the CORE Security Consulting Services practice where he coordinated leading-edge penetration testing services for multiple global organizations. Prior to joining CORE, he worked at Deloitte leading one of the global penetration testing centers located in Argentina. He also taught at ITBA University in Argentina until 2004.
 
|-
 
|'''OWASP Mobile Top 10''', ''Mauro Flores'' || Mauro Flores tiene más de 15 años de experiencia en Seguridad de la Información. Ha participado en proyectos de diseño, especificación y desarrollo de aplicaciones de seguridad para diferentes empresas de Uruguay y el exterior, incluyendo trabajos de reserarch & Develop en seguridad para empresas de UK y USA. Ha realizado más de 30 test de penetración , diversos trabajos de análisis forense y apoyado a diferentes organizaciones privadas y públicas a la mejora de la seguridad de sus sistemas así como a la mejora de la gestión de la seguridad alineado a las normativas internacionales (SGSI, PCI, etc).
 
  
Actualmente se desempeña como Gerente de la línea de Seguridad de la Información de Deloitte Uruguay. Además, es el Chapter Leader del capitulo Uruguay del OWASP y miembro del Global Industry Committee de esta organización. También es miembro activo del Anti-Phishing Working Group (APWG).
 
|-
 
|'''Resource Certification: Implementation Challenges''', ''Dario Gomez'' || Dario Gomez was formed in 2010 in computer sciences at the University ORT Uruguay. Currently he's working for 4 years as a software developer at Internet Address Registry for Latin America and the Caribbean - LACNIC, where one of main responsibilities is the development of the resources certification system of organization (http://lacnic.net/en/rpki/).
 
Previously, he worked at the help desk and maintenance of servers and networks in the British Hospital of Uruguay.
 
|-
 
|'''Presentation Of The OWASP ODZ Multi CMS Scanner''', ''Mennouchi Islam'' || Mennouchi Islam Azeddine CEO and security consultant at Way4Com Owasp Algeria chapter leader and OWASP ODZ Multi CMS Scanner project leader.
 
|-
 
|'''A real ZAP story''', ''Mateo Martínez'' || With more than 10 years of experience in IT & Security strategy, Business Continuity Management,ISO 27001, CobIT and ITIL he has developed Security Projects based in Dubai, Chicago, Montevideo and Buenos Aires.
 
Information Security Manager in global companies and currently working at McAfee Argentina in a presales role. CISSP, ITIL & MCP certified.
 
  
|-
+
== Training 2: Introduction to Web Apps Security ==
|'''Critérios para Institucionalizar Segurança em Processos de Desenvolvimento de Software''', ''Francisco Nunes'' || Graduated in Computer Science at Universidade Estadual do Ceará (2001), with a graduation study period in Informatique de Gestion at Université du Québec à Chicoutimi (1999). He has a Master's in Computer Science from Universidade de Fortaleza (2007). He has experience in Information Security and Software Engineering, acting on the following subjects: information and software security, business continuity, security engineering, and software life cycle process improvement. He is CISM and CSSLP certified.
+
'''Instructor:''' Fabio Cerullo
|-
 
|'''Understanding HTML5 security''', ''Andres Riancho'' || Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.
 
  
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
+
Fabio is an OWASP Board Member and he will be teaching the workshop "Web Applications Security Introduction" with a both teorical and technical approach to the OWASP Top 10 Risks including SQL Injection, XSS, Broken Auth and Session Management, XSRF, etc.
  
His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like PHDays (Moscow), SecTor (Toronto), OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).
+
===Course Language===
 +
'''The course will be delivered in SPANISH (español)''' with simultaneous translation in English (if necessary).
  
Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
+
Training Audience: Technical<br>
 +
Required Skill Level: Initial<br>
  
Specialties: Web Application Security, Python, IPS device evasion, Networking, Information security research in general, Software development, Agile, Scrum, Product Owner.
 
|-
 
|'''Don't try to block out the sun with your fingers!: Information harvesting with Test-driven development tools and understanding how to avoid it''', ''Nicolas Rodriguez'' || I'm a Senior Security Consultant at Core Security (http://www.coresecurity.com). I have 22 years of programming experience (C/C++, Assembler, Pascal, Clipper, Visual Basic, C#, Visual Basic.NET, Lisp, Python, Ruby and Perl among others), 10 years as a Network Administrator (Linux, Unix and Windows physical and virtual servers) and for the last 6 years I've been working as a Security Consultant doing mostly Network and Applications Penetration Tests, Source Code Audits and Client-Side Penetration Tests.
 
|-
 
|'''Templates to Derive Security Metric based on Attack Patterns''', ''Raja Sekhar'' || Professor Department of Computer Science & Engineering KL University Andhra Pradesh, India. Working in the Academic field for the past 17 years. Interested to contribute in the area of security metrics and cryptography. Developed a security metric program based on Attack Patterns.
 
|-
 
|'''Reducing Web Application Attack Surface with a HMAC based protocol''', ''Breno Silva'' || Breno is a computer scientist with over 9 years experience in Information Security, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a research history publishing articles in academic conferences like IEEE WIFS, IEEE ICMLC, IEEE INDIN, World Academy of Science, as well industry related conferences like OWASP AppSec Latam, OWASP AppSec Research and Ph-Neutral, involving areas as algorithm design for network anomaly detection mechanisms in high-speed networks, application security and malicious code detection. He was a member of Suricata IPS developer team (next-generation IPS funded by US-Homeland Security). Breno is currently a Security Researcher at Trustwave SpiderLabs Research team and maintainer of Apache ModSecurity.
 
|-
 
|'''Using PASTA as a core ingredient to web application threat modeling''', ''Tony UcedaVelez'' || Tony UcedaVelez, CRISC, CISM, CISA, GIAC has more than 14 years of hands-on security and technology experience across government, healthcare, financial, education, and utility sectors. Tony founded VerSprite with the premise of redefining security services to a point that it reflects a hybrid and balanced approach in understanding client needs. Tony has consulted for numerous Fortune 500 organizations as well as large government entities within the areas of application security, security risk management, network security, and governance. Before VerSprite, Tony was the Sr. Director of Policy and Risk Management for a major Fortune 50 information service bureau. Tony's background in IT operations and software development, coupled with security operations, allows him to lead VerSprite with the mission of providing tailored, strategic solutions to its client base. Tony is a frequent speaker/ writer at ISACA, OWASP, and other information security forums around the world and is currently managing the Atlanta OWASP Chapter. He is also currently co-writing a book on application threat modeling via Wiley Life Sciences and has co-developed a patent pending methodology for risk based threat models. Tony is a graduate from Cornell University.
 
|-
 
|'''How dynamic have been static checking?''', ''Felipe Zipitria'' || Felipe Zipitria has a Master Degree in Computer Science from PEDECIBA Informática and his thesis was in the Computer Security field. He is working as a Senior System Administrator and teaching since 1998 at the Computer Science department of the Faculty of Engineering - University of the Republic. From 2006 he joined the Computer Security Group, and has been doing research and teaching Computer Security foundations for pre-graduate students, and Application Security for professionals and as a post-graduate course. He has been using OWASP tools and documentation for its courses since the first course for pre-graduates. As a Senior System Administrator he has specialized in Web Security, using Web Application Firewalls, Apache Web Server and Apache Tomcat, Virtualization, and Clustering. He has made Security Analysis for local enterprises, and several Penetration Tests and Source Code Analysis.
 
  
|}
+
== Training 3: "Practical Applied Cryptography" ==
 +
'''Instructor:''' Javier Antunez
  
 +
===Course Language===
 +
'''The course will be delivered in SPANISH (español)''' with simultaneous translation in English (if necessary).
  
 +
Training Audience: Technical<br>
 +
Required Skill Level: Initial<br>
  
 
= Venue  =
 
= Venue  =
 
<font size=2pt>
 
<font size=2pt>
AppSec Latam 2012 will be held in downtown Montevideo, Uruguay at the [http://www.antel.com.uy/antel/institucional/nuestra-empresa/complejo-torre Antel National Telco Company]. Directions are available through: [https://maps.google.com/maps?q=Auditorio+Torre+de+las+Telecomunicaciones,+Guatemala+1075,+Montevideo+11800,+Uruguay&hl=es-419&ll=-34.899448,-56.179104&spn=0.098412,0.181789&geocode=FaOW6_0dt4qm_A&hnear=Auditorio+Torre+de+las+Telecomunicaciones,+Guatemala+1075,+Montevideo+11800,+Uruguay&t=m&z=13 Google Maps]  
+
AppSec Rio de la Plata 2015 will be held in downtown Montevideo, Uruguay at the [http://www.antel.com.uy/antel/institucional/nuestra-empresa/complejo-torre Antel National Telco Company]. Directions are available through: [https://maps.google.com/maps?q=Auditorio+Torre+de+las+Telecomunicaciones,+Guatemala+1075,+Montevideo+11800,+Uruguay&hl=es-419&ll=-34.899448,-56.179104&spn=0.098412,0.181789&geocode=FaOW6_0dt4qm_A&hnear=Auditorio+Torre+de+las+Telecomunicaciones,+Guatemala+1075,+Montevideo+11800,+Uruguay&t=m&z=13 Google Maps]  
 
<br>
 
<br>
 
<br>
 
<br>
Line 315: Line 221:
 
<br>
 
<br>
 
<br>
 
<br>
<br>
+
<br>--
 
'''Inside the Auditorium (left) and Interactive Room (right):'''<br>
 
'''Inside the Auditorium (left) and Interactive Room (right):'''<br>
  
Line 326: Line 232:
 
== Online Registration ==
 
== Online Registration ==
  
Registration is now closed.
+
[https://myowasp.force.com/MN4__PublicEventRegistration?id=a2oU0000000TVyOIAW Registration is now open!]
 
 
  
 
== Conference Fees ==
 
== Conference Fees ==
 
'''Access to conference:'''
 
'''Access to conference:'''
  
* Before October 15th:  3200.00 UYU (approx. 150.00 USD)
+
*General Access  200 USD
* Before Nov 5th:  4250.00 UYU (approx. 200.00 USD)
 
* After Nov 5st:    5300.00 UYU (approx. 250.00 USD)
 
 
 
 
 
'''Training'''
 
 
 
* Two days: 17000.00 UYU (approx. 800.00 USD)
 
 
 
 
 
'''Discounts'''
 
 
 
* OWASP Member:  50.00 USD (Note: This discount is equal to the cost of becoming an OWASP paid Member.)
 
* Student: 1600.00 UYU (approx. 75.00 USD). Note: student ID or other proof of current student status is required.
 
* Students are eligible for 20% discount off training fees, making the total training cost for 2 days $640.00 USD. To take advantage of this offer, enter the discount code STUDENT_TRAINING at checkout.
 
* Special discounts available for groups registrations. Please send inquiries to [mailto:[email protected] [email protected]].
 
 
 
 
  
 +
-- Discounts --
 +
*OWASP Members 50.00 USD
 +
*Students: 75.00 USD  Note: student ID or other proof of current student status is required
  
 +
'''Trainings'''
 +
*1-Day 500.00 USD
 +
*2 Days 800.00 USD
  
 
= Sponsoring  =
 
= Sponsoring  =
 
<font size=2pt>
 
<font size=2pt>
We are looking for sponsors for 2012 edition of Global AppSec Latin America.
+
We are looking for sponsors for 2015 edition of AppSec Rio de la Plata
 
 
 
 
If you are interested to sponsor Global AppSec Latin America 2012, please contact the conference team: [mailto:[email protected] [email protected]]
 
 
 
 
 
To find out more about the different sponsorship opportunities please check the document below: <br> [https://www.owasp.org/images/3/37/AppSec_LATAM_2012_Sponsorship.pdf OWASP AppSec Latam 2012 Sponsorship Options - English]
 
  
  
 +
If you are interested to sponsor AppSec Rio de la Plata 2015, please contact [[email protected] Kelly Santalucia]
  
  
 +
To find out more about the different sponsorship opportunities please check the document below: <br> [http://appsecriodelaplata.org/2015/wp-content/uploads/2015/08/OWASP-AppSec-Rio-de-la-Plata-2015-Sponsorship.pdf OWASP AppSec Rio de la Plata Sonsorship Options - English]
  
 
= Travel and Accommodation =
 
= Travel and Accommodation =
Line 402: Line 292:
 
[mailto:[email protected] Linn Vander Molen]...ext 520
 
[mailto:[email protected] Linn Vander Molen]...ext 520
  
 
Additionally, the [mailto:[email protected] Conference Planning Team] is available to answer any questions!
 
  
  
Line 409: Line 297:
 
<font size=2pt>
 
<font size=2pt>
  
== Tuesday 20 - After Office ==
 
 
{| style="background-color: transparent"
 
|-
 
! width="200" align="center" | <br>
 
! width="1000" align="center" | <br>
 
|-
 
| align="center" | [[Image:After Office OWASP.jpg|320x240px]]
 
|
 
'''After the first day of conference, let´s go for some beers out there! (and of course Mojitos and Daikiris also available :D )'''
 
 
'''Walrus''' is located at Cr. Luis E. Lecueder 3536, Montevideo, Uruguay. This is the WTC Plaza, near Montevideo Shopping Center. Check its website: [http://www.walrus.com.uy/ http://www.walrus.com.uy/]
 
 
 
[https://www.owasp.org/images/7/71/OWASPTransferAfterHour_V2_en.pdf Directions to/from in English]
 
 
[https://www.owasp.org/images/d/db/OWASPTransferAfterHour_V2_sp.pdf Directions  to/from in Spanish]
 
 
 
|}
 
 
== Wednesday 21 - Closure Diner ==
 
<font size=2pt>
 
  
{| style="background-color: transparent"
 
|-
 
! width="200" align="center" | <br>
 
! width="1000" align="center" | <br>
 
|-
 
| align="center" | [[Image:BodegaCastilloViejo.jpg|320x240px]]
 
|
 
After the closing ceremony, for the last dinner of the event we will travel to Bodega Castillo Viejo, a winery located 40 minutes from Montevideo.
 
The fee is about 1400.00 UYU (approx. 70.00 USD) including:
 
 
- Dinner with appetizer, main course (barbecue) with wine and dessert
 
- A guided tour of the winery, the wine cellars and the winery surroundings
 
- Transport to the winery from the conferences venue and back to the [http://fourpoints.com/MONTEVIDEO Four Points Sheraton Montevideo hotel].
 
 
To confirm you are coming, please pay by adding this to your registration in cvent (payment via credit card) or stopping by the registration desk at the conference to pay via cash.
 
 
'''[https://www.cvent.com/Events/Register/RegNumConfirmation.aspx?e=6e6cac65-3617-499a-a150-72e5c21b1ecf Click here to modify your registration].'''
 
 
 
If you have questions - please send an email to: [mailto:[email protected] Conference Planning Team]
 
 
 
In case you want to [http://www.castilloviejo.com/en check out the winery]:  http://www.castilloviejo.com/en
 
 
"Castillo Viejo is today a winery recognized both in Uruguay and the whole world for making an excellent experience of fine wines. With awarded wines around the world and a great restaurant, Castillo Viejo is not only an excellent winery but also a beautiful place to visit.”
 
 
|}
 
  
 
= Chapter Leader Workshop =
 
= Chapter Leader Workshop =
 
<font size=2pt>
 
<font size=2pt>
 
 
<span style="color:red">'''UPDATED INFORMATION:'''<br> Date & Time of Workshop: 6:00 PM, Monday November 19<br> Location: Meeting Room on the 2nd Floor at the 4 Points Sheraton Hotel</span>
 
  
  
Line 473: Line 308:
 
Uruguay<br>
 
Uruguay<br>
 
Phone: (598)(2) 9017000
 
Phone: (598)(2) 9017000
 
 
 
  
  
 
==About the Workshop==
 
==About the Workshop==
'''2012 Chapters Workshop to be held at the Conference Venue on the afternoon of November 19th, 2012 (the day before the conference)'''
 
*September 17th - AppSec Latam Chapters workshop sponsorship applications due
 
*September 21 - Applicants notified of status
 
  
  
Line 494: Line 323:
  
 
If you need financial assistance to attend the Chapter Leader Workshops please submit a request to via the Contact Us Form http://owasp4.owasp.org/contactus.html by the application deadline for each of the events.
 
If you need financial assistance to attend the Chapter Leader Workshops please submit a request to via the Contact Us Form http://owasp4.owasp.org/contactus.html by the application deadline for each of the events.
*September 17th - AppSec Latam Chapters workshop sponsorship applications due
 
*September 21 - Applicants notified of status
 
 
  
 
Additional Information for Applicants:
 
Additional Information for Applicants:
Line 515: Line 341:
 
<font size=2pt>
 
<font size=2pt>
  
==2012 AppSec Latam Conference Volunteer Team==
+
==2015 AppSec Rio de la Plata Conference Volunteer Team==
 
* Mateo Martinez
 
* Mateo Martinez
 
* Mauro Flores
 
* Mauro Flores
 
* Felipe Zipitria
 
* Felipe Zipitria
 
* Mauricio Papaleo
 
* Mauricio Papaleo
* Alberto Hill
+
* [[user:Alberto_Daniel_Hill|Hill,Alberto]]
 
* Maximiliano Alonzo
 
* Maximiliano Alonzo
 
* Rodrigo Martinez
 
* Rodrigo Martinez
* Mario Pereyra
+
* Guillermo Skrilec
 +
* Gerardo Canedo
 
* Martin Tartarelli
 
* Martin Tartarelli
* Fabio Cerullo
+
* Mario Garcia
 
 
 
 
==OWASP Staff Support==
 
* Sarah Baso
 
* Kate Hartmann
 
 
 
 
 
 
 
Contact us at [mailto:[email protected] [email protected]]
 
</font>
 
 
 
  
 
=Archives=
 
=Archives=
Line 553: Line 369:
  
 
<headertabs />
 
<headertabs />
 
{{:OWASP AppSec Latam 2012 Footer}}
 
  
  
 
[[Category:OWASP_AppSec_Conference]]
 
[[Category:OWASP_AppSec_Conference]]

Latest revision as of 06:40, 6 July 2017

OWASP Project Header.jpg

Para sumarse a la lista de correo de OWASP Uruguay, registrarse aquí: Lista de correo OWASP Uruguay


REGISTRATION HERE! ---


We are pleased to announce that the OWASP Uruguay chapter will host the OWASP AppSec Rio de la Plata 2015 conference in Montevideo, Uruguay at ANTEL National Telco Company. The event will be composed of 2 days of training (November 31- December 1st), followed by 2 days of conference talks (December 2-3).


The AppSec Rio de la Plata 2015 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 300-400 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

About our Call for Papers:

- Submissions until October 8th, 2015.
- Accepted Proposals on October 9th, 2015.
- But, if you have a great one, send it at anytime! :)   CALL FOR PAPERS SUBMIT'



Jacobo Tibaquirá



Attacking the Attackers: In this talk, Jacobo Tibaquirá , who is part of DragonJar, will discuss the results of his investigation on countermeasures that can be used if a system administrator detects an attacker on his network.

Jacobo Tibaquirá from DragonJar will be teaching the workshop "From 0 to Ninja with Metasploit" Metasploit is the most widely used Framework for Information Security Experts around the world.



Cristian Borghello



We all are Ashley Madison. In this talk, Cristian Borghello will present 2 cases where code review and the security consultant role are so critical and important. Which is the security consultant role? How can we motivate the team and show them that secure programming is possible? How can we prevent the same errors once and again?


Cristian Borghello has been involved in computer security for more than 15 years, working on vulnerability research, pentesting, source code review and development. He is the CEO of Segu-Info [1]


Jacobo Tibaquirá



100px Attacking the Attackers In this talk, Jacobo Tibaquirá will discuss the results of his investigation on countermeasures that can be used if a system administrator detects an attacker on his network.



Cristian Borghello



Cristian-borghello-P.jpg We all are Ashley Madison. In this talk, Cristian Borghello will present 2 cases where code review and the security consultant role are so critical and important. Which is the security consultant role? How can we motivate the team and show them that secure programming is possible? How can we prevent the same errors once and again? Cristian F. Borghello, holds a degree in Information System,

developer, Certified Information Systems Security Professional (CISSP) and Microsoft Security MVP (Most Valuable Professional).


Currently Director of Segu-Info and independent consultant in Information Security. He writes for various specialized media and research independently on Computer Security and Information. Interest in Computer Security and its research has led him to keep this site: http://www.segu-info.com.ar/ Cristian is member of OWASP (Open Web Application Security Project) Buenos Aires Chapter, ISSA (Information Systems Security Association), CSA (Cloud Security Alliance) Argentina Chapter and ISC2 Argentina Chapter.




Talks

Ricardo Supo (PERU)OWASP Peru Chapter Leader

"Hacking Windows Networks" is that easy when Ricardo is in place! Hacking techniques plus Domainator tool!

Mateo Martinez (URUGUAY)OWASP Uruguay SQL Injection Deep Dive Welcome to a Deep Dive on SQL Injection. A full tour across the most used SQL Injection Techniques.

Fabio Cerullo (IRLANDA)OWASP Board Member

Desarrollo Rápido y Seguro de Aplicaciones. ¿Es posible tener las dos cosas?

Josué Rojas Silva (PERU)amn3s1a

Browser hijacking 4 fun n profit Will present Hooking Techniques for Web Browser Control

Sheila Ayelen Berta (ARGENTINA)semecayounexploit.com

Threat Not Found is a great presentation about how can be possible to evade Antivirus.

Elvin Mollinedo (BOLIVIA)OWASP Bolivia Chapter Leader

"Creating Fake GSM Radio Bases with BTS Attacks"will be one of the more trendy and interesting talk about fake cells!.

Matias Katz (ARGENTINA)MKIT Social Engineering Attacks with Non-Verbal language Software have bugs... humans too! Cristian Amicelli (ARGENTINA)MKIT

NLTK Syntax Analysis Cristian will show his research about Natural Language Toolkit

Martin Tartarelli (ARGENTINA)OWASP Argentina Chapter Web Apps Continuos Scanning Research about Continuos Scanning

Mauro Flores (URUGUAY)OWASP Uruguay

Cloud Security Javier Antunez (ARGENTINA)Porto y Asociados

SSL & TLS .. a long horror story Diego Bruno (ARGENTINA)Blackmantis Security

TBD Gustavo Nicolas Ogawa (ARGENTINA)Argentina

Facebook Hacking Tool

We have 3 Awesome Trainings for you!

Training 1: From 0 to Ninja on Metasploit

Instructor: Jacobo Tibaquirá

Jacobo Tibaquirá from DragonJar will be teaching the workshop "From 0 to Ninja with Metasploit" Metasploit is the most widely used Framework for Information Security Experts around the world. Who do not master this tool is losing a great resource that is freely available to make our work as Ethical Hackers or pentesters. In this course "From 0 to Ninja with Metasploit" you can shorten the learning curve tool, thanks to the transmission of knowledge and experience of the teachers you'll make the best of Metasploit from a level 0 / Novice to Ninja / Advanced

Course Language

The course will be delivered in SPANISH (español) with simultaneous translation in English (if necessary).

Course Overview

Training Audience: Technical
Required Skill Level: Intermediate


Training 2: Introduction to Web Apps Security

Instructor: Fabio Cerullo

Fabio is an OWASP Board Member and he will be teaching the workshop "Web Applications Security Introduction" with a both teorical and technical approach to the OWASP Top 10 Risks including SQL Injection, XSS, Broken Auth and Session Management, XSRF, etc.

Course Language

The course will be delivered in SPANISH (español) with simultaneous translation in English (if necessary).

Training Audience: Technical
Required Skill Level: Initial


Training 3: "Practical Applied Cryptography"

Instructor: Javier Antunez

Course Language

The course will be delivered in SPANISH (español) with simultaneous translation in English (if necessary).

Training Audience: Technical
Required Skill Level: Initial

AppSec Rio de la Plata 2015 will be held in downtown Montevideo, Uruguay at the Antel National Telco Company. Directions are available through: Google Maps

The conference training and talks will be held in the conference auditorium and interactive room, which are adjacent to the Antel Tower.

Antel Tower:

Antel National Telco Building.jpg


Antel Telco Auditorium (left) and Auditorium main entrance (right):

Antel Telco Venue Auditorium.jpg Antel Telco Main Entrance to Auditorium.jpg


-- Inside the Auditorium (left) and Interactive Room (right):

Antel Telco Auditorium 02.jpg Antel Telco Interactive Room 02.jpg]

Online Registration

Registration is now open!

Conference Fees

Access to conference:

  • General Access 200 USD

-- Discounts --

  • OWASP Members 50.00 USD
  • Students: 75.00 USD Note: student ID or other proof of current student status is required

Trainings

  • 1-Day 500.00 USD
  • 2 Days 800.00 USD

We are looking for sponsors for 2015 edition of AppSec Rio de la Plata


If you are interested to sponsor AppSec Rio de la Plata 2015, please contact [[email protected] Kelly Santalucia]


To find out more about the different sponsorship opportunities please check the document below:
OWASP AppSec Rio de la Plata Sonsorship Options - English

Accommodation

We've been able to arrange for accommodation with the Four Points Sheraton Hotel for attendees. These rooms have been allocated at a special rate, and available strictly for a limited time. To book these rooms at the special rate, you need to use the booking link shown below. These rooms are available one night either side of the event ensuring that if you are travelling interstate or international it's easy to find a room at a good rate. The room rate allocated for the event is $169/USD per night and includes breakfast.


Note: Conference events will primarily be held at the Antel National Telco Company. We will have a few events held at this hotel and are arranging for transportation between the Sheraton and Antel building.


Four Points Sheraton Montevideo
Ejido 1275
Montevideo 11100
Uruguay
Phone: (598)(2) 9017000
Fax: (598)(2) 9032247
Email: [email protected]


To make your reservation, visit: https://www.starwoodmeeting.com/StarGroupsWeb/res?id=1209182075&key=76379


Directions to/from in English

Directions to/from in English


Need more assistance booking your travel?

For assistance with any of the items below, feel free to utilize OWASP's preferred travel agency:
Segale Travel Service contact information is: +1-800-841-2276
Sr. Travel Consultants:
Maria Martinez...ext 524
Linn Vander Molen...ext 520




Four Points Sheraton Montevideo
Ejido 1275
Montevideo 11100
Uruguay
Phone: (598)(2) 9017000


About the Workshop

We plan to start with a 1.5 hour session including an overview of the chapter handbook. This session will be video taped and available for chapter leaders to use in their local chapters (or to be viewed by those unable to attend). The second part of the workshop will be a roundtable discussion on regional issues and challenges, with a goal of working together to create solutions. If you are interested in participating in either of these workshops, please register for the conference and select this workshop, please register for the Conference and select the optional session "chapter leaders workshop" as part of the registration process. Remember that conference attendance is free for current chapter and project leaders.


Info about last year's workshop: Meeting Minutes from Latin America Chapters Workshop 2011


Sponsorship to Attend the Chapters Workshop

If you need financial assistance to attend the Chapter Leader Workshops please submit a request to via the Contact Us Form http://owasp4.owasp.org/contactus.html by the application deadline for each of the events.

Additional Information for Applicants:

  • Priority of sponsorships will be given to those not covered by a sponsorship to attend a previous workshop. Additionally, we are looking for new or struggling chapter leaders who need assistance kick starting their chapter.
  • When you apply for funding, please let us know *why we should sponsor you*. While we prefer that chapter leaders use their own chapter's funds before requesting a sponsorship, this is not a requirement for application.
  • If your chapter has fund but will not be using them to sponsor your attendance, please include why you will not be using the funds for this purpose (i.e. what are the other plans for those funds?).


Questions?

If any questions, please contact us at: http://owasp4.owasp.org/contactus.html


2015 AppSec Rio de la Plata Conference Volunteer Team

  • Mateo Martinez
  • Mauro Flores
  • Felipe Zipitria
  • Mauricio Papaleo
  • Hill,Alberto
  • Maximiliano Alonzo
  • Rodrigo Martinez
  • Guillermo Skrilec
  • Gerardo Canedo
  • Martin Tartarelli
  • Mario Garcia

Training Instructor Agreement

By submitting your training proposal through our CFT, you are consenting to stay within the guidelines of the Training Instructor Agreement. We will ask you to sign and complete the Agreement and email it back to us if your talk is selected and you accept.


Training Instuctor Agreement


Speaker Agreement

By submitting your proposal for a talk/paper through our CFP, you are consenting to stay within the guidelines of the speaker agreement: https://www.owasp.org/index.php/Speaker_Agreement