This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec Asia 2008 - Taiwan"

From OWASP
Jump to: navigation, search
((2008/10/27) - Day 1)
 
(130 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in attending, please email [mailto:[email protected] Wayne].
+
== NOW AVAILABLE: OWASP AppSec Asia 2008 Session Slides ==
 +
 
 +
The session slides are now available; please go to SESSION column under [https://www.owasp.org/index.php/OWASP_AppSec_Asia_2008_-_Taiwan#OWASP_AppSec_Asia_2008.2C_Conference_Schedule_.28Oct_27th_-_Oct_28th.29 Conference Schedule] to access to the slides.
 +
 
 +
== A Note of Thanks ==
 +
 
 +
We would like to thank this year's 1200+ attendees who came to show support for OWASP App Sec Asia 2008!! As well as our Speakers, Chapter leaders and Sponsors who helped make this year's OWASP Asia Conference a great success!
 +
[[Image:OWASP_Asia_08.jpg|center|733px]]
 +
 
 +
 
 +
== OWASP AppSec Asia 2008 - Taiwan==
 +
 
 +
Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please [mailto:[email protected] email us].
 +
 
 +
Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.
 +
 
 +
 
 +
[[Image:Map2.png|center]]
  
 
== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==
 
== OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th) ==
Line 5: Line 22:
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
 
  ! colspan="2" align="center" style="background:#4058A0; color:white" |   
 
  ! colspan="2" align="center" style="background:#4058A0; color:white" |   
== (2008/10/27) - Day 1 ==
+
=== (2008/10/27) - Day 1 ===
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 27: Line 44:
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''<br><br>'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''<br><br>'''
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-11:00''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]]<br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00-10:50''' || style="width:30%; background:#A7BFDE" align="center" | ''' [[What's Next? Strategies for Web Application Security]]<br>''' '''[https://www.owasp.org/images/4/41/OWASP_Asia_2008_YMChen.pdf Slides]'''
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<BR>[[YM Chen, Director, McAfee Foundstone]]<br><BR>'''  
+
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | '''<BR>[[YM Chen, Director, Foundstone, A Division of McAfee]]<br><BR>'''  
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:10-12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00-11:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web-based Malware obfuscation: the kung-fu and the detection]]''' '''[https://www.owasp.org/images/6/6b/OWASP_Asia_2008_Wayne.pdf Slides]'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''<BR>[[Wayne Huang, OWASP Taiwan Chapter]]<br><BR>'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''<BR>[[Wayne Huang, OWASP Taiwan Chapter]]<br><BR>'''
 
|-
 
|-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
  ! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
+
  ! colspan="2" align="center" style="background:#4058A0; color:white" | 11:50 - 12:40 Lunch
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 44: Line 61:
 
   
 
   
 
   |-
 
   |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''12:40 - 13:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]]<BR><br>''' '''[https://www.owasp.org/images/1/14/OWASP_Asia_2008_KK.pdf Slides]'''
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Charmi Lin, Taiwan Information & Communication Security Technology Center]]<br>'''
+
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[KK Mookhey (OWASP Mumbai)]]<br>'''
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:50 - 14:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]]<BR><br>'''
+
{| style="width:80%" border="0" align="center"
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Tim Bass, OWASP Thailand Chapter]]<br>'''
+
! colspan="2" align="center" style="background:#4058A0; color:white" | '''13:40 - 15:40 Asia Chapter Leader Meeting'''  
 +
'''Attendee:''' China, Delhi, HK, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters
 +
 
 +
'''P.S:''' Meeting with go in parallel to the two of the talk sessions and coffee break.
 
  |-
 
  |-
 +
{| style="width:80%" border="0" align="center"
 +
! colspan="4" align="center" style="background:#4F81BD; color:white" |
 +
|-
 +
| align="center" style="width:33%; background:#4F81BD; color:white" | '''13:40 - 14:30''' || style="width:33%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]]<BR><br>'''
 +
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[PK (Taiwan Criminal Investigation Bureau)]]<br>'''
 +
  |-
 +
 
|-
 
|-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
  ! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break
+
  ! colspan="2" align="center" style="background:#4058A0; color:white" | 14:30 - 14:50 Coffee Break
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 62: Line 89:
 
   
 
   
 
   |-
 
   |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:00 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[How bad can Web vulnerabilities be—case study on a 50 million personal records breach]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:50 - 15:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]]<BR><br>''' '''[https://www.owasp.org/images/6/6a/OWASP_Asia_2008_Fyodor.pdf Slides]'''
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[PK (Taiwan Criminal Investigation Bureau)]]<br>'''
+
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Fyodor Yarochkin (Guard-Info)]]<br>'''
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Tiny coding errors, big losses: real stories of website 0wnage]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:50 - 16:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Web Application Proactive and Passive Defense Best Practices <BR><br>''' '''[https://www.owasp.org/images/d/d2/OWASP_Asia_2008_FrankFan.pdf Slides]'''
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Fyodor (Guard-Info)]]<br>'''
+
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Frank Yuan Fan, OWASP China Chapter]]<br>'''
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:40''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:50 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Why Webmail systems are hard to secure--using real case studies]]<BR><br>'''
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]]<br>'''
+
'''[https://www.owasp.org/images/d/d3/OWASP_Asia_Taiwan_Charmi.pdf Slides]‎'''
 +
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Charmi Lin (Taiwan Information & Communication Security Technology Center)]]<br>'''
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:40''' || style="width:30%; background:#A7BFDE" align="center" | '''Asia Chapter Leader’s Meeting <BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''17:40 - 18:10''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Penetration Test with BackTrack: Art of Exploitation]]<BR><br>''' '''[https://www.owasp.org/images/f/f7/OWASP_Asia_2008_Anthony.pdf Slides]'''
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''Delhi, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapter Leaders<br>'''
+
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Anthony Lai (Dark Floyd), OWASP HK Chapter]]<br>'''
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
  ! colspan="2" align="center" style="background:#4058A0; color:white" |
+
  ! colspan="2" align="center" style="background:#4058A0; color:white" |
== (2008/10/28) - Day 2 ==
+
 
 +
=== (2008/10/28) - Day 2 ===
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 86: Line 115:
 
   
 
   
 
   |-
 
   |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:00- 11:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''09:00- 10:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[New 0-Day Browser Exploits: Clickjacking - yea, this is bad...]]<BR><br>''' '''[https://www.owasp.org/images/9/9f/OWASP_Asia_2008_RSnake.pdf Slides]'''  
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Robert "RSnake" Hansen (SecTheory)]]<br>'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Robert "RSnake" Hansen (SecTheory)]]<br>'''
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:00- 12:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''10:40- 11:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Web 2.0, Consumerization, and Application Security]]<BR><br>''' '''[https://www.owasp.org/images/1/15/OWASP_Asia_2008_Chenxi.pdf Slides]'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Chenxi Wang, Ph.D. (Forrester Research)]]<br>'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Chenxi Wang, Ph.D. (Forrester Research)]]<br>'''
 +
|-
 +
| align="center" style="width:20%; background:#4F81BD; color:white" | '''11:40- 12:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks]]<BR><br>''' '''[https://www.owasp.org/images/7/74/OWASP_Asia_2008_Pukhraj.pdf Slides]'''
 +
| style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Dhruv Soi (OWASP Delhi Chapter Leader)]], [[Pukhraj Singh (OWASP Delhi Chapter)]]<br>'''
 
|-
 
|-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
  ! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch
+
  ! colspan="2" align="center" style="background:#4058A0; color:white" | 12:30 - 13:30 Lunch
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 103: Line 135:
 
   
 
   
 
   |-
 
   |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:00 - 13:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Good Business Penetration Testing]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''13:30 - 14:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example]]<BR><br>''' '''[https://www.owasp.org/images/e/e5/OWASP_Asia_2008_TimBass.pdf Slides]'''
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[KK Mookhey (OWASP Mumbai)]]<br>'''
+
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Tim Bass, OWASP Thailand]]<br>'''
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:00 - 14:50''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''14:30 - 15:20''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Best Practices Guide: Web Application Firewalls]]  
 +
'''[https://www.owasp.org/images/5/5d/AppSecASIA08-BPWAF.pdf Slides]'''<BR><br>'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Alexander Meisel (OWASP Germany)]]<br>'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Alexander Meisel (OWASP Germany)]]<br>'''
 
  |-
 
  |-
 
|-
 
|-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
  ! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break
+
  ! colspan="2" align="center" style="background:#4058A0; color:white" | 15:20 - 15:40 Coffee Break
 
  |-
 
  |-
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
Line 121: Line 154:
 
   
 
   
 
   |-
 
   |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:10 - 16:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''15:40 - 16:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets]]<BR><br>''' '''[https://www.owasp.org/images/0/09/OWASP_Asia_2008_Steven.pdf Slides]'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Steven Adair (ShadowServer Foundation)]]<br>'''
 
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[[Steven Adair (ShadowServer Foundation)]]<br>'''
 
  |-
 
  |-
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:10 - 17:00''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]]<BR><br>'''
+
| align="center" style="width:20%; background:#4F81BD; color:white" | '''16:40 - 17:30''' || style="width:30%; background:#A7BFDE" align="center" | '''[[Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?]]<BR><br>'''
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor],  [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], Tim Bass, [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM]<br>'''
+
  | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |  '''[https://www.owasp.org/index.php/Alexander_Meisel_(OWASP_Germany) Alex], [https://www.owasp.org/index.php/Anthony_Lai_(Dark_Floyd)%2C_OWASP_HK_Chapter Anthony], [https://www.owasp.org/index.php/Chenxi_Wang%2C_Ph.D._(Forrester_Research) Chenxi], [https://www.owasp.org/index.php/Dhruv_Soi_(OWASP_Delhi_Chapter_Leader) Dhruv], [https://www.owasp.org/index.php/Frank_Fan%2C_OWASP_China Frank Fan], [https://www.owasp.org/index.php/Fyodor_(Guard-Info) Fyodor],  [https://www.owasp.org/index.php/KK_Mookhey_(OWASP_Mumbai) KK], [https://www.owasp.org/index.php/Robert_%22RSnake%22_Hansen_(SecTheory) Robert], [https://www.owasp.org/index.php/Tim_Bass%2C_OWASP_Thailand Tim Bass], [https://www.owasp.org/index.php/Wayne_Huang%2C_OWASP_Taiwan_Chapter Wayne], [https://www.owasp.org/index.php/YM_Chen%2C_Director%2C_McAfee_Foundstone YM] <br>'''
 
|-
 
|-
  
  
 
|}
 
|}
==Orion is totally Awesome!==
+
 
 +
==Conference Fees & Registration==
 +
 
 +
 
 +
 
 +
=== Conference Fees ===
 +
 
 +
The fee for the two days conference is USD 35, which includes:
 +
*Two lunches
 +
*Coffee breaks
 +
*Conference T-Shirt
 +
 
 +
=== Registration ===
 +
 
 +
Registration is now open!! Please [mailto:[email protected] '''contact us'''] for the registration.
 +
 
 +
== Conference T-Shirt ==
 +
[[Image:OWAS AppSec Asia Tshirt.png]]
 +
 
 +
== Conference Venue==
 +
 
 +
'''Taipei International Convention Center'''
 +
 
 +
'''Address:''' 3rd floor Conference Hall, Xin Yi Road, Section 5, number 1, Taipei, Taiwan R.O.C.
 +
 
 +
'''[http://www.ticc.com.tw/index_en.aspx Website]'''
 +
 
 +
== Hotel Information ==
 +
 
 +
'''San Want Hotel'''
 +
 
 +
'''Address:''' No.172, Sec. 4, ZhongXiao East Road, Taipei, Taiwan
 +
 
 +
Tel:+886-2-2772-2121 | Fax : +886-2-2721-0302
 +
 
 +
'''[http://www.sanwant.com/ Website]'''
 +
 
 +
                                                   
 +
'''Hope City FuShing Hotel'''
 +
 
 +
'''Address:''' No.275, Sec.1, Fushing S. Rd., Taipei, Taiwan
 +
 
 +
Tel : +886-2-2703-9990 | Fax : +886-2-2706-8547
 +
 
 +
'''[http://www.city-hotel.com.tw/bussiness/b2/b2-en.htm Website]'''
 +
 
 +
== Taipei City Map - With OWASP Venue and Hotels Marked ==
 +
 
 +
 
 +
[[Image: Owasp_appsec_asia_2007_tpe_map_new.png|center]]
 +
 
 +
== Welcome to Taiwan==
 +
And WELCOME TO TAIWAN! Please check out [http://tw.youtube.com/watch?v=wRc0q9xQEQ4 this video] about interesting places in Taiwan.
 +
If you need suggestions on how to plan out your trip, please feel free to [mailto:[email protected] '''contact us!''']
 +
 
 +
 
 +
== OWASP AppSec Asia 2008 Conference Sponsors ==
 +
 
 +
----
 +
 
 +
=== ''Guide Team:'' ===
 +
 
 +
 
 +
[http://www.moeaidb.gov.tw https://www.owasp.org/images/8/82/IDB.png]
 +
[http://www.moea.gov.tw/ https://www.owasp.org/images/a/a4/MOEA.png]
 +
 
 +
----
 +
 
 +
=== ''Organizers:'' ===
 +
 
 +
 
 +
[http://www.owasp.org/index.php/Taiwan https://www.owasp.org/images/2/2b/OWASP_TW.png]
 +
[http://www.iii.org.tw/english/ https://www.owasp.org/images/7/75/III.png]
 +
[http://web.cisanet.org.tw/# https://www.owasp.org/images/6/64/CISA.png]
 +
 
 +
----
 +
 
 +
=== ''Platinum Sponsors:'' ===
 +
 
 +
[http://www.armorize.com https://www.owasp.org/images/9/98/Armorize.png]  -  [http://www.fortify.com/ https://www.owasp.org/images/c/c7/Fortify.png]  -  [http://www.imperva.com/ https://www.owasp.org/images/d/da/IMPERVA.png]  - 
 +
[http://www.mtechpro.com/ https://www.owasp.org/images/b/be/MTECH.png]  - 
 +
[http://www.mudynamics.com/ https://www.owasp.org/images/1/17/Mu_Dynamics.png]  - 
 +
[http://www.systex.com.tw/english/index.asp https://www.owasp.org/images/5/5e/SYSTEX.png]  - 
 +
[http://www.twisc.ntust.edu.tw/ https://www.owasp.org/images/6/6d/TWISC.png]
 +
 
 +
----
 +
 
 +
=== ''Gold Sponsors:'' ===
 +
 
 +
[http://www.bluecoat.com/ https://www.owasp.org/images/9/9c/BLUECOAT.png]
 +
[http://www.eraysecure.com.tw/ https://www.owasp.org/images/e/ea/ERay.png]
 +
[http://tw.yahoo.com/ https://www.owasp.org/images/a/a9/YahooTw.png]
 +
 
 +
----
 +
 
 +
=== ''Silver Sponsors:'' ===
 +
 
 +
[http://www.network-box.com.tw/ https://www.owasp.org/images/0/08/NETWORK_BOX.png]
 +
 
 +
----
 +
 
 +
=== ''Media Partners'': ===
 +
 
 +
[http://www.isecutech.com.tw/main/index.aspx https://www.owasp.org/images/9/97/INFOSECURITY.png]

Latest revision as of 03:25, 17 November 2008

NOW AVAILABLE: OWASP AppSec Asia 2008 Session Slides

The session slides are now available; please go to SESSION column under Conference Schedule to access to the slides.

A Note of Thanks

We would like to thank this year's 1200+ attendees who came to show support for OWASP App Sec Asia 2008!! As well as our Speakers, Chapter leaders and Sponsors who helped make this year's OWASP Asia Conference a great success!

OWASP Asia 08.jpg


OWASP AppSec Asia 2008 - Taiwan

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please email us.

Two professional translators will be at the conference to conduct simultaneous oral translation between English and Mandarin. Wireless earphones will be provided.


Map2.png

OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th)

(2008/10/27) - Day 1

08:30 - 09:30 Door opens for registration
TIME SESSION SPEAKER
09:30- 09:40 Opening welcome and an introduction to this year’s program

Wayne Huang, Conference Chair
09:40-09:50 Welcome by Institute for Information Industry


09:50-10:00 Welcome by Information Security Consortium, Information Service Industry Association



10:00-10:50 What's Next? Strategies for Web Application Security
Slides

YM Chen, Director, Foundstone, A Division of McAfee

11:00-11:50 Web-based Malware obfuscation: the kung-fu and the detection Slides
Wayne Huang, OWASP Taiwan Chapter

11:50 - 12:40 Lunch
TIME SESSION SPEAKER
12:40 - 13:30 Good Business Penetration Testing

Slides
KK Mookhey (OWASP Mumbai)
13:40 - 15:40 Asia Chapter Leader Meeting

Attendee: China, Delhi, HK, Korea, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters

P.S: Meeting with go in parallel to the two of the talk sessions and coffee break.

13:40 - 14:30 How bad can Web vulnerabilities be—case study on a 50 million personal records breach

PK (Taiwan Criminal Investigation Bureau)
14:30 - 14:50 Coffee Break
TIME SESSION SPEAKER
14:50 - 15:40 Tiny coding errors, big losses: real stories of website 0wnage

Slides
Fyodor Yarochkin (Guard-Info)
15:50 - 16:40 Web Application Proactive and Passive Defense Best Practices

Slides
Frank Yuan Fan, OWASP China Chapter
16:50 - 17:30 Why Webmail systems are hard to secure--using real case studies

Slides

Charmi Lin (Taiwan Information & Communication Security Technology Center)
17:40 - 18:10 Penetration Test with BackTrack: Art of Exploitation

Slides
Anthony Lai (Dark Floyd), OWASP HK Chapter

(2008/10/28) - Day 2

TIME SESSION SPEAKER
09:00- 10:30 New 0-Day Browser Exploits: Clickjacking - yea, this is bad...

Slides
Robert "RSnake" Hansen (SecTheory)
10:40- 11:30 Web 2.0, Consumerization, and Application Security

Slides
Chenxi Wang, Ph.D. (Forrester Research)
11:40- 12:30 Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks

Slides
Dhruv Soi (OWASP Delhi Chapter Leader), Pukhraj Singh (OWASP Delhi Chapter)
12:30 - 13:30 Lunch
TIME SESSION SPEAKER
13:30 - 14:20 Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example

Slides
Tim Bass, OWASP Thailand
14:30 - 15:20 Best Practices Guide: Web Application Firewalls

Slides

Alexander Meisel (OWASP Germany)
15:20 - 15:40 Coffee Break
TIME SESSION SPEAKER
15:40 - 16:30 The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets

Slides
Steven Adair (ShadowServer Foundation)
16:40 - 17:30 Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?

Alex, Anthony, Chenxi, Dhruv, Frank Fan, Fyodor, KK, Robert, Tim Bass, Wayne, YM

Conference Fees & Registration

Conference Fees

The fee for the two days conference is USD 35, which includes:

  • Two lunches
  • Coffee breaks
  • Conference T-Shirt

Registration

Registration is now open!! Please contact us for the registration.

Conference T-Shirt

OWAS AppSec Asia Tshirt.png

Conference Venue

Taipei International Convention Center

Address: 3rd floor Conference Hall, Xin Yi Road, Section 5, number 1, Taipei, Taiwan R.O.C.

Website

Hotel Information

San Want Hotel

Address: No.172, Sec. 4, ZhongXiao East Road, Taipei, Taiwan

Tel:+886-2-2772-2121 | Fax : +886-2-2721-0302

Website


Hope City FuShing Hotel

Address: No.275, Sec.1, Fushing S. Rd., Taipei, Taiwan

Tel : +886-2-2703-9990 | Fax : +886-2-2706-8547

Website

Taipei City Map - With OWASP Venue and Hotels Marked

Owasp appsec asia 2007 tpe map new.png

Welcome to Taiwan

And WELCOME TO TAIWAN! Please check out this video about interesting places in Taiwan. If you need suggestions on how to plan out your trip, please feel free to contact us!


OWASP AppSec Asia 2008 Conference Sponsors


Guide Team:

IDB.png MOEA.png


Organizers:

OWASP_TW.png III.png CISA.png


Platinum Sponsors:

Armorize.png - Fortify.png - IMPERVA.png - MTECH.png - Mu_Dynamics.png - SYSTEX.png - TWISC.png


Gold Sponsors:

BLUECOAT.png ERay.png YahooTw.png


Silver Sponsors:

NETWORK_BOX.png


Media Partners:

INFOSECURITY.png