|
|
| (92 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| − | __NOTOC__
| + | [http://www.owasp.org/index.php/Italy Back to the Italian Chapter] |
| | | | |
| − | ====WELCOME====
| + | <center> |
| | + | [[File:OWASPDayIV.png]] |
| | + | </center> |
| | | | |
| − | <!-- Header -->
| + | ==== WELCOME ==== |
| − | {|style="width:100%"
| |
| − | |style="width:100%;color:#000"|
| |
| | | | |
| − | {|style="width:100%;border:solid 0px;background:none"
| + | '''Introduction''' |
| − | |-
| |
| − | |style="width:95%;color:#000" |
| |
| | | | |
| − | {{Chapter Template|chaptername=Italy|extra=The chapter leader is [mailto:matteo.meucci@gmail.com Matteo Meucci]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-italy|emailarchives=http://lists.owasp.org/pipermail/owasp-italy}}
| + | Welcome to the OWASP Day IV Italy Conference for 2009. Following on from the great success of last OWASP Days, the new conference has taken place in November 2009 in Milan. |
| | | | |
| − | <paypal>Italy</paypal>
| |
| | | | |
| − | == NEWS: Presentations of the OWASP Day III are online! ==
| + | '''Organization and goals:''' |
| | | | |
| − | * OWASP Day III: [http://www.owasp.org/index.php/Italy_OWASP_Day_3] | + | * The event showed several points of discussion: we presented the state of the art of the Secure Software Initiatives and technical speeches about the new researches in Application Security. |
| | + | * As conclusion of the day, we organized a round table discussing the most interesting subjects came out during the event. |
| | + | * Conference goal is creating a debate on which will be the evolution of the research for the Web Application Security, and how to start a secure software initiative. |
| | | | |
| − | * OWASP Books are out!
| |
| − | Now you can download or buy a book on the OWASP Projects. Check it here:
| |
| − | http://stores.lulu.com/owasp
| |
| | | | |
| − | * The presentation of the OWASP Day 1 Conference are on-line!
| + | '''References:''' |
| − | [[http://www.owasp.org/index.php/Italy#September_10th.2C_2007_-_OWASP_Day_WorldWide:_.22Privacy_in_the_21st_Century.22 Here]] you can dowload it.
| |
| − | | |
| − | | |
| − | == Local Activities ==
| |
| − | | |
| − | OWASP Italy Chaper was found by [mailto:[email protected] Matteo Meucci] in January 2005. | |
| − | | |
| − | * There is already a qualified group (CISSP, CISA, BS7799 Lead Auditor, OPST, OPSA) of volunteers working on the following tasks:
| |
| − | <ul>
| |
| − | - Working at the new OWASP Testing Guide! (Matteo Meucci, Alberto Revelli, Stefano Di Paola, Giorgio Fedon, Luca Carettoni, Antonio Parata, Carlo Pelliccioni, Claudio Merloni, Mauro Bregolin)<br>
| |
| − | - Translate all OWASP documentations in italian language (Matteo Paolelli, Massimiliano Graziani)<br>
| |
| − | - Writing articles about OWASP Project for infosecmag (Matteo Meucci, Alessandro Graziani, Lorenzo De Santis, Marco Graia, Luca Carettoni, Carlo Pelliccioni)<br>
| |
| − | - Working at the project OWASP Code Review (Paolo Perego)<br>
| |
| − | - Developing WebAppSec tools & Research (Stefano Di Paola, Paolo Perego, Daniele Bellucci, Alberto Revelli, Antonio Parata, Bernardo Damele)
| |
| − | </ul>
| |
| − | | |
| − | == OWASP-Italy Board ==
| |
| − | | |
| − | * This is the '''OWASP-Italy Board''':
| |
| − | <ul>
| |
| − | Founder and Chair: Matteo Meucci<br>
| |
| − | Director of Communication: Raoul Chiesa<br>
| |
| − | Technical Director : Alberto Revelli, Giorgio Fedon<br>
| |
| − | R&D Director: Stefano Di Paola, Paolo Perego<br>
| |
| − | Technical Writer Director: Lorenzo De Santis<br>
| |
| − | Italian Translation of docs and papers: Matteo Paolelli, Massimiliano Graziani.<br>
| |
| − | Official active members: Luca Carettoni, Antonio Parata, Carlo Pelliccioni, Claudio Merloni, Mauro Bregolin, Daniele Bellucci, Bernardo Damele, Alessio Marziali
| |
| − | </ul>
| |
| − | | |
| − | <!-- Mediawiki needs all these spaces -->
| |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | | |
| − | ==== What is OWASP? ====
| |
| − | | |
| − | [http://www.isacaroma.it/html/newsletter/?q=node/78 Here] you can read an interview talking about OWASP.
| |
| − | | |
| − | == OWASP-Italy is a CLUSIT Member ==
| |
| − | | |
| − | http://www.clusit.it/logo_clusit/clusit_logo_b130.gif
| |
| − | | |
| − | Thanks to CLUSIT and OWASP Foundation we have established a cross-membership between the two organizations.
| |
| − | So OWASP-Italy is now a [http://www.clusit.it/soci.htm CLUSIT member] and CLUSIT is an OWASP Educational Member
| |
| − | | |
| − | == Activities ==
| |
| − | | |
| − | * (Mar 07) Luca Carettoni has published an interview to OWASP-Italy (OWASP interviews OWASP :) )
| |
| − | [http://blog.html.it/archivi/2007/02/26/quattro-chiacchiere-con-owasp-italia.php Here] the full article.
| |
| − | | |
| − | * (Oct 06) ISACA Roma has published several interview with OWASP-Italy members:
| |
| − | [[http://www.isacaroma.it/html/newsletter/node/276 Matteo Meucci]]
| |
| − | [[http://www.isacaroma.it/html/newsletter/node/287 Alberto Revelli]]
| |
| − | [[http://www.isacaroma.it/html/newsletter/node/282 Antonio Parata]]
| |
| − | [[http://www.isacaroma.it/html/newsletter/node/285 Paolo Perego]]
| |
| − | [[http://www.isacaroma.it/html/newsletter/node/328 Carlo Pelliccioni]]<br>
| |
| − | | |
| − | * (Sep 06) Paolo Perego has created the new '''OWASP Orizon Project'''. Go to [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]<br>
| |
| − | | |
| − | * (Sep 06) Matteo Meucci has been selected as the new editor of the '''OWASP Testing Guide v2'''. See OWASP [http://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006_:_Selected_Projects_Press_Release press release] and go to [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Testing_Guide OWASP Testing Project v2]
| |
| − | | |
| − | * (Sep 06) Carlo Pelliccioni is writing an article about the [http://www.owasp.org/index.php/Analysis_about_error_codes analysis of error codes] received by web servers.
| |
| − | | |
| − | * Top10 Vulnerabilities - OWASP-Italy survey:
| |
| − | [[Image:Top 10 vulnerabilities-mini.GIF]]
| |
| − | | |
| − | * (21 Jun 06) '''Infosecurity 2006''': the event is organized and managed by the CLUSIT.
| |
| − | Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications".
| |
| − | [http://www.infosecurity.it/Roma/programma.php More info here]
| |
| − | | |
| − | | |
| − | * (1 Jun 06) '''"Quaderno CLUSIT"'''
| |
| − | CLUSIT has published a book entitled: "La verifica della sicurezza di applicazioni Web-based e il progetto OWASP".
| |
| − | Several OWASP-Italy members (R.Chiesa, L.De Santis, M.Graziani, L.Legato, M.Meucci, A.Revelli) have contributed to the writing. The document is now reserved to CLUSIT members, but will be made public in about 3 months.
| |
| − | | |
| − | | |
| − | * (31 May 06) Luca Carettoni has published the article '''"La sicurezza delle applicazioni Web secondo l'Open Web Application Security Project".''' [http://sicurezza.html.it/articoli/leggi/1721/la-sicurezza-delle-applicazioni-web-secondo-lopen-/ Here]you can read the full article.
| |
| − | | |
| − | | |
| − | * (1 Mar 06) '''OWASP-Boston, Microsoft'''
| |
| − | Thanks to Jim Weiler, Matteo Meucci has presented "Anatomy of two web attacks" at the OWASP-Boston meeting.
| |
| − | [http://www.owasp.org/local/boston.html More info here]
| |
| − | | |
| − | | |
| − | * (18 Nov 05) '''IDC - European Banking Forum'''
| |
| − | Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we will have a great speech at the [http://www.idc.com/italy/events/banking05/banking05_agenda.jsp IDC European IT Banking Forum 2005].
| |
| − | Agenda:
| |
| − | - New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair
| |
| − | - Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy
| |
| − | | |
| − | | |
| − | * (Oct 05) '''SMAU 2005''' is the 42a International ICT & Consumer Electronics Exhibition for Italy.
| |
| − | SMAU has accepted our submission! [http://www.webb.it/event/eventview/4488/1/progetto_owasp__case_study_di_applicativi_web_vulnerabili More info here]
| |
| − | | |
| − | | |
| − | * (Giu 05) Thanks to Massimiliano Graziani we have translated in italian the '''"OWASP Pen Test Checklist v.1.1"'''. You can download it [http://www.owasp.org/documentation/testing.html here.]
| |
| − | Thanks to the collaboration with CLUSIT, this doc is available also [http://www.clusit.it/whitepapers.htm here.]
| |
| − | | |
| − | | |
| − | * (May 05) '''ISACA Roma Newsletter''' has published an [http://www.isacaroma.it/html/newsletter/?q=node/78 interview to OWASP-Italy]
| |
| − | | |
| − | | |
| − | * (Apr 05) We have written an article describing the OWASP projects, Web Application Security and the next challenges. '''ICT Security'''.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.
| |
| − | | |
| − | | |
| − | * The presentation of the seminar we have done in '''ISACA Rome''' (31th March 2005) is now available [http://www.isacaroma.it/pdf/050331/meucci.zip here.]
| |
| − | | |
| − | | |
| − | * (Apr 05) We have published a presentation describing a detailed case study of a web application vulnerabilty [http://www.owasp.org/images/7/72/MMS_Spoofing.ppt (MMS Spoofing)].
| |
| − | | |
| − | | |
| − | * (Mar 05) Thanks to Matteo Paolelli we have translated the '''"OWASP Top Ten Vulnerabilties in Web Application Security"''' in italian language. You can download it [http://www.owasp.org/docroot/owasp/projects/topten/OWASPTopTen2004-ITA.pdf here].
| |
| − | | |
| − | == Events ==
| |
| − | | |
| − | === 31st March, 2009 - OWASP-Italy @ PCI Milan ===
| |
| − | Matteo Meucci was invited to talk about OWASP Testing Guide and PCI-DSS Standard at the [http://www.pci-portal.com/lang-en/events/event-info/pcimilan PCI Milan event] last 31st March.
| |
| − | | |
| − | The presentation is published [http://www.owasp.org/images/3/38/MeucciPciMilan09.pdf here]
| |
| − | | |
| − | | |
| − | === 23rd February, 2009 - OWASP Day III ===
| |
| − | ----
| |
| − | [http://www.owasp.org/index.php/Italy_OWASP_Day_3 "Web Application Security: research meets industry"] <br>
| |
| − | Presentations are online!
| |
| − | | |
| − | === 10th October, 2008 - Isaca Roma PCM 2008===
| |
| − | ----
| |
| − | Matteo Meucci presented the new OWASP Projects and the Application Security in the Italian Companies.
| |
| − | More information [http://www.isacaroma.it/html/ArchivioEventi-081010.html here]
| |
| − | | |
| − | === 31st March, 2008 - OWASP Day II ===
| |
| − | ----
| |
| − | [http://www.owasp.org/index.php/Italy_OWASP_Day_2 "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies"]
| |
| − | Presentations are online!
| |
| − | | |
| − | === February 2008 - OWASP Italy at InfoSecurity 2008 ===
| |
| | ---- | | ---- |
| − | 5th February:
| |
| − | * 14:30 - The Owasp Orizon project: internals and hands on
| |
| − | [http://www.infosecurity.it/IT/eventi-sicurezza-informatica/convegni_94.aspx Paolo Perego]
| |
| − |
| |
| − | 6th February:
| |
| − | * 14:30 - Costruire Software Sicuro dalle Fondamenta
| |
| − | [http://www.infosecurity.it/IT/eventi-sicurezza-informatica/convegni_128.aspx Antonio Parata]
| |
| | | | |
| − | 7th February:
| + | "Avete finito di imbottire le vostre reti di firewall e altre diavolerie simili? Allora è tempo di cambiare prospettiva e rendersi conto che oggi, dopo aver messo in sicurezza il perimetro dei nostri sistemi informativi, le minacce più serie provengono dalle nostre stesse applicazioni che, a volte, non sono progettate ed implementate, tenendo conto delle migliori pratiche di sviluppo di software sicuro. In questo campo l’OWASP rappresenta un punto di riferimento costante ed una miniera di informazioni e strumenti, ed al Ministero dell’Istruzione, Università e Ricerca abbiamo imparato ad apprezzarne i materiali e le informazioni disponibili sul suo sito web, nell’ambito del nostro gruppo che si occupa di sicurezza del sistema informativo. Per conoscere le iniziative dell’OWASP, avere un’anteprima delle principali novità in tema di sicurezza del software, incontrare i maggiori esperti in questo settore, partecipate all’OWASP DAY – ITALY IV il 6 novembre prossimo a Milano, sarà un’occasione utilissima di approfondimento."<br> |
| − | * 10:30 - Tu programmi. Io buco.
| + | '''Paolo De Santis – Dirigente della Direzione Generale per gli Studi, la Statistica ed i Sistemi Informativi del MIUR'''<br><br> |
| − | [http://www.infosecurity.it/IT/eventi-sicurezza-informatica/convegni_137.aspx Luca Carettoni]
| |
| | | | |
| − | [http://www.infosecurity.it Here] you can read more information about it.
| + | “L’OWASP Day è il luogo e il momento per incontrare altri professionisti e appassionati del settore. E’ un’opportunità per conoscere direttamente dai protagonisti le metodologie, le tecniche e gli ambiti di ricerca nel mondo della sicurezza applicativa divenuto ormai il fattore principale, insieme a quello umano, nel campo dell’Information Security. “<br> |
| | + | '''Massimo Trevisani—CSO IWBank'''<br><br> |
| | | | |
| | + | "Le conferenze OWASP in Italia rappresentano un momento importante di awareness sulla sicurezza applicativa. L'evento rappresenta un punto di riferimento in cui i professionisti dell'IT possono valutare nuovi approcci allo sviluppo sicuro del software e alla difesa delle proprie applicazioni on-line"<br> |
| | + | '''Marco Bavazzano—CISO Telecom Italia'''<br><br> |
| | | | |
| − | === November 30th, 2007 - OWASP-Italy @ Elsag Datamat Security Forum ===
| + | '''Key Speakers:''' |
| | ---- | | ---- |
| | | | |
| − | Matteo Meucci was invited to talk about OWASP Guidelines and SDLC Security at the Elsag Datamat Security Forum 2007
| + | '''Marco Morana — CISO Citigroup'''<br> |
| − | <br>Where: Pescara
| + | Marco Morana serves the OWASP organization by leading the USA Cincinnati chapter and he is a key contributor of many OWASP projects. Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the software security coding standards, management of security assessments during the SDLC related to application security. |
| − | <br>When: 30th November 2007, h.12.30
| + | The aim of this presentation is help application security practitioners such as project managers and information security officers to make business cases for software security initiatives. The presentation will first introduce the need to position the organization’s Software Security Initiatives with respect to software security models such as BSIMM and SAMM. In order to create the business case for software security it is essential to make the case for business (e.g. costs) as well as security (e.g. engineering, vulnerability management). |
| | | | |
| − | === October 20th, 2007 - OWASP Italy at SMAU E-Academy 2007 ===
| + | '''Tobias Christen — CTO, DSwiss Ltd'''<br> |
| − | ---- | + | Tobias began his career in a research team of a swiss bank specializing in new internet technologies. He then went on to join a leading international security-software company - Stonesoft - where he served as Head of R&D, Head of Product Management, and CTO of the company. For several years Tobias was working at Zurich Financial Services where he built up a new security architecture, and developing their IT risk strategy. In early 2008 Tobias joined DSwiss as CTO. |
| | + | In this presentation we look at some typical usability versus security mistakes. We see examples where lack of usability in security controls resulted in work arounds from users, and we also see typical examples where lack of security is blindly accepted. We discuss what is considered "acceptable" security by the general audience and discuss technologies that have a better usability versus security tradeoff. <br> |
| | | | |
| − | Last 20th October 2007 we had 5 speeches at SMAU E-Academy 2007, here you can download our presentations:
| + | [http://www.owasp.org/images/a/ab/InvitoOWASPDay4.pdf Official invitation] |
| | | | |
| − | * Giorgio Fedon, COO at Minded Security:
| |
| − | [http://www.owasp.org/.pdf "Dove sono finiti i miei soldi? Internet Banking e Cross Site Scripting"]
| |
| − | (coming soon) [[Image:FedonSMAU07.pdf]]
| |
| | | | |
| − | * Paolo Perego, Senior Security Consultant at Spike Reply:
| + | ==== Sponsors==== |
| − | [https://www.owasp.org/images/7/79/PeregoSMAU07.ppt "The Owasp Orizon project - bring security at the source"]
| |
| | | | |
| − | * Antonio Parata, Security Consultant at eMaze:
| + | If you want to become a Sponsor of the Initiative, please drop an email to: [mailto:matteo.meucci@owasp.org Matteo Meucci] |
| − | "Valutazione del rischio tramite la logica fuzzy"
| |
| − | (coming soon) [[Image:ParataSMAU07.pdf]]
| |
| | | | |
| − | * Alberto Revelli, Senior Security Consultant at Portcullis Security:
| + | '''Gold Sponsors:''' |
| − | [http://www.owasp.org/images/9/9f/RevelliSMAU07.pdf "Anti-Anti-XSS: bypass delle difese del browser"] | + | <center> |
| | + | [http://www.fortifysoftware.com http://www.owasp.org/images/b/b2/FortifyNew.JPG] |
| | + | [http://www-306.ibm.com/software/awdtools/appscan/standard/ http://www.owasp.org/images/8/84/IBM.png][http://www-306.ibm.com/software/awdtools/appscan/standard/ http://www.owasp.org/images/8/8e/Rational.gif] |
| | + | [http://www.vasco.com http://www.owasp.org/images/c/cb/Vasco.jpg] |
| | + | </center> |
| | | | |
| − | * Stefano Di Paola, CTO at Minded Security:
| + | '''Silver Sponsors:''' |
| − | "Cros-site Flashing! Gli attacchi Web di ultima generazione parlano multipiattaforma"
| |
| − | (coming soon) [[Image:DiPaolaSMAU07.pdf]]
| |
| | | | |
| | + | ==== Agenda & Presentations ==== |
| | + | <center> |
| | + | <table width="80%"> |
| | + | <tr> |
| | + | <td width=4%>9:00h</td><td bgcolor="#BCA57A" width=*><b>Registration</b></td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>9.30h</td><td bgcolor="#eeeeee">[http://www.owasp.org/images/7/7b/OWASP-Italy_Day_IV_Meucci.pdf '''Introduction to the OWASP-Day'''] <br>Matteo Meucci - OWASP-Italy Chair, CEO Minded Security</td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>9.50h</td><td bgcolor="#b9c2dc">[http://www.owasp.org/images/7/7b/OWASP-Italy_Day_IV_Morana.pdf '''How to Create Business cases for Your Software Security Initiative''']<br> |
| | + | Marco Morana — CISO, Citigroup</td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>10.30</td><td bgcolor="#eeeeee">[http://www.owasp.org/images/f/fd/OpenSAMM-1.0_Merloni.pdf '''OWASP SAMM / Open Software Assurance Maturity Model''']<br> |
| | + | Claudio Merloni — Software Security Consultant, Fortify Software</td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>11.10h</td><td bgcolor="#BCA57A"><b>Coffee break</b></td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>11.40h</td><td bgcolor="#b9c2dc">[http://www.owasp.org/images/9/9a/Owasp_Day_IV_Fedon.pdf '''From Web Attacks to Malware. Can Secure Software Development Help Internet Banking Security?''']<br> Giorgio Fedon — COO, Minded Security</td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>12.20h</td><td bgcolor="#eeeeee">[http://www.owasp.org/images/e/e0/UsableSecurity.pdf '''Usability versus security: securing Internet facing applications while keeping them highly attractive for everybody (ENG)''']<br>Tobias Christen — CTO, DSwiss Ltd</td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>13.00h</td><td bgcolor="#BCA57A"><b>Business Lunch</b></td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>14.00h</td><td bgcolor="#b9c2dc">[http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf '''NoScript, CSP and ABE: When the Browser Is Not Your Enemy''']<br> |
| | + | Giorgio Maone — CTO, InformAction</td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>14.40h</td><td bgcolor="#eeeeee">[http://www.owasp.org/images/1/12/OWASP-Italy_Day_IV_Giuseppini.pdf '''Building Security In Maturity Model: A Review of Successful Software Security Programs (ENG)''']<br> |
| | + | Gabriele Giuseppini — Technical Manager, Cigital</td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>15.20h</td><td bgcolor="#b9c2dc">[http://www.owasp.org/images/d/da/Perego_code_reviewing.pdf '''The art of code reviewing''']<br>Paolo Perego — Senior Consultant, Spike Reply</td> |
| | + | </tr> |
| | + | <tr> |
| | + | <td valign=top>16.00h</td><td bgcolor="#eeeeee">'''Round Table: Why Software Security is not a priority in our digital world?'''<br> |
| | + | Marco Morana, Citigroup - Carlo Merloni, Fortify - Gabriele Giuseppini, Cigital, Mauro Bregolin, Kima Projects & Services - Stefano Di Paola, Minded Security<br>Chairman Raoul Chiesa, MediaService</td> |
| | + | </tr> |
| | + | </table> |
| | + | </center> |
| | | | |
| − | === September 10th, 2007 - OWASP Day WorldWide: "Privacy in the 21st Century" ===
| |
| − | ----
| |
| − | https://www.owasp.org/index.php/Italy_OWASP_Day_1
| |
| | | | |
| | + | ==== Photos & Videos ==== |
| | | | |
| | + | All the photos of the Conference are available [http://www.owaspitaly.org/Owasp_Day_IV/Photos/index.html here] |
| | | | |
| − | === May 29th, 2007 - Seminar: "Software Security" ===
| + | You can see all the videos of the conferences at the following URLs: |
| − | ----
| + | <br> |
| − | | + | 1 - Matteo Meucci <br> |
| − | * Stefano Di Paola, Paolo Perego and Matteo Meucci will talk at the Seminar: [http://www.sicurinfo.it/informazioni/visinf.asp?IDInfo=246&CAT=53 "Which approaches to Software Security"] organized by Firenze Tecnologia.
| + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/1%20-%20Meucci/1%20-%20Meucci.html |
| − | | + | <br> |
| − | | + | 2 - Marco Morana <br> |
| − | === May 15th-17th, 2007 - 6th OWASP AppSec Conference in Italy ===
| + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/2%20-%20Morana/2%20-%20Morana.html<br> |
| − | ----
| + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/2%20-%20Morana/Owasp-Day%20PA/OWASP_Day_4_Italy_11_6_0_reduced.mp4<br> |
| − | | + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/2%20-%20Morana/Owasp-Day%20PA/OWASP_Day_E_Gov_Italy_11_5_09_reduced.mp4 |
| − | * We are in the initial planning stages for the next OWASP Europe conference, which we plan to hold in Italy in May 2007.
| + | <br> |
| − | [http://www.owasp.org/index.php/6th_OWASP_AppSec_Conference_-_Italy_2007 Here] you can find all the details about the conference, cfp and sponsorship.
| + | 3 - Claudio Merloni <br> |
| − | | + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/3%20-%20Merloni/3%20-%20Merloni.html |
| − | === April 14th, 2007 - Master on Information Security, University of Rome "La Sapienza"===
| + | <br> |
| − | ----
| + | 4 - Giorgio Fedon<br> |
| − | | + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/4%20-%20Fedon/4%20-%20Fedon.html |
| − | * We have done a 4h seminar for the students of [http://mastersicurezza.uniroma1.it/ Master on Information Security at "La Sapienza"] for the [http://icsecurity.di.uniroma1.it/dokuwiki/doku.php?id=projects:asp Application Security Project of "La Sapienza" University.]
| + | <br> |
| − | | + | 5 - Tobias Christen<br> |
| − | | + | http://www.owaspitaly.org/Owasp_Day_IV/Videos/5%20-%20Christen/5%20-%20Christen.html |
| − | === March 30th, 2007 - University of Rome "La Sapienza" ===
| + | <br> |
| − | ----
| + | 6 - Giorgio Maone<br> |
| − | | + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/6%20-%20Maone/6%20-%20Maone.html |
| − | * Thanks to Prof. Mancini and Roberto D'Addario, we will talk about OWASP at the convention "Institutions, Companies and Information Security: comparing the problems"
| + | <br> |
| − | [http://w3.uniroma1.it/security/Eventi/eventi.html Here] you can find more details.
| + | 7 - Gabriele Giuseppini<br> |
| − | | + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/7%20-%20Giuseppini/7%20-%20Giuseppini.html |
| − | | + | <br> |
| − | === March 1st, 2007 - EuSecWest 07 ===
| + | 8 - Paolo Perego<br> |
| − | ----
| + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/8%20-%20Perego/8%20-%20Perego.html |
| − | | |
| − | Alberto Revelli and Matteo Meucci presented the new OWASP Testing Guide at [http://www.eusecwest.com/agenda.html EUSecWest].
| |
| − | [http://www.owasp.org/images/e/e9/OWASP_Testing_Guide_Presentation_EUSecWest07.zip Here] you take a look at the presentation.
| |
| − | | |
| − | === February 6th-8th, 2007 - InfoSecurity ===
| |
| − | ----
| |
| − | | |
| − | * February 6th:15.30
| |
| − | After the great success obtained form CCC at Berlin, Stefano Di Paola and Giorgio Fedon will talk about:" Web Security Client Side: attacks at Web 2.0"
| |
| − | More information [http://www.infosecurity.it/it/infosecurity.aspx?ID_Portale=Z6skuJTSHr%2fjF7janL35RA%3d%3d&ID_Pagina=fF%2b7etXTY34nfmtRTL8Shw%3d%3d&ID_MenuLvl1=mllS8ehP3VwfAOVCVR5ckw%3d%3d&ID_MenuLvl2=fF%2b7etXTY34nfmtRTL8Shw%3d%3d&ID_MenuLvl3=fPsJu6gF%2blBE8LaUGEMYLw%3d%3d&Lang=l51VDVQfL9BdevTm%2fsJx0Q%3d%3d&ID_Evento=aqfi82GOKd6I748s1evI8Q%3d%3d&ExtControl=FQQ52p7AGBUZth0l9Qw6MSOcqIebAeaBYiSFezT6eKEvZkQfILymgy7truUG7ii4 here].
| |
| − | | |
| − | * February 6th:16.30
| |
| − | After the great effort on the Testing Guide Project, Matteo Meucci and Alberto Revelli will present: "The new OWASP Testing Guide"
| |
| − | More Information [http://www.infosecurity.it/it/infosecurity.aspx?ID_Portale=Z6skuJTSHr%2fjF7janL35RA%3d%3d&ID_Pagina=fF%2b7etXTY34nfmtRTL8Shw%3d%3d&ID_MenuLvl1=mllS8ehP3VwfAOVCVR5ckw%3d%3d&ID_MenuLvl2=fF%2b7etXTY34nfmtRTL8Shw%3d%3d&ID_MenuLvl3=fPsJu6gF%2blBE8LaUGEMYLw%3d%3d&Lang=l51VDVQfL9BdevTm%2fsJx0Q%3d%3d&ID_Evento=nq6tSIuRoPVJBanBSsRiSQ%3d%3d&ExtControl=FQQ52p7AGBUZth0l9Qw6MSOcqIebAeaBYiSFezT6eKEvZkQfILymgy7truUG7ii4 here].
| |
| − | | |
| − | * February 7th:12.30
| |
| − | Authors of innovative SQL injection tools, Alberto Revelli and Antonio Parata will show: "Advanced SQL Injection: testing tools and defensive strategies."
| |
| − | More Information [http://www.infosecurity.it/it/infosecurity.aspx?ID_Portale=Z6skuJTSHr%2fjF7janL35RA%3d%3d&ID_Pagina=fF%2b7etXTY34nfmtRTL8Shw%3d%3d&ID_MenuLvl1=mllS8ehP3VwfAOVCVR5ckw%3d%3d&ID_MenuLvl2=fF%2b7etXTY34nfmtRTL8Shw%3d%3d&ID_MenuLvl3=fPsJu6gF%2blBE8LaUGEMYLw%3d%3d&Lang=l51VDVQfL9BdevTm%2fsJx0Q%3d%3d&ID_Evento=3z04F5BgZRgfU0YX8JRYtA%3d%3d&ExtControl=FQQ52p7AGBUZth0l9Qw6MSOcqIebAeaBYiSFezT6eKEvZkQfILymgy7truUG7ii4 here]
| |
| − | | |
| − | * February 7th:13.30
| |
| − | Author of the new OWASP Orizon project, Paolo Perergo will present:"Secure programming: from theory to practice"
| |
| − | More Information [http://www.infosecurity.it/it/infosecurity.aspx?ID_Portale=Z6skuJTSHr%2fjF7janL35RA%3d%3d&ID_Pagina=fF%2b7etXTY34nfmtRTL8Shw%3d%3d&ID_MenuLvl1=mllS8ehP3VwfAOVCVR5ckw%3d%3d&ID_MenuLvl2=fF%2b7etXTY34nfmtRTL8Shw%3d%3d&ID_MenuLvl3=fPsJu6gF%2blBE8LaUGEMYLw%3d%3d&Lang=l51VDVQfL9BdevTm%2fsJx0Q%3d%3d&ID_Evento=9HePIzyo5p29ylpGBl6CiA%3d%3d&ExtControl=FQQ52p7AGBUZth0l9Qw6MSOcqIebAeaBYiSFezT6eKEvZkQfILymgy7truUG7ii4 here].
| |
| − | | |
| − | === January 25th, 2007 - Isaca Rome ===
| |
| − | ----
| |
| − | Matteo Meucci will discuss the new [http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide v2]<br>
| |
| − | For more information:<br>
| |
| − | http://www.isacaroma.it/html/GiornateDiStudio.html | |
| − | | |
| − | === October 7th, 2006 - SMAU 2006 ===
| |
| − | | |
| − | ---- | |
| − | - "''The quest for secure code: code review and fundamental of secure coding.''"
| |
| − | Matteo Meucci will present an introduction to the new OWASP Projects and OWASP-Italy activities.
| |
| − | Paolo Perego (sp0nge) will speak about safe coding and the importance of code periodic review as natural software life cycle. Paolo will give a vision on code review and its phases
| |
| − | http://www.webb.it/event/eventview/5772
| |
| − | | |
| − | Here are the presentations: <br>
| |
| − | [[Image:Meucci_SMAU06.pdf| Meucci_SMAU06]] <br>
| |
| − | [[Image:Perego_SMAU06.pdf| Perego_SMAU 06]]
| |
| − | | |
| − | - "''Advanced SQL Injection.''"
| |
| − | Antonio Parata (S4tan) will explain SQL Injection, and how SQL Inference works on PHP/MySql platform. He will present an open source tool to support the testing.
| |
| − | Alberto Revelli (icesurfer) will focus on Microsoft SQL Server: he will perform a live demo of sqlninja (http://sqlninja.sf.net), explaining how to obtain a pseudo-shell over SQL, how to escalate privileges, and how to play with the exotic equation: "SQL Injection + debug.exe + DNS = DOS prompt" !
| |
| − | http://www.webb.it/event/eventview/5774
| |
| − | | |
| − | [[Image:Revelli_SMAU06.pdf|Revelli_SMAU06 ]] <br>
| |
| − | [[Image:Parata_SMAU06.pdf|Parate_SMAU06]] <br>
| |
| − | | |
| − | [[Image:OWASP-Italy_at_SMAU06_2.JPG]]
| |
| − | Luca, Carlo, Alberto, Antonio, Stefano <br>
| |
| − | Matteo, Paolo, Giorgio
| |
| − | | |
| − | === September 29th, 2006 - OpenExp 2006 ===
| |
| − | | |
| − | ----
| |
| − | September 30th, at 10:45 Antonio Parata (S4tan) will speak about SQL Injection: techniques, tools and practical examples.
| |
| − | | |
| − | Abstract: Antonio will introduce some basic concepts about software security.
| |
| − | It will be shown how SQL Inference works on PHP/MySql platform and presented an open source tool to support the testing. Finally will be listed some advises to avoid common bugs.
| |
| − | http://www.openexp.it/ | |
| − | | |
| − | OWASP-Italy will have a stand from September 29th to October 1st.
| |
| − | | |
| − | [[Image:Antonio_Matteo_Carlo.JPG]]
| |
| − | [[Image:Antonio_speech.JPG]]
| |
| − | [[Image:Carlo.JPG]]
| |
| − | [[Image:Claudio_Luca.JPG]]
| |
| − | [[Image:Mayhem_Matteo.JPG]]
| |
| − | [[Image:OWASP_Banner2.JPG]]
| |
| − | [[Image:OWASP_Banner.JPG]]
| |
| − | | |
| − | === June 21th, 2006 - InfoSecurity 2006 ===
| |
| − | | |
| − | ----
| |
| − | Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications". The event is organized and managed by the CLUSIT.
| |
| − | | |
| − | Where: Sheraton Roma Hotel - Viale Del Pattinaggio, 100
| |
| − | When: 10,30 - 17,00
| |
| − | Who: Matteo Meucci and Alberto Revelli
| |
| − | Link: http://www.infosecurity.it/Roma/programma.php
| |
| − | | |
| − | Agenda:
| |
| − | -- I Session -- | |
| − | Introduction to Web Application Security
| |
| − | • Which are the risks?
| |
| − | • Risk assessment of a web application
| |
| − | • Core pillars of web security
| |
| − | How to develop secure web applications:
| |
| − | • Guidelines and case-studies
| |
| − | | |
| − | -- II Session --
| |
| − | How to realize a security audit of a web application
| |
| − | • The methodology OWASP Penetration Testing
| |
| − | • The tools: OWASP WebScarab
| |
| − | • Hands-on web application vulnerabilities: OWASP WebGoat
| |
| − | • Advanced SQL Injection.
| |
| − | | |
| − | | |
| − | === March 1st, 2006 - OWASP-Boston, Microsoft ===
| |
| − | | |
| − | ----
| |
| − | | |
| − | Thanks to Jim Weiler (OWASP-Boston Chair), Matteo Meucci has presented "Anatomy of two web attacks" at the OWASP-Boston meeting of march.
| |
| − | [http://www.owasp.org/index.php/Boston More info here]
| |
| − | | |
| − | === November 5th, 2005 - IDC - European Banking Forum ===
| |
| − | | |
| − | ----
| |
| − | | |
| − | Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we have had a great speech at the IDC European IT Banking Forum 2005 (18 Nov 2005). http://www.idc.com/italy/events/banking05/banking05_agenda.jsp
| |
| − | Agenda:
| |
| − | * New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair
| |
| − | * Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy.
| |
| − | | |
| − | You can download the report [http://cdn.idc.com/italy/downloads/report_banking05_eng.pdf here].
| |
| − | | |
| − | You can download the Case-Study of a vulnerable Home Banking Web Application [http://www.owasp.org/docroot/owasp/misc/IDC_BankingForum05v1.ppt here].
| |
| − | | |
| − | === October 5th, 2005 - OWASP-Italy@SMAU2005 ===
| |
| − | | |
| − | ----
| |
| − | | |
| − | SMAU is the 42a International ICT & Consumer Electronics Exhibition for Italy.
| |
| − | Alberto Revelli (our Technical Director) and Matteo Meucci have conducted a seminar talking about Web Application Security.
| |
| − | Alberto has presented his new project: [http://sqlninja.sourceforge.net sqlninja]. Very cool!!
| |
| − | | |
| − | http://www.webb.it/event/eventview/4488/1/progetto_owasp__case_study_di_applicativi_web_vulnerabili
| |
| − | | |
| − | === May 25th, 2005 - ISACA Rome 2nd meeting ===
| |
| − | | |
| − | ----
| |
| − | | |
| − | May 25th we'll be in ISACA Rome to present OWASP WebGoat and a real case of a Web Application Vulnerability.
| |
| − | Every one is invited to join the meeting.
| |
| − | | |
| − | Here is the agenda:
| |
| − | 14.30 Registration
| |
| − | 14.45 Matteo Meucci - Web Application Security Phase II
| |
| − | - OWASP WebScarab and PenTest Checklist
| |
| − | * A case-study of a Web Application Vulnerability: MMS Spoofing
| |
| − | --- Web Application analysis
| |
| − | --- Authentication and Billing of the MMS service
| |
| − | --- Vulnerabilities
| |
| − | --- Attack Analysis
| |
| − | * Learning the most common web application vulnerabilities: OWASP WebGoat
| |
| − | --- Http Basics
| |
| − | --- HTML Clues
| |
| − | --- Hidden Field Tampering
| |
| − | --- How to spoof a Session Cookie
| |
| − | --- Stored Cross Site Scripting
| |
| − | --- Command Injection
| |
| − | --- SQL Injection
| |
| − | --- Fail Open Authentication
| |
| − | | |
| − | The meeting is hold at:
| |
| − | Via Volturno, 65 (Rome) - Auditorium ATAC
| |
| − | | |
| − | You can download the presentation [http://www.isacaroma.it/pdf/050525/OWASP.zip here].
| |
| − | | |
| − | === May 18th, 2005 - Workshop on Computer Crime 2005 ===
| |
| − | | |
| − | ----
| |
| − | | |
| − | | |
| − | May 18th, 2005 OWASP-Italy is invited to present OWASP Top 10 to the "Workshop on Computer Crime 2005" titled:
| |
| − | "EVOLUZIONI NORMATIVE E RECENTI PROBLEMATICHE DI SICUREZZA"
| |
| − | | |
| − | The meeting is held at: Sala delle conferenze dell'Istituto Centrale della Banche Popolari Italiane Via Verziere, 11
| |
| − | | |
| − | You can download the presentation [http://www.owasp.org/images/a/aa/Top10-ComputerCrimes.ppt here].
| |
| − | | |
| − | === March 31th, 2005 - ISACA Rome meeting ===
| |
| − | | |
| − | ----
| |
| − | | |
| − | March 31th we'll be in ISACA Rome to present OWASP and the Web Application Security. Every one is invited to join the meeting.
| |
| − | | |
| − | Here is the agenda:
| |
| − | 14.15 Registration
| |
| − | 14.30 Matteo Meucci - Web Application Security
| |
| − | - OWASP Guide: how to build secure web application
| |
| − | - How to test your Web Application: WebScarab and the WebApp PenTest Checklist
| |
| − | - How to learn the most common web application vulnerability: WebGoat
| |
| − | - The Top Ten WebApp vulnerabilities
| |
| − | - Common error on developing Web Application:
| |
| − | Authentication mechanisms not "secure"
| |
| − | Buffer Overflow and crash of the service
| |
| − | Thief of identity: Cross Site Scripting
| |
| − | Manipulation of company data: SQL Injection
| |
| − | Reserved information: misconfiguration
| |
| − | Bad session management and thief of identity
| |
| − | - OWASP-Italy: projects and next challenges
| |
| − | | |
| − | The meeting is hold at:
| |
| − | Via Volturno, 65 (Rome) - Auditorium ATAC
| |
| − | http://www.isacaroma.it/html/GiornateDiStudio.html | |
| − | | |
| − | You can download the presentation [http://www.isacaroma.it/pdf/050331/meucci.zip here].
| |
| − | | |
| − | === March 21th, 2005 - OWASP-Italy conducts a seminar in AlmaWeb ===
| |
| − | | |
| − | ----
| |
| − | | |
| − | March, the 21th OWASP-Italy has been invited at the University of Bologna to conduct a seminar regards to [http://www.almaweb.unibo.it/830.dyn Master in Management and Information Technology] titled “Web Application Security and OWASP”.
| |
| − | | |
| − | Here is the agenda:
| |
| − | - OWASP & Web Application Security | |
| − | - Common Web Application Vulnerabilities
| |
| − | - A real case of web application vulnerability: MMS Spoofing&Billing
| |
| − | - Training: WebGoat
| |
| − | | |
| − | == Publications ==
| |
| − | | |
| − | === March, 2007 Interview on HTML.it ===
| |
| − | ----
| |
| − | Luca Carettoni has published an interview to OWASP-Italy (OWASP interviews OWASP :) )
| |
| − | [http://blog.html.it/archivi/2007/02/26/quattro-chiacchiere-con-owasp-italia.php Here] the full article.
| |
| − | | |
| − | === October, 2006 ISACA Roma interviews OWASP-Italy ===
| |
| − | ----
| |
| − | After the speeches that OWASP-Italy has done at [http://www.smau.it/catnews.asp?l=2&codcat=385 SMAU E-Academy 2006], ISACA Roma has interviewed some of the people of the Italian chapter. Follow the links for the full interviews (in italian):
| |
| | <br> | | <br> |
| − | [[http://www.isacaroma.it/html/newsletter/node/276 Matteo Meucci]]
| + | 9 - Round Table<br> |
| − | [[http://www.isacaroma.it/html/newsletter/node/287 Alberto Revelli ]]
| + | http://www.owaspitaly.org/Owasp_Day_IV/Video_Hires/9%20-%20Tavola%20Rotonda/9%20-%20Tavola%20Rotonda.html |
| − | [[http://www.isacaroma.it/html/newsletter/node/282 Antonio Parata]]
| |
| − | [[http://www.isacaroma.it/html/newsletter/node/285 Paolo Perego]]
| |
| − | [[http://www.isacaroma.it/html/newsletter/node/322 Stefano Di Paola & Giorgio Fedon]]
| |
| − | | |
| − | === Aug, 2006 - Article on Banca Finanza magazine ===
| |
| − | ----
| |
| − | Banca Finanza, the italian magazine about finance and banking, has interviewed Raoul Chiesa talking about the new risks for the on-line banking security. Raoul speaks about OWASP and web application security [[Media:042006BF.pdf]]
| |
| − | | |
| − | === June, 2006 - Quaderno CLUSIT ===
| |
| − | | |
| − | ----
| |
| − | | |
| − | CLUSIT has published a book entitled: "La verifica della sicurezza di applicazioni Web-based e il progetto OWASP".
| |
| − | Several OWASP-Italy members (R.Chiesa, L.De Santis, M.Graziani, L.Legato, M.Meucci, A.Revelli) have contributed to the writing. The document is now reserved to CLUSIT members, but it will be public in about 3 months.
| |
| − | | |
| − | === June, 2006 - Paper on SQL Injection and Inference on PHP/MySQLInference ===
| |
| | | | |
| − | ----
| |
| | | | |
| − | Antonio "s4tan" Parata has published an article about SQL Injection based on Inference for testing web application on PHP/MySQL platform.
| |
| − | [http://www.ictsc.it/papers/sqlInferenceOnMySql.html Here]you can read the full article.
| |
| − |
| |
| − | === May, 2006 - Published an article about OWASP and Top-10 Vulnerabilities ===
| |
| − |
| |
| − | ----
| |
| − |
| |
| − | Luca Carettoni has published the article "La sicurezza delle applicazioni Web secondo l'Open Web Application Security Project". [http://sicurezza.html.it/articoli/leggi/1721/la-sicurezza-delle-applicazioni-web-secondo-lopen-/ Here]you can read the full article.
| |
| − |
| |
| − | === June, 2005 - OWASP Pen Test Checklist v 1.1 in Italian ===
| |
| − |
| |
| − | ----
| |
| − |
| |
| − | Thanks to Massimiliano Graziani we have translated in italian the "OWASP Pen Test Checklist v.1.1". You can download it [http://www.owasp.org/documentation/testing.html here.]
| |
| − | Thanks to the collaboration with CLUSIT, this doc is available also [http://www.clusit.it/whitepapers.htm here.]
| |
| − |
| |
| − | === May, 2005 - Isaca Roma Newsletter about OWASP-Italy ===
| |
| − |
| |
| − | ----
| |
| − |
| |
| − | ISACA Roma Newsletter has published an [http://www.isacaroma.it/html/newsletter/?q=node/78 interview to OWASP-Italy]
| |
| − |
| |
| − | === April, 2005 - Published "MMS Spoofing" ===
| |
| − |
| |
| − | ----
| |
| − |
| |
| − | We have published a presentation describing a detailed case study of a web application vulnerabilty [http://www.owasp.org/images/7/72/MMS_Spoofing.ppt (MMS Spoofing)].
| |
| − |
| |
| − | Jim Hewitt, CISSP PMP working at CGI-AMS, affirms (slide#78):
| |
| − | "Very interesting analysis of spoofed cell phone messaging and fraudulent billing". See:
| |
| − | www.techvalleynyissa.org/Resources/2005_07_WebApplicationSecurity.ppt
| |
| − |
| |
| − | === April, 2005 - Published an article on ICT Security magazine ===
| |
| − |
| |
| − | ----
| |
| − |
| |
| − | We have written an article describing the OWASP projects, Web Application Security and the next challenges. '''ICT Security'''.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.
| |
| − |
| |
| − | === March, 2005 - OWASP Top-10 in Italian ===
| |
| − |
| |
| − | ----
| |
| − |
| |
| − | Thanks to Matteo Paolelli we have translated the '''"OWASP Top Ten Vulnerabilties in Web Application Security"''' in italian language. You can download it [http://www.owasp.org/docroot/owasp/projects/topten/OWASPTopTen2004-ITA.pdf here].
| |
| − |
| |
| − |
| |
| − | ----
| |
| − |
| |
| − | == Tools & Research ==
| |
| − |
| |
| − | ----
| |
| − |
| |
| − | === Nov, 2007 - sqlmap v0.5 ===
| |
| − |
| |
| − | Bernardo Damele and Daniele Bellucci have released the fifth versions of the tool [http://sqlmap.sourceforge.net sqlmap]. sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
| |
| − |
| |
| − | You can download the latest stable version from its [https://sourceforge.net/project/showfiles.php?group_id=171598&package_id=196107 SourceForge File List page] or the latest development version from its [https://sqlmap.svn.sourceforge.net/svnroot/sqlmap SourceForge SVN repository].
| |
| − |
| |
| − | === Dec, 2006 - sqlmap v0.2 ===
| |
| − |
| |
| − | Bernardo Damele and Daniele Bellucci have released a second version of the tool "sqlmap" for Automatic Blind SQL Injection. [http://sqlmap.sourceforge.net/ Here] you can download the tool
| |
| − |
| |
| − | === September, 2006 - Wisec Project ===
| |
| − |
| |
| − | Stefano Di Paola is developing Wisec - The Wiki Security Project [http://www.wisec.it Here] you can accesses the project.
| |
| − |
| |
| − | === July, 2006 - Sqlmap v0.0.1 ===
| |
| − |
| |
| − | Daniele Bellucci has developed a first version of the tool "sqlmap" for Automatic Blind SQL Injection. [http://www.linux.it/~belch/?p=17 Here] you can download the tool
| |
| − |
| |
| − | ----
| |
| | | | |
| − | <headertabs />
| |
| | | | |
| − | [[Category:OWASP Chapter]] | + | __NOTOC__ |
| | + | <headertabs/> |
| | + | [[Category:Italy]] |
Welcome to the OWASP Day IV Italy Conference for 2009. Following on from the great success of last OWASP Days, the new conference has taken place in November 2009 in Milan.
"Avete finito di imbottire le vostre reti di firewall e altre diavolerie simili? Allora è tempo di cambiare prospettiva e rendersi conto che oggi, dopo aver messo in sicurezza il perimetro dei nostri sistemi informativi, le minacce più serie provengono dalle nostre stesse applicazioni che, a volte, non sono progettate ed implementate, tenendo conto delle migliori pratiche di sviluppo di software sicuro. In questo campo l’OWASP rappresenta un punto di riferimento costante ed una miniera di informazioni e strumenti, ed al Ministero dell’Istruzione, Università e Ricerca abbiamo imparato ad apprezzarne i materiali e le informazioni disponibili sul suo sito web, nell’ambito del nostro gruppo che si occupa di sicurezza del sistema informativo. Per conoscere le iniziative dell’OWASP, avere un’anteprima delle principali novità in tema di sicurezza del software, incontrare i maggiori esperti in questo settore, partecipate all’OWASP DAY – ITALY IV il 6 novembre prossimo a Milano, sarà un’occasione utilissima di approfondimento."
Paolo De Santis – Dirigente della Direzione Generale per gli Studi, la Statistica ed i Sistemi Informativi del MIUR
“L’OWASP Day è il luogo e il momento per incontrare altri professionisti e appassionati del settore. E’ un’opportunità per conoscere direttamente dai protagonisti le metodologie, le tecniche e gli ambiti di ricerca nel mondo della sicurezza applicativa divenuto ormai il fattore principale, insieme a quello umano, nel campo dell’Information Security. “
Massimo Trevisani—CSO IWBank
"Le conferenze OWASP in Italia rappresentano un momento importante di awareness sulla sicurezza applicativa. L'evento rappresenta un punto di riferimento in cui i professionisti dell'IT possono valutare nuovi approcci allo sviluppo sicuro del software e alla difesa delle proprie applicazioni on-line"
Marco Bavazzano—CISO Telecom Italia
