Difference between revisions of "AppSecAsiaPac2014"

Global AppSec APAC 2014 Executive Committee

Riotaro Okada Researcher. Born in Kobe, Hyogo Prefecture, Japan, Mr. Okada has over 20 years of experience in software development and network construction. He has been involved in network construction, software development and the implementation of information security measures at independent software development companies, the R&D divisions of manufacturing companies as well as consulting firms. Mr. Okada has also facilitated various technology-related communities such as for Linux and PHP. In 2004, he founded the Web Application Security Forum and as a member of the board became involved in the diffusion of security-related information. Moreover, he was also a researcher at the Information-technology Promotion Agency, Japan (IPA) for 8 years, and responsible for the IT strategy as well as disaster response projects at various government organizations. Mr. Okada is the co-leader of OWASP Japan since its founding, is CISA certified and holds an MBA from BBT (2009).

Sen Ueno CEO Tricorder Inc. Japanese computer engineer and technical expert. Majored in Information Security at the Nara Institute of Science and Technology (NAIST). After successfully listing an eCommerce venture on the TSE Mothers exchange, Mr. Ueno founder Tricorder and focused on information security education, network/web application vulnerability assessment, etc. In addition to being the CEO of his company, Mr. Ueno is also a researcher at the Information-technology Promotion Agency, Japan (IPA), the chief editor at the information security-related magazine ScanNetSecurity and a member of the executive committee for WASForum Hardening Project. He has also been a co-leader for OWASP Japan since its inception. Works authored by Mr. Ueno include “HTTP no Kyoukasho”, “Konya Wakaru TCP/IP”, “Mendoukusai Web Security”, etc.

Takanori Nakanowatari Mr. Nakanowatari is involved in the security management and software development at an OA device manufacturer. He has been actively involved in the overseas of OWASP as well such as participating in AppSec conferences overseas and has contributed to OWASP Meetings in Japan by sharing his various experiences. Mr. Nakanowatari is CISSP certified and since 2013 has been a member of the OWASP Japan Advisory Board.

Yosuke Hasegawa Mr. Hasegawa is an Evangelist at Net Agent as well as a technological advisor at Secure Sky Technology, Inc. He has been instrumental in discovering various vulnerabilities in web applications such as Internet Explorer and Mozilla Firefox. He has participated in Black Hat Japan 2008 and Korea POC (Power of Community) 2008 & 2010 as well as giving lectures and speeches at various other conferences. Since its inception, Mr. Hasegawa has been a member of the OWASP Japan Advisory Board.

Robert Dracea Mr. Dracea is responsible for the global strategy of a Japanese internet service company. With the mission of better sharing Japan’s advanced technological power with the world, from a business perspective, he has successfully architected numerous alliances and tie-ups both domestically in Japan as well as overseas. Additionally, he has also, on a volunteer-basis, conducted the translation and interpretation at multilingual OWASP Meetings. Mr. Dracea has been since its founding a member of the OWASP Japan Advisory Board.

Program Selection Committee

Youki Kadobayashi, Ph.D. Associate professor at Nara Institute of Science and Technology (NAIST). After being employed at Osaka University’s Cybermedia Center, Dr. Kadobayashi joined his current position in 2000. Since 2008 he has been involved in cyber security standardization at the International Telecommunications Union Telecommunications Standardization Sector. Dr. Kadobayashi is also actively involved in cyber security education and training programs. Additionally, he is a board member of the industry-academic-government collaborative research consortium WIDE Project and since 2013 the Japanese representative of the American-Japanese international joint research project FP7 NECOMA Project. Dr. Kadobayashi is also a member of the executive committee for the WASForum Hardening Project.

Masakazu Takahashi Chief Security Advisor, Microsoft Japan. After being involved in standard library, OS development and other basic development, Mr. Takahashi became involved in the security business after engaging in vulnerability assessment and intrusion detection at a security company. At a time when penetration testing was a common practice in vulnerability assessment, Mr. Takahashi became a proponent of white box testing as a logical and repeatable inspection method. In terms of intrusion detection, he oversaw the systemization of surveillance and operations technologies and was in charge of starting numerous SOC businesses. In November of 2006, Mr. Takahashi joined Microsoft Japan. As the chief security advisor, he is involved in attaining the secure computing that Microsoft aims for while at the same time publishing papers and conducting various lectures. Additionally, Mr. Takahashi is actively involved in associations within the industry and is the head of a community involved in the promotion of information security measures as well as the vice president of the Japan Network Security Association (JNSA).

Keiji Takeda, Ph.D. Lecturer at Keio University, Faculty of Environment and Information Studies. Ph.D. from Keio University Graduate School of Media and Governance. After being employed at the Ministry of Defense, the Japan Air Self-Defense Force and Accenture, Dr. Takeda became a lecturer at Carnegie Mellon University’s school in Japan before moving on to his current position. Dr. Takeda is also a member of various information security-related committees including participating as an advisor for the Hyogo Prefectural government. In addition, he is actively involved in the information security industry through a broad array research & development, operations, personnel training and consulting activities including development assessment of intrusion detection systems, participation at various security events and the planning of organizations for the distribution of information related to security vulnerabilities.

Masafumi Negishi Senior Engineer, Office of Emergency Response and Clearinghouse for Security Information, Internet Initiative Japan Inc. Mr. Negishi has been involved in network construction, security inspection and security consulting, etc. at a major electronics manufacturer, a security company and foreign-affiliated computer vendor. In 2003 he became employed at IIJ Technology and placed in charge of security services, overseeing numerous security inspections. Currently he is part of the security incident support team and is primarily responsible for the collection and analysis of security information as well as taking appropriate action when security issues are discovered. Since 2007 he has been an instructor at the SANS Institute and since 2012 he has also been a member of the Advisory Board for OWASP Japan.

Yoshinari Fukumoto System Security Office Manager, Rakuten Inc. After being involved in research and development of security products at a security-related company, in 2002 Mr. Fukumoto joined Rakuten and became responsible for the internet service security for Rakuten Group. He is primarily involved in the promotion and development of secure software as well as the support of security-related operations. Mr. Fukumoto is also a Rakuten-CERT Representative. He has been a member of the OWASP Japan Advisory Board since the chapter began its activities.

AppSec APAC 2014 will be held at the SOLA CITY CONFERENCE CENTER in Tokyo, Japan.

Google Map of SCCC

Conference Registration is now open! Click here to register

OWASP AppSec APAC features two days of training March 17-18, and two days of talks, March 19-20, 2014.

Conference Registration Fees (not including training)

---

Ticket price	Regular Fee	On-site Fee
Active OWASP member	$300 USD (30,000 Yen)	$400 USD (40,000 Yen)
Non-Member	$350 USD (35,000 Yen)	$450 USD (45,000 Yen)
Student	$80 USD (8,000 Yen)	$120 USD (12,000 Yen)

Please note - payment will be processed in Japanese Yen but we can process invoice and payment in USD or other currencies.

Training Fees (Please note that conference Registration is separate.)

---

Course Length	Course Dates	Fee
1 - day class	Monday, March 17 2014	$400 USD (40,000 Yen)
2 - day class	Tuesday, March 18 2014	$800 USD (80,000 Yen)

Please note - payment will be processed in Japanese Yen but we can process invoice and payment in USD or other currencies.

Cancellations, Refunds, and Substitutions All ticket sales are final and our general policy is no refunds. However, we are able to substitute registrations at no charge until February 28, 2014.

Group Discounts: 10% off for groups of 10-19; 20% off for groups of 20-29; 30% off for groups of 30 or more. Please contact us for more information about registering a group.

Membership Discounts: We are pleased to offer $20 off admission for active OWASP members. Multiple discounts can not be applied.

Registration for Trainers and Speakers: If you have been selected to deliver a training or talk at the conference, you should have received a discount code for complimentary admission. If you did not receive this code or have questions, please Contact us.

Registration for OWASP Leaders: Complimentary admission to the conference is offered to active OWASP Chapter and Project Leaders. Additionally, two seats for each of the training courses are available at no cost to active OWASP Chapter and Project Leaders (available on a first come, first serve basis).
To register as an active Chapter or Project leader, please select the general event registration option and enter discount code: OWASPLEADER.

Please note: conference and training registration using the OWASPLEADER discount code will be verified by the conference team and if you are not an active OWASP Chapter or Project Leader, you will be contacted regarding your status and your registration may be subject to cancellation.

Monday and Tuesday, March 17th - 18th

• Mobile Security: Securing Mobile Devices & Applications _ ENGLISH
  

Dave Wichers
ROOM A 10am-5pm

Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?
This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.

Monday, March 17th

• Secure Web Development _ ENGLISH
  

Jerry Hoff
ROOM B 10am-6pm

Web application security is the #1 security issue for most enterprises today. This class goes through fundamental security principles for Java and .NET web developers, focusing on secure development practices.
This highly interactive, intensive 2-day class provides essential Java application security training for developers, architects and software testers. The class is a combination of lecture, hands-on development and code review. Instructor bring years of hands-on security experience, and provide invaluable insight from numerous security assessments. Participants will not only learn the most common threats against web applications, but more importantly they will learn how to also fix the problems via control based code samples and review. Each student will have their own web application they will secure and test. This class is suitable for web application software engineers, web quality assurance engineers, and web architects. Focus will be put on covering not only the OWASP Top 10, but other common web vulnerabilities that plague modern web applications. Participants will gain a strong knowledge of web vulnerabilities, how vulnerabilities are exploited, and what security controls need to be in place to write defensible applications. Emphasis will also be placed on how these secure coding techniques relate to mobile, secure API development, and how security can be introduced throughout the SDLC.

• Hands on Simple method of the penetration testing using OWASP ZAP _ JAPANESE
  

Minoru Sakai
ROOM C 10am - 6pm

This course goes through automated security testing from OWASP tools.
Tools:
OWASP Zed Attack Proxy
OWASP Broken Web Applications

Tuesday, March 18th

• CISO training: Managing Web & Application Security – OWASP for senior managers _ ENGLISH
  

Tobias Gondrom
ROOM C 10am - 6pm

Managing and improving your global information security organization, Leverage OWASP and common best practices to improve your security programs and organization. Achieving cost-effective application security, bringing it all together on the management level. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?
This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.

• Developer Security Training _ FREE TRAINING _ ENGLISH
  

Jim Manico & Jerry Hoff
ROOM B 10am - 6pm

This free training session will teach a developer about the fundamentals of secure software development practices. The session is a fast-paced combination of lecture, security testing and code review. This class will also highlight production quality API's from various languages, frameworks, and 3rd party libraries that provide production quality and scalable security controls.

All conference session will be translated into English - Japanese.

Conference Schedule

Wednesday, March 19th

PLENARY SESSIONS:

• 10.00am-10.30am Welcome Address and Openening Remarks (Riotaro Okada & Tobais Gondrom)
• 10.30am-11.20am KEYNOTE (Suguru Yamaguchi)
• 11.20am-1.30pm OWASP Top 10 2013. KEYNOTE (Dave Wichers)
  
  

TRACK A:

• 1.30pm-2.20pm The OWASP Proactive Controls. (Jim Manico)
• 2.30pm-3.20pm OWASP documents for every people.（Chia-Lung Albert Hsieh）
• 4.00pm-4.50pm 12 Case Studies for the Access Controls of Web Application. (Takashi Honda)
• 5.00pm-5.50pm Get Ready for the Next Big Wave of Attacks: Hacking of Leading CMS Systems. (Helen Bravo, Sanjay Agnani)
  
  

TRACK B:

• 1.30pm-2.20pm Why OWASP AppSensor is the future of Application Security, and why you should be using it. (Dennis Groves)
• 2.30pm-3.20pm Inside Story of the first SaaS type WAF Service. (Kana Toko)
• 4.00pm-4.50pm The Art and Science of Configuring SSL. (Nick Galbreath)
• 5.00pm-5.50pm Bad Web Apps are Good – The Broken Web Application Project. (Mordecai Kraushar)
  
  

TERRACE ROOM

• 1.30am-2.20pm Women in AppSec
• 2.30pm-3.20pm OWASP Japan
• 4.00pm-4.50pm The fact report of attack traffic on the Internet. (Makoto Niimura)
• 5.00pm-5.50pm The investigation of Web Application Vulnerabilities in Japan. (Koki Takahashi)

Thursday, March 20th

TRACK A:

• 9.30am-10.20am eXtend Security on Xcode. (Tokuji Akamine, Raymund Pedraita)
• 10.30am-11.20am Getting a handle on mobile security. (Jerry Hoff)
• 11.50am-12.40pm Preinstalled Android application poisoning. (Yoshitaka Kato)
  
  

TRACK B:

• 9.30am-10.20am HTML 5 Security for Web Application Development. (Yoshinori Matsumoto)
• 10.30am-11.20am XSS Allstars from Japan. (Yosuke Hasegawa, Masato Kinugawa, Mala)
• 11.50am-12.40pm Secure Escaping method for the age of HTML 5. (Yoshinori Takesako)
  
  

TERRACE ROOM

• 9.30am-10.20am Management for Security Life Cycle. (Shoji Ito)
• 10.30am-11.20am How to choose (or write) your own source code scanner. (Yu-Lu “Chris” Liu)
• 11.50am-12.40pm OWASP Japan (Open Mic Session)
  
  

PLENARY SESSIONS:

• 1.40pm-2.30pm 1 user, 10 places, 100 seconds. (Matias Madou)
• 2.40pm-3.30pm DevOps. (Dave Wichers)
• 4.00pm-4.50pm KEYNOTE (Michael Coates)
• 5.00pm-5.30pm Closing Remarks (Tobias Gondrom & Riotaro Okada)
  
  

Keynote Speaker

Suguru Yamaguchi is a Professor at the Graduate School of Information Science, Nara Institute of Science and Technology (NAIST) and former Advisor on Information Security to the Cabinet of the Government of Japan. He was born in Shizuoka, Japan in 1964. He has D.E from Osaka University. In 2000, he was promoted to Professor with the Graduate School of Information Science, NAIST, Nara, Japan and since 2013, has been Director of Library for FY2013 & 2014. From April 2004 to March 2010, he held the position of Advisor on Information Security to the Cabinet of the Government of Japan.

He has been deeply involved in the design and implementation of the national master plan on information security policy and establishment for the National Information Security Center (NISC) of the Cabinet Secretariat in 2005. Furthermore, because of tight relationship with the government’s information security policy, he was also appointed Advisor to the Government Program Management Office (GPMO) at secretariat office of IT Strategic Headquarter, Government of Japan since 2006. His research interests include technologies for information sharing, multimedia communication over broadband channels, large-scale distributed computing systems including “cloud computing” technology, network security and network management for the internet. Since the mid-1980’s, he has been focused on the development of the internet in Japan and the Asia Pacific region. He has also been a member of the WIDE project, which is one of the pioneer projects for internet development since its creation in 1988. For internet development in the Asia Pacific region, he has been working for many years at the Asian Internet Interconnection Initiatives (AI3) since its creation in 1996.

He has made many contributions to internet development and network security both in Japan and overseas. He founded JPCERT/CC in 1996, which is the first national CSIRT in Japan, and is now working as one of the board of trustees. He was one of the founders of APCERT.org, a regional forum of CSIRT in the Asia Pacific region established in 2002. From 2011, he has been appointed as a member of the Steering Committee for FIRST (Forum of Incident Response and Security Teams). In this role, he is working as a liaison officer of Geographical Outreach to work together with the CSIRT teams in developing countries, mainly in Africa and the Greater Middle East region to connect to the global FIRST community. Since 2002, he has been a member of the board of trustees of the Japan Network Information Center (JPNIC), which is the national internet registry managing IP addresses and AS number allocations and registrations in Japan.

LinkedIn Suguru Yamaguchi

Michael Coates is the Chairman of the OWASP board, an international non-profit organization focused on advancing and evangelizing the field of application security. In addition, he is the creator of OWASP AppSensor, a project dedicated to creating attack aware applications that leverage real time detection and response capabilities.

Michael is also the Director of Product Security at Shape Security, a Silicon Valley startup developing an entirely new type of web security product to protect web sites against modern attacks.

Previously, Michael was the Director of Security Assurance at Mozilla where he founded and grew the Security Assurance and Web Security programs to 25 people.

Throughout Michael's career he has advised major corporations and governments on secure architecture and software security. He’s also performed hundreds of technical security assessments for financial, enterprise, and cellular customers worldwide. Michael also maintains a security blog at michael-coates.blogspot.com

Michael holds a Master of Science degree in Computer, Information and Network Security from DePaul University and a Bachelor of Science degree in Computer Science from the University of Illinois at Urbana-Champaign.

LinkedIn Michael Coates

Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a consulting company that specializes in application security services. He is also a long time contributor to OWASP, helping to establish the OWASP Foundation in 2004, serving on the OWASP Board since it was formed from 2004 through 2013, served as OWASP Conferences Chair from 2005 through 2008, is a coauthor of the OWASP Top 10 and has led the project since 2007, and has contributed to numerous other important OWASP projects including WebGoat, ESAPI, ASVS, and the OWASP Cheat Sheet Series.

Dave has over 25 years of experience in the information security field, and has focused exclusively on application security since 1998. At Aspect, in addition to his COO duties, he is Aspect's application security courseware lead, one of their chief instructors, and provides a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Dave has a Bachelors and Masters degree in Computer Science and is a CISSP.

OWASP Board Speaker

Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory operating in Asia and Europe.

He has 15 yrs of experience in information security and risk management, software development, application security, cryptography and global standardization organizations, working for independent software vendors and large global corporations in the financial, technology and government sector. Over the years, he has run various corporate information security functions and trained and advised dozens of CISOs and senior information security leaders around the globe. Tobias is a Sloan Fellow from London Business School, holding its most senior business degree, the Sloan M.Sc. in Leadership and Strategy.

Since 2003 he is the chair of working groups at the IETF (www.ietf.org), member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He is vice-chairman for research and programs of the CSA Hong Kong and Macau chapter and an ISC2 CSSLP and CISSP Instructor.

Tobias has been in a number of OWASP project and chapter leadership roles since 2007. Today, he is a member of the OWASP Global Board and member of the London chapter board and project lead of the CISO Survey & Report project.

He has authored the Internet standards RFC 4998, 6283 and 7034, co-authored the books „Secure Electronic Archiving“ and the "OWASP CISO Guide" and is a frequent presenter at conferences and publication of articles on security (e.g. AppSec, IETF, ...).

LinkedIn Tobias Gondrom

Tokyo boasts a variety of accommodations from Ryoakans to full-service hotels and luxury inns. Rooms may go fast on the conference days, so book early for best availability!

The conference venue, Solar City Conference Center, is located in Tokyo Central Region, Kanda/Akihabara/Ochanomizu area. The closest train station is Ochanomizu Station.

• For Hotel Reservation in Tokyo: Japanican Site
  • around Ochanomizu(venue): Japanican Site for Ochanomizu Area

Alternatively, if you would like to book your accommodation by contacting JTB Global Marketing and Travel they will be happy to help you with your hotel booking and provide assistance organizing your time in Tokyo.

• E-mail: owasp_hotel@gmt.jtb.jp
• Phone: +81-3-5796-5445
• FAX:+81-3-5495-0685

We are looking for Silver and 'A La Carte" Sponsors for the Global AppSec APAC 2014.

This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security not only in Japan and the Asia Pacific region but also internationally throughout the world while supporting the continued activities conducted by OWASP both in Japan and abroad.

• Sponsorship benefits for organizations specializing in IT & Security:
  • Opportunity to use the latest technological trends for professional training / development
  • Strengthen your company strategy by learning the latest trends in web software security
  • Improve your business development strategy with leading information from the security industry
  • Get networking and headhunting opportunities with world-class specialists and professionals
  • Get the chance to interact with high-need discerning users to improve product development
  • Increase your image as a professional company through this unique branding opportunity

• Sponsorship benefits for organizations utilizing the internet in their business:
  • Opportunity to increase the international brand awareness and conduct business networking
  • Strengthen your company strategy by learning the latest trends in web software security
  • Improve your service development by understanding the latest trends in security issues & risks
  • Contribute to information society as a company by developing safe and secure services
  • Get the chance to interact with high-need discerning users to improve product development
  • Opportunity to brand your company as one that focuses on the highest standards in technology

If you are interested to sponsor Global AppSec APAC 2014, please contact the conference team: appsec-apac2014@owaspjapan.org

To find out more about the different sponsorship opportunities please check: OWASP AppSec APAC 2014 Premium Sponsorship Menu on the following package.

Download Sponsor Package(Updated 2014.2.20): English | Japanese

SPONSORS

Diamond Sponsors

   

Platinum Sponsors

       

Gold Sponsors

       

       

       

Silver Sponsors

       

Supporters