This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Indonesia Day 2017"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
[[File:Owaspday2017.jpg|center|frame]]
 
<br><br> '''09th September 2017 - Yogyakarta, Central Java'''
 
<br><br> '''09th September 2017 - Yogyakarta, Central Java'''
  

Revision as of 05:25, 21 June 2017

Owaspday2017.jpg



09th September 2017 - Yogyakarta, Central Java


Introduction

We are proud to announce the eighth OWASP Indonesia Day conference, to be held at the Jogja Digital Valley on Saturday September 09th, 2017. OWASP New Zealand Day is a one-day conference dedicated to application security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.


Who is it for?

  • Web Developers: There will be a choice of two streams in the morning. First stream covering introductory talks to application security, second stream covering deeper technical topics. Afternoon sessions will cover various defensive topics, with a DevSecOps cluster of talks in stream two after afternoon tea break.
  • Security Professionals and Enthusiasts: Technical sessions later in the day will showcase new and interesting attack and defence topics.

Conference structure

Date: Thurs 09 September 2017
Time: 9:30am - 6:00pm
Cost:

The main conference is on Thursday 09th of September, and will have two streams in both the morning and the afternoon:


Registration for the main conference day is now open: Conference Registration Here

General

The eighth OWASP New Zealand Day will be happening thanks to the support provided by the University of Auckland, which will kindly offer the same location as last year for stream one, with the addition of another room near by for the stream two room. Entry to the event will, as in the past, be free.


For any comments, feedback or observations, please don't hesitate to contact us.

Registration

Registration for the main conference day is now open: Conference Registration Here Follow us on twitter OWASPJAKARTA


There is no cost for the main conference day. Unfortunately due to increased conference running costs, lunch, morning and afternoon tea's will not be provided as it has been for the past OWASP Indonesia Days. We do ask that if at any point you realise you cannot make it please cancel your registration to make room for others as spaces are limited.


Important dates

  • CFP submission deadline: 18th March 2017
  • CFT submission deadline: 28th February 2017
  • Conference Registration deadline: 15th April 2017
  • Training Registration deadline: 15th April 2017
  • Training Day date: 19th April 2017
  • Conference Day date: 20th April 2017


For those of you booking flights, ensure you can be at the venue at 9:00am, the conference will end by 6:00pm however we will have post conference drinks at a local drinking establishment for those interested.


Conference Venue

Conference Sponsors

Gold Sponsors:

Support Sponsor:

Conference Committee

  • Ade Yoseman - OWASP Indonesia Leader (Jakarta)
  • Dirga - OWASP Indonesia Board member

Please direct all enquiries to [email protected]

Call For Presentations

Thank you to all those who have submitted talks. The call for presentations has now closed.

OWASP Indonesia Day conferences attract a high quality of speakers from a variety of security disciplines including architects, web developers and engineers, system administrators, penetration testers, policy specialists and more.


We would like a variety of technical levels in the presentations submitted, corresponding to the three sections of the conference:

  • Introductions to various Web Application Security topics, and the OWASP projects
  • Technical topics
  • Policy, Compliance and Risk Management


The introductory talks should appeal to an intermediate to experienced web developer, without a solid grounding in web application security or knowledge of the OWASP projects. These talks should be engaging, encourage developers to learn more about web application security, and give them techniques that they can immediately return to work and apply to their jobs.

Technical topics are running all day and should appeal to two audiences - experienced web application security testers or researchers, and web developers who have a “OWASP Top Ten” level of understanding of web attacks and defenses. You could present a lightning, short or long talk on something you have researched, developed yourself, or learnt in your travels. Ideally the topics will have technical depth or novelty so that the majority of attendees learn something new.

We would also like to invite talks that will appeal to those interested in the various non-technical topics that are important in our industry. These talks could focus on the development of policies, dealing with compliance obligations, managing risks within an enterprise, or other issues that could appeal to those in management roles.


We encourage presentations to have a strong component on fixing and prevention of security issues. We are looking for presentations on a wide variety of security topics, including but not limited to:


  • Web application security
  • Mobile security
  • Secure development
  • Vulnerability analysis
  • Threat modelling
  • Application exploitation
  • Exploitation techniques
  • Threat and vulnerability countermeasures
  • Platform or language security (JavaScript, NodeJS, .NET, Java, RoR, etc)
  • Penetration Testing
  • Browser and client security
  • Application and solution architecture security
  • PCI DSS
  • Risk management
  • Security concepts for C*Os, project managers and other non-technical attendees
  • Privacy controls


The submission will be reviewed by the OWASP Indonesia Day conference committee and the highest voted talks will be selected and invited for presentation.


PLEASE NOTE:

  • Due to limited budget available, expenses for international speakers cannot be covered.
  • If your company is willing to cover travel and accommodation costs, the company will become "Support Sponsor" of the event.


Thank you to all those who have submitted talks. The call for presentations has now closed.

Please submit your presentation here.


Submissions deadline: 18th March 2017

Applicants will be notified in the following week after the deadline, whether they were successful or not.

Call For Sponsorships

Thank you to all our sponsors. Sponsorship has now been fully subscribed, we are no longer accepting new sponsors.

OWASP New Zealand Day 2017 will be held in Auckland on the 20th of April, 2017 and is a security conference entirely dedicated to application security. The conference is once again being hosted by the University of Auckland with their support and assistance. OWASP New Zealand Day 2017 is a free event, but requires sponsor support to help be an instructive and quality event for the New Zealand community. OWASP is strictly not for profit. The sponsorship money will be used to help make OWASP New Zealand Day 2017 a free, compelling, and valuable experience for all attendees.


The sponsorship funds collected are to be used for things such as:

  • Name tags - we feel that getting to know people within the New Zealand community is important, and name tags make that possible.
  • Promotion - up to now our events are propagating by word of mouth. We would like to get to a wider audience by advertising our events.
  • Printed Materials - printed materials will include brochures, tags and lanyards.

Sponsorships

There are three different levels of sponsorships for the OWASP Day event:


Support Sponsorship: (Covering international speaker travel expenses, media coverage/article/promotion of the event)

Includes:

  • Publication of the sponsor logo on the event web site -https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017


Silver Sponsorship: 10000000 IDR

Includes:

  • Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017
  • The publication of the sponsor logo in the event site, in the agenda, on the handouts and in all the official communications with the attendees at the conference.
  • The possibility to distribute the company brochures, CDs or other materials to the participants during the event.


Gold Sponsorship: 15000000 IDR

Includes:

  • The possibility to have a promotional banner or sign side stage in the main auditorium (to be provided by the sponsor, size subject to approval by the OWASP NZ Day Committee).
  • The publication of the sponsor logo in the event site, in the agenda, on the handouts and in all the official communications with the attendees at the conference.
  • The possibility to distribute the company brochures, CDs or other materials to the participants during the event.
  • Publication of the sponsor logo on the OWASP New Zealand Chapter page - Sponsor logo on the OWASP NZ site prior and during the OWASP Day event - https://www.owasp.org/index.php/New_Zealand
  • Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017


Those who are interested in sponsoring OWASP New Zealand 2017 Conference can contact the

Thank you to all our sponsors. Sponsorship has now been fully subscribed, we are no longer accepting new sponsors.


Presentations

20th April 2017

08:30 Registration Opens
09:30

Welcome to OWASP New Zealand Day 2017
Lech Janczewski (Associate Professor), Kirk Jackson, Denis Andzakovic and Kim Carter (OWASP Leaders)


09:45

OWASP Top 10 Review & Preview
Kevin Alcock - Katipo Information Security
Slides (PDF, 2.5mb)

09:45

Gaslighting with Honeypits and Mirages
Kate Pearce - Cisco

10:20

Developer's guide to preventing XSS
Felix Shi - Xero
Slides (PDF 400kb)

10:20

The Magical World of Cloud Security
Erica Anderson
Slides (PDF 0.6mb)

10:55

The dangerous, exquisite art of safely handling user-uploaded files
Tom Eastman
Slides

10:55

How to spot and stop a wolf in sheep's clothing (a.k.a Account Takeover)
Nick Malcolm - SafeStack
Slides

11:30

Building the ultimate login and signup
Matt Cotterell - Fairfax Media
Slides (PDF, 5mb)

11:30

Security on a shoestring - running a security critical service as a volunteer
Daniel Compton
Slideshare

12:05

XML: Still Considered Dangerous
Adam Bell - Lateral Security
Slides (PDF, 1.8mb)

12:05

Confession of a lactose intolerant vulnerability hunter
Trev H - RedShield
Slides (300kb)

12:35

Break for Lunch
14:00

Sensible defaults for client-side security
Jen Zajac - Catalyst
Slides (PDF 5mb)

14:00

Huzzer, the tree-based generational mutating HTTP fuzzer
Matthew Daley - Aura Information Security
Slides (PDF 16mb)

14:30

Changing Perspectives
Shahn Harris - Equifax

14:30

Root Cause is the Best Cause
Adrian Hayes

15:15

30 Days (ish) of Security
Grace Nolan and Catherine McIlvride
Slides (PDF, 3.1mb)

15:15

From JSONP to XSS persistence
Claudio Contin - Aura Information Security
Slides (800kb)

15:30

Break for Afternoon Tea
16:00

So we broke all CSPs... You won't guess what happened next!
Lukas Weichselbaum & Michele Spagnuolo - Google Switzerland
Slides (PDF, 1.8mb)

16:00

AppSec in a DevOps World
Peter Chestna - Veracode
Slides (PDF, 4.5mb)

16:45

Hacking the Talent Pipeline
Ruth McDavitt - Summer of Tech
Slides (PDF, 1mb)

16:30

Trust me, I'm a cloud
Sam Macleod - SafeStack
Slides (PDF, 200kb)

17:00

Conscious Incompetence: Started from the bottom, now we're here
Charlie Gavey - Snapper Services

 
17:15

Graphing when your Facebook friends are awake
Alex Hogue - Atlassian
Google Slides

 
17:45

Wrap Up
Time for the pub, for those interested

 

Speakers List

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Indonesia_Day_2017&oldid=230837"