This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP EU Summit 2008"
(→EVENT AGENDA) |
(→EVENT AGENDA) |
||
| Line 135: | Line 135: | ||
|- | |- | ||
| style="width:10%; background:#7B8ABD" | 13:00 || colspan="4" style="width:80%; background:#B36B00" align="center" | Lunch | | style="width:10%; background:#7B8ABD" | 13:00 || colspan="4" style="width:80%; background:#B36B00" align="center" | Lunch | ||
| − | |- | + | |- |
| style="width:10%; background:#7B8ABD" | || colspan="4" style="width:80%; background:#c0e0e0" align="center" | Training Sessions | | style="width:10%; background:#7B8ABD" | || colspan="4" style="width:80%; background:#c0e0e0" align="center" | Training Sessions | ||
|- | |- | ||
| Line 143: | Line 143: | ||
| style="width:30%; background:#c0e0e0" align="center" | OWASP Testing Guide<br>Matteo Meucci | | style="width:30%; background:#c0e0e0" align="center" | OWASP Testing Guide<br>Matteo Meucci | ||
|- | |- | ||
| − | | style="background:#7B8ABD" | 19:00 | + | | style="background:#7B8ABD" | 19:00 |
| − | Dinis Cruz and Summit Organization Team | + | | colspan="4" style="background:#FFFF00" align="center" | Summit Briefing<br>Dinis Cruz and Summit Organization Team |
| − | |- | + | |- |
| − | | style="background:#7B8ABD" | 20:00 | + | | style="background:#7B8ABD" | 20:00 |
| + | | colspan="4" style="background:#B36B00" align="center" | OWASPers Dinner | ||
|} | |} | ||
Revision as of 16:56, 26 November 2008
 'THE OWASP AGENDA FOR 2009' |
KEY RESULTS FROM THE OWASP SUMMIT
ALGARVE, PORTUGAL, November 7, 2008 – The Open Web Application Security Project (OWASP) today announced results from the annual OWASP Summit. Over 80 application security experts from over 20 countries joined forces to identify, coordinate, and prioritize our 2009 efforts to create a more secure Internet.
OWASP is a free and open community that focuses on improving application security. There is overwhelming evidence that the vast majority of web applications contain security holes that are increasingly putting people and organizations at serious risk. Securing web applications is an extraordinarily difficult technical challenge that demands a concerted effort.
“OWASP came together for a week and produced a stunning amount of new ideas,” said OWASP Chair Jeff Williams. “Our community is growing and organizing into a powerful movement that will affect software development worldwide. This summit marks a major milestone our efforts to improve application security.” - Watch Video
Key results from the OWASP Summit include:
UPDATED OWASP PRINCIPLES
• Free & Open
• Governed by rough consensus & running code
• Abide by a code of ethics (see ethics)
• Not-for-profit
• Not driven by commercial interests
• Risk based approach
UPDATED CODE OF ETHICS
• Support the implementation of and promote compliance with standards, procedures, controls for application security
• Have objectivity, due diligence and professional care in accordance with established standards
• Responsible disclosure
• New Free Tools and Guidance - OWASP announced the release of Live CD 2008, many new testing tools, static analysis tools, the Enterprise Security API (ESAPI v1.4), AntiSamy, the Application Security Verification Standard (ASVS), guidance for Ruby on Rails and Classic ASP, international versions of our materials, and much more.
• New Outreach Programs – OWASP has expanded its outreach efforts by building relationships with technology vendors, framework providers, and standards bodies. In addition, we piloted a new program to provide free one-day seminars at universities and developer conferences worldwide.
• New Global Committee Structure – OWASP recognized the extraordinary contribution of our most active leaders by engaging them to lead a set of six new committees. Each democratically established committee will focus on a key function or geographic region, such as OWASP projects, conferences, local chapters, membership and industry outreach.
How to Join a Global Committee - Applications being accepted until January 9th 2009 for a 24 month term
Global Projects and Tools Committee
TOOLS AND PROJECTS APPROVED OR LAUNCHED DURING THE SUMMIT
OWASP is proud to launch the following new or updated tools:
• Application Security Verification Standard, Mike Boberski
• AppSensor, Michael Coates
• Access Control Rules Tester, Andrew Petukhov
• AntiSamy .NET, Arshan Dabirsiaghi
• Application Security Tool Benchmarking Environment and Site Generator refresh, Dmitry Kozlov
• Code Crawler, Alessio Marziali
• JSP Testing Tool, Jason Li
• Live CD 2008, Matt Tesauro
• OpenPGP Extensions for HTTP – Enigform and mod_openpgp, Arturo ‘Buanzo’
• Orizon Project, Paolo Perego
• Python Static Analysis, Georgy Kilmov
• Skavenger, Matthias Rohr
• Teachable Static Analysis Workbench, Dmitry Kozlov & Igor Konnov
Find them all at the PROJECTS PAGE
OWASP is proud to launch the following new or updated documents or resources:
• Application Security Desk Reference (ASDR), Leonardo Cavallari
• Backend Security Project, Carlo Pelliccioni
• Classic ASP Security Project, Juan Carlos Calderon
• Code review guide, V1.1, Eoin Keary
• Education Project, Martin Knobloch
• Internationalization Guidelines – Spanish project, Juan Carlos Calderon
• Positive Security Project, Eduardo V.C. Neves
• Ruby on Rails Security Guide V2, Heiko Webers
• Securing WebGoat using ModSecurity, Stephen Craig Evans
• Source Code Review Projects, James Walden
• Testing Guide V3, Matteo Meucci
Find them all at the PROJECTS PAGE
EVENT AGENDA
| Agenda for Monday, November 3rd, 2008 | ||||
| 13:00 | Lunch | |||
| Training Sessions | ||||
| 15:00 to 17:00 | Securing WebGoat with ModSecurity Stephen Craig Evans |
WebSec Apps for Managers and Executives Mano Paul |
OWASP Testing Guide Matteo Meucci | |
| 19:00 | Summit Briefing Dinis Cruz and Summit Organization Team | |||
| 20:00 | OWASPers Dinner | |||
| Agenda for Tuesday, November 4th, 2008 | ||||||
| 08:00 | Registration | |||||
| 09:00 | Summit Keynote
Dinis Cruz and Summit Organization Team | |||||
| Documents | Tools | |||||
| 09:30 | OWASP Testing Guide
Matteo Meucci |
OWASP JSP Testing Tool
Jason Li | ||||
| 09:45 | OWASP Code Review Guide
Eoin Keary |
OWASP Orizon Project
Paolo Perego (a.k.a. thesp0nge) | ||||
| 10:00 | OWASP Application Security Desk Reference (ADSR)
Leonardo Cavallari Militelli |
OWASP Live CD
Matt Tesauro | ||||
| 10:15 | OWASP Spanish Project
Juan Carlos Calderon |
WebScarab-NG
Rogan Dawes | ||||
| 10:30 | Coffee Break | |||||
| 10:45 | .NET ESAPI
Alex Smolen |
JBroFuzz
Yiannis | ||||
| 11:00 | Working Sessions Briefing
Dinis Cruz | |||||
| Working Sessions | ||||||
| 11:15 | Documentation Projects/Guides Integration and Unified 4.0 Version
Chair: Eduardo Neves |
Browser Security
Chair: Arshan Dabirsiaghi Secretary: Kuai Hinojosa |
Tools Projects
Chair: Matt Tesauro | |||
| 13:00 | Lunch | |||||
| 14:00 | Training Sessions | |||||
| The Art and Science of Threat Modeling Web Applications
Mano Paul |
Web Server Hardening SELinux
Pavol Luptak |
Offensive WebApp Hacking
Marco Slaviero | ||||
| 16:00 | Coffee Break | |||||
| Working Sessions | ||||||
| 16:30 | ESAPI
Chair: Jeff Williams Secretary: Arshan Dabirsiaghi | |||||
| 18:30 | ASDR
Chair: Leonardo Cavallari |
.NET Project
Chair: Dinis Cruz | ||||
| Agenda for Wednesday, November 5th, 2008 | ||||
| 09:15 | Daily Briefing:
Dinis Cruz | |||
| Standards and Education
(Room 1) |
Tools
(Room 2) | |||
| 10:00 | OWASP Positive Security (SoC 08)
Eduardo Vianna de Camargo Neves |
OWASP Access Control Rules Tester Project
Andrew Petukhov | ||
| 10:15 | OWASP Education
Sebastien Deleersnyder, Martin Knobloch |
OWASP Teachable Static Analysis Workbench
Dmitry Kozlov | ||
| 10:30 | OWASP Internationalization Guidelines
Juan Carlos Calderon |
OWASP AppSensor
Michael Coates | ||
| 10:45 | PASSWD:Metrics and Vulnerabilities
Lucilla Mancini |
OWASP Backend Security Project
Carlo Pelliccioni | ||
| 11:00 | OWASP Open Review Project
Dan Cornell |
OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project
Dmitry Kozlov | ||
| 11:15 | OWASP Global Committee Elections
(Room 1) | |||
| 11:30 | Coffee Break | |||
| Working Sessions | ||||
| 12:45 | OWASP Working Session Education Project Chair: Sebastien Deleersnyder (Room 1) |
Testing Guide
Chair: Matteo Meucci (Room 2) |
Web Application Framework Security
Chair: Arshan Dabirsiaghi Secretary: Kuai Hinojosa (Room 3) | |
| 14:45 | Lunch During Working Sessions | |||
| 15:00 | Training Sessions | |||
| 15:00 | Flash Player Security
Peleus Uhley (Room 1) |
OWASP Top 10
Sebastien Deleersnyder and Martin Knobloch (Room 2) |
Uncovering WebScarab's Secret Treasures
Rogan Dawes (Sala Bella Vista) |
Hacking the Orizon
Paolo Perego (Room 3) |
| 17:00 | Coffee Break | |||
| Working Sessions | ||||
| 17:30 | Code Review Guide
Chair: Eoin Keary (Room 2) |
EU Funding for OWASP Projects
Chair: Carlos Serrao (Sala Bella Vista) |
OWASP Certification
Chair: Tom Brennan (Room 1) |
Software Assurance Maturity Model
Chair: Pravir Chandra (Room 3) |
| 19:00 | OWASP Website
Chair: Favio Cerull (Room 1) |
Metrics & Vulnerabilities
Chair: Lucilla Mancini (Room 2) |
OWASP Orizon
Paolo Perego (Room 3) | |
| Agenda for Thursday, November 6th, 2008 | |||||
| 09:15 | Daily Briefing:
Dinis Cruz | ||||
| Technology | Tools | ||||
| 10:00 | OWASP Classic ASP Security Project
Juan Carlos Calderon |
OWASP Source Code Review
James Walden | |||
| 10:15 | OWASP Ruby on Rails Security Project
Heiko Webers |
OWASP Enigmaform and mod_Openpgp
Arturo Alberto Busleiman (a.k.a. Buanzo) | |||
| 10:30 | OWASP Webslayer Project
Christian Martorella |
OWASP Securing WebGoat using ModSecurity
Stephen Evans and Christian Folini | |||
| 11:00 | OWASP Skavenger Project
Matthias Rohr |
OWASP AntiSamy.NET
Marcin Wielgoszewski | |||
| 11:15 | Coffee Break | ||||
| Working Sessions | |||||
| 11:30 | Top 10
2009 Chair: Dave Wichers Secretary: Jeff Williams (Room 1) |
Intra Governmental Affairs
Chair: David Campbell (Room 2) |
SAMM v2
(Room 3) |
Web Site
12:15 Executive Room |
Handling Web MalWare
12:15 Sala Bella Vista |
| 13:00 | Lunch During Working Sessions | ||||
| 14:00 | Training Sessions | ||||
| Ajax Security
(Room 1) |
Auditing Flash Applications
Peleus Uhley (Room 2) |
WebApp Assessment
Vicente Aguilera Diaz (Room 3) |
Mod Security
Lucas C. Ferreira (Executive Room) | ||
| 13:00 | Coffee Break | ||||
| Working Sessions | |||||
| 16:30 | Strategic Planning and Business Models compatible with OWASP values
Chair: Jeff Williams, Dinis Cruz, Dave Wichers, Sebastien Deleersnyder, and Tom Brennan Secretary: Kate Hartmann and Paulo Combra | ||||
| 18:30 | 2-Way Internationalization
Chair: Juan Carlos Calderon and Sebastien Deleersnyder (Room 1) |
Best Practices for Chapter Leaders
Chair: Georg Hess (Room 2) |
Portuguese Public & Private Organizations
Chair: Carlos Serrao (Room 3) |
Live CD & DVD
Chair: Matt Tesauro (Sala Bella Vista) |
OWASP Awards
Chair: Colin Watson (Executive Room) |
| 20:00 | Gala Dinner - Restaurante de Real | ||||
| 22:00 | OWASP Band - LE CLUB | ||||
| Agenda for Friday, November 7th, 2008 | ||||||
| 10:00 | OWASP AppSec Agenda 2009: Working Session Outcomes
Dinis Cruz | |||||
| 10:15 | Results Presentations | |||||
| Documentation Projects/Guides Integration and Unified 4.0 Version
Chair: Eduardo Neves | ||||||
| Browser Security
Chair: Arshan Dabirsiaghi | ||||||
| ESAPI
Chair: Jeff Williams | ||||||
| Tools Projects
Chair: Matt Tesauro | ||||||
| Code Review Guide
Chair: Eoin Keary | ||||||
| OWASP Certification
Chair: Tom Brennan | ||||||
| Software Assurance Maturity Model
Chair: Pravir Chandra | ||||||
| Top 10 2009
Chair: Dave Wichers | ||||||
| Intra Governmental Affairs
Chair: David Campbell | ||||||
| Best Practices for Chapter Leaders
Chair: Georg Hess | ||||||
| 11:15 | Coffee Break and vote break (put your dots on the wall) | |||||
| 11:30 | Live CD & DVD
Chair: Matt Tesauro | |||||
| ADSR
Chair: Leonardo Cavallari | ||||||
| Education Project
Chair: Sebastien Deleersnyder | ||||||
| Web Application Framework Security
Chair: Arshan Dabirsiaghi | ||||||
| Testing Guide
Chair: Matteo Meucci | ||||||
| OWASP Censorship
Chair: Tom Brennan | ||||||
| EU Funding for OWASP Projects
Chair: Carlos Serrao | ||||||
| OWASP Website
Chair: Fabio Cerull | ||||||
| OWASP Orizon
Chair: Paolo Perego | ||||||
| Handling Web MalWare | ||||||
| 2-Way Internationalization
Chair: Juan Carlos Calderon | ||||||
| Portuguese Public & Private Organizations
Chair: Carlos Serrao | ||||||
| 12:45 | Winter of Code 2009
Chair: Dinis Cruz and Sebastien Deleersnyder Secretary: Paulo Combra | |||||
| 13:00 | Lunch - During Winter of Code | |||||
| 14:00 | Board Meeting | |||||
| 17:00 | Announcement of Summit Procedings | |||||
VENUE & TRAVEL ARRANGEMENTS
The OWASP European Summit 2008 will be hosted at the 5 start Resort in Algarve Portugal (Grande Real Santa Eulália Resort & Hotel). We suggest the hotel booking and the travel arrangements be handled via Diplomata Tours, the assigned travel agency.
The venue address:
Praia de Santa Eulália
PO Box 2445
Albufeira, Portugal
8200-916
Nearest Airport: Faro
U.S. Absentee Voting Information
U.S. citizens attending the Summit on 4 November (Election Day) may vote absentee. You may find the information you need here, here or here, or on your home state/territory or foreign embassy/consulate web site. These links are provided for your information only; OWASP does not endorse any political party, candidate, etc. and is not able to provide you with instructions or assistance in voting or registering.
ARCHIVE DATA
Summit Brochure 6 page brochure or this 33 page brochure.
SPONSORS
  
|
