This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Italy"
(→Publications) |
(→March, 2005 - OWASP Top-10 in Italian) |
||
| Line 285: | Line 285: | ||
---- | ---- | ||
| + | |||
| + | == Tools == | ||
| + | |||
| + | --- | ||
| + | |||
| + | Daniele Bellucci has develeped a first version of the tool "sqlmap v 0.0.1" for Automatic Blind SQL Injection. [http://www.linux.it/~belch/?p=17 Here] you can download the tool | ||
| + | |||
| + | --- | ||
== OWASP-Italy Sponsor == | == OWASP-Italy Sponsor == | ||
http://www.business-e.it/business-e/Assets/Images/common/logo.gif | http://www.business-e.it/business-e/Assets/Images/common/logo.gif | ||
Revision as of 07:43, 3 July 2006
- 1 OWASP Italy
- 2 Participation
- 3 Sponsorship/Membership
- 4 Local Activities
- 5 What is OWASP?
- 6 OWASP-Italy is a CLUSIT Member
- 7 NEWS: OWASP-Italy at InfoSecurity 2006
- 8 Events
- 8.1 June 21th, 2006 - InfoSecurity 2006
- 8.2 March 1st, 2006 - OWASP-Boston, Microsoft
- 8.3 November 5th, 2005 - IDC - European Banking Forum
- 8.4 October 5th, 2005 - OWASP-Italy@SMAU2005
- 8.5 May 25th, 2005 - ISACA Rome 2nd meeting
- 8.6 May 18th, 2005 - Workshop on Computer Crime 2005
- 8.7 March 31th, 2005 - ISACA Rome meeting
- 8.8 March 21th, 2005 - OWASP-Italy conducts a seminar in AlmaWeb
- 9 Publications
- 9.1 June, 2006 - Quaderno CLUSIT
- 9.2 June, 2006 - Paper on SQL Injection and Inference on PHP/MySQLInference
- 9.3 May, 2006 - Published an article about OWASP and Top-10 Vulnerabilities
- 9.4 June, 2005 - OWASP Pen Test Checklist v 1.1 in Italian
- 9.5 May, 2005 - Isaca Roma Newsletter about OWASP-Italy
- 9.6 April, 2005 - Published "MMS Spoofing"
- 9.7 April, 2005 - Published an article on ICT Security
- 9.8 March, 2005 - OWASP Top-10 in Italian
- 10 Tools
- 11 OWASP-Italy Sponsor
OWASP Italy
Welcome to the Italy chapter homepage. The chapter leader is Matteo Meucci
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
Local Activities
- There is already a qualified group (CISSP, CISA, BS7799 Lead Auditor, OPST, OPSA) of volunteers working on the following tasks:
-
- Translate all OWASP documentations in italian language (Matteo Paolelli, Massimiliano Graziani)
- Set up a working group for ISO17799&Web Project (Silvano D'auria, Alessandro Deidda)
- Write an article about OWASP Project for infosecmag (Matteo Meucci, Alessandro Graziani, Lorenzo De Santis, Marco Graia, Luca Carettoni)
- Working at the project OWASP Legal (Dario Vaccaro, Marco Scialdone)
- Working at the project OWASP Web Application Penetration Test (Matteo Meucci, Alberto Revelli)
- This is the (not official) OWASP-Italy Board:
-
Chair: Matteo Meucci
Director of Communication: Raoul Chiesa
Technical Director : Alberto Revelli
Technical Writer Director: Lorenzo De Santis
Italian Translation of docs and papers: Matteo Paolelli, Massimiliano Graziani.
What is OWASP?
Here you can read an interview talking about OWASP.
OWASP-Italy is a CLUSIT Member
Thanks to CLUSIT and OWASP Foundation we have established a cross-membership between the two organizations. So OWASP-Italy is now a CLUSIT member and CLUSIT is an OWASP Educational Member
NEWS: OWASP-Italy at InfoSecurity 2006
- (21 Jun 06) Infosecurity 2006: the event is organized and managed by the CLUSIT.
Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications". More info here
- (1 Jun 06) "Quaderno CLUSIT"
CLUSIT has published a book entitled: "La verifica della sicurezza di applicazioni Web-based e il progetto OWASP". Several OWASP-Italy members (R.Chiesa, L.De Santis, M.Graziani, L.Legato, M.Meucci, A.Revelli) have contributed to the writing. The document is now reserved to CLUSIT members, but will be made public in about 3 months.
- (31 May 06) Luca Carettoni has published the article "La sicurezza delle applicazioni Web secondo l'Open Web Application Security Project". Hereyou can read the full article.
- (1 Mar 06) OWASP-Boston, Microsoft
Thanks to Jim Weiler, Matteo Meucci has presented "Anatomy of two web attacks" at the OWASP-Boston meeting. More info here
- (18 Nov 05) IDC - European Banking Forum
Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we will have a great speech at the IDC European IT Banking Forum 2005. Agenda: - New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair - Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy
- (Oct 05) SMAU 2005 is the 42a International ICT & Consumer Electronics Exhibition for Italy.
SMAU has accepted our submission! More info here
- (Giu 05) Thanks to Massimiliano Graziani we have translated in italian the "OWASP Pen Test Checklist v.1.1". You can download it here.
Thanks to the collaboration with CLUSIT, this doc is available also here.
- (May 05) ISACA Roma Newsletter has published an interview to OWASP-Italy
- (Apr 05) We have written an article describing the OWASP projects, Web Application Security and the next challenges. ICT Security.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.
- The presentation of the seminar we have done in ISACA Rome (31th March 2005) is now available here.
- (Apr 05) We have published a presentation describing a detailed case study of a web application vulnerabilty (MMS Spoofing).
- (Mar 05) Thanks to Matteo Paolelli we have translated the "OWASP Top Ten Vulnerabilties in Web Application Security" in italian language. You can download it here.
Events
June 21th, 2006 - InfoSecurity 2006
Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications". The event is organized and managed by the CLUSIT.
Where: Sheraton Roma Hotel - Viale Del Pattinaggio, 100 When: 10,30 - 17,00 Who: Matteo Meucci and Alberto Revelli Link: http://www.infosecurity.it/Roma/programma.php
Agenda: -- I Session -- Introduction to Web Application Security • Which are the risks? • Risk assessment of a web application • Core pillars of web security How to develop secure web applications: • Guidelines and case-studies
-- II Session -- How to realize a security audit of a web application • The methodology OWASP Penetration Testing • The tools: OWASP WebScarab • Hands-on web application vulnerabilities: OWASP WebGoat • Advanced SQL Injection.
March 1st, 2006 - OWASP-Boston, Microsoft
Thanks to Jim Weiler (OWASP-Boston Chair), Matteo Meucci has presented "Anatomy of two web attacks" at the OWASP-Boston meeting of march. More info here
November 5th, 2005 - IDC - European Banking Forum
Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we have had a great speech at the IDC European IT Banking Forum 2005 (18 Nov 2005). http://www.idc.com/italy/events/banking05/banking05_agenda.jsp Agenda:
- New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair
- Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy.
You can download the report here.
You can download the Case-Study of a vulnerable Home Banking Web Application here.
October 5th, 2005 - OWASP-Italy@SMAU2005
SMAU is the 42a International ICT & Consumer Electronics Exhibition for Italy. Alberto Revelli (our Technical Director) and Matteo Meucci have conducted a seminar talking about Web Application Security. Alberto has presented his new project: sqlninja. Very cool!!
http://www.webb.it/event/eventview/4488/1/progetto_owasp__case_study_di_applicativi_web_vulnerabili
May 25th, 2005 - ISACA Rome 2nd meeting
May 25th we'll be in ISACA Rome to present OWASP WebGoat and a real case of a Web Application Vulnerability. Every one is invited to join the meeting.
Here is the agenda: 14.30 Registration 14.45 Matteo Meucci - Web Application Security Phase II - OWASP WebScarab and PenTest Checklist
- A case-study of a Web Application Vulnerability: MMS Spoofing
--- Web Application analysis --- Authentication and Billing of the MMS service --- Vulnerabilities --- Attack Analysis
- Learning the most common web application vulnerabilities: OWASP WebGoat
--- Http Basics --- HTML Clues --- Hidden Field Tampering --- How to spoof a Session Cookie --- Stored Cross Site Scripting --- Command Injection --- SQL Injection --- Fail Open Authentication
The meeting is hold at: Via Volturno, 65 (Rome) - Auditorium ATAC
You can download the presentation here.
May 18th, 2005 - Workshop on Computer Crime 2005
May 18th, 2005 OWASP-Italy is invited to present OWASP Top 10 to the "Workshop on Computer Crime 2005" titled:
"EVOLUZIONI NORMATIVE E RECENTI PROBLEMATICHE DI SICUREZZA"
The meeting is held at: Sala delle conferenze dell'Istituto Centrale della Banche Popolari Italiane Via Verziere, 11
You can download the presentation here.
March 31th, 2005 - ISACA Rome meeting
March 31th we'll be in ISACA Rome to present OWASP and the Web Application Security. Every one is invited to join the meeting.
Here is the agenda: 14.15 Registration 14.30 Matteo Meucci - Web Application Security - OWASP Guide: how to build secure web application - How to test your Web Application: WebScarab and the WebApp PenTest Checklist - How to learn the most common web application vulnerability: WebGoat - The Top Ten WebApp vulnerabilities - Common error on developing Web Application: Authentication mechanisms not "secure" Buffer Overflow and crash of the service Thief of identity: Cross Site Scripting Manipulation of company data: SQL Injection Reserved information: misconfiguration Bad session management and thief of identity - OWASP-Italy: projects and next challenges
The meeting is hold at: Via Volturno, 65 (Rome) - Auditorium ATAC http://www.isacaroma.it/html/GiornateDiStudio.html
You can download the presentation here.
March 21th, 2005 - OWASP-Italy conducts a seminar in AlmaWeb
March, the 21th OWASP-Italy has been invited at the University of Bologna to conduct a seminar regards to Master in Management and Information Technology titled “Web Application Security and OWASP”.
Here is the agenda: - OWASP & Web Application Security - Common Web Application Vulnerabilities - A real case of web application vulnerability: MMS Spoofing&Billing - Training: WebGoat
Publications
June, 2006 - Quaderno CLUSIT
CLUSIT has published a book entitled: "La verifica della sicurezza di applicazioni Web-based e il progetto OWASP". Several OWASP-Italy members (R.Chiesa, L.De Santis, M.Graziani, L.Legato, M.Meucci, A.Revelli) have contributed to the writing. The document is now reserved to CLUSIT members, but it will be public in about 3 months.
June, 2006 - Paper on SQL Injection and Inference on PHP/MySQLInference
Antonio "s4tan" Parata has published an article about SQL Injection based on Inference for testing web application on PHP/MySQL platform. Hereyou can read the full article.
May, 2006 - Published an article about OWASP and Top-10 Vulnerabilities
Luca Carettoni has published the article "La sicurezza delle applicazioni Web secondo l'Open Web Application Security Project". Hereyou can read the full article.
June, 2005 - OWASP Pen Test Checklist v 1.1 in Italian
Thanks to Massimiliano Graziani we have translated in italian the "OWASP Pen Test Checklist v.1.1". You can download it here. Thanks to the collaboration with CLUSIT, this doc is available also here.
May, 2005 - Isaca Roma Newsletter about OWASP-Italy
ISACA Roma Newsletter has published an interview to OWASP-Italy
April, 2005 - Published "MMS Spoofing"
We have published a presentation describing a detailed case study of a web application vulnerabilty (MMS Spoofing).
Jim Hewitt, CISSP PMP working at CGI-AMS, affirms (slide#78): "Very interesting analysis of spoofed cell phone messaging and fraudulent billing". See: www.techvalleynyissa.org/Resources/2005_07_WebApplicationSecurity.ppt
April, 2005 - Published an article on ICT Security
We have written an article describing the OWASP projects, Web Application Security and the next challenges. ICT Security.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.
March, 2005 - OWASP Top-10 in Italian
Thanks to Matteo Paolelli we have translated the "OWASP Top Ten Vulnerabilties in Web Application Security" in italian language. You can download it here.
Tools
---
Daniele Bellucci has develeped a first version of the tool "sqlmap v 0.0.1" for Automatic Blind SQL Injection. Here you can download the tool
---
OWASP-Italy Sponsor
