This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec Europe 2009 - Poland"
Line 163: | Line 163: | ||
| style="width:30%; background:#BCA57A" align="left" | ''[http://w3af.sf.net/ w3af]'', A framework to 0wn the web ([http://www.owasp.org/images/8/8e/AppSecEU09_w3af-_A_framework_to_0wn_the_Web_-_v2.ppt PPT]|[http://blip.tv/file/2303864 Video]) | | style="width:30%; background:#BCA57A" align="left" | ''[http://w3af.sf.net/ w3af]'', A framework to 0wn the web ([http://www.owasp.org/images/8/8e/AppSecEU09_w3af-_A_framework_to_0wn_the_Web_-_v2.ppt PPT]|[http://blip.tv/file/2303864 Video]) | ||
'''[http://www.linkedin.com/in/ariancho Andrés Riancho]'', ''[http://www.bonsai-sec.com/ Bonsai Information Security]'' '' | '''[http://www.linkedin.com/in/ariancho Andrés Riancho]'', ''[http://www.bonsai-sec.com/ Bonsai Information Security]'' '' | ||
− | | style="width:30%; background:#99FF99" align="left" | Brain's hardwiring and its impact on software development and secure software ([http://blip.tv/file/2194148 video] | + | | style="width:30%; background:#99FF99" align="left" | Brain's hardwiring and its impact on software development and secure software ([http://www.owasp.org/images/b/bd/AppSecEU09_Brain%27s_Hardwiring_AppSec09.pdf PDF]|[http://blip.tv/file/2194148 video]) |
''Alexandru Bolboaca & Maria Diaconu, Mosaic Works'' | ''Alexandru Bolboaca & Maria Diaconu, Mosaic Works'' | ||
|- | |- |
Latest revision as of 14:06, 24 October 2009
Virtual
Help us PROMOTE this event!
Conference - May 13
Day 1 - May 13, 2009 | |||
---|---|---|---|
Track 1: room Alfa 1 | Track 2: room Alfa 2 | Track 3: room Beta | |
08:00-08:50 | Registration and Coffee | ||
08:50-09:00 | Welcome to OWASP AppSec 2009 Conference (PPT)
Sebastien Deleersnyder, OWASP Foundation | ||
09:00-10:00 | Web App Security – The Good, the Bad and the Ugly (PPT)
Ross Anderson, Professor in Security Engineering, University of Cambridge | ||
10:00-10:45 | OWASP State of the Union (PPT|video)
Dinis Cruz, Dave Wichers & Sebastien Deleersnyder, OWASP Foundation | ||
10:45-11:05 | Break - Expo | CTF Kick-Off | |
11:05-11:50 | OWASP Live CD: An open environment for Web Application Security (PPT)
Matt Tesauro, OWASP Live CD Project |
Leveraging agile to gain better security (PPT|video)
Erlend Oftedal, Bekk Consulting |
The OWASP Orizon project: new static analysis in HiFi (PPT|video)
Paolo Perego, Spike Reply |
11:55-12:40 | OWASP Application Security Verification Standard (ASVS) Project (PPT)
Dave Wichers, Aspect Security |
Tracking the effectiveness of an SDL program: lessons from the gym (PPT|video)
Cassio Goldschmidt, Symantec Corporation |
The Bank in the Browser - Defending web infrastructures from banking malware (PDF|video)
Giorgio Fedon, Minded Security |
12:40-14:00 | Lunch - Expo - CTF | ||
14:00-14:45 | Threat Modeling (PPT)
John Steven, Cigital |
Web Application Harvesting (PPT|video)
Esteban Ribičić, tbd |
Maturing Beyond Application Security Puberty (PPT)
David Harper, Fortify |
14:50-15:35 | Exploiting Web 2.0 – Next Generation Vulnerabilities (PDF)
Shreeraj Shah, Blueinfy |
O2 - Advanced Source Code Analysis Toolkit (video)
Dinis Cruz, Ounce Labs |
The Truth about Web Application Firewalls: What the vendors do not want you to know (PPT)
Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity |
15:35-15:55 | Break - Expo - CTF | ||
15:55-16:40 | The Software Assurance Maturity Model (SAMM) (PPT)
Pravir Chandra, Cognosticus |
Advanced SQL injection exploitation to operating system full control (PDF|video)
Bernardo Damele Assumpcao Guimaraes, lead developer of sqlmap |
When Security Isn’t Free: The Myth of Open Source Security (PPT|video)
David Harper, Fortify |
16:45-17:45 | Panel: SDLC: where do they work well, where do they fail? (PPT)
Moderator: Cassio Goldschmidt - Panelists: Pravir Chandra, Bart De Win, John Steven, Dave Wichers |
Conference- May 14
Day 2 - May 14, 2009 | |||
---|---|---|---|
Track 1: room Alfa 1 | Track 2: room Alfa 2 | Track 3: room Beta | |
08:00-09:00 | Registration and Coffee | ||
09:00-09:00 | Fixing Internet Security by Hacking the Business Climate
Bruce Schneier, Chief Security Technology Officer, BT | ||
10:00-10:45 | OWASP Projects (PPT|video)
Dave Wichers & Dinis Cruz, OWASP Foundation | ||
10:45-11:05 | Break - Expo - CTF | ||
11:05-11:50 | OWASP "Google Hacking" Project (video)
Christian Heinrich, OWASP "Google Hacking" Project Lead |
Deploying Secure Web Applications with OWASP Resources
Kuai Hinojosa, New York University (video) |
Beyond security principles approximation in software architectures (PPT|video)
Bart De Win, Ascure |
11:55-12:40 | OWASP Enterprise Security API (ESAPI) Project (PPT|video)
Dave Wichers, Aspect Security |
w3af, A framework to 0wn the web (PPT|Video) | Brain's hardwiring and its impact on software development and secure software (PDF|video)
Alexandru Bolboaca & Maria Diaconu, Mosaic Works |
12:40-14:00 | Lunch - Expo - CTF | ||
14:00-14:45 | OWASP ROI: Optimize Security Spending using OWASP (PPT)
Matt Tesauro, OWASP Live CD Project |
CSRF: the nightmare becomes reality? (PPT|video)
Lieven Desmet, University Leuven |
I thought you were my friend Evil Markup, browser issues and other obscurities (PDF / PPT|video)
Mario Heiderich, Business-IN |
14:50-15:35 | HTTP Parameter Pollution (PDF|video)
Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity |
OWASP Source Code Flaws Top 10 Project (PPT|video)
Paolo Perego, Spike Reply |
Business Logic Attacks: Bots and Bats (PPT|video)
Eldad Chai, Imperva |
15:35-15:55 | Break - Expo - CTF | ||
15:55-16:40 | Factoring malware and organized crime in to Web application security (PDF1-PDF2|video)
Gunter Ollmann, Damballa |
Real Time Defenses against Application Worms and Malicious Attackers (PPT|video), Michael Coates, Aspect Security | Can an accessible web application be secure? Assessment issues for security testers, developers and auditors (PPT|video)
Colin Watson, Watson Hall Ltd |
16:45-17:45 | Panel: The Future of web application security (video)
Moderator: Christian Heinrich, Panelists: tbd | ||
17:45-18:00 | Conference Wrap-Up & CTF Awards
Dave Wichers, OWASP Foundation |
Venue: Park Inn Hotel, Krakow
Registration is available via the OWASP Conference Cvent site: CLICK HERE TO REGISTER
OWASP Dinner & Band
We hope you are joining us for our Gala Dinner. This year's dinner will be held at Wesele, a traditional Polish restaurant.
Time: 19h on May 13th (leaving in the Park Inn Lobby at 18h30)
Place: Wesele, Rynek Główny 10, 31-042 Kraków - Google Maps Link
Afterwards the OWASP Band will play together with a local band (Mojitos)
Place: Bar Showteim, Rynek Glowny 28 (1 st floor) - Google Maps Link
Tutorials - May 11-12
Tutorial Days - May 11th and 12th
OWASP hosts 1 and 2 day tutorial sessions prior to the conference.
2 day tutorials (May 11-12):
- Web Services Security, by Dave Wichers, Aspect Security
- Advanced Testing, by Michael Coates, Aspect Security
1 day tutorials (May 11):
- Web 2.0 Hacking – Attacks & Countermeasures, by Shreeraj Shah, Blueinfy
1 day tutorials (May 12):
- In-depth Assessment Techniques: Design, Code, and Runtime, by Pravir Chandra, Cognosticus
- Threat Modeling, by John Steven, Cigital
- Introduction to ModSecurity, the Apache Security Module, by Christian Folini, Netnea (christian.folini 'at' netnea.com)
To see all tutorial and trainer details click HERE
Registration is available via the OWASP Conference Cvent site: CLICK HERE TO REGISTER
Venue: Park Inn Hotel, Krakow
Timing: 9h-17h
Mini-Summit - May 11-12
Mini-Summit & Working Sessions Schedule: Tuesday 12th , Free one-day OWASP Tutorial: Monday 11th
Free one-day OWASP Tutorial
On Monday May 11th 9h-17h, Matt Tesauro (OWASP Live CD Project) will give a free one-day OWASP tutorial "Hands on application security with the OWASP Live CD and the OWASP Testing Guide" Venue: Park Inn Hotel, Krakow
OWASP Mini-Summit
On the Tuesday before the Conference there will a 1 day mini-summit where the following important OWASP related topics will be debated:
- 10:00 - 12:00 : Final discussion and presentation of the new OWASP Project and Releases Assessment Criteria V2.0
- 14:00 - 15:00 : Pre-presentation of the new OWASP Season of Code 2009 (& revision of its marketing materials)
- 15:00 - 15:30 : OWASP Financials and additional sources for OWASP grants funds (for example government funding or corporate sources)
- 17:00 - 19:00 - OWASP Projects and Chapters Leaders meeting (video)
Confirmed participants: Dinis Cruz, Sebastien Deleersnyder (OWASP Board), Matt Tesauro (OWASP Global Projects Committee), Paulo Coimbra (remote participant), Colin Watson (OWASP Global Industry Committee)
OWASP Meetup
We gather for an OWASP meetup at C.K.Browar on Tuesday evening May 12th.
Time: 20h (we gather in the Park Inn lobby at 19h30)
Place: ul. Podwale 6-7, Kraków - Google Maps Link
This is a microbrewery and you can get 3 or 5 litre tubes of their very own beer that sit on a stand with a tap, on your table. You then help yourself and watch it disappear.
Accommodations
This year, the conference will be held at the Park Inn Hotel, in the center of Kraków, Poland.
Park Inn Hotel
Ul. Monte Cassino 2
30 - 337 Kraków (Google Maps Link)
Poland
tel: 0048 – 12 – 375 – 40 – 02
fax : 0048 – 12 – 375 – 40 – 01
e-mail: joanna.ploskonka <AT> rezidorparkinn.com
For 11-12-14 May OWASP has negotiated special room rates:
- Single 110 EUR per room/per night
- Double 120 EUR per room/per night
The above rates include: Super Breakfast buffet, High-speed Internet access and Tax
Be sure to use "OWASP" as reference.
Transportation to the Conference
By plane
Krakow can be reached by commercial aviation through the John Paul II International Airport Krakow-Balice. 21 airlines fly to and from Krakow including British Airways, Alitalia, Germanwings, LOT, Lufthansa and cheap airlines such as SkyEurope, Ryanair, easyJet and centralwings. If you are traveling from outside Europe, you might want to try https://travel.flights-to-europe.com
You can go from the airport to the city centre by:
- Train
- The train stop is located app. 200 m from the passenger terminal ( 5 minute walk)
- It will take you 20 minutes and cost 6 PLN (less than 2EU) to get to the Krakow Main Station
- Bus
- The 192 bus stop is located directly at the roundabout, in front of the passenger terminal. The trip to the Main Station takes app. 35 minutes. The ticket can be purchased at the ticket machine on the bus stop for 2,5 PLN (less than 1EU)
- Taxi
- There are always taxis waiting for the passengers in front of the airport. The average price for a ride to the city centre is 50 PLN (around 15EU)
Find out more on John Paul II International Airport Krakow-Balice web page.
By train
You can also travel to Krakow by train from main Polish cities such as Warsow, Wroclaw, Poznan, Gdansk and several cities in Europe. There is direct connection from Berlin, Wien, Prague etc.
Search for your connection here (your destination is Krakow Glowny).
Registration
Registration is available via the OWASP Conference Cvent site: CLICK HERE TO REGISTER
Be fast to register: we only accept 400 registrations for this event!
The conference fee for this conference is :
- Standard: 350 Euros, OWASP Members: 300 Euros, Students: 225 Euros. (+5% discount for registering by Apr-30)
- If you also register for CONFidence Poland 2009 you get a 15% reduction.
Other fees are:
- Conference Dinner: 50 Euros
- Conference Tutorials: 910 Euros (2 days) - 455 Euros (1 day)
Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.
Conference Committee
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org
2009 EU Planning Committee Chair: Sebastien Deleersnyder - Telindus - seba 'at' owasp.org
2009 EU Program Committee:
- Sebastien Deleersnyder - seba 'at' owasp.org
- Mano Paul - mano.paul 'at' owasp.org
- Fabio Cerullo - fcerullo 'at' gmail.com
- Kuai Hinojosa - kuai.hinojosa 'at' owasp.org
- Andrzej Targosz - andrzej.targosz 'at' proidea.org.pl
Poland Chapter Host: Andrzej Targosz - OWASP Poland - andrzej.targosz 'at' proidea.org.pl
Capture the Flag Chair: Andrzej Targosz - andrzej.targosz 'at' proidea.org.pl