This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

AppSecAsiaPac2014

From OWASP
Revision as of 07:05, 7 January 2014 by Riotaro OKADA (talk | contribs)

Jump to: navigation, search


AppSecAPAC 2014.JPG


日本語サイト(Japanese): https://appsecapac.org/2014/

We are pleased to announce that the OWASP Japan chapter will host the OWASP AppSec APAC 2014 conference in Tokyo, Japan at the Solar City Conference Center.


The event will be composed of 2 days of training (March 17-18), followed by 2 days of conference talks (March 19-20).


The Global AppSec APAC 2014 Conference will be a reunion of Information Security Asia-Pacific leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 250-300 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

Conference Registration is now open for the Early Birds! Click here to register

Who Should Attend Global AppSec APAC 2014:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security


If you have any questions, please email the conference committee: [email protected]

Core Team of Local Executive Committee

Riotaro Okada Researcher. Born in Kobe, Hyogo Prefecture, Japan, Mr. Okada has over 20 years of experience in software development and network construction. He has been involved in network construction, software development and the implementation of information security measures at independent software development companies, the R&D divisions of manufacturing companies as well as consulting firms. Mr. Okada has also facilitated various technology-related communities such as for Linux and PHP. In 2004, he founded the Web Application Security Forum and as a member of the board became involved in the diffusion of security-related information. Moreover, he was also a researcher at the Information-technology Promotion Agency, Japan (IPA) for 8 years, and responsible for the IT strategy as well as disaster response projects at various government organizations. Mr. Okada is the co-leader of OWASP Japan since its founding, is CISA certified and holds an MBA from BBT (2009).

Sen Ueno CEO Tricorder Inc. Japanese computer engineer and technical expert. Majored in Information Security at the Nara Institute of Science and Technology (NAIST). After successfully listing an eCommerce venture on the TSE Mothers exchange, Mr. Ueno founder Tricorder and focused on information security education, network/web application vulnerability assessment, etc. In addition to being the CEO of his company, Mr. Ueno is also a researcher at the Information-technology Promotion Agency, Japan (IPA), the chief editor at the information security-related magazine ScanNetSecurity and a member of the executive committee for WASForum Hardening Project. He has also been a co-leader for OWASP Japan since its inception. Works authored by Mr. Ueno include “HTTP no Kyoukasho”, “Konya Wakaru TCP/IP”, “Mendoukusai Web Security”, etc.

Takanori Nakanowatari Mr. Nakanowatari is involved in the security management and software development at an OA device manufacturer. He has been actively involved in the overseas of OWASP as well such as participating in AppSec conferences overseas and has contributed to OWASP Meetings in Japan by sharing his various experiences. Mr. Nakanowatari is CISSP certified and since 2013 has been a member of the OWASP Japan Advisory Board.

Yosuke Hasegawa Mr. Hasegawa is an Evangelist at Net Agent as well as a technological advisor at Secure Sky Technology, Inc. He has been instrumental in discovering various vulnerabilities in web applications such as Internet Explorer and Mozilla Firefox. He has participated in Black Hat Japan 2008 and Korea POC (Power of Community) 2008 & 2010 as well as giving lectures and speeches at various other conferences. Since its inception, Mr. Hasegawa has been a member of the OWASP Japan Advisory Board.

Robert Dracea Mr. Dracea is responsible for the global strategy of a Japanese internet service company. With the mission of better sharing Japan’s advanced technological power with the world, from a business perspective, he has successfully architected numerous alliances and tie-ups both domestically in Japan as well as overseas. Additionally, he has also, on a volunteer-basis, conducted the translation and interpretation at multilingual OWASP Meetings. Mr. Dracea has been since its founding a member of the OWASP Japan Advisory Board.


AppSec APAC 2014 will be held at the SOLA CITY CONFERENCE CENTER in Tokyo, Japan.


Picture1.png Sola City Conference Center.png


Conference Registration is now open! Click here to register

OWASP AppSec APAC features two days of training March 17-18, and two days of talks, March 19-20, 2014.


Conference Registration Fees (not including training)


Ticket price Early Fee (DEADLINE February 1) Regular Fee On-site Fee
Active OWASP member $200 USD (20,000 Yen) $300 USD (30,000 Yen) $400 USD (40,000 Yen)
Non Member + 1 year OWASP membership $250 USD (25,000 Yen) $350 USD (35,000 Yen) $450 USD (45,000 Yen)
Non-Member $250 USD (25,000 Yen) $350 USD (35,000 Yen) $450 USD (45,000 Yen)
Student $50 USD (5,000 Yen) $80 USD (8,000 Yen) $120 USD (12,000 Yen)

Please note - payment will be processed in Japanese Yen but we can process invoice and payment in USD or other currencies.


Training Fees (Please note that conference Registration is separate.)


Course Length Course Dates Fee
1 - day class Monday, March 17 2014 $400 USD (40,000 Yen)
2 - day class Tuesday, March 18 2014 $800 USD (80,000 Yen)

Please note - payment will be processed in Japanese Yen but we can process invoice and payment in USD or other currencies.


Cancellations, Refunds, and Substitutions All ticket sales are final and our general policy is no refunds. However, we are able to substitute registrations at no charge until February 28, 2014.

Group Discounts: 10% off for groups of 10-19; 20% off for groups of 20-29; 30% off for groups of 30 or more. Please contact us for more information about registering a group.

Membership Discounts: We are pleased to offer $20 off admission for active OWASP members. Multiple discounts can not be applied.

Registration for Trainers and Speakers: If you have been selected to deliver a training or talk at the conference, you should have received a discount code for complimentary admission. If you did not receive this code or have questions, please Contact us.

Registration for OWASP Leaders: Complimentary admission to the conference is offered to active OWASP Chapter and Project Leaders. Additionally, two seats for each of the training courses are available at no cost to active OWASP Chapter and Project Leaders (available on a first come, first serve basis).
To register as an active Chapter or Project leader, please select the general event registration option and enter discount code: OWASPLEADER.

Please note: conference and training registration using the OWASPLEADER discount code will be verified by the conference team and if you are not an active OWASP Chapter or Project Leader, you will be contacted regarding your status and your registration may be subject to cancellation.


We thank you very much for every proposals submitted for CFT and CFP. We, the selection committee and the local board of the conference approved these sessions as the following:

Training(March 17, 18)

  • Mobile Security: Securing Mobile Devices & Applications (Shannon Ross & Dave Wichers) * 2DAYS
  • CISO training: Managing Web & Application Security – OWASP for senior managers (Tobias Gondrom)
  • Hands on Simple method of the penetration testing using OWASP ZAP (Minoru Sakai)
  • Hands on Web and REST Testing: Assessing Apps the OWASP way. (Matt Tesauro)
  • Secure Web Development (Jerry Hoff)
  • Free 4 hour Developer Security Training (Jim Manico)

Conference (March 19, 20)

  • Management for Security Life Cycle (Shoji Ito)
  • Secure Escaping method for the age of HTML 5 (Yoshinori Takesako)
  • XSS Allstars from Japan (Yosuke Hasegawa , Masato Kinugawa, mala)
  • HTML 5 Security for Web Application Development (Yoshinori Matsumoto)
  • Inside Story of the first SaaS type WAF Service (Kana Toko)
  • Get Ready for the Next Big Wave of Attacks: Hacking of Leading CMS Systems (Maty Siman ,Sanjay Agnani)
  • The fact report of attack traffic on the Internet (Makoto Niimura)
  • How to choose (or write) your own source code scanner (Yu-Lu “Chris” Liu)
  • Bad Web Apps are Good – The Broken Web Application Project(Mordecai Kraushar)
  • OWASP Top 10 2013 (Dave Wichers)
  • Why OWASP AppSensor is the future of Application Security, and why you should be using it.(Dennis Groves)
  • The OWASP Proactive Controls (Jim Manico)
  • eXtend Security on Xcode (Tokuji Akamine)
  • The Art and Science of Configuring SSL (Nick Galbreath)
  • The investigation of Web Application Vulnerabilities in Japan (Koki Takahashi)
  • 1 user, 10 places, 100 seconds (Matias Madou)
  • 12 Case Studies for the Access Controls of Web Application (Takashi Honda)
  • Getting a handle on mobile security (Jerry Hoff)
  • Penetration Testing – 7 Deadly Sines (Marek Zmysłowski)
  • Cloud Keep: Protect your Secrets at Scale (Matt Tesauro)
  • OWASP Top 10 for PHP developers (Tobias Zander)
  • Preinstalled Android appication poisoning (Yoshitaka Kato)
  • OWASP documents for every people(Sha Lung)


The AppSec APAC 2014 call for submissions will be open from November 1 to December 15, 2013.

Submission Guidelines

If you want to submit a paper or training, please take note of the following:

* Vendor-Specific Proposals: OWASP does not accept product or vendor-related submissions. If your talk is a thinly-veiled advertisement for a new product, technology or service your company is offering, please do not apply. If you would like to publicize a product, please contact [email protected] for information on exhibiting and other vendor opportunities, including sponsored sessions.

* All presentations must be submitted by the original authors: We currently only accept submissions by original authors of the presentations. PR firms, speaking relation firms, and all other parties who are not direct authors of submitted presentations are discouraged from submitting a proposal on behalf of their clients/speakers. We require direct contact with presenters to expedite questions during the submission review process.

* Supporting materials: If you have an existing body of work available on the subject (blog posts, video, articles, papers...), you now have the possibility to point that out as well. This may help the committee in gauging the nature and the amount of thought and work you have already put into your subject.

What is in it for the Attendees? It is important to let the delegates know what is in it for them. The best presentations are generally those that have good audience interaction and are informing as well as entertaining. It is also important to offer the delegates something to take away that they will be able to use immediately on return to their daily work routine. Audiences do have a preference for presentations which reflect practical applications of something, as opposed to theory. Envisaging the main take-aways for the delegates will help you to develop your presentation. What would you like delegates to tell their colleagues about your session when they get back to work?

Topics:

  • Security aspects of new web technologies (HTML5, CSP, etc.)
  • New Attack and Defense
  • Mobile security
  • Cloud security
  • SDLC
  • Automated security testing
  • Security awareness and education
  • Threat modeling
  • Secure coding and code review
  • OWASP Projects
  • Case Studies
  • Legacy system and maintenance

Interested in speaking?

Send an e-mail to the selection committee at [email protected]providing them with:

Title of your presentation or training session.
Presentation Type (talk or training).
Language: Please note that all proposals and presentations must be in English or Japaneses.
Short Description: A summary of the main idea of your proposal. Absolute limit of 30 words.
Abstract: A concise description of the purpose, methods, and implications of your presentation. Length 150-200 words.
Previous speaking experience (or references).
Your bio.
Your e-mail.


Notification of acceptance: January 5, 2014

Please note that travel and accomodations are not provided

Selection Criteria

The Selection Committee will review all abstracts that have been submitted on time. The submissions will be rated on a one to five scale by each of the reviewers on the following criteria:
1. Concept: This is the basic idea of your submission. Is it interesting? Is it relevant? Will it be beneficial for the community to hear? Does the speaker have a unique, fresh, and entertaining online and/or stage persona?
2. Clarity / Quality of presentation: Are the ideas conducive to present in front of an audience? Is the abstract articulate and specific? Abstracts should be logical, well-structured and easy to understand. Abstracts should present complete information. This criterion addresses how well the specific research question(s) and objectives, methods used, primary results, etc are explained, rather than the quality of the study itself. A brief, clearly written abstract follows a logical order (e.g. aims, methods, results, followed by a clear interpretation of the results and any implications).
3. Correctness: First, is the technical approach sound and well-chosen? Second, can one trust the claims of the paper -- are they supported by proper proofs, or other argumentation?
4. Depth: Is the basic idea well considered and thought out? To what extent will the audience gain insight? Does this paper have enough substance, or would it benefit from more ideas or results?
5. Takeaway / Innovative content/ Originality / Uniqueness: Is the attendee going to leave this session knowing something they didn't know when they walked in? Are they learning or being inspired? Has this talk or sort of talk been given at a recent AppSec event, or it is something that it is relatively untouched or has a new and interesting spin? Does the abstract present truly innovative ideas and creative solutions to new or known challenges within the industry? How original is the approach? Does this paper break new ground in topic, methodology, or content? Submissions showcasing cutting-edge ideas and approaches or containing significant new findings will be favored.
6. Relevance / contribution to the knowledge: How significant is the work described? If the ideas are novel, will they also be useful or inspirational? If the results are sound, are they also important? This criterion addresses the importance of the research in terms of advancing the subject. Abstracts should help the conference contribute to the progression of the industry as a whole. Particular emphasis will be given to abstracts that provide useful outputs and practical advice & tools for the audience in their daily work.

Program Selection Committee

Youki Kadobayashi, Ph.D. Associate professor at Nara Institute of Science and Technology (NAIST). After being employed at Osaka University’s Cybermedia Center, Dr. Kadobayashi joined his current position in 2000. Since 2008 he has been involved in cyber security standardization at the International Telecommunications Union Telecommunications Standardization Sector. Dr. Kadobayashi is also actively involved in cyber security education and training programs. Additionally, he is a board member of the industry-academic-government collaborative research consortium WIDE Project and since 2013 the Japanese representative of the American-Japanese international joint research project FP7 NECOMA Project. Dr. Kadobayashi is also a member of the executive committee for the WASForum Hardening Project.

Masakazu Takahashi Chief Security Advisor, Microsoft Japan. After being involved in standard library, OS development and other basic development, Mr. Takahashi became involved in the security business after engaging in vulnerability assessment and intrusion detection at a security company. At a time when penetration testing was a common practice in vulnerability assessment, Mr. Takahashi became a proponent of white box testing as a logical and repeatable inspection method. In terms of intrusion detection, he oversaw the systemization of surveillance and operations technologies and was in charge of starting numerous SOC businesses. In November of 2006, Mr. Takahashi joined Microsoft Japan. As the chief security advisor, he is involved in attaining the secure computing that Microsoft aims for while at the same time publishing papers and conducting various lectures. Additionally, Mr. Takahashi is actively involved in associations within the industry and is the head of a community involved in the promotion of information security measures as well as the vice president of the Japan Network Security Association (JNSA).

Keiji Takeda, Ph.D. Lecturer at Keio University, Faculty of Environment and Information Studies. Ph.D. from Keio University Graduate School of Media and Governance. After being employed at the Ministry of Defense, the Japan Air Self-Defense Force and Accenture, Dr. Takeda became a lecturer at Carnegie Mellon University’s school in Japan before moving on to his current position. Dr. Takeda is also a member of various information security-related committees including participating as an advisor for the Hyogo Prefectural government. In addition, he is actively involved in the information security industry through a broad array research & development, operations, personnel training and consulting activities including development assessment of intrusion detection systems, participation at various security events and the planning of organizations for the distribution of information related to security vulnerabilities.

Masafumi Negishi Senior Engineer, Office of Emergency Response and Clearinghouse for Security Information, Internet Initiative Japan Inc. Mr. Negishi has been involved in network construction, security inspection and security consulting, etc. at a major electronics manufacturer, a security company and foreign-affiliated computer vendor. In 2003 he became employed at IIJ Technology and placed in charge of security services, overseeing numerous security inspections. Currently he is part of the security incident support team and is primarily responsible for the collection and analysis of security information as well as taking appropriate action when security issues are discovered. Since 2007 he has been an instructor at the SANS Institute and since 2012 he has also been a member of the Advisory Board for OWASP Japan.

Yoshinari Fukumoto System Security Office Manager, Rakuten Inc. After being involved in research and development of security products at a security-related company, in 2002 Mr. Fukumoto joined Rakuten and became responsible for the internet service security for Rakuten Group. He is primarily involved in the promotion and development of secure software as well as the support of security-related operations. Mr. Fukumoto is also a Rakuten-CERT Representative. He has been a member of the OWASP Japan Advisory Board since the chapter began its activities.



Keynote Speaker

caption

Suguru Yamaguchi is a Professor at the Graduate School of Information Science, Nara Institute of Science and Technology (NAIST) and former Advisor on Information Security to the Cabinet of the Government of Japan. He was born in Shizuoka, Japan in 1964. He has D.E from Osaka University. In 2000, he was promoted to Professor with the Graduate School of Information Science, NAIST, Nara, Japan and since 2013, has been Director of Library for FY2013 & 2014. From April 2004 to March 2010, he held the position of Advisor on Information Security to the Cabinet of the Government of Japan.

He has been deeply involved in the design and implementation of the national master plan on information security policy and establishment for the National Information Security Center (NISC) of the Cabinet Secretariat in 2005. Furthermore, because of tight relationship with the government’s information security policy, he was also appointed Advisor to the Government Program Management Office (GPMO) at secretariat office of IT Strategic Headquarter, Government of Japan since 2006. His research interests include technologies for information sharing, multimedia communication over broadband channels, large-scale distributed computing systems including “cloud computing” technology, network security and network management for the internet. Since the mid-1980’s, he has been focused on the development of the internet in Japan and the Asia Pacific region. He has also been a member of the WIDE project, which is one of the pioneer projects for internet development since its creation in 1988. For internet development in the Asia Pacific region, he has been working for many years at the Asian Internet Interconnection Initiatives (AI3) since its creation in 1996.

He has made many contributions to internet development and network security both in Japan and overseas. He founded JPCERT/CC in 1996, which is the first national CSIRT in Japan, and is now working as one of the board of trustees. He was one of the founders of APCERT.org, a regional forum of CSIRT in the Asia Pacific region established in 2002. From 2011, he has been appointed as a member of the Steering Committee for FIRST (Forum of Incident Response and Security Teams). In this role, he is working as a liaison officer of Geographical Outreach to work together with the CSIRT teams in developing countries, mainly in Africa and the Greater Middle East region to connect to the global FIRST community. Since 2002, he has been a member of the board of trustees of the Japan Network Information Center (JPNIC), which is the national internet registry managing IP addresses and AS number allocations and registrations in Japan.

LinkedIn Suguru Yamaguchi

caption

Michael Coates is the Chairman of the OWASP board, an international non-profit organization focused on advancing and evangelizing the field of application security. In addition, he is the creator of OWASP AppSensor, a project dedicated to creating attack aware applications that leverage real time detection and response capabilities.

Michael is also the Director of Product Security at Shape Security, a Silicon Valley startup developing an entirely new type of web security product to protect web sites against modern attacks.

Previously, Michael was the Director of Security Assurance at Mozilla where he founded and grew the Security Assurance and Web Security programs to 25 people.

Throughout Michael's career he has advised major corporations and governments on secure architecture and software security. He’s also performed hundreds of technical security assessments for financial, enterprise, and cellular customers worldwide. Michael also maintains a security blog at michael-coates.blogspot.com

Michael holds a Master of Science degree in Computer, Information and Network Security from DePaul University and a Bachelor of Science degree in Computer Science from the University of Illinois at Urbana-Champaign.

LinkedIn Michael Coates

caption
Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a consulting company that specializes in application security services. He is also a long time contributor to OWASP, helping to establish the OWASP Foundation in 2004, serving on the OWASP Board since it was formed from 2004 through 2013, served as OWASP Conferences Chair from 2005 through 2008, is a coauthor of the OWASP Top 10 and has led the project since 2007, and has contributed to numerous other important OWASP projects including WebGoat, ESAPI, ASVS, and the OWASP Cheat Sheet Series.

Dave has over 25 years of experience in the information security field, and has focused exclusively on application security since 1998. At Aspect, in addition to his COO duties, he is Aspect's application security courseware lead, one of their chief instructors, and provides a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Dave has a Bachelors and Masters degree in Computer Science and is a CISSP.



OWASP Board Speaker

caption

Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory operating in Asia and Europe.

He has 15 yrs of experience in information security and risk management, software development, application security, cryptography and global standardization organizations, working for independent software vendors and large global corporations in the financial, technology and government sector. Over the years, he has run various corporate information security functions and trained and advised dozens of CISOs and senior information security leaders around the globe. Tobias is a Sloan Fellow from London Business School, holding its most senior business degree, the Sloan M.Sc. in Leadership and Strategy.

Since 2003 he is the chair of working groups at the IETF (www.ietf.org), member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He is vice-chairman for research and programs of the CSA Hong Kong and Macau chapter and an ISC2 CSSLP and CISSP Instructor.

Tobias has been in a number of OWASP project and chapter leadership roles since 2007. Today, he is a member of the OWASP Global Board and member of the London chapter board and project lead of the CISO Survey & Report project.

He has authored the Internet standards RFC 4998, 6283 and 7034, co-authored the books „Secure Electronic Archiving“ and the "OWASP CISO Guide" and is a frequent presenter at conferences and publication of articles on security (e.g. AppSec, IETF, ...).

LinkedIn Tobias Gondrom


Stay tuned. Information will be posted by January 10th 2014

JTB Global Marketing and Travel is working hard on providing AppSec APAC attendees an unforgettable travel experience in Japan

We are looking for sponsors for the Global AppSec APAC 2014.


This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security not only in Japan and the Asia Pacific region but also internationally throughout the world while supporting the continued activities conducted by OWASP both in Japan and abroad.

  • Sponsorship benefits for organizations specializing in IT & Security:
    • Opportunity to use the latest technological trends for professional training / development
    • Strengthen your company strategy by learning the latest trends in web software security
    • Improve your business development strategy with leading information from the security industry
    • Get networking and headhunting opportunities with world-class specialists and professionals
    • Get the chance to interact with high-need discerning users to improve product development
    • Increase your image as a professional company through this unique branding opportunity
  • Sponsorship benefits for organizations utilizing the internet in their business:
    • Opportunity to increase the international brand awareness and conduct business networking
    • Strengthen your company strategy by learning the latest trends in web software security
    • Improve your service development by understanding the latest trends in security issues & risks
    • Contribute to information society as a company by developing safe and secure services
    • Get the chance to interact with high-need discerning users to improve product development
    • Opportunity to brand your company as one that focuses on the highest standards in technology


If you are interested to sponsor Global AppSec APAC 2014, please contact the conference team: [email protected]

To find out more about the different sponsorship opportunities please check: OWASP AppSec APAC 2014 Premium Sponsorship Menu on the following package.

Download Sponsor Package(Updated 2014.1.7): English | Japanese