This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP New Zealand Day 2011

From OWASP
Revision as of 10:05, 15 June 2011 by Nick Freeman (talk | contribs)

Jump to: navigation, search

Introduction

OWASP New Zealand Day 2011
7th July - Auckland

OWASP_NZ_Day_2011_Logo.png


Introduction

Following the success of the OWASP New Zealand 2009 and OWASP New Zealand 2010 security conferences, the OWASP New Zealand Chapter is pleased to announce the return of the conference in 2011. The third OWASP New Zealand Day will be happening thanks to the support provided by the University of Auckland School of Business, which will kindly offer the same conference venue of the last two years. Entry to the event will, as in the past, be free. OWASP New Zealand Day 2011 will be held on Thursday July 7th, 2011.

For any comments, feedback or observations, please don't hesitate to contact us.

You can register for the conference here. Please note that the registration cut-off date is June 20, 2011; no registrations will be accepted on the day.


Conference dates

  • CFP closes: 31st May 2011
  • Conference Agenda due: 15th June 2011
  • Registration deadline: 20th June 2011
  • Conference date: 7th July 2011


Conference Venue

The University of Auckland Business School
Owen G Glenn Building
Room: OGGB 260-073 (OGGB4)
Address: 12 Grafton Road
Auckland
New Zealand
Map

Auckland business school small2.jpg Room hall.jpg

Registration

You are invited to attend to the OWASP Day conference at no charge (Free as in beer). However to ensure an orderly, well run event we require that all attendees register before the registration close off date (20th June 2011). At this time there will be no plan to allow "on the day registration". Registration is handled through the RegOnline event management system, available at http://regonline.com/owaspnzday2011. Please note that the registration cut-off date is June 20, 2011; no registrations will be accepted on the day.

Conference Sponsors

University_of_Auckland_crest_small.png
Nz_information_security_forum.png
ICT and Department of Information Systems and Operations Management
 


Gold Sponsors:

Security-assessment_com.jpeg
     
www.security-assessment.com
     


Silver Sponsors:

Lateral_security.jpeg
     
www.lateralsecurity.com
     
f5-1color-125.jpg
     
www.f5.com
     

Topics

The OWASP Days have always offered a forum for discussion and exchange of ideas among researchers and practitioners who present their experiences and discuss issues related to Web Application Security from a higher level to a technical point of view.

Conference topics include, but are not limited to:

  • OWASP Project Presentation (i.e Tool Updates/Project Status etc)
  • Threat modelling of web applications
  • Privacy Concerns with Applications and Data Storage
  • Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)
  • Baseline or Metrics for Application Security
  • Countermeasures for web application vulnerabilities
  • Web application security
  • Platform or language (e.g. Java, .NET) security features that help secure web applications
  • Secure application development
  • How to use databases securely in web applications
  • Security of Service Oriented Architectures
  • Access control in web applications
  • Web services security
  • Browser security

Conference Committee

  • Nick Freeman –- OWASP New Zealand Leader (Auckland)
  • Scott Bell - – OWASP New Zealand Leader (Wellington)
  • Lech Janczewski - Associate Professor - University of Auckland School of Business

Schedule

08:30
Registration
09:00
Welcome to OWASP New Zealand Day 2011
Nick Freeman & Scott Bell / Lech Janczewski - Security-Assessment.com / The University of Auckland
09:15
Secure Development: What The OWASP Guide Didn't Tell You
Blair Strang - Security-Assessment.com
10:00
I <3 Reporting - Managing Effective Web Application Assessments
Andrew Evans - Kiwibank
10:30
Coffee Break


11:00
Testing Mobile Applications
Nick von Dadelszen - Lateral Security
11:45
Web Crypto for the Developer Who Has Better Things To Do
Adrian Hayes - Security-Assessment.com
12:30
Lunch Break



13:30
Concurrency Vulnerabilities
Brett Moore - Insomnia Security
14:15
A Day in the Life of a WAF
Sam Pickles - F5
15:00
HTML5 Security
Mike Haworth & Kirk Jackson - Aura Software Security
15:30
Afternoon Tea

16:00
File Uploads Are Evil
Kirk Jackson - Aura Software Security
16:15
Sleeping Easy: Architecting Web Applications Securely
Mark Young - Datacom
16:45
Real Applications, Real Vulnerabilities, Really Exploited
Quintin Russ - SiteHost
17:15
Panel Discussion/Conclusion


17:30

19:00
After-con Drinks @ TBA



Call For Sponsorships (CLOSED)

The call for silver and gold sponsorships is now closed, however we are still looking for support sponsors who can provide media coverage/promotion for the event.

Following the success of the previous events in 2009 and 2010, OWASP New Zealand Day 2011 will be held in Auckland on the 7th of July, 2011. OWASP New Zealand Day is a security conference entirely dedicated to web application security. The conference is once again being hosted by the University of Auckland School of Business with their support and assistance. OWASP New Zealand Day 2011 is a free event, but requires sponsor support to help be an instructive and quality event for the New Zealand community. OWASP is strictly non for profit. The sponsorship money will be used to help make OWASP New Zealand Day 2011 a free, compelling and valuable experience for the audience.


The sponsorship funds collected are to be used for things such as:

  • Refreshments (coffee break/lunch) - we want to keep people refreshed during the day; while we certainly bring good and interesting speakers, we don't want people to go home when they become hungry.
  • Name tags - we feel that getting to know people within the New Zealand community is important, and name tags make that possible.
  • Promotion - up to now our events are propagating by word of mouth. We would like to get to a wider audience by advertising our events.
  • Printed Materials - printed materials will include brochures, tags and lanyards.


Facts

Last year, the event was supported by 3 sponsors and attracted more than 150 participants. A lot of good feedback from the audience was received and this is the reason why we are re-organising the event. For more information on last year's event, please visit: https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2010

The OWASP New Zealand community is strong and there are more than 160 people currently subscribed to the mailing-list. OWASP New Zealand Day is expected to attract a number between 150 and 200 attendees during the conference.

OWASP regular attendees are IT project managers, IT security managers, IT security consultants, web application architects and developers, QA managers, QA testers and system administrators.


Sponsorships

There are three different levels of sponsorships for the OWASP Day event:


  • Support Sponsorship: (Covering international speaker travel expenses, media coverage/article/promotion of the event)

Includes:

- Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011


  • Silver Sponsorship: 1500 NZD

Includes:

- Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011

- The publication of the sponsor logo in the event site, in the agenda, on the flyers, brochure and in all the official communications with the attendees at the conference.
- The possibility to distribute the company brochures, CDs or other materials to the participants during the event.


  • Gold Sponsorship: 3500 NZD

Includes:

- The publication of the sponsor logo in the event site, in the agenda, on the flyers, brochure and in all the official communications with the attendees at the conference. - The possibility to distribute the company brochures, CDs or other materials to the participants during the event.

- Publication of the sponsor logo on the OWASP New Zealand Chapter page
- Sponsor logo on the OWASP NZ site prior and during the OWASP Day event - https://www.owasp.org/index.php/New_Zealand
- Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011
- Sponsor dedicated space at the conference (sponsor booth) to show products/services to the attendees during coffee breaks, lunch and snack breaks.


Those who are interested in sponsoring OWASP New Zealand 2011 Conference can contact the OWASP New Zealand Board.
Sponsors can also make us of the following PayPal button to make payments. Donations are also more than welcome from the NZ community.

<paypal>OWASP New Zealand Day 2011</paypal>


Call for Papers (CLOSED)

The OWASP New Zealand Chapter is holding the annual OWASP New Zealand Day web application security conference at the University of Auckland School of Business on July 7th, 2011. The Call For Papers is now open, and you are cordially invited to submit your stuff!

Following on from the previous two years, the conference will consist of a single track covering both technical and risk management topics. So if you'd like to share your brand new technique, detail your run-ins with .cn, .ru or Anonymous, spread fear about the cloud or drop some 0day, we'd like to hear from you.

We are looking for talks of various lengths, but ask that you keep the talk under 40 minutes long. 10-15 minute long lightning talks are welcome, and ideal if you have something you want to share that doesn't need half an hour to explain.


Other than the above, we are seeking presentations on any of the following topics:

  • OWASP Project Presentation (i.e Tool Updates/Project Status etc)
  • Threat modelling of web applications
  • Privacy Concerns with Applications and Data Storage
  • Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)
  • Baseline or Metrics for Application Security
  • Countermeasures for web application vulnerabilities - secure coding practices
  • Web application security
  • Platform or language (e.g. Java, .NET) security features that help secure web applications
  • Secure application development
  • How to use databases securely in web applications
  • Security of Service Oriented Architectures
  • Access control in web applications
  • Web services security
  • Browser security
  • PCI


The timeline for submissions is as follows:

31st May 2011: The official closing date for receiving a synopsis of the presentation.
15th Jun 2011: Announcements on selected candidates will be provided.
20th Jun 2011: Complete presentations will need to be submitted.


The email subject must be "OWASP New Zealand 2011: CFP" and the email body must contains the following information/sections:

  • Name and Surname
  • Affiliation
  • Address
  • Telephone number
  • Email address
  • List of the author's previous papers/articles/speeches on the same topic
  • Title of the contribution
  • Type of contribution: Technical or Informative
  • Abstract (up to 500 words)
  • Why the contribution is relevant for OWASP New Zealand 2011
  • If you are not from New Zealand, will your company support your travel/accomodation costs - Yes/No


The submission will be reviewed by the OWASP New Zealand Board and the most interesting ones will be selected and invited for presentation.

PLEASE NOTE:

  • Due to limited budget available, expenses for international speakers cannot be covered.
  • If your company is willing to cover travel and accomodation costs, the company will become "Support Sponsor" of the event.

Please submit your presentation topics and an abstract of up to 500 words to Nick Freeman and Scott Bell - [email protected] & [email protected]

Call For Trainers (CLOSED)

We are happy to announce that training will run alongside OWASP Day this year, on July 7th 2011. The training venue will be an auditorium kindly provided by the University of Auckland School of Business, in the same building as the OWASP Day conference itself. Classes will contain up to 20 students, and each seat has a power point for laptop usage.

Two 3-hour slots will be available for training, one from 9am-12noon and a second from 2pm-5pm. As the slots are quite short, we're looking for training events that will be providing either introductory lessons in web app security, or sessions dedicated to a particular topic.

Examples of training topics:

+ Input filtering 101
+ Securing web services
+ Introduction to the OWASP Top 10
+ Hardening web servers
+ Mobile app security
+ Web App Security for Project Managers


If you are interested in running one of the training sessions, please contact myself or Scott Bell with the following information:

- Trainer name
- Trainer organisation
- Telephone + email contact
- Training title
- Trainer requirements (e.g. a projector)
- Trainee requirements (e.g. laptop, VMWare/Virtualbox etc)
- Training summary (less than 500 words)
- Target audience (e.g. testers, project managers, security managers, web developers)
- Skill level required (Basic / Intermediate / Advanced)
- A few sentences about why you think this training is important to web application security
- What attendees can expect to learn (key objectives)
- Short Trainer bio
- List of published papers/presentations
- Course outline E.g.:

1. Topic 1
> Sub Topic 1.a
> Sub Topic 1.b
> Exercise 1
2. Topic 2
3. Topic 3
> Sub Topic 3.a
> Demo
> Sub Topic 3.b


The fixed price per head for training will be $250. As this training is part of an OWASP event, part of the proceeds go back to OWASP. The split is as follows:
- 25% to OWASP Global - used for OWASP projects around the world
- 25% to OWASP NZ Day - used for expenses such as catering during the conference
- 50% to the training provider.


If you have any further queries, or wish to submit a training course, please send the above information to the following email addresses:
- [email protected]
- [email protected]

Accepted training sessions will be announced on June 15th, together with the presentations.


Conference dates

  • CFP close: 31st May 2011
  • Conference Agenda due: 15th June 2011
  • Registration deadline: 20th June 2011
  • Conference date: 7th July 2011


Conference Committee

OWASP New Zealand Day 2011 Organising Committee:

  • Nick Freeman - OWASP New Zealand Leader (Auckland)
  • Scott Bell - OWASP New Zealand Leader (Wellington)
  • Lech Janczewski - Associate Professor - University of Auckland School of Business