This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
AppSecAsiaPac2013
|
|
---|---|
- Welcome
- Training
- Call for Papers
- Keynotes
- Presentations
- Venue
- Registration and Fees
- Sponsoring
- Travel and Accommodation
- Social Events
- Chapter Leader Workshop
- Team
|
Call for Training
Submit your Training Proposal here: Call for Training Submission Form
Please carefully fill out the CFT form to submit your training proposal for consideration at OWASP AppSec Latam 2012 in Montevideo, Uruguay.
The training will be held November 18th and 19th, 2012 (Sunday and Monday) at the ANTEL National Telco Company located in downtown Montevideo (conference talks are November 20th and 21st). Training courses will be one (8 hours) or two (16 hours) days. We will post your Display Name, Biography, Training Title, and Training Summary to the appseclatam.org site if your talk is selected. If you provide a URL or Twitter handle, we will post that if your training is selected, too.
The deadline for this Call for Training is August 24, 2012. If your training is selected, we will contact you to confirm, and need your completed Training Instructor Agreement before we open your class for registration.
Trainers get a 40% cut of the training revenue. Price for trainees will be $800 (USD) for a 2-day training course and $400 (USD) for a 1-day training course).
If you would like to submit multiple training proposals, please make multiple separate form submissions.
Trainers will receive one free admission (nontransferable) to the conference in return for delivering a one or two day training course.
Training Instructor Agreement
By submitting your training proposal through our CFT, you are consenting to stay within the guidelines of the Training Instructor Agreement. We will ask you to sign and complete the Agreement and email it back to us if your talk is selected and you accept.
Questions?
Please contact us at [email protected] with any questions!
Call for Papers
Submit your Talk Proposal here: Call for Papers Submission Form
Please carefully fill out the CFP form to submit your talk for consideration at OWASP AppSec Latam 2012 in Montevideo, Uruguay.
The talks will be held November 20th and 21st, 2012 at the ANTEL National Telco Company located in downtown Montevideo (training is November 18th and 19th). Talks will be 50 minutes each. We will post your Display Name, Biography, Talk Title, and Talk Abstract to the appseclatam.org site if your talk is selected. If you provide a URL or Twitter handle, we will post that if your talk is selected, too.
The deadline for this Call for Papers is September 7, 2012. If your talk is selected, we will contact you to confirm, and we will expect that your slides and other material will be sent to us no later than November 16, 2012 for our peer review. We peer review slides and other material for inclusion on the conference website (post-conference) and to verify general conformance to OWASP conference presentation guidelines.
If you would like to submit multiple presentations, please make multiple separate form submissions.
Speakers will receive free admission (nontransferable) to the conference in return for delivering a 50 minute talk.
Speaker Agreement
By submitting your proposal for a talk/paper through our CFP, you are consenting to stay within the guidelines of the speaker agreement: https://www.owasp.org/index.php/Speaker_Agreement
Questions?
Please contact us at [email protected] with any questions!
Jerry Hoff
Pravir Chandra
|
|
---|---|
Everything you know about Injection Attack is wrong: This casual talk will take a look at several mundane vulnerabilities that we all know about and ask a few deeper questions. What are the underlying mechanisms? Does our advice on preventing them *actually* work? Is there a better way when you think of software design patterns? By the end, we’ll challenge the audience to think past the surface of these code vulnerabilities and hopefully learn a little about how the right abstraction model can save tons of security headaches.
|
Cristian Borghello
|
|
---|---|
Cristian F. Borghello, es Licenciado en Sistemas, desarrollador, Certified Information Systems Security Professional (CISSP) y Microsoft MVP Security (Most Valuable Professional).
Actualmente es Director de Segu-Info y se desempeña como consultor independiente en Seguridad de la Información. Escribe para diversos medios especializados e investiga en forma independiente sobre Seguridad Informática y de la Información. Ha disertado se congresos y seminarios nacionales e internacionales sobre la temática. El interés por la Seguridad Informática y su investigación lo ha llevado a mantener este sitio: http://www.segu-info.com.ar/ |
Hernán M. Racciatti
|
|
---|---|
Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security.
Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field. Among his contributions to the community, should be noted: active participation as a collaborator in some ISECOM´s project (OSSTMM-Open Source Security Testing Methodology Manual and Hacker High School), OISSG (ISSAF – Information Systems Security Assessment Framework), the development of small tools designed to secure information systems and several papers, articles and technical documents written for digital and print publications whit national and international circulation. During last year, he found and reported vulnerability in major commercial products. Hernan Marcelo Racciatti is member of the Core Team at ISECOM (Institute for Security and Open Methodologies), ISSAF Key Contributor at OISSG (Open Information System Security Group), President of CSA (Cloud Security Alliance) Argentina Chapter, Executive Committee Member of the ONG Argentina Cibersegura, ISSA (Information Systems Security Association) and OWASP (Open Web Application Security Project) Buenos Aires Chapter Member. Learn more about Hernan at http://www.hernanracciatti.com.ar/ |
These are the selected presentations and are subject to confirmation from presenters.
Name & Title | Bio |
Assessing Application Security Risk, Alex Bauert | Application Security Manager, Cargill. 20+ years in IT; localized software, sysadm, and app sec among some other roles. I have worked with application security at a software company, a large bank and currently Cargill. I am also active in the Minnesota OWASP chapter. In my free time I am a youth soccer coach. |
Malware en dispositivos móviles, Sebastian Bortnik | Sebastián Bortnik es CISM y el Gerente de Educación y Servicios de ESET para Latinoamérica. |
Password Security Policies - Lessons learned from recent password leaks, Flavio de Cristofaro | Flavio is the VP of Engineering for Professional Products at Core Securiry. His primary focus is on building and evolving CORE Impact Pro as well as introducing new professional products into the marketplace.
He has over 10 years of experience in penetration testing and IT security, having led onsite and remote penetration testing engagements for several clients worldwide. Prior to joining the Engineering team, he led the CORE Security Consulting Services practice where he coordinated leading-edge penetration testing services for multiple global organizations. Prior to joining CORE, he worked at Deloitte leading one of the global penetration testing centers located in Argentina. He also taught at ITBA University in Argentina until 2004. |
OWASP Mobile Top 10, Mauro Flores | Mauro Flores tiene más de 15 años de experiencia en Seguridad de la Información. Ha participado en proyectos de diseño, especificación y desarrollo de aplicaciones de seguridad para diferentes empresas de Uruguay y el exterior, incluyendo trabajos de reserarch & Develop en seguridad para empresas de UK y USA. Ha realizado más de 30 test de penetración , diversos trabajos de análisis forense y apoyado a diferentes organizaciones privadas y públicas a la mejora de la seguridad de sus sistemas así como a la mejora de la gestión de la seguridad alineado a las normativas internacionales (SGSI, PCI, etc).
Actualmente se desempeña como Gerente de la línea de Seguridad de la Información de Deloitte Uruguay. Además, es el Chapter Leader del capitulo Uruguay del OWASP y miembro del Global Industry Committee de esta organización. También es miembro activo del Anti-Phishing Working Group (APWG). |
Resource Certification: Implementation Challenges, Dario Gomez | Dario Gomez was formed in 2010 in computer sciences at the University ORT Uruguay. Currently he's working for 4 years as a software developer at Internet Address Registry for Latin America and the Caribbean - LACNIC, where one of main responsibilities is the development of the resources certification system of organization (http://lacnic.net/en/rpki/).
Previously, he worked at the help desk and maintenance of servers and networks in the British Hospital of Uruguay. |
Presentation Of The OWASP ODZ Multi CMS Scanner, Mennouchi Islam | Mennouchi Islam Azeddine CEO and security consultant at Way4Com Owasp Algeria chapter leader and OWASP ODZ Multi CMS Scanner project leader. |
A real ZAP story, Mateo Martínez | With more than 10 years of experience in IT & Security strategy, Business Continuity Management,ISO 27001, CobIT and ITIL he has developed Security Projects based in Dubai, Chicago, Montevideo and Buenos Aires.
Information Security Manager in global companies and currently working at McAfee Argentina in a presales role. CISSP, ITIL & MCP certified. |
Critérios para Institucionalizar Segurança em Processos de Desenvolvimento de Software, Francisco Nunes | Graduated in Computer Science at Universidade Estadual do Ceará (2001), with a graduation study period in Informatique de Gestion at Université du Québec à Chicoutimi (1999). He has a Master's in Computer Science from Universidade de Fortaleza (2007). He has experience in Information Security and Software Engineering, acting on the following subjects: information and software security, business continuity, security engineering, and software life cycle process improvement. He is CISM and CSSLP certified. |
Understanding HTML5 security, Andres Riancho | Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer. His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like PHDays (Moscow), SecTor (Toronto), OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires). Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation. Specialties: Web Application Security, Python, IPS device evasion, Networking, Information security research in general, Software development, Agile, Scrum, Product Owner. |
Don't try to block out the sun with your fingers!: Information harvesting with Test-driven development tools and understanding how to avoid it, Nicolas Rodriguez | I'm a Senior Security Consultant at Core Security (http://www.coresecurity.com). I have 22 years of programming experience (C/C++, Assembler, Pascal, Clipper, Visual Basic, C#, Visual Basic.NET, Lisp, Python, Ruby and Perl among others), 10 years as a Network Administrator (Linux, Unix and Windows physical and virtual servers) and for the last 6 years I've been working as a Security Consultant doing mostly Network and Applications Penetration Tests, Source Code Audits and Client-Side Penetration Tests. |
Lo doloroso de la era cibernética: ataque, crimen, espionaje, activismo y guerra, David Schekaiban | El Ing. Schekaiban se desarrolla como Director de Seguridad para la empresa Código Verde, especializada en pruebas de penetración, consultoría de seguridad, análisis de vulnerabilidades y riesgos a sistemas informáticos integrales. Especialista en delitos informáticos y ataques cibernéticos, ha apoyado a instituciones de todo el continente en el aseguramiento de su infraestructura, tecnología y procesos.
Es egresado del ITESM Campus Monterrey de la carrera de Ingeniería en Electrónica y Comunicaciones y cuenta con prestigiosas certificaciones internacionales, incluyendo Certified Información Systems Security Profesional (CISSP), extendida por la International Information Systems Security Certification Consortium, Inc. (ISC2), así como Information Systems Auditor (CISA) e Information Security Manager (CISM) del Information Systems Audit and Control Association (ISACA), ambos organismos con renombre a nivel mundial. Esta certificado también como Licenced Penetration Tester de The International Council of Electronic E-Commerce Consultants (EC-Council), para el cual también se desempeña como Instructor en países como Estados Unidos, México, Argentina, Chile, Perú, Colombia, El Salvador, Ecuador, Venezuela y otras. Recibió el reconocimiento de Circulo de Excelencia a nivel mundial el año 2010. Es también tutor para el curso Proyecto de Seguridad Informática en la Universidad Tec Milenio y ha participado como reconocido académico de la Universidad Regiomontana a para la maestría de Tecnologías de Información. Fue miembro del consejo editorial del Grupo Reforma en la sección de tecnología y escribe para distintas publicaciones especializadas de renombre. A participado en cursos, talleres y seminarios enfocados a la profesionalización y certificación de personal entidades de militares, policía, entidades financieras y de telecomunicaciones. Actualmente radica en la ciudad de Monterrey, Nuevo Leon. |
Templates to Derive Security Metric based on Attack Patterns, Raja Sekhar | Professor Department of Computer Science & Engineering KL University Andhra Pradesh, India. Working in the Academic field for the past 17 years. Interested to contribute in the area of security metrics and cryptography. Developed a security metric program based on Attack Patterns. |
Reducing Web Application Attack Surface with a HMAC based protocol, Breno Silva | Breno is a computer scientist with over 9 years experience in Information Security, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a research history publishing articles in academic conferences like IEEE WIFS, IEEE ICMLC, IEEE INDIN, World Academy of Science, as well industry related conferences like OWASP AppSec Latam, OWASP AppSec Research and Ph-Neutral, involving areas as algorithm design for network anomaly detection mechanisms in high-speed networks, application security and malicious code detection. He was a member of Suricata IPS developer team (next-generation IPS funded by US-Homeland Security). Breno is currently a Security Researcher at Trustwave SpiderLabs Research team and maintainer of Apache ModSecurity. |
Using PASTA as a core ingredient to web application threat modeling, Tony UcedaVelez | Tony UcedaVelez, CRISC, CISM, CISA, GIAC has more than 14 years of hands-on security and technology experience across government, healthcare, financial, education, and utility sectors. Tony founded VerSprite with the premise of redefining security services to a point that it reflects a hybrid and balanced approach in understanding client needs. Tony has consulted for numerous Fortune 500 organizations as well as large government entities within the areas of application security, security risk management, network security, and governance. Before VerSprite, Tony was the Sr. Director of Policy and Risk Management for a major Fortune 50 information service bureau. Tony's background in IT operations and software development, coupled with security operations, allows him to lead VerSprite with the mission of providing tailored, strategic solutions to its client base. Tony is a frequent speaker/ writer at ISACA, OWASP, and other information security forums around the world and is currently managing the Atlanta OWASP Chapter. He is also currently co-writing a book on application threat modeling via Wiley Life Sciences and has co-developed a patent pending methodology for risk based threat models. Tony is a graduate from Cornell University. |
How dynamic have been static checking?, Felipe Zipitria | Felipe Zipitria has a Master Degree in Computer Science from PEDECIBA Informática and his thesis was in the Computer Security field. He is working as a Senior System Administrator and teaching since 1998 at the Computer Science department of the Faculty of Engineering - University of the Republic. From 2006 he joined the Computer Security Group, and has been doing research and teaching Computer Security foundations for pre-graduate students, and Application Security for professionals and as a post-graduate course. He has been using OWASP tools and documentation for its courses since the first course for pre-graduates. As a Senior System Administrator he has specialized in Web Security, using Web Application Firewalls, Apache Web Server and Apache Tomcat, Virtualization, and Clustering. He has made Security Analysis for local enterprises, and several Penetration Tests and Source Code Analysis. |
AppSec Latam 2012 will be held in downtown Montevideo, Uruguay at the Antel National Telco Company. Directions are available through: Google Maps
The conference training and talks will be held in the conference auditorium and interactive room, which are adjacent to the Antel Tower.
Antel Tower:
Antel Telco Auditorium (left) and Auditorium main entrance (right):
Online Registration
Registration is now open: Click HERE to Register Now!
Conference Fees
Access to conference:
- Before October 15th: 3200.00 UYU (approx. 150.00 USD)
- Before Nov 5th: 4250.00 UYU (approx. 200.00 USD)
- After Nov 5st: 5300.00 UYU (approx. 250.00 USD)
Trainings
- One day: 8500.00 UYU (approx. 400.00 USD)
- Two days: 17000.00 UYU (approx. 800.00 USD)
Discounts
- OWASP Member: 50.00 USD (Note: This discount is equal to the cost of becoming an OWASP paid Member.)
- Student: 1600.00 UYU (approx. 75.00 USD). Note: student ID or other proof of current student status is required.
- Special discounts available for groups registrations. Please send inquiries to [email protected].
We are looking for sponsors for 2012 edition of Global AppSec Latin America.
If you are interested to sponsor Global AppSec Latin America 2012, please contact the conference team: [email protected]
To find out more about the different sponsorship opportunities please check the document below:
OWASP AppSec Latam 2012 Sponsorship Options - English
Venue Sponsor
Accommodation
We've been able to arrange for accommodation with the Four Points Sheraton Hotel for attendees. These rooms have been allocated at a special rate, and available strictly for a limited time. To book these rooms at the special rate, you need to use the booking link shown below. These rooms are available one night either side of the event ensuring that if you are travelling interstate or international it's easy to find a room at a good rate. The room rate allocated for the event is $169/USD per night and includes breakfast.
Note: Conference events will primarily be held at the Antel National Telco Company. We will have a few events held at this hotel and are arranging for transportation between the Sheraton and Antel building.
Four Points Sheraton Montevideo
Ejido 1275
Montevideo 11100
Uruguay
Phone: (598)(2) 9017000
Fax: (598)(2) 9032247
Email: [email protected]
To make your reservation, visit: https://www.starwoodmeeting.com/StarGroupsWeb/res?id=1209182075&key=76379
Need more assistance booking your travel?
For assistance with any of the items below, feel free to utilize OWASP's preferred travel agency:
Segale Travel Service contact information is: +1-800-841-2276
Sr. Travel Consultants:
Maria Martinez...ext 524
Linn Vander Molen...ext 520
Additionally, the Conference Planning Team is available to answer any questions!
TBA
About the Workshop
2012 Chapters Workshop to be held at the Conference Venue on the afternoon of November 19th, 2012 (the day before the conference)
- September 17th - AppSec Latam Chapters workshop sponsorship applications due
- September 21 - Applicants notified of status
We plan to start with a 1.5 hour session including an overview of the chapter handbook. This session will be video taped and available for chapter leaders to use in their local chapters (or to be viewed by those unable to attend). The second part of the workshop will be a roundtable discussion on regional issues and challenges, with a goal of working together to create solutions. If you are interested in participating in either of these workshops, please register for the conference and select this workshop, please register for the Conference and select the optional session "chapter leaders workshop" as part of the registration process. Remember that conference attendance is free for current chapter and project leaders.
Info about last year's workshop:
Meeting Minutes from Latin America Chapters Workshop 2011
Sponsorship to Attend the Chapters Workshop
If you need financial assistance to attend the Chapter Leader Workshops please submit a request to via the Contact Us Form http://owasp4.owasp.org/contactus.html by the application deadline for each of the events.
- September 17th - AppSec Latam Chapters workshop sponsorship applications due
- September 21 - Applicants notified of status
Additional Information for Applicants:
- Priority of sponsorships will be given to those not covered by a sponsorship to attend a previous workshop. Additionally, we are looking for new or struggling chapter leaders who need assistance kick starting their chapter.
- When you apply for funding, please let us know *why we should sponsor you*. While we prefer that chapter leaders use their own chapter's funds before requesting a sponsorship, this is not a requirement for application.
- If your chapter has fund but will not be using them to sponsor your attendance, please include why you will not be using the funds for this purpose (i.e. what are the other plans for those funds?).
Questions?
If any questions, please contact us at: http://owasp4.owasp.org/contactus.html
2013 AppSec APAC Conference Volunteer Team
- Johnny Cho
- Yune Sung
OWASP Staff Support
- Sarah Baso
- Kate Hartmann
- Samantha Groves
- Kelly Santalucia
Contact us at [email protected]
Diamond Sponsor |
|
Platinum Sponsor |
|
Gold Sponsor |
|
Silver Sponsor |
|
Lanyard Sponsor |
|
Supporting Organization |
|
Media Sponsor |