This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP AppSec Europe 2008 - Belgium
Welcome to the European OWASP Application Security Conference!
After successful OWASP Conferences in the United States and Europe, we are back in Belgium: 5 tutorials and 2 conference tracks in the historic center of Ghent on May 19-22 2008!
The conference is stuffed with top notch presentations from industry recognised speakers and technical experts on the latest application security risks and trends.
New for AppSec Europe: technical vendor demos and a Capture the Flag!
Conference Location
The historic center of Ghent, Belgium May 19th-22nd.
Main Conference: May 21st-22nd
Agenda and Presentations - May 21-22
The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days. As in the previous editions, the OWASP AppSec Europe 2008 conference will feature a refereed papers track.
| Day 1 - May 21, 2008 | ||
|---|---|---|
| Track 1: | Track 2: | |
| 08:00-09:00 | Registration and Coffee | |
| 09:00-09:05 | Welcome to OWASP AppSec 2008 Conference
Dave Wichers | |
| 09:05-09:45 | Keynote: The Great Information Security Scrap Yard Challenge
Mark Curphey | |
| 09:45-10:20 | Owasp State of the Union
Dinis Cruz | |
| 10:20-10:40 | Break | |
| 10:40-11:20 | The OWASP ESAPI project
Dave Wichers |
The Web Hacking Incidents Database Project
Ofer Shezaf |
| 11:20-12:00 | WAFs and WAFEC2
Ivan Ristic |
HTML5 security
Thomas Rössler |
| 12:00-12:30 | The OWASP Orizon Project internals
Paolo Perego |
Remo presentation (Input Validation)
Christian Folini |
| 12:30-14:00 | Lunch | |
| 14:00-14:40 | How Data Privacy affects Applications and Databases
Dirk De Maeyer |
refereed papers track |
| 14:40-15:20 | NTLM Relay Attacks
Eric Rachner |
refereed papers track |
| 15:20-15:50 | Security in Agile Development
Dave Wichers |
refereed papers track |
| 15:50-16:10 | Break | |
| 16:10-17:00 | Client-side security
pdp |
refereed papers track |
| 17:00-18:00 | Panel: “tbd”
Moderator:tbd Panelists: tbd | |
| 18:00-19:00 | OWASP Leader Meeting - Organized by Matteo Meucci | |
| 19:00-21:00 | OWASP Social Gathering: Dinner and Drinks at the Monasterium | |
| Day 2 - May 22, 2008 | ||
| Track 1: | Track 2: | |
| 08:00-09:00 | Coffee | |
| 09:00-9:40 | Keynote: Software Security
Gary McGraw | |
| 9:40-10:20 | Tour of OWASP projects
Dinis Cruz and Dave Wichers | |
| 10:20-10:40 | Break | |
| 10:40-11:20 | Graph Analysis for WebApps: From Nodes to Edges
Simon Roses Femerling |
The OWASP Education Project
Martin Knobloch |
| 11:20-12:00 | Dynamic Taint Propagation: Finding Vulnerabilities Without Attacking
Brian Chess |
Threat Modeling for Application Designers & Architects
Shay Zalalichin |
| 12:00-12:30 | Scanstud: Evaluating static analysis tools
Martin Johns |
"Office 2.0" threats
John Heasman |
| 12:30-14:00 | Lunch | |
| 14:00-14:40 | Best Practices Using Web Application Firewalls
Alexander Meisel |
Google-Hacking and Google-Shielding
Amichai Shulman |
| 14:40-15:20 | The OWASP Anti-Samy project
Jason Li |
The Law of Conservation of Bugs
Gunnar Peterson |
| 15:20-15:50 | Input validation: the Good, the Bad and the Ugly | Security framework is not in the code
Sam Reghenzi |
| 15:50-16:10 | Break | |
| 16:10-17:00 | Exploiting Online Games
Gary McGraw |
SHIELDS: metrics, tools and Internet services to improve security in application developments
Eva Coscia |
| 17:00-18:00 | Panel: Responsible "tbd"
Moderator: tbd Panelists: tbd |
Panel: "tbd"
Moderator: tbd Panelists: tbd |
| 18:00-18:10 | Conference Wrap Up - Dave Wichers, OWASP Conferences Chair | |
Venue: Aula, Ghent University, Volderstraat 9, 9000 Ghent
Tutorial Days - May 19-20
OWASP arranged for several Application Security tutorials on May 19th-20th, the days prior to the conference.
| T1. Building and Testing Secure Web Applications |
|---|
| Most developers, IT professionals, and auditors learn what they know about application security on the job, usually by making mistakes. Application security is just not a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their IT security efforts. This powerful two day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities into their code.
Trainer: Dave Wichers - Read more here! |
| T2. Leading the Development of Secure Applications |
| In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle.
Trainer: tbd - Read more here! |
| T3. Building Secure Rich Internet Applications |
| Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development.
Trainer: tbd - Read more here! |
| T4. Web Services and XML Security |
| The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Many enterprises are currently developing new Web Services and/or adding and acquiring Web Services functionality into existing applications -- now is the time to build security into the system!
Trainer: Gunnar Peterson - Read more here! |
| T5. Open Source ModSecurity Training |
| ModSecurity is currently the most widely deployed web application firewall (WAF) product. This two-day class is for those people who want to learn how to build, deploy, and use ModSecurity in the most effective manner. The course will cover the open source ModSecurity Console, which helps manage alerts on suspicious web activity targeting your web servers. The course also provides an in-depth look at the extremely powerful ModSecurity Rules Language.
Trainer: Ryan Barnett - Read more here! |
More information about the tutorials are online.
Venue: Monasterium PoortAckere, Oude Houtlei 56, 9000 Gent http://www.monasterium.be/
Evening Social Event - May 21
At every conference we have an evening social event the first night. This allows participants to have some unstructured time to mingle with the other attendees. They are always fun and typically attract about half the conference attendees. This year's event will be held at the Monasterium.
Accommodations
OWASP arranged for a room block of 20 Executive Deluxe rooms at the NH Gent Belfort at a rate of €199 per night.
NOTE: The above room block is being held through April 11!! After that date, there is no guarantee that rooms at this rate will be available at the NH Gent Belfort.
It is difficult getting rooms at reduced prices, as there is a medical congress around the same time in Ghent. Unfortunately, we were not able to make group rate arrangements at other hotels. However, the following is a list of nearby accommodations that may have availability at lower prices:
- Hotel Monasterium PoortAckere
- Hotel Ibis Gent Centrum Kathedraal
- Hotel Vandervalken Nazareth - on Highway 5 minutes from Ghent
- A list of bed and breakfasts in Ghent
- youth hostels in Ghent
Conference Fees
The conference fees for this conference is :
- Standard: 350 Euros, OWASP Members: 300 Euros, Students: 250 Euros.
- Conference Dinner (Evening of May 21st): 50 Euros
- Conference Tutorials: 825 Euros, Student Fee: 430 Euros
- CONFidence Poland 2008 members get a € 35 reduction on OWASP (see OWASP On a Plane below).
- ISSA, ISACA and L-SEC Members a € 35 reduction.
Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accomodate transfers of registrations from one person to another, if such an adjustment becomes necessary.
OWASP on a Plane - CONFidence 2008
This year's CONFidence 2008 will take place on 16-17.05.2008 in Cracow (Poland). They have decided to spend Saturday morning talking about OWASP-related projects. No more excuses: you can attend 2 OWASP events in a row in Europe!
Conference Committee
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org
2008 EU Planning Committee Chair: Sebastien Deleersnyder - Telindus - seba 'at' owasp.org
Vendor Exhibition Chair: Pravir Chandra - Cigital - chandra 'at' cigital.com
Capture the Flag Chair: Pieter Danhieux - Ernst & Young - pieter.danhieux 'at' be.ey.com
Refereed Papers Chair: Lieven Desmet - KU Leuven - Lieven.Desmet 'at' cs.kuleuven.ac.be
Conference Sponsors
The following organizations are sponsors for this conference. If you are interested in sponsoring an OWASP conference, please contact OWASP at: conferences 'at' owasp.org.
TBD
More information about conference sponsorship is available here.
