This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP AppSec Europe 2009 - Poland
Welcome to the European 2009 OWASP Application Security Conference! After successful OWASP Conferences in the United States and Europe, we are back in Poland on May 11-14 2009!
May 13th–14th 2009, OWASP will hold its annual European Application Security conference in wonderfull Kraków, Poland. The Conference consists of two days of tutorial sessions on May 11th–12th, followed by a two-day conference with 3 different tracks. We attracted great European and international speakers. This year we organise the conference together with OWASP Poland and Confidence2009, a conference in Kraków on May 15th-16th.
Conference Location
This year, the conference will be held at the Park Inn Hotel, in the center of Kraków, Poland. This conference hotel will support the event and OWASP has negotiated a room block as well (details are in the accomodations section below).
Registration will be available via the OWASP Conference Cvent site soon.
If you are registering as a Speaker or Sponsor, a seperate registration event will be provided.
Conference Agenda - May 13-14
This year we extended the pogram to three tracks, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.
| Day 1 - May 13, 2009 | |||
|---|---|---|---|
| Track 1: Room 1 | Track 2: Room 2 | Track 3: Room 3 | |
| 08:00-08:50 | Registration and Coffee | ||
| 08:50-09:00 | Welcome to OWASP AppSec 2009 Conference
Sebastien Deleersnyder, OWASP Foundation | ||
| 09:00-09:45 | Keynote
Ross Anderson, Professor in Security Engineering, University of Cambridge | ||
| 09:45-10:30 | OWASP State of the Union
Dinis Cruz & Sebastien Deleersnyder, OWASP Foundation | ||
| 10:30-10:45 | Break - Expo - CTF | ||
| 10:45-11:25 | Wild Wild Wild (www) Security Planet
Mano Paul, SecuRisk Solutions |
Secure Applications for PCI DSS
Tim Holman, QCC Information Security Ltd |
Mirage: building an application model made easy (OWASP Orizon v 1.2)
Paulo Perego, Spike Reply |
| 11:30-12:10 | OWASP Application Security Verification Standard (ASVS) Project
Dave Wichers, Aspect Security |
Securing the .EDU: Application Security for Academia and Education Institutions
Marcus Prendergast, Educational Testing Service |
The Truth about Web Application Firewalls: What the vendors do not want you to know
Wendel Guglielmetti Henrique, tbd & Sandro Gauci, EnableSecurity |
| 12:10-13:30 | Lunch - Expo - CTF | ||
| 13:30-14:10 | The Software Assurance Maturity Model (SAMM)
Pravir Chandra, Cognosticus |
Web Application Harvesting
Esteban Ribičić, tbd |
Refereed Paper Track
Speaker, Organisation |
| 14:15-14:45 | Application Penetration Testing - Client's Perspective
Timo Sivonen, UBS |
w3af, A framework to 0wn the web
Andrés Riancho, tbd |
Refereed Paper Track
Speaker, Organisation |
| 14:50-15:30 | Surprise
Dinis Cruz, tbd |
Tracking the effectiveness of an SDL program: lessons from the gym
Cassio Goldschmidt, Symantec Corporation |
Refereed Paper Track
Speaker, Organisation |
| 15:30-15:45 | Break - Expo - CTF | ||
| 15:45-16:25 | Exploiting Web 2.0 – Next Generation Vulnerabilities
Shreeraj Shah, Blueinfy |
OWASP Live CD: An open environment for Web Application Security
Matt Tesauro, Texas Education Agency |
Refereed Paper Track
Speaker, Organisation |
| 16:30-17:30 | Panel Discussion
Moderator: tbd , Panelists: tbd |
Refereed Paper Track
Speaker, Organisation | |
| 17:30-19:00 | OWASP Leader Meeting Organized by tbd | ||
| 19:00-? | OWASP Dinner | ||
| Day 2 - May 14, 2009 | |||
| Track 1: Room 1 | Track 2: Room 2 | Track 3: Room 3 | |
| 08:00-09:00 | Registration and Coffee | ||
| 09:00-09:45 | Keynote
Bruce Schneier, Chief Security Technology Officer, BT | ||
| 09:45-10:30 | OWASP Projects
Dave Wichers, OWASP Foundation | ||
| 10:30-10:45 | Break - Expo - CTF | ||
| 10:45-11:25 | Threat Modeling
John Steven, Cigital |
OWASP Source Code Flaws Top 10 Project
Paulo Perego, Spike Reply |
Flash Parameter Injection
Adi Sharabani, IBM |
| 11:30-12:10 | OWASP Enterprise Security API (ESAPI) Project
Dave Wichers, Aspect Security |
Advanced SQL injection exploitation to operating system control
Bernardo Damele, lead developer of sqlmap |
Brain's hardwiring and its impact on software development and secure software
Alexandru Bolboaca & Maria Diaconu, Mosaic Works |
| 12:10-13:30 | Lunch - Expo - CTF | ||
| 13:30-14:10 | OWASP "Google Hacking" Project
Christian Heinrich, tbd |
Deploying Secure Web Applications with OWASP Resources
Kuai Hinojosa, New York University |
The Bank in the Browser - Defending web infrastructures from banking malware
Giorgio Fedon, Minded Security |
| 14:15-14:45 | HTTP Parameter Pollution
Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity |
Leveraging agile to gain better secuity
Erlend Oftedal, Bekk Consulting |
Advanced Code Review Techniques - How to Find Needles in the Haystack Efficiently
Siddharth Anbalahan, Plynt & Jaideep Jha, Plynt |
| 14:50-15:30 | Business Logic Attacks: Bots and Bats
Amichai Shulman, Imperva |
Real Time Defenses against Application Worms and Malicious Attackers
Michael Coates, Aspect Security |
OWASP ROI: Optimize Security Spending using OWASP
Matt Tesauro, Texas Education Agency |
| 15:30-15:45 | Break - Expo - CTF | ||
| 15:45-16:25 | Factoring malware and organized crime in to Web application security
Gunter Ollmann, IBM |
Can an accessible web application be secure?
Speaker, tbd |
I thought you were my friend Evil Markup, browser issues and other obscurities
Mario Heiderich, Business-IN |
| 16:30-17:30 | Panel discussion
Moderator: tbd, Panelists: tbd |
The New Web-Based Man-in-the-Middle Attack
Adi Sharabani, IBM | |
| 17:30-17:45 | Conference Wrap-Up & CTF Awards
Dave Wichers, OWASP Foundation | ||
Venue: Park Inn Hotel, Krakow
Registration is available via the OWASP Conference Cvent site at: tbd
Tutorial Days - May 11th and 12th
OWASP hosts 1 and 2 day tutorial sessions prior to the conference.
2 day tutorials:
- Hands on application security with the OWASP Live CD, by Matt Tesauro, Texas Education Agency
- Web Services Security, by Dave Wichers, Aspect Security
- Advanced Testing, by Michael Coates, Aspect Security
1 day tutorials:
- Web Application Security for Managers and Executives – The Road Less Travelled, by Mano Paul, SecuRisk Solutions
- Introduction to ModSecurity, the Apache Security Module, by Christian Folini, NetNea
- Web 2.0 Hacking – Attacks & Countermeasures, by Shreeraj Shah, Blueinfy
- Threat Modeling, by John Steven, Cigital
- In-depth Assessment Techniques: Design, Code, and Runtime, by Pravir Chandra, Cognosticus
More details and registration to follow soon!
Call for Research Papers
The call for refereed research papers is out: OWASP AppSec Europe 2009 CFRP
Accommodations
This year, the conference will be held at the Park Inn Hotel, in the center of Kraków, Poland.
Park Inn Hotel
Ul. Monte Cassino 2
30 - 337 Kraków
Poland
tel: 0048 – 12 – 375 – 40 – 02
fax : 0048 – 12 – 375 – 40 – 01
OWASP has negotiated a room block as well. Details to follow soon.
Transportation to the Conference
By plane
Krakow can be reached by commercial aviation through the John Paul II International Airport Krakow-Balice. 21 airlines fly to and from Krakow including British Airways, Alitalia, Germanwings, LOT, Lufthansa and cheap airlines such as SkyEurope, Ryanair, easyJet and centralwings.
You can go from the airport to the city centre by:
- Train
- The train stop is located app. 200 m from the passenger terminal ( 5 minute walk)
- It will take you 20 minutes and cost 6 PLN (less than 2EU) to get to the Krakow Main Station
- Bus
- The 192 bus stop is located directly at the roundabout, in front of the passenger terminal. The trip to the Main Station takes app. 35 minutes. The ticket can be purchased at the ticket machine on the bus stop for 2,5 PLN (less than 1EU)
- Taxi
- There are always taxis waiting for the passengers in front of the airport. The average price for a ride to the city centre is 50 PLN (around 15EU)
Find out more on John Paul II International Airport Krakow-Balice web page.
By train
You can also travel to Krakow by train from main Polish cities such as Warsow, Wroclaw, Poznan, Gdansk and several cities in Europe. There is direct connection from Berlin, Wien, Prague etc.
Search for your connection here (your destination is Krakow Glowny).
How to get to the venue?
tbd
Registration and Conference Fees
Registration is available via the OWASP Conference Cvent site at: tbd
The conference fee for this conference is :
- Standard: 350 Euros, OWASP Members: 300 Euros, Students: 225 Euros.
- If you also register for CONFidence Poland 2009 you get a 15% reduction.
Other fees are:
- Conference Dinner: 50 Euros
- Conference Tutorials: 910 Euros (2 days) - 455 Euros (1 day)
Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accomodate transfers of registrations from one person to another, if such an adjustment becomes necessary.
Conference Committee
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org
2009 EU Planning Committee Chair: Sebastien Deleersnyder - Telindus - seba 'at' owasp.org
2009 EU Program Committee:
- Sebastien Deleersnyder - seba 'at' owasp.org
- Mano Paul - mano.paul 'at' owasp.org
- Fabio Cerullo - fcerullo 'at' gmail.com
- Kuai Hinojosa - kuai.hinojosa 'at' owasp.org
- Andrzej Targosz - andrzej.targosz 'at' proidea.org.pl
Poland Chapter Host: Andrzej Targosz - OWASP Poland - andrzej.targosz 'at' proidea.org.pl
Capture the Flag Chair: Andrzej Targosz - andrzej.targosz 'at' proidea.org.pl
Refereed Papers Chair: Lieven Desmet - KU Leuven - Lieven.Desmet 'at' cs.kuleuven.ac.b
Affiliated Partners
We are glad to have the local support of:
Conference Sponsors
The following organizations are sponsors for this conference. If you are interested in sponsoring an OWASP conference, please contact OWASP at: conferences 'at' owasp.org.
tbd
More information about conference sponsorship is available online.
