This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 21:57, 13 November 2013 by Laura Grau (talk | contribs)

Jump to: navigation, search

AppSecAPAC 2014.JPG

We are pleased to announce that the OWASP Japan chapter will host the OWASP AppSec APAC 2014 conference in Tokyo, Japan at the Solar City Conference Center.

The event will be composed of 2 days of training (March 17-18), followed by 2 days of conference talks (March 19-20).

The Global AppSec APAC 2014 Conference will be a reunion of Information Security Asia-Pacific leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 250-300 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

Conference Registration is now open for the Early Birds! Click here to register

Who Should Attend Global AppSec APAC 2014:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security

If you have any questions, please email the conference committee: [email protected]

Local Executive Committee

Sen Ueno CEO Tricorder Inc. Japanese computer engineer and technical expert. Majored in Information Security at the Nara Institute of Science and Technology (NAIST). After successfully listing an eCommerce venture on the TSE Mothers exchange, Mr. Ueno founder Tricorder and focused on information security education, network/web application vulnerability assessment, etc. In addition to being the CEO of his company, Mr. Ueno is also a researcher at the Information-technology Promotion Agency, Japan (IPA), the chief editor at the information security-related magazine ScanNetSecurity and a member of the executive committee for WASForum Hardening Project. He has also been a co-leader for OWASP Japan since its inception. Works authored by Mr. Ueno include “HTTP no Kyoukasho”, “Konya Wakaru TCP/IP”, “Mendoukusai Web Security”, etc.

Riotaro Okada Researcher. Born in Kobe, Hyogo Prefecture, Japan, Mr. Okada has over 20 years of experience in software development and network construction. He has been involved in network construction, software development and the implementation of information security measures at independent software development companies, the R&D divisions of manufacturing companies as well as consulting firms. Mr. Okada has also facilitated various technology-related communities such as for Linux and PHP. In 2004, he founded the Web Application Security Forum and as a member of the board became involved in the diffusion of security-related information. Moreover, he is also a researcher at the Information-technology Promotion Agency, Japan (IPA) and responsible for the IT strategy as well as disaster response projects at various government organizations. Mr. Okada is the co-leader of OWASP Japan since its founding, is CISA certified and holds an MBA from BBT (2009).

Kana Shinoda After being employed at PROSEED CORPORATION and TurboLinux Japan, Ms. Shinoda becaome involved in Neoteny at which she focused on research related to encryption and security as well as the support of start-up ventures. She has also been responsible for the Japan operations of Black Hat. She has also graduated with a major in computer science from an American college. Currently, Ms. Shinoda is an organizer for CODE BLUE as well as a member of the OWASP Japan Advisory Board since its founding.

Kazuaki Nakazawa Mr. Nakazawa is responsible for security product and service development at Infosec. From the perspective of security-related instruction for the enterprise market, Mr. Nakazawa is active in a wide variety of industries and business conditions. He is involved in the activities of OWASP Japan and since 2013 became part of the executive committee for OWASP AppSec Apac.

Takanori Nakanowatari Mr. Nakanowatari is involved in the security management and software development at an OA device manufacturer. He has been actively involved in the overseas of OWASP as well such as participating in AppSec conferences overseas and has contributed to OWASP Meetings in Japan by sharing his various experiences. Mr. Nakanowatari is CISSP certified and since 2013 has been a member of the OWASP Japan Advisory Board.

Yosuke Hasegawa Mr. Hasegawa is an Evangelist at Net Agent as well as a technological advisor at Secure Sky Technology, Inc. He has been instrumental in discovering various vulnerabilities in web applications such as Internet Explorer and Mozilla Firefox. He has participated in Black Hat Japan 2008 and Korea POC (Power of Community) 2008 & 2010 as well as giving lectures and speeches at various other conferences. Since its inception, Mr. Hasegawa has been a member of the OWASP Japan Advisory Board.

Robert Dracea Mr. Dracea is responsible for the global strategy of a Japanese internet service company. With the mission of better sharing Japan’s advanced technological power with the world, from a business perspective, he has successfully architected numerous alliances and tie-ups both domestically in Japan as well as overseas. Additionally, he has also, on a volunteer-basis, conducted the translation and interpretation at multilingual OWASP Meetings. Mr. Dracea has been since its founding a member of the OWASP Japan Advisory Board.

AppSec APAC 2014 will be held at the SOLA CITY CONFERENCE CENTER in Tokyo, Japan.

Picture1.png Sola City Conference Center.png

Conference Registration is now open! Click here to register

OWASP AppSec APAC features two days of training March 17-18, and two days of talks, March 19-20, 2014.

Conference Registration Fees (not including training)

Ticket price Early Fee (DEADLINE February 1) Regular Fee On-site Fee
Active OWASP member $200 USD (20,000 Yen) $300 USD (30,000 Yen) $400 USD (40,000 Yen)
Non Member + 1 year OWASP membership $220 USD (22,000 Yen) $335 USD (35,000 Yen) $500 USD (50,000 Yen)
Non-Member $250 USD (25,000 Yen) $350 USD (35,000 Yen) $525 USD (52,500 Yen)
Student $50 USD (5,000 Yen) $80 USD (8,000 Yen) $150 USD (15,000 Yen)

Please note - payment will be processed in Japanese Yen but we can process invoice and payment in USD or other currencies.

Training Fees (Please note that conference Registration is separate.)

Course Length Course Dates Fee
1 - day class Monday, March 17 2014 $400 USD (40,000 Yen)
2 - day class Tuesday, March 18 2014 $800 USD (80,000 Yen)

Please note - all prices above appear in USD; however payments can also be made in Japaneses Yen.

Cancellations, Refunds, and Substitutions All ticket sales are final and our general policy is no refunds. However, we are able to substitute registrations at no charge until February 28, 2014.

Group Discounts: 10% off for groups of 10-19; 20% off for groups of 20-29; 30% off for groups of 30 or more. Please contact us for more information about registering a group.

Membership Discounts: We are pleased to offer $20 off admission for active OWASP members. Multiple discounts can not be applied.

Registration for Trainers and Speakers: If you have been selected to deliver a training or talk at the conference, you should have received a discount code for complimentary admission. If you did not receive this code or have questions, please Contact us.

Registration for OWASP Leaders: Complimentary admission to the conference is offered to active OWASP Chapter and Project Leaders. Additionally, two seats for each of the training courses are available at no cost to active OWASP Chapter and Project Leaders (available on a first come, first serve basis).
To register as an active Chapter or Project leader, please select the general event registration option and enter discount code: OWASPLEADER.

Please note: conference and training registration using the OWASPLEADER discount code will be verified by the conference team and if you are not an active OWASP Chapter or Project Leader, you will be contacted regarding your status and your registration may be subject to cancellation.

The AppSec APAC 2014 call for submissions will be open from November 1 to December 15, 2013.

Submission Guidelines

If you want to submit a paper or training, please take note of the following:

* Vendor-Specific Proposals: OWASP does not accept product or vendor-related submissions. If your talk is a thinly-veiled advertisement for a new product, technology or service your company is offering, please do not apply. If you would like to publicize a product, please contact [email protected] for information on exhibiting and other vendor opportunities, including sponsored sessions.

* All presentations must be submitted by the original authors: We currently only accept submissions by original authors of the presentations. PR firms, speaking relation firms, and all other parties who are not direct authors of submitted presentations are discouraged from submitting a proposal on behalf of their clients/speakers. We require direct contact with presenters to expedite questions during the submission review process.

* Supporting materials: If you have an existing body of work available on the subject (blog posts, video, articles, papers...), you now have the possibility to point that out as well. This may help the committee in gauging the nature and the amount of thought and work you have already put into your subject.

What is in it for the Attendees? It is important to let the delegates know what is in it for them. The best presentations are generally those that have good audience interaction and are informing as well as entertaining. It is also important to offer the delegates something to take away that they will be able to use immediately on return to their daily work routine. Audiences do have a preference for presentations which reflect practical applications of something, as opposed to theory. Envisaging the main take-aways for the delegates will help you to develop your presentation. What would you like delegates to tell their colleagues about your session when they get back to work?


  • Security aspects of new web technologies (HTML5, CSP, etc.)
  • New Attack and Defense
  • Mobile security
  • Cloud security
  • SDLC
  • Automated security testing
  • Security awareness and education
  • Threat modeling
  • Secure coding and code review
  • OWASP Projects
  • Case Studies
  • Legacy system and maintenance

Interested in speaking?

Send an e-mail to the selection committee at [email protected]providing them with:

Title of your presentation or training session.
Presentation Type (talk or training).
Language: Please note that all proposals and presentations must be in English or Japaneses.
Short Description: A summary of the main idea of your proposal. Absolute limit of 30 words.
Abstract: A concise description of the purpose, methods, and implications of your presentation. Length 150-200 words.
Previous speaking experience (or references).
Your bio.
Your e-mail.

Notification of acceptance: January 5, 2014

Please note that travel and accomodations are not provided

Selection Criteria

The Selection Committee will review all abstracts that have been submitted on time. The submissions will be rated on a one to five scale by each of the reviewers on the following criteria:
1. Concept: This is the basic idea of your submission. Is it interesting? Is it relevant? Will it be beneficial for the community to hear? Does the speaker have a unique, fresh, and entertaining online and/or stage persona?
2. Clarity / Quality of presentation: Are the ideas conducive to present in front of an audience? Is the abstract articulate and specific? Abstracts should be logical, well-structured and easy to understand. Abstracts should present complete information. This criterion addresses how well the specific research question(s) and objectives, methods used, primary results, etc are explained, rather than the quality of the study itself. A brief, clearly written abstract follows a logical order (e.g. aims, methods, results, followed by a clear interpretation of the results and any implications).
3. Correctness: First, is the technical approach sound and well-chosen? Second, can one trust the claims of the paper -- are they supported by proper proofs, or other argumentation?
4. Depth: Is the basic idea well considered and thought out? To what extent will the audience gain insight? Does this paper have enough substance, or would it benefit from more ideas or results?
5. Takeaway / Innovative content/ Originality / Uniqueness: Is the attendee going to leave this session knowing something they didn't know when they walked in? Are they learning or being inspired? Has this talk or sort of talk been given at a recent AppSec event, or it is something that it is relatively untouched or has a new and interesting spin? Does the abstract present truly innovative ideas and creative solutions to new or known challenges within the industry? How original is the approach? Does this paper break new ground in topic, methodology, or content? Submissions showcasing cutting-edge ideas and approaches or containing significant new findings will be favored.
6. Relevance / contribution to the knowledge: How significant is the work described? If the ideas are novel, will they also be useful or inspirational? If the results are sound, are they also important? This criterion addresses the importance of the research in terms of advancing the subject. Abstracts should help the conference contribute to the progression of the industry as a whole. Particular emphasis will be given to abstracts that provide useful outputs and practical advice & tools for the audience in their daily work.

Program Selection Committee

Youki Kadobayashi, Ph.D. Associate professor at Nara Institute of Science and Technology (NAIST). After being employed at Osaka University’s Cybermedia Center, Dr. Kadobayashi joined his current position in 2000. Since 2008 he has been involved in cyber security standardization at the International Telecommunications Union Telecommunications Standardization Sector. Dr. Kadobayashi is also actively involved in cyber security education and training programs. Additionally, he is a board member of the industry-academic-government collaborative research consortium WIDE Project and since 2013 the Japanese representative of the American-Japanese international joint research project FP7 NECOMA Project. Dr. Kadobayashi is also a member of the executive committee for the WASForum Hardening Project.

Masakazu Takahashi Chief Security Advisor, Microsoft Japan. After being involved in standard library, OS development and other basic development, Mr. Takahashi became involved in the security business after engaging in vulnerability assessment and intrusion detection at a security company. At a time when penetration testing was a common practice in vulnerability assessment, Mr. Takahashi became a proponent of white box testing as a logical and repeatable inspection method. In terms of intrusion detection, he oversaw the systemization of surveillance and operations technologies and was in charge of starting numerous SOC businesses. In November of 2006, Mr. Takahashi joined Microsoft Japan. As the chief security advisor, he is involved in attaining the secure computing that Microsoft aims for while at the same time publishing papers and conducting various lectures. Additionally, Mr. Takahashi is actively involved in associations within the industry and is the head of a community involved in the promotion of information security measures as well as the vice president of the Japan Network Security Association (JNSA).

Keiji Takeda, Ph.D. Lecturer at Keio University, Faculty of Environment and Information Studies. Ph.D. from Keio University Graduate School of Media and Governance. After being employed at the Ministry of Defense, the Japan Air Self-Defense Force and Accenture, Dr. Takeda became a lecturer at Carnegie Mellon University’s school in Japan before moving on to his current position. Dr. Takeda is also a member of various information security-related committees including participating as an advisor for the Hyogo Prefectural government. In addition, he is actively involved in the information security industry through a broad array research & development, operations, personnel training and consulting activities including development assessment of intrusion detection systems, participation at various security events and the planning of organizations for the distribution of information related to security vulnerabilities.

Masafumi Negishi Senior Engineer, Office of Emergency Response and Clearinghouse for Security Information, Internet Initiative Japan Inc. Mr. Negishi has been involved in network construction, security inspection and security consulting, etc. at a major electronics manufacturer, a security company and foreign-affiliated computer vendor. In 2003 he became employed at IIJ Technology and placed in charge of security services, overseeing numerous security inspections. Currently he is part of the security incident support team and is primarily responsible for the collection and analysis of security information as well as taking appropriate action when security issues are discovered. Since 2007 he has been an instructor at the SANS Institute and since 2012 he has also been a member of the Advisory Board for OWASP Japan.

Yoshinari Fukumoto System Security Office Manager, Rakuten Inc. After being involved in research and development of security products at a security-related company, in 2002 Mr. Fukumoto joined Rakuten and became responsible for the internet service security for Rakuten Group. He is primarily involved in the promotion and development of secure software as well as the support of security-related operations. Mr. Fukumoto is also a Rakuten-CERT Representative. He has been a member of the OWASP Japan Advisory Board since the chapter began its activities.

Keynote Speaker


Suguru Yamaguchi is a Professor with Graduate School of Information Science, Nara Institute of Science and Technology and former Advisor on Information Security to the Cabinet, Government of Japan. He was born in Shizuoka, Japan in 1964. He has D.E from Osaka University, Japan. In 2000, he was promoted to a Professor with the Graduate School of Information Science, Nara Institute of Science and Technology, Nara, Japan. Since 2013, he is appointed to Director of Library for FY2013 & 2014. From April 2004 to March 2010, he was appointed to Advisor on Information Security to the Cabinet, Government of Japan.

He has been deeply involved to its design and implementation of the national master plan on information security policy and establishment of National Information Security Center (NISC) in Cabinet Secretariat in 2005. Furthermore, because of tight relationship with government’s information security policy, he was also appointed to Advisor for Government Program Management Office (GPMO) at secretariat office of IT Strategic Headquarter, Government of Japan, since 2006. His research interests include technologies for information sharing, multimedia communication over broadband channels, large-scale distributed computing systems including “cloud computing” technology, network security and network management for the Internet. Since mid 1980’s, he has been working very hard on development the Internet in Japan and Asia and Pacific region. He has been also a member of WIDE project, which is one of pioneer projects for the Internet development, since its creation in 1988. For the Internet development in Asia and Pacific region, he has been working so long for Asian Internet Interconnection Initiatives (AI3) since its creation in 1996.

He made many contributions for Internet development and network security. He founded JPCERT/CC in 1996, which is a first national CSIRT in Japan, and now he is working as one of board of trustee. He was one of founders of as a regional forum of CSIRT in Asia & Pacific region, established in 2002. From 2011, he has been appointed to a member of Steering Committee of FIRST (Forum of Incident Response and Security Teams). In this role, he is working as a liaison officer of Geographical Outreach to work together for CSIRT teams in developing countries mainly in Africa and Grater Middle East to connect to the global FIRST community. Since 2002, he has been a member of board of trustee of Japan Network Information Center (JPNIC), which is national Internet registry managing IP address and AS number allocations and registrations.

LinkedIn Suguru Yamaguchi

Dave Wichers

OWASP Board Speaker


Tobias Gondrom is CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory operating in Asia and Europe.

He has 15 yrs of experience in information security and risk management, software development, application security, cryptography and global standardization organizations, working for independent software vendors and large global corporations in the financial, technology and government sector. Over the years, he has run various corporate information security functions and trained and advised dozens of CISOs and senior information security leaders around the globe. Tobias is a Sloan Fellow from London Business School, holding its most senior business degree, the Sloan M.Sc. in Leadership and Strategy.

Since 2003 he is the chair of working groups at the IETF (, member of the IETF security directorate, and since 2010 chair of the web security WG at the IETF. He is vice-chairman for research and programs of the CSA Hong Kong and Macau chapter and an ISC2 CSSLP and CISSP Instructor.

Tobias has been in a number of OWASP project and chapter leadership roles since 2007. Today, he is a member of the OWASP Global Board and member of the London chapter board and project lead of the CISO Survey & Report project.

He has authored the Internet standards RFC 4998, 6283 and 7034, co-authored the books „Secure Electronic Archiving“ and the "OWASP CISO Guide" and is a frequent presenter at conferences and publication of articles on security (e.g. AppSec, IETF, ...).

LinkedIn Tobias Gondrom

We are looking for sponsors for the Global AppSec APAC 2014.

If you are interested to sponsor Global AppSec APAC 2014, please contact the conference team: [email protected]

To find out more about the different sponsorship opportunities please check: OWASP AppSec APAC 2014 Sponsorship Options

Sponsorship Deadline is February 10, 2014.