This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AppSecEU2011"
(→Schedule) |
|||
Line 67: | Line 67: | ||
<!-- End Banner --> | <!-- End Banner --> | ||
− | ==== | + | ==== Registration ==== |
− | == | + | == [http://www.regonline.com/owasp_appsec_eu_2011 '''Registration is now open!'''] == |
− | + | [[Image:RegisterNow.jpg|link=http://www.regonline.com/owasp_appsec_eu_2011]] | |
− | == | + | == The first 25 people who register receive an additional €50 discount! == |
− | + | ===Registration Fees=== | |
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Ticket Type | ||
+ | ! Before 6th April | ||
+ | ! After 6th April | ||
+ | ! After 6th May | ||
+ | |- | ||
+ | | Non-Member | ||
+ | | €250 | ||
+ | | style="background: #cef2e0;" | €300 | ||
+ | | style="background: #ffffcc;" | €350 | ||
+ | |- | ||
+ | | Active OWASP Member | ||
+ | | €200 | ||
+ | | style="background: #cef2e0;" | €250 | ||
+ | | style="background: #ffffcc;" | €300 | ||
+ | |- | ||
+ | | Student | ||
+ | | €150 | ||
+ | | style="background: #cef2e0;" | €200 | ||
+ | | style="background: #ffffcc;" | €250 | ||
+ | |} | ||
− | + | {| class="wikitable" | |
− | + | |- | |
− | + | ! Course | |
− | + | ! Fee | |
− | + | |- | |
− | + | | 1 Day Training | |
− | + | | €495 | |
− | + | |- | |
+ | | 2 Day Training | ||
+ | | €990 | ||
+ | |} | ||
− | + | Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary. | |
− | + | <nowiki>*</nowiki> We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size :). | |
− | |||
− | |||
− | |||
− | * | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==== June 7th-8th (Training) ==== | ==== June 7th-8th (Training) ==== | ||
Line 368: | Line 365: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==== Practical Info ==== | ==== Practical Info ==== |
Revision as of 13:19, 14 April 2011
Welcome
|
|
Registration
Registration is now open!
The first 25 people who register receive an additional €50 discount!
Registration Fees
Ticket Type | Before 6th April | After 6th April | After 6th May |
---|---|---|---|
Non-Member | €250 | €300 | €350 |
Active OWASP Member | €200 | €250 | €300 |
Student | €150 | €200 | €250 |
Course | Fee |
---|---|
1 Day Training | €495 |
2 Day Training | €990 |
Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.
* We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to [email protected], or email Kate a scanned image of your student ID (please compress the file size :).
June 7th-8th (Training)
Schedule
T1. Threat Modeling and Architecture Review - 2-Days (June 7-8) - 990 Euro |
---|
Threat Modeling and Architecture Review are the cornerstones of a preventative approach to Application Security. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the threat an application faces and how the application will handle those potential threats. This enables the risk to be accurately assessed and appropriate changes or mitigating controls recommended. |
Instructor: Pravir Chandra, Fortify |
Learn More About the Threat Modeling and Architecture Review Class |
Click here to register |
T2. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days (June 7-8) - 990 Euros |
---|
Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of three different web applications, and the browsers connecting to them. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a fourth web application that contains keys you must find and collect. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available open source tools. |
Learn More About the Assessing and Exploiting Web Applications with Samurai - WTF |
Click here to register |
T3. Tactical Defense with ModSecurity - 2-Days - 990 Euros |
While application flaws should ideally be fixed in the source code, this is often not a feasible task for various reasons. Web application firewalls are often deployed as an additional layer of security that can monitor, detect and prevent attacks before they reach the web application. ModSecurity, an extremely popular open source web application firewall, is often used to help protect web applications against known and unknown vulnerabilities alike.
This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities |
Instructor: Josh Amishav-Zlatin, Pure Hacking |
Learn More about the Tactical Defense With Mod Security Class |
Click here to register |
T4. Secure Application Development: Writing secure code (and testing it) 1-Day - June 7th- 495 Euros |
Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand.
Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code Instructor: Eoin Keary, OWASP |
Learn More About the Secure Application Development Class |
Click here to register |
T5. Designing, Building and Testing Secure Application on Mobile Devices 1-Day - June 8th- 495 Euros |
---|
This course provides an introduction to security for mobile and smartphone applications. It walks through a basic threat model for a smartphone application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques. Particular emphasis will be on the unique security challenges that developing software for mobile devices represent, comparing mobile software security concepts to those in the web application world
|
Learn More About the Designing, Building and Testing Secure Application on Mobile Devices Class |
Click here to register |
June 9th
Schedule
Conference Day 1 - June 9, 2011
| |||
|
Track 1 - Defend | Track 2 - Prevent | Track 3 - Attack |
0800-08:50 | Registration and Breakfast + Coffee | ||
08:50-09:00 | Welcome by AppSec EU Board | ||
09:00-9:55 | Keynote: Brad Arkin, Adobe Corp. | ||
10:00-10:30 | OWASP Blobal Board Update - Tom Brennan, Eoin Keary, Seba | ||
10:30-10:45 | Coffee Break | ||
10:45-11:30 | Practical Browser Sandboxing on Windows with Chromium, Tom Keetch, Verizon Business |
Building a Robust Security Plan, Narainder Chandwani, Foundstone |
APT in a Nutshell, "David Stubley, 7 Elements Ltd" |
11:30-11:45 | Break | ||
11:45-12:30 | How to become Twitter's admin: An introduction to Modern Web Service Attacks, Andreas Falkenberg, RUB
|
The missing link: Turning Securable apps into secure installations using SCAP, Charles Schmidt, MITRE Corp.
|
The Buzz about Fuzz: An enhanced approach to finding vulnerabilities, Joe Basirico, Security Innovation |
12:30-13:30 | Lunch | ||
13:30-14:30 | Keynote: Giles Hogben, ENISA | ||
14:30-14:45 | Break | ||
14:45-15:30 | Business Risks of Secure Development and Operations of Applications in the Cloud, Warren Axelrod, Delta Risk LLC |
Integrating security testing into a SDLC: what we learned and have the scars to prove it, Mark Crosbie, IBM |
Intranet Footprinting: Discovering Resources from outside, Javier Marcos de Prado & Juan Galiana Lara, IBM |
15:30-15:45 | Break | ||
15:45-16:30 | Building Large Scale Detectors for Web-based Malware, Marco Balduzzi & Davide Canali, EURECOM |
Infosec Stats: Reading between the lines, Chris Eng, Veracode |
Python Basics for Web App Pentesters, Justin Searle, InGuardians Inc |
16:30-16:45 | Break | ||
16:45-17:30 | OWASP AppSensor Project, Colin Watson, Watson Hall Ltd |
A buffer overflow Story: From Responsible Disclosure to Closure, Douglas Held, Fortify (HP) |
CTF: Bringing back more than sexy!, Mark Hillick, HackEire |
19:00-23:00 | Networking Event - Drinks at the Church Bar |
June 10th
Schedule
Conference Day 2 - June 10, 2011
| |||
|
Track 1 - Defend | Track 2 - Prevent | Track 3 - Attack |
08:00-08:50 | Registration | ||
08:50-09:00 | Day 2 Opening Remarks | ||
09:00-10:00 | Keynote: Janne Uusilehto, Nokia. | ||
10:00-10:15 | Coffee Break | ||
10:15-11:00 | Software Security: Is OK Good Enough?, John Dickson, Denim Group Ltd. |
An Overview of Threat Modeling, Jim Delgrosso, Cigital Inc. |
An Introduction to the OWASP Zed Attack Proxy, "Simon Bennetts, OWASP" |
11:00-11:15 | Break | ||
11:15-12:00 | New standards and upcoming technologies in browser security, Tobias Gondrom, IETF WG
|
Simple Approach to Sepcifying Security Requirements for Online Developments, Alexis Fitzgerald, RITS
|
A Case Study on Enterprise E-mail (in) Security Solutions, Marian Ventuneac, Genworth Financial |
12:00-12:45 | Six Key Application Security Program Metrics, Arian Evans, Whitehat Security
|
A Critical Look at the Classification Schemes for Privacy Risks, Elke Roth-Mandutz and Georg Simon, Ohm University
|
Testing Security Testing: Evaluating Quality of Security Testing, Ofer Maor, Seeker Security |
12:45-13:45 | Lunch | ||
13:45-14:45 | Keynote: Alex Lucas, Microsoft | ||
14:45-15:00 | Break | ||
15:00-15:45 | Putting the Smart into Smartphones: Security Testing Mobile Applications, Dan Cornell, Denim Group |
Security Design and Coding Reviews for Java Applications using AOP Techniques and Open Source Tools, Srini Penchikala, InfoQ |
The Dark Side: Measuring and Analyzing Malicious Activity On Twitter, Daniel Peck & Paul Judge, Barracuda Networks |
15:45-16:00 | Break | ||
16:00-16:45 | Threat modeling of banking malware-based attacks using the P.A.S.T.A. framework, Marco Morana, Cincinnati Chapter Lead & Tony UcedaVelez, VerSprite |
PCI DSS v2.0: a new challenge for web application security testing?, Laurent Benameur Sauvaire, Espion, Ltd. |
Practical Crypto Attacks Against Web Applications, Justin Clarke, Gotham Digital Science |
16:45-17:00 | Break | ||
17:00-18:00 | Keynote: Ivan Ristic, Qualys | ||
18:00-18:30 | Conference Closure and Raffle |
Practical Info
Visitors' Guide
VisitDublin.com is the official online tourist office for Dublin. You could check their Insider Guides, designed to ensure you make the most of your time in the capital! These themed guides offer you a taste of what to see and do offering you a great start in exploring Dublin!
Here is the URL: http://www.visitdublin.com/insidersguide/insidersguide.aspx?id=396
Also they have developed an Iphone and Android app that you could use to explore Dublin. You could get it from the visitdublin.com site.
UK/Ireland Wall Plugs
This is how UK/Ireland wall plugs look like (image below).
Weather Forecast
Met Ireland has good coverage of the weather in Dublin. Check it out here.
Travel
Fly to Dublin Airport:
http://www.dublinairport.com/
A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus)
Accommodation
Trinity College:
Please see here if you wish to stay within the grounds of Trinity College:
https://accommodation.tcd.ie/kxHotel/
Hotels Surrounding Trinity College:
http://maps.google.com/maps?near=Dame+Street,+College+Green,+Dublin+2,+Ireland+(Trinity+College+Campus)&geocode=Cfm6cyTmqt_IFev1LQMdLZCg_yFJu3aKhBD7GA&q=hotels&f=l&dq=Trinity+College+loc:+Dublin+Ireland&sll=53.341482,-6.258302&sspn=0.012043,0.037637&ie=UTF8&ei=U6TMSZSzKpSw2QLG_-CUCA&attrid=1036f063d3d0dafc_&ll=53.343711,-6.254568&spn=0.012042,0.037637&z=15
Social Events
Information will be published here.
Venue
The venue for both training and conference is Trinity College Dublin.
Sponsoring
OWASP is providing sponsors exclusive access to its audience in Trinity College Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers.Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.
The conference is expected to draw over 400 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.
Sponsorship opportunities are filling up rapidly. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit), driving funding for research grants, tools and documents, local chapters, and more.
All sponsorship opportunities feature significant discounts to OWASP members, allowing you year-round access the web application security’s top thinkers as well as use of OWASP materials in product and service delivery.
To find out more about the different sponsorship opportunities please check the document below:
File:OWASP sponsorship appseceu2011.pdf
Challenges
Countdown Challenges -- Free Tickets to Win!
There will be a challenge posted on the conference wiki page the 21st every month up until the event. The winner will get free entrance to the conference.
Team
Eoin Keary - eoin.keary 'at' owasp.org
Fabio Cerullo - fcerullo 'at' owasp.org
Fiona Walsh - fiona.walsh 'at' owasp.org
Rahim Jina - rahim.jina 'at' owasp.org
Kate Hartmann - kate.hartmann 'at' owasp.org