This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSecEU2011"

From OWASP
Jump to: navigation, search
(Schedule)
Line 153: Line 153:
 
This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities
 
This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities
 
|-
 
|-
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Josh Amishav-Zlatin, Pure Hacking
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Christian Bockermann
 
|-
 
|-
 
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More about the Tactical Defense With Mod Security Class]]
 
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More about the Tactical Defense With Mod Security Class]]

Revision as of 14:58, 14 April 2011

Banner-trinity-web.jpg


Follow us on:
Twitter.png
Facebook.png Linkedin.png


Welcome

We are pleased to announce that the Ireland chapter will host the OWASP AppSec Europe 2011 global conference in beautiful Dublin, Ireland.

The AppSec Europe conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

AppSec Europe 2011 will be held at Trinity College Dublin (map) on June 7th through 10th 2011. There will be training courses on June 7th and 8th followed by plenary sessions on the 9th and 10th with each day having at least three tracks. AppSec Europe may also have BOF (informal adhoc meetings), break out, or speed talks in addition to the standard schedule depending on the submissions received.
If you have any questions, please email the conference chair: appseceu at owasp.org


Who Should Attend AppSec Europe 2011:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security



Appseceurope3.png

Use the #AppSecEU hashtag for your tweets for AppSec Europe 2011 (What are hashtags?)

@AppSecEU Twitter Feed (follow us on Twitter!) <twitter>228539824</twitter>

Registration

Registration is now open!

RegisterNow.jpg


Registration Fees

Ticket Type Before 6th April After 6th April After 6th May
Non-Member €250 €300 €350
Active OWASP Member €200 €250 €300
Student €150 €200 €250
Course Fee
1 Day Training €495
2 Day Training €990

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

* We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to [email protected], or email Kate a scanned image of your student ID (please compress the file size :).


June 7th-8th (Training)

Schedule

T1. Threat Modeling and Architecture Review - 2-Days (June 7-8) - 990 Euro
Threat Modeling and Architecture Review are the cornerstones of a preventative approach to Application Security. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the threat an application faces and how the application will handle those potential threats. This enables the risk to be accurately assessed and appropriate changes or mitigating controls recommended.
Instructor: Pravir Chandra, Fortify
Learn More About the Threat Modeling and Architecture Review Class
Click here to register
T2. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days (June 7-8) - 990 Euros

Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of three different web applications, and the browsers connecting to them. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a fourth web application that contains keys you must find and collect. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available open source tools.

Instructor: Justin Searle: InGuardians InGuardians.png

Learn More About the Assessing and Exploiting Web Applications with Samurai - WTF
Click here to register
T3. Tactical Defense with ModSecurity - 2-Days - 990 Euros
While application flaws should ideally be fixed in the source code, this is often not a feasible task for various reasons. Web application firewalls are often deployed as an additional layer of security that can monitor, detect and prevent attacks before they reach the web application. ModSecurity, an extremely popular open source web application firewall, is often used to help protect web applications against known and unknown vulnerabilities alike.

This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities

Instructor: Christian Bockermann
Learn More about the Tactical Defense With Mod Security Class
Click here to register
T4. Secure Application Development: Writing secure code (and testing it) 1-Day - June 7th- 495 Euros
Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand.

Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code

Instructor: Eoin Keary, OWASP

Learn More About the Secure Application Development Class
Click here to register
T5. Designing, Building and Testing Secure Application on Mobile Devices 1-Day - June 8th- 495 Euros
This course provides an introduction to security for mobile and smartphone applications. It walks through a basic threat model for a smartphone application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques. Particular emphasis will be on the unique security challenges that developing software for mobile devices represent, comparing mobile software security concepts to those in the web application world


Instructors: Dan Cornell, Denim Group

Learn More About the Designing, Building and Testing Secure Application on Mobile Devices Class
Click here to register


June 9th

Schedule

Conference Day 1 - June 9, 2011



Track 1 - Defend Track 2 - Prevent Track 3 - Attack
0800-08:50 Registration and Breakfast + Coffee
08:50-09:00 Welcome by AppSec EU Board
09:00-9:55 Keynote: Brad Arkin, Adobe Corp.
10:00-10:30 OWASP Blobal Board Update - Tom Brennan, Eoin Keary, Seba
10:30-10:45 Coffee Break
10:45-11:30 Practical Browser Sandboxing on Windows with Chromium, Tom Keetch, Verizon Business
Building a Robust Security Plan, Narainder Chandwani, Foundstone
APT in a Nutshell, "David Stubley, 7 Elements Ltd"
11:30-11:45 Break
11:45-12:30 How to become Twitter's admin: An introduction to Modern Web Service Attacks, Andreas Falkenberg, RUB


The missing link: Turning Securable apps into secure installations using SCAP, Charles Schmidt, MITRE Corp.


The Buzz about Fuzz: An enhanced approach to finding vulnerabilities, Joe Basirico, Security Innovation
12:30-13:30 Lunch
13:30-14:30 Keynote: Giles Hogben, ENISA
14:30-14:45 Break
14:45-15:30 Business Risks of Secure Development and Operations of Applications in the Cloud, Warren Axelrod, Delta Risk LLC
Integrating security testing into a SDLC: what we learned and have the scars to prove it, Mark Crosbie, IBM
Intranet Footprinting: Discovering Resources from outside, Javier Marcos de Prado & Juan Galiana Lara, IBM
15:30-15:45 Break
15:45-16:30 Building Large Scale Detectors for Web-based Malware, Marco Balduzzi & Davide Canali, EURECOM
Infosec Stats: Reading between the lines, Chris Eng, Veracode
Python Basics for Web App Pentesters, Justin Searle, InGuardians Inc
16:30-16:45 Break
16:45-17:30 OWASP AppSensor Project, Colin Watson, Watson Hall Ltd
A buffer overflow Story: From Responsible Disclosure to Closure, Douglas Held, Fortify (HP)
CTF: Bringing back more than sexy!, Mark Hillick, HackEire
19:00-23:00 Networking Event - Drinks at the Church Bar


June 10th

Schedule

Conference Day 2 - June 10, 2011



Track 1 - Defend Track 2 - Prevent Track 3 - Attack
08:00-08:50 Registration
08:50-09:00 Day 2 Opening Remarks
09:00-10:00 Keynote: Janne Uusilehto, Nokia.
10:00-10:15 Coffee Break
10:15-11:00 Software Security: Is OK Good Enough?, John Dickson, Denim Group Ltd.
An Overview of Threat Modeling, Jim Delgrosso, Cigital Inc.
An Introduction to the OWASP Zed Attack Proxy, "Simon Bennetts, OWASP"
11:00-11:15 Break
11:15-12:00 New standards and upcoming technologies in browser security, Tobias Gondrom, IETF WG


Simple Approach to Sepcifying Security Requirements for Online Developments, Alexis Fitzgerald, RITS


A Case Study on Enterprise E-mail (in) Security Solutions, Marian Ventuneac, Genworth Financial
12:00-12:45 Six Key Application Security Program Metrics, Arian Evans, Whitehat Security


A Critical Look at the Classification Schemes for Privacy Risks, Elke Roth-Mandutz and Georg Simon, Ohm University


Testing Security Testing: Evaluating Quality of Security Testing, Ofer Maor, Seeker Security
12:45-13:45 Lunch
13:45-14:45 Keynote: Alex Lucas, Microsoft
14:45-15:00 Break
15:00-15:45 Putting the Smart into Smartphones: Security Testing Mobile Applications, Dan Cornell, Denim Group
Security Design and Coding Reviews for Java Applications using AOP Techniques and Open Source Tools, Srini Penchikala, InfoQ
The Dark Side: Measuring and Analyzing Malicious Activity On Twitter, Daniel Peck & Paul Judge, Barracuda Networks
15:45-16:00 Break
16:00-16:45 Threat modeling of banking malware-based attacks using the P.A.S.T.A. framework, Marco Morana, Cincinnati Chapter Lead & Tony UcedaVelez, VerSprite
PCI DSS v2.0: a new challenge for web application security testing?, Laurent Benameur Sauvaire, Espion, Ltd.
Practical Crypto Attacks Against Web Applications, Justin Clarke, Gotham Digital Science
16:45-17:00 Break
17:00-18:00 Keynote: Ivan Ristic, Qualys
18:00-18:30 Conference Closure and Raffle


Accommodation

The Morgan Hotel:

Stay in one of the best luxury hotels in Dublin, The Morgan, Design hotel is located in Temple Bar. This 4 star Hotel Dublin offers an oasis of calm in a central location. The hotel’s cool modern interiors, chic design and boutique luxury hotel rooms are all part of an experience designed to pamper guests and breathe new life and style into hotel living.

This city centre Dublin hotel is just a few blocks away from Trinity College, Grafton Street, the main shopping thoroughfare, theatres, shopping, music and nightlife along with proximity to the IFSC, Dublin’s main business district. There is no other 4 star hotel Dublin quite like it!


Stay in the heart of the conference action at a hotel specially discounted for its attendees.

Rooms can be booked by emailing [email protected] and quoting OWASP.

The contact in reservations is Bernadette Doyle and you could contact her for special requests at the following number: +353 1 643 7000

Special Rates: €130 Bed & Full Irish Breakfast – Single Occupancy €140 Bed & Full Irish Breakfast – Double Occupancy

Special rate deadline: 6 May 2011

The Morgan Hotel 10 Fleet st, Temple Bar, Dublin 2 Phone: +353 1 6437000 Fax: +353 1 6437060 http://www.themorgan.ie


Trinity College:
Accommodation is also available on the historic campus at Trinity College Dublin, located right in the centre of the city. The bedrooms, many of which have been recently renovated, are excellent value with prices ranging from Euro 55.00 to Euro 100.00 per night. Rooms are serviced daily and continental breakfast is included in room rates.

For more information visite: https://accommodation.tcd.ie/kxHotel/


KartCon EU

It was about time for Europe to host this adrenaline fueled event!

Kylemore Karting, Ireland’s largest indoor Karting arena, has a choice of three 360 mtr tracks with flyovers, underpasses, hills and banked corners waiting for you.

Race for best time – Race for best crash – Race for fun


This is your chance to sit down, strap in and race for the finish line to “Rev Up” for APPSEC EU 2011.

The doors open Wednesday 8th June at 7:30pm and there will be transportation available from Dublin city centre.

More info could be found here:

Kylemore Karting Unit 1A, Kylemore Industrial Estate, Killeen Road, Kylemore, Dublin 10 http://www.kylemore-karting.com

REGISTRATION IS OPEN. Please visit URL below to register:

http://www.regonline.com/owasp_appsec_eu_2011

Challenges

Countdown Challenges -- Free Tickets to Win!

You could check all challenges here: http://www.appseceu.org/?page_id=197


Team

Eoin Keary - eoin.keary 'at' owasp.org
Fabio Cerullo - fcerullo 'at' owasp.org
Fiona Walsh - fiona.walsh 'at' owasp.org
Rahim Jina - rahim.jina 'at' owasp.org
Kate Hartmann - kate.hartmann 'at' owasp.org