This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSecLatam2011"

From OWASP
Jump to: navigation, search
 
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
__NOTOC__  
 
__NOTOC__  
 
+
{{taggedDocument
 +
| type=historical
 +
| link=:Category:OWASP_AppSec_Conference
 +
}}
 
{|
 
{|
 
|-
 
|-
Line 22: Line 25:
 
<br>  
 
<br>  
  
==== Welcome  ====
+
= Welcome  =
  
 
{| style="width: 100%;"
 
{| style="width: 100%;"
Line 80: Line 83:
 
[[Image:FlyerOwasp2011.png]]
 
[[Image:FlyerOwasp2011.png]]
  
==== CFT &amp; CFP  ====
+
=CFT and CFP  =
  
 
== CFT  ==
 
== CFT  ==
Line 106: Line 109:
 
<br>  
 
<br>  
  
==== Keynotes  ====
+
= Keynotes  =
  
 
== '''Keynotes'''  ==
 
== '''Keynotes'''  ==
Line 171: Line 174:
  
  
==== October 4th-5th (Training)  ====
+
= October 4th-5th Training =
  
 
== Schedule  ==
 
== Schedule  ==
Line 218: Line 221:
 
'''About the instructor''':
 
'''About the instructor''':
 
Breno is a computer scientist with over 8 years experience in Information Technology, experienced with a wide range of software development techniques and languages, security systems and network      technologies. Breno brings a deep mathematical education, supporting research and algorithm design for network anomaly detection mechanisms in high-speed networks. Breno is currently a security      researcher for TrustWave Spiderlabs team, also the maintainer of ModSecurity, developement team member of Suricata IDS/IPS. He worked as a computer incidente response team member for the              Telecom Industry in Latin America. Breno resides in Brasília, Brazil.
 
Breno is a computer scientist with over 8 years experience in Information Technology, experienced with a wide range of software development techniques and languages, security systems and network      technologies. Breno brings a deep mathematical education, supporting research and algorithm design for network anomaly detection mechanisms in high-speed networks. Breno is currently a security      researcher for TrustWave Spiderlabs team, also the maintainer of ModSecurity, developement team member of Suricata IDS/IPS. He worked as a computer incidente response team member for the              Telecom Industry in Latin America. Breno resides in Brasília, Brazil.
 +
 +
 +
'''Files''':
 +
 +
[https://www.owasp.org/images/c/ca/AppSec_ModSec_final.pdf AppSec_ModSec_final.pdf]
  
  
Line 271: Line 279:
 
'''Language:''' Portuguese
 
'''Language:''' Portuguese
  
'''Instructor:''' Magno Rodrigues
+
'''Instructor:''' [https://www.owasp.org/index.php/User:Magno_Logan Magno Logan]
  
 
'''Abstract''':
 
'''Abstract''':
Line 322: Line 330:
  
  
==== October 6th  ====
+
= October 6th  =
  
 
<center>
 
<center>
Line 358: Line 366:
 
|-
 
|-
 
| width="14%" height="49" align="right" | 15:10 – 16:00
 
| width="14%" height="49" align="right" | 15:10 – 16:00
| bgcolor="#eeeeee" align="CENTER" | '''Magno Logan'''<br> Segurança em Sites de Compras Coletivas: Economizando dor de cabeça! - [https://www.owasp.org/images/a/ad/Magno_Logan_AppSec_Latam_2011_-_Seguran%C3%A7a_em_Sites_de_Compras_Coletivas.pdf Slides]
+
| bgcolor="#eeeeee" align="CENTER" | '''[https://www.owasp.org/index.php/User:Magno_Logan Magno Logan]'''<br> Segurança em Sites de Compras Coletivas: Economizando dor de cabeça! - [https://www.owasp.org/images/a/ad/Magno_Logan_AppSec_Latam_2011_-_Seguran%C3%A7a_em_Sites_de_Compras_Coletivas.pdf Slides]
 
|-
 
|-
 
| width="14%" height="17" align="right" | 16:00 – 16:20
 
| width="14%" height="17" align="right" | 16:00 – 16:20
Line 377: Line 385:
  
  
==== October 7th  ====
+
=October 7th  =
  
 
<center>
 
<center>
Line 423: Line 431:
 
|-
 
|-
 
| width="14%" height="49" align="right" | 17:10 – 18:00
 
| width="14%" height="49" align="right" | 17:10 – 18:00
| bgcolor="#eeeeee" align="CENTER" | '''Breno Silva and Ryan Barnett'''<br> An Innovative Obfuscated Code Analysis Algorithm
+
| bgcolor="#eeeeee" align="CENTER" | '''Breno Silva and Ryan Barnett'''<br> An Innovative Obfuscated Code Analysis Algorithm - [https://www.owasp.org/images/f/f1/AppSec_ObjF_algo.pdf Slides]
 
|-
 
|-
 
| width="14%" height="17" align="right" | 18:00 – 18:30
 
| width="14%" height="17" align="right" | 18:00 – 18:30
Line 432: Line 440:
  
  
==== Venue  ====
+
= Venue  =
  
 
The event will be held in Porto Alegre, RS, Brazil at [http://www.pucrs.br PUCRS University] - Building 50 Auditorium.
 
The event will be held in Porto Alegre, RS, Brazil at [http://www.pucrs.br PUCRS University] - Building 50 Auditorium.
Line 447: Line 455:
 
<br>
 
<br>
  
==== Registration ====
+
=Registration=
  
 
== Online Registration ==
 
== Online Registration ==
Line 475: Line 483:
 
   
 
   
  
==== Practical Info  ====
+
= Practical Info  =
  
 
== Visitors' Guide  ==
 
== Visitors' Guide  ==
Line 544: Line 552:
 
<br>
 
<br>
  
==== Social Events  ====
+
= Social Events  =
  
 
== Tuesday - 04th october ==
 
== Tuesday - 04th october ==
Line 622: Line 630:
  
  
==== Sponsoring  ====
+
= Sponsoring  =
  
 
We are looking for sponsors for 2011 edition of Global AppSec Latin America. See more details about sponsor opportunities.  
 
We are looking for sponsors for 2011 edition of Global AppSec Latin America. See more details about sponsor opportunities.  
Line 693: Line 701:
 
<br>  
 
<br>  
  
==== Team  ====
+
= Team  =
  
 
<br><center>
 
<br><center>
Line 699: Line 707:
 
<br></center>
 
<br></center>
 
'''From left to right:'''<br>
 
'''From left to right:'''<br>
'''Standing:''' [http://www.appseclatam.org Leonardo Goldim], [http://www.owasp.org/index.php/User:Jeronimo_Zucco Jerônimo Zucco], [http://www.owasp.org/index.php/User:Gustavo_Barbato L. Gustavo C. Barbato], [mailto:[email protected] Alexandre Balestrin Correa], [http://cassiogoldschmidt.com/ Cassio Goldschmidt], [http://www.appseclatam.org Mauricio Pegoraro], [http://www.appseclatam.org Gustavo Simon], [mailto:[email protected] Sarah Baso], [http://www.appseclatam.org Luiz Gava]<br>
+
'''Standing:''' [http://www.owasp.org/index.php/User:Jeronimo_Zucco Jerônimo Zucco], [http://www.owasp.org/index.php/User:Gustavo_Barbato L. Gustavo C. Barbato], [mailto:[email protected] Alexandre Balestrin Correa], [http://cassiogoldschmidt.com/ Cassio Goldschmidt], [http://www.appseclatam.org Mauricio Pegoraro], [http://www.appseclatam.org Gustavo Simon], [mailto:[email protected] Sarah Baso], [http://www.appseclatam.org Luiz Gava]<br>
  
 
'''Crouching:''' [http://www.owasp.org/index.php/User:Sapao Lucas C. Ferreira], [mailto:[email protected] Luciano Madeira], [http://www.appseclatam.org Adriene Barbato], [http://www.owasp.org/index.php/User:Rafael_Dreher Rafael Dreher], [mailto:[email protected] Carolina Nogueira], [http://www.appseclatam.org Maximiliano Soler]
 
'''Crouching:''' [http://www.owasp.org/index.php/User:Sapao Lucas C. Ferreira], [mailto:[email protected] Luciano Madeira], [http://www.appseclatam.org Adriene Barbato], [http://www.owasp.org/index.php/User:Rafael_Dreher Rafael Dreher], [mailto:[email protected] Carolina Nogueira], [http://www.appseclatam.org Maximiliano Soler]
Line 705: Line 713:
  
  
==== Chapter Leader Workshop ====
+
= Chapter Leader Workshop =
  
 
  [https://docs.google.com/document/d/1875PxrASC37IxgclLuK7cE9nfOu4D98p5GwSeYHSgas/edit?hl=en_US Meeting Minutes from Latin America Chapters Workshop]
 
  [https://docs.google.com/document/d/1875PxrASC37IxgclLuK7cE9nfOu4D98p5GwSeYHSgas/edit?hl=en_US Meeting Minutes from Latin America Chapters Workshop]
Line 773: Line 781:
  
  
==== Media Mentions ====
+
= Media Mentions =
  
 
- Jornal Correio do Povo do Rio Grande do Sul:
 
- Jornal Correio do Povo do Rio Grande do Sul:
Line 801: Line 809:
  
  
==== Photos ====
+
=Photos =
  
 
- Event photos:
 
- Event photos:

Latest revision as of 02:25, 28 January 2016


This historical page is now part of the OWASP archive.
This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.
Please use the newer Edition(s) like Category:OWASP_AppSec_Conference


AppSec Brasil 11 medio.png


Language:
Bandeira_reino_unido.png
Bandeira_brasil.png Bandeira_espanha.png


Follow us:
Twitter.png
Facebook.png Linkedin.png


We are pleased to announce that the OWASP Porto Alegre Local Chapter will organize the Global AppSec Latin America 2011 Conference in Porto Alegre-RS, Brazil.

The Global AppSec Latin America 2011 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 200-250 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

A OWASP Global AppSec Latin América 2011 will be happens in Brazil at Porto Alegre city, Rio Grande do Sul state map in October 4th to 7th 2011. The trainings will be in October 04 and 05, and the presentations will be in October 06 and 07.


If you have any questions, please email the conference chair: [email protected]


Who Should Attend Global AppSec Latin América 2011:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security




Owasp-poa-eng.png

Use the #AppSecLatam hashtag for your tweets for Global AppSec Latin America 2011 (What are hashtags?)

@AppSecLatAm Twitter Feed (Follow us on Twitter!) <twitter>262394051</twitter>





FlyerOwasp2011.png

CFT

Read the Call for Trainings in: https://www.owasp.org/index.php/AppSecLatam2011/CFT

We are doing a research about subjects of the trainings. You can help us, answering the questions in the follow address:

http://www.surveymonkey.com/s/3RCZ9RR

CFP

Read the Call for Presentations in: https://www.owasp.org/index.php/AppSecLatam2011/CFP


Program Committee

  • Leandro Gomes
  • Leonardo Buonsanti
  • Leonardo Lemes
  • Luiz Eduardo
  • Luiz Otávio Duarte


Keynotes

Bryan Sullivan



Bryan-sullivan.jpg Bryan Sullivan is a Senior Security Researcher with Adobe Systems, where he focuses on cloud security issues. Prior to Adobe, he was a program manager on Microsoft's Security Development Lifecycle team, and a development manager at HP, where he helped to design HP's vulnerability scanning tools WebInspect and DevInspect.

Bryan has spoken at security industry conferences such as Black Hat, RSA Conference, BlueHat and TechEd on a diverse range of topics including NoSQL, RIA architecture, REST, cryptography, denial-of-service defense, URL rewriting, and applying secure development processes to Agile projects. He was the author of the MSDN Magazine column Security Briefs, and is the coauthor of the books Ajax Security (Addison-Wesley, 2007) and the upcoming Secure Web Applications, A Beginner's Guide (McGraw-Hill, 2011). Linkedin


Michael Craigue



MichaelCraigue.jpg Michael Craigue (CISSP/CSSLP) is Director of the Security Consulting group at Dell, with 14 team members in Brazil, India, Malaysia, and the US. He and his team have responsibility for consulting with all of Dell’s internal organizations, including IT, Product Group, Services, and Mergers and Acquisitions, with a particular focus on the Secure Software Development Lifecycle. He has taught Database Management and Business Intelligence / Knowledge Management at St. Edward’s University in their MBA / MS CIS programs. Prior to joining Dell’s information security team, he spent a decade building Web and database applications. He has a PhD from the University of Texas at Austin in Higher Education Administration / Finance. Linkedin


Guest Speakers

Chris Evans



ChrisEvans1.png Chris Evans - Troublemaker, Google Inc. Chris Evan is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. His work includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at http://scarybeastsecurity.blogspot.com. At Google, Chris currently leads security for Google Chrome. He has presented at various conferences (PacSec, HiTB Dubai, HiTB Malaysia, BlackHat Europe, HiTB Amsterdam, OWASP, etc.) and is on the HiTB and WOOT paper selection panels. Linkedin


Dinis Cruz



Dcruz-resized-137.jpg Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.

For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the OWASP O2 Platform which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers).

Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (acquired by IBM), performing Web Application security assessments on a large number of languages/technologies/frameworks and being a very active participant and enabler at OWASP.

Dinis is an active trainer on .Net security, having written and delivered courses for Ounce Labs, IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat). Dinis has also delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences.

At OWASP, Dinis is currently the leader of the OWASP O2 Platform project and was previous involved with: OWASP Projects Committee, OWASP Connections Committee and OWASP Foundation Board (were he was been a key driver on a number of major OWASP Initiatives: OWASP Summit 2011 OWASP Seasons of Code, OWASP Summit 2008, OWASP Community building and OWASP Chapter-lead Training) Linkedin


Schedule

Training 1 - ModSecurity Training

Date: October 5th 2011 - 9AM to 5:30PM

Language: Portuguese

Instructor: Breno Silva

Requisites: Notebook/desktop with VMware/VMplayer, because one virtual machine image will be used by the instructor.

Abstract: This is a Hands-On traning about ModSecurity (WAF). People in this class will learn the main topics of ModSecurity, including installation, modes of deployment, configuration, rule customization and logging.

1. O que é ModSecurity?

 *     Como instalar
 *     Arquiteturas
 *     Exercicio 1

2. Configurando ModSecurity

 *     Principais diretivas de configuração
 *     Core Rule Set (CRS)
 *     Exercicio 1
 *     Exercicio 2

3. Customizando regras

 *     Sintaxe
 *     Fases
 *     Principais variáveis
 *     Principais operadores
 *     Principais ações
 *     Funções de transformação
 *     Exercicio 1
 *     Exercicio 2
 *     Exercicio 3
 *     Exercicio 4

4. Logging

 *     Entendendo as Log parts
 *     Exercicio 1

About the instructor: Breno is a computer scientist with over 8 years experience in Information Technology, experienced with a wide range of software development techniques and languages, security systems and network technologies. Breno brings a deep mathematical education, supporting research and algorithm design for network anomaly detection mechanisms in high-speed networks. Breno is currently a security researcher for TrustWave Spiderlabs team, also the maintainer of ModSecurity, developement team member of Suricata IDS/IPS. He worked as a computer incidente response team member for the Telecom Industry in Latin America. Breno resides in Brasília, Brazil.


Files:

AppSec_ModSec_final.pdf



Training 2 - Introduction to Web Application Security

Date: October 5th 2011 - 9AM to 5:30PM

Language: Portuguese

Instructor: Wagner Elias

Requisites: Notebook/desktop with VMware/VMplayer, because one virtual machine image will be used by the instructor.

Abstract:

This training will help you will gain skills on how to assess applications from a hacker's point of view, understand application security vulnerabilities and learn how to close these security holes in your Java or .Net applications so they are never exploited by a hacker. This intensive one day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.

Hands on

The students will participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities and then use proxy tools (i.e., Webscarab) to complete the exercises.

About the instructor:

Wagner Elias tem ampla experiência na condução de projetos em IT Security com projetos desenvolvidos em empresas dos mais diversos segmentos. É fundador do capítulo brasileiro da OWASP (Open Web Application Security Project); ocupou o cargo de diretor de conteúdo na gestão 2006-2008 e de eventos da gestão 2008-2010 do capítulo brasileiro da ISSA (Information System Security Association). É co-fundador e sócio da Conviso Application Security, onde atua como CTO (Chief Technical Officer), responsável pela gestão de pesquisa e desenvolvimento de projetos de consultoria em segurança de aplicações.



Training 3 - Introdução à criptografia ilustrada em Java para programadores web

Date: October 5th 2011 - 9AM to 5:30PM

Language: Portuguese

Instructor: Alexandre Melo Braga

Abstract: A criptografia é a única tecnologia capaz de proteger dados em trânsito. O mimicurso terá o seguinte conteúdo geral: criptografia simétrica, criptografia assimétrica, modos de operação de cifras de bloco, funções de hash, funções MAC, geradores números pseudo-aleatórios e protocolos de acordo de chaves e SSL. Uma vez que se trata de um treinamento para programadores, todo o conteúdo será exemplificado em Java e será dada ênfase à identificação de maus usos de criptografia. O minicurso tem o aspecto prático de que todos os programas serão manipulados no treinamento, não apenas e PPT.

About the instructor: Professor de graduação em tecnologia e segurança por 10 anos Professor de pós-graduação em desenvolvimento seguro de software e criptografia há 5 anos. Autor de diversos artigos científicos Instrutor de diversos treinamentos para organizações privadas no Brasil e no exterior assim como para instituições educacionais.



Training 4 - OWASP Top 10 + Java EE

Date: October 4th 2011 - 9AM to 5:30PM

Language: Portuguese

Instructor: Magno Logan

Abstract: The goal of this training is to give a better understanding about the top 10 risks that are more critical to web applications using the OWASP Top 10 v.2010 document, that describes them, their impacts and how to avoid them. We will go through all 10 risks, showing what they are with practical examples and detailed explanation. Participants will have the opportunity to practice the search and fixing of theses risks with a vulnerable web application called WebGoat, which is also an OWASP Project developed in Java EE. All the examples will be in Java, so previous knowledge of this programming language is a plus but not mandatory.

About the instructor: Magno Rodrigues de Oliveira é Líder e Fundador do Capítulo da OWASP na Paraíba. Pós-Graduando em Segurança da Informação pela Faculdade de Tecnologia de João Pessoa. Realizou um curso de 1 (um) ano em Forense Computacional em Nova York, EUA. Formado em Tecnologia em Sistemas para Internet pelo Instituto Federal de Educação, Ciência e Tecnologia da Paraíba. Trabalha atualmente como Analista de Sistemas da Politec, prestando serviços para a Secretaria de Estado da Receita da Paraíba.

Files:

Magno_Logan_OWASP_Top_10_-_2010_for_JavaEE.pdf

Magno_Logan_AppSec_Latam_2011_-_OWASP_Top_10_%2B_JavaEE.pdf



Training 5 - Protecting Java Web Applications against known (and unknown) vulnerabilities with the new Mod_Security for Java. - CANCELED

Date: October 4th 2011 - 9AM to 5:30PM

Language: Spanish

Instructor: Juan Carlos Calderon



Training 6 - Uso da OWASP ESAPI (Enterprise Security API) para prover segurança em aplicações Web

Date: October 4th 2011 - 9AM to 5:30PM

Language: Portuguese

Instructor: Tarcizio Vieira Neto

Abstract: A evolução da tecnologia no desenvolvimento de aplicações WEB tem contribuído com o aumento significativo do uso dessa tecnologia para atender os mais diversificados propósitos. Porém, essa tecnologia está sujeita a diversas vulnerabilidades de segurança críticas, principalmente quando pesquisas recentes apontam que a maioria das vulnerabilidades estão presentes na própria aplicação. A biblioteca ESAPI (Enterprise Security API), da OWASP, surge neste cenário como uma biblioteca de segurança open source disponível para diversas linguagens, como Java EE, PHP, .NET, ASP Clássico, Python, Ruby, entre outras. O minicurso aborda de modo prático as vulnerabilidades causadas por erros comuns no desenvolvimento de aplicações e os mecanismos de controle de segurança providos pela biblioteca ESAPI com o foco na tecnologia Java. Os princípios gerais aprendidos no curso podem ser aplicados no contexto das demais linguagens de programação.


About the instructor: Tarcizio Vieira Neto é graduado em Ciência da Computação pela Universidade Federal de Goiás (UFG), em Goiânia. Atualmente trabalha no SERPRO, desde novembro de 2009, como Analista de Desenvolvimento, na Coordenação Estratégica de Tecnologia CETEC, desenvolvendo trabalhos sobre o tema segurança no desenvolvimento de aplicações, envolvendo aspectos processuais e técnicos, como também participa da prospecção de ferramentas que dão suporte à segurança no desenvolvimento de aplicações Web. Participou também como instrutor no treinamento de novos empregados e auxiliou na elaboração do material do curso em Ensino a Distância na universidade corporativa do SERPRO (UniSERPRO). Participou da primeira versão da tradução do OWASP Secure Coding Principles Quick Reference Guide, para o português brasileiro e liderou o projeto de revisão da tradução do mesmo documento. Possui especialização em gestão da segurança da informação pela Universidade de Brasília (UnB).


Files:

TarcizioNeto_AppSecBR2011_utilizando_API_ESAPI_Tarcizio.pdf


Schedule October 6th

08:00 – 08:40 Registration
08:40 – 09:10 Tom Brennan
OWASP "Where we are.. Where we are going" - Slides
09:10 – 10:00 Bryan Sullivan
You Are Not Amy Winehouse: A New Plan for Reaching the Developer Community
10:00 – 10:50 Rodrigo Montoro
HTTP Header Hunter - Looking for malicious behavior into your http header traffic
10:50 – 11:10 Coffee-Break offered by Dell
11:10 – 12:00 Alexandre Braga
Como não escolher a sua senha! Será a senha gráfica o futuro das senhas? - Slides
12:00 – 12:50 Maximiliano Soler
Mantra: The Security Framework Slides
12:50 – 14:20 Lunch
14:20 – 15:10 Chris Evans
Dosh4vulns -- Google's vulnerability reward programs
15:10 – 16:00 Magno Logan
Segurança em Sites de Compras Coletivas: Economizando dor de cabeça! - Slides
16:00 – 16:20 Coffee-Break
16:20 – 17:10 Tarcizio Vieira Neto
Modelo de processo para desenvolvimento de aplicações seguras - Slides
17:10 – 18:00 Rob Rachwald and Noa Bar-Yosef
Cyber Vigilantes: How Security Researchers Are Hurting the Business of Hacking - Slides
18:00 – 18:30 Closing



Schedule October 7th

08:00 – 08:40 Registration
08:40 – 09:10 Lucas Ferreira
Segurança na Web: Uma janela de oportunidades - Slides
09:10 – 10:00 Michael Craigue
Security Development Lifecycle: A History in 3 Acts - Slides
10:00 – 10:50 Tom Brennan
Global Security Report / Caipirinha Security Recipe - Slides
10:50 – 11:10 Coffee-Break offered by Software Express
11:10 – 12:00 Mauro Flores
Proyectos OWASP para cumplir con PCI - Slides
12:00 – 12:50 Klaubert Silveira
WAF:FLE, ModSecurity como você nunca viu - Slides
12:50 – 14:20 Lunch
14:20 – 15:10 Dinis Cruz
Making Security Invisible by Becoming the Developer's Best Friends - Slides
15:10 – 16:00 Wagner Elias
Automatizando análise passiva de aplicações web - Slides
16:00 – 16:20 Coffee-Break
16:20 – 17:10 Rafael Brinhosa
Segurança de Aplicações, para sua organização ainda não é prioridade? - Slides
17:10 – 18:00 Breno Silva and Ryan Barnett
An Innovative Obfuscated Code Analysis Algorithm - Slides
18:00 – 18:30 Closing



The event will be held in Porto Alegre, RS, Brazil at PUCRS University - Building 50 Auditorium.
You can check the location at Google Maps
Parking guide: http://www3.pucrs.br/portal/page/portal/pucrs/Capa/Noticias?p_itemid=5763486
Mapapuc.jpg

Predio501.jpg
Predio503.jpg
Predio502.jpg

Online Registration

Registration form is available at http://registration2011.appseclatam.org/

Conference Fees

Access to conference:

  • Before Aug 31st: 250.00 BRL
  • Before Sep 30th: 350.00 BRL
  • After Oct 1st: 450.00 BRL

Trainings

  • One day: 450.00 BRL
  • Two days: 900.00 BRL

Please check the registration form for information about conference packages.

Discounts

  • OWASP Member: 100.00 BRL (Note: This discount is greater than the OWASP USD 50.00 annual fee. Check here
  • Student: 100.00 BRL (Note: student ID required).
  • Special discounts available for groups registrations. Please send inquiries to [email protected]


Visitors' Guide

Gate for tourists in the state of Rio Grande do Sul in Brazil, and only 120 miles from the pleasant Serra Gaucha, Porto Alegre is a bustling hub of services and infrastructure with quality recognized, and a base of large national and international companies and a major destination for international events in Brazil.

Usefull links:

http://www2.portoalegre.rs.gov.br/turismo

https://secure.wikimedia.org/wikipedia/en/wiki/Porto_Alegre

Um passeio pela capital



60 Minutes recent report about Brazil and his development potencial:


Tourist video about Porto Alegre City:

Electric Outlet

Tomadas_diversas.jpg
Reference: http://omegatek.blogspot.com/2010/05/novo-padrao-de-tomadas-brasileiras.html

Weather

Climatempo.png
Source: Climatempo

Trip

Accommodation

NOVOTEL PORTO ALEGRE (Oficial hotel of event)
Av. Soledade, 575
Três Figueiras
Phone: (51) 3327-9292
E-mail: [email protected] Táxi Cootaero from airport to Novotel: R$30,00 ( phone 3358-2500)

Single / Double
R$243,00 / R$289,00
Cortesy breakfast

General Conditions
. Diárias expressas em reais (R$), por dia e por apartamento; . Diárias iniciam e terminam às 12 horas; . Taxa de Turismo (opcional) - R$2,50 por dia/apartamento; . Imposto Municipal: acrescer 5% ISS; . O acesso à internet nas áreas sociais e nos apartamentos é cortesia; . Estacionamento: R$16,00 por carro ao dia (com manobrista); . Terceira pessoa no apartamento: Mediante disponibilidade. Cobrada taxa diária de R$47,00 + 5% ISS e será acomodada em cama extra ou sofá cama; . Forma de Pagamento: Depósito antecipado ou pagamento direto; . Garantia de No Show: Todas as reservas deverão ter garantia de no show. Em caso de não comparecimento, poderá ser cobrado o período integral reservado; . Não aceitamos cheques; . Duas crianças de até 16 anos no Novotel e uma criança de até 12 anos no Mercure acompanhadas dos pais/responsáveis no mesmo apartamento serão cortesia. Necessária apresentação de documentação de identificação no check-in; . Valores pagos não serão reembolsáveis ou dados como créditos para próximas hospedagens;

Map link:
http://maps.google.com.br/maps?hl=pt-BR&um=1&ie=UTF-8&q=novotel+porto+alegre&fb=1&gl=br&hq=novotel&hnear=0x9519784e88e1007d:0xc7011777424f60bd,Porto+Alegre+-+RS&cid=0,0,11722004907679800889&ei=GKn4TfaHDIP20gGF9pXDCw&sa=X&oi=local_result&ct=image&resnum=1&ved=0CDAQnwIwAA

Novohotel.jpg

Free transfer Novotel - PUC - Novotel


Food


Restaurant Panorama Gastronômico
5% off to OWASP AppSecLatin America 2011 participants
Avenida Ipiranga, 6681 - prédio 41, 4º andar, PUC-RS
Bairro: Jardim Botânico
CEP: 90619900
Phone: 3339-2446
Sits: 650 lugares
Open at: 11h15/14h (close sunday)
http://www.panoramagastronomico.com.br

Tuesday - 04th october

Happy hour at 19 o'clock, in Cachaçaria Água Doce

Avenida Carlos Gomes, 1581 - Petrópolis Porto Alegre - RS, 90480-005, Brazil (0xx)51 3338-8261 http://www.hagah.com.br/rs/porto-alegre/local/23426,2,agua-doce-cachacaria.html
Dinner recomendation: Rodizio de Escondidínho - R$ 26.90 per person.
Drink: Cachaça, a tipical brasilian drink.

Wednesday - 05th october

Dinner (starts 19:30h) at CTG 35 with dance presentation at 21:00. Oficial Site: http://www.35ctg.com.br

Thursday - 06th october

Official Party and PoaSec 14.0
Location: Meat Club
Address: Castro Alves St., 825 - Windmills - Porto Alegre - RS - http://www.meatclub.com.br
Time: From 22h
Book your ticket in advance with Leonardo Goldim, only 150 will be available

Friday - 07th october

Happy hour after the conference, 19:30h.
Where: Faro Dinning Room and Bar
Address: Padre Chagas St, 32 Moinhos de Vento, Porto Alegre / RS
http://www.farobar.com.br Drink: Free welcome drink Mezzanine is reserved for OWASP AppSec Latam

Saturday - 08th october

Travel to Gramado and Canela in the day and Oktoberfest in Santa Cruz at night, with guide in english/portuguese.
- Sugestions places to visiti in Gramado and Canela: Lago Negro, Caracol, Chocolates Floribal, Catedral de Pedra, parada na Rua Coberta, Alpen Park.
- Estimated value is 150 reais, including the travel, colonial-coffe in Gramado and Oktoberfest ticket.
PS: Make your reservation with urgency, there will be just 42 sits in the bus.

07-08-2011-FestivalDeCinemaDeGramado0302-600x397.jpg Gramado-2.jpg Canela-cascata.jpg max1223472660Portico_da_Oktoberfest___Cedito__System_Lab.jpg

Sunday - 09th october

Sugestions:

In the morning: City Tour (R$ 15 reais)
http://www2.portoalegre.rs.gov.br/turismo/default.php?p_secao=285



Lunch: Restaurante Costela no Rolete
Rua Marcílio Dias, 965
Bairro: Menino Deus
ZIP: 90130001
Phone: 3235-1896 e 3061-2155
Sits: 96 sits
Schedule: 11h30/15h e 18h30/0h (sáb. e dom. só almoço; fecha seg.)
R$ 26,00/person
Especialty: Costela 12hs
http://vejabrasil.abril.com.br/porto-alegre/restaurantes/costela-no-rolete-29395


Afternoon: Soccer: Inter vs Vasco
16 hs, Beira-Rio Stadium
Valid for Brazilian Soccer Championship
imagem_ca8b12eb8c.jpg


We are looking for sponsors for 2011 edition of Global AppSec Latin America. See more details about sponsor opportunities.

If you are interested to sponsor Global AppSec Latin America 2011, please contact the conference chair: [email protected].

To find out more about the different sponsorship opportunities please check the document below:
OWASP AppSec 2011 Sponsorship English.pdf


Diamond Sponsors


Elipse logo3.png


Gold Sponsors


Logoglobo.png   IT2S.png   LogoSymantec.png   Trustwaveappseclatam.jpg


Silver Sponsors


Adobe logo5.png   PUCRS2.jpg


Conference Kit Sponsors


LogotipoConvisoCor.png   LgClavis.jpg   Logosecplusp.png


Simultaneous Translation


Traduzca.png


Coffee Break Sponsors

LogoDell.png   Logosoftwareexpress.png


Speaker's Lunch Sponsors

Logodefenda2.png


Institutional Sponsors

Csa br.jpg   Sucesurs.png


Local Promotion


Logo-PoaSec2.png


Meeting Minutes from Latin America Chapters Workshop


What is the Chapter Leader Workshop?

On Wednesday, October 5,2011 at 13:30h-16:30h the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. Please note that this Workshop will take place on the day before the Conference starts.


Items that will be discussed are:

  • How to improve the current Chapter Leader Handbook?
  • How to start and support new chapters within Latin America?
  • How to support inactive chapters within Latin America?
  • What Governance model is required for OWASP chapters?
  • How can the Global Chapters Committee facilitate the Latin American chapters?
  • ...


Additionally we hope to make time and space available to do hands-on work revising the Chapter Leader Handbook, details TBA.


Funding to Attend the Workshop

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Latin America, please submit a request to Tin Zaw and Sarah Baso by August 22, 2011.


Funding for your attendance to the workshop should be worked out in the following order.

  1. Ask your employer to fund your trip to AppSec Latin America conference.
  2. Utilize your chapter funds.
  3. Ask the chapter committee for funding assistance.


While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After August 22, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP.


RSVP, Remote Participation, and Details

To RSVP and view more details about the Workshop, go to the AppSecLatam2011 chapters workshop agenda.


Instructions for remote participation:

  • Join meeting, Wednesday, October 05, 2011 at 4:30 PM GMT/UTC (the meeting will be held at 1:30pm local time in Porto Alegre).

https://www3.gotomeeting.com/join/196835662


  • Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

Dial +1 (630) 869-1013
Access Code: 196-835-662
Audio PIN: Shown after joining the meeting

Meeting ID: 196-835-662


Local

Room 208 at PUC-RS building 50.


Contact

Email Sarah Baso or Tin Zaw for more details.


- Jornal Correio do Povo do Rio Grande do Sul:

 - Segurança virtual é meta de internautas http://www.correiodopovo.com.br/Impresso/?Ano=117&Numero=10&Caderno=0&Noticia=346308
 - Edição Impressa do Jornal Correio do Povo


- TVCOM RS

 - Entrevista com Diniz Cruz http://www.youtube.com/watch?v=2p2rTSH_pdk&feature=youtu.be


- Site Baguete:

 - Porto Alegre sedia AppSec 2011 http://www.baguete.com.br/noticias/software/05/10/2011/porto-alegre-sedia-appsec-2011


- Site www.seg.com.br:

- Brasil Irá Sediar Maior Encontro Global de Segurança de Aplicações Web 
http://www.segs.com.br/index.php?option=com_content&view=article&id=49988:-brasil-ira-sediar-maior-encontro-global-de-seguranca-de-aplicacoes-web&catid=48:cat-info-ti&Itemid=329


- Site www.elipse.com.br

- AppSec Brasil 2011, evento patrocinado pela Elipse Software, debateu as melhores práticas e soluções de defesa contra ataques na internet em Porto Alegre 
http://www.elipse.com.br/noticia_int.aspx?id=923&idioma=1