This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "AppSecLatam2012"

From OWASP
Jump to: navigation, search
m (Testing if I have write access. Updated call for presentations due date.)
(Added presentations (subject to approval from presenters))
Line 198: Line 198:
 
<br>
 
<br>
  
 +
= Presentations =
 +
 +
These are the selected presentations and are subject to confirmation from presenters.
 +
 +
{|
 +
|-
 +
| width="180" align="center" | '''Name'''
 +
| width="600" align="justify" | '''Presentation'''
 +
|-
 +
|- <br/> || <br/>
 +
|-
 +
|'''Alex Bauert''' || Assessing Application Security Risk
 +
|-
 +
|'''Sebastian Bortnik''' || Malware en dispositivos móviles.
 +
|-
 +
|'''Flavio de Cristofaro''' || Password Security Policies - Lessons learned from recent password leaks
 +
|-
 +
|'''Mauro Flores''' || OWASP Mobile Top 10
 +
|-
 +
|'''Dario Gomez''' || Resource Certification: "Implementation Challenges"
 +
|-
 +
|'''Mennouchi Islam''' || Presentation Of The OWASP ODZ Multi CMS Scanner
 +
|-
 +
|'''Mateo Martínez''' || A real ZAP story
 +
|-
 +
|'''Francisco Nunes''' || Critérios para Institucionalizar Segurança em Processos de Desenvolvimento de Software
 +
|-
 +
|'''Andres Riancho''' || Web Application Scanning the Internet
 +
|-
 +
|'''Andres Riancho''' || Understanding HTML5 security
 +
|-
 +
|'''Nicolas Rodriguez''' || Don't try to block out the sun with your fingers\!: Information harvesting with Test-driven development tools and understanding how to avoid it
 +
|-
 +
|'''David Schekaiban''' || Lo doloroso de la era cibernética: ataque, crimen, espionaje, activismo y guerra.
 +
|-
 +
|'''Raja Sekhar''' || Templates to Derive Security Metric based on Attack Patterns
 +
|-
 +
|'''Breno Silva''' || Reducing Web Application Attack Surface with a HMAC based protocol
 +
|-
 +
|'''Tony UcedaVelez''' || Using PASTA as a core ingredient to web application threat modeling
 +
|-
 +
|'''Felipe Zipitria''' || How dynamic have been static checking?
 +
 +
|}
  
 
= Venue  =
 
= Venue  =

Revision as of 02:20, 17 September 2012



OWASPLatam Banner Screenshot.JPG

We are pleased to announce that the OWASP Uruguay chapter will host the OWASP AppSec Latam 2012 conference in Montevideo, Uruguay at ANTEL National Telco Company. The event will be composed of 2 days of training (November 18-19), followed by 2 days of conference talks (November 20-21).


The Global AppSec Latin America 2012 Conference will be a reunion of Information Security latin american leaders, and will present cutting-edge ideas. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 200-250 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.


If you have any questions, please email the conference committee: [email protected]


Who Should Attend Global AppSec Latin América 2012:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security




                                                                                                                              OWASPL Latam2012 Logo.JPG

Use the #AppSecLatam hashtag for your tweets for AppSec Latin America 2012 (What are hashtags?)

@AppSecLatAm Twitter Feed (follow us on Twitter!) <twitter>262394051</twitter>


Call for Training

Submit your Training Proposal here: Call for Training Submission Form


Please carefully fill out the CFT form to submit your training proposal for consideration at OWASP AppSec Latam 2012 in Montevideo, Uruguay.


The training will be held November 18th and 19th, 2012 (Sunday and Monday) at the ANTEL National Telco Company located in downtown Montevideo (conference talks are November 20th and 21st). Training courses will be one (8 hours) or two (16 hours) days. We will post your Display Name, Biography, Training Title, and Training Summary to the appseclatam.org site if your talk is selected. If you provide a URL or Twitter handle, we will post that if your training is selected, too.


The deadline for this Call for Training is August 24, 2012. If your training is selected, we will contact you to confirm, and need your completed Training Instructor Agreement before we open your class for registration.


Trainers get a 40% cut of the training revenue. Price for trainees will be $800 (USD) for a 2-day training course and $400 (USD) for a 1-day training course).


If you would like to submit multiple training proposals, please make multiple separate form submissions.


Trainers will receive one free admission (nontransferable) to the conference in return for delivering a one or two day training course.


Training Instructor Agreement

By submitting your training proposal through our CFT, you are consenting to stay within the guidelines of the Training Instructor Agreement. We will ask you to sign and complete the Agreement and email it back to us if your talk is selected and you accept.


Training Instuctor Agreement


Questions?

Please contact us at [email protected] with any questions!


Call for Papers

Submit your Talk Proposal here: Call for Papers Submission Form


Please carefully fill out the CFP form to submit your talk for consideration at OWASP AppSec Latam 2012 in Montevideo, Uruguay.

The talks will be held November 20th and 21st, 2012 at the ANTEL National Telco Company located in downtown Montevideo (training is November 18th and 19th). Talks will be 50 minutes each. We will post your Display Name, Biography, Talk Title, and Talk Abstract to the appseclatam.org site if your talk is selected. If you provide a URL or Twitter handle, we will post that if your talk is selected, too.


The deadline for this Call for Papers is September 7, 2012. If your talk is selected, we will contact you to confirm, and we will expect that your slides and other material will be sent to us no later than November 16, 2012 for our peer review. We peer review slides and other material for inclusion on the conference website (post-conference) and to verify general conformance to OWASP conference presentation guidelines.


If you would like to submit multiple presentations, please make multiple separate form submissions.


Speakers will receive free admission (nontransferable) to the conference in return for delivering a 50 minute talk.


Speaker Agreement

By submitting your proposal for a talk/paper through our CFP, you are consenting to stay within the guidelines of the speaker agreement: https://www.owasp.org/index.php/Speaker_Agreement


Questions?

Please contact us at [email protected] with any questions!


Jerry Hoff



Jerry.png "Building Security Into Frameworks: Who is doing it right": In this talk, Jerry Hoff, VP of the Static Code Analysis Division at WhiteHat Security, will discuss the importance of security controls in mobile and web frameworks. The talk features a tour through a spectrum of languages and frameworks. A tip of the hat will be given to frameworks and security controls that demonstrably mitigate vulnerabilities, resulting in more secure code. A wag of the finger will be given to frameworks that either lack essential security controls, or implement them improperly.

Many of the OWASP Top 10 vulnerabilities and their corresponding security controls will be discussed. Participants will walk away with a better understanding of the security libraries available across a wide array of popular web technologies.


Jerry Hoff is the VP of the Static Code Analysis Division at WhiteHat Security. Prior to joining WhiteHat, he was a co-founder and managing partner at Infrared Security. Jerry has worked at a number of fortune ten financial firms, along with years of hands-on security consulting, where he specialized in manual code review, web application penetration testing, and architecture reviews. Jerry also has years of development and teaching experience. He taught for over seven years at Washington University's CAIT program, and the microcomputer program at University of Missouri in St. Louis. Jerry is the writer/producer of the popular OWASP Appsec Tutorial Series and the lead developer for the WebGoat.NET project.


Pravir Chandra



PravirChandra_Headshot.jpg Everything you know about Injection Attack is wrong: This casual talk will take a look at several mundane vulnerabilities that we all know about and ask a few deeper questions. What are the underlying mechanisms? Does our advice on preventing them *actually* work? Is there a better way when you think of software design patterns? By the end, we’ll challenge the audience to think past the surface of these code vulnerabilities and hopefully learn a little about how the right abstraction model can save tons of security headaches.


Pravir Chandra is a veteran in the security space and a long-time OWASP contributor, including his role as the creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project. Currently as security architect for the CTO of Bloomberg, he drives proactive security initiatives that demonstrate concrete value for the firm. Prior to this, Pravir was Director of Strategic Services at HP/Fortify where he lead software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.


Cristian Borghello



Cristian-borghello-P.jpg Cristian F. Borghello, es Licenciado en Sistemas, desarrollador, Certified Information Systems Security Professional (CISSP) y Microsoft MVP Security (Most Valuable Professional).

Actualmente es Director de Segu-Info y se desempeña como consultor independiente en Seguridad de la Información. Escribe para diversos medios especializados e investiga en forma independiente sobre Seguridad Informática y de la Información. Ha disertado se congresos y seminarios nacionales e internacionales sobre la temática. El interés por la Seguridad Informática y su investigación lo ha llevado a mantener este sitio: http://www.segu-info.com.ar/


Hernán M. Racciatti



Photo Hernan Racciatti.jpg Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security.

Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field.

Among his contributions to the community, should be noted: active participation as a collaborator in some ISECOM´s project (OSSTMM-Open Source Security Testing Methodology Manual and Hacker High School), OISSG (ISSAF – Information Systems Security Assessment Framework), the development of small tools designed to secure information systems and several papers, articles and technical documents written for digital and print publications whit national and international circulation.

During last year, he found and reported vulnerability in major commercial products.

Hernan Marcelo Racciatti is member of the Core Team at ISECOM (Institute for Security and Open Methodologies), ISSAF Key Contributor at OISSG (Open Information System Security Group), President of CSA (Cloud Security Alliance) Argentina Chapter, Executive Committee Member of the ONG Argentina Cibersegura, ISSA (Information Systems Security Association) and OWASP (Open Web Application Security Project) Buenos Aires Chapter Member.

Learn more about Hernan at http://www.hernanracciatti.com.ar/


These are the selected presentations and are subject to confirmation from presenters.

Name Presentation
Alex Bauert Assessing Application Security Risk
Sebastian Bortnik Malware en dispositivos móviles.
Flavio de Cristofaro Password Security Policies - Lessons learned from recent password leaks
Mauro Flores OWASP Mobile Top 10
Dario Gomez Resource Certification: "Implementation Challenges"
Mennouchi Islam Presentation Of The OWASP ODZ Multi CMS Scanner
Mateo Martínez A real ZAP story
Francisco Nunes Critérios para Institucionalizar Segurança em Processos de Desenvolvimento de Software
Andres Riancho Web Application Scanning the Internet
Andres Riancho Understanding HTML5 security
Nicolas Rodriguez Don't try to block out the sun with your fingers\!: Information harvesting with Test-driven development tools and understanding how to avoid it
David Schekaiban Lo doloroso de la era cibernética: ataque, crimen, espionaje, activismo y guerra.
Raja Sekhar Templates to Derive Security Metric based on Attack Patterns
Breno Silva Reducing Web Application Attack Surface with a HMAC based protocol
Tony UcedaVelez Using PASTA as a core ingredient to web application threat modeling
Felipe Zipitria How dynamic have been static checking?

AppSec Latam 2012 will be held in downtown Montevideo, Uruguay at the Antel National Telco Company. Directions are available through: Google Maps

The conference training and talks will be held in the conference auditorium and interactive room, which are adjacent to the Antel Tower.

Antel Tower:

Antel National Telco Building.jpg


Antel Telco Auditorium (left) and Auditorium main entrance (right):

Antel Telco Venue Auditorium.jpg Antel Telco Main Entrance to Auditorium.jpg


Inside the Auditorium (left) and Interactive Room (right):

Antel Telco Auditorium 02.jpg Antel Telco Interactive Room 02.jpg]

Conference Fees

Access to conference:

  • Before Sept 30th: 3200.00 UYU (approx. 150.00 USD)
  • Before Oct 31st: 4250.00 UYU (approx. 200.00 USD)
  • After Nov 1st: 5300.00 UYU (approx. 250.00 USD)


Trainings

  • One day: 8500.00 UYU (approx. 400.00 USD)
  • Two days: 17000.00 UYU (approx. 800.00 USD)


Discounts

  • OWASP Member: 50.00 USD (Note: This discount is equal to the cost of becoming an OWASP paid Member.)
  • Student: 1600.00 UYU (approx. 75.00 USD). Note: student ID or other proof of current student status is required.
  • Special discounts available for groups registrations. Please send inquiries to [email protected].


Online Registration

Registration is not yet available for this event. Check back the beginning of September for registration details.


We are looking for sponsors for 2012 edition of Global AppSec Latin America.


If you are interested to sponsor Global AppSec Latin America 2012, please contact the conference team: [email protected]


To find out more about the different sponsorship opportunities please check the document below:
OWASP AppSec Latam 2012 Sponsorship Options - English


Venue Sponsor


Logo Antel.jpg



Accommodation

We are currently in the process of negotiating a group rate with one or two local hotels. Please check back for details on those group rates.


TBA


About the Workshop

2012 Chapters Workshop to be held at the Conference Venue on the afternoon of November 19th, 2012 (the day before the conference)

  • September 17th - AppSec Latam Chapters workshop sponsorship applications due
  • September 21 - Applicants notified of status


We plan to start with a 1.5 hour session including an overview of the chapter handbook. This session will be video taped and available for chapter leaders to use in their local chapters (or to be viewed by those unable to attend). The second part of the workshop will be a roundtable discussion on regional issues and challenges, with a goal of working together to create solutions. If you are interested in participating in either of these workshops, please register for the conference and select this workshop, please register for the Conference and select the optional session "chapter leaders workshop" as part of the registration process. Remember that conference attendance is free for current chapter and project leaders.


Info about last year's workshop: Meeting Minutes from Latin America Chapters Workshop 2011


Sponsorship to Attend the Chapters Workshop

If you need financial assistance to attend the Chapter Leader Workshops please submit a request to via the Contact Us Form http://owasp4.owasp.org/contactus.html by the application deadline for each of the events.

  • September 17th - AppSec Latam Chapters workshop sponsorship applications due
  • September 21 - Applicants notified of status


Additional Information for Applicants:

  • Priority of sponsorships will be given to those not covered by a sponsorship to attend a previous workshop. Additionally, we are looking for new or struggling chapter leaders who need assistance kick starting their chapter.
  • When you apply for funding, please let us know *why we should sponsor you*. While we prefer that chapter leaders use their own chapter's funds before requesting a sponsorship, this is not a requirement for application.
  • If your chapter has fund but will not be using them to sponsor your attendance, please include why you will not be using the funds for this purpose (i.e. what are the other plans for those funds?).


Questions?

If any questions, please contact us at: http://owasp4.owasp.org/contactus.html


2012 AppSec Latam Conference Volunteer Team

  • Mateo Martinez
  • Mauro Flores
  • Martin Tartarelli
  • Fabio Cerullo


OWASP Staff Support

  • Sarah Baso
  • Kate Hartmann


Contact us at [email protected]



Gold Sponsor

Logo Agesic color.jpg

Silver Sponsors

Core TM wtag.png PwC logo 4colourprint (2) Resized good one.jpg

Conference Room Sponsor

DEL COL.jpg

Venue Sponsor

Logo Antel.jpg

Academic Supporters

Ort bord1.JPG Logo-fing.png

Organizational Supporters

AppSecDC2012-ISC2.png