AppSec Academia Symposium Irvine 09

Welcome to the OWASP Application Security Academia Symposium

Date: The afternoon of Wednesday 8/26/2009 1 PM - 5PM

Event's Location

University of California Irvine.

Call for Presentations / Research Papers

Please send all proposals to nmatatal 'at' uci.edu with at least OWASP in the subject line.

Topics include, but not limited to:

• OWASP ESAPI, Application Security Architectures
• Security education programs
• Enterprise authorization service
• Privacy Concerns with Applications and Data Storage
• OWASP Code Review
• OWASP Testing Guide
• Threat modeling of web applications
• Separating security from coding, enhancing the security of the infrastructure (HTTPOnly, disabling session token reuse in ASP), etc also platform or language (e.g. Java, .NET) security features that help secure web applications
• Security of Service Oriented Architectures
• Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)
• Secure application development
• How to use databases securely in web applications
• OWASP Education Project (live CD)
• Web services security

Please include at least the following information:

• Name
• Affiliation
• Phone Number
• Abstract
• Short Bio

Agenda and Presentations

Name: Cassio Goldschmidt

Affiliation: Sr. Manager of Product Security at Symantec Corp.

Title: Tracking the progress of an SDL program: lessons from the gym.

Abstract: Secure coding and testing training are a vital element of any successful security development lifecycle program. In this talk Symantec, an industry pioneer in internal secure coding education, will present what makes a security class effective, engaging and valuable to an organization with development offices spread in several countries. We’ll also analyze innumerous other successful ongoing educational and awareness initiatives used to keep the staff current, interested and alert about the latest attacks.

Name: Michael J. Craigue.

Affiliation: Sr. Application Security Consultant at Dell Inc.

Title: Enterprise Application Security Practices: Real-world Tips and Techniques.

Abstract: Dell Inc. worked with Microsoft and Fortify to create its application security practice. Mike Craigue will discuss some of the challenges and opportunities Dell faced. This session will cover creating policies/standards, deploying a Security Development Lifecycle as an overlay to the SDLC, overcoming concerns of developers and business partners, and addressing global standardization issues. This talk will analyze the creation and evolution of Dell's Security Development Lifecycle over the last few years, including awareness/education/training, application security user groups, security consulting staff development, risk assessments, security reviews, threat modeling, source code scans, deployment scans, and penetration testing. It will include a discussion of Dell's information security organization and the division of labor among internal security consultants in the security development lifecycle. It will also explain the development, socialization, and approval process for the secure application development standard.

Venue

University of California Irvine

Location

Calit2 building,building number 325 in quadrant H8 on the UC Irvine Map

Registration

There will be no fees for this event, only registration is required to participate. Space is limited and there is no plan on having on site registration so please register early.

Parking

Please park at the Anteater Parking Structure.

Parking is is $7 (may be provided, tbd)

Pre-Event Organization Team

• Kuai Hinojosa (kuai.hinojosa 'at' owasp.org)
• Neil Matatall (nmatatal 'at' uci.edu)

OWASP AppSec Event Sponsor

This conference will be sponsored by Administrative Computing Services at UC Irvine