This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "EUTour2013 London Agenda"

From OWASP
Jump to: navigation, search
m (OWASP Europe Tour - London 2013)
 
(20 intermediate revisions by 5 users not shown)
Line 30: Line 30:
 
|-
 
|-
 
|-
 
|-
| style="width:20%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Fecha'''  
+
| style="width:20%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Date'''  
| style="width:80%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Lugar'''
+
| style="width:80%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Location'''
 
|-
 
|-
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Monday 13th May '''
+
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Monday 3rd June '''
 
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: Lion Court Conference Centre<br>
 
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: Lion Court Conference Centre<br>
 
Venue Address: 25 Procter Street, Holborn, London, WC1V 6NY'''<br>
 
Venue Address: 25 Procter Street, Holborn, London, WC1V 6NY'''<br>
Line 60: Line 60:
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 9:45 am<br>(15 mins)  
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 9:45 am<br>(15 mins)  
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Introduction & Welcome
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Introduction & Welcome<br />[http://youtu.be/32396J6eAtM Video]
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Justin Clarke - London OWASP Chapter Leader
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Justin Clarke - London OWASP Chapter Leader
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Introduction to OWASP & London Event Schedule for the Day
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Introduction to OWASP & London Event Schedule for the Day
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00AM <br>(45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:00AM <br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Managing Web & Application Security with OWASP – bringing it all together<br />[http://youtu.be/GsncIkqcf8c Video] | [[Media:Managing Web Application Security with OWASP.pdf|Presentation]]
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Tobias Gondrom - OWASP Project Leader
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation.
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:45AM <br>(45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 10:45AM <br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Using the O2 Platform, Zap and AppSensor to protect and test applications<br />[http://youtu.be/dzj3llZ9G6I Video]
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Dinis Cruz - OWASP O2 Platform Project Leader
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | This presentation will show how these 3 OWASP tools can be used to find and mitigate security vulnerabilities in applications. The O2 Platform will be used to analyse the target application source code, and automate the use of both Zap and AppSensor's capabilities
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30AM <br>(45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 11:30AM <br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | PCI for Developers
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | PCI for Developers<br />No Video | Presentation to follow
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Fabio Cerullo, OWASP Ireland
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Fabio Cerullo, OWASP Ireland
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The PCI-DSS and PA DSS standards are well known to security professionals and auditors, but how are these interpreted by software development teams? Usually is not clear whether all requirements are necessary and most importantly, how these should be implemented. This talk aims to help developers understanding the key points of these standards in a simple and fast approach and be able to implement them during the software development cycle.
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The PCI-DSS and PA DSS standards are well known to security professionals and auditors, but how are these interpreted by software development teams? Usually is not clear whether all requirements are necessary and most importantly, how these should be implemented. This talk aims to help developers understanding the key points of these standards in a simple and fast approach and be able to implement them during the software development cycle.
Line 85: Line 85:
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 1:15PM <br>(45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 1:15PM <br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Teaching an Old Dog New Tricks: Securing Development with PMD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Teaching an Old Dog New Tricks: Securing Development with PMD<br />[http://youtu.be/TeNxpRr9Eng Video] | [[Media:Securing Development with PMD - Teaching an Old Dog New Tricks - OWASP.pdf|Presentation]]
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Justin Clarke - London OWASP Chapter Leader
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Justin Clarke - London OWASP Chapter Leader
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Using static analysis to identify software bugs is not a new paradigm. For years, developers have used static analysis tools to identifying code quality issues. While these tools may not be specifically designed for identifying security bugs. This presentation will discuss how custom security rules can be added to existing code quality tools to identify potential software security bugs. Writing custom software security rules for the popular Java code scanning tool PMD will be the focus of the presentation.
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Using static analysis to identify software bugs is not a new paradigm. For years, developers have used static analysis tools to identifying code quality issues. While these tools may not be specifically designed for identifying security bugs. This presentation will discuss how custom security rules can be added to existing code quality tools to identify potential software security bugs. Writing custom software security rules for the popular Java code scanning tool PMD will be the focus of the presentation.
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 2:00PM <br>(45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 2:00PM <br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Your framework will fail you<br />[http://youtu.be/YutCgyjqgfA Video] | [http://prezi.com/nzabnybokpad/your-framework-will-fail-you-owasp-edition Presentation]
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Rory McCune - OWASP Scotland
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | A lot of reliance for Web Application Security is put in the framework that’s used. But here’s the bad news … it will fail you. There’s no such thing as perfect code, and web application frameworks are no exception. So how do you avoid the panic upgrades when a security alert hits your e-mail Inbox? This talk aims to give you some ideas about what you can do reduce reliance on individual security mechanisms and allow you to sleep more easily at night.
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 2:45PM <br>(30 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 2:45PM <br>(30 mins)
Line 100: Line 100:
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 3:15PM <br>(45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 3:15PM <br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[OWASP Cornucopia|OWASP Cornucopia]]
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[OWASP Cornucopia|OWASP Cornucopia Project]]<br />[http://youtu.be/Q_LE-8xNXVk Video] | [[Media:Owasplondon-colinwatson-cornucopia.pdf|Presentation]]
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Colin Watson - Project Leader
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Colin Watson - OWASP Project Leader
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Microsoft's Escalation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for common web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide. It is now referenced by a PCIDSS information supplement.
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Microsoft's Elevation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for typical web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide. The project is now referenced by a PCIDSS information supplement.
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 4:00PM <br>(45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 4:00PM <br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure Coding, some simple steps help<br />[http://youtu.be/lQJohl39X-U Video] | [[Media:OWASP EU Tour 2013 - Secure Coding.pdf|Presentation]]
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Steven van der Baan - OWASP Cambridge
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
+
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure coding is often perceived as difficult and complex.
 +
While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.
 
|}
 
|}

Latest revision as of 12:52, 10 June 2013

Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

CONFERENCE AND TRAINING

OWASP Europe Tour - London 2013

Monday 3rd June

DESCRIPTION
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
OWASP MEMBERSHIP
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here


London EUTour2013 Conference Day (Monday 3rd June)

Date Location
Monday 3rd June Venue Location: Lion Court Conference Centre

Venue Address: 25 Procter Street, Holborn, London, WC1V 6NY
Venue Map: Google Maps

Price and registration
This event is FREE and open to all
Registration Link to the Europe Tour: REGISTER HERE!



Conference Details
Time Title Speaker Description
09:00 am
(45 mins)
Registration and Tea/Coffee
9:45 am
(15 mins)
Introduction & Welcome
Video
Justin Clarke - London OWASP Chapter Leader Introduction to OWASP & London Event Schedule for the Day
10:00AM
(45 mins)
Managing Web & Application Security with OWASP – bringing it all together
Video | Presentation
Tobias Gondrom - OWASP Project Leader Setting up, managing and improving your global information security organisation using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organisational stages and how OWASP tools help organisations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organisation.
10:45AM
(45 mins)
Using the O2 Platform, Zap and AppSensor to protect and test applications
Video
Dinis Cruz - OWASP O2 Platform Project Leader This presentation will show how these 3 OWASP tools can be used to find and mitigate security vulnerabilities in applications. The O2 Platform will be used to analyse the target application source code, and automate the use of both Zap and AppSensor's capabilities
11:30AM
(45 mins)
PCI for Developers
No Video | Presentation to follow
Fabio Cerullo, OWASP Ireland The PCI-DSS and PA DSS standards are well known to security professionals and auditors, but how are these interpreted by software development teams? Usually is not clear whether all requirements are necessary and most importantly, how these should be implemented. This talk aims to help developers understanding the key points of these standards in a simple and fast approach and be able to implement them during the software development cycle.
12:15PM
(60 mins)
Lunch
1:15PM
(45 mins)
Teaching an Old Dog New Tricks: Securing Development with PMD
Video | Presentation
Justin Clarke - London OWASP Chapter Leader Using static analysis to identify software bugs is not a new paradigm. For years, developers have used static analysis tools to identifying code quality issues. While these tools may not be specifically designed for identifying security bugs. This presentation will discuss how custom security rules can be added to existing code quality tools to identify potential software security bugs. Writing custom software security rules for the popular Java code scanning tool PMD will be the focus of the presentation.
2:00PM
(45 mins)
Your framework will fail you
Video | Presentation
Rory McCune - OWASP Scotland A lot of reliance for Web Application Security is put in the framework that’s used. But here’s the bad news … it will fail you. There’s no such thing as perfect code, and web application frameworks are no exception. So how do you avoid the panic upgrades when a security alert hits your e-mail Inbox? This talk aims to give you some ideas about what you can do reduce reliance on individual security mechanisms and allow you to sleep more easily at night.
2:45PM
(30 mins)
Tea/Coffee Break and Networking
3:15PM
(45 mins)
OWASP Cornucopia Project
Video | Presentation
Colin Watson - OWASP Project Leader Microsoft's Elevation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for typical web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide. The project is now referenced by a PCIDSS information supplement.
4:00PM
(45 mins)
Secure Coding, some simple steps help
Video | Presentation
Steven van der Baan - OWASP Cambridge Secure coding is often perceived as difficult and complex.

While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.