Difference between revisions of "IBWAS10"

Revision as of 17:25, 23 November 2010

2nd. OWASP Ibero-American Web Application Security Conference (IBWAS'10)
Paper submission types
Camera-ready
Publications
Tipos de submissão de trabalhos
Formato Final
Publicações
Tipos de envío de presentaciones
Versión Final
Publicaciones

held at ISCTE - Lisbon University Institute |

IBWAS'09 (last year editon) - Internal OWASP site

16 - 17 December 2010 (NEW DATES - PREVIOUS DATES CANCELLED DUE TO A GENERAL STRIKE IN PORTUGAL)

(a joint organization of the Portuguese and Spanish OWASP chapters)

Welcome

IBWAS'10, the 2nd. OWASP Ibero-American Web Application Security conference will be held in Lisbon (Portugal), on the 16th and 17th December 2010 (dates have been changed).

The conference will take place at the ISCTE - Lisbon University Institute. The location details can be found here.

Conference proceedings will be published by OWASP, and distributed in electronic format. Last year proceedings were published by Springer (this year the proceedings will not be published by Springer due to a low number of submissions).

This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

In addition to the technical issues of the conference programme, our website provides you with tourist information on the city of Lisbon, unique for its cultural and historical richness, lovely surroundings and other nice places to visit around the city.

Who Should Attend IBWAS'10:

Academics
Researchers
Lifelong learning educators
Technical staff
Secondary, vocational, or tertiary educators
Professionals from the private and public sector
Technologists and Scientifics
School counsellors, principals and teachers
Education policy development representatives
General personnel from vocational sectors
Student counsellors
Career/employment officers
Education advisers
Student Unions
Bridging program lecturers & support staff
Library personnel
International support and services staff
Open learning specialists
Application Developers
Application Testers and Quality Assurance
Application Project Management and Staff
Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
Security Managers and Staff
Executives, Managers, and Staff Responsible for IT Security Governance
IT Professionals Interesting in Improving IT Security

...and any person interested in Web Application and Services Security and Information Security in general.

We look forward to seeing you in Lisbon!

[[Image:|twitter-a.png]] [[Image:|facebook-logo.jpg]] [[Image:|logo_linkedin_88x22.png]]

Use the #ibwas10 hashtag for your tweets (What are hashtags?)

@ibwas10 Twitter Feed (follow us on Twitter!)

[[Image:|iscte-iul.png]]

[[Image:|adetti.png]]

[[Image:|maxdata.png]]

[[Image:|noesis.png]]

[[Image:|pasted-graphic.jpg]]

[[Image:|lasige.png]]

[[Image:|neoglobeconsulting.png]]

Media Partners:

[[Image:|aeiou.png]]

[[Image:|redseguridad.jpg]]

Call for Papers (CLOSED)

THE IBWAS'10 CALL FOR PAPERS IS NOW CLOSED!!!

Call for Papers (english version)

#Call_for_Papers_.28portuguese_version.29 #Call_for_Papers_.28spanish_version.29

You can find here a PDF version of the Call for Papers. Also in Portuguese (Português)

Introduction

There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.

As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.

This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

Conference Topics

Suggested topics for papers submission include (but are not limited to):

Secure application development
Security of service oriented architectures
Security of development frameworks
Threat modelling of web applications
Cloud computing security
Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
Metrics for application security
Countermeasures for web application vulnerabilities
Secure coding techniques
Platform or language security features that help secure web applications
Secure database usage in web applications
Access control in web applications
Web services security
Browser security
Privacy in web applications
Standards, certifications and security evaluation criteria for web applications
Application security awareness and education
Security for the mobile web
Attacks and Vulnerability Exploitation

Paper Submission Instructions

Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure (submission site). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: in Word Format and in LateX format).

The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.

Each paper should clearly indicate the nature of its technical/scientific contribution, and the problems, domains or environments to which it is applicable.

Papers that are out of the conference scope or contain any form of plagiarism will be rejected without reviews.

Remarks about the on-line submission procedure:

1. A "double-blind" paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the author’s personal details, the acknowledgements section and any reference that may disclose the authors identity

2. Papers in ODF, PDF, DOC, DOCX or RTF format are accepted

3. The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.

Regular Paper Submission

A regular paper presents a work where the research is completed or almost finished. It does not necessary means that the acceptance is as a full paper. It may be accepted as a "full paper" (30 min. oral presentation), a "short paper" (15 min. oral presentation) or a "poster".

Position Paper Submission

A position paper presents an arguable opinion about an issue. The goal of a position paper is to convince the audience that your opinion is valid and worth listening to, without the need to present completed research work and/or validated results. It is, nevertheless, important to support your argument with evidence to ensure the validity of your claims. A position paper may be a short report and discussion of ideas, facts, situations, methods, procedures or results of scientific research (bibliographic, experimental, theoretical, or other) focused on one of the conference topic areas. The acceptance of a position paper is restricted to the categories of "short paper" or "poster", i.e. a position paper is not a candidate to acceptance as "full paper".

After the reviewing process is completed, the contact author (the author who submits the paper) of each paper will be notified of the result, by e-mail. The authors are required to follow the reviews in order to improve their paper before the camera-ready submission.

All accepted papers will be published in the conference proceedings, under an ISBN reference. Conference proceedings will be published by OWASP in electronic format (Springer proceedings have been canceled due to a low number of paper submissions).

Web-site

http://www.ibwas.com

Secretariat

E-mail: [email protected]

Important Dates

Submission of papers and all other contributions due: 31st October 2010

Notification of acceptance: 28th November 2010 (delayed)

Camera-ready version of accepted contributions: 5th December 2010

Conference: 16th – 17th December 2010

Call for Papers (portuguese version)

Introdução

Existe uma mudança profunda no paradigma de desenvolvimento de sistemas de informação nos nossos dias. A emergência de tecnologias Web 2.0 levaram a um desenvolvimento e implantação massiva de aplicações e serviços Web, como a forma de desenvolvimento de sistemas de informação flexíveis. Tais sistemas são simples de desenvolver, instalar e manter e demonstram um conjunto de funcionalidades atractivas para os utilizadores, o que as tornam tão apetecíveis.

Como resultado desta mudança paradigmática, os requisitos de segurança também se alteraram. Estes sistemas de informação baseados na Web possuem diferentes requisitos de segurança, quando comparados com sistemas tradicionais. Neste tipo de sistemas é possível encontrar aspectos importantes de segurança e de privacidade que podem afectar a forma como os mesmos operam e comprometer os seus utilizadores. Acresce o facto de que a emergência da Computação na Nuvem, que promete ainda mais flexibilidade, tem ainda um impacto mais forte nestes requisitos de segurança e de privacidade. O ambiente de segurança deve envolver não apenas o ambiente circundante mas igualmente o núcleo aplicacional.

Esta conferência pretende juntar peritos em segurança aplicacional, investigadores, educadores e profissionais da indústria, academia e comunidades internacionais como a OWASP, por forma a discutirem de forma aberta os problemas e as soluções de segurança aplicacional. Neste contexto, investigadores provenientes da academia e da indústria poderão combinar os resultados da sua investigação com a experiência de profissionais e de engenheiros de software.

Temas da Conferência

Os temas sugeridos para submissão de trabalhos incluem os seguintes (mas não se limitam apenas aos listados):

Desenvolvimento Seguro de Aplicações
Segurança de Arquitecturas Orientadas por Serviços
Segurança das Estruturas e Ferramentas de Desenvolvimento
Modelação de Ameaças a Aplicações Web
Segurança em Cloud Computing
Vulnerabilidades e Análise de Aplicações Web (revisão de código, testes de penetração, análise estática, etc)
Métricas para Segurança Aplicacional
Contra-medidas para Vulnerabilidades em Aplicações Web
Técnicas de Desenvolvimento e Codificação em Segurança
Funcionalidades da Plataforma ou Linguagem de Desenvolvimento para a Segurança de Aplicações Web
Utilização Segura de Bases de Dados em Aplicações Web
Controlo de Acesso em Aplicações Web
Segurança em Serviços Web
Segurança do Browser Web
Privacidade em Aplicações Web
Normas, Certificações e Critérios para Avaliação da Segurança em Aplicações Web
Sensibilização e Educação para a Segurança Aplicacional
Segurança para a Web Móvel
Ataques e Exploração de Vulnerabilidades

Instruções para a submissão de trabalhos

Os autores deve submeter um trabalho original escrito em Inglês, devidamente verificado para evitar incorrecções gramaticais ou sintácticas, usando o procedimento de submissão on-line (http://www.easychair.org/conferences/?conf=ibwas10). Por favor, verifique os formatos aceites para os trabalhos e tenha atenção a dimensão máxima dos mesmos (limite de 12 páginas, de acordo com o modelo fornecido e que pode ser obtido a partir da seguinte URL: ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip).

As indicações para a formatação dos trabalhos fornecidos no site da conferência e no template devem ser estritamente seguidas pelos autores que desejem submeter trabalhos. O formato de submissão é o mesmo do formato final. Por favor, siga as instruções de formatação usadas no template.

Cada trabalho deve indicar com clareza a natureza da sua contribuição técnica/científica e os problemas, domínios ou ambientes para o qual é aplicável.

Todos os artigos que estejam fora do âmbito da conferência ou que sob os quais sejam detectados actos de plágio, serão liminarmente rejeitados.

Alguns detalhes sobre o procedimento de submissão:

1. Será utilizado um procedimento de revisão anónimo, que será repetido por pelo menos dois revisores autónomos. Para facilitar este processo, que se pretende seja rápido, eficiente e justo, é solicitado aos autores que produzam os seu trabalho e que o submetam, SEM qualquer referência a algum dos autores do mesmo. Isto significa que é necessário remover os detalhes pessoais do autor, a secção de agradecimentos e qualquer outra referência que possa revelar a identidade dos autores;

2. Serão aceites os seguintes formatos de ficheiros na submissão: ODF, PDF, DOC, DOCX e RTF;

3. O processo de submissão on-line envia automaticamente uma notificação, através do correio electrónico, do resultado da submissão ao autor correspondente.

Submissão de trabalhos regulares

Um trabalho regular apresenta o trabalho em que a pesquisa está terminada ou muito próximo de estar completa. Não significa que o trabalho seja aceite na categoria de “trabalho completo”. Pode ser aceite como “trabalho completo” (apresentação oral de 30 minutos), “trabalho curto” (apresentação oral de 15 minutos) ou “poster”.

Submissão de trabalhos de posição

Um trabalho de posição apresenta uma opinião para discussão num determinado assunto. O objectivo de um trabalho deste tipo é o de convencer a audiência de que a sua opinião é válida e vale a pena ser escutada, sem ser necessário apresentar trabalho completo de pesquisa e/ou resultados devidamente validados. É no entanto importante suportar os seus argumentos com provas e assegurar a validade das mesmas. Um trabalho deste tipo pode ser relatório curto e a discussão de ideias, factos, situações, métodos, procedimentos ou resultados de pesquisa científica (bibliográfica, experimental, teórica ou outra) focada num dos temas da conferência. A aceitação de um trabalho de posição está restringido às categorias de “artigo curto” ou “poster”.

Depois de concluído o processo de revisão dos trabalhos submetidos, o autor de contacto (que submeteu o trabalho para a conferência) será notificado do resultado da apreciação. Os autores cujos trabalhos forem aceites devem seguir as recomendações dos revisores de melhoria dos seus trabalhos antes de submeterem a versão final dos mesmos.

Todos os trabalhos aceites serão publicados na acta de conferência, com uma identificação ISBN. A acta da conferência será publicada pela OWASP em formato electrónico (a edição pela Springer foi cancelada devido ao número baixo de submissões recebidas).

Site de Web

http://www.ibwas.com

Secretariado

Endereço de correio electrónico: [email protected]

Datas importantes

Submissão de trabalhos: 31 de Outubro de 2010

Notificação de Aceitação: 28 de Novembro de 2010

Versão final dos trabalhos aceites: 5 de Dezembro de 2010

Conferência: 16 e 17 de Dezembro de 2010

Call for Papers (spanish version)

Introducción

Existen importantes cambios en el paradigma del desarrollo de los sistemas de información. La aparición de tecnologías Web 2.0 ha permitido el desarrollo e implantación de forma masiva de aplicaciones y servicios web como una manera de desarrollar nuevos y flexibles sistemas de información. Estos sistemas son fáciles de desarrollar, implementar y mantener, además de aportar atractivas características para los usuarios favoreciendo así el uso masivo que encontramos actualmente.

Como resultado de este cambio de paradigma, los requisitos de seguridad también han cambiado. Estos sistemas de información basados en la Web tienen diferentes requisitos de seguridad en comparación con los sistemas tradicionales. Se han identificado los aspectos de seguridad más importantes y la privacidad también es un problema que se ha planteado recientemente. Además, el emergente paradigma Cloud Computing promete una mayor flexibilidad; sin embargo, los problemas de seguridad y privacidad aún necesitan ser revisados. El entorno de seguridad debería implicar no sólo al ambiente circundante, sino también el núcleo de la aplicación.

Esta conferencia pretende reunir a expertos en seguridad de aplicaciones, investigadores, educadores y profesionales de la industria, el sector académico y comunidades internacionales, como OWASP, con el fin de discutir los problemas abiertos y nuevas soluciones en seguridad de aplicaciones. En este contexto, los investigadores académicos serán capaces de combinar resultados interesantes con la experiencia de los profesionales y los ingenieros de software.

Temas de la Conferencia

Los temas sugeridos para el envío de presentaciones incluyen (pero no estan limitados a):

Desarrollo seguro de aplicaciones
Seguridad en arquitecturas orientadas a servicios
Seguridad en frameworks de desarrollo
Modelado de amenazas en aplicaciones Web
Seguridad en Cloud Computing
Vulnerabilidades y Anaĺisis de aplicaciones Web (revisión de código, pruebas de intrusión, análisis estático, etc.)
Métricas para seguridad en aplicaciones
Soluciones y recomendaciones para las vulnerabilidades en aplicaciones Web
Técnicas de codificación segura
Características de seguridad de la plataforma o lenguaje que ayuda a incrementar el nivel de seguridad en las aplicaciones Web
Uso seguro de bases de datos en aplicaciones Web
Control de acceso en aplicaciones Web
Seguridad en servicios Web
Seguridad en navegadores Web
Privacidad en las aplicaciones Web
Estándares, certificaciones y criterios de evaluación de la seguridad para aplicaciones Web
Sensibilización y educación sobre seguridad en aplicaciones
Seguridad para la Web móvil
Ataques y explotación de vulnerabilidades

Instrucciones para el envío de presentaciones

Los autores deben presentar un documento original en inglés, tras revisar cuidadosamente la gramática y ortografía, utilizando el procedimiento de envío on-line. Por favor, compruebe las características del documento ya que debe ser consciente del límite de páginas aceptadas (12 páginas, de acuerdo a una plantilla que se facilita y que pueden descargar desde aquí en formato Word).

Las directrices para el formato del documento facilitadas en el sitio web de la conferencia deben ser seguidas estrictamente para todos los trabajos presentados. El formato de presentación es el mismo que el formato final para impresión. Por favor revise y siga cuidadosamente las instrucciones y las plantillas proporcionadas.

Cada trabajo debe indicar claramente la naturaleza de su contribución técnica/científica, y los problemas, dominios o entornos en los que es aplicable.

Los trabajos que estén fuera del alcance de conferencias o puedan contener cualquier forma de plagio serán descartados directamente.

Comentarios sobre el procedimiento de presentación on-line:

1. Se utilizará un método de revisión anónimo, que será repetido al menos por dos revisores. Para facilitar esto, se ruega a los autores que proporcionen el trabajo sin ninguna referencia a los autores. Esto significa que es necesario eliminar los datos personales del autor, la sección de agradecimientos y toda referencia que pueda revelar la identidad de los autores.

2. Se aceptan documentos en formato: ODF, PDF, DOC, DOCX o RTF.

3. El procedimiento de presentación Web automáticamente envía un acuse de recibo, por correo electrónico, al autor de contacto.

Envío de presentaciones normales

Una presentación normal presenta un trabajo donde la investigación se ha completado o casi finalizado. Esto no necesariamente significa que la aceptación sea sobre un trabajo completo. Puede ser aceptado como un "trabajo completo" (30 min. de presentación oral), un "trabajo corto" (15 min. de presentación oral) o "poster".

Envío de presentaciones de posición

Una presentación de posición presenta una opinión discutible sobre un tema. El objetivo de un trabajo de posición es convencer a la audiencia que su opinión es válida y merece la pena ser escuchada, sin la necesidad de presentar un trabajo de investigación finalizado y/o los resultados validados. Es importante, sin embargo, apoyar su argumento con evidencias para asegurar la validez de sus opiniones. Un trabajo de posición puede ser un breve documento y discusión de ideas, hechos, situaciones, métodos, procedimientos o resultados de la investigación científica (bibliográfica, experimental, teórico o de otro tipo) centrado en uno de los temas de la conferencia. La aceptación de una presentación de posición se limita a las categorías de "trabajo corto" o "poster", es decir, una presentación de posición no es candidata para ser aceptada como "trabajo completo".

Después de que el proceso de revisión se complete, el autor de contacto (el autor que presenta el documento) de cada trabajo será notificado del resultado, por correo electrónico. Los autores están obligados a seguir las revisiones con el objetivo de mejorar su trabajo antes del envío de la versión final.

Todos los trabajos aceptados serán publicados por OWASP en los materiales de las conferencias, bajo una referencia ISBN.

Sitio de las Conferencias

http://www.ibwas.com

Secretaría

Dirección de correo electrónicio: [email protected]

Fechas importantes

Envío de presentaciones: 31 de Octubre de 2010

Notificación de aceptación: 28 de Noviembre de 2010

Versión final de presentaciones aceptadas: 5 de Deciembre de 2010

Conferencias: 16 y 17 de Deciembre de 2010

Organization and Program Committee

IBWAS'10 Chairs

Carlos Serrão, ISCTE-IUL Instituto Universitário de Lisboa, OWASP Portugal, Portugal

Vicente Aguilera Díaz, Internet Security Auditors, OWASP Spain, Spain

IBWAS'10 Organization

Fabio Cerullo, OWASP Global Education Committee, Ireland

Dinis Cruz, OWASP Board Member, UK

Paulo Coimbra, OWASP Project Manager, UK

Miguel Correia, Universidade de Lisboa, Portugal

Paulo Sousa, Universidade de Lisboa, Portugal

Lucas C. Ferreira, Câmara dos Deputados, Brasil

Arturo "Buanzo" Busleiman, OWASP Argentina, Argentina

Martin Tartarelli, OWASP Argentina, Argentina

Paulo Querido, Portugal

IBWAS'10 Program Committee

André Zúquete, Universidade De Aveiro, Portugal
Candelaria Hernández-Goya, Universidad De La Laguna, Spain
Carlos Costa, Universidade De Aveiro, Portugal
Carlos Ribeiro, Instituto Superior Técnico, Portugal
Eduardo Neves, OWASP Education Committee, OWASP Brazil, Brazil
Francesc Rovirosa i Raduà, Universitat Oberta de Catalunya (UOC), Spain
Gonzalo Álvarez Marañón, Consejo Superior de Investigaciones Científicas (CSIC), Spain
Isaac Agudo, University of Malaga, Spain
Jaime Delgado, Universitat Politecnica De Catalunya, Spain
Javier Hernando, Universitat Politecnica De Catalunya, Spain
Javier Rodríguez Saeta, Herta Security, Spain
Joaquim Castro Ferreira, Universidade de Aveiro, Portugal
Joaquim Marques, Instituto Politécnico de Castelo Branco, Portugal
Jorge Dávila Muro, Universidad Politécnica de Madrid (UPM), Spain
Jorge E. López de Vergara, Universidad Autónoma de Madrid, Spain
José Carlos Metrôlho, Instituto Politécnico de Castelo Branco, Portugal
José Luis Oliveira, Universidade De Aveiro, Portugal
Kuai Hinojosa, OWASP Global Education Committee, New York University, United States
Leonardo Chiariglione, Cedeo, Italy
Leonardo Lemes, Unisinos, Brasil
Manuel Sequeira, ISCTE-IUL Instituto Universitário de Lisboa, Portugal
Marco Vieira, Universidade de Coimbra, Portugal
Mariemma I. Yagüe, University of Málaga, Spain
Miguel Correia, Universidade de Lisboa, Portugal
Miguel Dias, Microsoft, Portugal
Nuno Neves, Universidade de Lisboa, Portugal
Osvaldo Santos, Instituto Politécnico de Castelo Branco, Portugal
Panos Kudumakis, Queen Mary University of London, United Kingdom
Paulo Sousa, Universidade de Lisboa, Portugal
Rodrigo Roman, University of Malaga, Spain
Rui Cruz, Instituto Superior Técnico, Portugal
Rui Marinheiro, ISCTE-IUL Instituto Universitário de Lisboa, Portugal
Sérgio Lopes, Universidade do Minho, Portugal
Tiejun Huang, Pekin University, China
Víctor Villagrá, Universidad Politécnica de Madrid (UPM), Spain
Vitor Filipe, Universidade de Trás-os-Montes e Alto Douro, Portugal
Vitor Santos, Microsoft, Portugal
Vitor Torres, Universitat Pompeu Fabra, Spain
Wagner Elias, OWASP Brazil Chapter Leader, Brazil

Registration

Important Dates

Submission of papers and all other contributions due: 31st October 2010

Notification of acceptance: 28th November 2010

Camera-ready version of accepted contributions: 5th December 2010

Conference: 16th – 17th December 2010

Registration will be available as soon as possible.

16th December

COURSE

Part of OWASP Ibero-American Web Application Security Conference (IBWAS'10)

Overview & Goal

Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.

This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.

If you are interested in participating in the hands on portion of the course, please bring a laptop.

Date

Venue & Directions

December 16, 2010

ISCTE - Lisbon University Institute

Room B2.03

Price & Registration

This Course is FREE for OWASP Members. Registration is mandatory. If you are not an OWASP member as of yet please consider becoming one - $50/USD 12 month term for individual supporters.
Register Now!	OWASP Membership (sign now)

COURSE'S MODULES DETAILS
Time	Module	Trainer	Presentation	Overview & Goal
09h00 (30m)	Guided tour of OWASP Projects	Dinis Cruz (OWASP Board)	Tour of OWASP’s projects	See details and Trainer's notes
09h30 (60m)	OWASP Top 10	John Wilander (OWASP Sweden Chapter Leader)	OWASP Top 10 2010 from a Developer's Perspective	See details and Trainer's notes
10h30 (15m)	Coffee Break*
10h45 (60m)	Threat Risk Modeling	Martin Knobloch (Education Committee)	Threat Modeling – how to do it	See details and Trainer's notes
11h45 (60m)	OWASP Secure Coding Practices - Quick Reference Guide	Miguel Almeida (Portuguese Local Chapter)	OWASP Secure Coding Practices - Quick Reference Guide	See details and Trainer's notes
12h45 (60m)	Lunch*
14h00 (150m)	Implementation of Enigform for Wordpress	Arturo 'Buanzo' Busleiman (Project Leader)	Wordpress Plugin for Enigform Authentication - Definitive Guide	See details and Trainer's notes
16h30 (15m)	Coffee Break*
16h45 (45m)	OWASP O2 Platform	Dinis Cruz (Project Leader)	What is the OWASP O2 Platform	See details and Trainer's notes
17h00 (60m)	OWASP Testing Guide	Martin Knobloch (Education Committee)	Application Security Using the Testing Guide	See details and Trainer's notes
18h00 (80m)	OWASP Webslayer Project	Christian Martorella (Project Leader)	Bruteforcing Web Applications - 2010: still bruteforcing (hands-on session)	See details and Trainer's notes

(*) Cofee Breaks and Lunch are not included in the Training Day ticket

17th December

Draft agenda (still subject to changes)

December 17th 2010
08:30 - 09:00	PARTICIPANTS RECEPTION (Welcome Desk)
09:00 - 09:30	OPENING SESSION (Room XXXX) Professor Luís Reto (ISCTE-IUL Dean), Professor Francisco Cercas (ISTA President), Carlos Serrão (ISCTE-IUL, OWASP.Portugal), Vicente Aguillera (OWASP.Spain)
09:30 - 10:30	KEYNOTE SPEAKER (Room XXXX) Professor Carlos Ribeiro "Keynote Title"
10:30 - 10:45	COFFEE BREAK
10:45 - 11:45	KEYNOTE SPEAKER (Room XXXX) Dinis Cruz "Keynote Title"
11:45 - 13:15	TECHNICAL TRACK (Room XXXX) Luís Grangeia "Talk Title" Arturo 'Buanzo' Busleiman "Jiffy - A secure instant messenger"	TECHNICAL TRACK (Room XXXX) Martin Knobloch "Developing Secure Applications with OWASP" Bruno Morisson "The Thing That Should Not Be (a glimpse into the future of web application security)"
13:15 - 14:30	LUNCH BREAK
14:30 - 17:00	TECHNICAL TRACK (Room XXXX) Miguel Correia "Software Security in the Clouds" Bruno Pedro "Is OAuth really secure?" Francisco Rente "Talk Title"	RESEARCH TRACK (Room XXXX) Accepted Papers Presentations
17:00 - 17:15	COFFEE BREAK
17:15 - 18:45	TECHNICAL TRACK (Room XXXX) John Wilander "Talk Title" Martin Knobloch "Developing compliant applications"	SPONSORS TRACK Information about sponsors
18:45 - 19:00	CLOSING SESSION

Keynote:

Professor Carlos Ribeiro

Instituto Superior Técnico, Universidade Técnica de Lisboa, Portugal

Talk: The Thing That Should Not Be (a glimpse into the future of web application security)

Bruno Morisson

Integrity, S.A., Portugal

Developers are not security practicioners. Security practitioners are not developers. Developers create web applications. Security practitioners want those apps to be secure (sometimes even if security breaks functionality). Are developers and security practitioners like oil and water ? Are security practitioners taking the right approach to help web developers understand and prevent security issues, or are we simply trying to brute force developers into security gurus ?

Talk: Developing Secure Applications with OWASP

Martin Knobloch

Sogeti Netherlands, OWASP Netherlands, Netherlands

After an introduction about OWASP, Martin will higlight the top projects of OWASP. During the presentation Martin does explain how OWASP material can be used to raise awareness about secure appliation development and how OWASP material does fit into a (secure) development lifecycle.

Talk: Developing compliant applications

Martin Knobloch

Sogeti Netherlands, OWASP Netherlands, Netherlands

How to develop applications to be compliant to security related laws and regulations? To be compliant means to follow the regulations, most of the times not known by the developers. To be compliant includes to proof to be compliant. This presentation is about how to develop compliant (Web) applications that prove to be compliant!

Talk: Software Security in the Clouds

Miguel Correia

University of Lisboa, Faculty of Sciences, Portugal

Recently an expert wrote rather enfatically that "the current state of security in commercial software is rather distasteful, marked by embarrassing public reports of vulnerabilities and actual attacks". This situation is particularly concerning in times when companies are exporting their applications and data to cloud computing systems. The first part of the talk will be a personal vision of the combination of techniques and tools needed for protecing software. The second part will argue that this combination is still insuficient for critical applications in the cloud and propose solutions based on distributing trust among different clouds.

Talk: Jiffy - A secure instant messenger

Arturo 'Buanzo' Busleiman

OWASP Argentina, Argentina

Jiffy - "Just for you" is an instant messaging system baseed on OWASP's Enigform, SSL and the OpenPGP Web-of-Trust. In this talk, Buanzo will introduce us to OpenPGP, Enigform and Jiffy.

Talk: Is OAuth really secure?

Bruno Pedro

Tarpipe, Portugal

Is the OAuth protocol really secure? Even though the OAuth authorization protocol has been published as the RFC 5849 and is being widely adopted by large Internet companies, it's important to stress out its possible security vulnerabilities.

This talk will focus on the OWASP Top 10 Application Security Risks and how OAuth is affected by them. While some of the security risks are mitigated by OAuth, developers need to take some action to prevent other risks from affecting their implementations.

Papers

Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure (submission site). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: in Word Format).

The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.

Accepted Papers

Speakers

Keynote Speakers

Professor Carlos Ribeiro

Instituto Superior Técnico, Universidade Técnica de Lisboa, Portugal

Carlos Ribeiro (Ph.D.) is Professor at the Computer and Information Systems Department at the IST/UTL, where he teaches Network Security, Computer Security, Security Protocols and Operating Systems courses. He has received his PhD degree in Computer Science in 2002 from IST/UTL. Carlos Ribeiro's main research area is Security. He is co-coordenator of the PhD in Information Security, and vice-president of IST computer and network unit. He has been a researcher at Inesc-id since 2002, where he is currently the leader of the Distributed Systems research Group. He has participated in several National and International research projects in computer and network security, and has been an active researcher in the e-voting field since 2002.

Panel Speakers

Bruno Morisson

Integrity, S.A., Portugal

Bruno Morisson is a Consultant and Partner at INTEGRITY S.A., a

Consulting and Advisory firm focusing on Information Security Management, Telecom Management and IT Governance, where he provides consultancy, auditing and advisory services. In a past life he has held positions as a Senior Information Security Consultant and as Security Operations Manager, providing information security management services to customers in the financial, public and energy sectors in Portugal.

For the last 12 years he's been involved in several areas of Information Security, from consulting, architecture, engineering, auditing and penetration testing, as well as integration of OpenSource security solutions. He's been actively involved with the InfoSec community in Portugal, being one of the founders of the portuguese chapter of The Honeynet Project, leading the InfoSec-Pros-PT mailing-list and currently helping gather the community in a monthly informal meeting - Confraria Security&IT. Bruno also holds several certifications in Information Security (CISSP-ISSMP, CISA, ISO27001LA).

Luís Grangeia

Sysvalue, S.A., Portugal

Luis Grangeia is Partner at SysValue, S.A., currently leading the company’s Information Systems Auditing practice. SysValue S.A. is a Portuguese Company focused on the reliability of Information Systems with practices in Auditing, Consulting, Integration, Training and Research and Development.

Since 2001 he has been conducting IS audits and penetration tests to major national and foreign companies, such as Portugal Telecom, Banco Espírito Santo, Banco Santander, UNICRE, Direcção-Geral do Tesouro, among others. Luis also contributes occasionally to information security research, with an article of note on the technique of DNS cache snooping.

Luis has attended Computer Science Engineering at Instituto Superior Técnico and currently holds the SANS GSNA, CISSP, CISA and ISO 27001 Lead Auditor certifications.

Francisco Rente

Faculdade de Ciência e Tecnologia, Universidade de Coimbra, Portugal

Francisco Nina Rente, is an enthusiast and an evangelist of information security, especially in matters of privacy. He had his BsC and MsC in Computer Science on University of Coimbra. Back in 2006, he founded CERT-IPN, a CSIRT team of IPN Institute, where he did R&D, consultancy and management of InfoSec until June of 2010. Francisco, is currently PhD student in University of Coimbra, where he works in "Malicious Stealth Communications". Since July of 2010, Francisco is CEO of Dognædis, a company based in Portugal, focused in Information Security and Software Assurance.

Martin Knobloch

Sogeti Netherlands, OWASP Netherlands, Netherlands

Martin Knobloch is employed at Sogeti Netherlands as Senior Security Consultant. He is founder and thought leader of the Sogeti task force PaSS, Proactive Security Strategy, with an integral solution of information security within organisation, infrastructure and software.

At OWASP, Martin is board member of the OWASP Netherlands Chapter and member of the Global Education Committee.

Miguel Correia

University of Lisboa, Faculty of Sciences, Portugal

Miguel Correia is Assistant Professor of the Department of Informatics, University of Lisboa Faculty of Sciences, and Adjunct Faculty of the Carnegie Mellon Information Networking Institute. He is a member of the LASIGE research unit and the Navigators research team. He has been involved in several international and national research projects related to intrusion tolerance and security, including the TCLOUDS, MAFTIA and CRUTIAL EC-IST projects, and the ReSIST NoE. He is currently the coordinator and an instructor of the joint Carnegie Mellon University and University of Lisboa MSc in Information Security. He has more than 50 publications in international journals, conferences and workshops. He authored with Paulo Sousa a book titled "Segurança no Software" (FCA, 2010). More information about him is available at http://www.di.fc.ul.pt/~mpc.

Arturo 'Buanzo' Busleiman

OWASP Argentina, Argentina

Buanzo is a nerd. Yes, a so-called geek. Why? Simple: he started programming at the age of 8, got into information security by

12 (Oh, the BBS era...!) and now he performs as a Security Consultant for the Argentinian Computer Emergency Response Team (ArCERT). If you enjoy programming, Open Source Software, Linux and all things security and geeky, you might enjoy one of his talks.

John Wilander

Omegapoint, Sweeden

John Wilander is an application security researcher and consultant. He is a partner and evangelist at Omegapoint, a consultancy firm based in Sweden. John typically works as a security focused software developer. Java and JavaScript are his languages of choice.

After his Master's degree in Computer Science and Engineering from Linköping University (Sweden) and Nanyang Technological University (Singapore) he pursued a PhD in application security. Last paper still pending but John's research publications can be found here.

John started the Swedish OWASP Chapter in 2007 and has since been leader and co-leader. In 2010 he chaired the most successful OWASP AppSec EU conference so far – OWASP AppSec Research 2010. John along with the Swedish chapter are listed as contributors to OWASP Top 10 2010.

Bruno Pedro

Tarpipe, Portugal

Bruno Pedro is a systems engineer with over 15 years’ experience in database related applications who’s been developing Web Applications since 1995. He’s the author of the O'Reilly book "PHP and Smarty on Large-Scale Web Development" and has spoken on numerous technical conferences and events.

He’s the author of Auth_Container_SOAP, PEAR’s SOAP based plug-and-play authentication package and, more recently, a big proponent of the OpenID and OAuth protocols.

Bruno started tarpipe.com in 2008 because he couldn't find any Web applications that could easily automate his publishing needs to social media Web sites.

Venue

IBWAS'10 will be taking place at the ISCTE - Lisbon University Institute in Lisbon, Portugal.

Location

Ed. ISCTE
Av. das Forças Armadas
1600- Lisboa
Portugal

Find the location on Google Maps.

<googlemap zoom="15" lon="-9.15277" lat="38.749565"> 38.748862, -9.152384, ISCTE-IUL </googlemap>

How to get there?

Car

Go up the Av.ª das Forças Armadas.
Turn north at the crossing with Av.ª Prof. Gama Pinto. The crossing is located at the highest point of Av.ª das Forças Armadas.
Turn to the second street right.
Turn to the first street right.
The main entrance of ISCTE is at your left.

Train

Leave the train at the Entrecampus station. Look for the exit leading to Av.ª da República.
Walk north for about 250 m towards the Rotunda de Entrecampus (a circle).
At the circle, turn left to the Av.ª das Forças Armadas.
Climb west for about 300 m towards Sete Rios. Use the sidewalk on the right.
The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.

Bus

Get on any Carris bus with numbers 54, 701, or 732.
Leave the bus at the "Faculdade de Farmácia" stop, at the top of Av.ª das Forças Armadas, close to an old house with ia battlemented roof.
Walk down the avenue for about 50 m. The entry leading to ISCTE will be at your left, immediatly before the canteen of the University of Lisbon.

Subway

First alternative:

Leave the train at the Entrecampos station.
Exit the station through the north exit, leading to the Rotunda de Entrecampos (a circle), close to Av.ª das Forças Armadas.
From the circle, go west, up the Av.ª das Forças Armadas, for about 300 m.
Use the sidewalk on the right.
The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.

Second alternative:

Leave the train at the Cidade Universitária station.
Exit the station through the passage leading to Hospital de Santa Maria.
Walk south, along the left sidewalk of Av.ª Prof. Gama Pinto, for about 150 m (i.e., walk towards the Av.ª das Forças Armadas).
After the crossing with the Av.ª Prof. Egas Moniz (at your right), turn into the first street at your left.
Turn to the first street right.
The main entrance of ISCTE is at your left.

Here is the representation of the walking on the map.

Links

Metro: www.metrolisboa.pt
Buses www.carris.pt
Trains: www.cp.pt
Taxis: www.antral.pt

Hotels

This page contains information about the recommended hotels for the conference. All of the hotels are near to the conference place at a 5 to 15 minutes walking distance. PLease use the following reference when reserving your hotel: "Conferência IBWAS'10".

SANA Metropolitan Hotel ****

Rua Soeiro Pereira Gomes, Parcela 2, Entrecampos, 1600-198 Lisboa, Lisboa

Location on Google Maps.

Hotel web-site.

Room type	Individual	Double
Standard	67 euros	72 euros
Extra Bed	30 euros

Vip Executive Villa Rica Hotel ****

Av.5 de Outubro Nr. 295, Entrecampos, 1600-035 Lisboa (Lisboa)

Location on Google Maps.

Hotel web-site.

NH Campo Grande ****

Campo Grande, 7, 1700-087 Lisboa, Lisboa

Location on Google Maps.

Hotel web-site.

Room type	Individual	Double
Standard	83 euros	90 euros

Hotel VIP Executive Zurique ***

Rua Ivone Silva 18, 1050 Lisboa

Location on Google Maps.

Hotel web-site.

Room type	Individual	Double
Standard	65 euros	70 euros

Hotel Berna ***

Avenida António Serpa 13, 1069 Lisboa

Location on Google Maps.

Hotel web-site.

Room type	Individual	Double
Standard	47,30 euros	53,60 euros

Holiday Inn Hotel Continental ****

Rua Laura Alves 9, 1050 Lisboa‎

Location on Google Maps.

Hotel web-site.

Room type	Individual	Double
Standard	78 euros	88 euros

Radisson Blu Lisboa ****

Av. Marechal Craveiro Lopes, 390, Entrecampos, Lisboa (Lisboa)

Location on Google Maps.

Hotel web-site.

Sponsors	[[Image:\|iscte-iul.png]]	[[Image:\|adetti.png]]	[[Image:\|pasted-graphic.jpg]]	[[Image:\|lasige.png]]
&nbps;	[[Image:\|maxdata.png]]	[[Image:\|noesis.png]]	[[Image:\|neoglobeconsulting.png]]
Media Sponsors	[[Image:\|aeiou.png]]	[[Image:\|redseguridad.jpg]]

Supported by	[[Image:]]	[[Image:]]	[[Image:]]
	[[Image:]]	[[Image:]]	[[Image:]]
	[[Image:]]

Torre de Belém	Mosteiro dos Jerónimos	Ponte 25 de Abril

Castelo de São Jorge	Alfama	Parque Eduardo VII

Aqueduto das Águas Livres	Museu dos Coches	Casa dos Bicos

Parque das Nações	Oceanário	Pavilhão Multiusos

Cacilheiros	Linha de Cascais - Praias	Linha da Caparica - Praias

Casino Lisboa	Docas - Diversão Nocturna	Fado

Sintra Vila	Sintra - Palácio da Pena	Cristo Rei

@@ Line 5: / Line 5: @@
 held at [http://www.iscte.pt/ ISCTE - Lisbon University Institute] |
 [http://ibwas09.netmust.eu IBWAS'09 (last year editon)] - [http://www.owasp.org/index.php/IBWAS09 Internal OWASP site]
 '''16 - 17 December 2010''' (NEW DATES - PREVIOUS DATES CANCELLED DUE TO A GENERAL STRIKE IN PORTUGAL)
 (a joint organization of the [http://www.owasp.org/index.php/Portuguese Portuguese] and [http://www.owasp.org/index.php/Spain Spanish] OWASP chapters)
 <br> <!-- Header -->
@@ Line 18: / Line 18: @@
 |-
 | style="width: 100%; color: rgb(0, 0, 0);" |
-{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
+{| style="background: none repeat scroll 0% 0% transparent; width: 100%; -moz-background-inline-policy: continuous;"
 |-
 | style="width: 95%; color: rgb(0, 0, 0);" |
-http://www.allofads.com/files/ibwas10/PromoIBWAS10-700px.jpg
+[[Image:IBWAS10 logo.gif|621x280px]]
-IBWAS'10, the 2nd. OWASP Ibero-American Web Application Security conference will be held in Lisbon (Portugal), on the '''16th and 17th December 2010''' ('''dates have been changed''').
+<br> IBWAS'10, the 2nd. OWASP Ibero-American Web Application Security conference will be held in Lisbon (Portugal), on the '''16th and 17th December 2010''' ('''dates have been changed''').
 The conference will take place at the [http://www.iscte.pt ISCTE - Lisbon University Institute]. The location details can be found [http://www.owasp.org/index.php/Ibwas10#tab=Venue here].
@@ Line 31: / Line 31: @@
 {|
 |-
-|http://ibwas09.netmust.eu/files/ibwas10/CCIS_72.png
+| http://ibwas09.netmust.eu/files/ibwas10/CCIS_72.png
-|This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
+| This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
+In addition to the technical issues of the conference programme, our website provides you with tourist information on the city of Lisbon, unique for its cultural and historical richness, lovely surroundings and other nice places to visit around the city.
-In addition to the technical issues of the conference programme, our website provides you with tourist information on the city of Lisbon, unique for its cultural and historical richness, lovely surroundings and other nice places to visit around the city.
-|-
 |}
@@ Line 76: / Line 75: @@
 | valign="top" style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->
-[[File:ibwas10-logo-main.png]]<br><br>
+[[Image:Ibwas10-logo-main.png]]<br><br> [http://www.twitter.com/ibwas10 [[Image:&#124;twitter-a.png]]] [http://www.facebook.com/#!/group.php?gid=113336378677245 [[Image:&#124;facebook-logo.jpg]]] [http://events.linkedin.com/2nd-Ibero-American-Web-Application/pub/273820 [[Image:&#124;logo_linkedin_88x22.png]]]
-[http://www.twitter.com/ibwas10 http://twitter-badges.s3.amazonaws.com/twitter-a.png]
-[http://www.facebook.com/#!/group.php?gid=113336378677245 http://www.allofads.com/files/images/facebook-logo.jpg]
-[http://events.linkedin.com/2nd-Ibero-American-Web-Application/pub/273820 http://static03.linkedin.com/img/logos/logo_linkedin_88x22.png]
 {|
@@ Line 87: / Line 83: @@
 '''@ibwas10 Twitter Feed ([http://twitter.com/ibwas10 follow us on Twitter!])'''
 | style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 |}
@@ Line 92: / Line 89: @@
 {|
 |-
-| align = "right"  |
+| align="right" |
-[http://www.iscte.pt http://ibwas09.netmust.eu/files/iscte-iul.png]
+[http://www.iscte.pt [[Image:&#124;iscte-iul.png]]]
-[http://www.adetti.pt http://ibwas09.netmust.eu/files/adetti.png]
+[http://www.adetti.pt [[Image:&#124;adetti.png]]]
-[http://www.maxdata.pt http://ibwas09.netmust.eu/files/ibwas10/maxdata.png]
+[http://www.maxdata.pt [[Image:&#124;maxdata.png]]]
-[http://www.noesis.pt http://ibwas09.netmust.eu/files/ibwas10/noesis.png]
+[http://www.noesis.pt [[Image:&#124;noesis.png]]]
-[http://www.isecauditors.com http://ibwas09.netmust.eu/files/pasted-graphic.jpg]
+[http://www.isecauditors.com [[Image:&#124;pasted-graphic.jpg]]]
-[http://lasige.di.fc.ul.pt/ http://ibwas09.netmust.eu/files/lasige.png]
+[http://lasige.di.fc.ul.pt/ [[Image:&#124;lasige.png]]]
-[http://www.neoglobeconsulting.com/ http://ibwas09.netmust.eu/files/ibwas10/neoglobeconsulting.png]
+[http://www.neoglobeconsulting.com/ [[Image:&#124;neoglobeconsulting.png]]]
 '''Media Partners:'''
-[http://www.aeiou.pt http://ibwas09.netmust.eu/files/ibwas10/aeiou.png]
+[http://www.aeiou.pt [[Image:&#124;aeiou.png]]]
+[http://www.borrmart.es/redseguridad.php [[Image:&#124;redseguridad.jpg]]]
-[http://www.borrmart.es/redseguridad.php http://ibwas09.netmust.eu/files/redseguridad.jpg]
 |}
@@ Line 117: / Line 115: @@
 <!-- End Banner -->
 ==== Call for Papers (CLOSED)  ====
 '''THE IBWAS'10 CALL FOR PAPERS IS NOW CLOSED!!!'''
-=== Call for Papers (english version) ===
+=== Call for Papers (english version)  ===
-[[#Call for Papers (portuguese version)]] [[#Call for Papers (spanish version)]]
-You can find here a [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP.pdf PDF version] of the Call for Papers. Also in [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP-PT.pdf Portuguese]  (Português)
+[[#Call_for_Papers_.28portuguese_version.29]] [[#Call_for_Papers_.28spanish_version.29]]
-== Introduction ==
+You can find here a [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP.pdf PDF version] of the Call for Papers. Also in [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP-PT.pdf Portuguese] (Português)
+== Introduction  ==
 There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.
 As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.
 This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
-== Conference Topics ==
+== Conference Topics  ==
 Suggested topics for papers submission include (but are not limited to):
-*Secure application development
-*Security of service oriented architectures
+*Secure application development
-*Security of development frameworks
+*Security of service oriented architectures
-*Threat modelling of web applications
+*Security of development frameworks
-*Cloud computing security
+*Threat modelling of web applications
-*Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
+*Cloud computing security
-*Metrics for application security
+*Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
-*Countermeasures for web application vulnerabilities
+*Metrics for application security
-*Secure coding techniques
+*Countermeasures for web application vulnerabilities
-*Platform or language security features that help secure web applications
+*Secure coding techniques
-*Secure database usage in web applications
+*Platform or language security features that help secure web applications
-*Access control in web applications
+*Secure database usage in web applications
-*Web services security
+*Access control in web applications
-*Browser security
+*Web services security
-*Privacy in web applications
+*Browser security
-*Standards, certifications and security evaluation criteria for web applications
+*Privacy in web applications
-*Application security awareness and education
+*Standards, certifications and security evaluation criteria for web applications
-*Security for the mobile web
+*Application security awareness and education
+*Security for the mobile web
 *Attacks and Vulnerability Exploitation
-== Paper Submission Instructions ==
+== Paper Submission Instructions  ==
 Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure ([http://www.easychair.org/conferences/?conf=ibwas10 submission site]). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip in Word Format] and in [ftp://ftp.springer.de/pub/tex/latex/llncs/latex2e/llncs2e.zip LateX format]).
@@ Line 167: / Line 168: @@
 Papers that are out of the conference scope or contain any form of plagiarism will be rejected without reviews.
 Remarks about the on-line submission procedure:
-.	A "double-blind" paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the author’s personal details, the acknowledgements section and any reference that may disclose the authors identity
+. A "double-blind" paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the author’s personal details, the acknowledgements section and any reference that may disclose the authors identity
-.	Papers in ODF, PDF, DOC, DOCX or RTF format are accepted
+. Papers in ODF, PDF, DOC, DOCX or RTF format are accepted
-.	The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.
+. The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.
-= Paper submission types=
+= Paper submission types  =
 '''Regular Paper Submission'''
 A regular paper presents a work where the research is completed or almost finished. It does not necessary means that the acceptance is as a full paper. It may be accepted as a "full paper" (30 min. oral presentation), a "short paper" (15 min. oral presentation) or a "poster".
 '''Position Paper Submission'''
 A position paper presents an arguable opinion about an issue. The goal of a position paper is to convince the audience that your opinion is valid and worth listening to, without the need to present completed research work and/or validated results. It is, nevertheless, important to support your argument with evidence to ensure the validity of your claims. A position paper may be a short report and discussion of ideas, facts, situations, methods, procedures or results of scientific research (bibliographic, experimental, theoretical, or other) focused on one of the conference topic areas. The acceptance of a position paper is restricted to the categories of "short paper" or "poster", i.e. a position paper is not a candidate to acceptance as "full paper".
-= Camera-ready =
+= Camera-ready  =
 After the reviewing process is completed, the contact author (the author who submits the paper) of each paper will be notified of the result, by e-mail. The authors are required to follow the reviews in order to improve their paper before the camera-ready submission.
-= Publications =
+= Publications  =
 All accepted papers will be published in the conference proceedings, under an ISBN reference. Conference proceedings will be published by OWASP in electronic format ('''Springer proceedings have been canceled due to a low number of paper submissions''').
+<br>
-== Web-site ==
+== Web-site  ==
 http://www.ibwas.com
-== Secretariat ==
+== Secretariat  ==
 E-mail: [email protected]
-== Important Dates ==
+== Important Dates  ==
 Submission of papers and all other contributions due: '''31st October 2010'''
 Notification of acceptance: '''28th November 2010''' (delayed)
 Camera-ready version of accepted contributions: '''5th December 2010'''
 Conference: '''16th – 17th December 2010'''
-=== Call for Papers (portuguese version) ===
+=== Call for Papers (portuguese version)  ===
-== Introdução ==
+== Introdução  ==
 Existe uma mudança profunda no paradigma de desenvolvimento de sistemas de informação nos nossos dias. A emergência de tecnologias Web 2.0 levaram a um desenvolvimento e implantação massiva de aplicações e serviços Web, como a forma de desenvolvimento de sistemas de informação flexíveis. Tais sistemas são simples de desenvolver, instalar e manter e demonstram um conjunto de funcionalidades atractivas para os utilizadores, o que as tornam tão apetecíveis.
 Como resultado desta mudança paradigmática, os requisitos de segurança também se alteraram. Estes sistemas de informação baseados na Web possuem diferentes requisitos de segurança, quando comparados com sistemas tradicionais. Neste tipo de sistemas é possível encontrar aspectos importantes de segurança e de privacidade que podem afectar a forma como os mesmos operam e comprometer os seus utilizadores. Acresce o facto de que a emergência da Computação na Nuvem, que promete ainda mais flexibilidade, tem ainda um impacto mais forte nestes requisitos de segurança e de privacidade. O ambiente de segurança deve envolver não apenas o ambiente circundante mas igualmente o núcleo aplicacional.
 Esta conferência pretende juntar peritos em segurança aplicacional, investigadores, educadores e profissionais da indústria, academia e comunidades internacionais como a OWASP, por forma a discutirem de forma aberta os problemas e as soluções de segurança aplicacional. Neste contexto, investigadores provenientes da academia e da indústria poderão combinar os resultados da sua investigação com a experiência de profissionais e de engenheiros de software.
-== Temas da Conferência ==
+== Temas da Conferência  ==
-Os temas sugeridos para submissão de trabalhos incluem os seguintes (mas não se limitam apenas aos listados):
-*Desenvolvimento Seguro de Aplicações
+Os temas sugeridos para submissão de trabalhos incluem os seguintes (mas não se limitam apenas aos listados):
-*Segurança de Arquitecturas Orientadas por Serviços
-*Segurança das Estruturas e Ferramentas de Desenvolvimento
+*Desenvolvimento Seguro de Aplicações
-*Modelação de Ameaças a Aplicações Web
+*Segurança de Arquitecturas Orientadas por Serviços
-*Segurança em Cloud Computing
+*Segurança das Estruturas e Ferramentas de Desenvolvimento
-*Vulnerabilidades e Análise de Aplicações Web (revisão de código, testes de penetração, análise estática, etc)
+*Modelação de Ameaças a Aplicações Web
-*Métricas para Segurança Aplicacional
+*Segurança em Cloud Computing
-*Contra-medidas para Vulnerabilidades em Aplicações Web
+*Vulnerabilidades e Análise de Aplicações Web (revisão de código, testes de penetração, análise estática, etc)
-*Técnicas de Desenvolvimento e Codificação em Segurança
+*Métricas para Segurança Aplicacional
-*Funcionalidades da Plataforma ou Linguagem de Desenvolvimento para a Segurança de Aplicações Web
+*Contra-medidas para Vulnerabilidades em Aplicações Web
-*Utilização Segura de Bases de Dados em Aplicações Web
+*Técnicas de Desenvolvimento e Codificação em Segurança
-*Controlo de Acesso em Aplicações Web
+*Funcionalidades da Plataforma ou Linguagem de Desenvolvimento para a Segurança de Aplicações Web
-*Segurança em Serviços Web
+*Utilização Segura de Bases de Dados em Aplicações Web
-*Segurança do Browser Web
+*Controlo de Acesso em Aplicações Web
-*Privacidade em Aplicações Web
+*Segurança em Serviços Web
-*Normas, Certificações e Critérios para Avaliação da Segurança em Aplicações Web
+*Segurança do Browser Web
-*Sensibilização e Educação para a Segurança Aplicacional
+*Privacidade em Aplicações Web
-*Segurança para a Web Móvel
+*Normas, Certificações e Critérios para Avaliação da Segurança em Aplicações Web
+*Sensibilização e Educação para a Segurança Aplicacional
+*Segurança para a Web Móvel
 *Ataques e Exploração de Vulnerabilidades
-== Instruções para a submissão de trabalhos ==
+== Instruções para a submissão de trabalhos  ==
 Os autores deve submeter um trabalho original escrito em Inglês, devidamente verificado para evitar incorrecções gramaticais ou sintácticas, usando o procedimento de submissão on-line (http://www.easychair.org/conferences/?conf=ibwas10). Por favor, verifique os formatos aceites para os trabalhos e tenha atenção a dimensão máxima dos mesmos (limite de 12 páginas, de acordo com o modelo fornecido e que pode ser obtido a partir da seguinte URL: ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip).
 As indicações para a formatação dos trabalhos fornecidos no site da conferência e no template devem ser estritamente seguidas pelos autores que desejem submeter trabalhos. O formato de submissão é o mesmo do formato final. Por favor, siga as instruções de formatação usadas no template.
 Cada trabalho deve indicar com clareza a natureza da sua contribuição técnica/científica e os problemas, domínios ou ambientes para o qual é aplicável.
 Todos os artigos que estejam fora do âmbito da conferência ou que sob os quais sejam detectados actos de plágio, serão liminarmente rejeitados.
 Alguns detalhes sobre o procedimento de submissão:
 . Será utilizado um procedimento de revisão anónimo, que será repetido por pelo menos dois revisores autónomos. Para facilitar este processo, que se pretende seja rápido, eficiente e justo, é solicitado aos autores que produzam os seu trabalho e que o submetam, SEM qualquer referência a algum dos autores do mesmo. Isto significa que é necessário remover os detalhes pessoais do autor, a secção de agradecimentos e qualquer outra referência que possa revelar a identidade dos autores;
 . Serão aceites os seguintes formatos de ficheiros na submissão: ODF, PDF, DOC, DOCX e RTF;
 . O processo de submissão on-line envia automaticamente uma notificação, através do correio electrónico, do resultado da submissão ao autor correspondente.
-= Tipos de submissão de trabalhos =
+= Tipos de submissão de trabalhos  =
 '''Submissão de trabalhos regulares'''
 Um trabalho regular apresenta o trabalho em que a pesquisa está terminada ou muito próximo de estar completa. Não significa que o trabalho seja aceite na categoria de “trabalho completo”. Pode ser aceite como “trabalho completo” (apresentação oral de 30 minutos), “trabalho curto” (apresentação oral de 15 minutos) ou “poster”.
 '''Submissão de trabalhos de posição'''
 Um trabalho de posição apresenta uma opinião para discussão num determinado assunto. O objectivo de um trabalho deste tipo é o de convencer a audiência de que a sua opinião é válida e vale a pena ser escutada, sem ser necessário apresentar trabalho completo de pesquisa e/ou resultados devidamente validados. É no entanto importante suportar os seus argumentos com provas e assegurar a validade das mesmas. Um trabalho deste tipo pode ser relatório curto e a discussão de ideias, factos, situações, métodos, procedimentos ou resultados de pesquisa científica (bibliográfica, experimental, teórica ou outra) focada num dos temas da conferência. A aceitação de um trabalho de posição está restringido às categorias de “artigo curto” ou “poster”.
-= Formato Final =
+= Formato Final  =
 Depois de concluído o processo de revisão dos trabalhos submetidos, o autor de contacto (que submeteu o trabalho para a conferência) será notificado do resultado da apreciação. Os autores cujos trabalhos forem aceites devem seguir as recomendações dos revisores de melhoria dos seus trabalhos antes de submeterem a versão final dos mesmos.
-= Publicações =
+= Publicações  =
 Todos os trabalhos aceites serão publicados na acta de conferência, com uma identificação ISBN. A acta da conferência será publicada pela OWASP em formato electrónico ('''a edição pela Springer foi cancelada devido ao número baixo de submissões recebidas''').
-== Site de Web ==
+== Site de Web  ==
 http://www.ibwas.com
-== Secretariado ==
+== Secretariado  ==
 Endereço de correio electrónico: [email protected]
-== Datas importantes ==
+== Datas importantes  ==
 Submissão de trabalhos: '''31 de Outubro de 2010'''
 Notificação de Aceitação: '''28 de Novembro de 2010'''
 Versão final dos trabalhos aceites: '''5 de Dezembro de 2010'''
 Conferência: '''16 e 17 de Dezembro de 2010'''
-=== Call for Papers (spanish version) ===
+=== Call for Papers (spanish version)  ===
-== Introducción ==
+== Introducción  ==
 Existen importantes cambios en el paradigma del desarrollo de los sistemas de información. La aparición de tecnologías Web 2.0 ha permitido el desarrollo e implantación de forma masiva de aplicaciones y servicios web como una manera de desarrollar nuevos y flexibles sistemas de información. Estos sistemas son fáciles de desarrollar, implementar y mantener, además de aportar atractivas características para los usuarios favoreciendo así el uso masivo que encontramos actualmente.
 Como resultado de este cambio de paradigma, los requisitos de seguridad también han cambiado. Estos sistemas de información basados en la Web tienen diferentes requisitos de seguridad en comparación con los sistemas tradicionales. Se han identificado los aspectos de seguridad más importantes y la privacidad también es un problema que se ha planteado recientemente. Además, el emergente paradigma Cloud Computing promete una mayor flexibilidad; sin embargo, los problemas de seguridad y privacidad aún necesitan ser revisados. El entorno de seguridad debería implicar no sólo al ambiente circundante, sino también el núcleo de la aplicación.
-Esta conferencia pretende reunir a expertos en seguridad de aplicaciones, investigadores, educadores y profesionales de la industria, el sector académico  y comunidades internacionales, como OWASP, con el fin de discutir los problemas abiertos y nuevas soluciones en seguridad de aplicaciones. En este contexto, los investigadores académicos serán capaces de combinar resultados interesantes con la experiencia de los profesionales y los ingenieros de software.
+Esta conferencia pretende reunir a expertos en seguridad de aplicaciones, investigadores, educadores y profesionales de la industria, el sector académico y comunidades internacionales, como OWASP, con el fin de discutir los problemas abiertos y nuevas soluciones en seguridad de aplicaciones. En este contexto, los investigadores académicos serán capaces de combinar resultados interesantes con la experiencia de los profesionales y los ingenieros de software.
-== Temas de la Conferencia ==
+== Temas de la Conferencia  ==
 Los temas sugeridos para el envío de presentaciones incluyen (pero no estan limitados a):
-* Desarrollo seguro de aplicaciones
+*Desarrollo seguro de aplicaciones
-* Seguridad en arquitecturas orientadas a servicios
+*Seguridad en arquitecturas orientadas a servicios
-* Seguridad en frameworks de desarrollo
+*Seguridad en frameworks de desarrollo
-* Modelado de amenazas en aplicaciones Web
+*Modelado de amenazas en aplicaciones Web
-* Seguridad en Cloud Computing
+*Seguridad en Cloud Computing
-* Vulnerabilidades y Anaĺisis de aplicaciones Web (revisión de código, pruebas de intrusión, análisis estático, etc.)
+*Vulnerabilidades y Anaĺisis de aplicaciones Web (revisión de código, pruebas de intrusión, análisis estático, etc.)
-* Métricas para seguridad en aplicaciones
+*Métricas para seguridad en aplicaciones
-* Soluciones y recomendaciones para las vulnerabilidades en aplicaciones Web
+*Soluciones y recomendaciones para las vulnerabilidades en aplicaciones Web
-* Técnicas de codificación segura
+*Técnicas de codificación segura
-* Características de seguridad de la plataforma o lenguaje que ayuda a incrementar el nivel de seguridad en las aplicaciones Web
+*Características de seguridad de la plataforma o lenguaje que ayuda a incrementar el nivel de seguridad en las aplicaciones Web
-* Uso seguro de bases de datos en aplicaciones Web
+*Uso seguro de bases de datos en aplicaciones Web
-* Control de acceso en aplicaciones Web
+*Control de acceso en aplicaciones Web
-* Seguridad en servicios Web
+*Seguridad en servicios Web
-* Seguridad en navegadores Web
+*Seguridad en navegadores Web
-* Privacidad en las aplicaciones Web
+*Privacidad en las aplicaciones Web
-* Estándares, certificaciones y criterios de evaluación de la seguridad para aplicaciones Web
+*Estándares, certificaciones y criterios de evaluación de la seguridad para aplicaciones Web
-* Sensibilización y educación sobre seguridad en aplicaciones
+*Sensibilización y educación sobre seguridad en aplicaciones
-* Seguridad para la Web móvil
+*Seguridad para la Web móvil
-* Ataques y explotación de vulnerabilidades
+*Ataques y explotación de vulnerabilidades
-== Instrucciones para el envío de presentaciones ==
+== Instrucciones para el envío de presentaciones  ==
 Los autores deben presentar un documento original en inglés, tras revisar cuidadosamente la gramática y ortografía, utilizando el procedimiento de envío on-line. Por favor, compruebe las características del documento ya que debe ser consciente del límite de páginas aceptadas (12 páginas, de acuerdo a una plantilla que se facilita y que pueden descargar desde aquí [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip en formato Word]).
 Las directrices para el formato del documento facilitadas en el sitio web de la conferencia deben ser seguidas estrictamente para todos los trabajos presentados. El formato de presentación es el mismo que el formato final para impresión. Por favor revise y siga cuidadosamente las instrucciones y las plantillas proporcionadas.
 Cada trabajo debe indicar claramente la naturaleza de su contribución técnica/científica, y los problemas, dominios o entornos en los que es aplicable.
 Los trabajos que estén fuera del alcance de conferencias o puedan contener cualquier forma de plagio serán descartados directamente.
 Comentarios sobre el procedimiento de presentación on-line:
 . Se utilizará un método de revisión anónimo, que será repetido al menos por dos revisores. Para facilitar esto, se ruega a los autores que proporcionen el trabajo sin ninguna referencia a los autores. Esto significa que es necesario eliminar los datos personales del autor, la sección de agradecimientos y toda referencia que pueda revelar la identidad de los autores.
 . Se aceptan documentos en formato: ODF, PDF, DOC, DOCX o RTF.
 . El procedimiento de presentación Web automáticamente envía un acuse de recibo, por correo electrónico, al autor de contacto.
-= Tipos de envío de presentaciones =
+= Tipos de envío de presentaciones  =
 '''Envío de presentaciones normales'''
 Una presentación normal presenta un trabajo donde la investigación se ha completado o casi finalizado. Esto no necesariamente significa que la aceptación sea sobre un trabajo completo. Puede ser aceptado como un "trabajo completo" (30 min. de presentación oral), un "trabajo corto" (15 min. de presentación oral) o "poster".
 '''Envío de presentaciones de posición'''
 Una presentación de posición presenta una opinión discutible sobre un tema. El objetivo de un trabajo de posición es convencer a la audiencia que su opinión es válida y merece la pena ser escuchada, sin la necesidad de presentar un trabajo de investigación finalizado y/o los resultados validados. Es importante, sin embargo, apoyar su argumento con evidencias para asegurar la validez de sus opiniones. Un trabajo de posición puede ser un breve documento y discusión de ideas, hechos, situaciones, métodos, procedimientos o resultados de la investigación científica (bibliográfica, experimental, teórico o de otro tipo) centrado en uno de los temas de la conferencia. La aceptación de una presentación de posición se limita a las categorías de "trabajo corto" o "poster", es decir, una presentación de posición no es candidata para ser aceptada como "trabajo completo".
-= Versión Final =
+= Versión Final  =
 Después de que el proceso de revisión se complete, el autor de contacto (el autor que presenta el documento) de cada trabajo será notificado del resultado, por correo electrónico. Los autores están obligados a seguir las revisiones con el objetivo de mejorar su trabajo antes del envío de la versión final.
-= Publicaciones =
+= Publicaciones  =
 Todos los trabajos aceptados serán publicados por OWASP en los materiales de las conferencias, bajo una referencia ISBN.
-== Sitio de las Conferencias ==
+== Sitio de las Conferencias  ==
 http://www.ibwas.com
-== Secretaría ==
+== Secretaría  ==
 Dirección de correo electrónicio: [email protected]
-== Fechas importantes ==
+== Fechas importantes  ==
 Envío de presentaciones: '''31 de Octubre de 2010'''
 Notificación de aceptación: '''28 de Noviembre de 2010'''
 Versión final de presentaciones aceptadas: '''5 de Deciembre de 2010'''
 Conferencias: '''16 y 17 de Deciembre de 2010'''
 ==== Organization and Program Committee  ====
@@ Line 390: / Line 394: @@
 === IBWAS'10 Chairs  ===
 '''Carlos Serrão''', ISCTE-IUL Instituto Universitário de Lisboa, OWASP Portugal, Portugal
 '''Vicente Aguilera Díaz''', Internet Security Auditors, OWASP Spain, Spain
 === IBWAS'10 Organization  ===
-'''Fabio Cerullo''', OWASP Global Education Committee, Ireland
-'''Dinis Cruz''', OWASP Board Member, UK
+'''Fabio Cerullo''', OWASP Global Education Committee, Ireland
-'''Paulo Coimbra''', OWASP Project Manager, UK
+'''Dinis Cruz''', OWASP Board Member, UK
-'''Miguel Correia''', Universidade de Lisboa, Portugal
+'''Paulo Coimbra''', OWASP Project Manager, UK
-'''Paulo Sousa''', Universidade de Lisboa, Portugal
+'''Miguel Correia''', Universidade de Lisboa, Portugal
-'''Lucas C. Ferreira''', Câmara dos Deputados, Brasil
+'''Paulo Sousa''', Universidade de Lisboa, Portugal
-'''Arturo "Buanzo" Busleiman''', OWASP Argentina, Argentina
+'''Lucas C. Ferreira''', Câmara dos Deputados, Brasil
-'''Martin Tartarelli''', OWASP Argentina, Argentina
+'''Arturo "Buanzo" Busleiman''', OWASP Argentina, Argentina
-'''Paulo Querido''', Portugal
+'''Martin Tartarelli''', OWASP Argentina, Argentina
+'''Paulo Querido''', Portugal
 === IBWAS'10 Program Committee  ===
@@ Line 419: / Line 424: @@
 ==== Registration  ====
-== Important Dates ==
+== Important Dates  ==
 Submission of papers and all other contributions due: '''31st October 2010'''
 Notification of acceptance: '''28th November 2010'''
 Camera-ready version of accepted contributions: '''5th December 2010'''
 Conference: '''16th – 17th December 2010'''
 Registration will be available as soon as possible.
+<br>
 ==== 16th December  ====
-{{:IBWAS10 Training}}
+{{:IBWAS10 Training}}
 ==== 17th December  ====
@@ Line 439: / Line 446: @@
 == Draft agenda (still subject to changes)  ==
-{| cellspacing="1" cellpading="1" border="0" bgcolor="#dddddd" align="center"
+{| cellspacing="1" border="0" bgcolor="#dddddd" align="center"
 |- valign="middle"
-| height="60" align="center" colspan="3" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''December 17th 2010'''</font>
+| height="60" align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); -moz-background-inline-policy: continuous; color: white;" colspan="3" | <font size="5">'''December 17th 2010'''</font>
 |- valign="middle"
-| height="60" width="100" bgcolor="#ffff99" align="center" | 08:30 - 09:00
+| width="100" height="60" bgcolor="#ffff99" align="center" | 08:30 - 09:00
-| width="750" bgcolor="#ffff99" align="center" colspan="2" | <b>PARTICIPANTS RECEPTION</b><br>(<b>Welcome Desk</b>)
+| width="750" bgcolor="#ffff99" align="center" colspan="2" | '''PARTICIPANTS RECEPTION'''<br>('''Welcome Desk''')
 |- valign="middle"
-| height="60" width="100" bgcolor="#ffff99" align="center" | 09:00 - 09:30
+| width="100" height="60" bgcolor="#ffff99" align="center" | 09:00 - 09:30
-| width="750" bgcolor="#ffff99" align="center" colspan="2" |  <b>OPENING SESSION</b><br>(<b>Room XXXX</b>)<br>Professor Luís Reto (ISCTE-IUL Dean), Professor Francisco Cercas (ISTA President), Carlos Serrão (ISCTE-IUL, OWASP.Portugal), Vicente Aguillera (OWASP.Spain)
+| width="750" bgcolor="#ffff99" align="center" colspan="2" | '''OPENING SESSION'''<br>('''Room XXXX''')<br>Professor Luís Reto (ISCTE-IUL Dean), Professor Francisco Cercas (ISTA President), Carlos Serrão (ISCTE-IUL, OWASP.Portugal), Vicente Aguillera (OWASP.Spain)
 |- valign="middle"
-| height="120" width="100" bgcolor="#ffff99" align="center" | 09:30 - 10:30
+| width="100" height="120" bgcolor="#ffff99" align="center" | 09:30 - 10:30
-| width="750" bgcolor="#ffff99" align="center" colspan="2" | <b>KEYNOTE SPEAKER</b><br>(<b>Room XXXX</b>)<br>Professor Carlos Ribeiro<br>"Keynote Title"
+| width="750" bgcolor="#ffff99" align="center" colspan="2" | '''KEYNOTE SPEAKER'''<br>('''Room XXXX''')<br>Professor Carlos Ribeiro<br>"Keynote Title"
 |- valign="middle"
-| height="30" width="100" bgcolor="#ffff99" align="center" | 10:30 - 10:45
+| width="100" height="30" bgcolor="#ffff99" align="center" | 10:30 - 10:45
-| width="750" bgcolor="#ffff99" align="center" colspan="2" | <b>COFFEE BREAK</b>
+| width="750" bgcolor="#ffff99" align="center" colspan="2" | '''COFFEE BREAK'''
 |- valign="middle"
-| height="120" width="100" bgcolor="#ffff99" align="center" | 10:45 - 11:45
+| width="100" height="120" bgcolor="#ffff99" align="center" | 10:45 - 11:45
-| width="750" bgcolor="#ffff99" align="center" colspan="2" | <b>KEYNOTE SPEAKER</b><br>(<b>Room XXXX</b>)<br>Dinis Cruz<br>"Keynote Title"
+| width="750" bgcolor="#ffff99" align="center" colspan="2" | '''KEYNOTE SPEAKER'''<br>('''Room XXXX''')<br>Dinis Cruz<br>"Keynote Title"
 |- valign="middle"
-| height="180" width="100" bgcolor="#ffcc99" align="center" | 11:45 - 13:15
+| width="100" height="180" bgcolor="#ffcc99" align="center" | 11:45 - 13:15
-| width="375" bgcolor="#ffcc99" align="center" | <b>TECHNICAL TRACK</b><br>(<b>Room XXXX</b>)<br>Luís Grangeia<br>"Talk Title"<br>Arturo 'Buanzo' Busleiman<br>"Jiffy - A secure instant messenger"
+| width="375" bgcolor="#ffcc99" align="center" | '''TECHNICAL TRACK'''<br>('''Room XXXX''')<br>Luís Grangeia<br>"Talk Title"<br>Arturo 'Buanzo' Busleiman<br>"Jiffy - A secure instant messenger"
-| width="375" bgcolor="#ffcc99" align="center" | <b>TECHNICAL TRACK</b><br>(<b>Room XXXX</b>)<br>Martin Knobloch<br>"Developing Secure Applications with OWASP"<br>Bruno Morisson<br>"The Thing That Should Not Be (a glimpse into the future of web application security)"
+| width="375" bgcolor="#ffcc99" align="center" | '''TECHNICAL TRACK'''<br>('''Room XXXX''')<br>Martin Knobloch<br>"Developing Secure Applications with OWASP"<br>Bruno Morisson<br>"The Thing That Should Not Be (a glimpse into the future of web application security)"
 |- valign="middle"
-| height="150" width="100" bgcolor="#ffff99" align="center" | 13:15 - 14:30
+| width="100" height="150" bgcolor="#ffff99" align="center" | 13:15 - 14:30
-| width="750" bgcolor="#ffff99" align="center" colspan="2" | <b>LUNCH BREAK</b>
+| width="750" bgcolor="#ffff99" align="center" colspan="2" | '''LUNCH BREAK'''
 |- valign="middle"
-| height="300" width="100" bgcolor="#ffcc99" align="center" | 14:30 - 17:00
+| width="100" height="300" bgcolor="#ffcc99" align="center" | 14:30 - 17:00
-| width="375" bgcolor="#ffcc99" align="center" | <b>TECHNICAL TRACK</b><br>(<b>Room XXXX</b>)<br>Miguel Correia<br>"Software Security in the Clouds"<br>Bruno Pedro<br>"Is OAuth really secure?"<br>Francisco Rente<br>"Talk Title"
+| width="375" bgcolor="#ffcc99" align="center" | '''TECHNICAL TRACK'''<br>('''Room XXXX''')<br>Miguel Correia<br>"Software Security in the Clouds"<br>Bruno Pedro<br>"Is OAuth really secure?"<br>Francisco Rente<br>"Talk Title"
-| width="375" bgcolor="#ffcc99" align="center" | <b>RESEARCH TRACK</b><br>(<b>Room XXXX</b>)<br>Accepted Papers Presentations
+| width="375" bgcolor="#ffcc99" align="center" | '''RESEARCH TRACK'''<br>('''Room XXXX''')<br>Accepted Papers Presentations
 |- valign="middle"
-| height="30" width="100" bgcolor="#ffff99" align="center" | 17:00 - 17:15
+| width="100" height="30" bgcolor="#ffff99" align="center" | 17:00 - 17:15
-| width="750" bgcolor="#ffff99" align="center" colspan="2" | <b>COFFEE BREAK</b>
+| width="750" bgcolor="#ffff99" align="center" colspan="2" | '''COFFEE BREAK'''
 |- valign="middle"
-| height="180" width="100" width="100" bgcolor="#ffcc99" align="center" | 17:15 - 18:45
+| width="100" height="180" bgcolor="#ffcc99" align="center" | 17:15 - 18:45
-| width="375" bgcolor="#ffcc99" align="center" | <b>TECHNICAL TRACK</b><br>(<b>Room XXXX</b>)<br>John Wilander<br>"Talk Title"<br>Martin Knobloch<br>"Developing compliant applications"
+| width="375" bgcolor="#ffcc99" align="center" | '''TECHNICAL TRACK'''<br>('''Room XXXX''')<br>John Wilander<br>"Talk Title"<br>Martin Knobloch<br>"Developing compliant applications"
-| width="375" bgcolor="#ffcc99" align="center" | <b>SPONSORS TRACK</b><br>Information about sponsors
+| width="375" bgcolor="#ffcc99" align="center" | '''SPONSORS TRACK'''<br>Information about sponsors
 |- valign="middle"
-| height="30" width="100" bgcolor="#ffff99" align="center" | 18:45 - 19:00
+| width="100" height="30" bgcolor="#ffff99" align="center" | 18:45 - 19:00
-| width="750" bgcolor="#ffff99" align="center" colspan="2" | <b>CLOSING SESSION</b>
+| width="750" bgcolor="#ffff99" align="center" colspan="2" | '''CLOSING SESSION'''
 |}
-<br>
+<br>
 == Keynote:  ==
@@ Line 485: / Line 493: @@
 '''Professor Carlos Ribeiro'''
-[[File:carlosribeiro.jpg]]
+[[Image:Carlosribeiro.jpg]]
 [http://www.ist.utl.pt/ Instituto Superior Técnico], [http://www.utl.pt/ Universidade Técnica de Lisboa], Portugal
-== Talk: The Thing That Should Not Be (a glimpse into the future of web application security) ==
+== Talk: The Thing That Should Not Be (a glimpse into the future of web application security)  ==
 '''Bruno Morisson'''
-[[File:brunomorisson.jpg]]
+[[Image:Brunomorisson.jpg]]
 [http://www.integrity.pt/ Integrity, S.A.], Portugal
-Developers are not security practicioners. Security practitioners are not developers. Developers create web applications. Security practitioners want those apps to be secure (sometimes even if security breaks functionality).
+Developers are not security practicioners. Security practitioners are not developers. Developers create web applications. Security practitioners want those apps to be secure (sometimes even if security breaks functionality). Are developers and security practitioners like oil and water&nbsp;? Are security practitioners taking the right approach to help web developers understand and prevent security issues, or are we simply trying to brute force developers into security gurus&nbsp;?
-Are developers and security practitioners like oil and water ? Are security practitioners taking the right approach to help web developers understand and prevent security issues, or are we simply trying to brute force developers into security gurus ?
 == Talk: Developing Secure Applications with OWASP  ==
 '''Martin Knobloch'''
-[[File:martinknobloch.jpg]]
+[[Image:Martinknobloch.jpg]]
 [http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands
 After an introduction about OWASP, Martin will higlight the top projects of OWASP. During the presentation Martin does explain how OWASP material can be used to raise awareness about secure appliation development and how OWASP material does fit into a (secure) development lifecycle.
 == Talk: Developing compliant applications  ==
 '''Martin Knobloch'''
-[[File:martinknobloch.jpg]]
+[[Image:Martinknobloch.jpg]]
 [http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands
-How to develop applications to be compliant to security related laws and regulations?
+How to develop applications to be compliant to security related laws and regulations? To be compliant means to follow the regulations, most of the times not known by the developers. To be compliant includes to proof to be compliant. This presentation is about how to develop compliant (Web) applications that prove to be compliant!
-To be compliant means to follow the regulations, most of the times not known by the developers. To be compliant includes to proof to be compliant.
-This presentation is about how to develop compliant (Web) applications that prove to be compliant!
 == Talk: Software Security in the Clouds  ==
 '''Miguel Correia'''
-[[File:miguelcorreia.jpg]]
+[[Image:Miguelcorreia.jpg]]
 [http://www.ul.pt/ University of Lisboa], [http://www.fc.ul.pt/ Faculty of Sciences], Portugal
 Recently an expert wrote rather enfatically that "the current state of security in commercial software is rather distasteful, marked by embarrassing public reports of vulnerabilities and actual attacks". This situation is particularly concerning in times when companies are exporting their applications and data to cloud computing systems. The first part of the talk will be a personal vision of the combination of techniques and tools needed for protecing software. The second part will argue that this combination is still insuficient for critical applications in the cloud and propose solutions based on distributing trust among different clouds.
 == Talk: Jiffy - A secure instant messenger  ==
 '''Arturo 'Buanzo' Busleiman'''
-[[File:arturobuanzo.jpg]]
+[[Image:Arturobuanzo.jpg]]
 [http://www.owasp.org/index.php/Argentina OWASP Argentina], Argentina
-Jiffy - "Just for you" is an instant messaging system baseed
+Jiffy - "Just for you" is an instant messaging system baseed on OWASP's Enigform, SSL and the OpenPGP Web-of-Trust. In this talk, Buanzo will introduce us to OpenPGP, Enigform and Jiffy.
-on OWASP's Enigform, SSL and the OpenPGP Web-of-Trust. In this talk,
-Buanzo will introduce us to OpenPGP, Enigform and Jiffy.
 == Talk: Is OAuth really secure?  ==
 '''Bruno Pedro'''
-[[File:brunopedro.jpg]]
+[[Image:Brunopedro.jpg]]
 [http://www.tarpipe.com Tarpipe], Portugal
 Is the OAuth protocol really secure? Even though the OAuth authorization protocol has been published as the RFC 5849 and is being widely adopted by large Internet companies, it's important to stress out its possible security vulnerabilities.
 This talk will focus on the OWASP Top 10 Application Security Risks and how OAuth is affected by them. While some of the security risks are mitigated by OAuth, developers need to take some action to prevent other risks from affecting their implementations.
 ==== Papers  ====
 === Papers  ===
 Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure ([http://www.easychair.org/conferences/?conf=ibwas10 submission site]). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip in Word Format]).
 The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.
 === Accepted Papers  ===
@@ Line 570: / Line 575: @@
 {|
 |-
-|'''Professor Carlos Ribeiro'''
+| '''Professor Carlos Ribeiro'''
+[[Image:Carlosribeiro.jpg]]
-[[File:carlosribeiro.jpg]]
 [http://www.ist.utl.pt/ Instituto Superior Técnico], [http://www.utl.pt/ Universidade Técnica de Lisboa], Portugal
-|Carlos Ribeiro (Ph.D.) is Professor at the Computer and Information Systems Department at the IST/UTL, where he teaches Network Security, Computer Security, Security Protocols and Operating Systems courses. He has received his PhD degree in Computer Science in 2002 from IST/UTL. Carlos Ribeiro's main research area is Security. He is co-coordenator of the PhD in Information Security, and vice-president of IST computer and network unit. He has been a researcher at Inesc-id since 2002, where he is currently the leader of the Distributed Systems research Group. He has participated in several National and International research projects in computer and network security, and has been an active researcher in the e-voting field since 2002.
+| Carlos Ribeiro (Ph.D.) is Professor at the Computer and Information Systems Department at the IST/UTL, where he teaches Network Security, Computer Security, Security Protocols and Operating Systems courses. He has received his PhD degree in Computer Science in 2002 from IST/UTL. Carlos Ribeiro's main research area is Security. He is co-coordenator of the PhD in Information Security, and vice-president of IST computer and network unit. He has been a researcher at Inesc-id since 2002, where he is currently the leader of the Distributed Systems research Group. He has participated in several National and International research projects in computer and network security, and has been an active researcher in the e-voting field since 2002.
-|-
 |}
@@ Line 584: / Line 587: @@
 {|
 |-
-|'''Bruno Morisson'''
+| '''Bruno Morisson'''
-[[File:brunomorisson.jpg]]
+[[Image:Brunomorisson.jpg]]
 [http://www.integrity.pt/ Integrity, S.A.], Portugal
-|Bruno Morisson is a Consultant and Partner at INTEGRITY S.A., a
+| Bruno Morisson is a Consultant and Partner at INTEGRITY S.A., a
-Consulting and Advisory firm focusing on Information Security
+Consulting and Advisory firm focusing on Information Security Management, Telecom Management and IT Governance, where he provides consultancy, auditing and advisory services. In a past life he has held positions as a Senior Information Security Consultant and as Security Operations Manager, providing information security management services to customers in the financial, public and energy sectors in Portugal.
-Management, Telecom Management and IT Governance, where he provides
-consultancy, auditing and advisory services. In a past life he has
+For the last 12 years he's been involved in several areas of Information Security, from consulting, architecture, engineering, auditing and penetration testing, as well as integration of OpenSource security solutions. He's been actively involved with the InfoSec community in Portugal, being one of the founders of the portuguese chapter of The Honeynet Project, leading the InfoSec-Pros-PT mailing-list and currently helping gather the community in a monthly informal meeting - Confraria Security&amp;IT. Bruno also holds several certifications in Information Security (CISSP-ISSMP, CISA, ISO27001LA).
-held positions as a Senior Information Security Consultant and as
-Security Operations Manager, providing information security management
-services to customers in the financial, public and energy sectors in
-Portugal.
-For the last 12 years he's been involved in several areas of
-Information Security, from consulting, architecture, engineering,
-auditing and penetration testing, as well as integration of OpenSource
-security solutions. He's been actively involved with the InfoSec
-community in Portugal, being one of the founders of the portuguese
-chapter of The Honeynet Project, leading the InfoSec-Pros-PT
-mailing-list and currently helping gather the community in a monthly
-informal meeting - Confraria Security&IT.
-Bruno also holds several certifications in Information Security
-(CISSP-ISSMP, CISA, ISO27001LA).
-|-
 |}
 {|
 |-
-|'''Luís Grangeia'''
+| '''Luís Grangeia'''
-[[File:luisgrangeia.jpg]]
+[[Image:Luisgrangeia.jpg]]
 [http://www.sysvalue.pt/ Sysvalue, S.A.], Portugal
-|Luis Grangeia is Partner at SysValue, S.A., currently leading the company’s Information Systems Auditing practice. SysValue S.A. is a Portuguese Company focused on the reliability of Information Systems with practices in Auditing, Consulting, Integration, Training and Research and Development.
+| Luis Grangeia is Partner at SysValue, S.A., currently leading the company’s Information Systems Auditing practice. SysValue S.A. is a Portuguese Company focused on the reliability of Information Systems with practices in Auditing, Consulting, Integration, Training and Research and Development.
+Since 2001 he has been conducting IS audits and penetration tests to major national and foreign companies, such as Portugal Telecom, Banco Espírito Santo, Banco Santander, UNICRE, Direcção-Geral do Tesouro, among others. Luis also contributes occasionally to information security research, with an article of note on the technique of DNS cache snooping.
-Since 2001 he has been conducting IS audits and penetration tests to major national and foreign companies, such as Portugal Telecom, Banco Espírito Santo, Banco Santander, UNICRE, Direcção-Geral do Tesouro, among others. Luis also contributes occasionally to information security research, with an article of note on the technique of DNS cache snooping.
+Luis has attended Computer Science Engineering at Instituto Superior Técnico and currently holds the SANS GSNA, CISSP, CISA and ISO 27001 Lead Auditor certifications.
-Luis has attended Computer Science Engineering at Instituto Superior Técnico and currently holds the SANS GSNA, CISSP, CISA and ISO 27001 Lead Auditor certifications.
-|-
 |}
 {|
 |-
-|'''Francisco Rente'''
+| '''Francisco Rente'''
-[[File:franciscorente.jpg]]
+[[Image:Franciscorente.jpg]]
 [http://www.uc.pt/fctuc Faculdade de Ciência e Tecnologia], [http://www.uc.pt Universidade de Coimbra], Portugal
-|Francisco Nina Rente, is an enthusiast and an evangelist of information security, especially in matters of privacy. He had his BsC and MsC in Computer Science on University of Coimbra. Back in 2006, he founded CERT-IPN, a CSIRT team of IPN Institute, where he did R&D, consultancy and management of InfoSec until June of 2010. Francisco, is currently PhD student in University of Coimbra, where he works in "Malicious Stealth Communications". Since July of 2010, Francisco is CEO of Dognædis, a company based in Portugal, focused in Information Security and Software Assurance.
+| Francisco Nina Rente, is an enthusiast and an evangelist of information security, especially in matters of privacy. He had his BsC and MsC in Computer Science on University of Coimbra. Back in 2006, he founded CERT-IPN, a CSIRT team of IPN Institute, where he did R&amp;D, consultancy and management of InfoSec until June of 2010. Francisco, is currently PhD student in University of Coimbra, where he works in "Malicious Stealth Communications". Since July of 2010, Francisco is CEO of Dognædis, a company based in Portugal, focused in Information Security and Software Assurance.
-|-
 |}
 {|
-|'''Martin Knobloch'''
+|-
-[[File:martinknobloch.jpg]]
+| '''Martin Knobloch'''
+[[Image:Martinknobloch.jpg]]
 [http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands
+| Martin Knobloch is employed at Sogeti Netherlands as Senior Security Consultant. He is founder and thought leader of the Sogeti task force PaSS, Proactive Security Strategy, with an integral solution of information security within organisation, infrastructure and software.
+At OWASP, Martin is board member of the OWASP Netherlands Chapter and member of the Global Education Committee.
-|Martin Knobloch is employed at Sogeti Netherlands as Senior Security Consultant. He is founder and thought leader of the Sogeti task force  PaSS, Proactive Security Strategy, with an integral solution of information security within organisation, infrastructure and software.
-At OWASP, Martin is board member of the OWASP Netherlands Chapter and member of the Global Education Committee.
-|-
 |}
 {|
-|'''Miguel Correia'''
+|-
-[[File:miguelcorreia.jpg]]
+| '''Miguel Correia'''
+[[Image:Miguelcorreia.jpg]]
 [http://www.ul.pt/ University of Lisboa], [http://www.fc.ul.pt/ Faculty of Sciences], Portugal
-|Miguel Correia is Assistant Professor of the [http://www.di.fc.ul.pt/ Department of Informatics], [http://www.ul.pt/ University of Lisboa] [http://www.fc.ul.pt/ Faculty of Sciences], and Adjunct Faculty of the [http://www.cmu.edu/ Carnegie Mellon] [http://www.ini.cmu.edu/ Information Networking Institute]. He is a member of the [http://lasige.di.fc.ul.pt/ LASIGE] research unit and the [http://www.navigators.di.fc.ul.pt/ Navigators] research team. He has been involved in several international and national research projects related to intrusion tolerance and security, including the TCLOUDS, MAFTIA and CRUTIAL EC-IST projects, and the ReSIST NoE. He is currently the coordinator and an instructor of the joint Carnegie Mellon University and University of Lisboa [http://msi.di.fc.ul.pt/ MSc in Information Security]. He has more than 50 publications in international journals, conferences and workshops. He authored with Paulo Sousa a book titled "Segurança no Software" (FCA, 2010). More information about him is available at [http://www.di.fc.ul.pt/~mpc http://www.di.fc.ul.pt/~mpc].
+| Miguel Correia is Assistant Professor of the [http://www.di.fc.ul.pt/ Department of Informatics], [http://www.ul.pt/ University of Lisboa] [http://www.fc.ul.pt/ Faculty of Sciences], and Adjunct Faculty of the [http://www.cmu.edu/ Carnegie Mellon] [http://www.ini.cmu.edu/ Information Networking Institute]. He is a member of the [http://lasige.di.fc.ul.pt/ LASIGE] research unit and the [http://www.navigators.di.fc.ul.pt/ Navigators] research team. He has been involved in several international and national research projects related to intrusion tolerance and security, including the TCLOUDS, MAFTIA and CRUTIAL EC-IST projects, and the ReSIST NoE. He is currently the coordinator and an instructor of the joint Carnegie Mellon University and University of Lisboa [http://msi.di.fc.ul.pt/ MSc in Information Security]. He has more than 50 publications in international journals, conferences and workshops. He authored with Paulo Sousa a book titled "Segurança no Software" (FCA, 2010). More information about him is available at [http://www.di.fc.ul.pt/~mpc http://www.di.fc.ul.pt/~mpc].
-|-
 |}
 {|
-|'''Arturo 'Buanzo' Busleiman'''
+|-
-[[File:arturobuanzo.jpg]]
+| '''Arturo 'Buanzo' Busleiman'''
+[[Image:Arturobuanzo.jpg]]
 [http://www.owasp.org/index.php/Argentina OWASP Argentina], Argentina
+| Buanzo is a nerd. Yes, a so-called geek. Why? Simple: he started programming at the age of 8, got into information security by
+(Oh, the BBS era...!) and now he performs as a Security Consultant for the Argentinian Computer Emergency Response Team (ArCERT). If you enjoy programming, Open Source Software, Linux and all things security and geeky, you might enjoy one of his talks.
-|Buanzo is a nerd. Yes, a so-called geek. Why? Simple: he started programming at the age of 8, got into information security by
-(Oh, the BBS era...!) and now he performs as a Security Consultant
-for the Argentinian Computer Emergency Response Team (ArCERT). If you
-enjoy programming, Open Source Software, Linux and all things security
-and geeky, you might enjoy one of his talks.
-|-
 |}
 {|
-|'''John Wilander'''
+|-
-[[File:johnwilander.jpg]]
+| '''John Wilander'''
+[[Image:Johnwilander.jpg]]
 [http://www.omegapoint.se/ Omegapoint], Sweeden
-|John Wilander is an application security researcher and consultant. He is a partner and evangelist at Omegapoint, a consultancy firm based in Sweden. John typically works as a security focused software developer. Java and JavaScript are his languages of choice.
+| John Wilander is an application security researcher and consultant. He is a partner and evangelist at Omegapoint, a consultancy firm based in Sweden. John typically works as a security focused software developer. Java and JavaScript are his languages of choice.
+After his Master's degree in Computer Science and Engineering from Linköping University (Sweden) and Nanyang Technological University (Singapore) he pursued a PhD in application security. Last paper still pending but John's research publications can be found here.
-After his Master's degree in Computer Science and Engineering from Linköping University (Sweden) and Nanyang Technological University (Singapore) he pursued a PhD in application security. Last paper still pending but John's research publications can be found here.
+John started the Swedish OWASP Chapter in 2007 and has since been leader and co-leader. In 2010 he chaired the most successful OWASP AppSec EU conference so far – OWASP AppSec Research 2010. John along with the Swedish chapter are listed as contributors to OWASP Top 10 2010.
-John started the Swedish OWASP Chapter in 2007 and has since been leader and co-leader. In 2010 he chaired the most successful OWASP AppSec EU conference so far – OWASP AppSec Research 2010. John along with the Swedish chapter are listed as contributors to OWASP Top 10 2010.
-|-
 |}
 {|
-|'''Bruno Pedro'''
+|-
-[[File:brunopedro.jpg]]
+| '''Bruno Pedro'''
+[[Image:Brunopedro.jpg]]
 [http://www.tarpipe.com/ Tarpipe], Portugal
-|Bruno Pedro is a systems engineer with over 15 years’ experience in database related applications who’s been developing Web Applications since 1995. He’s the author of the O'Reilly book "PHP and Smarty on Large-Scale Web Development" and has spoken on numerous technical conferences and events.
+| Bruno Pedro is a systems engineer with over 15 years’ experience in database related applications who’s been developing Web Applications since 1995. He’s the author of the O'Reilly book "PHP and Smarty on Large-Scale Web Development" and has spoken on numerous technical conferences and events.
+He’s the author of Auth_Container_SOAP, PEAR’s SOAP based plug-and-play authentication package and, more recently, a big proponent of the OpenID and OAuth protocols.
-He’s the author of Auth_Container_SOAP, PEAR’s SOAP based plug-and-play authentication package and, more recently, a big proponent of the OpenID and OAuth protocols.
+Bruno started tarpipe.com in 2008 because he couldn't find any Web applications that could easily automate his publishing needs to social media Web sites.
-Bruno started tarpipe.com in 2008 because he couldn't find any Web applications that could easily automate his publishing needs to social media Web sites.
-|-
 |}
+<br>
 ==== Venue  ====
 IBWAS'10 will be taking place at the [http://www.iscte.pt ISCTE - Lisbon University Institute] in Lisbon, Portugal.
+== Location  ==
-== Location ==
 Ed. ISCTE <br> Av. das Forças Armadas<br> 1600- Lisboa<br> Portugal<br>
 Find the [http://maps.google.com/maps?q=iscte,+lisboa,+portugal&hl=en&cd=1&ei=JFx0S_ScKYyGONOz1YkB&sig2=FsC9HEg2JrBD00ARc_U3IA&sll=38.724358,-9.148865&sspn=0.077408,0.150719&ie=UTF8&view=map&cid=7285641604236232209&ved=0CBgQpQY&hq=iscte,+lisboa,+portugal&hnear=&ll=38.749766,-9.154122&spn=0.009673,0.01884&t=h&z=16&iwloc=A location on Google Maps].
-<googlemap lat="38.749565" lon="-9.15277" zoom="15">
+<googlemap zoom="15" lon="-9.15277" lat="38.749565">
 .748862, -9.152384, ISCTE-IUL
 </googlemap>
+<br> http://www.allofads.com/files/images/mapa_iscte.jpg
-http://www.allofads.com/files/images/mapa_iscte.jpg
+== How to get there?  ==
-== How to get there? ==
 '''Car'''
-* Go up the Av.ª das Forças Armadas.
-* Turn north at the crossing with Av.ª Prof. Gama Pinto. The crossing is located at the highest point of Av.ª das Forças Armadas.
+*Go up the Av.ª das Forças Armadas.
-* Turn to the second street right.
+*Turn north at the crossing with Av.ª Prof. Gama Pinto. The crossing is located at the highest point of Av.ª das Forças Armadas.
-* Turn to the first street right.
+*Turn to the second street right.
-* The main entrance of ISCTE is at your left.
+*Turn to the first street right.
+*The main entrance of ISCTE is at your left.
 '''Train'''
-* Leave the train at the Entrecampus station. Look for the exit leading to Av.ª da República.
-* Walk north for about 250 m towards the Rotunda de Entrecampus (a circle).
+*Leave the train at the Entrecampus station. Look for the exit leading to Av.ª da República.
-* At the circle, turn left to the Av.ª das Forças Armadas.
+*Walk north for about 250 m towards the Rotunda de Entrecampus (a circle).
-* Climb west for about 300 m towards Sete Rios. Use the sidewalk on the right.
+*At the circle, turn left to the Av.ª das Forças Armadas.
-* The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.
+*Climb west for about 300 m towards Sete Rios. Use the sidewalk on the right.
+*The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.
 '''Bus'''
-* Get on any [http://www.carris.pt/ Carris] bus with numbers [http://www.carris.pt/horarios/a054_1.pdf 54], [http://www.carris.pt/horarios/a701_1.pdf 701], or [http://www.carris.pt/horarios/a732_2.pdf 732].
-* Leave the bus at the "Faculdade de Farmácia" stop, at the top of Av.ª das Forças Armadas, close to an old house with ia battlemented roof.
+*Get on any [http://www.carris.pt/ Carris] bus with numbers [http://www.carris.pt/horarios/a054_1.pdf 54], [http://www.carris.pt/horarios/a701_1.pdf 701], or [http://www.carris.pt/horarios/a732_2.pdf 732].
-* Walk down the avenue for about 50 m. The entry leading to ISCTE will be at your left, immediatly before the canteen of the University of Lisbon.
+*Leave the bus at the "Faculdade de Farmácia" stop, at the top of Av.ª das Forças Armadas, close to an old house with ia battlemented roof.
+*Walk down the avenue for about 50 m. The entry leading to ISCTE will be at your left, immediatly before the canteen of the University of Lisbon.
 '''Subway'''
 ''First alternative:''
-* Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/ec_aid.pdf Entrecampos] station.
-* Exit the station through the north exit, leading to the Rotunda de Entrecampos (a circle), close to Av.ª das Forças Armadas.
+*Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/ec_aid.pdf Entrecampos] station.
-* From the circle, go west, up the Av.ª das Forças Armadas, for about 300 m.
+*Exit the station through the north exit, leading to the Rotunda de Entrecampos (a circle), close to Av.ª das Forças Armadas.
-* Use the sidewalk on the right.
+*From the circle, go west, up the Av.ª das Forças Armadas, for about 300 m.
-* The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.
+*Use the sidewalk on the right.
+*The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.
 ''Second alternative:''
-* Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/cu_aid.pdf Cidade Universitária] station.
-* Exit the station through the passage leading to Hospital de Santa Maria.
-* Walk south, along the left sidewalk of Av.ª Prof. Gama Pinto, for about 150 m (i.e., walk towards the Av.ª das Forças Armadas).
-* After the crossing with the Av.ª Prof. Egas Moniz (at your right), turn into the first street at your left.
-* Turn to the first street right.
-* The main entrance of ISCTE is at your left.
-Here is the representation of the walking on the map.
+*Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/cu_aid.pdf Cidade Universitária] station.
+*Exit the station through the passage leading to Hospital de Santa Maria.
+*Walk south, along the left sidewalk of Av.ª Prof. Gama Pinto, for about 150 m (i.e., walk towards the Av.ª das Forças Armadas).
+*After the crossing with the Av.ª Prof. Egas Moniz (at your right), turn into the first street at your left.
+*Turn to the first street right.
+*The main entrance of ISCTE is at your left.
-http://www.allofads.com/files/images/mapa_iscte_1.jpg
+Here is the representation of the walking on the map.
+http://www.allofads.com/files/images/mapa_iscte_1.jpg
-'''Links'''
+<br> '''Links'''
-Metro: [http://www.metrolisboa.pt www.metrolisboa.pt] <br>
+Metro: [http://www.metrolisboa.pt www.metrolisboa.pt] <br> Buses [http://www.carris.pt www.carris.pt]<br> Trains: [http://www.cp.pt www.cp.pt]<br> Taxis: [http://www.antral.pt www.antral.pt]
-Buses [http://www.carris.pt www.carris.pt]<br>
-Trains: [http://www.cp.pt www.cp.pt]<br>
-Taxis: [http://www.antral.pt www.antral.pt]
 ==== Hotels  ====
-=== Hotels ===
-This page contains information about the recommended hotels for the conference. All of the hotels are near to the conference place at a 5 to 15 minutes walking distance. PLease use the following reference when reserving your hotel: "'''Conferência IBWAS'10'''".
-== SANA Metropolitan Hotel **** ==
+=== Hotels  ===
-Rua Soeiro Pereira Gomes, Parcela 2, Entrecampos, 1600-198 Lisboa, Lisboa
+This page contains information about the recommended hotels for the conference. All of the hotels are near to the conference place at a 5 to 15 minutes walking distance. PLease use the following reference when reserving your hotel: "'''Conferência IBWAS'10'''".
+== SANA Metropolitan Hotel ****  ==
-[[File:sanametro01.jpg]]
+Rua Soeiro Pereira Gomes, Parcela 2, Entrecampos, 1600-198 Lisboa, Lisboa
-[[File:sanametro02.jpg]]
-Location on [http://maps.google.com/maps/ms?ie=UTF8&hl=pt-PT&msa=0&msid=104715835640056575562.00044cb43ee4b9e509aca&ll=38.748762,-9.159701&spn=0.009204,0.011802&z=16&iwloc=00044cb52de8286b65d85&source=embed Google Maps].
+[[Image:Sanametro01.jpg]] [[Image:Sanametro02.jpg]]
-Hotel [http://www.sanahotels.com/gca/index.php?hotelId=50&lng=en web-site].
+Location on [http://maps.google.com/maps/ms?ie=UTF8&hl=pt-PT&msa=0&msid=104715835640056575562.00044cb43ee4b9e509aca&ll=38.748762,-9.159701&spn=0.009204,0.011802&z=16&iwloc=00044cb52de8286b65d85&source=embed Google Maps].
-{|cellspacing="1" cellpading="1" border="1"
+Hotel [http://www.sanahotels.com/gca/index.php?hotelId=50&lng=en web-site].
+{| cellspacing="1" border="1"
 |-
-|bgcolor="#cccccc"|'''Room type'''
+| bgcolor="#cccccc" | '''Room type'''
-|bgcolor="#cccccc"|'''Individual'''
+| bgcolor="#cccccc" | '''Individual'''
-|bgcolor="#cccccc"|'''Double'''
+| bgcolor="#cccccc" | '''Double'''
 |-
-|bgcolor="#eeeeee"|'''Standard'''
+| bgcolor="#eeeeee" | '''Standard'''
-|67 euros
+| 67 euros
-|72 euros
+| 72 euros
-|-
-|bgcolor="#eeeeee"|'''Extra Bed'''
-|30 euros
-|
 |-
+| bgcolor="#eeeeee" | '''Extra Bed'''
+| 30 euros
+|
 |}
-== Vip Executive Villa Rica Hotel **** ==
+== Vip Executive Villa Rica Hotel ****  ==
-Av.5 de Outubro Nr. 295, Entrecampos, 1600-035 Lisboa (Lisboa)
-http://www.viphotels.com/Images/VIPExecutiveVillaRica/galeria/Exterior/01.jpg
+Av.5 de Outubro Nr. 295, Entrecampos, 1600-035 Lisboa (Lisboa)
-Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/Localizacao.aspx Google Maps].
+http://www.viphotels.com/Images/VIPExecutiveVillaRica/galeria/Exterior/01.jpg
-Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/OHotel.aspx web-site].
+Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/Localizacao.aspx Google Maps].
-== NH Campo Grande **** ==
+Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/OHotel.aspx web-site].
-Campo Grande, 7, 1700-087 Lisboa, Lisboa
-http://www.nh-hoteles.pt/nh/hotel-gallery/1101383-t2-z2w.jpg
+== NH Campo Grande ****  ==
-http://www.nh-hoteles.pt/nh/hotel-gallery/1101375-t2-z2w.jpg
-Location on [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html?type=location Google Maps].
+Campo Grande, 7, 1700-087 Lisboa, Lisboa
-Hotel [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html web-site].
+http://www.nh-hoteles.pt/nh/hotel-gallery/1101383-t2-z2w.jpg http://www.nh-hoteles.pt/nh/hotel-gallery/1101375-t2-z2w.jpg
-{|cellspacing="1" cellpading="1" border="1"
+Location on [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html?type=location Google Maps].
+Hotel [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html web-site].
+{| cellspacing="1" border="1"
 |-
-|bgcolor="#cccccc"|'''Room type'''
+| bgcolor="#cccccc" | '''Room type'''
-|bgcolor="#cccccc"|'''Individual'''
+| bgcolor="#cccccc" | '''Individual'''
-|bgcolor="#cccccc"|'''Double'''
+| bgcolor="#cccccc" | '''Double'''
-|-
-|bgcolor="#eeeeee"|'''Standard'''
-|83 euros
-|90 euros
 |-
+| bgcolor="#eeeeee" | '''Standard'''
+| 83 euros
+| 90 euros
 |}
-== Hotel VIP Executive Zurique *** ==
+== Hotel VIP Executive Zurique ***  ==
-Rua Ivone Silva 18, 1050 Lisboa
-http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Exterior/03.jpg
+Rua Ivone Silva 18, 1050 Lisboa
-http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Interior/05.jpg
+http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Exterior/03.jpg
-Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/Localizacao.aspx Google Maps].
+http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Interior/05.jpg
-Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/OHotel.aspx web-site].
+Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/Localizacao.aspx Google Maps].
-{|cellspacing="1" cellpading="1" border="1"
+Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/OHotel.aspx web-site].
+{| cellspacing="1" border="1"
 |-
-|bgcolor="#cccccc"|'''Room type'''
+| bgcolor="#cccccc" | '''Room type'''
-|bgcolor="#cccccc"|'''Individual'''
+| bgcolor="#cccccc" | '''Individual'''
-|bgcolor="#cccccc"|'''Double'''
+| bgcolor="#cccccc" | '''Double'''
-|-
-|bgcolor="#eeeeee"|'''Standard'''
-|65 euros
-|70 euros
 |-
+| bgcolor="#eeeeee" | '''Standard'''
+| 65 euros
+| 70 euros
 |}
-== Hotel Berna *** ==
+== Hotel Berna ***  ==
-Avenida António Serpa 13, 1069 Lisboa
-http://www.viphotels.com/Images/VIPInnBerna/galeria/Exterior/02.jpg
+Avenida António Serpa 13, 1069 Lisboa
-http://www.viphotels.com/Images/VIPInnBerna/galeria/Interior/05.jpg
+http://www.viphotels.com/Images/VIPInnBerna/galeria/Exterior/02.jpg
-Location on [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/Localizacao.aspx Google Maps].
+http://www.viphotels.com/Images/VIPInnBerna/galeria/Interior/05.jpg
-Hotel [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/OHotel.aspx web-site].
+Location on [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/Localizacao.aspx Google Maps].
-{|cellspacing="1" cellpading="1" border="1"
+Hotel [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/OHotel.aspx web-site].
+{| cellspacing="1" border="1"
 |-
-|bgcolor="#cccccc"|'''Room type'''
+| bgcolor="#cccccc" | '''Room type'''
-|bgcolor="#cccccc"|'''Individual'''
+| bgcolor="#cccccc" | '''Individual'''
-|bgcolor="#cccccc"|'''Double'''
+| bgcolor="#cccccc" | '''Double'''
-|-
-|bgcolor="#eeeeee"|'''Standard'''
-|47,30 euros
-|53,60 euros
 |-
+| bgcolor="#eeeeee" | '''Standard'''
+| 47,30 euros
+| 53,60 euros
 |}
-== Holiday Inn Hotel Continental **** ==
+== Holiday Inn Hotel Continental ****  ==
-Rua Laura Alves 9, 1050 Lisboa‎
-[[File:hinn01.jpg]]
+Rua Laura Alves 9, 1050 Lisboa‎
-[[File:hinn02.jpg]]
-Location on [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=Rua+Laura+Alves,+9++1069-169+Lisboa+Portugal&sll=38.74144,-9.149605&sspn=0.039833,0.073471&ie=UTF8&hq=&hnear=R.+Laura+Alves+9,+Ns.+de+F%C3%A1tima,+1050+Lisbon,+Portugal&ll=38.741666,-9.149873&spn=0.009958,0.018368&t=h&z=16&iwloc=r1 Google Maps].
+[[Image:Hinn01.jpg]] [[Image:Hinn02.jpg]]
-Hotel [http://www.grupo-continental.com/home/index.php?option=com_content&view=article&id=55&Itemid=77 web-site].
+Location on [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=Rua+Laura+Alves,+9++1069-169+Lisboa+Portugal&sll=38.74144,-9.149605&sspn=0.039833,0.073471&ie=UTF8&hq=&hnear=R.+Laura+Alves+9,+Ns.+de+F%C3%A1tima,+1050+Lisbon,+Portugal&ll=38.741666,-9.149873&spn=0.009958,0.018368&t=h&z=16&iwloc=r1 Google Maps].
-{|cellspacing="1" cellpading="1" border="1"
+Hotel [http://www.grupo-continental.com/home/index.php?option=com_content&view=article&id=55&Itemid=77 web-site].
+{| cellspacing="1" border="1"
 |-
-|bgcolor="#cccccc"|'''Room type'''
+| bgcolor="#cccccc" | '''Room type'''
-|bgcolor="#cccccc"|'''Individual'''
+| bgcolor="#cccccc" | '''Individual'''
-|bgcolor="#cccccc"|'''Double'''
+| bgcolor="#cccccc" | '''Double'''
-|-
-|bgcolor="#eeeeee"|'''Standard'''
-|78 euros
-|88 euros
 |-
+| bgcolor="#eeeeee" | '''Standard'''
+| 78 euros
+| 88 euros
 |}
-== Radisson Blu Lisboa **** ==
+== Radisson Blu Lisboa ****  ==
-Av. Marechal Craveiro Lopes, 390, Entrecampos, Lisboa (Lisboa)
-http://www.hoteis.com/13/hotels/1000000/530000/524600/524550/hcom_524550_7_b.jpg
+Av. Marechal Craveiro Lopes, 390, Entrecampos, Lisboa (Lisboa)
-http://static.laterooms.com/hotelphotos/laterooms/179198/gallery/radisson-blu-lisboa-lisboa_250520090848039933.jpg
-Location on [http://www.radissonblu.com/hotel-lisbon/location Google Maps].
+http://www.hoteis.com/13/hotels/1000000/530000/524600/524550/hcom_524550_7_b.jpg http://static.laterooms.com/hotelphotos/laterooms/179198/gallery/radisson-blu-lisboa-lisboa_250520090848039933.jpg
-Hotel [http://www.radissonblu.com/hotel-lisbon web-site].
+Location on [http://www.radissonblu.com/hotel-lisbon/location Google Maps].
+Hotel [http://www.radissonblu.com/hotel-lisbon web-site].
 ==== Sponsors  ====
@@ Line 913: / Line 901: @@
 Slots are going fast so [mailto:[email protected] contact us] to sponsor today!
-{| cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;"
+{| cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0% transparent; -moz-background-inline-policy: continuous; color: white;"
 |-
 |
 == Sponsors  ==
-| [http://www.iscte.pt http://ibwas09.netmust.eu/files/iscte-iul.png]
+| [http://www.iscte.pt [[Image:&#124;iscte-iul.png]]]
-| [http://www.adetti.pt http://ibwas09.netmust.eu/files/adetti.png]
+| [http://www.adetti.pt [[Image:&#124;adetti.png]]]
-| [http://www.isecauditors.com http://ibwas09.netmust.eu/files/pasted-graphic.jpg]
+| [http://www.isecauditors.com [[Image:&#124;pasted-graphic.jpg]]]
-| [http://lasige.di.fc.ul.pt/ http://ibwas09.netmust.eu/files/lasige.png]
+| [http://lasige.di.fc.ul.pt/ [[Image:&#124;lasige.png]]]
 |-
-| &nbps;
+| &amp;nbps;
-| [http://www.maxdata.pt http://ibwas09.netmust.eu/files/ibwas10/maxdata.png]
+| [http://www.maxdata.pt [[Image:&#124;maxdata.png]]]
-| [http://www.noesis.pt http://ibwas09.netmust.eu/files/ibwas10/noesis.png]
+| [http://www.noesis.pt [[Image:&#124;noesis.png]]]
-| [http://www.neoglobeconsulting.com/ http://ibwas09.netmust.eu/files/ibwas10/neoglobeconsulting.png]
+| [http://www.neoglobeconsulting.com/ [[Image:&#124;neoglobeconsulting.png]]]
 |-
 |
+== Media Sponsors  ==
-== Media Sponsors ==
+| [http://www.aeiou.pt [[Image:&#124;aeiou.png]]]
+| [http://www.borrmart.es/redseguridad.php [[Image:&#124;redseguridad.jpg]]]
-|  [http://www.aeiou.pt http://ibwas09.netmust.eu/files/ibwas10/aeiou.png]
+|
-|  [http://www.borrmart.es/redseguridad.php http://ibwas09.netmust.eu/files/redseguridad.jpg]
-|
 |-
 | &nbsp;
 |-
 |
+== Supported by  ==
-== Supported by ==
 | [[Image:]]
@@ Line 954: / Line 939: @@
 |
 | [[Image:]]
 |
 |
 |-
 |
 |}
 ==== Tourism  ====
-=== Visit Lisbon ===
+=== Visit Lisbon  ===
-For Tourist Information and more: [http://www.visitlisboa.com/home.asp?lng=uk Visit Lisbon] (website of the Lisbon Tourism Office). See also [http://www.atl-turismolisboa.pt/home.asp?lng=uk here]. About Portugal, see [http://www.visitportugal.com/ here].
-LISBON is beautiful, historic, modern, sunny & it never stops! It is an enchanting city with delightful cuisine and unforgettable sites. The city holds many pleasant surprises to visitors who wish to enjoy their stay. The capital of Portugal since its conquest from the Moors in 1147, Lisbon is a legendary city with over 20 centuries of History. The Alfama is one of the oldest quarters in Lisbon. It survived the earthquake of 1755 and still retains much of its original layout. In addition to Alfama are the likewise old quarters of Castelo and Mouraria, on the western and northern slopes of the hill that is crowned by St. George's Castle. Radiant skies brighten the monumental city, with its typical tile covered building façades and narrow medieval streets, where one can hear the fado being played and sung at night.
+For Tourist Information and more: [http://www.visitlisboa.com/home.asp?lng=uk Visit Lisbon] (website of the Lisbon Tourism Office). See also [http://www.atl-turismolisboa.pt/home.asp?lng=uk here]. About Portugal, see [http://www.visitportugal.com/ here].
-Here's a taste of what you can find here in Lisbon, or nearby.
+LISBON is beautiful, historic, modern, sunny &amp; it never stops! It is an enchanting city with delightful cuisine and unforgettable sites. The city holds many pleasant surprises to visitors who wish to enjoy their stay. The capital of Portugal since its conquest from the Moors in 1147, Lisbon is a legendary city with over 20 centuries of History. The Alfama is one of the oldest quarters in Lisbon. It survived the earthquake of 1755 and still retains much of its original layout. In addition to Alfama are the likewise old quarters of Castelo and Mouraria, on the western and northern slopes of the hill that is crowned by St. George's Castle. Radiant skies brighten the monumental city, with its typical tile covered building façades and narrow medieval streets, where one can hear the fado being played and sung at night.
+Here's a taste of what you can find here in Lisbon, or nearby.
 {|
- |-
+|-
- |'''Torre de Belém'''
+| '''Torre de Belém'''
- |'''Mosteiro dos Jerónimos'''
+| '''Mosteiro dos Jerónimos'''
- |'''Ponte 25 de Abril'''
+| '''Ponte 25 de Abril'''
- |-
+|-
- |[[File:torredebelem.jpg]]
+| [[Image:Torredebelem.jpg]]
- |[[File:mosteirojeronimos.jpg]]
+| [[Image:Mosteirojeronimos.jpg]]
- |[[File:ponte21abril.jpg]]
+| [[Image:Ponte21abril.jpg]]
- |-
+|-
- |'''Castelo de São Jorge'''
+| '''Castelo de São Jorge'''
- |'''Alfama'''
+| '''Alfama'''
- |'''Parque Eduardo VII'''
+| '''Parque Eduardo VII'''
- |-
+|-
- |[[File:castelosjorge.jpg]]
+| [[Image:Castelosjorge.jpg]]
- |[[File:algfama.jpg]]
+| [[Image:Algfama.jpg]]
- |[[File:parqueeduardo7.jpg]]
+| [[Image:Parqueeduardo7.jpg]]
- |-
+|-
- |'''Aqueduto das Águas Livres'''
+| '''Aqueduto das Águas Livres'''
- |'''Museu dos Coches'''
+| '''Museu dos Coches'''
- |'''Casa dos Bicos'''
+| '''Casa dos Bicos'''
- |-
+|-
- |[[File:aqueduto.jpg]]
+| [[Image:Aqueduto.jpg]]
- |[[File:coches.jpg]]
+| [[Image:Coches.jpg]]
- |[[File:bicos.jpg]]
+| [[Image:Bicos.jpg]]
- |-
+|-
- |'''Parque das Nações'''
+| '''Parque das Nações'''
- |'''Oceanário'''
+| '''Oceanário'''
- |'''Pavilhão Multiusos'''
+| '''Pavilhão Multiusos'''
- |-
+|-
- |[[File:pnacoes.jpg]]
+| [[Image:Pnacoes.jpg]]
- |[[File:oceanario.jpg]]
+| [[Image:Oceanario.jpg]]
- |[[File:multiusos.jpg]]
+| [[Image:Multiusos.jpg]]
- |-
+|-
- |'''Cacilheiros'''
+| '''Cacilheiros'''
- |'''Linha de Cascais - Praias'''
+| '''Linha de Cascais - Praias'''
- |'''Linha da Caparica - Praias'''
+| '''Linha da Caparica - Praias'''
- |-
+|-
- |[[File:cacilheiros.jpg]]
+| [[Image:Cacilheiros.jpg]]
- |[[File:cascais.jpg]]
+| [[Image:Cascais.jpg]]
- |[[File:caparica.jpg]]
+| [[Image:Caparica.jpg]]
- |-
+|-
- |'''Casino Lisboa'''
+| '''Casino Lisboa'''
- |'''Docas - Diversão Nocturna'''
+| '''Docas - Diversão Nocturna'''
- |'''Fado'''
+| '''Fado'''
- |-
+|-
- |[[File:casino.jpg]]
+| [[Image:Casino.jpg]]
- |[[File:docas.jpg]]
+| [[Image:Docas.jpg]]
- |[[File:fado.jpg]]
+| [[Image:Fado.jpg]]
- |-
+|-
- |'''Sintra Vila'''
+| '''Sintra Vila'''
- |'''Sintra - Palácio da Pena'''
+| '''Sintra - Palácio da Pena'''
- |'''Cristo Rei'''
+| '''Cristo Rei'''
- |-
+|-
- |[[File:sintravila.jpg]]
+| [[Image:Sintravila.jpg]]
- |[[File:sintrapalacio.jpg]]
+| [[Image:Sintrapalacio.jpg]]
- |[[File:cristorei.jpg]]
+| [[Image:Cristorei.jpg]]
- |-
+|}
- |}
+<br>
 ==== In the News  ====
 List of places where the IBWAS'10 conference has been referenced.
 *[http://ibwas09.netmust.eu/files/ibwas10/IBWAS-RedSeguridad.pdf RedSeguridad Magazine], September 2010
+<br>
-==== IBWAS'10 Internals ====
+==== IBWAS'10 Internals  ====
-* [https://spreadsheets.google.com/ccc?key=0AqVV6XaEAb3ddDI2ZkNsSjhDdWdQNl9ISW0tc19Sa3c&hl=en&authkey=CKyFt_AO Conference & Training's financials]
+*[https://spreadsheets.google.com/ccc?key=0AqVV6XaEAb3ddDI2ZkNsSjhDdWdQNl9ISW0tc19Sa3c&hl=en&authkey=CKyFt_AO Conference &amp; Training's financials]
+<br>
 <headertabs />
 [[Category:OWASP_AppSec_Conference]] [[Category:OWASP_IBWAS]]

Difference between revisions of "IBWAS10"

Revision as of 17:25, 23 November 2010

Welcome

Call for Papers (CLOSED)

Call for Papers (english version)

Introduction

Conference Topics

Paper Submission Instructions

Web-site

Secretariat

Important Dates

Call for Papers (portuguese version)

Introdução

Temas da Conferência

Instruções para a submissão de trabalhos

Site de Web

Secretariado

Datas importantes

Call for Papers (spanish version)

Introducción

Temas de la Conferencia

Instrucciones para el envío de presentaciones

Sitio de las Conferencias

Secretaría

Fechas importantes

Organization and Program Committee

IBWAS'10 Chairs

IBWAS'10 Organization

IBWAS'10 Program Committee

Registration

Important Dates

16th December

17th December

Draft agenda (still subject to changes)

Keynote:

Talk: The Thing That Should Not Be (a glimpse into the future of web application security)

Talk: Developing Secure Applications with OWASP

Talk: Developing compliant applications

Talk: Software Security in the Clouds

Talk: Jiffy - A secure instant messenger

Talk: Is OAuth really secure?

Papers

Papers

Accepted Papers

Speakers

Keynote Speakers

Panel Speakers

Venue

Location

How to get there?

Hotels

Hotels

SANA Metropolitan Hotel ****

Vip Executive Villa Rica Hotel ****

NH Campo Grande ****

Hotel VIP Executive Zurique ***

Hotel Berna ***

Holiday Inn Hotel Continental ****

Radisson Blu Lisboa ****

Sponsors

Sponsors

Sponsors

Media Sponsors

Supported by

Tourism

Visit Lisbon

In the News

IBWAS'10 Internals

Navigation menu

Search