This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "IBWAS10"

From OWASP
Jump to: navigation, search
(Paper Submission Instructions)
(Replaced content with '#REDIRECT OWASP IBWAS10')
 
(175 intermediate revisions by 5 users not shown)
Line 1: Line 1:
__NOTOC__
+
#REDIRECT [[OWASP IBWAS10]]
 
 
= 2nd. Ibero-American Web Application Security Conference (IBWAS'10)  =
 
 
 
[http://www.iscte.pt/ ISCTE - Lisbon University Institute] |
 
 
 
[http://ibwas09.netmust.eu IBWAS'09 (last year editon)] - [http://www.owasp.org/index.php/IBWAS09 Internal OWASP site]
 
 
 
'''25 - 26 November 2010''' (dates have been changed)
 
 
 
(a joint organization of the [http://www.owasp.org/index.php/Portuguese Portuguese] and [http://www.owasp.org/index.php/Spain Spanish] OWASP chapters)
 
 
 
<br> <!-- Header -->
 
 
 
==== Welcome  ====
 
 
 
{| style="width: 100%;"
 
|-
 
| style="width: 100%; color: rgb(0, 0, 0);" |
 
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
 
|-
 
| style="width: 95%; color: rgb(0, 0, 0);" |
 
http://www.allofads.com/files/ibwas10/PromoIBWAS10-700px.jpg
 
 
 
IBWAS'10, the 2nd. Ibero-American Web Application Security conference will be held in Lisbon (Portugal), on the 25th and 26th November 2010 ('''dates have been changed''').
 
 
 
The conference will take place at the [http://www.iscte.pt ISCTE - Lisbon University Institute]. The location details can be found [http://www.owasp.org/index.php/Ibwas10#tab=Venue here].
 
 
 
Conference proceedings will be published by [http://www.springer.com/ Springer] in the [http://www.springer.com/series/7899 Communications in Computer and Information Science (CCIS)] series.
 
 
 
{|
 
|-
 
|http://ibwas09.netmust.eu/files/ibwas10/CCIS_72.png
 
|This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
 
 
 
In addition to the technical issues of the conference programme, our website provides you with tourist information on the city of Lisbon, unique for its cultural and historical richness, lovely surroundings and other nice places to visit around the city.
 
|-
 
|}
 
 
 
'''Who Should Attend IBWAS'10:'''
 
 
 
*Academics
 
*Researchers
 
*Lifelong learning educators
 
*Technical staff
 
*Secondary, vocational, or tertiary educators
 
*Professionals from the private and public sector
 
*Technologists and Scientifics
 
*School counsellors, principals and teachers
 
*Education policy development representatives
 
*General personnel from vocational sectors
 
*Student counsellors
 
*Career/employment officers
 
*Education advisers
 
*Student Unions
 
*Bridging program lecturers &amp; support staff
 
*Library personnel
 
*International support and services staff
 
*Open learning specialists
 
*Application Developers
 
*Application Testers and Quality Assurance
 
*Application Project Management and Staff
 
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
 
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 
*Security Managers and Staff
 
*Executives, Managers, and Staff Responsible for IT Security Governance
 
*IT Professionals Interesting in Improving IT Security
 
 
 
...and any person interested in Web Application and Services Security and Information Security in general.
 
 
 
We look forward to seeing you in Lisbon!
 
 
 
|}
 
 
 
<!-- Twitter Box -->
 
 
 
| valign="top" style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->
 
[[File:ibwas10-logo-main.png]]<br><br>
 
[[File:springer.jpg]][[File:ccis.jpg]]<br><br>
 
[http://www.twitter.com/ibwas10 http://twitter-badges.s3.amazonaws.com/twitter-a.png]
 
[http://www.facebook.com/#!/group.php?gid=113336378677245 http://www.allofads.com/files/images/facebook-logo.jpg]
 
[http://events.linkedin.com/2nd-Ibero-American-Web-Application/pub/273820 http://static03.linkedin.com/img/logos/logo_linkedin_88x22.png]
 
 
 
{|
 
|-
 
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
 
Use the '''[http://search.twitter.com/search?q=%23ibwas10 #ibwas10]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)
 
 
 
'''@ibwas10 Twitter Feed ([http://twitter.com/ibwas10 follow us on Twitter!])'''
 
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 
|}
 
 
 
{|
 
|-
 
| align = "right"  |
 
[http://www.iscte.pt http://ibwas09.netmust.eu/files/iscte-iul.png]
 
 
 
[http://www.adetti.pt http://ibwas09.netmust.eu/files/adetti.png]
 
 
 
[http://www.maxdata.pt http://ibwas09.netmust.eu/files/ibwas10/maxdata.png]
 
 
 
[http://www.noesis.pt http://ibwas09.netmust.eu/files/ibwas10/noesis.png]
 
 
 
[http://www.isecauditors.com http://ibwas09.netmust.eu/files/pasted-graphic.jpg]
 
 
 
[http://lasige.di.fc.ul.pt/ http://ibwas09.netmust.eu/files/lasige.png]
 
 
 
 
 
'''Media Partners:'''
 
 
 
[http://www.aeiou.pt http://ibwas09.netmust.eu/files/ibwas10/aeiou.png]
 
 
 
[http://www.borrmart.es/redseguridad.php http://ibwas09.netmust.eu/files/redseguridad.jpg]
 
|}
 
 
 
|}
 
 
 
<!-- End Banner -->
 
==== Call for Papers  ====
 
 
 
=== Call for Papers (english version) ===
 
[[#Call for Papers (portuguese version)]] [[#Call for Papers (spanish version)]]
 
 
 
You can find here a [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP.pdf PDF version] of the Call for Papers. Also in [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP-PT.pdf Portuguese]  (Português)
 
 
 
== Introduction ==
 
 
 
There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.
 
 
 
As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.
 
 
 
This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
 
 
 
== Conference Topics ==
 
 
 
Suggested topics for papers submission include (but are not limited to):
 
*Secure application development
 
*Security of service oriented architectures
 
*Security of development frameworks
 
*Threat modelling of web applications
 
*Cloud computing security
 
*Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
 
*Metrics for application security
 
*Countermeasures for web application vulnerabilities
 
*Secure coding techniques
 
*Platform or language security features that help secure web applications
 
*Secure database usage in web applications
 
*Access control in web applications
 
*Web services security
 
*Browser security
 
*Privacy in web applications
 
*Standards, certifications and security evaluation criteria for web applications
 
*Application security awareness and education
 
*Security for the mobile web
 
*Attacks and Vulnerability Exploitation
 
 
 
== Paper Submission Instructions ==
 
 
 
Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure ([http://www.easychair.org/conferences/?conf=ibwas10 submission site]). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip in Word Format] and in [ftp://ftp.springer.de/pub/tex/latex/llncs/latex2e/llncs2e.zip LateX format]).
 
 
 
The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.
 
 
 
Each paper should clearly indicate the nature of its technical/scientific contribution, and the problems, domains or environments to which it is applicable.
 
 
 
Papers that are out of the conference scope or contain any form of plagiarism will be rejected without reviews.
 
 
 
Remarks about the on-line submission procedure:
 
 
 
1. A "double-blind" paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the author’s personal details, the acknowledgements section and any reference that may disclose the authors identity
 
 
 
2. Papers in ODF, PDF, DOC, DOCX or RTF format are accepted
 
 
 
3. The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.
 
 
 
= Paper submission types=
 
 
 
'''Regular Paper Submission'''
 
 
 
A regular paper presents a work where the research is completed or almost finished. It does not necessary means that the acceptance is as a full paper. It may be accepted as a "full paper" (30 min. oral presentation), a "short paper" (15 min. oral presentation) or a "poster".
 
 
 
'''Position Paper Submission'''
 
 
 
A position paper presents an arguable opinion about an issue. The goal of a position paper is to convince the audience that your opinion is valid and worth listening to, without the need to present completed research work and/or validated results. It is, nevertheless, important to support your argument with evidence to ensure the validity of your claims. A position paper may be a short report and discussion of ideas, facts, situations, methods, procedures or results of scientific research (bibliographic, experimental, theoretical, or other) focused on one of the conference topic areas. The acceptance of a position paper is restricted to the categories of "short paper" or "poster", i.e. a position paper is not a candidate to acceptance as "full paper".
 
 
 
= Camera-ready =
 
 
 
After the reviewing process is completed, the contact author (the author who submits the paper) of each paper will be notified of the result, by e-mail. The authors are required to follow the reviews in order to improve their paper before the camera-ready submission.
 
 
 
= Publications =
 
 
 
All accepted papers will be published in the conference proceedings, under an ISBN reference. Conference proceedings will be published by Springer in the Communications in Computer and Information Science (CCIS) series.
 
 
 
 
 
== Web-site ==
 
 
 
http://www.ibwas.com
 
 
 
== Secretariat ==
 
 
 
 
 
 
== Important Dates ==
 
 
 
Submission of papers and all other contributions due: '''8th October 2010'''
 
 
 
Notification of acceptance: '''22nd October 2010'''
 
 
 
Camera-ready version of accepted contributions: '''29th October 2010'''
 
 
 
Conference: '''25th – 26th November 2010'''
 
 
 
=== Call for Papers (portuguese version) ===
 
 
 
== Introdução ==
 
 
 
Existe uma mudança profunda no paradigma de desenvolvimento de sistemas de informação nos nossos dias. A emergência de tecnologias Web 2.0 levaram a um desenvolvimento e implantação massiva de aplicações e serviços Web, como a forma de desenvolvimento de sistemas de informação flexíveis. Tais sistemas são simples de desenvolver, instalar e manter e demonstram um conjunto de funcionalidades atractivas para os utilizadores, o que as tornam tão apetecíveis.
 
 
 
Como resultado desta mudança paradigmática, os requisitos de segurança também se alteraram. Estes sistemas de informação baseados na Web possuem diferentes requisitos de segurança, quando comparados com sistemas tradicionais. Neste tipo de sistemas é possível encontrar aspectos importantes de segurança e de privacidade que podem afectar a forma como os mesmos operam e comprometer os seus utilizadores. Acresce o facto de que a emergência da Computação na Nuvem, que promete ainda mais flexibilidade, tem ainda um impacto mais forte nestes requisitos de segurança e de privacidade. O ambiente de segurança deve envolver não apenas o ambiente circundante mas igualmente o núcleo aplicacional.
 
 
 
Esta conferência pretende juntar peritos em segurança aplicacional, investigadores, educadores e profissionais da indústria, academia e comunidades internacionais como a OWASP, por forma a discutirem de forma aberta os problemas e as soluções de segurança aplicacional. Neste contexto, investigadores provenientes da academia e da indústria poderão combinar os resultados da sua investigação com a experiência de profissionais e de engenheiros de software.
 
 
 
== Temas da Conferência ==
 
Os temas sugeridos para submissão de trabalhos incluem os seguintes (mas não se limitam apenas aos listados):
 
*Desenvolvimento Seguro de Aplicações
 
*Segurança de Arquitecturas Orientadas por Serviços
 
*Segurança das Estruturas e Ferramentas de Desenvolvimento
 
*Modelação de Ameaças a Aplicações Web
 
*Segurança em Cloud Computing
 
*Vulnerabilidades e Análise de Aplicações Web (revisão de código, testes de penetração, análise estática, etc)
 
*Métricas para Segurança Aplicacional
 
*Contra-medidas para Vulnerabilidades em Aplicações Web
 
*Técnicas de Desenvolvimento e Codificação em Segurança
 
*Funcionalidades da Plataforma ou Linguagem de Desenvolvimento para a Segurança de Aplicações Web
 
*Utilização Segura de Bases de Dados em Aplicações Web
 
*Controlo de Acesso em Aplicações Web
 
*Segurança em Serviços Web
 
*Segurança do Browser Web
 
*Privacidade em Aplicações Web
 
*Normas, Certificações e Critérios para Avaliação da Segurança em Aplicações Web
 
*Sensibilização e Educação para a Segurança Aplicacional
 
*Segurança para a Web Móvel
 
*Ataques e Exploração de Vulnerabilidades
 
 
 
== Instruções para a submissão de trabalhos ==
 
 
 
Os autores deve submeter um trabalho original escrito em Inglês, devidamente verificado para evitar incorrecções gramaticais ou sintácticas, usando o procedimento de submissão on-line (http://www.easychair.org/conferences/?conf=ibwas10). Por favor, verifique os formatos aceites para os trabalhos e tenha atenção a dimensão máxima dos mesmos (limite de 12 páginas, de acordo com o modelo fornecido e que pode ser obtido a partir da seguinte URL: ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip).
 
 
 
As indicações para a formatação dos trabalhos fornecidos no site da conferência e no template devem ser estritamente seguidas pelos autores que desejem submeter trabalhos. O formato de submissão é o mesmo do formato final. Por favor, siga as instruções de formatação usadas no template.
 
 
 
Cada trabalho deve indicar com clareza a natureza da sua contribuição técnica/científica e os problemas, domínios ou ambientes para o qual é aplicável.
 
 
 
Todos os artigos que estejam fora do âmbito da conferência ou que sob os quais sejam detectados actos de plágio, serão liminarmente rejeitados.
 
 
 
Alguns detalhes sobre o procedimento de submissão:
 
 
 
1. Será utilizado um procedimento de revisão anónimo, que será repetido por pelo menos dois revisores autónomos. Para facilitar este processo, que se pretende seja rápido, eficiente e justo, é solicitado aos autores que produzam os seu trabalho e que o submetam, SEM qualquer referência a algum dos autores do mesmo. Isto significa que é necessário remover os detalhes pessoais do autor, a secção de agradecimentos e qualquer outra referência que possa revelar a identidade dos autores;
 
 
 
2. Serão aceites os seguintes formatos de ficheiros na submissão: ODF, PDF, DOC, DOCX e RTF;
 
 
 
3. O processo de submissão on-line envia automaticamente uma notificação, através do correio electrónico, do resultado da submissão ao autor correspondente.
 
 
 
= Tipos de submissão de trabalhos =
 
 
 
'''Submissão de trabalhos regulares'''
 
 
 
Um trabalho regular apresenta o trabalho em que a pesquisa está terminada ou muito próximo de estar completa. Não significa que o trabalho seja aceite na categoria de “trabalho completo”. Pode ser aceite como “trabalho completo” (apresentação oral de 30 minutos), “trabalho curto” (apresentação oral de 15 minutos) ou “poster”.
 
 
 
'''Submissão de trabalhos de posição'''
 
 
 
Um trabalho de posição apresenta uma opinião para discussão num determinado assunto. O objectivo de um trabalho deste tipo é o de convencer a audiência de que a sua opinião é válida e vale a pena ser escutada, sem ser necessário apresentar trabalho completo de pesquisa e/ou resultados devidamente validados. É no entanto importante suportar os seus argumentos com provas e assegurar a validade das mesmas. Um trabalho deste tipo pode ser relatório curto e a discussão de ideias, factos, situações, métodos, procedimentos ou resultados de pesquisa científica (bibliográfica, experimental, teórica ou outra) focada num dos temas da conferência. A aceitação de um trabalho de posição está restringido às categorias de “artigo curto” ou “poster”.
 
 
 
= Formato Final =
 
 
 
Depois de concluído o processo de revisão dos trabalhos submetidos, o autor de contacto (que submeteu o trabalho para a conferência) será notificado do resultado da apreciação. Os autores cujos trabalhos forem aceites devem seguir as recomendações dos revisores de melhoria dos seus trabalhos antes de submeterem a versão final dos mesmos.
 
 
 
= Publicações =
 
 
 
Todos os trabalhos aceites serão publicados na acta de conferência, com uma identificação ISBN. A acta da conferência será publicada pela Springer, na sua série “Communications in Computer and Information Science (CCIS)”.
 
 
 
== Site de Web ==
 
 
 
http://www.ibwas.com
 
 
 
== Secretariado ==
 
 
 
Endereço de correio electrónico: [email protected]
 
 
 
== Datas importantes ==
 
 
 
Submissão de trabalhos: '''8 de Outubro de 2010'''
 
 
 
Notificação de Aceitação: '''22 de Outubro de 2010'''
 
 
 
Versão final dos trabalhos aceites: '''29 de Outubro de 2010'''
 
 
 
Conferência: '''25 e 26 de Novembro de 2010'''
 
 
 
=== Call for Papers (spanish version) ===
 
 
 
== Introducción ==
 
 
 
Existen importantes cambios en el paradigma del desarrollo de los sistemas de información. La aparición de tecnologías Web 2.0 ha permitido el desarrollo e implantación de forma masiva de aplicaciones y servicios web como una manera de desarrollar nuevos y flexibles sistemas de información. Estos sistemas son fáciles de desarrollar, implementar y mantener, además de aportar atractivas características para los usuarios favoreciendo así el uso masivo que encontramos actualmente.
 
 
 
Como resultado de este cambio de paradigma, los requisitos de seguridad también han cambiado. Estos sistemas de información basados en la Web tienen diferentes requisitos de seguridad en comparación con los sistemas tradicionales. Se han identificado los aspectos de seguridad más importantes y la privacidad también es un problema que se ha planteado recientemente. Además, el emergente paradigma Cloud Computing promete una mayor flexibilidad; sin embargo, los problemas de seguridad y privacidad aún necesitan ser revisados. El entorno de seguridad debería implicar no sólo al ambiente circundante, sino también el núcleo de la aplicación.
 
 
 
Esta conferencia pretende reunir a expertos en seguridad de aplicaciones, investigadores, educadores y profesionales de la industria, el sector académico  y comunidades internacionales, como OWASP, con el fin de discutir los problemas abiertos y nuevas soluciones en seguridad de aplicaciones. En este contexto, los investigadores académicos serán capaces de combinar resultados interesantes con la experiencia de los profesionales y los ingenieros de software.
 
 
 
== Temas de la Conferencia ==
 
 
 
Los temas sugeridos para el envío de presentaciones incluyen (pero no estan limitados a):
 
 
 
* Desarrollo seguro de aplicaciones
 
* Seguridad en arquitecturas orientadas a servicios
 
* Seguridad en frameworks de desarrollo
 
* Modelado de amenazas en aplicaciones Web
 
* Seguridad en Cloud Computing
 
* Vulnerabilidades y Anaĺisis de aplicaciones Web (revisión de código, pruebas de intrusión, análisis estático, etc.)
 
* Métricas para seguridad en aplicaciones
 
* Soluciones y recomendaciones para las vulnerabilidades en aplicaciones Web
 
* Técnicas de codificación segura
 
* Características de seguridad de la plataforma o lenguaje que ayuda a incrementar el nivel de seguridad en las aplicaciones Web
 
* Uso seguro de bases de datos en aplicaciones Web
 
* Control de acceso en aplicaciones Web
 
* Seguridad en servicios Web
 
* Seguridad en navegadores Web
 
* Privacidad en las aplicaciones Web
 
* Estándares, certificaciones y criterios de evaluación de la seguridad para aplicaciones Web
 
* Sensibilización y educación sobre seguridad en aplicaciones
 
* Seguridad para la Web móvil
 
* Ataques y explotación de vulnerabilidades
 
 
 
== Instrucciones para el envío de presentaciones ==
 
 
 
Los autores deben presentar un documento original en inglés, tras revisar cuidadosamente la gramática y ortografía, utilizando el procedimiento de envío on-line. Por favor, compruebe las características del documento ya que debe ser consciente del límite de páginas aceptadas (12 páginas, de acuerdo a una plantilla que se facilita y que pueden descargar desde aquí [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip en formato Word]).
 
 
 
Las directrices para el formato del documento facilitadas en el sitio web de la conferencia deben ser seguidas estrictamente para todos los trabajos presentados. El formato de presentación es el mismo que el formato final para impresión. Por favor revise y siga cuidadosamente las instrucciones y las plantillas proporcionadas.
 
 
 
Cada trabajo debe indicar claramente la naturaleza de su contribución técnica/científica, y los problemas, dominios o entornos en los que es aplicable.
 
 
 
Los trabajos que estén fuera del alcance de conferencias o puedan contener cualquier forma de plagio serán descartados directamente.
 
 
 
Comentarios sobre el procedimiento de presentación on-line:
 
 
 
1. Se utilizará un método de revisión anónimo, que será repetido al menos por dos revisores. Para facilitar esto, se ruega a los autores que proporcionen el trabajo sin ninguna referencia a los autores. Esto significa que es necesario eliminar los datos personales del autor, la sección de agradecimientos y toda referencia que pueda revelar la identidad de los autores.
 
 
 
2. Se aceptan documentos en formato: ODF, PDF, DOC, DOCX o RTF.
 
 
 
3. El procedimiento de presentación Web automáticamente envía un acuse de recibo, por correo electrónico, al autor de contacto.
 
 
 
= Tipos de envío de presentaciones =
 
 
 
'''Envío de presentaciones normales'''
 
 
 
Una presentación normal presenta un trabajo donde la investigación se ha completado o casi finalizado. Esto no necesariamente significa que la aceptación sea sobre un trabajo completo. Puede ser aceptado como un "trabajo completo" (30 min. de presentación oral), un "trabajo corto" (15 min. de presentación oral) o "poster".
 
 
 
'''Envío de presentaciones de posición'''
 
 
 
Una presentación de posición presenta una opinión discutible sobre un tema. El objetivo de un trabajo de posición es convencer a la audiencia que su opinión es válida y merece la pena ser escuchada, sin la necesidad de presentar un trabajo de investigación finalizado y/o los resultados validados. Es importante, sin embargo, apoyar su argumento con evidencias para asegurar la validez de sus opiniones. Un trabajo de posición puede ser un breve documento y discusión de ideas, hechos, situaciones, métodos, procedimientos o resultados de la investigación científica (bibliográfica, experimental, teórico o de otro tipo) centrado en uno de los temas de la conferencia. La aceptación de una presentación de posición se limita a las categorías de "trabajo corto" o "poster", es decir, una presentación de posición no es candidata para ser aceptada como "trabajo completo".
 
 
 
= Versión Final =
 
 
 
Después de que el proceso de revisión se complete, el autor de contacto (el autor que presenta el documento) de cada trabajo será notificado del resultado, por correo electrónico. Los autores están obligados a seguir las revisiones con el objetivo de mejorar su trabajo antes del envío de la versión final.
 
 
 
= Publicaciones =
 
 
 
Todos los trabajos aceptados serán publicados en los materiales de las conferencias, bajo una referencia ISBN. Los materiales de la conferencia serán publicados por Springer en las series "Communications in Computer and Information Science (CCIS)".
 
 
 
== Sitio de las Conferencias ==
 
 
 
http://www.ibwas.com
 
 
 
== Secretaría ==
 
 
 
Dirección de correo electrónicio: [email protected]
 
 
 
== Fechas importantes ==
 
 
 
Envío de presentaciones: '''8 de Octubre de 2010'''
 
 
 
Notificación de aceptación: '''22 de Octubre de 2010'''
 
 
 
Versión final de presentaciones aceptadas: '''29 de Octubre de 2010'''
 
 
 
Conferencias: '''25 y 26 de Noviembre de 2010'''
 
 
 
==== Organization and Program Committee  ====
 
 
 
=== IBWAS'10 Chairs  ===
 
 
 
'''Carlos Serrão''', ISCTE-IUL Instituto Universitário de Lisboa, OWASP Portugal, Portugal
 
 
 
'''Vicente Aguilera Díaz''', Internet Security Auditors, OWASP Spain, Spain
 
 
 
=== IBWAS'10 Organization  ===
 
'''Fabio Cerullo''', OWASP Global Education Committee, Ireland
 
 
 
'''Dinis Cruz''', OWASP Board Member, UK
 
 
 
'''Paulo Coimbra''', OWASP Project Manager, UK
 
 
 
'''Miguel Correia''', Universidade de Lisboa, Portugal
 
 
 
'''Paulo Sousa''', Universidade de Lisboa, Portugal
 
 
 
'''Lucas C. Ferreira''', Câmara dos Deputados, Brasil
 
 
 
'''Arturo Busleiman''', OWASP Argentina, Argentina
 
 
 
'''Martin Tartarelli''', OWASP Argentina, Argentina
 
 
 
'''Paulo Querido''', Portugal
 
 
 
=== IBWAS'10 Program Committee  ===
 
 
 
'''André Zúquete''', Universidade De Aveiro, Portugal<br> '''Candelaria Hernández-Goya''', Universidad De La Laguna, Spain<br> '''Carlos Costa''', Universidade De Aveiro, Portugal<br> '''Carlos Ribeiro''', Instituto Superior Técnico, Portugal<br> '''Eduardo Neves''', OWASP Education Committee, OWASP Brazil, Brazil<br> '''Francesc Rovirosa i Raduà''', Universitat Oberta de Catalunya (UOC), Spain<br> '''Gonzalo Álvarez Marañón''', Consejo Superior de Investigaciones Científicas (CSIC), Spain<br> '''Isaac Agudo''', University of Malaga, Spain<br> '''Jaime Delgado''', Universitat Politecnica De Catalunya, Spain<br> '''Javier Hernando''', Universitat Politecnica De Catalunya, Spain<br> '''Javier Rodríguez Saeta''', Herta Security, Spain<br> '''Joaquim Castro Ferreira''', Universidade de Lisboa, Portugal<br> '''Joaquim Marques''', Instituto Politécnico de Castelo Branco, Portugal<br> '''Jorge Dávila Muro''', Universidad Politécnica de Madrid (UPM), Spain<br> '''Jorge E. López de Vergara''', Universidad Autónoma de Madrid, Spain<br> '''José Carlos Metrôlho''', Instituto Politécnico de Castelo Branco, Portugal<br> '''José Luis Oliveira''', Universidade De Aveiro, Portugal<br> '''Kuai Hinojosa''', OWASP Global Education Committee, New York University, United States<br> '''Leonardo Chiariglione''', Cedeo, Italy<br> '''Leonardo Lemes''', Unisinos, Brasil<br> '''Manuel Sequeira''', ISCTE-IUL Instituto Universitário de Lisboa, Portugal<br> '''Marco Vieira''', Universidade de Coimbra, Portugal<br> '''Mariemma I. Yagüe''', University of Málaga, Spain<br> '''Miguel Correia''', Universidade de Lisboa, Portugal<br> '''Miguel Dias''', Microsoft, Portugal<br> '''Nuno Neves''', Universidade de Lisboa, Portugal<br> '''Osvaldo Santos''', Instituto Politécnico de Castelo Branco, Portugal<br> '''Panos Kudumakis''', Queen Mary University of London, United Kingdom<br> '''Paulo Sousa''', Universidade de Lisboa, Portugal<br> '''Rodrigo Roman''', University of Malaga, Spain<br> '''Rui Cruz''', Instituto Superior Técnico, Portugal<br> '''Rui Marinheiro''', ISCTE-IUL Instituto Universitário de Lisboa, Portugal<br> '''Sérgio Lopes''', Universidade do Minho, Portugal<br> '''Tiejun Huang''', Pekin University, China<br> '''Víctor Villagrá''', Universidad Politécnica de Madrid (UPM), Spain<br> '''Vitor Filipe''', Universidade de Trás-os-Montes e Alto Douro, Portugal<br> '''Vitor Santos''', Microsoft, Portugal<br> '''Vitor Torres''', Universitat Pompeu Fabra, Spain<br> '''Wagner Elias''', OWASP Brazil Chapter Leader, Brazil
 
 
 
==== Registration  ====
 
 
 
== Important Dates ==
 
 
 
Submission of papers and all other contributions due: '''8th October 2010'''
 
 
 
Notification of acceptance: '''22nd October 2010'''
 
 
 
Camera-ready version of accepted contributions: '''29th October 2010'''
 
 
 
Conference: '''25th – 26th November 2010'''
 
 
 
Registration will be available as soon as possible.
 
 
 
OWASP [[Membership]] (40€ annual membership fee) gets you a discount of 40€<br>
 
(the OWASP membership entitles you to have the same 40€ discount on every OWASP paid event)
 
 
 
{|border="1" align="center"
 
|-
 
|
 
| '''Registration Fees'''
 
|-
 
| '''Regular'''
 
| align="center"| 235 euros
 
|-
 
| '''OWASP members''' <br> This discount is applicable to<br> OWASP members with the membership<br> fees up to date
 
| align="center"| 195 euros
 
|-
 
| '''Students''' <br> Upon the registration, the student<br> must provide a proof that he is in<br> fact a student enrolled in some institution.
 
| align="center"| 80 euros
 
|-
 
|}
 
 
 
 
 
{|border="1" align="center"
 
|-
 
|
 
| '''Training/Tutorial Fees'''
 
|-
 
| '''1/2 Training Session'''
 
| align="center"| 250 euros
 
|-
 
| '''Full Day Training Session'''
 
| align="center"| 450 euros
 
|-
 
|}
 
 
 
==== 24th November - Tutorials  ====
 
 
 
This is still a draft agenda!
 
 
 
== 24th November - Tutorials ==
 
 
 
{| cellspacing="1" cellpading="1" border="0" bgcolor="#dddddd" align="center"
 
|- valign="middle"
 
| height="60" align="center" colspan="4" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="3">'''IBWAS'10 Tutorials - Nov 24th 2010'''</font>
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 9:00 - 9:30
 
| bgcolor="#ffff99" align="center" colspan="3" | Registration (Welcome Desk)
 
|- valign="middle"
 
| height="120" width="100" bgcolor="#ffcc99" align="center" | 9:30 - 11:00
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 11:00 - 11:15
 
| bgcolor="#ffff99" align="center" colspan="3" | Coffee Break
 
|- valign="middle"
 
| height="120" width="100" bgcolor="#ffcc99" align="center" | 11:15 - 13:00
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
|- valign="middle"
 
| height="80" width="100" bgcolor="#ffff99" align="center" | 13:00 - 14:30
 
| bgcolor="#ffff99" align="center" colspan="3" | Lunch Break
 
|- valign="middle"
 
| height="120" width="100" bgcolor="#ffcc99" align="center" | 14:30 - 16:30
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 16:30 - 16:45
 
| bgcolor="#ffff99" align="center" colspan="3" | Coffee Break
 
|- valign="middle"
 
| height="120" width="100" width="100" bgcolor="#ffcc99" align="center" | 16:45 - 18:30
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
| width="200" bgcolor="#ffcc99" align="center" | TUTORIAL 1
 
|}
 
<br>
 
 
 
 
 
==== 25th/26th November - Conference  ====
 
 
 
This is still a draft agenda!
 
 
 
== 25th November ==
 
 
 
{| cellspacing="1" cellpading="1" border="0" bgcolor="#dddddd" align="center"
 
|- valign="middle"
 
| height="60" align="center" colspan="3" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="3">'''IBWAS'10 Day 1 - Nov 25th 2010'''</font>
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 9:00 - 9:30
 
| bgcolor="#ffff99" align="center" colspan="2" | Registration (Welcome Desk)
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 9:00 - 10:00
 
| bgcolor="#ffff99" align="center" colspan="2" | Opening Ceremony
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 10:00 - 11:00
 
| bgcolor="#ffff99" align="center" colspan="2" | Keynote Speech
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 11:00 - 11:15
 
| bgcolor="#ffff99" align="center" colspan="2" | Coffee Break
 
|- valign="middle"
 
| height="120" width="100" bgcolor="#ffcc99" align="center" | 11:15 - 13:00
 
| width="300" bgcolor="#ffcc99" align="center" | Presentation Session
 
| width="300" bgcolor="#ffcc99" align="center" | Presentation Session
 
|- valign="middle"
 
| height="80" width="100" bgcolor="#ffff99" align="center" | 13:00 - 14:30
 
| bgcolor="#ffff99" align="center" colspan="2" | Lunch Break
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 14:30 - 15:30
 
| bgcolor="#ffff99" align="center" colspan="2" | Keynote Speech
 
|- valign="middle"
 
| height="120" width="100" bgcolor="#ffcc99" align="center" | 15:30 - 17:00
 
| width="300" bgcolor="#ffcc99" align="center" | Paper Session (3 papers)
 
| width="300" bgcolor="#ffcc99" align="center" | Paper Session (3 papers)
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 17:00 - 17:15
 
| bgcolor="#ffff99" align="center" colspan="2" | Coffee Break
 
|- valign="middle"
 
| height="120" width="100" width="100" bgcolor="#ffcc99" align="center" | 17:15 - 19:00
 
| width="300" bgcolor="#ffcc99" align="center" | Presentation Session
 
| width="300" bgcolor="#ffcc99" align="center" | Presentation Session
 
|}
 
<br>
 
 
 
== 26th November ==
 
 
 
{| cellspacing="1" cellpading="1" border="0" bgcolor="#dddddd" align="center"
 
|- valign="middle"
 
| height="60" align="center" colspan="3" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="3">'''IBWAS'10 Day 2 - Nov 26th 2010'''</font>
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 9:00 - 9:30
 
| bgcolor="#ffff99" align="center" colspan="2" | Registration (Welcome Desk)
 
|- valign="middle"
 
| height="80" width="100" bgcolor="#ffcc99" align="center" | 9:30 - 11:00
 
| width="300" bgcolor="#ffcc99" align="center" | Todo
 
| width="300" bgcolor="#ffcc99" align="center" | Todo
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 11:00 - 11:15
 
| bgcolor="#ffff99" align="center" colspan="2" | Coffee Break
 
|- valign="middle"
 
| height="80" width="100" bgcolor="#ffcc99" align="center" | 11:15 - 13:00
 
| width="300" bgcolor="#ffcc99" align="center" | Todo
 
| width="300" bgcolor="#ffcc99" align="center" | Todo
 
|- valign="middle"
 
| height="80" width="100" bgcolor="#ffff99" align="center" | 13:00 - 14:30
 
| bgcolor="#ffff99" align="center" colspan="2" | Lunch Break
 
|- valign="middle"
 
| height="80" width="100" bgcolor="#ffcc99" align="center" | 14:30 - 16:30
 
| width="300" bgcolor="#ffcc99" align="center" | Todo
 
| width="300" bgcolor="#ffcc99" align="center" | Todo
 
|- valign="middle"
 
| width="100" bgcolor="#ffff99" align="center" | 16:30 - 16:45
 
| bgcolor="#ffff99" align="center" colspan="2" | Coffee Break
 
|- valign="middle"
 
| height="80" width="100" width="100" bgcolor="#ffcc99" align="center" | 16:45 - 18:30
 
| width="300" bgcolor="#ffcc99" align="center" | Todo
 
| width="300" bgcolor="#ffcc99" align="center" | Todo
 
|}
 
<br>
 
 
 
== Keynote:  ==
 
 
 
'''Professor Ian Angell'''
 
 
 
[http://is2.lse.ac.uk/ London School of Economics], United Kingdom
 
 
 
== Keynote: Cloud Computing: How to make the new dream of distributed computing not become a nightmare ==
 
 
 
'''Professor Paulo Veríssimo'''
 
 
 
[[File:pauloverissimo.jpg]]
 
 
 
[http://www.fc.ul.pt/ Faculdade de Ciências], [http://www.ul.pt/ Universidade de Lisboa], Portugal
 
 
 
Abstract:
 
Cloud Computing is a process and business model that builds on recent
 
technologies (e.g. Web services, SaaS, inexpensive storage, SOA, etc.),
 
enabling on-demand network access to a shared pool of configurable
 
computing resources. In essence these services are software applications
 
(SaaS), Platforms (PaaS), and/or Infrastructures (IaaS). Cloud Computing
 
allows users to increase and/or decrease IT capacity in real-time and
 
without heavy investment on infrastructure, software and personnel
 
(pay-per-use model). Supposedly, it does so in a way as (or even more)
 
secure as users might get from their own installations. Reality however,
 
has been speaking otherwise, and this talk will enumerate some risks of
 
cloud computing, as well as the architectural and research challenges to
 
be met to achieve the necessary security and dependability of cloud
 
computing ecosystems.
 
 
 
== Keynote:  ==
 
 
 
'''Professor Carlos Ribeiro'''
 
 
 
[[File:carlosribeiro.jpg]]
 
 
 
[http://www.ist.utl.pt/ Instituto Superior Técnico], [http://www.utl.pt/ Universidade Técnica de Lisboa], Portugal
 
 
 
== Talk: Web Forensics - How can computer forensics be used on the web? ==
 
 
 
'''Tiago Henriques'''
 
 
 
[[File:tiagohenriques.jpg]]
 
 
 
[http://www.beds.ac.uk/ University of Bedfordshire], UK
 
 
 
In this session, Tiago will begin by giving a light presentation on an introduction to Computer Forensics, How it used, what are the different steps of a forensic investigation and explain certain technical quirks of data acquisition and analysis, he will then describe how computer forensics can be used to analyse web services and servers and the methodologies to do these investigations. A description on how web application incident response and forensics is different from a regular forensic investigation will also be given.
 
 
 
==== Papers  ====
 
=== Papers  ===
 
Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure ([http://www.easychair.org/conferences/?conf=ibwas10 submission site]). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip in Word Format]).
 
 
 
The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.
 
 
 
=== Accepted Papers  ===
 
 
 
==== Speakers  ====
 
 
 
=== Keynote Speakers  ===
 
 
 
{|
 
|-
 
|'''Professor Ian Angell'''
 
 
[[File:ianangell.jpg]]
 
 
 
[http://is2.lse.ac.uk/ London School of Economics], United Kingdom
 
 
 
|Ian Angell has been Professor of Information Systems at the London School of Economics since 1986. Prior to that he researched and taught Computer Science at Royal Holloway College, and University College London.
 
Angell has very radical yet constructive views on his subject, and is very critical of what he calls “the pseudo-science of academic Information Systems.” He has gained a certain notoriety worldwide for his aggressive polemics against the inappropriate use of artificial intelligence and so-called knowledge management, and against the hyperbole surrounding ‘e-commerce.’
 
His main research work concentrates on organizational and national I.T. policies, on strategic information systems, and on computers and risk (both opportunities and hazards), particularly the systemic risks inherent in all socio-technical systems and the security threats posed to organisations by the rapidly diffusing international information infrastructure.
 
His highly articulate presentations of his controversial position means he is in great demand by the media, and as a speaker on the international lecture circuit. Apart from his keynote talks on Computer Security, the Global Consequences of Information and Communication Technologies (ICT), and on business strategy in a world globalized through ICT, he is also well known for his workshops on new tactics for sales and marketing using the Internet {that awful term Web 2.0}, and for his pragmatic, down-to-earth and outspoken views on electronic commerce; developments in the telecomms industry; obsessive compulsive management, particularly management by numbers; the surveillance society, particularly UK ID cards and the ID register; intellectual property {he is chairman of Creative Commons (England and Wales)}; and a thousand and one other topics related to the impact of computerization on business and society.
 
|-
 
|}
 
 
 
{|
 
|-
 
|'''Professor Paulo Veríssimo'''
 
 
 
[[File:pauloverissimo.jpg]]
 
 
 
[http://www.fc.ul.pt/ Faculdade de Ciências], [http://www.ul.pt/ Universidade de Lisboa], Portugal
 
 
 
|Paulo Veríssimo is currently a professor of the Department of Informatics (DI) of the University of Lisboa Faculty of Sciences (http://www.di.fc.ul.pt/~pjv), and Director of LASIGE, a research laboratory of the DI (http://lasige.di.fc.ul.pt). He is Fellow of the IEEE and Fellow of the ACM. He is associate editor of the Elsevier Int’l Journal on Critical Infrastructure Protection, and past associate editor of the IEEE Tacs. on Dependable and Secure Computing. He belonged to the European Security & Dependability Advisory Board. He is past Chair of the IEEE Technical Committee on Fault Tolerant Computing and of the Steering Committee of the DSN conference, and belonged to the Executive Board of the CaberNet European Network of Excellence.  He was coordinator of the CORTEX IST/FET project (http://cortex.di.fc.ul.pt). Paulo Veríssimo leads the Navigators research group of LASIGE, and is currently interested in: architecture, middleware and protocols for distributed, pervasive and embedded systems, in the facets of real-time adaptability and fault/intrusion tolerance. He is author of more than 150 refereed publications in international scientific conferences and  journals in the area, and co-author of five books (ex. http://www.navigators.di.fc.ul.pt/dssa/).
 
|-
 
|}
 
 
 
{|
 
|-
 
|'''Professor Carlos Ribeiro'''
 
 
 
[[File:carlosribeiro.jpg]]
 
 
 
[http://www.ist.utl.pt/ Instituto Superior Técnico], [http://www.utl.pt/ Universidade Técnica de Lisboa], Portugal
 
 
 
|Carlos Ribeiro (Ph.D.) is Professor at the Computer and Information Systems Department at the IST/UTL, where he teaches Network Security, Computer Security, Security Protocols and Operating Systems courses. He has received his PhD degree in Computer Science in 2002 from IST/UTL. Carlos Ribeiro's main research area is Security. He is co-coordenator of the PhD in Information Security, and vice-president of IST computer and network unit. He has been a researcher at Inesc-id since 2002, where he is currently the leader of the Distributed Systems research Group. He has participated in several National and International research projects in computer and network security, and has been an active researcher in the e-voting field since 2002.
 
|-
 
|}
 
 
 
=== Panel Speakers  ===
 
 
 
{|
 
|-
 
|'''Miguel Almeida'''
 
[[File:miguelalmeida.jpg]]
 
 
 
[http://www.miguelalmeida.pt Independent Security Consultant], Portugal
 
 
 
|Miguel Almeida is an independent computer and network security professional. He has been testing, reviewing and advising on information security for the last ten years. His work has been focused on financial institutions and it has included engagements where, for a broad view of information security, the technical side as well as the organizational and procedural sides have been analyzed.
 
Before becoming an independent consultant, Miguel was working with Deloitte and KPMG, where he was responsible for the information security practices in these companies. He was Senior Manager at Deloitte and, before, he was a Manager at KPMG.
 
His academic studies include Computer Engineering at Instituto Superior Técnico and he is a Microsoft Certified Professional [on Windows security].
 
|-
 
|}
 
 
 
{|
 
|-
 
|'''Bruno Morisson'''
 
[[File:brunomorisson.jpg]]
 
 
 
[http://www.integrity.pt/ Integrity, S.A.], Portugal
 
 
 
|Bruno Morisson is a Consultant and Partner at INTEGRITY S.A., a
 
Consulting and Advisory firm focusing on Information Security
 
Management, Telecom Management and IT Governance, where he provides
 
consultancy, auditing and advisory services. In a past life he has
 
held positions as a Senior Information Security Consultant and as
 
Security Operations Manager, providing information security management
 
services to customers in the financial, public and energy sectors in
 
Portugal.
 
 
 
For the last 12 years he's been involved in several areas of
 
Information Security, from consulting, architecture, engineering,
 
auditing and penetration testing, as well as integration of OpenSource
 
security solutions. He's been actively involved with the InfoSec
 
community in Portugal, being one of the founders of the portuguese
 
chapter of The Honeynet Project, leading the InfoSec-Pros-PT
 
mailing-list and currently helping gather the community in a monthly
 
informal meeting - Confraria Security&IT.
 
Bruno also holds several certifications in Information Security
 
(CISSP-ISSMP, CISA, ISO27001LA).
 
|-
 
|}
 
 
 
{|
 
|-
 
|'''Rui Shantilal'''
 
 
 
[http://www.integrity.pt/ Integrity, S.A.], Portugal
 
|
 
|-
 
|}
 
 
 
{|
 
|-
 
|'''Luís Grangeia'''
 
[[File:luisgrangeia.jpg]]
 
 
 
[http://www.sysvalue.pt/ Sysvalue, S.A.], Portugal
 
 
 
|Luís Grangeia, Partner e Audit Services Manager da SysValue, S.A. É profissional na área de segurança em sistemas de informação desde 2001, tendo já realizado projectos em organizações tais como Portugal Telecom, Banco Espírito Santo, Banco Santander, UNICRE, Direcção-Geral do Tesouro, entre outros. Possui as certificações CISSP (Certified Information Systems Security Professional) pelo ISC2, GSNA (GIAC Systems and Network Auditor) pelo SANS Institute e ISMS Auditor / Lead Auditor ISO 27001:2005, certificado pelo BSI (British Standards Institute). Frequentou Engenharia Informática e de Computadores no Instituto Superior Técnico onde foi formador do Centro de Informática, tendo ainda dado ocasionalmente palestras noutras instituições, tais como Universidade Católica, entre outras.
 
|-
 
|}
 
 
 
{|
 
|-
 
|'''Francisco Rente'''
 
[[File:franciscorente.jpg]]
 
 
 
[http://www.uc.pt/fctuc Faculdade de Ciência e Tecnologia], [http://www.uc.pt Universidade de Coimbra], Portugal
 
 
 
|Francisco Nina Rente, is an enthusiast and an evangelist of information security, especially in matters of privacy. He had his BsC and MsC in Computer Science on University of Coimbra. Back in 2006, he founded CERT-IPN, a CSIRT team of IPN Institute, where he did R&D, consultancy and management of InfoSec until June of 2010. Francisco, is currently PhD student in University of Coimbra, where he works in "Malicious Stealth Communications". Since July of 2010, Francisco is CEO of Dognædis, a company based in Portugal, focused in Information Security and Software Assurance.
 
|-
 
|}
 
 
 
{|
 
|'''Tiago Henriques'''
 
[[File:tiagohenriques.jpg]]
 
 
 
[http://www.beds.ac.uk/ University of Bedfordshire], UK
 
 
 
|Tiago Henriques is a Researcher at the University of Bedfordshire, his research is focused on Information, Computer Security and Forensics. At the university he does some part time lecturing on a different range of topics, from Computer Security, to Networking and Cryptography. His main interests are: Cryptography, Pentesting, Information Security, Computer Security and Forensics, Vulnerability research. He is also running the Security Group at the University of Bedfordshire, where he gives other student and staff members training on different Security topics. On top of all this he is currently  working with some companies by doing pen testing and security testing for them.
 
|-
 
|}
 
 
 
==== Training  ====
 
 
 
=== Introduction  ===
 
TBD!
 
 
 
=== Call for Training Proposals  ===
 
IBWAS'10 is currently soliciting training proposals for the OWASP Ibero-american Web Application Security 2010 Conference (IBWAS'10) which will take place at ISCTE-IUL in Lisbon, Portugal, on November 25th through November 26th, 2010. There will be training courses on November 24th followed by plenary sessions on the 25th and 26th with multiple tracks per day. 

We are seeking training proposals on the following topics (in no particular order):
 
 
 
*Application Threat Modeling

 
*Business Risks with Application Security

 
*Hands-on Source Code Review
 
*Metrics for Application Security
 
*OWASP Tools and Projects
 
*Privacy Concerns with Applications and Data Storage
 
*Secure Coding Practices (J2EE/.NET/PHP)
 
*Starting and Managing Secure Development Lifecycle Programs

 
*Technology specific presentations on security such as AJAX, XML, etc
 
*Web Application Security countermeasures
 
*Web Application Security Testing

 
*Web Services, XML
 
*Anything else relating to OWASP and Application Security.
 
 
 
Proposals on topics not listed above but related to the conference (i.e. which are related to Application Security) may also be accepted.
 
 
 
To make a submission you must fill out the form available at http://ibwas09.netmust.eu/files/ibwas10/OWASP_IBWAS_2010_CFT.rtf.zip and submit by email to [mailto:[email protected] [email protected]].
 
 
 

There may be 1 or half-day courses. The proposals must respect the restrictions of the [http://www.owasp.org/index.php/Speaker_Agreement OWASP Speaker Agreement]. The conference will reward trainers according to the OWASP standard percentages of the total revenue of their courses (for more informations about this, please [[check this page]]), based on a minimum attendance. Courses that attract more students may be granted higher percentages. No other compensation (such as tickets or lodging) will be provided. If you require a different arrangement, please contact the conference chair at the email address below.
 
 
 
=== Training/Tutorials Registration Fees  ===
 
 
 
{|border="1" align="center"
 
|-
 
|
 
| '''Training/Tutorial Fees'''
 
|-
 
| '''1/2 Training Session'''
 
| align="center"| 250 euros
 
|-
 
| '''Full Day Training Session'''
 
| align="center"| 450 euros
 
|-
 
|}
 
 
 
==== Venue  ====
 
 
 
IBWAS'10 will be taking place at the [http://www.iscte.pt ISCTE - Lisbon University Institute] in Lisbon, Portugal.
 
 
 
== Location ==
 
Ed. ISCTE <br> Av. das Forças Armadas<br> 1600- Lisboa<br> Portugal<br>
 
 
 
Find the [http://maps.google.com/maps?q=iscte,+lisboa,+portugal&hl=en&cd=1&ei=JFx0S_ScKYyGONOz1YkB&sig2=FsC9HEg2JrBD00ARc_U3IA&sll=38.724358,-9.148865&sspn=0.077408,0.150719&ie=UTF8&view=map&cid=7285641604236232209&ved=0CBgQpQY&hq=iscte,+lisboa,+portugal&hnear=&ll=38.749766,-9.154122&spn=0.009673,0.01884&t=h&z=16&iwloc=A location on Google Maps].
 
 
 
<googlemap lat="38.749565" lon="-9.15277" zoom="15">
 
38.748862, -9.152384, ISCTE-IUL
 
</googlemap>
 
 
 
 
 
http://www.allofads.com/files/images/mapa_iscte.jpg
 
 
 
== How to get there? ==
 
'''Car'''
 
* Go up the Av.ª das Forças Armadas.
 
* Turn north at the crossing with Av.ª Prof. Gama Pinto. The crossing is located at the highest point of Av.ª das Forças Armadas.
 
* Turn to the second street right.
 
* Turn to the first street right.
 
* The main entrance of ISCTE is at your left.
 
 
 
'''Train'''
 
* Leave the train at the Entrecampus station. Look for the exit leading to Av.ª da República.
 
* Walk north for about 250 m towards the Rotunda de Entrecampus (a circle).
 
* At the circle, turn left to the Av.ª das Forças Armadas.
 
* Climb west for about 300 m towards Sete Rios. Use the sidewalk on the right.
 
* The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.
 
 
 
'''Bus'''
 
* Get on any [http://www.carris.pt/ Carris] bus with numbers [http://www.carris.pt/horarios/a054_1.pdf 54], [http://www.carris.pt/horarios/a701_1.pdf 701], or [http://www.carris.pt/horarios/a732_2.pdf 732].
 
* Leave the bus at the "Faculdade de Farmácia" stop, at the top of Av.ª das Forças Armadas, close to an old house with ia battlemented roof.
 
* Walk down the avenue for about 50 m. The entry leading to ISCTE will be at your left, immediatly before the canteen of the University of Lisbon.
 
 
 
'''Subway'''
 
 
 
''First alternative:''
 
* Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/ec_aid.pdf Entrecampos] station.
 
* Exit the station through the north exit, leading to the Rotunda de Entrecampos (a circle), close to Av.ª das Forças Armadas.
 
* From the circle, go west, up the Av.ª das Forças Armadas, for about 300 m.
 
* Use the sidewalk on the right.
 
* The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.
 
 
 
''Second alternative:''
 
* Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/cu_aid.pdf Cidade Universitária] station.
 
* Exit the station through the passage leading to Hospital de Santa Maria.
 
* Walk south, along the left sidewalk of Av.ª Prof. Gama Pinto, for about 150 m (i.e., walk towards the Av.ª das Forças Armadas).
 
* After the crossing with the Av.ª Prof. Egas Moniz (at your right), turn into the first street at your left.
 
* Turn to the first street right.
 
* The main entrance of ISCTE is at your left.
 
 
 
Here is the representation of the walking on the map.
 
 
 
http://www.allofads.com/files/images/mapa_iscte_1.jpg
 
 
 
 
 
'''Links'''
 
 
 
Metro: [http://www.metrolisboa.pt www.metrolisboa.pt] <br>
 
Buses [http://www.carris.pt www.carris.pt]<br>
 
Trains: [http://www.cp.pt www.cp.pt]<br>
 
Taxis: [http://www.antral.pt www.antral.pt]
 
 
 
==== Hotels  ====
 
=== Hotels ===
 
This page contains information about the recommended hotels for the conference. All of the hotels are near to the conference place at a 5 to 15 minutes walking distance. We are also negotiating special rates for some of these hotels - information about this will be here as soon as it becomes available.
 
 
 
== SANA Metropolitan Hotel **** ==
 
Rua Soeiro Pereira Gomes, Parcela 2, Entrecampos, 1600-198 Lisboa, Lisboa
 
 
 
http://www.sanahotels.com/fotos/editor2/Metropolitan/SM001.jpg
 
 
 
http://www.sanahotels.com/fotos/editor2/Metropolitan/SM110.jpg
 
 
 
Location on [http://maps.google.com/maps/ms?ie=UTF8&hl=pt-PT&msa=0&msid=104715835640056575562.00044cb43ee4b9e509aca&ll=38.748762,-9.159701&spn=0.009204,0.011802&z=16&iwloc=00044cb52de8286b65d85&source=embed Google Maps].
 
 
 
Hotel [http://www.sanahotels.com/gca/index.php?hotelId=50&lng=en web-site].
 
 
 
== Vip Executive Villa Rica Hotel **** ==
 
Av.5 de Outubro Nr. 295, Entrecampos, 1600-035 Lisboa (Lisboa)
 
 
 
http://www.viphotels.com/Images/VIPExecutiveVillaRica/galeria/Exterior/01.jpg
 
 
 
Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/Localizacao.aspx Google Maps].
 
 
 
Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/OHotel.aspx web-site].
 
 
 
== NH Campo Grande **** ==
 
Campo Grande, 7, 1700-087 Lisboa, Lisboa
 
 
 
http://www.nh-hoteles.pt/nh/hotel-gallery/1101383-t2-z2w.jpg
 
http://www.nh-hoteles.pt/nh/hotel-gallery/1101375-t2-z2w.jpg
 
 
 
Location on [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html?type=location Google Maps].
 
 
 
Hotel [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html web-site].
 
 
 
== Hotel VIP Executive Zurique *** ==
 
Rua Ivone Silva 18, 1050 Lisboa
 
 
 
http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Exterior/03.jpg
 
 
 
http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Interior/05.jpg
 
 
 
Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/Localizacao.aspx Google Maps].
 
 
 
Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/OHotel.aspx web-site].
 
 
 
== Hotel Berna *** ==
 
Avenida António Serpa 13, 1069 Lisboa
 
 
 
http://www.viphotels.com/Images/VIPInnBerna/galeria/Exterior/02.jpg
 
 
 
http://www.viphotels.com/Images/VIPInnBerna/galeria/Interior/05.jpg
 
 
 
Location on [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/Localizacao.aspx Google Maps].
 
 
 
Hotel [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/OHotel.aspx web-site].
 
 
 
== Holiday Inn Hotel Continental **** ==
 
Rua Laura Alves 9, 1050 Lisboa‎
 
 
 
http://www.ichotelsgroup.com/hotelmedia/repository/hotelimages/LISBN/WELCM_EXTR_06_D.jpg
 
http://www.ichotelsgroup.com/hotelmedia/repository/hotelimages/LISBN/GROOM_SNGL_02_D.jpg
 
http://www.ichotelsgroup.com/hotelmedia/repository/hotelimages/LISBN/RSTLN_REST_01_D.jpg
 
 
 
Location on [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=Rua+Laura+Alves,+9++1069-169+Lisboa+Portugal&sll=38.74144,-9.149605&sspn=0.039833,0.073471&ie=UTF8&hq=&hnear=R.+Laura+Alves+9,+Ns.+de+F%C3%A1tima,+1050+Lisbon,+Portugal&ll=38.741666,-9.149873&spn=0.009958,0.018368&t=h&z=16&iwloc=r1 Google Maps].
 
 
 
Hotel [http://www.grupo-continental.com/home/index.php?option=com_content&view=article&id=55&Itemid=77 web-site].
 
 
 
== Radisson Blu Lisboa **** ==
 
Av. Marechal Craveiro Lopes, 390, Entrecampos, Lisboa (Lisboa)
 
 
 
http://www.hoteis.com/13/hotels/1000000/530000/524600/524550/hcom_524550_7_b.jpg
 
http://static.laterooms.com/hotelphotos/laterooms/179198/gallery/radisson-blu-lisboa-lisboa_250520090848039933.jpg
 
 
 
Location on [http://www.radissonblu.com/hotel-lisbon/location Google Maps].
 
 
 
Hotel [http://www.radissonblu.com/hotel-lisbon web-site].
 
 
 
==== Sponsors  ====
 
 
 
== Sponsors  ==
 
 
 
We are currently soliciting sponsors for the IBWAS'10 Conference. Please refer to our '''[http://ibwas09.netmust.eu/files/IBWAS_sponsorship.pdf sponsorship opportunities]''' for details.
 
 
 
Slots are going fast so [mailto:[email protected] contact us] to sponsor today!
 
 
 
{| cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;"
 
|-
 
|
 
 
 
== Sponsors  ==
 
 
 
| [http://www.iscte.pt http://ibwas09.netmust.eu/files/iscte-iul.png]
 
| [http://www.adetti.pt http://ibwas09.netmust.eu/files/adetti.png]
 
| [http://www.isecauditors.com http://ibwas09.netmust.eu/files/pasted-graphic.jpg]
 
| [http://lasige.di.fc.ul.pt/ http://ibwas09.netmust.eu/files/lasige.png]
 
|-
 
| &nbps;
 
| [http://www.maxdata.pt http://ibwas09.netmust.eu/files/ibwas10/maxdata.png]
 
| [http://www.noesis.pt http://ibwas09.netmust.eu/files/ibwas10/noesis.png]
 
|-
 
|
 
 
 
== Media Sponsors ==
 
 
 
|  [http://www.aeiou.pt http://ibwas09.netmust.eu/files/ibwas10/aeiou.png]
 
|  [http://www.borrmart.es/redseguridad.php http://ibwas09.netmust.eu/files/redseguridad.jpg]
 
|
 
|-
 
| &nbsp;
 
|-
 
|
 
 
 
== Supported by ==
 
 
 
| [[Image:]]
 
| [[Image:]]
 
| [[Image:]]
 
|-
 
|
 
| [[Image:]]
 
| [[Image:]]
 
| [[Image:]]
 
|-
 
|
 
| [[Image:]]
 
 
|
 
|-
 
|
 
|}
 
==== Tourism  ====
 
 
 
=== Visit Lisbon ===
 
For Tourist Information and more: [http://www.visitlisboa.com/home.asp?lng=uk Visit Lisbon] (website of the Lisbon Tourism Office). See also [http://www.atl-turismolisboa.pt/home.asp?lng=uk here]. About Portugal, see [http://www.visitportugal.com/ here].
 
 
 
LISBON is beautiful, historic, modern, sunny & it never stops! It is an enchanting city with delightful cuisine and unforgettable sites. The city holds many pleasant surprises to visitors who wish to enjoy their stay. The capital of Portugal since its conquest from the Moors in 1147, Lisbon is a legendary city with over 20 centuries of History. The Alfama is one of the oldest quarters in Lisbon. It survived the earthquake of 1755 and still retains much of its original layout. In addition to Alfama are the likewise old quarters of Castelo and Mouraria, on the western and northern slopes of the hill that is crowned by St. George's Castle. Radiant skies brighten the monumental city, with its typical tile covered building façades and narrow medieval streets, where one can hear the fado being played and sung at night.
 
 
 
Here's a taste of what you can find here in Lisbon, or nearby.
 
 
 
{|
 
|-
 
|'''Torre de Belém'''
 
|'''Mosteiro dos Jerónimos'''
 
|'''Ponte 25 de Abril'''
 
|-
 
|[[File:torredebelem.jpg]]
 
|[[File:mosteirojeronimos.jpg]]
 
|[[File:ponte21abril.jpg]]
 
|-
 
|'''Castelo de São Jorge'''
 
|'''Alfama'''
 
|'''Parque Eduardo VII'''
 
|-
 
|[[File:castelosjorge.jpg]]
 
|[[File:algfama.jpg]]
 
|[[File:parqueeduardo7.jpg]]
 
|-
 
|'''Aqueduto das Águas Livres'''
 
|'''Museu dos Coches'''
 
|'''Casa dos Bicos'''
 
|-
 
|[[File:aqueduto.jpg]]
 
|[[File:coches.jpg]]
 
|[[File:bicos.jpg]]
 
|-
 
|'''Parque das Nações'''
 
|'''Oceanário'''
 
|'''Pavilhão Multiusos'''
 
|-
 
|[[File:pnacoes.jpg]]
 
|[[File:oceanario.jpg]]
 
|[[File:multiusos.jpg]]
 
|-
 
|'''Cacilheiros'''
 
|'''Linha de Cascais - Praias'''
 
|'''Linha da Caparica - Praias'''
 
|-
 
|[[File:cacilheiros.jpg]]
 
|[[File:cascais.jpg]]
 
|[[File:caparica.jpg]]
 
|-
 
|'''Casino Lisboa'''
 
|'''Docas - Diversão Nocturna'''
 
|'''Fado'''
 
|-
 
|[[File:casino.jpg]]
 
|[[File:docas.jpg]]
 
|[[File:fado.jpg]]
 
|-
 
|'''Sintra Vila'''
 
|'''Sintra - Palácio da Pena'''
 
|'''Cristo Rei'''
 
|-
 
|[[File:sintravila.jpg]]
 
|[[File:sintrapalacio.jpg]]
 
|[[File:cristorei.jpg]]
 
|-
 
|}
 
 
 
 
 
==== In the News  ====
 
 
 
List of places where the IBWAS'10 conference has been referenced.
 
 
 
*[http://ibwas09.netmust.eu/files/ibwas10/IBWAS-RedSeguridad.pdf RedSeguridad Magazine], September 2010
 
 
 
<headertabs />
 
 
 
[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_Iberia_10]]
 

Latest revision as of 01:05, 9 December 2010

Redirect to: