|
|
| (23 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| β | __NOTOC__
| + | #REDIRECT [[OWASP IBWAS10]] |
| β | | |
| β | = 2nd. OWASP Ibero-American Web Application Security Conference (IBWAS'10) =
| |
| β | | |
| β | held at [http://www.iscte.pt/ ISCTE - Lisbon University Institute] |
| |
| β | | |
| β | [http://ibwas09.netmust.eu IBWAS'09 (last year editon)] - [http://www.owasp.org/index.php/IBWAS09 Internal OWASP site]
| |
| β | | |
| β | '''16 - 17 December 2010''' (NEW DATES - PREVIOUS DATES CANCELLED DUE TO A GENERAL STRIKE IN PORTUGAL)
| |
| β | | |
| β | (a joint organization of the [http://www.owasp.org/index.php/Portuguese Portuguese] and [http://www.owasp.org/index.php/Spain Spanish] OWASP chapters)
| |
| β | | |
| β | <br> <!-- Header -->
| |
| β | | |
| β | ==== Welcome ====
| |
| β | | |
| β | {| style="width: 100%;"
| |
| β | |-
| |
| β | | style="width: 100%; color: rgb(0, 0, 0);" |
| |
| β | {| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
| |
| β | |-
| |
| β | | style="width: 80%; color: rgb(0, 0, 0);" | [[Image:IBWAS10 logo.gif|621x280px]]
| |
| β | | |
| β | IBWAS'10, the 2nd. OWASP Ibero-American Web Application Security conference will be held in Lisbon (Portugal), on the '''16th and 17th December 2010''' ('''dates have been changed''').
| |
| β | | |
| β | The conference will take place at the [http://www.iscte.pt ISCTE - Lisbon University Institute]. The location details can be found [http://www.owasp.org/index.php/Ibwas10#tab=Venue here].
| |
| β | | |
| β | Registration is now '''open''', for both the [http://www.eventbrite.com/event/1073670377?ref=elink Training Day] on the 16th and for the [http://ibwas10.eventbrite.com Conference Day] on the 17th.
| |
| β | | |
| β | Conference proceedings will be '''published by OWASP, and distributed in electronic format'''. Last year proceedings were published by Springer ('''this year the proceedings will not be published by Springer due to a low number of submissions''').
| |
| β | | |
| β | {|
| |
| β | |-
| |
| β | |http://ibwas09.netmust.eu/files/ibwas10/CCIS_72.png
| |
| β | |This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
| |
| β | | |
| β | In addition to the technical issues of the conference programme, our website provides you with tourist information on the city of Lisbon, unique for its cultural and historical richness, lovely surroundings and other nice places to visit around the city.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | '''Who Should Attend IBWAS'10:'''
| |
| β | | |
| β | *Academics
| |
| β | *Researchers
| |
| β | *Lifelong learning educators
| |
| β | *Technical staff
| |
| β | *Secondary, vocational, or tertiary educators
| |
| β | *Professionals from the private and public sector
| |
| β | *Technologists and Scientifics
| |
| β | *School counsellors, principals and teachers
| |
| β | *Education policy development representatives
| |
| β | *General personnel from vocational sectors
| |
| β | *Student counsellors
| |
| β | *Career/employment officers
| |
| β | *Education advisers
| |
| β | *Student Unions
| |
| β | *Bridging program lecturers & support staff
| |
| β | *Library personnel
| |
| β | *International support and services staff
| |
| β | *Open learning specialists
| |
| β | *Application Developers
| |
| β | *Application Testers and Quality Assurance
| |
| β | *Application Project Management and Staff
| |
| β | *Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
| |
| β | *Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
| |
| β | *Security Managers and Staff
| |
| β | *Executives, Managers, and Staff Responsible for IT Security Governance
| |
| β | *IT Professionals Interesting in Improving IT Security
| |
| β | | |
| β | ...and any person interested in Web Application and Services Security and Information Security in general.
| |
| β | | |
| β | We look forward to seeing you in Lisbon!
| |
| β | | |
| β | |}
| |
| β | | |
| β | <!-- Twitter Box -->
| |
| β | | |
| β | | valign="top" style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL --> <br>[http://www.twitter.com/ibwas10 http://twitter-badges.s3.amazonaws.com/twitter-a.png]
| |
| β | [http://www.facebook.com/#!/group.php?gid=113336378677245 http://www.allofads.com/files/images/facebook-logo.jpg]
| |
| β | [http://events.linkedin.com/2nd-Ibero-American-Web-Application/pub/273820 http://static03.linkedin.com/img/logos/logo_linkedin_88x22.png]
| |
| β | | |
| β | {|
| |
| β | |-
| |
| β | | style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
| |
| β | Use the '''[http://search.twitter.com/search?q=%23ibwas10 #ibwas10]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)
| |
| β | | |
| β | '''@ibwas10 Twitter Feed ([http://twitter.com/ibwas10 follow us on Twitter!])'''
| |
| β | | style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
| |
| β | |}
| |
| β | | |
| β | |}
| |
| β | | |
| β | <!-- End Banner -->
| |
| β | ==== Call for Papers (CLOSED) ====
| |
| β | | |
| β | '''THE IBWAS'10 CALL FOR PAPERS IS NOW CLOSED!!!'''
| |
| β | | |
| β | === Call for Papers (english version) ===
| |
| β | [[#Call for Papers (portuguese version)]] [[#Call for Papers (spanish version)]]
| |
| β | | |
| β | You can find here a [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP.pdf PDF version] of the Call for Papers. Also in [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP-PT.pdf Portuguese] (PortuguΓͺs)
| |
| β | | |
| β | == Introduction ==
| |
| β | | |
| β | There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.
| |
| β | | |
| β | As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.
| |
| β | | |
| β | This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
| |
| β | | |
| β | == Conference Topics ==
| |
| β | | |
| β | Suggested topics for papers submission include (but are not limited to):
| |
| β | *Secure application development
| |
| β | *Security of service oriented architectures
| |
| β | *Security of development frameworks
| |
| β | *Threat modelling of web applications
| |
| β | *Cloud computing security
| |
| β | *Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
| |
| β | *Metrics for application security
| |
| β | *Countermeasures for web application vulnerabilities
| |
| β | *Secure coding techniques
| |
| β | *Platform or language security features that help secure web applications
| |
| β | *Secure database usage in web applications
| |
| β | *Access control in web applications
| |
| β | *Web services security
| |
| β | *Browser security
| |
| β | *Privacy in web applications
| |
| β | *Standards, certifications and security evaluation criteria for web applications
| |
| β | *Application security awareness and education
| |
| β | *Security for the mobile web
| |
| β | *Attacks and Vulnerability Exploitation
| |
| β | | |
| β | == Paper Submission Instructions ==
| |
| β | | |
| β | Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure ([http://www.easychair.org/conferences/?conf=ibwas10 submission site]). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip in Word Format] and in [ftp://ftp.springer.de/pub/tex/latex/llncs/latex2e/llncs2e.zip LateX format]).
| |
| β | | |
| β | The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.
| |
| β | | |
| β | Each paper should clearly indicate the nature of its technical/scientific contribution, and the problems, domains or environments to which it is applicable.
| |
| β | | |
| β | Papers that are out of the conference scope or contain any form of plagiarism will be rejected without reviews.
| |
| β | | |
| β | Remarks about the on-line submission procedure:
| |
| β | | |
| β | 1. A "double-blind" paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the authorβs personal details, the acknowledgements section and any reference that may disclose the authors identity
| |
| β | | |
| β | 2. Papers in ODF, PDF, DOC, DOCX or RTF format are accepted
| |
| β | | |
| β | 3. The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.
| |
| β | | |
| β | = Paper submission types=
| |
| β | | |
| β | '''Regular Paper Submission'''
| |
| β | | |
| β | A regular paper presents a work where the research is completed or almost finished. It does not necessary means that the acceptance is as a full paper. It may be accepted as a "full paper" (30 min. oral presentation), a "short paper" (15 min. oral presentation) or a "poster".
| |
| β | | |
| β | '''Position Paper Submission'''
| |
| β | | |
| β | A position paper presents an arguable opinion about an issue. The goal of a position paper is to convince the audience that your opinion is valid and worth listening to, without the need to present completed research work and/or validated results. It is, nevertheless, important to support your argument with evidence to ensure the validity of your claims. A position paper may be a short report and discussion of ideas, facts, situations, methods, procedures or results of scientific research (bibliographic, experimental, theoretical, or other) focused on one of the conference topic areas. The acceptance of a position paper is restricted to the categories of "short paper" or "poster", i.e. a position paper is not a candidate to acceptance as "full paper".
| |
| β | | |
| β | = Camera-ready =
| |
| β | | |
| β | After the reviewing process is completed, the contact author (the author who submits the paper) of each paper will be notified of the result, by e-mail. The authors are required to follow the reviews in order to improve their paper before the camera-ready submission.
| |
| β | | |
| β | = Publications =
| |
| β | | |
| β | All accepted papers will be published in the conference proceedings, under an ISBN reference. Conference proceedings will be published by OWASP in electronic format ('''Springer proceedings have been canceled due to a low number of paper submissions''').
| |
| β | | |
| β | | |
| β | == Web-site ==
| |
| β | | |
| β | http://www.ibwas.com
| |
| β | | |
| β | == Secretariat ==
| |
| β | | |
| β | E-mail: secretariat@ibwas.com
| |
| β | | |
| β | == Important Dates ==
| |
| β | | |
| β | Submission of papers and all other contributions due: '''31st October 2010'''
| |
| β | | |
| β | Notification of acceptance: '''28th November 2010''' (delayed)
| |
| β | | |
| β | Camera-ready version of accepted contributions: '''5th December 2010'''
| |
| β | | |
| β | Conference: '''16th β 17th December 2010'''
| |
| β | | |
| β | === Call for Papers (portuguese version) ===
| |
| β | | |
| β | == Introdução ==
| |
| β | | |
| β | Existe uma mudanΓ§a profunda no paradigma de desenvolvimento de sistemas de informação nos nossos dias. A emergΓͺncia de tecnologias Web 2.0 levaram a um desenvolvimento e implantação massiva de aplicaçáes e serviΓ§os Web, como a forma de desenvolvimento de sistemas de informação flexΓveis. Tais sistemas sΓ£o simples de desenvolver, instalar e manter e demonstram um conjunto de funcionalidades atractivas para os utilizadores, o que as tornam tΓ£o apetecΓveis.
| |
| β | | |
| β | Como resultado desta mudanΓ§a paradigmΓ‘tica, os requisitos de seguranΓ§a tambΓ©m se alteraram. Estes sistemas de informação baseados na Web possuem diferentes requisitos de seguranΓ§a, quando comparados com sistemas tradicionais. Neste tipo de sistemas Γ© possΓvel encontrar aspectos importantes de seguranΓ§a e de privacidade que podem afectar a forma como os mesmos operam e comprometer os seus utilizadores. Acresce o facto de que a emergΓͺncia da Computação na Nuvem, que promete ainda mais flexibilidade, tem ainda um impacto mais forte nestes requisitos de seguranΓ§a e de privacidade. O ambiente de seguranΓ§a deve envolver nΓ£o apenas o ambiente circundante mas igualmente o nΓΊcleo aplicacional.
| |
| β | | |
| β | Esta conferΓͺncia pretende juntar peritos em seguranΓ§a aplicacional, investigadores, educadores e profissionais da indΓΊstria, academia e comunidades internacionais como a OWASP, por forma a discutirem de forma aberta os problemas e as soluçáes de seguranΓ§a aplicacional. Neste contexto, investigadores provenientes da academia e da indΓΊstria poderΓ£o combinar os resultados da sua investigação com a experiΓͺncia de profissionais e de engenheiros de software.
| |
| β | | |
| β | == Temas da ConferΓͺncia ==
| |
| β | Os temas sugeridos para submissΓ£o de trabalhos incluem os seguintes (mas nΓ£o se limitam apenas aos listados):
| |
| β | *Desenvolvimento Seguro de Aplicaçáes
| |
| β | *SeguranΓ§a de Arquitecturas Orientadas por ServiΓ§os
| |
| β | *SeguranΓ§a das Estruturas e Ferramentas de Desenvolvimento
| |
| β | *Modelação de AmeaΓ§as a Aplicaçáes Web
| |
| β | *SeguranΓ§a em Cloud Computing
| |
| β | *Vulnerabilidades e AnΓ‘lise de Aplicaçáes Web (revisΓ£o de cΓ³digo, testes de penetração, anΓ‘lise estΓ‘tica, etc)
| |
| β | *MΓ©tricas para SeguranΓ§a Aplicacional
| |
| β | *Contra-medidas para Vulnerabilidades em Aplicaçáes Web
| |
| β | *TΓ©cnicas de Desenvolvimento e Codificação em SeguranΓ§a
| |
| β | *Funcionalidades da Plataforma ou Linguagem de Desenvolvimento para a SeguranΓ§a de Aplicaçáes Web
| |
| β | *Utilização Segura de Bases de Dados em Aplicaçáes Web
| |
| β | *Controlo de Acesso em Aplicaçáes Web
| |
| β | *SeguranΓ§a em ServiΓ§os Web
| |
| β | *SeguranΓ§a do Browser Web
| |
| β | *Privacidade em Aplicaçáes Web
| |
| β | *Normas, Certificaçáes e CritΓ©rios para Avaliação da SeguranΓ§a em Aplicaçáes Web
| |
| β | *Sensibilização e Educação para a SeguranΓ§a Aplicacional
| |
| β | *SeguranΓ§a para a Web MΓ³vel
| |
| β | *Ataques e Exploração de Vulnerabilidades
| |
| β | | |
| β | == Instruçáes para a submissΓ£o de trabalhos ==
| |
| β | | |
| β | Os autores deve submeter um trabalho original escrito em InglΓͺs, devidamente verificado para evitar incorrecçáes gramaticais ou sintΓ‘cticas, usando o procedimento de submissΓ£o on-line (http://www.easychair.org/conferences/?conf=ibwas10). Por favor, verifique os formatos aceites para os trabalhos e tenha atenção a dimensΓ£o mΓ‘xima dos mesmos (limite de 12 pΓ‘ginas, de acordo com o modelo fornecido e que pode ser obtido a partir da seguinte URL: ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip).
| |
| β | | |
| β | As indicaçáes para a formatação dos trabalhos fornecidos no site da conferΓͺncia e no template devem ser estritamente seguidas pelos autores que desejem submeter trabalhos. O formato de submissΓ£o Γ© o mesmo do formato final. Por favor, siga as instruçáes de formatação usadas no template.
| |
| β | | |
| β | Cada trabalho deve indicar com clareza a natureza da sua contribuição tΓ©cnica/cientΓfica e os problemas, domΓnios ou ambientes para o qual Γ© aplicΓ‘vel.
| |
| β | | |
| β | Todos os artigos que estejam fora do Γ’mbito da conferΓͺncia ou que sob os quais sejam detectados actos de plΓ‘gio, serΓ£o liminarmente rejeitados.
| |
| β | | |
| β | Alguns detalhes sobre o procedimento de submissΓ£o:
| |
| β | | |
| β | 1. SerΓ‘ utilizado um procedimento de revisΓ£o anΓ³nimo, que serΓ‘ repetido por pelo menos dois revisores autΓ³nomos. Para facilitar este processo, que se pretende seja rΓ‘pido, eficiente e justo, Γ© solicitado aos autores que produzam os seu trabalho e que o submetam, SEM qualquer referΓͺncia a algum dos autores do mesmo. Isto significa que Γ© necessΓ‘rio remover os detalhes pessoais do autor, a secção de agradecimentos e qualquer outra referΓͺncia que possa revelar a identidade dos autores;
| |
| β | | |
| β | 2. SerΓ£o aceites os seguintes formatos de ficheiros na submissΓ£o: ODF, PDF, DOC, DOCX e RTF;
| |
| β | | |
| β | 3. O processo de submissΓ£o on-line envia automaticamente uma notificação, atravΓ©s do correio electrΓ³nico, do resultado da submissΓ£o ao autor correspondente.
| |
| β | | |
| β | = Tipos de submissΓ£o de trabalhos =
| |
| β | | |
| β | '''SubmissΓ£o de trabalhos regulares'''
| |
| β | | |
| β | Um trabalho regular apresenta o trabalho em que a pesquisa estΓ‘ terminada ou muito prΓ³ximo de estar completa. NΓ£o significa que o trabalho seja aceite na categoria de βtrabalho completoβ. Pode ser aceite como βtrabalho completoβ (apresentação oral de 30 minutos), βtrabalho curtoβ (apresentação oral de 15 minutos) ou βposterβ.
| |
| β | | |
| β | '''SubmissΓ£o de trabalhos de posição'''
| |
| β | | |
| β | Um trabalho de posição apresenta uma opiniΓ£o para discussΓ£o num determinado assunto. O objectivo de um trabalho deste tipo Γ© o de convencer a audiΓͺncia de que a sua opiniΓ£o Γ© vΓ‘lida e vale a pena ser escutada, sem ser necessΓ‘rio apresentar trabalho completo de pesquisa e/ou resultados devidamente validados. Γ no entanto importante suportar os seus argumentos com provas e assegurar a validade das mesmas. Um trabalho deste tipo pode ser relatΓ³rio curto e a discussΓ£o de ideias, factos, situaçáes, mΓ©todos, procedimentos ou resultados de pesquisa cientΓfica (bibliogrΓ‘fica, experimental, teΓ³rica ou outra) focada num dos temas da conferΓͺncia. A aceitação de um trabalho de posição estΓ‘ restringido Γ s categorias de βartigo curtoβ ou βposterβ.
| |
| β | | |
| β | = Formato Final =
| |
| β | | |
| β | Depois de concluΓdo o processo de revisΓ£o dos trabalhos submetidos, o autor de contacto (que submeteu o trabalho para a conferΓͺncia) serΓ‘ notificado do resultado da apreciação. Os autores cujos trabalhos forem aceites devem seguir as recomendaçáes dos revisores de melhoria dos seus trabalhos antes de submeterem a versΓ£o final dos mesmos.
| |
| β | | |
| β | = Publicaçáes =
| |
| β | | |
| β | Todos os trabalhos aceites serΓ£o publicados na acta de conferΓͺncia, com uma identificação ISBN. A acta da conferΓͺncia serΓ‘ publicada pela OWASP em formato electrΓ³nico ('''a edição pela Springer foi cancelada devido ao nΓΊmero baixo de submissΓ΅es recebidas''').
| |
| β | | |
| β | == Site de Web ==
| |
| β | | |
| β | http://www.ibwas.com
| |
| β | | |
| β | == Secretariado ==
| |
| β | | |
| β | EndereΓ§o de correio electrΓ³nico: secretariat@ibwas.com
| |
| β | | |
| β | == Datas importantes ==
| |
| β | | |
| β | SubmissΓ£o de trabalhos: '''31 de Outubro de 2010'''
| |
| β | | |
| β | Notificação de Aceitação: '''28 de Novembro de 2010'''
| |
| β | | |
| β | VersΓ£o final dos trabalhos aceites: '''5 de Dezembro de 2010'''
| |
| β | | |
| β | ConferΓͺncia: '''16 e 17 de Dezembro de 2010'''
| |
| β | | |
| β | === Call for Papers (spanish version) ===
| |
| β | | |
| β | == IntroducciΓ³n ==
| |
| β | | |
| β | Existen importantes cambios en el paradigma del desarrollo de los sistemas de informaciΓ³n. La apariciΓ³n de tecnologΓas Web 2.0 ha permitido el desarrollo e implantaciΓ³n de forma masiva de aplicaciones y servicios web como una manera de desarrollar nuevos y flexibles sistemas de informaciΓ³n. Estos sistemas son fΓ‘ciles de desarrollar, implementar y mantener, ademΓ‘s de aportar atractivas caracterΓsticas para los usuarios favoreciendo asΓ el uso masivo que encontramos actualmente.
| |
| β | | |
| β | Como resultado de este cambio de paradigma, los requisitos de seguridad tambiΓ©n han cambiado. Estos sistemas de informaciΓ³n basados en la Web tienen diferentes requisitos de seguridad en comparaciΓ³n con los sistemas tradicionales. Se han identificado los aspectos de seguridad mΓ‘s importantes y la privacidad tambiΓ©n es un problema que se ha planteado recientemente. AdemΓ‘s, el emergente paradigma Cloud Computing promete una mayor flexibilidad; sin embargo, los problemas de seguridad y privacidad aΓΊn necesitan ser revisados. El entorno de seguridad deberΓa implicar no sΓ³lo al ambiente circundante, sino tambiΓ©n el nΓΊcleo de la aplicaciΓ³n.
| |
| β | | |
| β | Esta conferencia pretende reunir a expertos en seguridad de aplicaciones, investigadores, educadores y profesionales de la industria, el sector acadΓ©mico y comunidades internacionales, como OWASP, con el fin de discutir los problemas abiertos y nuevas soluciones en seguridad de aplicaciones. En este contexto, los investigadores acadΓ©micos serΓ‘n capaces de combinar resultados interesantes con la experiencia de los profesionales y los ingenieros de software.
| |
| β | | |
| β | == Temas de la Conferencia ==
| |
| β | | |
| β | Los temas sugeridos para el envΓo de presentaciones incluyen (pero no estan limitados a):
| |
| β | | |
| β | * Desarrollo seguro de aplicaciones
| |
| β | * Seguridad en arquitecturas orientadas a servicios
| |
| β | * Seguridad en frameworks de desarrollo
| |
| β | * Modelado de amenazas en aplicaciones Web
| |
| β | * Seguridad en Cloud Computing
| |
| β | * Vulnerabilidades y AnaΔΊisis de aplicaciones Web (revisiΓ³n de cΓ³digo, pruebas de intrusiΓ³n, anΓ‘lisis estΓ‘tico, etc.)
| |
| β | * MΓ©tricas para seguridad en aplicaciones
| |
| β | * Soluciones y recomendaciones para las vulnerabilidades en aplicaciones Web
| |
| β | * TΓ©cnicas de codificaciΓ³n segura
| |
| β | * CaracterΓsticas de seguridad de la plataforma o lenguaje que ayuda a incrementar el nivel de seguridad en las aplicaciones Web
| |
| β | * Uso seguro de bases de datos en aplicaciones Web
| |
| β | * Control de acceso en aplicaciones Web
| |
| β | * Seguridad en servicios Web
| |
| β | * Seguridad en navegadores Web
| |
| β | * Privacidad en las aplicaciones Web
| |
| β | * EstΓ‘ndares, certificaciones y criterios de evaluaciΓ³n de la seguridad para aplicaciones Web
| |
| β | * SensibilizaciΓ³n y educaciΓ³n sobre seguridad en aplicaciones
| |
| β | * Seguridad para la Web mΓ³vil
| |
| β | * Ataques y explotaciΓ³n de vulnerabilidades
| |
| β | | |
| β | == Instrucciones para el envΓo de presentaciones ==
| |
| β | | |
| β | Los autores deben presentar un documento original en inglΓ©s, tras revisar cuidadosamente la gramΓ‘tica y ortografΓa, utilizando el procedimiento de envΓo on-line. Por favor, compruebe las caracterΓsticas del documento ya que debe ser consciente del lΓmite de pΓ‘ginas aceptadas (12 pΓ‘ginas, de acuerdo a una plantilla que se facilita y que pueden descargar desde aquΓ [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip en formato Word]).
| |
| β | | |
| β | Las directrices para el formato del documento facilitadas en el sitio web de la conferencia deben ser seguidas estrictamente para todos los trabajos presentados. El formato de presentaciΓ³n es el mismo que el formato final para impresiΓ³n. Por favor revise y siga cuidadosamente las instrucciones y las plantillas proporcionadas.
| |
| β | | |
| β | Cada trabajo debe indicar claramente la naturaleza de su contribuciΓ³n tΓ©cnica/cientΓfica, y los problemas, dominios o entornos en los que es aplicable.
| |
| β | | |
| β | Los trabajos que estΓ©n fuera del alcance de conferencias o puedan contener cualquier forma de plagio serΓ‘n descartados directamente.
| |
| β | | |
| β | Comentarios sobre el procedimiento de presentaciΓ³n on-line:
| |
| β | | |
| β | 1. Se utilizarΓ‘ un mΓ©todo de revisiΓ³n anΓ³nimo, que serΓ‘ repetido al menos por dos revisores. Para facilitar esto, se ruega a los autores que proporcionen el trabajo sin ninguna referencia a los autores. Esto significa que es necesario eliminar los datos personales del autor, la secciΓ³n de agradecimientos y toda referencia que pueda revelar la identidad de los autores.
| |
| β | | |
| β | 2. Se aceptan documentos en formato: ODF, PDF, DOC, DOCX o RTF.
| |
| β | | |
| β | 3. El procedimiento de presentaciΓ³n Web automΓ‘ticamente envΓa un acuse de recibo, por correo electrΓ³nico, al autor de contacto.
| |
| β | | |
| β | = Tipos de envΓo de presentaciones =
| |
| β | | |
| β | '''EnvΓo de presentaciones normales'''
| |
| β | | |
| β | Una presentaciΓ³n normal presenta un trabajo donde la investigaciΓ³n se ha completado o casi finalizado. Esto no necesariamente significa que la aceptaciΓ³n sea sobre un trabajo completo. Puede ser aceptado como un "trabajo completo" (30 min. de presentaciΓ³n oral), un "trabajo corto" (15 min. de presentaciΓ³n oral) o "poster".
| |
| β | | |
| β | '''EnvΓo de presentaciones de posiciΓ³n'''
| |
| β | | |
| β | Una presentaciΓ³n de posiciΓ³n presenta una opiniΓ³n discutible sobre un tema. El objetivo de un trabajo de posiciΓ³n es convencer a la audiencia que su opiniΓ³n es vΓ‘lida y merece la pena ser escuchada, sin la necesidad de presentar un trabajo de investigaciΓ³n finalizado y/o los resultados validados. Es importante, sin embargo, apoyar su argumento con evidencias para asegurar la validez de sus opiniones. Un trabajo de posiciΓ³n puede ser un breve documento y discusiΓ³n de ideas, hechos, situaciones, mΓ©todos, procedimientos o resultados de la investigaciΓ³n cientΓfica (bibliogrΓ‘fica, experimental, teΓ³rico o de otro tipo) centrado en uno de los temas de la conferencia. La aceptaciΓ³n de una presentaciΓ³n de posiciΓ³n se limita a las categorΓas de "trabajo corto" o "poster", es decir, una presentaciΓ³n de posiciΓ³n no es candidata para ser aceptada como "trabajo completo".
| |
| β | | |
| β | = VersiΓ³n Final =
| |
| β | | |
| β | DespuΓ©s de que el proceso de revisiΓ³n se complete, el autor de contacto (el autor que presenta el documento) de cada trabajo serΓ‘ notificado del resultado, por correo electrΓ³nico. Los autores estΓ‘n obligados a seguir las revisiones con el objetivo de mejorar su trabajo antes del envΓo de la versiΓ³n final.
| |
| β | | |
| β | = Publicaciones =
| |
| β | | |
| β | Todos los trabajos aceptados serΓ‘n publicados por OWASP en los materiales de las conferencias, bajo una referencia ISBN.
| |
| β | | |
| β | == Sitio de las Conferencias ==
| |
| β | | |
| β | http://www.ibwas.com
| |
| β | | |
| β | == SecretarΓa ==
| |
| β | | |
| β | DirecciΓ³n de correo electrΓ³nicio: secretariat@ibwas.com
| |
| β | | |
| β | == Fechas importantes ==
| |
| β | | |
| β | EnvΓo de presentaciones: '''31 de Octubre de 2010'''
| |
| β | | |
| β | NotificaciΓ³n de aceptaciΓ³n: '''28 de Noviembre de 2010'''
| |
| β | | |
| β | VersiΓ³n final de presentaciones aceptadas: '''5 de Deciembre de 2010'''
| |
| β | | |
| β | Conferencias: '''16 y 17 de Deciembre de 2010'''
| |
| β | | |
| β | ==== Organization and Program Committee ====
| |
| β | | |
| β | === IBWAS'10 Chairs ===
| |
| β | | |
| β | '''Carlos SerrΓ£o''', ISCTE-IUL Instituto UniversitΓ‘rio de Lisboa, OWASP Portugal, Portugal
| |
| β | | |
| β | '''Vicente Aguilera DΓaz''', Internet Security Auditors, OWASP Spain, Spain
| |
| β | | |
| β | === IBWAS'10 Organization ===
| |
| β | '''Fabio Cerullo''', OWASP Global Education Committee, Ireland
| |
| β | | |
| β | '''Dinis Cruz''', OWASP Board Member, UK
| |
| β | | |
| β | '''Paulo Coimbra''', OWASP Project Manager, UK
| |
| β | | |
| β | '''Miguel Correia''', Universidade de Lisboa, Portugal
| |
| β | | |
| β | '''Paulo Sousa''', Universidade de Lisboa, Portugal
| |
| β | | |
| β | '''Lucas C. Ferreira''', CΓ’mara dos Deputados, Brasil
| |
| β | | |
| β | '''Arturo "Buanzo" Busleiman''', OWASP Argentina, Argentina
| |
| β | | |
| β | '''Martin Tartarelli''', OWASP Argentina, Argentina
| |
| β | | |
| β | '''Paulo Querido''', Portugal
| |
| β | | |
| β | === IBWAS'10 Program Committee ===
| |
| β | | |
| β | '''AndrΓ© ZΓΊquete''', Universidade De Aveiro, Portugal<br> '''Candelaria HernΓ‘ndez-Goya''', Universidad De La Laguna, Spain<br> '''Carlos Costa''', Universidade De Aveiro, Portugal<br> '''Carlos Ribeiro''', Instituto Superior TΓ©cnico, Portugal<br> '''Eduardo Neves''', OWASP Education Committee, OWASP Brazil, Brazil<br> '''Francesc Rovirosa i RaduΓ ''', Universitat Oberta de Catalunya (UOC), Spain<br> '''Gonzalo Γlvarez MaraΓ±Γ³n''', Consejo Superior de Investigaciones CientΓficas (CSIC), Spain<br> '''Isaac Agudo''', University of Malaga, Spain<br> '''Jaime Delgado''', Universitat Politecnica De Catalunya, Spain<br> '''Javier Hernando''', Universitat Politecnica De Catalunya, Spain<br> '''Javier RodrΓguez Saeta''', Herta Security, Spain<br> '''Joaquim Castro Ferreira''', Universidade de Aveiro, Portugal<br> '''Joaquim Marques''', Instituto PolitΓ©cnico de Castelo Branco, Portugal<br> '''Jorge DΓ‘vila Muro''', Universidad PolitΓ©cnica de Madrid (UPM), Spain<br> '''Jorge E. LΓ³pez de Vergara''', Universidad AutΓ³noma de Madrid, Spain<br> '''JosΓ© Carlos MetrΓ΄lho''', Instituto PolitΓ©cnico de Castelo Branco, Portugal<br> '''JosΓ© Luis Oliveira''', Universidade De Aveiro, Portugal<br> '''Kuai Hinojosa''', OWASP Global Education Committee, New York University, United States<br> '''Leonardo Chiariglione''', Cedeo, Italy<br> '''Leonardo Lemes''', Unisinos, Brasil<br> '''Manuel Sequeira''', ISCTE-IUL Instituto UniversitΓ‘rio de Lisboa, Portugal<br> '''Marco Vieira''', Universidade de Coimbra, Portugal<br> '''Mariemma I. YagΓΌe''', University of MΓ‘laga, Spain<br> '''Miguel Correia''', Universidade de Lisboa, Portugal<br> '''Miguel Dias''', Microsoft, Portugal<br> '''Nuno Neves''', Universidade de Lisboa, Portugal<br> '''Osvaldo Santos''', Instituto PolitΓ©cnico de Castelo Branco, Portugal<br> '''Panos Kudumakis''', Queen Mary University of London, United Kingdom<br> '''Paulo Sousa''', Universidade de Lisboa, Portugal<br> '''Rodrigo Roman''', University of Malaga, Spain<br> '''Rui Cruz''', Instituto Superior TΓ©cnico, Portugal<br> '''Rui Marinheiro''', ISCTE-IUL Instituto UniversitΓ‘rio de Lisboa, Portugal<br> '''SΓ©rgio Lopes''', Universidade do Minho, Portugal<br> '''Tiejun Huang''', Pekin University, China<br> '''VΓctor VillagrΓ‘''', Universidad PolitΓ©cnica de Madrid (UPM), Spain<br> '''Vitor Filipe''', Universidade de TrΓ‘s-os-Montes e Alto Douro, Portugal<br> '''Vitor Santos''', Microsoft, Portugal<br> '''Vitor Torres''', Universitat Pompeu Fabra, Spain<br> '''Wagner Elias''', OWASP Brazil Chapter Leader, Brazil
| |
| β | | |
| β | ==== Registration ====
| |
| β | | |
| β | == Important Dates ==
| |
| β | | |
| β | Submission of papers and all other contributions due: '''31st October 2010'''
| |
| β | | |
| β | Notification of acceptance: '''28th November 2010'''
| |
| β | | |
| β | Camera-ready version of accepted contributions: '''5th December 2010'''
| |
| β | | |
| β | Conference: '''16th β 17th December 2010'''
| |
| β | | |
| β | == Registration ==
| |
| β | * [http://www.eventbrite.com/event/1073670377?ref=elink Registration on the OWASP IBWAS'10 Training Day] (part of the Conference) - 16th. December
| |
| β | * [http://ibwas10.eventbrite.com/ Registration on the OWASP IBWAS'10 Conference] - 17th. December
| |
| β | | |
| β | ==== 16th December ====
| |
| β | {{:IBWAS10 Training}}
| |
| β | | |
| β | ==== 17th December ====
| |
| β | | |
| β | == Draft Agenda ==
| |
| β | | |
| β | {| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
| |
| β | |- valign="middle"
| |
| β | | height="60" align="center" bgcolor="#8888BB" colspan="3" style="none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font size="5">'''OWASP IBWAS'10 Conference Day'''</font>
| |
| β | |- valign="middle"
| |
| β | | height="60" width="100" bgcolor="#BBBBFF" align="center" rowspan="2"| 08:30 - 09:00
| |
| β | | width="750" bgcolor="#666699" style="color:white;" align="center" colspan="2" | <b>Welcome Desk</b>
| |
| β | |-
| |
| β | | width="750" bgcolor="#CCCCEE" align="center" colspan="2"| <b>PARTICIPANTS RECEPTION</b>
| |
| β | |- valign="middle"
| |
| β | | height="60" width="100" bgcolor="#BBBBFF" align="center" rowspan="2"| 09:00 - 09:30
| |
| β | | width="750" bgcolor="#666699" style="color:white;" align="center" colspan="2" | <b>Room B2.04</b>
| |
| β | |-
| |
| β | | width="750" bgcolor="#CCCCEE" align="center" colspan="2" | <b>OPENING SESSION</b><br>Professor LuΓs Reto (ISCTE-IUL Dean), Professor Francisco Cercas (ISTA President), Carlos SerrΓ£o (ISCTE-IUL, OWASP.Portugal), Vicente Aguillera (OWASP.Spain)
| |
| β | |- valign="middle"
| |
| β | | height="120" width="100" bgcolor="#BBBBFF" align="center" rowspan="2"| 09:30 - 10:30
| |
| β | | width="750" bgcolor="#666699" style="color:white;" align="center" colspan="2" | <b>Room B2.04</b>
| |
| β | |-
| |
| β | | width="750" bgcolor="#CCCCEE" align="center" colspan="2" | <b>KEYNOTE SPEECH</b><br>Professor Carlos Ribeiro<br>[[#Keynote: How cryptography can rescue the web]]
| |
| β | |- valign="middle"
| |
| β | | height="30" width="100" bgcolor="#BBBBFF" align="center" | 10:30 - 10:45
| |
| β | | width="750" bgcolor="#EEEEFF" align="center" colspan="2" | <b>COFFEE BREAK</b>
| |
| β | |- valign="middle"
| |
| β | | height="120" width="100" bgcolor="#BBBBFF" align="center" rowspan="2" | 10:45 - 11:45
| |
| β | | width="750" bgcolor="#666699" style="color:white;" align="center" colspan="2" | <b>Room B2.04</b>
| |
| β | |-
| |
| β | | width="750" bgcolor="#CCCCEE" align="center" colspan="2" | <b>KEYNOTE SPEECH</b><br>Dinis Cruz<br>"Keynote Title"
| |
| β | |- valign="middle"
| |
| β | | height="180" width="100" bgcolor="#BBBBFF" align="center" rowspan="2" | 11:45 - 13:15
| |
| β | | width="375" bgcolor="#666699" style="color:white;" align="center" | <b>Room B2.04</b>
| |
| β | | width="375" bgcolor="#666699" style="color:white;" align="center" | <b>Room TBD</b>
| |
| β | |-
| |
| β | | width="375" bgcolor="#CCCCEE" align="center" | <b>TECHNICAL TRACK</b><br>LuΓs Grangeia<br>"Talk Title"<br>Arturo 'Buanzo' Busleiman<br>[[#Talk: Jiffy - A secure instant messenger]]
| |
| β | | width="375" bgcolor="#CCCCEE" align="center" | <b>TECHNICAL TRACK</b><br>Martin Knobloch<br>[[#Talk: Developing Secure Applications with OWASP]]<br>Bruno Morisson<br>[[#Talk: The Thing That Should Not Be (a glimpse into the future of web application security)]]
| |
| β | |- valign="middle"
| |
| β | | height="60" width="100" bgcolor="#BBBBFF" align="center" | 13:15 - 14:30
| |
| β | | width="750" bgcolor="#EEEEFF" align="center" colspan="2" | <b>LUNCH BREAK</b>
| |
| β | |- valign="middle"
| |
| β | | height="300" width="100" bgcolor="#BBBBFF" align="center" rowspan="2" | 14:30 - 17:00
| |
| β | | width="375" bgcolor="#666699" style="color:white;" align="center" | <b>Room B2.04</b>
| |
| β | | width="375" bgcolor="#666699" style="color:white;" align="center" | <b>Room TBD</b>
| |
| β | |-
| |
| β | | width="375" bgcolor="#CCCCEE" align="center" | <b>TECHNICAL TRACK</b><br>Miguel Correia<br>[[#Talk: Software Security in the Clouds]]<br>Bruno Pedro<br>[[#Talk: Is OAuth really secure?]]<br>Francisco Rente<br>"Talk Title"<br>Christian Martorella<br>[[#Talk: 2010 and still bruteforcing]]
| |
| β | | width="375" bgcolor="#CCCCEE" align="center" | <b>RESEARCH TRACK</b><br>Accepted Papers Presentations
| |
| β | |- valign="middle"
| |
| β | | height="30" width="100" bgcolor="#BBBBFF" align="center" | 17:00 - 17:15
| |
| β | | width="750" bgcolor="#EEEEFF" align="center" colspan="2" | <b>COFFEE BREAK</b>
| |
| β | |- valign="middle"
| |
| β | | height="180" width="100" width="100" bgcolor="#BBBBFF" align="center" rowspan="2"| 17:15 - 18:45
| |
| β | | width="375" bgcolor="#666699" style="color:white;" align="center" | <b>Room B2.04</b>
| |
| β | | width="375" bgcolor="#666699" style="color:white;" align="center" | <b>Room TBD</b>
| |
| β | |-
| |
| β | | width="375" bgcolor="#CCCCEE" align="center" | <b>TECHNICAL TRACK</b><br>John Wilander<br>[[#Talk: Will new HTTP headers save us?]]<br>Martin Knobloch<br>[[#Talk: Developing compliant applications]]
| |
| β | | width="375" bgcolor="#CCCCEE" align="center" | <b>... TRACK</b><br>
| |
| β | |- valign="middle"
| |
| β | | height="30" width="100" bgcolor="#BBBBFF" align="center" rowspan="2"| 18:45 - 19:00
| |
| β | | width="750" bgcolor="#666699" style="color:white;" align="center" colspan="2" | <b>Room B2.04</b>
| |
| β | |-
| |
| β | | width="750" bgcolor="#CCCCEE" align="center" colspan="2" | <b>CLOSING SESSION</b>
| |
| β | |}
| |
| β | <br>
| |
| β | | |
| β | == Keynote: How cryptography can rescue the web ==
| |
| β | | |
| β | '''Professor Carlos Ribeiro'''
| |
| β | | |
| β | [[File:carlosribeiro.jpg]]
| |
| β | | |
| β | [http://www.ist.utl.pt/ Instituto Superior TΓ©cnico], [http://www.utl.pt/ Universidade TΓ©cnica de Lisboa], Portugal
| |
| β | | |
| β | The Web is gaining more and more commercial relevance and with that becoming a more interesting target for attack. On the other hand the Web communications foundations have not change much, and the programming skills of the average programmer are decreasing with the increasing number of programmers. This talk will focus on the first issue and how cryptography may be used to prevent several attacks. Crucial to this goal is the recent release of DNSSEC and several other Certificate infrastructures (e.g. Stork - a pan-European authentication infrastructure that may become keystones of this change.
| |
| β | | |
| β | == Talk: The Thing That Should Not Be (a glimpse into the future of web application security) ==
| |
| β | | |
| β | '''Bruno Morisson'''
| |
| β | | |
| β | [[File:brunomorisson.jpg]]
| |
| β | | |
| β | [http://www.integrity.pt/ Integrity, S.A.], Portugal
| |
| β | | |
| β | Developers are not security practicioners. Security practitioners are not developers. Developers create web applications. Security practitioners want those apps to be secure (sometimes even if security breaks functionality).
| |
| β | Are developers and security practitioners like oil and water ? Are security practitioners taking the right approach to help web developers understand and prevent security issues, or are we simply trying to brute force developers into security gurus ?
| |
| β | | |
| β | == Talk: Developing Secure Applications with OWASP ==
| |
| β | | |
| β | '''Martin Knobloch'''
| |
| β | | |
| β | [[File:martinknobloch.jpg]]
| |
| β | | |
| β | [http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands
| |
| β | | |
| β | After an introduction about OWASP, Martin will higlight the top projects of OWASP. During the presentation Martin does explain how OWASP material can be used to raise awareness about secure appliation development and how OWASP material does fit into a (secure) development lifecycle.
| |
| β | | |
| β | == Talk: Developing compliant applications ==
| |
| β | | |
| β | '''Martin Knobloch'''
| |
| β | | |
| β | [[File:martinknobloch.jpg]]
| |
| β | | |
| β | [http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands
| |
| β | | |
| β | How to develop applications to be compliant to security related laws and regulations?
| |
| β | To be compliant means to follow the regulations, most of the times not known by the developers. To be compliant includes to proof to be compliant.
| |
| β | This presentation is about how to develop compliant (Web) applications that prove to be compliant!
| |
| β | | |
| β | == Talk: Software Security in the Clouds ==
| |
| β | | |
| β | '''Miguel Correia'''
| |
| β | | |
| β | [[File:miguelcorreia.jpg]]
| |
| β | | |
| β | [http://www.ul.pt/ University of Lisboa], [http://www.fc.ul.pt/ Faculty of Sciences], Portugal
| |
| β | | |
| β | Recently an expert wrote rather enfatically that "the current state of security in commercial software is rather distasteful, marked by embarrassing public reports of vulnerabilities and actual attacks". This situation is particularly concerning in times when companies are exporting their applications and data to cloud computing systems. The first part of the talk will be a personal vision of the combination of techniques and tools needed for protecing software. The second part will argue that this combination is still insuficient for critical applications in the cloud and propose solutions based on distributing trust among different clouds.
| |
| β | | |
| β | == Talk: Jiffy - A secure instant messenger ==
| |
| β | | |
| β | '''Arturo 'Buanzo' Busleiman'''
| |
| β | | |
| β | [[File:arturobuanzo.jpg]]
| |
| β | | |
| β | [http://www.owasp.org/index.php/Argentina OWASP Argentina], Argentina
| |
| β | | |
| β | Jiffy - "Just for you" is an instant messaging system baseed
| |
| β | on OWASP's Enigform, SSL and the OpenPGP Web-of-Trust. In this talk,
| |
| β | Buanzo will introduce us to OpenPGP, Enigform and Jiffy.
| |
| β | | |
| β | == Talk: Is OAuth really secure? ==
| |
| β | | |
| β | '''Bruno Pedro'''
| |
| β | | |
| β | [[File:brunopedro.jpg]]
| |
| β | | |
| β | [http://www.tarpipe.com Tarpipe], Portugal
| |
| β | | |
| β | Is the OAuth protocol really secure? Even though the OAuth authorization protocol has been published as the RFC 5849 and is being widely adopted by large Internet companies, it's important to stress out its possible security vulnerabilities.
| |
| β | | |
| β | This talk will focus on the OWASP Top 10 Application Security Risks and how OAuth is affected by them. While some of the security risks are mitigated by OAuth, developers need to take some action to prevent other risks from affecting their implementations.
| |
| β | | |
| β | == Talk: Will new HTTP headers save us? ==
| |
| β | | |
| β | '''John Wilander'''
| |
| β | | |
| β | [[File:johnwilander.jpg]]
| |
| β | | |
| β | [http://www.omegapoint.se/ Omegapoint], Sweden
| |
| β | | |
| β | Browser vendors and Internet techies are teaming up to find solutions to some of the most common and dangerous security problems on the web. New HTTP headers seems to be a favorite carrier of security instructions from the server to the browser. During this talk John will demo three such headers β '''Strict-Transport-Security, X-Frame-Options, and X-Content-Security-Policy''' β and discuss if they can solve cross-site scripting, clickjacking, phising, and man-in-the-middle attacks.
| |
| β | | |
| β | == Talk: 2010 and still bruteforcing ==
| |
| β | | |
| β | '''Christian Martorella'''
| |
| β | | |
| β | [[File:christianmartorella.jpg]]
| |
| β | | |
| β | [http://www.verizonbusiness.com/ Verizon Business], UK
| |
| β | | |
| β | The presentation will review some of the latest attacks that affected big companies and involved Brute force attacks, showing that this attack is still very effective. The second part of the presentation will introduce Webslayer, an OWASP project, that intend to cover all needs for web application brute force tests.
| |
| β | | |
| β | | |
| β | ==== Papers ====
| |
| β | === Papers ===
| |
| β | Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure ([http://www.easychair.org/conferences/?conf=ibwas10 submission site]). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip in Word Format]).
| |
| β | | |
| β | The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.
| |
| β | | |
| β | === Accepted Papers ===
| |
| β | | |
| β | ==== Speakers ====
| |
| β | | |
| β | === Keynote Speakers ===
| |
| β | | |
| β | {|
| |
| β | |-
| |
| β | |'''Professor Carlos Ribeiro'''
| |
| β | | |
| β | [[File:carlosribeiro.jpg]]
| |
| β | | |
| β | [http://www.ist.utl.pt/ Instituto Superior TΓ©cnico], [http://www.utl.pt/ Universidade TΓ©cnica de Lisboa], Portugal
| |
| β | | |
| β | |Carlos Ribeiro (Ph.D.) is Professor at the Computer and Information Systems Department at the IST/UTL, where he teaches Network Security, Computer Security, Security Protocols and Operating Systems courses. He has received his PhD degree in Computer Science in 2002 from IST/UTL. Carlos Ribeiro's main research area is Security. He is co-coordenator of the PhD in Information Security, and vice-president of IST computer and network unit. He has been a researcher at Inesc-id since 2002, where he is currently the leader of the Distributed Systems research Group. He has participated in several National and International research projects in computer and network security, and has been an active researcher in the e-voting field since 2002.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | === Panel Speakers ===
| |
| β | | |
| β | {|
| |
| β | |-
| |
| β | |'''Bruno Morisson'''
| |
| β | [[File:brunomorisson.jpg]]
| |
| β | | |
| β | [http://www.integrity.pt/ Integrity, S.A.], Portugal
| |
| β | | |
| β | |Bruno Morisson is a Consultant and Partner at INTEGRITY S.A., a
| |
| β | Consulting and Advisory firm focusing on Information Security
| |
| β | Management, Telecom Management and IT Governance, where he provides
| |
| β | consultancy, auditing and advisory services. In a past life he has
| |
| β | held positions as a Senior Information Security Consultant and as
| |
| β | Security Operations Manager, providing information security management
| |
| β | services to customers in the financial, public and energy sectors in
| |
| β | Portugal.
| |
| β | | |
| β | For the last 12 years he's been involved in several areas of
| |
| β | Information Security, from consulting, architecture, engineering,
| |
| β | auditing and penetration testing, as well as integration of OpenSource
| |
| β | security solutions. He's been actively involved with the InfoSec
| |
| β | community in Portugal, being one of the founders of the portuguese
| |
| β | chapter of The Honeynet Project, leading the InfoSec-Pros-PT
| |
| β | mailing-list and currently helping gather the community in a monthly
| |
| β | informal meeting - Confraria Security&IT.
| |
| β | Bruno also holds several certifications in Information Security
| |
| β | (CISSP-ISSMP, CISA, ISO27001LA).
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | {|
| |
| β | |-
| |
| β | |'''LuΓs Grangeia'''
| |
| β | [[File:luisgrangeia.jpg]]
| |
| β | | |
| β | [http://www.sysvalue.pt/ Sysvalue, S.A.], Portugal
| |
| β | | |
| β | |Luis Grangeia is Partner at SysValue, S.A., currently leading the companyβs Information Systems Auditing practice. SysValue S.A. is a Portuguese Company focused on the reliability of Information Systems with practices in Auditing, Consulting, Integration, Training and Research and Development.
| |
| β | | |
| β | Since 2001 he has been conducting IS audits and penetration tests to major national and foreign companies, such as Portugal Telecom, Banco EspΓrito Santo, Banco Santander, UNICRE, Direcção-Geral do Tesouro, among others. Luis also contributes occasionally to information security research, with an article of note on the technique of DNS cache snooping.
| |
| β | | |
| β | Luis has attended Computer Science Engineering at Instituto Superior TΓ©cnico and currently holds the SANS GSNA, CISSP, CISA and ISO 27001 Lead Auditor certifications.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | {|
| |
| β | |-
| |
| β | |'''Francisco Rente'''
| |
| β | [[File:franciscorente.jpg]]
| |
| β | | |
| β | [http://www.uc.pt/fctuc Faculdade de CiΓͺncia e Tecnologia], [http://www.uc.pt Universidade de Coimbra], Portugal
| |
| β | | |
| β | |Francisco Nina Rente, is an enthusiast and an evangelist of information security, especially in matters of privacy. He had his BsC and MsC in Computer Science on University of Coimbra. Back in 2006, he founded CERT-IPN, a CSIRT team of IPN Institute, where he did R&D, consultancy and management of InfoSec until June of 2010. Francisco, is currently PhD student in University of Coimbra, where he works in "Malicious Stealth Communications". Since July of 2010, Francisco is CEO of DognΓ¦dis, a company based in Portugal, focused in Information Security and Software Assurance.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | {|
| |
| β | |'''Martin Knobloch'''
| |
| β | [[File:martinknobloch.jpg]]
| |
| β | | |
| β | [http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands
| |
| β | | |
| β | |Martin Knobloch is employed at Sogeti Netherlands as Senior Security Consultant. He is founder and thought leader of the Sogeti task force PaSS, Proactive Security Strategy, with an integral solution of information security within organisation, infrastructure and software.
| |
| β | At OWASP, Martin is board member of the OWASP Netherlands Chapter and member of the Global Education Committee.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | {|
| |
| β | |'''Miguel Correia'''
| |
| β | [[File:miguelcorreia.jpg]]
| |
| β | | |
| β | [http://www.ul.pt/ University of Lisboa], [http://www.fc.ul.pt/ Faculty of Sciences], Portugal
| |
| β | | |
| β | |Miguel Correia is Assistant Professor of the [http://www.di.fc.ul.pt/ Department of Informatics], [http://www.ul.pt/ University of Lisboa] [http://www.fc.ul.pt/ Faculty of Sciences], and Adjunct Faculty of the [http://www.cmu.edu/ Carnegie Mellon] [http://www.ini.cmu.edu/ Information Networking Institute]. He is a member of the [http://lasige.di.fc.ul.pt/ LASIGE] research unit and the [http://www.navigators.di.fc.ul.pt/ Navigators] research team. He has been involved in several international and national research projects related to intrusion tolerance and security, including the TCLOUDS, MAFTIA and CRUTIAL EC-IST projects, and the ReSIST NoE. He is currently the coordinator and an instructor of the joint Carnegie Mellon University and University of Lisboa [http://msi.di.fc.ul.pt/ MSc in Information Security]. He has more than 50 publications in international journals, conferences and workshops. He authored with Paulo Sousa a book titled "SeguranΓ§a no Software" (FCA, 2010). More information about him is available at [http://www.di.fc.ul.pt/~mpc http://www.di.fc.ul.pt/~mpc].
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | {|
| |
| β | |'''Arturo 'Buanzo' Busleiman'''
| |
| β | [[File:arturobuanzo.jpg]]
| |
| β | | |
| β | [http://www.owasp.org/index.php/Argentina OWASP Argentina], Argentina
| |
| β | | |
| β | |Buanzo is a nerd. Yes, a so-called geek. Why? Simple: he started programming at the age of 8, got into information security by
| |
| β | 12 (Oh, the BBS era...!) and now he performs as a Security Consultant
| |
| β | for the Argentinian Computer Emergency Response Team (ArCERT). If you
| |
| β | enjoy programming, Open Source Software, Linux and all things security
| |
| β | and geeky, you might enjoy one of his talks.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | {|
| |
| β | |'''John Wilander'''
| |
| β | [[File:johnwilander.jpg]]
| |
| β | | |
| β | [http://www.omegapoint.se/ Omegapoint], Sweeden
| |
| β | | |
| β | |John Wilander is an application security researcher and consultant. He is a partner and evangelist at Omegapoint, a consultancy firm based in Sweden. John typically works as a security focused software developer. Java and JavaScript are his languages of choice.
| |
| β | | |
| β | After his Master's degree in Computer Science and Engineering from LinkΓΆping University (Sweden) and Nanyang Technological University (Singapore) he pursued a PhD in application security. Last paper still pending but John's research publications can be found here.
| |
| β | | |
| β | John started the Swedish OWASP Chapter in 2007 and has since been leader and co-leader. In 2010 he chaired the most successful OWASP AppSec EU conference so far β OWASP AppSec Research 2010. John along with the Swedish chapter are listed as contributors to OWASP Top 10 2010.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | {|
| |
| β | |'''Bruno Pedro'''
| |
| β | [[File:brunopedro.jpg]]
| |
| β | | |
| β | [http://www.tarpipe.com/ Tarpipe], Portugal
| |
| β | | |
| β | |Bruno Pedro is a systems engineer with over 15 yearsβ experience in database related applications whoβs been developing Web Applications since 1995. Heβs the author of the O'Reilly book "PHP and Smarty on Large-Scale Web Development" and has spoken on numerous technical conferences and events.
| |
| β | | |
| β | Heβs the author of Auth_Container_SOAP, PEARβs SOAP based plug-and-play authentication package and, more recently, a big proponent of the OpenID and OAuth protocols.
| |
| β | | |
| β | Bruno started tarpipe.com in 2008 because he couldn't find any Web applications that could easily automate his publishing needs to social media Web sites.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | {|
| |
| β | |'''Christian Martorella'''
| |
| β | [[File:christianmartorella.jpg]]
| |
| β | | |
| β | [http://www.verizonbusiness.com/ Verizon Business], UK
| |
| β | | |
| β | |Christian Martorella has been working in the field of information security for the last 10 years, starting his career in Argentina IRS as security consultant, now he's Practice Leader in Threat and Vulnerability - EMEA in Verizon Business. He is cofounder an active member of Edge-Security team, where security tools and research is released. He has been speaker at What The Hack!, NoConName, FIST Conferences, OWASP Summit 2008 and OWASP Spain IV & VI, Source Conference Barcelona and Hack.LU. Christian has contributed with open source assessment tools like OWASP WebSlayer and Metagoofil. He likes all related to Information Gathering and Penetration testing. Christian currently holds the President position at the FIST Conferences board, and in the past taught Ethical Hacking at the IT Security Master of La Salle University.
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | ==== Venue ====
| |
| β | | |
| β | IBWAS'10 will be taking place at the [http://www.iscte.pt ISCTE - Lisbon University Institute] in Lisbon, Portugal.
| |
| β | | |
| β | == Location ==
| |
| β | Ed. ISCTE <br> Av. das ForΓ§as Armadas<br> 1600- Lisboa<br> Portugal<br>
| |
| β | | |
| β | Find the [http://maps.google.com/maps?q=iscte,+lisboa,+portugal&hl=en&cd=1&ei=JFx0S_ScKYyGONOz1YkB&sig2=FsC9HEg2JrBD00ARc_U3IA&sll=38.724358,-9.148865&sspn=0.077408,0.150719&ie=UTF8&view=map&cid=7285641604236232209&ved=0CBgQpQY&hq=iscte,+lisboa,+portugal&hnear=&ll=38.749766,-9.154122&spn=0.009673,0.01884&t=h&z=16&iwloc=A location on Google Maps].
| |
| β | | |
| β | <googlemap lat="38.749565" lon="-9.15277" zoom="15">
| |
| β | 38.748862, -9.152384, ISCTE-IUL
| |
| β | </googlemap>
| |
| β | | |
| β | | |
| β | http://www.allofads.com/files/images/mapa_iscte.jpg
| |
| β | | |
| β | == How to get there? ==
| |
| β | '''Car'''
| |
| β | * Go up the Av.Βͺ das ForΓ§as Armadas.
| |
| β | * Turn north at the crossing with Av.Βͺ Prof. Gama Pinto. The crossing is located at the highest point of Av.Βͺ das ForΓ§as Armadas.
| |
| β | * Turn to the second street right.
| |
| β | * Turn to the first street right.
| |
| β | * The main entrance of ISCTE is at your left.
| |
| β | | |
| β | '''Train'''
| |
| β | * Leave the train at the Entrecampus station. Look for the exit leading to Av.Βͺ da RepΓΊblica.
| |
| β | * Walk north for about 250 m towards the Rotunda de Entrecampus (a circle).
| |
| β | * At the circle, turn left to the Av.Βͺ das ForΓ§as Armadas.
| |
| β | * Climb west for about 300 m towards Sete Rios. Use the sidewalk on the right.
| |
| β | * The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.
| |
| β | | |
| β | '''Bus'''
| |
| β | * Get on any [http://www.carris.pt/ Carris] bus with numbers [http://www.carris.pt/horarios/a054_1.pdf 54], [http://www.carris.pt/horarios/a701_1.pdf 701], or [http://www.carris.pt/horarios/a732_2.pdf 732].
| |
| β | * Leave the bus at the "Faculdade de FarmΓ‘cia" stop, at the top of Av.Βͺ das ForΓ§as Armadas, close to an old house with ia battlemented roof.
| |
| β | * Walk down the avenue for about 50 m. The entry leading to ISCTE will be at your left, immediatly before the canteen of the University of Lisbon.
| |
| β | | |
| β | '''Subway'''
| |
| β | | |
| β | ''First alternative:''
| |
| β | * Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/ec_aid.pdf Entrecampos] station.
| |
| β | * Exit the station through the north exit, leading to the Rotunda de Entrecampos (a circle), close to Av.Βͺ das ForΓ§as Armadas.
| |
| β | * From the circle, go west, up the Av.Βͺ das ForΓ§as Armadas, for about 300 m.
| |
| β | * Use the sidewalk on the right.
| |
| β | * The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.
| |
| β | | |
| β | ''Second alternative:''
| |
| β | * Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/cu_aid.pdf Cidade UniversitΓ‘ria] station.
| |
| β | * Exit the station through the passage leading to Hospital de Santa Maria.
| |
| β | * Walk south, along the left sidewalk of Av.Βͺ Prof. Gama Pinto, for about 150 m (i.e., walk towards the Av.Βͺ das ForΓ§as Armadas).
| |
| β | * After the crossing with the Av.Βͺ Prof. Egas Moniz (at your right), turn into the first street at your left.
| |
| β | * Turn to the first street right.
| |
| β | * The main entrance of ISCTE is at your left.
| |
| β | | |
| β | Here is the representation of the walking on the map.
| |
| β | | |
| β | http://www.allofads.com/files/images/mapa_iscte_1.jpg
| |
| β | | |
| β | | |
| β | '''Links'''
| |
| β | | |
| β | Metro: [http://www.metrolisboa.pt www.metrolisboa.pt] <br>
| |
| β | Buses [http://www.carris.pt www.carris.pt]<br>
| |
| β | Trains: [http://www.cp.pt www.cp.pt]<br>
| |
| β | Taxis: [http://www.antral.pt www.antral.pt]
| |
| β | | |
| β | ==== Hotels ====
| |
| β | === Hotels ===
| |
| β | This page contains information about the recommended hotels for the conference. All of the hotels are near to the conference place at a 5 to 15 minutes walking distance. PLease use the following reference when reserving your hotel: "'''ConferΓͺncia IBWAS'10'''".
| |
| β | | |
| β | == SANA Metropolitan Hotel **** ==
| |
| β | Rua Soeiro Pereira Gomes, Parcela 2, Entrecampos, 1600-198 Lisboa, Lisboa
| |
| β | | |
| β | [[File:sanametro01.jpg]]
| |
| β | [[File:sanametro02.jpg]]
| |
| β | | |
| β | Location on [http://maps.google.com/maps/ms?ie=UTF8&hl=pt-PT&msa=0&msid=104715835640056575562.00044cb43ee4b9e509aca&ll=38.748762,-9.159701&spn=0.009204,0.011802&z=16&iwloc=00044cb52de8286b65d85&source=embed Google Maps].
| |
| β | | |
| β | Hotel [http://www.sanahotels.com/gca/index.php?hotelId=50&lng=en web-site].
| |
| β | | |
| β | {|cellspacing="1" cellpading="1" border="1"
| |
| β | |-
| |
| β | |bgcolor="#cccccc"|'''Room type'''
| |
| β | |bgcolor="#cccccc"|'''Individual'''
| |
| β | |bgcolor="#cccccc"|'''Double'''
| |
| β | |-
| |
| β | |bgcolor="#eeeeee"|'''Standard'''
| |
| β | |67 euros
| |
| β | |72 euros
| |
| β | |-
| |
| β | |bgcolor="#eeeeee"|'''Extra Bed'''
| |
| β | |30 euros
| |
| β | |
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | == Vip Executive Villa Rica Hotel **** ==
| |
| β | Av.5 de Outubro Nr. 295, Entrecampos, 1600-035 Lisboa (Lisboa)
| |
| β | | |
| β | http://www.viphotels.com/Images/VIPExecutiveVillaRica/galeria/Exterior/01.jpg
| |
| β | | |
| β | Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/Localizacao.aspx Google Maps].
| |
| β | | |
| β | Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/OHotel.aspx web-site].
| |
| β | | |
| β | == NH Campo Grande **** ==
| |
| β | Campo Grande, 7, 1700-087 Lisboa, Lisboa
| |
| β | | |
| β | http://www.nh-hoteles.pt/nh/hotel-gallery/1101383-t2-z2w.jpg
| |
| β | http://www.nh-hoteles.pt/nh/hotel-gallery/1101375-t2-z2w.jpg
| |
| β | | |
| β | Location on [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html?type=location Google Maps].
| |
| β | | |
| β | Hotel [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html web-site].
| |
| β | | |
| β | {|cellspacing="1" cellpading="1" border="1"
| |
| β | |-
| |
| β | |bgcolor="#cccccc"|'''Room type'''
| |
| β | |bgcolor="#cccccc"|'''Individual'''
| |
| β | |bgcolor="#cccccc"|'''Double'''
| |
| β | |-
| |
| β | |bgcolor="#eeeeee"|'''Standard'''
| |
| β | |83 euros
| |
| β | |90 euros
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | == Hotel VIP Executive Zurique *** ==
| |
| β | Rua Ivone Silva 18, 1050 Lisboa
| |
| β | | |
| β | http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Exterior/03.jpg
| |
| β | | |
| β | http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Interior/05.jpg
| |
| β | | |
| β | Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/Localizacao.aspx Google Maps].
| |
| β | | |
| β | Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/OHotel.aspx web-site].
| |
| β | | |
| β | {|cellspacing="1" cellpading="1" border="1"
| |
| β | |-
| |
| β | |bgcolor="#cccccc"|'''Room type'''
| |
| β | |bgcolor="#cccccc"|'''Individual'''
| |
| β | |bgcolor="#cccccc"|'''Double'''
| |
| β | |-
| |
| β | |bgcolor="#eeeeee"|'''Standard'''
| |
| β | |65 euros
| |
| β | |70 euros
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | == Hotel Berna *** ==
| |
| β | Avenida AntΓ³nio Serpa 13, 1069 Lisboa
| |
| β | | |
| β | http://www.viphotels.com/Images/VIPInnBerna/galeria/Exterior/02.jpg
| |
| β | | |
| β | http://www.viphotels.com/Images/VIPInnBerna/galeria/Interior/05.jpg
| |
| β | | |
| β | Location on [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/Localizacao.aspx Google Maps].
| |
| β | | |
| β | Hotel [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/OHotel.aspx web-site].
| |
| β | | |
| β | {|cellspacing="1" cellpading="1" border="1"
| |
| β | |-
| |
| β | |bgcolor="#cccccc"|'''Room type'''
| |
| β | |bgcolor="#cccccc"|'''Individual'''
| |
| β | |bgcolor="#cccccc"|'''Double'''
| |
| β | |-
| |
| β | |bgcolor="#eeeeee"|'''Standard'''
| |
| β | |47,30 euros
| |
| β | |53,60 euros
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | == Holiday Inn Hotel Continental **** ==
| |
| β | Rua Laura Alves 9, 1050 Lisboaβ
| |
| β | | |
| β | [[File:hinn01.jpg]]
| |
| β | [[File:hinn02.jpg]]
| |
| β | | |
| β | Location on [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=Rua+Laura+Alves,+9++1069-169+Lisboa+Portugal&sll=38.74144,-9.149605&sspn=0.039833,0.073471&ie=UTF8&hq=&hnear=R.+Laura+Alves+9,+Ns.+de+F%C3%A1tima,+1050+Lisbon,+Portugal&ll=38.741666,-9.149873&spn=0.009958,0.018368&t=h&z=16&iwloc=r1 Google Maps].
| |
| β | | |
| β | Hotel [http://www.grupo-continental.com/home/index.php?option=com_content&view=article&id=55&Itemid=77 web-site].
| |
| β | | |
| β | {|cellspacing="1" cellpading="1" border="1"
| |
| β | |-
| |
| β | |bgcolor="#cccccc"|'''Room type'''
| |
| β | |bgcolor="#cccccc"|'''Individual'''
| |
| β | |bgcolor="#cccccc"|'''Double'''
| |
| β | |-
| |
| β | |bgcolor="#eeeeee"|'''Standard'''
| |
| β | |78 euros
| |
| β | |88 euros
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | == Radisson Blu Lisboa **** ==
| |
| β | Av. Marechal Craveiro Lopes, 390, Entrecampos, Lisboa (Lisboa)
| |
| β | | |
| β | http://www.hoteis.com/13/hotels/1000000/530000/524600/524550/hcom_524550_7_b.jpg
| |
| β | http://static.laterooms.com/hotelphotos/laterooms/179198/gallery/radisson-blu-lisboa-lisboa_250520090848039933.jpg
| |
| β | | |
| β | Location on [http://www.radissonblu.com/hotel-lisbon/location Google Maps].
| |
| β | | |
| β | Hotel [http://www.radissonblu.com/hotel-lisbon web-site].
| |
| β | | |
| β | ==== Sponsors ====
| |
| β | | |
| β | == Sponsors ==
| |
| β | | |
| β | We are currently soliciting sponsors for the IBWAS'10 Conference. Please refer to our '''[https://docs.google.com/fileview?id=0B6VV6XaEAb3dNjEzNDIyYTAtOTc3NC00Njg3LWIxNGQtZmEwYmYxNzEwMzRi&hl=en&authkey=CL_NweEF sponsorship opportunities]''' for details.
| |
| β | | |
| β | Slots are going fast so [mailto:secretariat@ibwas.com contact us] to sponsor today!
| |
| β | | |
| β | {| cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;"
| |
| β | |-
| |
| β | |
| |
| β | | |
| β | == Sponsors ==
| |
| β | | |
| β | | [http://www.iscte.pt http://ibwas09.netmust.eu/files/iscte-iul.png]
| |
| β | | [http://www.adetti.pt http://ibwas09.netmust.eu/files/adetti.png]
| |
| β | | [http://www.isecauditors.com http://ibwas09.netmust.eu/files/pasted-graphic.jpg]
| |
| β | | [http://lasige.di.fc.ul.pt/ http://ibwas09.netmust.eu/files/lasige.png]
| |
| β | |-
| |
| β | | &nbps;
| |
| β | | [http://www.maxdata.pt http://ibwas09.netmust.eu/files/ibwas10/maxdata.png]
| |
| β | | [http://www.noesis.pt http://ibwas09.netmust.eu/files/ibwas10/noesis.png]
| |
| β | | [http://www.neoglobeconsulting.com/ http://ibwas09.netmust.eu/files/ibwas10/neoglobeconsulting.png]
| |
| β | |-
| |
| β | |
| |
| β | | |
| β | == Media Sponsors ==
| |
| β | | |
| β | | [http://www.aeiou.pt http://ibwas09.netmust.eu/files/ibwas10/aeiou.png]
| |
| β | | [http://www.borrmart.es/redseguridad.php http://ibwas09.netmust.eu/files/redseguridad.jpg]
| |
| β | |
| |
| β | |-
| |
| β | |
| |
| β | |-
| |
| β | |
| |
| β | | |
| β | == Supported by ==
| |
| β | | |
| β | | [[Image:]]
| |
| β | | [[Image:]]
| |
| β | | [[Image:]]
| |
| β | |-
| |
| β | |
| |
| β | | [[Image:]]
| |
| β | | [[Image:]]
| |
| β | | [[Image:]]
| |
| β | |-
| |
| β | |
| |
| β | | [[Image:]]
| |
| β | |
| |
| β | |
| |
| β | |-
| |
| β | |
| |
| β | |}
| |
| β | ==== Tourism ====
| |
| β | | |
| β | === Visit Lisbon ===
| |
| β | For Tourist Information and more: [http://www.visitlisboa.com/home.asp?lng=uk Visit Lisbon] (website of the Lisbon Tourism Office). See also [http://www.atl-turismolisboa.pt/home.asp?lng=uk here]. About Portugal, see [http://www.visitportugal.com/ here].
| |
| β | | |
| β | LISBON is beautiful, historic, modern, sunny & it never stops! It is an enchanting city with delightful cuisine and unforgettable sites. The city holds many pleasant surprises to visitors who wish to enjoy their stay. The capital of Portugal since its conquest from the Moors in 1147, Lisbon is a legendary city with over 20 centuries of History. The Alfama is one of the oldest quarters in Lisbon. It survived the earthquake of 1755 and still retains much of its original layout. In addition to Alfama are the likewise old quarters of Castelo and Mouraria, on the western and northern slopes of the hill that is crowned by St. George's Castle. Radiant skies brighten the monumental city, with its typical tile covered building faΓ§ades and narrow medieval streets, where one can hear the fado being played and sung at night.
| |
| β | | |
| β | Here's a taste of what you can find here in Lisbon, or nearby.
| |
| β | | |
| β | {|
| |
| β | |-
| |
| β | |'''Torre de BelΓ©m'''
| |
| β | |'''Mosteiro dos JerΓ³nimos'''
| |
| β | |'''Ponte 25 de Abril'''
| |
| β | |-
| |
| β | |[[File:torredebelem.jpg]]
| |
| β | |[[File:mosteirojeronimos.jpg]]
| |
| β | |[[File:ponte21abril.jpg]]
| |
| β | |-
| |
| β | |'''Castelo de SΓ£o Jorge'''
| |
| β | |'''Alfama'''
| |
| β | |'''Parque Eduardo VII'''
| |
| β | |-
| |
| β | |[[File:castelosjorge.jpg]]
| |
| β | |[[File:algfama.jpg]]
| |
| β | |[[File:parqueeduardo7.jpg]]
| |
| β | |-
| |
| β | |'''Aqueduto das Γguas Livres'''
| |
| β | |'''Museu dos Coches'''
| |
| β | |'''Casa dos Bicos'''
| |
| β | |-
| |
| β | |[[File:aqueduto.jpg]]
| |
| β | |[[File:coches.jpg]]
| |
| β | |[[File:bicos.jpg]]
| |
| β | |-
| |
| β | |'''Parque das Naçáes'''
| |
| β | |'''OceanΓ‘rio'''
| |
| β | |'''PavilhΓ£o Multiusos'''
| |
| β | |-
| |
| β | |[[File:pnacoes.jpg]]
| |
| β | |[[File:oceanario.jpg]]
| |
| β | |[[File:multiusos.jpg]]
| |
| β | |-
| |
| β | |'''Cacilheiros'''
| |
| β | |'''Linha de Cascais - Praias'''
| |
| β | |'''Linha da Caparica - Praias'''
| |
| β | |-
| |
| β | |[[File:cacilheiros.jpg]]
| |
| β | |[[File:cascais.jpg]]
| |
| β | |[[File:caparica.jpg]]
| |
| β | |-
| |
| β | |'''Casino Lisboa'''
| |
| β | |'''Docas - DiversΓ£o Nocturna'''
| |
| β | |'''Fado'''
| |
| β | |-
| |
| β | |[[File:casino.jpg]]
| |
| β | |[[File:docas.jpg]]
| |
| β | |[[File:fado.jpg]]
| |
| β | |-
| |
| β | |'''Sintra Vila'''
| |
| β | |'''Sintra - PalΓ‘cio da Pena'''
| |
| β | |'''Cristo Rei'''
| |
| β | |-
| |
| β | |[[File:sintravila.jpg]]
| |
| β | |[[File:sintrapalacio.jpg]]
| |
| β | |[[File:cristorei.jpg]]
| |
| β | |-
| |
| β | |}
| |
| β | | |
| β | | |
| β | ==== In the News ====
| |
| β | | |
| β | List of places where the IBWAS'10 conference has been referenced.
| |
| β | | |
| β | *[http://ibwas09.netmust.eu/files/ibwas10/IBWAS-RedSeguridad.pdf RedSeguridad Magazine], September 2010
| |
| β | | |
| β | | |
| β | ==== IBWAS'10 Internals ====
| |
| β | | |
| β | | |
| β | * [https://spreadsheets.google.com/ccc?key=0AqVV6XaEAb3ddDI2ZkNsSjhDdWdQNl9ISW0tc19Sa3c&hl=en&authkey=CKyFt_AO IBWAS'10 Conference financials]
| |
| β | | |
| β | * [https://spreadsheets.google.com/ccc?key=0AtbsrC_uKJLudDJtcEpEYXN3QUV4cmVDUmdwWE9Ib0E&hl=en&authkey=CP2244AK IBWAS'10 Training Day financials]
| |
| β | | |
| β | | |
| β | <headertabs />
| |
| β | | |
| β | [[Category:OWASP_AppSec_Conference]] [[Category:OWASP_IBWAS]]
| |
