This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Italy"

From OWASP
Jump to: navigation, search
(Local Activities)
(NEWS: OWASP-Italy at InfoSecurity 2006)
Line 63: Line 63:
  
 
* (Mar 05) Thanks to Matteo Paolelli we have translated the "OWASP Top Ten Vulnerabilties in Web Application Security" in italian language. You can download it [http://www.owasp.org/docroot/owasp/projects/topten/OWASPTopTen2004-ITA.pdf here].
 
* (Mar 05) Thanks to Matteo Paolelli we have translated the "OWASP Top Ten Vulnerabilties in Web Application Security" in italian language. You can download it [http://www.owasp.org/docroot/owasp/projects/topten/OWASPTopTen2004-ITA.pdf here].
 +
 +
 +
=== InfoSecurity 2006 ===
 +
 +
----
 +
Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications".
 +
 +
Where: Sheraton Roma Hotel - Viale Del Pattinaggio, 100
 +
When: 10,30 - 17,00
 +
Who: Matteo Meucci and Alberto Revelli
 +
Link: http://www.infosecurity.it/Roma/programma.php
 +
 +
Agenda:
 +
-- I Session --
 +
Introduction to Web Application Security
 +
• Which are the risks?
 +
• Risk assessment of a web application
 +
• Core pillars of web security
 +
How to develop secure web applications:
 +
• Guidelines and case-studies
 +
 +
-- II Session --
 +
How to realize a security audit of a web application
 +
• The methodology OWASP Penetration Testing
 +
• The tools: OWASP WebScarab
 +
• Hands-on web application vulnerabilities: OWASP WebGoat
 +
• Advanced SQL Injection.
 +
 +
 +
 +
=== November 5th, 2005 - IDC - European Banking Forum ===
 +
 +
----
 +
 +
Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we have had a great speech at the IDC European IT Banking Forum 2005 (18 Nov 2005). http://www.idc.com/italy/events/banking05/banking05_agenda.jsp
 +
Agenda:
 +
* New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair
 +
* Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy.
 +
 +
You can download the report here.
 +
 +
You can download the Case-Study of a vulnerable Home Banking Web Application here.
 +
 +
=== October 5th, 2005 - OWASP-Italy@SMAU2005 ===
 +
 +
----
 +
 +
SMAU is the 42a International ICT & Consumer Electronics Exhibition for Italy.
 +
Alberto Revelli (our Technical Director) and Matteo Meucci have conducted a seminar talking about Web Application Security.
 +
Alberto has presented his new project: "SQL Ninja". Very cool!!
 +
 +
http://www.webb.it/event/eventview/4488/1/progetto_owasp__case_study_di_applicativi_web_vulnerabili
 +
 +
=== May 25th, 2005 - ISACA Rome 2nd meeting ===
 +
 +
----
 +
 +
May 25th we'll be in ISACA Rome to present OWASP WebGoat and a real case of a Web Application Vulnerability.
 +
Every one is invited to join the meeting.
 +
 +
Here is the agenda:
 +
14.30 Registration
 +
14.45 Matteo Meucci - Web Application Security Phase II
 +
- OWASP WebScarab and PenTest Checklist
 +
* A case-study of a Web Application Vulnerability: MMS Spoofing
 +
--- Web Application analysis
 +
--- Authentication and Billing of the MMS service
 +
--- Vulnerabilities
 +
--- Attack Analysis
 +
* Learning the most common web application vulnerabilities: OWASP WebGoat
 +
--- Http Basics
 +
--- HTML Clues
 +
--- Hidden Field Tampering
 +
--- How to spoof a Session Cookie
 +
--- Stored Cross Site Scripting
 +
--- Command Injection
 +
--- SQL Injection
 +
--- Fail Open Authentication
 +
 +
The meeting is hold at:
 +
Via Volturno, 65 (Rome) - Auditorium ATAC
 +
 +
You can download the presentation here.
 +
 +
=== May 18th, 2005 - Workshop on Computer Crime 2005 ===
 +
 +
----
 +
 +
 +
May 18th, 2005 OWASP-Italy is invited to present OWASP Top 10 to the "Workshop on Computer Crime 2005" titled:
 +
"EVOLUZIONI NORMATIVE E RECENTI PROBLEMATICHE DI SICUREZZA"
 +
 +
The meeting is held at: Sala delle conferenze dell'Istituto Centrale della Banche Popolari Italiane Via Verziere, 11
 +
 +
You can download the presentation here.
 +
 +
=== April, 2005 Published "MMS Spoofing" ===
 +
 +
----
 +
 +
We have published a presentation describing a detailed case study of a web application vulnerabilty (MMS Spoofing)
 +
You can download it here.
 +
 +
Jim Hewitt, CISSP PMP working at CGI-AMS, affirms (slide#78):
 +
"Very interesting analysis of spoofed cell phone messaging and fraudulent billing". See:
 +
www.techvalleynyissa.org/Resources/2005_07_WebApplicationSecurity.ppt
 +
 +
=== March 31th, 2005 - ISACA Rome meeting ===
 +
 +
----
 +
 +
March 31th we'll be in ISACA Rome to present OWASP and the Web Application Security. Every one is invited to join the meeting.
 +
 +
Here is the agenda:
 +
14.15 Registration
 +
14.30 Matteo Meucci - Web Application Security
 +
- OWASP Guide: how to build secure web application
 +
- How to test your Web Application: WebScarab and the WebApp PenTest Checklist
 +
- How to learn the most common web application vulnerability: WebGoat
 +
- The Top Ten WebApp vulnerabilities
 +
- Common error on developing Web Application:
 +
Authentication mechanisms not "secure"
 +
Buffer Overflow and crash of the service
 +
Thief of identity: Cross Site Scripting
 +
Manipulation of company data: SQL Injection
 +
Reserved information: misconfiguration
 +
Bad session management and thief of identity
 +
- OWASP-Italy: projects and next challenges
 +
 +
The meeting is hold at:
 +
Via Volturno, 65 (Rome) - Auditorium ATAC
 +
http://www.isacaroma.it/html/GiornateDiStudio.html
 +
 +
You can download the presentation here.
 +
 +
=== March 21th, 2005 - OWASP-Italy conducts a seminar in AlmaWeb ===
 +
 +
----
 +
 +
March, the 21th OWASP-Italy has been invited at the University of Bologna to conduct a seminar regards to [http://www.almaweb.unibo.it/830.dyn Master in Management and Information Technology] titled “Web Application Security and OWASP”.
 +
 +
Here is the agenda:
 +
- OWASP & Web Application Security
 +
- Common Web Application Vulnerabilities
 +
- A real case of web application vulnerability: MMS Spoofing&Billing
 +
- Training: WebGoat
 +
 +
== OWASP-Italy Sponsor ==

Revision as of 14:21, 31 May 2006

OWASP Italy

Welcome to the Italy chapter homepage. {{{extra}}}


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local Activities

  • There is already a qualified group (CISSP, CISA, BS7799 Lead Auditor, OPST, OPSA) of volunteers working on the following tasks:
    - Translate all OWASP documentations in italian language (Matteo Paolelli, Massimiliano Graziani)
    - Set up a working group for ISO17799&Web Project (Silvano D'auria, Alessandro Deidda)
    - Write an article about OWASP Project for infosecmag (Matteo Meucci, Alessandro Graziani, Lorenzo De Santis, Marco Graia)
    - Working at the project OWASP Legal (Dario Vaccaro, Marco Scialdone)
    - Working at the project OWASP Web Application Penetration Test (Matteo Meucci, Alberto Revelli)
  • This is the (not official) OWASP-Italy Board:
    Chair: Matteo Meucci
    Director of Communication: Raoul Chiesa
    Technical Director : Alberto Revelli
    Technical Writer Director: Lorenzo De Santis
    Italian Translation of docs and papers: Matteo Paolelli, Massimiliano Graziani.

What is OWASP and OWASP-Italy?

Here you can read an interview talking about OWASP.

OWASP-Italy is a CLUSIT Member

clusit_logo_b130.gif

Thanks to CLUSIT and OWASP Foundation we have established a cross-membership between the two organizations. So OWASP-Italy is now a CLUSIT member and CLUSIT is an OWASP Educational Member

NEWS: OWASP-Italy at InfoSecurity 2006

  • (21 Jun 06) Infosecurity 2006: the event is organized and managed by the CLUSIT.

Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications". More info here

  • (1 Mar 06) OWASP-Boston, Microsoft.

Thanks to Jim Weiler we have presented "Anatomy of two web attacks" More info here

  • (18 Nov 05) IDC - European Banking Forum.

Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we will have a great speech at the IDC European IT Banking Forum 2005. Agenda: - New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair - Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy

  • (Oct 05) SMAU 2005 is the 42a International ICT & Consumer Electronics Exhibition for Italy.

SMAU has accepted our submission! More info here

  • (Giu 05) Thanks to Massimiliano Graziani we have translated in italian the "OWASP Pen Test Checklist v.1.1". You can download it here.

Thanks to the collaboration with CLUSIT, this doc is available also here.

  • (Apr 05) We have written an article describing the OWASP projects, Web Application Security and the next challenges. ICT Security.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.
  • The presentation of the seminar we have done in ISACA Rome (31th March 2005) is now available here.
  • (Apr 05) We have published a presentation describing a detailed case study of a web application vulnerabilty (MMS Spoofing).
  • (Mar 05) Thanks to Matteo Paolelli we have translated the "OWASP Top Ten Vulnerabilties in Web Application Security" in italian language. You can download it here.


InfoSecurity 2006


Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: "Web Application Security: guidelines and security auditing for web applications".

Where: Sheraton Roma Hotel - Viale Del Pattinaggio, 100 When: 10,30 - 17,00 Who: Matteo Meucci and Alberto Revelli Link: http://www.infosecurity.it/Roma/programma.php

Agenda: -- I Session -- Introduction to Web Application Security • Which are the risks? • Risk assessment of a web application • Core pillars of web security How to develop secure web applications: • Guidelines and case-studies

-- II Session -- How to realize a security audit of a web application • The methodology OWASP Penetration Testing • The tools: OWASP WebScarab • Hands-on web application vulnerabilities: OWASP WebGoat • Advanced SQL Injection.


November 5th, 2005 - IDC - European Banking Forum


Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we have had a great speech at the IDC European IT Banking Forum 2005 (18 Nov 2005). http://www.idc.com/italy/events/banking05/banking05_agenda.jsp Agenda:

  • New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair
  • Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy.

You can download the report here.

You can download the Case-Study of a vulnerable Home Banking Web Application here.

October 5th, 2005 - OWASP-Italy@SMAU2005


SMAU is the 42a International ICT & Consumer Electronics Exhibition for Italy. Alberto Revelli (our Technical Director) and Matteo Meucci have conducted a seminar talking about Web Application Security. Alberto has presented his new project: "SQL Ninja". Very cool!!

http://www.webb.it/event/eventview/4488/1/progetto_owasp__case_study_di_applicativi_web_vulnerabili

May 25th, 2005 - ISACA Rome 2nd meeting


May 25th we'll be in ISACA Rome to present OWASP WebGoat and a real case of a Web Application Vulnerability. Every one is invited to join the meeting.

Here is the agenda: 14.30 Registration 14.45 Matteo Meucci - Web Application Security Phase II - OWASP WebScarab and PenTest Checklist

  • A case-study of a Web Application Vulnerability: MMS Spoofing

--- Web Application analysis --- Authentication and Billing of the MMS service --- Vulnerabilities --- Attack Analysis

  • Learning the most common web application vulnerabilities: OWASP WebGoat

--- Http Basics --- HTML Clues --- Hidden Field Tampering --- How to spoof a Session Cookie --- Stored Cross Site Scripting --- Command Injection --- SQL Injection --- Fail Open Authentication

The meeting is hold at: Via Volturno, 65 (Rome) - Auditorium ATAC

You can download the presentation here.

May 18th, 2005 - Workshop on Computer Crime 2005



May 18th, 2005 OWASP-Italy is invited to present OWASP Top 10 to the "Workshop on Computer Crime 2005" titled: "EVOLUZIONI NORMATIVE E RECENTI PROBLEMATICHE DI SICUREZZA"

The meeting is held at: Sala delle conferenze dell'Istituto Centrale della Banche Popolari Italiane Via Verziere, 11

You can download the presentation here.

April, 2005 Published "MMS Spoofing"


We have published a presentation describing a detailed case study of a web application vulnerabilty (MMS Spoofing) You can download it here.

Jim Hewitt, CISSP PMP working at CGI-AMS, affirms (slide#78): "Very interesting analysis of spoofed cell phone messaging and fraudulent billing". See: www.techvalleynyissa.org/Resources/2005_07_WebApplicationSecurity.ppt

March 31th, 2005 - ISACA Rome meeting


March 31th we'll be in ISACA Rome to present OWASP and the Web Application Security. Every one is invited to join the meeting.

Here is the agenda: 14.15 Registration 14.30 Matteo Meucci - Web Application Security - OWASP Guide: how to build secure web application - How to test your Web Application: WebScarab and the WebApp PenTest Checklist - How to learn the most common web application vulnerability: WebGoat - The Top Ten WebApp vulnerabilities - Common error on developing Web Application: Authentication mechanisms not "secure" Buffer Overflow and crash of the service Thief of identity: Cross Site Scripting Manipulation of company data: SQL Injection Reserved information: misconfiguration Bad session management and thief of identity - OWASP-Italy: projects and next challenges

The meeting is hold at: Via Volturno, 65 (Rome) - Auditorium ATAC http://www.isacaroma.it/html/GiornateDiStudio.html

You can download the presentation here.

March 21th, 2005 - OWASP-Italy conducts a seminar in AlmaWeb


March, the 21th OWASP-Italy has been invited at the University of Bologna to conduct a seminar regards to Master in Management and Information Technology titled “Web Application Security and OWASP”.

Here is the agenda: - OWASP & Web Application Security - Common Web Application Vulnerabilities - A real case of web application vulnerability: MMS Spoofing&Billing - Training: WebGoat

OWASP-Italy Sponsor