This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Italy OWASP Day 2"

From OWASP
Jump to: navigation, search
Line 35: Line 35:
 
'''Organization and goals:'''
 
'''Organization and goals:'''
  
* The event will show several points of discussion: during the first phase we will talk from a higher level of the topic, and then we will discuss the problem from a technical point of view.
+
* The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
  
* As conclusion of the day, we will organize a round table with international guests discussing the more interesting subjects come out during the event.
+
* As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
  
 
* Conference goal was that to create a debate on which will be the evolution of the Web Application Security.
 
* Conference goal was that to create a debate on which will be the evolution of the Web Application Security.
Line 63: Line 63:
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>"SQL Injection tricks: building the bridge between the Web App and the
+
<td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/0/0d/Owaspday2Revelli.pdf "SQL Injection tricks: building the bridge between the Web App and the Operating System"]</b><br>Alberto Revelli - Portcullis Computer Security</td>
Operating System"</b><br>Alberto Revelli - Portcullis Computer Security</td>
 
 
</tr>  
 
</tr>  
 
<tr>
 
<tr>
<td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>"Le problematiche di Web Application Security: la visione di ABI Lab"</b><br>Matteo Lucchetti - ABI Lab</td>
+
<td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bf/Owaspday2Lucchetti.pdf "Le problematiche di Web Application Security: la visione di ABI Lab"]</b><br>Matteo Lucchetti - ABI Lab</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>"OWASP Backend Security Project"</b><br>Carlo Pelliccioni - Spike Reply</td>
+
<td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>[https://www.owasp.org/images/e/ef/Owaspday2Pelliccioni.pdf "OWASP Backend Security Project"]</b><br>Carlo Pelliccioni - Spike Reply</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
Line 76: Line 75:
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>"Web Services and SOA Security " (ENG)</b><br>Laurent Petroque - F5</td>
+
<td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bd/Owaspday2Petroque.pdf "Web Services and SOA Security "]</b><br>Laurent Petroque - F5</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>"How to start a software security initiative within your organization: a maturity based and metrics driven approach."</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td>
+
<td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/a/ab/Owaspday2Morana.pdf "How to start a software security initiative within your organization: a maturity based and metrics driven approach."]</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td>
 
</tr>  
 
</tr>  
 
<tr>
 
<tr>
<td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>"Secure Programming with Static Analysis" (ENG)</b><br>Jacob West - Head of Fortify Software's Security Research Group</td>
+
<td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/4/49/Owaspday2West.ppt "Secure Programming with Static Analysis"]</b><br>Jacob West - Head of Fortify Software's Security Research Group</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>"The Owasp Orizon project: internals and hands on"</b><br>Paolo Perego - Spike Reply</td>
+
<td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/5/54/Owaspday2Perego.ppt "The Owasp Orizon project: internals and hands on"]</b><br>Paolo Perego - Spike Reply</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>

Revision as of 20:51, 4 April 2008

OWASP Day II: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies"

Centro Congressi dell'Università di Roma "La Sapienza"

31st March 2008 - Roma

Master.jpg



OWASP-Day Sponsors

Fortify.JPG 50px-F5_50px.jpg IBM.png Rational.gif STE.jpg Logosmallminded2.png

Introduction

Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference will take place in March 2008.

  • The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
  • Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, next 31st March we will host the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
  • OWASP Day 2 was an all day Conference.

Topic:

Conference topics:

  • The evolution of attacks and countermeasures for the security in the Web Application.
  • Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.

Organization and goals:

  • The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
  • As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
  • Conference goal was that to create a debate on which will be the evolution of the Web Application Security.

File:Owaspday2Fedon.pdf


OWASP Day II Italy - Conference Schedule - March 31st 2008

AGENDA (DRAFT):

9:00hRegistration
9.30h"Welcome and opening of the works"
Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.
9.45h"Introduction to the OWASP Day II"
Matteo Meucci - OWASP-Italy Chair, CEO Minded Security
10.00h"L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni"
Marco Bavazzano - CISO TELECOM Italia
10.30h"SQL Injection tricks: building the bridge between the Web App and the Operating System"
Alberto Revelli - Portcullis Computer Security
11.00h"Le problematiche di Web Application Security: la visione di ABI Lab"
Matteo Lucchetti - ABI Lab
11.30h"OWASP Backend Security Project"
Carlo Pelliccioni - Spike Reply
12.00hBuffet
14.00h"Web Services and SOA Security "
Laurent Petroque - F5
14.30h"How to start a software security initiative within your organization: a maturity based and metrics driven approach."
Marco Morana - OWASP USA Chapter Lead, TISO Citigroup
15.00h"Secure Programming with Static Analysis"
Jacob West - Head of Fortify Software's Security Research Group
15.30h"The Owasp Orizon project: internals and hands on"
Paolo Perego - Spike Reply
16.00hCoffe break
16.30h"Internet Banking and Web Security"
Giorgio Fedon - Minded Security
17:00hRound table: Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?

Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group.

Keynote: Matteo Meucci

Where

Centro Congressi dell'Università di Roma "La Sapienza". Via Salaria, 113 Roma.

Subscriptions:

To subscribe to the event please send an email with the subject "OWASP Day 2" to the following address:
mastersicurezza<at>di.uniroma1.it

Entrance is FREE for all the subscribed persons (300 seats).