This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Italy OWASP Day 2"
Line 35: | Line 35: | ||
'''Organization and goals:''' | '''Organization and goals:''' | ||
− | * The event | + | * The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view. |
− | * As conclusion of the day, we | + | * As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event. |
* Conference goal was that to create a debate on which will be the evolution of the Web Application Security. | * Conference goal was that to create a debate on which will be the evolution of the Web Application Security. | ||
Line 63: | Line 63: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>"SQL Injection tricks: building the bridge between the Web App and the | + | <td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/0/0d/Owaspday2Revelli.pdf "SQL Injection tricks: building the bridge between the Web App and the Operating System"]</b><br>Alberto Revelli - Portcullis Computer Security</td> |
− | Operating System"</b><br>Alberto Revelli - Portcullis Computer Security</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>"Le problematiche di Web Application Security: la visione di ABI Lab"</b><br>Matteo Lucchetti - ABI Lab</td> | + | <td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bf/Owaspday2Lucchetti.pdf "Le problematiche di Web Application Security: la visione di ABI Lab"]</b><br>Matteo Lucchetti - ABI Lab</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>"OWASP Backend Security Project"</b><br>Carlo Pelliccioni - Spike Reply</td> | + | <td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>[https://www.owasp.org/images/e/ef/Owaspday2Pelliccioni.pdf "OWASP Backend Security Project"]</b><br>Carlo Pelliccioni - Spike Reply</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 76: | Line 75: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>"Web Services and SOA Security " | + | <td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bd/Owaspday2Petroque.pdf "Web Services and SOA Security "]</b><br>Laurent Petroque - F5</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>"How to start a software security initiative within your organization: a maturity based and metrics driven approach."</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td> | + | <td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/a/ab/Owaspday2Morana.pdf "How to start a software security initiative within your organization: a maturity based and metrics driven approach."]</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>"Secure Programming with Static Analysis" | + | <td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/4/49/Owaspday2West.ppt "Secure Programming with Static Analysis"]</b><br>Jacob West - Head of Fortify Software's Security Research Group</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>"The Owasp Orizon project: internals and hands on"</b><br>Paolo Perego - Spike Reply</td> | + | <td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/5/54/Owaspday2Perego.ppt "The Owasp Orizon project: internals and hands on"]</b><br>Paolo Perego - Spike Reply</td> |
</tr> | </tr> | ||
<tr> | <tr> |
Revision as of 20:51, 4 April 2008
Centro Congressi dell'Università di Roma "La Sapienza"
31st March 2008 - Roma
OWASP-Day Sponsors
Introduction
Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference will take place in March 2008.
- The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
- Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, next 31st March we will host the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
- OWASP Day 2 was an all day Conference.
Topic:
Conference topics:
- The evolution of attacks and countermeasures for the security in the Web Application.
- Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.
Organization and goals:
- The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
- As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
- Conference goal was that to create a debate on which will be the evolution of the Web Application Security.
OWASP Day II Italy - Conference Schedule - March 31st 2008
AGENDA (DRAFT):
9:00h | Registration |
9.30h | "Welcome and opening of the works" Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome. |
9.45h | "Introduction to the OWASP Day II" Matteo Meucci - OWASP-Italy Chair, CEO Minded Security |
10.00h | "L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni" Marco Bavazzano - CISO TELECOM Italia |
10.30h | "SQL Injection tricks: building the bridge between the Web App and the Operating System" Alberto Revelli - Portcullis Computer Security |
11.00h | "Le problematiche di Web Application Security: la visione di ABI Lab" Matteo Lucchetti - ABI Lab |
11.30h | "OWASP Backend Security Project" Carlo Pelliccioni - Spike Reply |
12.00h | Buffet |
14.00h | "Web Services and SOA Security " Laurent Petroque - F5 |
14.30h | "How to start a software security initiative within your organization: a maturity based and metrics driven approach." Marco Morana - OWASP USA Chapter Lead, TISO Citigroup |
15.00h | "Secure Programming with Static Analysis" Jacob West - Head of Fortify Software's Security Research Group |
15.30h | "The Owasp Orizon project: internals and hands on" Paolo Perego - Spike Reply |
16.00h | Coffe break |
16.30h | "Internet Banking and Web Security" Giorgio Fedon - Minded Security |
17:00h | Round table: Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?
Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group. Keynote: Matteo Meucci |
Where
Centro Congressi dell'Università di Roma "La Sapienza". Via Salaria, 113 Roma.
Subscriptions:
To subscribe to the event please send an email with the subject "OWASP Day 2" to the following address:
mastersicurezza<at>di.uniroma1.it
Entrance is FREE for all the subscribed persons (300 seats).