This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Italy OWASP Day 2"

From OWASP
Jump to: navigation, search
 
(43 intermediate revisions by 2 users not shown)
Line 1: Line 1:
                  OWASP Day 2:  "The State of the Art of the Web Application Security
+
<center>'''OWASP Day II:  "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies"'''
                              and the OWASP guidelines in the Companies"
 
  
'''Centro Congressi dell'Università di Roma "La Sapienza" - 31st March 2008 - Roma'''
+
Centro Congressi dell'Università di Roma "La Sapienza"
 +
 
 +
31st March 2008 - Roma
  
 
[http://mastersicurezza.uniroma1.it http://www.owasp.org/images/7/7d/Master.jpg]
 
[http://mastersicurezza.uniroma1.it http://www.owasp.org/images/7/7d/Master.jpg]
 +
</center>
 
----
 
----
  
Line 10: Line 12:
 
'''OWASP-Day Sponsors'''
 
'''OWASP-Day Sponsors'''
  
[http://www.fortifysoftware.com http://www.owasp.org/images/d/d1/Fortify.JPG] [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] [http://www.watchfire.com http://www.owasp.org/images/0/01/Watchfire.gif] [http://www.ste.it http://www.owasp.org/images/0/0a/STE.jpg]  [http://www.mindedsecurity.com https://www.owasp.org/images/1/1b/Logosmallminded2.png]
+
<center>
 
+
[http://www.fortifysoftware.com http://www.owasp.org/images/d/d1/Fortify.JPG] [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] [http://www-306.ibm.com/software/awdtools/appscan/standard/ http://www.owasp.org/images/8/84/IBM.png] [http://www-306.ibm.com/software/awdtools/appscan/standard/ http://www.owasp.org/images/8/8e/Rational.gif] [http://www.ste.it http://www.owasp.org/images/0/0a/STE.jpg]  [http://www.mindedsecurity.com https://www.owasp.org/images/1/1b/Logosmallminded2.png]
 +
</center>
  
 
=== Introduction ===
 
=== Introduction ===
  
Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference will take place in March 2008.
+
Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008.
  
 
* The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
 
* The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
  
* Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, next 31st March we will host the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
+
* Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
  
* OWASP Day 2 is an all day Conference.
+
* OWASP Day 2 was an all day Conference.
  
 
'''Topic:'''
 
'''Topic:'''
  
Conference topics will be:
+
Conference topics:
 
* The evolution of attacks and countermeasures for the security in the Web Application.
 
* The evolution of attacks and countermeasures for the security in the Web Application.
  
Line 32: Line 35:
 
'''Organization and goals:'''
 
'''Organization and goals:'''
  
* The event will show several points of discussion: during the first phase we will talk from a higher level of the topic, and then we will discuss the problem from a technical point of view.
+
* The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
 +
 
 +
* As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
 +
 
 +
* Conference goal was that to create a debate on which will be the evolution of the Web Application Security.
 +
 
 +
We received more than 250 subscriptions and more than 200 attendees!
 +
 
  
* As conclusion of the day, we will organize a round table with international guests discussing the more interesting subjects come out during the event.
+
[[Image:Pubblico.jpg]] [[Image:Pubblico2.jpg]] [[Image:Mancini2.jpg]]
 +
[[Image:Meucci-Morana.jpg]] [[Image:Revelli.jpg]] [[Image:Petroque2.jpg]]
 +
[[Image:West.jpg]] [[Image:Morana.jpg]] [[Image:Roundtable2.jpg]]
  
* Conference goal is that to create a debate on which will be the evolution of the Web Application Security.
 
  
  
== OWASP Day II Italy - Conference Schedule - March 31st 2008 ==
+
== OWASP Day II Italy - Conference Schedule - Presentations are on-line! ==
  
<b>AGENDA (DRAFT)</b>:
+
<b>THE AGENDA WAS</b>:
 +
<center>
 
<table width="80%">
 
<table width="80%">
 
<tr>
 
<tr>
<td width=4%>9:00h</td><td bgcolor="#BCA57A" width=*>Registration</td>
+
<td width=4%>9:00h</td><td bgcolor="#BCA57A" width=*><b>Registration</b></td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>9.30h</td><td bgcolor="#eeeeee"><b>"Welcome and open of the works"</b><br>Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.</td>
+
<td valign=top>9.30h</td><td bgcolor="#eeeeee"><b>[https://www.owasp.org/images/4/47/OWASPDay2_Mancini.pdf "Welcome and opening of the works"]</b><br>Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>9.45h</td><td bgcolor="#b9c2dc"><b>"Introduction to the OWASP Day II"</b><br> Matteo Meucci - OWASP-Italy Chair, CEO Minded Security</td>
+
<td valign=top>9.45h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/2/2a/Owaspday2Meucci.pdf "Introduction to the OWASP Day II"]</b><br> Matteo Meucci - OWASP-Italy Chair, CEO Minded Security</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>10.00h</td><td bgcolor="#eeeeee"><b>"L'implementazione dello sviluppo sicuro delle applicazioni secondo Telecom Italia"</b><br>
+
<td valign=top>10.00h</td><td bgcolor="#eeeeee"><b>"L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni"</b><br>
 
Marco Bavazzano - CISO TELECOM Italia</td>
 
Marco Bavazzano - CISO TELECOM Italia</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>"SQL Injection tricks: building the bridge between the Web App and the
+
<td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/0/0d/Owaspday2Revelli.pdf "SQL Injection tricks: building the bridge between the Web App and the Operating System"]</b><br>Alberto Revelli - Portcullis Computer Security</td>
Operating System"</b><br>Alberto Revelli - Portcullis</td>
 
 
</tr>  
 
</tr>  
 
<tr>
 
<tr>
<td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>"Le problematiche di Web Application Security: la visione di ABI"</b><br>Matteo Lucchetti, Romano Stasi - ABI</td>
+
<td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bf/Owaspday2Lucchetti.pdf "Le problematiche di Web Application Security: la visione di ABI Lab"]</b><br>Matteo Lucchetti - ABI Lab</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>"OWASP Backend Security Project"</b><br>Carlo Pelliccioni - Spike Reply</td>
+
<td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>[https://www.owasp.org/images/e/ef/Owaspday2Pelliccioni.pdf "OWASP Backend Security Project"]</b><br>Carlo Pelliccioni - Spike Reply</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>12.00h</td><td bgcolor="#BCA57A"><b>"Buffet"</b></td>
+
<td valign=top>12.00h</td><td bgcolor="#BCA57A"><b>Buffet</b></td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>"Web Services and SOA Security " (ENG)</b><br>Laurent Petroque, Alfredo Vistola - F5</td>
+
<td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bd/Owaspday2Petroque.pdf "Web Services and SOA Security "]</b><br>Laurent Petroque - F5</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>"How to start a software security initiative within your organization: a maturity based and metrics driven approach."</b><br>Marco Morana - CISO Citigroup</td>
+
<td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/a/ab/Owaspday2Morana.pdf "How to start a software security initiative within your organization: a maturity based and metrics driven approach."]</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td>
 
</tr>  
 
</tr>  
 
<tr>
 
<tr>
<td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>"Secure Programming with Static Analysis" (ENG)</b><br>Jacob West - Head of Fortify Software's Security Research Group</td>
+
<td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>[https://www.owasp.org/images/a/a9/Owaspday2West.pdf "Secure Programming with Static Analysis"]</b><br>Jacob West - Head of Fortify Software's Security Research Group</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>"The Owasp Orizon project: internals and hands on"</b><br>Paolo Perego - Spike Reply</td>
+
<td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/5/54/Owaspday2Perego.ppt "The Owasp Orizon project: internals and hands on"]</b><br>Paolo Perego - Spike Reply</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>16.00h</td><td bgcolor="#BCA57A"><b>"Coffe break"</b></td>
+
<td valign=top>16.00h</td><td bgcolor="#BCA57A"><b>Coffe break</b></td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>16.30h</td><td bgcolor="#eeeeee"><b>"Internet Banking e Web Security"</b><br>Giorgio Fedon - Minded Security</td>
+
<td valign=top>16.30h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/c/c0/Owaspday2Fedon.pdf "Internet Banking and Web Security"]</b><br>Giorgio Fedon - Minded Security</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>17:00h</td><td bgcolor="#eeeee1"><b>Round table:</b> Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguto ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?
+
<td valign=top>17:00h</td><td bgcolor="#eeeee1"><b>Round table:</b> Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?
<br>Panelist: Raoul Chiesa - CTO MediaService, Matteo Flora, Matteo Lucchetti - ABI, Marco Morana - Citigroup, Stefano Di Paola - CTO Minded Security, Keynote: Matteo Meucci</td>
+
Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group.
 +
Keynote: Matteo Meucci</td>
 
</tr>
 
</tr>
 
</table>
 
</table>
 +
</center>
  
== Where ==
 
  
Centro Congressi dell'Università di Roma "La Sapienza".  
+
== Conference references ==
Via Salaria, 113 Roma.
+
* Marco Morana blog:
 +
http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html
  
'''Subscriptions:'''
+
* Manlio Torquato interview to Matteo Meucci: http://www.oneitsecurity.it/09/05/2008/owasp-day-2-bilancio-della-conferenza-con-matteo-meucci/
  
To subscribe to the event please send an email with the subject "OWASP Day 2" to the following address:
+
* Matteo Flora on Punto Informatico:
mastersicurezza <at> di.uniroma1.it
+
http://punto-informatico.it/p.aspx?i=2266944
  
Entrance is <b>FREE</b> for all the subscribed persons (300 seats).
+
* Matteo Flora interviewig the speakers:
 +
http://punto-informatico.it/p.aspx?i=2266944&p=3
  
'''Call for Paper (Now closed)'''
+
----
 
 
It is possible to send your contribute that will be selected by the OWASP board to participate as speaker to the conference.
 
Please send an email with the following information:
 
* First name, Surname
 
* Telephone number
 
* List of previous articles and speeches
 
* Speech title
 
* Technical or not
 
* Timing (max 30 minutes)
 
* Abstract (no more than 1 page)
 
 
 
With the subject: "OWASP Day 2: CFP" to:
 
matteo.meucci <at> gmail.com
 
 
 
Deadline: 29th February 2008
 
Participation to CFP is free.
 
  
Speech topic should be adherent to the argument of the OWASP Day.
+
[[Category:Italy]]

Latest revision as of 22:43, 31 October 2008

OWASP Day II: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies"

Centro Congressi dell'Università di Roma "La Sapienza"

31st March 2008 - Roma

Master.jpg



OWASP-Day Sponsors

Fortify.JPG 50px-F5_50px.jpg IBM.png Rational.gif STE.jpg Logosmallminded2.png

Introduction

Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008.

  • The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
  • Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
  • OWASP Day 2 was an all day Conference.

Topic:

Conference topics:

  • The evolution of attacks and countermeasures for the security in the Web Application.
  • Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.

Organization and goals:

  • The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
  • As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
  • Conference goal was that to create a debate on which will be the evolution of the Web Application Security.

We received more than 250 subscriptions and more than 200 attendees!


Pubblico.jpg Pubblico2.jpg Mancini2.jpg Meucci-Morana.jpg Revelli.jpg Petroque2.jpg West.jpg Morana.jpg Roundtable2.jpg


OWASP Day II Italy - Conference Schedule - Presentations are on-line!

THE AGENDA WAS:

9:00hRegistration
9.30h"Welcome and opening of the works"
Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.
9.45h"Introduction to the OWASP Day II"
Matteo Meucci - OWASP-Italy Chair, CEO Minded Security
10.00h"L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni"
Marco Bavazzano - CISO TELECOM Italia
10.30h"SQL Injection tricks: building the bridge between the Web App and the Operating System"
Alberto Revelli - Portcullis Computer Security
11.00h"Le problematiche di Web Application Security: la visione di ABI Lab"
Matteo Lucchetti - ABI Lab
11.30h"OWASP Backend Security Project"
Carlo Pelliccioni - Spike Reply
12.00hBuffet
14.00h"Web Services and SOA Security "
Laurent Petroque - F5
14.30h"How to start a software security initiative within your organization: a maturity based and metrics driven approach."
Marco Morana - OWASP USA Chapter Lead, TISO Citigroup
15.00h"Secure Programming with Static Analysis"
Jacob West - Head of Fortify Software's Security Research Group
15.30h"The Owasp Orizon project: internals and hands on"
Paolo Perego - Spike Reply
16.00hCoffe break
16.30h"Internet Banking and Web Security"
Giorgio Fedon - Minded Security
17:00hRound table: Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?

Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group.

Keynote: Matteo Meucci


Conference references

  • Marco Morana blog:

http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html

  • Matteo Flora on Punto Informatico:

http://punto-informatico.it/p.aspx?i=2266944

  • Matteo Flora interviewig the speakers:

http://punto-informatico.it/p.aspx?i=2266944&p=3