This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Italy OWASP Day 2"

From OWASP
Jump to: navigation, search
 
(26 intermediate revisions by the same user not shown)
Line 13: Line 13:
  
 
<center>
 
<center>
[http://www.fortifysoftware.com http://www.owasp.org/images/d/d1/Fortify.JPG] [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] [http://www.watchfire.com http://www.owasp.org/images/0/01/Watchfire.gif] [http://www.ste.it http://www.owasp.org/images/0/0a/STE.jpg]  [http://www.mindedsecurity.com https://www.owasp.org/images/1/1b/Logosmallminded2.png]
+
[http://www.fortifysoftware.com http://www.owasp.org/images/d/d1/Fortify.JPG] [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] [http://www-306.ibm.com/software/awdtools/appscan/standard/ http://www.owasp.org/images/8/84/IBM.png] [http://www-306.ibm.com/software/awdtools/appscan/standard/ http://www.owasp.org/images/8/8e/Rational.gif] [http://www.ste.it http://www.owasp.org/images/0/0a/STE.jpg]  [http://www.mindedsecurity.com https://www.owasp.org/images/1/1b/Logosmallminded2.png]
 
</center>
 
</center>
  
 
=== Introduction ===
 
=== Introduction ===
  
Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference will take place in March 2008.
+
Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008.
  
 
* The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
 
* The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
  
* Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, next 31st March we will host the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
+
* Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
  
* OWASP Day 2 is an all day Conference.
+
* OWASP Day 2 was an all day Conference.
  
 
'''Topic:'''
 
'''Topic:'''
  
Conference topics will be:
+
Conference topics:
 
* The evolution of attacks and countermeasures for the security in the Web Application.
 
* The evolution of attacks and countermeasures for the security in the Web Application.
  
Line 35: Line 35:
 
'''Organization and goals:'''
 
'''Organization and goals:'''
  
* The event will show several points of discussion: during the first phase we will talk from a higher level of the topic, and then we will discuss the problem from a technical point of view.
+
* The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
  
* As conclusion of the day, we will organize a round table with international guests discussing the more interesting subjects come out during the event.
+
* As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
  
* Conference goal is that to create a debate on which will be the evolution of the Web Application Security.
+
* Conference goal was that to create a debate on which will be the evolution of the Web Application Security.
  
 +
We received more than 250 subscriptions and more than 200 attendees!
  
== OWASP Day II Italy - Conference Schedule - March 31st 2008 ==
 
  
<b>AGENDA (DRAFT)</b>:
+
[[Image:Pubblico.jpg]] [[Image:Pubblico2.jpg]] [[Image:Mancini2.jpg]]
 +
[[Image:Meucci-Morana.jpg]] [[Image:Revelli.jpg]] [[Image:Petroque2.jpg]]
 +
[[Image:West.jpg]] [[Image:Morana.jpg]] [[Image:Roundtable2.jpg]]
 +
 
 +
 
 +
 
 +
== OWASP Day II Italy - Conference Schedule - Presentations are on-line! ==
 +
 
 +
<b>THE AGENDA WAS</b>:
 
<center>
 
<center>
 
<table width="80%">
 
<table width="80%">
Line 51: Line 59:
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>9.30h</td><td bgcolor="#eeeeee"><b>"Welcome and opening of the works"</b><br>Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.</td>
+
<td valign=top>9.30h</td><td bgcolor="#eeeeee"><b>[https://www.owasp.org/images/4/47/OWASPDay2_Mancini.pdf "Welcome and opening of the works"]</b><br>Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>9.45h</td><td bgcolor="#b9c2dc"><b>"Introduction to the OWASP Day II"</b><br> Matteo Meucci - OWASP-Italy Chair, CEO Minded Security</td>
+
<td valign=top>9.45h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/2/2a/Owaspday2Meucci.pdf "Introduction to the OWASP Day II"]</b><br> Matteo Meucci - OWASP-Italy Chair, CEO Minded Security</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
Line 61: Line 69:
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>"SQL Injection tricks: building the bridge between the Web App and the
+
<td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/0/0d/Owaspday2Revelli.pdf "SQL Injection tricks: building the bridge between the Web App and the Operating System"]</b><br>Alberto Revelli - Portcullis Computer Security</td>
Operating System"</b><br>Alberto Revelli - Portcullis Computer Security</td>
 
 
</tr>  
 
</tr>  
 
<tr>
 
<tr>
<td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>"Le problematiche di Web Application Security: la visione di ABI Lab"</b><br>Matteo Lucchetti - ABI Lab</td>
+
<td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bf/Owaspday2Lucchetti.pdf "Le problematiche di Web Application Security: la visione di ABI Lab"]</b><br>Matteo Lucchetti - ABI Lab</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>"OWASP Backend Security Project"</b><br>Carlo Pelliccioni - Spike Reply</td>
+
<td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>[https://www.owasp.org/images/e/ef/Owaspday2Pelliccioni.pdf "OWASP Backend Security Project"]</b><br>Carlo Pelliccioni - Spike Reply</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
Line 74: Line 81:
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>"Web Services and SOA Security " (ENG)</b><br>Laurent Petroque - F5</td>
+
<td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bd/Owaspday2Petroque.pdf "Web Services and SOA Security "]</b><br>Laurent Petroque - F5</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>"How to start a software security initiative within your organization: a maturity based and metrics driven approach."</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td>
+
<td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/a/ab/Owaspday2Morana.pdf "How to start a software security initiative within your organization: a maturity based and metrics driven approach."]</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td>
 
</tr>  
 
</tr>  
 
<tr>
 
<tr>
<td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>"Secure Programming with Static Analysis" (ENG)</b><br>Jacob West - Head of Fortify Software's Security Research Group</td>
+
<td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>[https://www.owasp.org/images/a/a9/Owaspday2West.pdf "Secure Programming with Static Analysis"]</b><br>Jacob West - Head of Fortify Software's Security Research Group</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>"The Owasp Orizon project: internals and hands on"</b><br>Paolo Perego - Spike Reply</td>
+
<td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/5/54/Owaspday2Perego.ppt "The Owasp Orizon project: internals and hands on"]</b><br>Paolo Perego - Spike Reply</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
Line 89: Line 96:
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td valign=top>16.30h</td><td bgcolor="#eeeeee"><b>"Internet Banking and Web Security"</b><br>Giorgio Fedon - Minded Security</td>
+
<td valign=top>16.30h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/c/c0/Owaspday2Fedon.pdf "Internet Banking and Web Security"]</b><br>Giorgio Fedon - Minded Security</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
 
<td valign=top>17:00h</td><td bgcolor="#eeeee1"><b>Round table:</b> Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?
 
<td valign=top>17:00h</td><td bgcolor="#eeeee1"><b>Round table:</b> Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?
<br>Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Keynote: Matteo Meucci</td>
+
Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group.
 +
Keynote: Matteo Meucci</td>
 
</tr>
 
</tr>
 
</table>
 
</table>
 
</center>
 
</center>
  
== Where ==
 
  
Centro Congressi dell'Università di Roma "La Sapienza".  
+
== Conference references ==
Via Salaria, 113 Roma.
+
* Marco Morana blog:
 +
http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html
  
'''Subscriptions:'''
+
* Manlio Torquato interview to Matteo Meucci: http://www.oneitsecurity.it/09/05/2008/owasp-day-2-bilancio-della-conferenza-con-matteo-meucci/
  
To subscribe to the event please send an email with the subject "OWASP Day 2" to the following address:<br>
+
* Matteo Flora on Punto Informatico:
<b>mastersicurezza<at>di.uniroma1.it</b>
+
http://punto-informatico.it/p.aspx?i=2266944
  
Entrance is <b>FREE</b> for all the subscribed persons (300 seats).
+
* Matteo Flora interviewig the speakers:
 +
http://punto-informatico.it/p.aspx?i=2266944&p=3
  
 
----
 
----
 +
 +
[[Category:Italy]]

Latest revision as of 22:43, 31 October 2008

OWASP Day II: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies"

Centro Congressi dell'Università di Roma "La Sapienza"

31st March 2008 - Roma

Master.jpg



OWASP-Day Sponsors

Fortify.JPG 50px-F5_50px.jpg IBM.png Rational.gif STE.jpg Logosmallminded2.png

Introduction

Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008.

  • The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
  • Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
  • OWASP Day 2 was an all day Conference.

Topic:

Conference topics:

  • The evolution of attacks and countermeasures for the security in the Web Application.
  • Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.

Organization and goals:

  • The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
  • As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
  • Conference goal was that to create a debate on which will be the evolution of the Web Application Security.

We received more than 250 subscriptions and more than 200 attendees!


Pubblico.jpg Pubblico2.jpg Mancini2.jpg Meucci-Morana.jpg Revelli.jpg Petroque2.jpg West.jpg Morana.jpg Roundtable2.jpg


OWASP Day II Italy - Conference Schedule - Presentations are on-line!

THE AGENDA WAS:

9:00hRegistration
9.30h"Welcome and opening of the works"
Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.
9.45h"Introduction to the OWASP Day II"
Matteo Meucci - OWASP-Italy Chair, CEO Minded Security
10.00h"L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni"
Marco Bavazzano - CISO TELECOM Italia
10.30h"SQL Injection tricks: building the bridge between the Web App and the Operating System"
Alberto Revelli - Portcullis Computer Security
11.00h"Le problematiche di Web Application Security: la visione di ABI Lab"
Matteo Lucchetti - ABI Lab
11.30h"OWASP Backend Security Project"
Carlo Pelliccioni - Spike Reply
12.00hBuffet
14.00h"Web Services and SOA Security "
Laurent Petroque - F5
14.30h"How to start a software security initiative within your organization: a maturity based and metrics driven approach."
Marco Morana - OWASP USA Chapter Lead, TISO Citigroup
15.00h"Secure Programming with Static Analysis"
Jacob West - Head of Fortify Software's Security Research Group
15.30h"The Owasp Orizon project: internals and hands on"
Paolo Perego - Spike Reply
16.00hCoffe break
16.30h"Internet Banking and Web Security"
Giorgio Fedon - Minded Security
17:00hRound table: Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?

Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group.

Keynote: Matteo Meucci


Conference references

  • Marco Morana blog:

http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html

  • Matteo Flora on Punto Informatico:

http://punto-informatico.it/p.aspx?i=2266944

  • Matteo Flora interviewig the speakers:

http://punto-informatico.it/p.aspx?i=2266944&p=3