This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Italy OWASP Day 2"
(18 intermediate revisions by the same user not shown) | |||
Line 18: | Line 18: | ||
=== Introduction === | === Introduction === | ||
− | Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference | + | Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008. |
* The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April. | * The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April. | ||
− | * Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, | + | * Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies". |
− | * OWASP Day 2 | + | * OWASP Day 2 was an all day Conference. |
'''Topic:''' | '''Topic:''' | ||
− | Conference topics | + | Conference topics: |
* The evolution of attacks and countermeasures for the security in the Web Application. | * The evolution of attacks and countermeasures for the security in the Web Application. | ||
Line 35: | Line 35: | ||
'''Organization and goals:''' | '''Organization and goals:''' | ||
− | * The event | + | * The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view. |
− | * As conclusion of the day, we | + | * As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event. |
− | * Conference goal | + | * Conference goal was that to create a debate on which will be the evolution of the Web Application Security. |
− | + | We received more than 250 subscriptions and more than 200 attendees! | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | [[Image:Pubblico.jpg]] [[Image:Pubblico2.jpg]] [[Image:Mancini2.jpg]] | |
+ | [[Image:Meucci-Morana.jpg]] [[Image:Revelli.jpg]] [[Image:Petroque2.jpg]] | ||
+ | [[Image:West.jpg]] [[Image:Morana.jpg]] [[Image:Roundtable2.jpg]] | ||
− | <b>AGENDA | + | |
+ | |||
+ | == OWASP Day II Italy - Conference Schedule - Presentations are on-line! == | ||
+ | |||
+ | <b>THE AGENDA WAS</b>: | ||
<center> | <center> | ||
<table width="80%"> | <table width="80%"> | ||
Line 61: | Line 59: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>9.30h</td><td bgcolor="#eeeeee"><b>"Welcome and opening of the works"</b><br>Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.</td> | + | <td valign=top>9.30h</td><td bgcolor="#eeeeee"><b>[https://www.owasp.org/images/4/47/OWASPDay2_Mancini.pdf "Welcome and opening of the works"]</b><br>Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>9.45h</td><td bgcolor="#b9c2dc"><b>"Introduction to the OWASP Day II"</b><br> Matteo Meucci - OWASP-Italy Chair, CEO Minded Security</td> | + | <td valign=top>9.45h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/2/2a/Owaspday2Meucci.pdf "Introduction to the OWASP Day II"]</b><br> Matteo Meucci - OWASP-Italy Chair, CEO Minded Security</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 71: | Line 69: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>"SQL Injection tricks: building the bridge between the Web App and the | + | <td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/0/0d/Owaspday2Revelli.pdf "SQL Injection tricks: building the bridge between the Web App and the Operating System"]</b><br>Alberto Revelli - Portcullis Computer Security</td> |
− | Operating System"</b><br>Alberto Revelli - Portcullis Computer Security</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>"Le problematiche di Web Application Security: la visione di ABI Lab"</b><br>Matteo Lucchetti - ABI Lab</td> | + | <td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bf/Owaspday2Lucchetti.pdf "Le problematiche di Web Application Security: la visione di ABI Lab"]</b><br>Matteo Lucchetti - ABI Lab</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>"OWASP Backend Security Project"</b><br>Carlo Pelliccioni - Spike Reply</td> | + | <td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>[https://www.owasp.org/images/e/ef/Owaspday2Pelliccioni.pdf "OWASP Backend Security Project"]</b><br>Carlo Pelliccioni - Spike Reply</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 84: | Line 81: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>"Web Services and SOA Security " | + | <td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bd/Owaspday2Petroque.pdf "Web Services and SOA Security "]</b><br>Laurent Petroque - F5</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>"How to start a software security initiative within your organization: a maturity based and metrics driven approach."</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td> | + | <td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/a/ab/Owaspday2Morana.pdf "How to start a software security initiative within your organization: a maturity based and metrics driven approach."]</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>"Secure Programming with Static Analysis" | + | <td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>[https://www.owasp.org/images/a/a9/Owaspday2West.pdf "Secure Programming with Static Analysis"]</b><br>Jacob West - Head of Fortify Software's Security Research Group</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>"The Owasp Orizon project: internals and hands on"</b><br>Paolo Perego - Spike Reply</td> | + | <td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/5/54/Owaspday2Perego.ppt "The Owasp Orizon project: internals and hands on"]</b><br>Paolo Perego - Spike Reply</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 99: | Line 96: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>16.30h</td><td bgcolor="#eeeeee"><b>"Internet Banking and Web Security"</b><br>Giorgio Fedon - Minded Security</td> | + | <td valign=top>16.30h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/c/c0/Owaspday2Fedon.pdf "Internet Banking and Web Security"]</b><br>Giorgio Fedon - Minded Security</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 109: | Line 106: | ||
</center> | </center> | ||
− | |||
− | + | == Conference references == | |
− | + | * Marco Morana blog: | |
+ | http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html | ||
− | + | * Manlio Torquato interview to Matteo Meucci: http://www.oneitsecurity.it/09/05/2008/owasp-day-2-bilancio-della-conferenza-con-matteo-meucci/ | |
− | + | * Matteo Flora on Punto Informatico: | |
− | + | http://punto-informatico.it/p.aspx?i=2266944 | |
− | + | * Matteo Flora interviewig the speakers: | |
+ | http://punto-informatico.it/p.aspx?i=2266944&p=3 | ||
---- | ---- | ||
+ | |||
+ | [[Category:Italy]] |
Latest revision as of 22:43, 31 October 2008
Centro Congressi dell'Università di Roma "La Sapienza"
31st March 2008 - Roma
OWASP-Day Sponsors
Introduction
Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008.
- The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
- Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
- OWASP Day 2 was an all day Conference.
Topic:
Conference topics:
- The evolution of attacks and countermeasures for the security in the Web Application.
- Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.
Organization and goals:
- The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
- As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
- Conference goal was that to create a debate on which will be the evolution of the Web Application Security.
We received more than 250 subscriptions and more than 200 attendees!
OWASP Day II Italy - Conference Schedule - Presentations are on-line!
THE AGENDA WAS:
9:00h | Registration |
9.30h | "Welcome and opening of the works" Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome. |
9.45h | "Introduction to the OWASP Day II" Matteo Meucci - OWASP-Italy Chair, CEO Minded Security |
10.00h | "L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni" Marco Bavazzano - CISO TELECOM Italia |
10.30h | "SQL Injection tricks: building the bridge between the Web App and the Operating System" Alberto Revelli - Portcullis Computer Security |
11.00h | "Le problematiche di Web Application Security: la visione di ABI Lab" Matteo Lucchetti - ABI Lab |
11.30h | "OWASP Backend Security Project" Carlo Pelliccioni - Spike Reply |
12.00h | Buffet |
14.00h | "Web Services and SOA Security " Laurent Petroque - F5 |
14.30h | "How to start a software security initiative within your organization: a maturity based and metrics driven approach." Marco Morana - OWASP USA Chapter Lead, TISO Citigroup |
15.00h | "Secure Programming with Static Analysis" Jacob West - Head of Fortify Software's Security Research Group |
15.30h | "The Owasp Orizon project: internals and hands on" Paolo Perego - Spike Reply |
16.00h | Coffe break |
16.30h | "Internet Banking and Web Security" Giorgio Fedon - Minded Security |
17:00h | Round table: Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?
Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group. Keynote: Matteo Meucci |
Conference references
- Marco Morana blog:
http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html
- Manlio Torquato interview to Matteo Meucci: http://www.oneitsecurity.it/09/05/2008/owasp-day-2-bilancio-della-conferenza-con-matteo-meucci/
- Matteo Flora on Punto Informatico:
http://punto-informatico.it/p.aspx?i=2266944
- Matteo Flora interviewig the speakers:
http://punto-informatico.it/p.aspx?i=2266944&p=3