This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Italy OWASP Day 2"
(62 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | + | <center>'''OWASP Day II: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies"''' | |
− | |||
− | + | Centro Congressi dell'Università di Roma "La Sapienza" | |
+ | |||
+ | 31st March 2008 - Roma | ||
[http://mastersicurezza.uniroma1.it http://www.owasp.org/images/7/7d/Master.jpg] | [http://mastersicurezza.uniroma1.it http://www.owasp.org/images/7/7d/Master.jpg] | ||
+ | </center> | ||
---- | ---- | ||
Line 10: | Line 12: | ||
'''OWASP-Day Sponsors''' | '''OWASP-Day Sponsors''' | ||
− | [http://www.fortifysoftware.com http://www.owasp.org/images/d/d1/Fortify.JPG] [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] [http://www. | + | <center> |
− | + | [http://www.fortifysoftware.com http://www.owasp.org/images/d/d1/Fortify.JPG] [http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg] [http://www-306.ibm.com/software/awdtools/appscan/standard/ http://www.owasp.org/images/8/84/IBM.png] [http://www-306.ibm.com/software/awdtools/appscan/standard/ http://www.owasp.org/images/8/8e/Rational.gif] [http://www.ste.it http://www.owasp.org/images/0/0a/STE.jpg] [http://www.mindedsecurity.com https://www.owasp.org/images/1/1b/Logosmallminded2.png] | |
+ | </center> | ||
=== Introduction === | === Introduction === | ||
− | Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference | + | Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008. |
* The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April. | * The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April. | ||
− | * Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, | + | * Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies". |
− | * OWASP Day 2 | + | * OWASP Day 2 was an all day Conference. |
'''Topic:''' | '''Topic:''' | ||
− | Conference topics | + | Conference topics: |
* The evolution of attacks and countermeasures for the security in the Web Application. | * The evolution of attacks and countermeasures for the security in the Web Application. | ||
Line 32: | Line 35: | ||
'''Organization and goals:''' | '''Organization and goals:''' | ||
− | * The event | + | * The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view. |
+ | |||
+ | * As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event. | ||
+ | |||
+ | * Conference goal was that to create a debate on which will be the evolution of the Web Application Security. | ||
+ | |||
+ | We received more than 250 subscriptions and more than 200 attendees! | ||
+ | |||
− | + | [[Image:Pubblico.jpg]] [[Image:Pubblico2.jpg]] [[Image:Mancini2.jpg]] | |
+ | [[Image:Meucci-Morana.jpg]] [[Image:Revelli.jpg]] [[Image:Petroque2.jpg]] | ||
+ | [[Image:West.jpg]] [[Image:Morana.jpg]] [[Image:Roundtable2.jpg]] | ||
− | |||
− | == OWASP Day II Italy - Conference Schedule - | + | == OWASP Day II Italy - Conference Schedule - Presentations are on-line! == |
− | <b>AGENDA</b>: | + | <b>THE AGENDA WAS</b>: |
+ | <center> | ||
<table width="80%"> | <table width="80%"> | ||
<tr> | <tr> | ||
− | <td width=4%>9:00h</td><td bgcolor="#BCA57A" width=*>Registration</td> | + | <td width=4%>9:00h</td><td bgcolor="#BCA57A" width=*><b>Registration</b></td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>9.30h</td><td bgcolor="#eeeeee"><b>"Welcome and | + | <td valign=top>9.30h</td><td bgcolor="#eeeeee"><b>[https://www.owasp.org/images/4/47/OWASPDay2_Mancini.pdf "Welcome and opening of the works"]</b><br>Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>9.45h</td><td bgcolor="#b9c2dc"><b>"Introduction to the OWASP Day II"</b><br> Matteo Meucci | + | <td valign=top>9.45h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/2/2a/Owaspday2Meucci.pdf "Introduction to the OWASP Day II"]</b><br> Matteo Meucci - OWASP-Italy Chair, CEO Minded Security</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>10.00h</td><td bgcolor="#eeeeee"><b>" | + | <td valign=top>10.00h</td><td bgcolor="#eeeeee"><b>"L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni"</b><br> |
+ | Marco Bavazzano - CISO TELECOM Italia</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>" | + | <td valign=top>10.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/0/0d/Owaspday2Revelli.pdf "SQL Injection tricks: building the bridge between the Web App and the Operating System"]</b><br>Alberto Revelli - Portcullis Computer Security</td> |
− | </tr> | + | </tr> |
<tr> | <tr> | ||
− | <td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>" | + | <td valign=top>11.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bf/Owaspday2Lucchetti.pdf "Le problematiche di Web Application Security: la visione di ABI Lab"]</b><br>Matteo Lucchetti - ABI Lab</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>" | + | <td valign=top>11.30h</td><td bgcolor="#b9c2dc"><b>[https://www.owasp.org/images/e/ef/Owaspday2Pelliccioni.pdf "OWASP Backend Security Project"]</b><br>Carlo Pelliccioni - Spike Reply</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>12.00h</td><td bgcolor="#BCA57A"><b> | + | <td valign=top>12.00h</td><td bgcolor="#BCA57A"><b>Buffet</b></td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>" | + | <td valign=top>14.00h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/b/bd/Owaspday2Petroque.pdf "Web Services and SOA Security "]</b><br>Laurent Petroque - F5</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>" | + | <td valign=top>14.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/a/ab/Owaspday2Morana.pdf "How to start a software security initiative within your organization: a maturity based and metrics driven approach."]</b><br>Marco Morana - OWASP USA Chapter Lead, TISO Citigroup</td> |
− | </tr> | + | </tr> |
<tr> | <tr> | ||
− | <td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>" | + | <td valign=top>15.00h</td><td bgcolor="#eeeeee"><b>[https://www.owasp.org/images/a/a9/Owaspday2West.pdf "Secure Programming with Static Analysis"]</b><br>Jacob West - Head of Fortify Software's Security Research Group</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>15. | + | <td valign=top>15.30h</td><td bgcolor="#b9c2dc"><b>[http://www.owasp.org/images/5/54/Owaspday2Perego.ppt "The Owasp Orizon project: internals and hands on"]</b><br>Paolo Perego - Spike Reply</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>16.00h</td><td bgcolor="#BCA57A"><b> | + | <td valign=top>16.00h</td><td bgcolor="#BCA57A"><b>Coffe break</b></td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>16.30h</td><td bgcolor="#eeeeee"><b>" | + | <td valign=top>16.30h</td><td bgcolor="#eeeeee"><b>[http://www.owasp.org/images/c/c0/Owaspday2Fedon.pdf "Internet Banking and Web Security"]</b><br>Giorgio Fedon - Minded Security</td> |
</tr> | </tr> | ||
<tr> | <tr> | ||
− | <td valign=top>17:00h</td><td bgcolor="#eeeee1">Round table | + | <td valign=top>17:00h</td><td bgcolor="#eeeee1"><b>Round table:</b> Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza? |
+ | Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group. | ||
+ | Keynote: Matteo Meucci</td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
+ | </center> | ||
− | |||
− | + | == Conference references == | |
− | + | * Marco Morana blog: | |
+ | http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html | ||
− | + | * Manlio Torquato interview to Matteo Meucci: http://www.oneitsecurity.it/09/05/2008/owasp-day-2-bilancio-della-conferenza-con-matteo-meucci/ | |
− | + | * Matteo Flora on Punto Informatico: | |
− | + | http://punto-informatico.it/p.aspx?i=2266944 | |
− | + | * Matteo Flora interviewig the speakers: | |
+ | http://punto-informatico.it/p.aspx?i=2266944&p=3 | ||
− | + | ---- | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | [[Category:Italy]] |
Latest revision as of 22:43, 31 October 2008
Centro Congressi dell'Università di Roma "La Sapienza"
31st March 2008 - Roma
OWASP-Day Sponsors
Introduction
Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008.
- The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
- Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
- OWASP Day 2 was an all day Conference.
Topic:
Conference topics:
- The evolution of attacks and countermeasures for the security in the Web Application.
- Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.
Organization and goals:
- The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
- As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
- Conference goal was that to create a debate on which will be the evolution of the Web Application Security.
We received more than 250 subscriptions and more than 200 attendees!
OWASP Day II Italy - Conference Schedule - Presentations are on-line!
THE AGENDA WAS:
9:00h | Registration |
9.30h | "Welcome and opening of the works" Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome. |
9.45h | "Introduction to the OWASP Day II" Matteo Meucci - OWASP-Italy Chair, CEO Minded Security |
10.00h | "L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni" Marco Bavazzano - CISO TELECOM Italia |
10.30h | "SQL Injection tricks: building the bridge between the Web App and the Operating System" Alberto Revelli - Portcullis Computer Security |
11.00h | "Le problematiche di Web Application Security: la visione di ABI Lab" Matteo Lucchetti - ABI Lab |
11.30h | "OWASP Backend Security Project" Carlo Pelliccioni - Spike Reply |
12.00h | Buffet |
14.00h | "Web Services and SOA Security " Laurent Petroque - F5 |
14.30h | "How to start a software security initiative within your organization: a maturity based and metrics driven approach." Marco Morana - OWASP USA Chapter Lead, TISO Citigroup |
15.00h | "Secure Programming with Static Analysis" Jacob West - Head of Fortify Software's Security Research Group |
15.30h | "The Owasp Orizon project: internals and hands on" Paolo Perego - Spike Reply |
16.00h | Coffe break |
16.30h | "Internet Banking and Web Security" Giorgio Fedon - Minded Security |
17:00h | Round table: Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?
Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group. Keynote: Matteo Meucci |
Conference references
- Marco Morana blog:
http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html
- Manlio Torquato interview to Matteo Meucci: http://www.oneitsecurity.it/09/05/2008/owasp-day-2-bilancio-della-conferenza-con-matteo-meucci/
- Matteo Flora on Punto Informatico:
http://punto-informatico.it/p.aspx?i=2266944
- Matteo Flora interviewig the speakers:
http://punto-informatico.it/p.aspx?i=2266944&p=3