This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec Asia 2008 - Taiwan

Revision as of 06:16, 8 October 2008 by Wayne huang (talk | contribs) (OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th))

Jump to: navigation, search

Welcome to OWASP AppSec Asia 2008! We'd like to thank China, Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in participating, please email us.

Two professional translators will be at the conference to conduct simutaneous oral translation between English and Mandarin. Wireless earphones will be provided.

OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th)

(2008/10/27) - Day 1

08:30 - 09:30 Door opens for registration
09:30- 09:40 Opening welcome and an introduction to this year’s program

Wayne Huang, Conference Chair
09:40-09:50 Welcome by Institute for Information Industry

09:50-10:00 Welcome by Information Security Consortium, Information Service Industry Association

10:00-11:00 What's Next? Strategies for Web Application Security

YM Chen, Director, McAfee Foundstone

11:10-12:00 Web-based Malware obfuscation: the kung-fu and the detection
Wayne Huang, OWASP Taiwan Chapter

12:00 - 13:00 Lunch
13:00 - 13:40 Why Webmail systems are hard to secure--using real case studies

Charmi Lin, Taiwan Information & Communication Security Technology Center
13:50 - 14:40 Web Application Proactive and Passive Defense Best Practices

Frank Fan, OWASP China
14:40 - 15:00 Coffee Break
15:00 - 15:40 How bad can Web vulnerabilities be—case study on a 50 million personal records breach

PK (Taiwan Criminal Investigation Bureau)
15:50 - 16:40 Tiny coding errors, big losses: real stories of website 0wnage

Fyodor Yarochkin (Guard-Info)
16:50 - 17:40 Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example

Tim Bass, OWASP Thailand
17:40 - 18:40 Asia Chapter Leader’s Meeting

China, Delhi, Hong Kong, Mumbai, Singapore, Taiwan, Thailand, and Vietnam Chapter Leaders

(2008/10/28) - Day 2

09:00- 10:30 New 0-Day Browser Exploits: Clickjacking - yea, this is bad...

Robert "RSnake" Hansen (SecTheory)
10:40- 11:30 Web 2.0, Consumerization, and Application Security

Chenxi Wang, Ph.D. (Forrester Research)
11:40- 12:30 Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks

Dhruv Soi (OWASP Delhi Chapter Leader), Pukhraj Singh (OWASP Delhi Chapter)
12:30 - 13:30 Lunch
13:30 - 14:20 Good Business Penetration Testing

KK Mookhey (OWASP Mumbai)
14:30 - 15:20 Best Practices Guide: Web Application Firewalls

Alexander Meisel (OWASP Germany)
15:20 - 15:40 Coffee Break
15:40 - 16:30 The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets

Steven Adair (ShadowServer Foundation)
16:40 - 17:30 Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?

Alex, Chenxi, Dhruv, Fyodor, KK, Robert, Tim Bass, Wayne, YM, Frank Fan

Conference Fees & Registration

Conference Fees

The fee for the two days conference is USD 35, which includes:

  • Two lunches
  • Coffee breaks
  • Conference T-Shirt


Registration is now open!! Please contact us for the registration.