This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "OWASP AppSec Europe 2008 - Belgium"

Jump to: navigation, search
(Agenda and Presentations - May 21-22)
Line 99: Line 99:
  | style="width:10%; background:#7B8ABD" | 9:40-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Tour of OWASP projects
  | style="width:10%; background:#7B8ABD" | 9:40-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Tour of OWASP projects
''Dinis Cruz and Dave Wichers''
''Dinis Cruz (Chief OWASP Evangelist),  Dave Wichers (OWASP Board), Michael Eddington (OWASP Encoding Project, .NET Web Service Validation Project) and Mark Roxberry (OWASP .NET Project)''
  | style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break
  | style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break

Revision as of 23:37, 3 April 2008

Owasp banner EU08.jpg

Welcome to the European OWASP Application Security Conference! After successful OWASP Conferences in the United States and Europe, we are back in Belgium: 5 tutorials and 2 conference tracks in the historic center of Ghent on May 19-22 2008!

The conference is stuffed with top notch presentations from industry recognised speakers and technical experts on the latest application security risks and trends. New for AppSec Europe: technical vendor demos and a Capture the Flag!

Conference Location


The historic center of Ghent, Belgium May 19th-22nd.

Tutorial Days: May 19th-20th

Main Conference: May 21st-22nd

Registration is available via the OWASP Conference Cvent site at: Cvent link

If you are registering as a Speaker or Sponsor, please use the following link: Cvent link for speakers/sponsors

Agenda and Presentations - May 21-22

The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days. As in the previous editions, the OWASP AppSec Europe 2008 conference will feature a refereed papers track.

Day 1 - May 21, 2008
Track 1: Track 2:
08:00-09:00 Registration and Coffee
09:00-09:05 Welcome to OWASP AppSec 2008 Conference

Sebastien Deleersnyder

09:05-09:45 Keynote: The Great Information Security Scrap Yard Challenge

Mark Curphey

09:45-10:20 Owasp State of the Union

Dinis Cruz

10:20-10:40 Break
10:40-11:20 The OWASP ESAPI project

Dave Wichers

Trends in Web Hacking Incidents: What's hot for 2008

Ofer Shezaf

11:20-12:00 Evaluation Criteria for Web Application Firewalls

Ivan Ristic

HTML5 security

Thomas Roessler

12:00-12:30 The OWASP Orizon Project internals

Paolo Perego

Remo presentation (Input Validation)

Christian Folini

12:30-14:00 Lunch
14:00-14:40 Best Practices Guide: Web Application Firewalls (OWASP German chapter)

Alexander Meisel

Google-Hacking and Google-Shielding

Amichai Shulman

14:40-15:20 NTLM Relay Attacks

Eric Rachner

The Law of Conservation of Bugs

Gunnar Peterson

15:20-15:50 Security in Agile Development

Dave Wichers

Security framework is not in the code

Sam Reghenzi

15:50-16:10 Break
16:10-17:00 Exploiting Online Games

Gary McGraw

SHIELDS: metrics, tools and Internet services to improve security in application developments

Eva Coscia

17:00-18:00 Panel: “tbd”

Moderator:tbd Panelists: tbd

18:00-19:00 OWASP Leader Meeting - Organized by Matteo Meucci
19:00-21:00 OWASP Social Gathering: Dinner and Drinks at the Monasterium
Day 2 - May 22, 2008
Track 1: Track 2:
08:00-09:00 Coffee
09:00-9:40 Keynote: Software Security: State of the Practice 2008

Gary McGraw

9:40-10:20 Tour of OWASP projects

Dinis Cruz (Chief OWASP Evangelist), Dave Wichers (OWASP Board), Michael Eddington (OWASP Encoding Project, .NET Web Service Validation Project) and Mark Roxberry (OWASP .NET Project)

10:20-10:40 Break
10:40-11:20 Graph Analysis for WebApps: From Nodes to Edges

Simon Roses Femerling

The OWASP Education Project

Martin Knobloch

11:20-12:00 Dynamic Taint Propagation: Finding Vulnerabilities Without Attacking

Brian Chess

Threat Modeling for Application Designers & Architects

Shay Zalalichin

12:00-12:30 Scanstud: Evaluating static analysis tools

Martin Johns

Office 2.0: Software as a Service, Security on the Sidelines?

John Heasman

12:30-14:00 Lunch
14:00-14:40 How Data Privacy affects Applications and Databases

Dirk De Maeyer

refereed papers track
14:40-15:20 The OWASP Anti-Samy project

Jason Li

refereed papers track
15:20-15:50 Input validation: the Good, the Bad and the Ugly

Johan Peeters

refereed papers track
15:50-16:10 Break
16:10-17:00 Client-side security


refereed papers track
17:00-18:00 Panel: Responsible "tbd"

Moderator: tbd

Panelists: tbd

Panel: "tbd"

Moderator: tbd Panelists: tbd

18:00-18:10 Conference Wrap Up - Dave Wichers, OWASP Conferences Chair

Venue: Aula, Ghent University, Volderstraat 9, 9000 Ghent

Registration is available via the OWASP Conference Cvent site at: Cvent link

Tutorial Days - May 19-20

OWASP arranged for several Application Security tutorials on May 19th-20th, the days prior to the conference.

T1. Building and Testing Secure Web Applications
Most developers, IT professionals, and auditors learn what they know about application security on the job, usually by making mistakes. Application security is just not a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their IT security efforts. This powerful two day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities into their code.

Trainer: Dave Wichers - Read more here!

T2. Leading the Development of Secure Applications
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle.

Trainer: tbd - Read more here!

T3. Building Secure Rich Internet Applications
Rich Internet applications using technologies like Ajax, Flash, ActiveX, and Java Applets require special attention to secure. This one day training addresses the special issues that arise in this type of application development.

Trainer: tbd - Read more here!

T4. Web Services and XML Security
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software. Many enterprises are currently developing new Web Services and/or adding and acquiring Web Services functionality into existing applications -- now is the time to build security into the system!

Trainer: Gunnar Peterson - Read more here!

T5. Open Source ModSecurity Training
ModSecurity is currently the most widely deployed web application firewall (WAF) product. This two-day class is for those people who want to learn how to build, deploy, and use ModSecurity in the most effective manner. The course will cover the open source ModSecurity Console, which helps manage alerts on suspicious web activity targeting your web servers. The course also provides an in-depth look at the extremely powerful ModSecurity Rules Language.

Trainer: Ryan Barnett - Read more here!

More information about the tutorials are online.

Venue: Monasterium PoortAckere, Oude Houtlei 56, 9000 Gent

Evening Social Event - May 21

At every conference we have an evening social event the first night. This allows participants to have some unstructured time to mingle with the other attendees. They are always fun and typically attract about half the conference attendees. This year's event will be held at the Monasterium.

Registration is available via the OWASP Conference Cvent site at: Cvent link


OWASP arranged for a room block of 20 Executive Deluxe rooms at the NH Gent Belfort at a rate of €199 per night.

NOTE: The above room block is being held through April 11!! After that date, there is no guarantee that rooms at this rate will be available at the NH Gent Belfort.

OWASP arranged for a room block of 25 rooms at the IBIS hotels in Ghent. You can already contact them on Hotel Ibis Gent Centrum Opera and Hotel Ibis Gent Centrum Kathedraal

It is difficult getting rooms at reduced prices, as there is a medical congress around the same time in Ghent. Unfortunately, we were not able to make group rate arrangements at other hotels. However, the following is a list of nearby accommodations that may have availability at lower prices:

You will find it difficult to get a room for the night of May 22. We recommend you then book a room for one night near the airport of Brussels.

Registration and Conference Fees

Registration is available via the OWASP Conference Cvent site at: Cvent link

The conference fee for this conference is :

  • Standard: 350 Euros, OWASP Members: 300 Euros, Students: 225 Euros.
  • Conference Dinner (Evening of May 21st): 50 Euros
  • Conference Tutorials: 825 Euros, Student Fee: 430 Euros
  • CONFidence Poland 2008 members get a € 35 reduction on OWASP (see OWASP On a Plane below).
  • ISSA, ISACA and L-SEC Members get a € 35 reduction.

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accomodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

OWASP on a Plane - CONFidence 2008

This year's CONFidence 2008 will take place on 16-17.05.2008 in Cracow (Poland). They have decided to spend Saturday morning talking about OWASP-related projects. No more excuses: you can attend 2 OWASP events in a row in Europe!

Conference Committee

OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at'

2008 EU Planning Committee Chair: Sebastien Deleersnyder - Telindus - seba 'at'

Vendor Exhibition Chair: Pravir Chandra - Cigital - chandra 'at'

Capture the Flag Chair: Pieter Danhieux - Ernst & Young - pieter.danhieux 'at'

Refereed Papers Chair: Lieven Desmet - KU Leuven - Lieven.Desmet 'at'

Conference Sponsors

The following organizations are sponsors for this conference. If you are interested in sponsoring an OWASP conference, please contact OWASP at: conferences 'at'


More information about conference sponsorship is available here.