CALL FOR PAPERS: 3rd International OWASP Symposium on Web Application Security =

The OWASP AppSec conferences bring together application security experts and software engineers from all over the world. Industry and academia meet to discuss open problems and new solutions in application security. The conferences offer researchers and practitioners a set of tutorials, keynotes, and invited presentations.

As in the two previous editions, the OWASP AppSec Europe 2008 conference will feature a refereed papers track. The goal of the refereed papers track is twofold:

• to give academic researchers in web application security the opportunity to share their research results with practitioners, and
• to give industry people the possibility to share experiences with academia and the OWASP community.

Hence both research papers as well as experience papers pertaining to all aspects of web application security are solicited. Papers should describe new ideas, new implementations, or experiences related to web application security.

TOPICS OF INTEREST

Topics of interest include, but are not limited to:

• Web application security
• Secure application development
• Security of Service Oriented Architectures
• Threat modeling of web applications
• Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)
• Countermeasures for web application vulnerabilities
• Secure coding techniques
• Experiences or new ideas on SE processes for developing secure web applications (CLASP, SDLC, ...)
• Static and dynamic analysis of web application technologies
• Platform or language (e.g. Java, .NET) security features that help secure web applications
• Open source framework features that help secure web applications
• How to use databases securely in web applications
• Experiences on using web application security scanning or code analysis tools
• Access control in web applications
• Trusted computing solutions for web applications
• Non-repudiation in web applications
• Web services security
• Browser security
• Ajax security
• Session hijacking
• Cross-Domain Request Forgery
• Assurance and certification of web applications

IMPORTANT DATES

Submission deadline: March 1, 2008

Notification of acceptance: April 11, 2008

Final version due: April 25, 2008

AppSec Conference: May 20-23 2008

INSTRUCTIONS FOR AUTHORS

Submissions should be at most 12 pages long in the Springer LNCS Style for Proceedings and Other Multiauthor Volumes. Submissions deviating from these requirements may be rejected without review. Templates for preparing papers in this style for LaTeX, Word, and other word processors can be downloaded from: http://www.springer.com/east/home/computer/lncs?SGWID=5-164-7-72376-0

Submissions are due by March 1, 23:59 GMT. All submissions should be sent in Adobe Portable Document Format (pdf) via the website http://www.cs.kuleuven.be/~lieven/AppSec2008/.

ORGANIZING COMMITTEE

• Lieven Desmet, Katholieke Universiteit Leuven (Organizing chair)
• Sebastien Deleersnyder, Telindus, OWASP Board
• Frank Piessens, Katholieke Universiteit Leuven

PROGRAMME COMMITTEE

• Frank Piessens, Katholieke Universiteit Leuven (PC chair)
• Martin Johns, University of Hamburg
• Mattia Monga, Università degli Studi di Milano
• Lieven Desmet, Katholieke Universiteit Leuven
• Erik Poll, Radboud Universiteit Nijmegen
• Johan Peeters, seccappdev.org
• Sebastien Deleersnyder, Telindus, OWASP Board
• André Mariën, Inno.com
• Konstantin Beznosov, University of British Columbia
• Andreas Fuchsberger, Royal Holloway, University of London
• Ulfar Erlingsson, Reykjavik University
• Tine Verhanneman, Atos Worldline
• Joris Claessens, European Microsoft Innovation Center