This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP EU Summit 2008

From OWASP
Revision as of 17:46, 27 November 2008 by Paulo Coimbra (talk | contribs) (EVENT AGENDA)

Jump to: navigation, search
OWASP EU Summit Portugal 2008.jpg
'THE OWASP AGENDA FOR 2009'


KEY RESULTS FROM THE OWASP SUMMIT

ALGARVE, PORTUGAL, November 7, 2008 – The Open Web Application Security Project (OWASP) today announced results from the annual OWASP Summit. Over 80 application security experts from over 20 countries joined forces to identify, coordinate, and prioritize our 2009 efforts to create a more secure Internet.

OWASP is a free and open community that focuses on improving application security. There is overwhelming evidence that the vast majority of web applications contain security holes that are increasingly putting people and organizations at serious risk. Securing web applications is an extraordinarily difficult technical challenge that demands a concerted effort.

“OWASP came together for a week and produced a stunning amount of new ideas,” said OWASP Chair Jeff Williams. “Our community is growing and organizing into a powerful movement that will affect software development worldwide. This summit marks a major milestone our efforts to improve application security.” - Watch Video


Key results from the OWASP Summit include:


UPDATED OWASP PRINCIPLES

• Free & Open

• Governed by rough consensus & running code

• Abide by a code of ethics (see ethics)

• Not-for-profit

• Not driven by commercial interests

• Risk based approach


UPDATED CODE OF ETHICS

• Support the implementation of and promote compliance with standards, procedures, controls for application security

• Have objectivity, due diligence and professional care in accordance with established standards

• Responsible disclosure


New Free Tools and Guidance - OWASP announced the release of Live CD 2008, many new testing tools, static analysis tools, the Enterprise Security API (ESAPI v1.4), AntiSamy, the Application Security Verification Standard (ASVS), guidance for Ruby on Rails and Classic ASP, international versions of our materials, and much more.

New Outreach Programs – OWASP has expanded its outreach efforts by building relationships with technology vendors, framework providers, and standards bodies. In addition, we piloted a new program to provide free one-day seminars at universities and developer conferences worldwide.

New Global Committee Structure – OWASP recognized the extraordinary contribution of our most active leaders by engaging them to lead a set of six new committees. Each democratically established committee will focus on a key function or geographic region, such as OWASP projects, conferences, local chapters, membership and industry outreach.

How to Join a Global Committee - Applications being accepted until January 9th 2009 for a 24 month term

Global Education Committee

Global Chapter Committee

Global Conferences Committee

Global Industry Committee

Global Projects and Tools Committee

Global Membership Committee


TOOLS AND PROJECTS APPROVED OR LAUNCHED DURING THE SUMMIT

OWASP is proud to launch the following new or updated tools:

• Application Security Verification Standard, Mike Boberski

• AppSensor, Michael Coates

• Access Control Rules Tester, Andrew Petukhov

• AntiSamy .NET, Arshan Dabirsiaghi

• Application Security Tool Benchmarking Environment and Site Generator refresh, Dmitry Kozlov

• Code Crawler, Alessio Marziali

• JSP Testing Tool, Jason Li

• Live CD 2008, Matt Tesauro

• OpenPGP Extensions for HTTP – Enigform and mod_openpgp, Arturo ‘Buanzo’

• Orizon Project, Paolo Perego

• Python Static Analysis, Georgy Kilmov

• Skavenger, Matthias Rohr

• Teachable Static Analysis Workbench, Dmitry Kozlov & Igor Konnov

Find them all at the PROJECTS PAGE

OWASP is proud to launch the following new or updated documents or resources:

• Application Security Desk Reference (ASDR), Leonardo Cavallari

• Backend Security Project, Carlo Pelliccioni

• Classic ASP Security Project, Juan Carlos Calderon

• Code review guide, V1.1, Eoin Keary

• Education Project, Martin Knobloch

• Internationalization Guidelines – Spanish project, Juan Carlos Calderon

• Positive Security Project, Eduardo V.C. Neves

• Ruby on Rails Security Guide V2, Heiko Webers

• Securing WebGoat using ModSecurity, Stephen Craig Evans

• Source Code Review Projects, James Walden

• Testing Guide V3, Matteo Meucci

Find them all at the PROJECTS PAGE


EVENT AGENDA

Agenda for Monday, November 3rd, 2008
13:00 Lunch
Training Sessions
15:00 - 17:00 Securing WebGoat with ModSecurity
Stephen Craig Evans
WebSec Apps for Managers and Executives
Mano Paul
OWASP Testing Guide
Matteo Meucci
19:00 Summit Briefing
Dinis Cruz and Summit Organization Team
20:00 Dinner


Agenda for Tuesday, November 4th, 2008
08:00 Registration
09:00 Summit Keynote
Dinis Cruz and Summit Organization Team
Documents Tools
09:30 OWASP Testing Guide - SoC 08
Matteo Meucci
OWASP JSP Testing Tool - SoC 08
Jason Li
09:45 OWASP Code Review Project - SoC 08
PowerPoint Presentation
Eoin Keary
OWASP Orizon Project - SoC 2008
PowerPoint Presentation
Paolo Perego
10:00 OWASP Application Security Desk Reference - SoC 08
Leonardo Cavallari Militelli
OWASP Live CD - SoC 2008
Matt Tesauro
10:15 OWASP Spanish Project - SoC 2008
Juan Carlos Calderon
OWASP WebScarab Project
PowerPoint Presentation
Rogan Dawes
10:30 Coffee Break
10:45 .NET ESAPI
Alex Smolen
11:00 Working Sessions Briefing
Dinis Cruz
Working Sessions
11:15 - 13:00 Documentation Projects/Guides Integration and Unified 4.0 Version
Eduardo Neves
Browser Security
Arshan Dabirsiaghi
Tools Projects
Matt Tesauro
13:00 Lunch
Training Sessions
14:00 The Art and Science of Threat Modeling Web Applications
Mano Paul
Web Server Hardening SELinux
Pavol Luptak
Offensive WebApp Hacking
Marco Slaviero
16:00 Coffee Break
Working Sessions
16:30 ESAPI
Jeff Williams
18:30 ASDR
Leonardo Cavallari
.NET Project
Dinis Cruz


Agenda for Wednesday, November 5th, 2008
09:15 Daily Briefing
Dinis Cruz
Standards and Education Tools
10:00 OWASP Positive Security (SoC 08)
Eduardo Vianna de Camargo Neves
OWASP Access Control Rules Tester Project
Andrew Petukhov
10:15 OWASP Education
Sebastien Deleersnyder, Martin Knobloch
OWASP Teachable Static Analysis Workbench
Dmitry Kozlov
10:30 OWASP Internationalization Guidelines
Juan Carlos Calderon
OWASP AppSensor
Michael Coates
10:45 PASSWD:Metrics and Vulnerabilities
Lucilla Mancini
OWASP Backend Security Project
Carlo Pelliccioni
11:00 OWASP Open Review Project
Dan Cornell
OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project
Dmitry Kozlov
11:15 OWASP Global Committee Elections
11:30 Coffee Break
Working Sessions
12:45 OWASP Working Session Education Project
Sebastien Deleersnyder
Testing Guide
Matteo Meucci
Web Application Framework Security
Arshan Dabirsiaghi
14:45 Lunch (During Working Sessions)
Training Sessions
15:00 Flash Player Security
Peleus Uhley
OWASP Top 10
Sebastien Deleersnyder and Martin Knobloch
Uncovering WebScarab's Secret Treasures
Rogan Dawes
Hacking the Orizon
Paolo Perego
17:00 Coffee Break
Working Sessions
17:30 Code Review Guide
Eoin Keary
EU Funding for OWASP Projects
Carlos Serrao
OWASP Certification
Tom Brennan
Software Assurance Maturity Model
Pravir Chandra
19:00 OWASP Website
Fabio Cerullo
Metrics & Vulnerabilities
Lucilla Mancini
OWASP Orizon
Paolo Perego


Agenda for Thursday, November 6th, 2008
09:15 Daily Briefing
Dinis Cruz
Technology Tools
10:00 OWASP Classic ASP Security Project
Juan Carlos Calderon
OWASP Source Code Review
James Walden
10:15 OWASP Ruby on Rails Security Project
Heiko Webers
OWASP Enigmaform and mod_Openpgp
Arturo Alberto Busleiman
10:30 OWASP Webslayer Project
Christian Martorella
OWASP Securing WebGoat using ModSecurity
Stephen Evans and Christian Folini
11:00 OWASP Skavenger Project
Matthias Rohr
OWASP AntiSamy.NET
Marcin Wielgoszewski
11:15 Coffee Break
Working Sessions
11:30 Top 10 2009
Dave Wichers
Intra Governmental Affairs
David Campbell
SAMM v2 Web Site Handling Web MalWare
13:00 Lunch (During Working Sessions)
Training Sessions
14:00 Ajax Security Auditing Flash Applications
Peleus Uhley
WebApp Assessment
Vicente Aguilera Diaz
Mod Security
Lucas C. Ferreira
Working Sessions
16:30 Strategic Planning and Business Models compatible with OWASP values
Jeff Williams, Dinis Cruz, Dave Wichers, Sebastien Deleersnyder, Tom Brennan & Kate Hartmann and Paulo Combra
18:30 2-Way Internationalization
Juan Carlos Calderon & Sebastien Deleersnyder
Best Practices for Chapter Leaders
Georg Hess
Live CD & DVD
Matt Tesauro
20:00 Gala Dinner
22:00 OWASP Band


Agenda for Friday, November 7th, 2008
10:00 Daily Briefing
Dinis Cruz
10:15 OWASP AppSec Agenda 2009: Working Session Outcomes
Documentation Projects/Guides Integration and Unified 4.0 Version
Eduardo Neves
Browser Security
Arshan Dabirsiaghi
ESAPI
Jeff Williams
Tools Projects
Matt Tesauro
Code Review Guide
Eoin Keary
OWASP Certification
Tom Brennan
Software Assurance Maturity Model
Pravir Chandra
Top 10 2009
Dave Wichers
Intra Governmental Affairs
David Campbell
Best Practices for Chapter Leaders
Georg Hess
11:15 Coffee Break and Vote (put your dots on the wall)
11:30 Live CD & DVD
Matt Tesauro
ADSR
Leonardo Cavallari
Education Project
Sebastien Deleersnyder
Web Application Framework Security
Arshan Dabirsiaghi
Testing Guide
Matteo Meucci
OWASP Censorship
Tom Brennan
EU Funding for OWASP Projects
Carlos Serrao
OWASP Website
Fabio Cerullo
OWASP Orizon
Paolo Perego
Handling Web MalWare
2-Way Internationalization
Juan Carlos Calderon
Portuguese Public & Private Organizations
Carlos Serrao
Winter of Code 2009
Dinis Cruz and Sebastien Deleersnyder
13:00 Lunch
14:00 Board Meeting
17:00 Announcement of Summit Procedings

VENUE & TRAVEL ARRANGEMENTS

The OWASP European Summit 2008 will be hosted at the 5 start Resort in Algarve Portugal (Grande Real Santa Eulália Resort & Hotel). We suggest the hotel booking and the travel arrangements be handled via Diplomata Tours, the assigned travel agency.


The venue address:

Praia de Santa Eulália

PO Box 2445

Albufeira, Portugal

8200-916

Google Maps Link

Nearest Airport: Faro

U.S. Absentee Voting Information

U.S. citizens attending the Summit on 4 November (Election Day) may vote absentee. You may find the information you need here, here or here, or on your home state/territory or foreign embassy/consulate web site. These links are provided for your information only; OWASP does not endorse any political party, candidate, etc. and is not able to provide you with instructions or assistance in voting or registering.

ARCHIVE DATA


Summit Brochure 6 page brochure or this 33 page brochure.

SPONSORS

AOD_Logo_2c.gif Mnemonic_logo.png Softtek_logo.gif

FORMER AGENDA

Click here to see.