This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Global AppSec Asia 2011

From OWASP
Revision as of 19:33, 25 October 2011 by Jie Wang (talk | contribs)

Jump to: navigation, search
OWASP 2011 AppSec Asia.jpg


Welcome

OWASP Global AppSec Asia Pacific 2011 - Beijing China

OWASP China-Mainland Chapter will host OWASP Global AppSec Asia 2011 in Beijing, China from Nov. 8 to Nov. 11, 2011. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from Asia and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

中文(Chinese)

中文网站

OWASP 中国

OWASP 2011亚太峰会

Registration

请使用RegOnline 链接来注册(中文).

Please use RegOnline link for your registration (English).

Who Should Attend OWASP Global AppSec Asia 2011:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security

For student discount, attendees must present proof of enrollment when picking up your badge.

Keynotes

Manoranjan Paul



Mano_Paul.jpg Manoranjan (Mano) Paul is founder and CEO of SecuRisk Solutions and Express Certifications, companies that specialize in security training, consulting and product development. His information security and software assurance experience includes designing and developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, and security awareness training and education.

He is the author of the official (ISC)2 guide to the Certified Secure Software LifecycleProfessional (CSSLP) book (released June 2011) and has contributed to chapters in the Information Security Management Handbook. His has been interviewed and referenced in several articles including those in CIO.com. Mano has been featured in various domestic and international security conferences and is an invited speaker and panelist, delivering training, talks and keynotes in conferences such as the OWASP, ASIS, CSI, Catalyst, SC World Congress, (ISC)2 Security Congress, and TRISC.

Cassio Goldschmidt



Cassio.jpg Cassio Goldschmidt is a globally recognized application security leader, and senior manager of the product security team at Symantec Corporation (a long time OWASP supporter). In this role Cassio leads the Symantec Product Security team with company-wide responsibility for product security assurance, vulnerability management, security development lifecycle implementation, and oversees the coordination of security certifications and training.

Cassio's contribution to OWASP include:

  1. Co-chair of OWASP AppSec USA 2010
  2. Co-chair of OWASP AppSec Latin America 2011
  3. Member of the conference committee
  4. Major contributions to the revamp of OWASP LA Chapter
  5. Honorary founder of OWASP Porto Alegre Chapter
  6. Board member of OWASP LA Chapter
  7. Speaking engagements at OWASP conferences

Frank Fan



Frank_150.jpg Mr. Frank Fan was graduated from California State University as a Computer Science PhD.

With more than ten years of technical research and project management experience in world famous security companies, Mr. Frank Fan researched deeply about online security, database security and auditing and compliance( such as SOX, PCI, ISO17799/27001). Because of his successful technological innovation in information security, he become the first Chinese who made a speech in the World’s top security conference BLACKHAT and he has certificates such as CISSP, CISA, GCIH, GCIA, etc. Right now, Mr. Frank Fan is the vice president of OWASP China and member of 2008 Olympic Organizing Committee security group.


Guest Speakers

Sebastien Deleersnyder



Seba_reasonably_small.jpg Seba Deleersnyder, Managing Technical Consultant ICT Security at SAIT Zenitel.

As security project leader and information security officer for multiple customers Sebastien has build up extensive experience in Information Security related disciplines, both at strategic and tactical level. Sebastien specializes in (Web) Application Security,combining both his broad development and information security experience.

Seba is the Belgian OWASP Chapter Leader, member of the influential OWASP Foundation Board and performed several public presentations on Web Application and Web Services Security. He also co-organizes the yearly security & hacker BruCON conference and trainings in Brussels.


Tobias Gondrom



Tobias.gondrom.jpg Tobias Gondrom is Managing Director of an IT Security & Risk Management Advisory based in the United Kingdom and Germany. He has twelve years of experience in software development, application security, cryptography, electronic signatures and global standardisation organisations working for independent software vendors and large global corporations in the financial, technology and government sector, in America, EMEA and APAC. As the Global Head of the Security Team at Open Text (2005-2007) and from 2000-2004 as the lead of the Security Task Force at IXOS Software AG, he was responsible for security, risk and incident management and introduced and implemented a secure SDLC used globally by development departments in the US, Canada, UK and Germany.

Since 2003 he is the chair of working groups of the IETF (www.ietf.org) in the security area, member of the IETF security directorate, and since 2010 chair of the formed web security WG at the IETF, and a former chapter lead of the German OWASP chapter from 2007 to 2008 and board member of OWASP London. Tobias is the author of the international standards RFC 4998, RFC 6283 and co-author and contributor to a number of internet standards and papers on security and electronic signatures, as well as the co-author of the book „Secure Electronic Archiving“, and frequent presenter at conferences and publication of articles (e.g. AppSec, ISSE, Moderner Staat, IETF, VOI-booklet “Electronic Signature“, iX).


Jianmeng Li

Jianmeng Li(Jimmy)is a core member of security team in CISCO CSG. When graduated at 2011, Jimmy worked on the development of client and website for a foreign company. In 2004, he was dispatched to Japan for a year. Jimmy joined Huawei technologies Co., LTD when he came back and worked to develop mobile communication platform. Then Jimmy joined CISCO at 2006 and worked on the development of backend server of online products and application security field. He has rich developing experience on multi-language and multi-platform and is responsible for the training of C/C++ convention and skills. Currently Jimmy is focusing on Fuzz test and secure development.


Larry Man



Larryman.jpg Larry Man is a dynamic-leader in information security, with over 15 years experience in the field. He is Principle Consultant – SZBOWEB Company Limited which provides independent IT Security consulting to arrange of clients in China and Hong Kong. He is an expert in Data Security. He previously led a team in Ottawa Canada to create an embedded software system specialized in digital rights management. He is also the founder of Ironclad System, a software vendor in producing ERM systems. Larry used to work as a computer auditor of HSBC in HK. Larry was graduated from University of Manitoba with two degrees, one in Computer Science and one in Accounting & Finance. He also had a Master Degree in Engineering from CUHK. Larry is based in Hong Kong and has previously lived in Canada, US and China.


Marco M. Morana

Marco Morana is leader of the OWASP (Open Web Application Security Project) Cincinnati chapter, Ohio, USA and co-author of OWASP projects such as the secure coding guide and the testing guide. In his current position, Marco works as Sr. Technology Information Security Officer and Security Architect for Citigroup Global Consumer North America where his primary responsibility is security analysis and design review of financial based web applications including on-line banking. Prior to Citigroup, Marco worked for more than 15 years at different companies as software security consultant, security instructor, security application architect and security software engineer. Marco owns a Masters Degree in Computer Systems Engineering from Northwestern Polytechnic University and an Engineering Doctorate Degree (Dr. Ing.) in Mechanical Engineering from University of Padua.


Alexander Wang


Wenjun.png Wenjun Wang is a tech lead and security architect in HP PPM R&D with 10 years experience in software development and 4 years’ in security architecture. He used to work in the PPM integration team, took the tech lead for PPM-EDS project, now he acts as the tech lead and scrum master for PPM-Mobility project. He had been working in HP for 4 years. Before joining HP, he worked in Wuerth Phoenix as a Java developer for an ERP system.

As a team leader of the localization of AntiSamy Java in OWASP China, Wenjun organized the training of Antisamy Java and won welcome from students for his understandable style of speech and humor. He holds a master degree in EE and a bachelor degree in Accounting of Shanghai Jiaotong University.


Daniel Ching Wa Ng



Daniel_ng.jpg NG, CHING WA (Daniel) started the career as computer programmer in 1990, and then progressing towards ICT Security, Computer Forensics, Financial Accounting and Auditing after millennium. Recently, he starts his PhD (Security & Forensics) in a UK reputable institute and The Hong Kong Polytechnic University, after earning a good stock options as a corporate director in a listed entity. His interest is Cyber Security, Health Informatics, FaceBook investigation, Digital Evidence standard for forensics laboratory, and Network Forensics. Professionally, he is a committee member HTCIA Asia Pacifc, Chairperson of Professional Internet Security Professional (HK/China), Founder of China PIS Alliance (C-PISA), Director of ISACA China, and Expert Advisor to HKSAR Legco Councillor Samson Tam, ISC2 CSSLP evangelist and authorized trainer. Under the strong influence of knowledge intensive works, Daniel branches into the topic of e-learning, in particular, mobile learning. This research is working with Malaysia Government MIMOS, the national organization for ontology and semantic web. Academically, Daniel is strong in Knowledge Management with a master degree graduated at GPA 3.8.


Jonathan Werrett



Jw-headshot-200px.jpg Jonathan Werrett is a Hong Kong based Senior Security Consultant with Trustwave's SpiderLabs. SpiderLabs is Trustwave's advanced security team focused on penetration testing,incident response, and application security. Over the past 10 years, Jonathan has worked in roles securing web infrastructure for a number of online start-ups, as well as providing web application testing and secure development consulting services to various international organizations.


Yuming Xia

Yuming Xia(Bruce), employee of Cisco System Inc., focusing on application security, including penetration testing and security solution development.Before joining Cisco, Bruce was a network analyzer for China Telecom. And as a main author for book “Software Quality Management” (Tsinghua University Press, 2007), he has lots of experience in quality assurance and security processes. After one year of technical study in San Jose (CA, USA) , he is fully skilled on security issue detection and solution development, and now acting as security owner for several large projects.


Noa Bar Yosef

Noa is a senior security strategist at Imperva. In this role Noa researches and analyzes the trends in the threat landscape. She is a frequent contributor to different security magazines, comments on security-breaking news, and is regularly invited to speak at industry events. Currently, Noa writes a bi-weekly column on hacker trends and techniques for SecurityWeek. Previously, she held the position of a senior security researcher for Imperva’s Application Defense Center. Noa holds a MSc degree (specializing in information security) from Tel-Aviv University.


CFP and CFT

OWASP APPSEC ASIA 2011

CALL FOR Presentation

OWASP AppSec Asia 2011 Conference will be a major international forum for the presentation of research results, cutting-edge ideas and in-depth discussions in the field of application security. OWASP AppSec Asia 2011 Conference invites application security researchers, thought leaders and developers worldwide to submit papers for the opportunity of presenting to 800+ expected participants.

The topics we are seeking include, but are not limited to:

  1. Web Application Security
  2. Mobile Application Security
  3. Cloud Application Security
  4. Software and Architecture Patterns for Application Security
  5. Metrics for Application Security
  6. OWASP Tools and Projects
  7. Secure Coding Practices (J2EE/.NET)
  8. Application Security Testing
  9. New Attacks and Defense
  10. Other subjects related to OWASP and Application Security

To make a submission:

  1. Download and fill out the form available at https://www.owasp.org/images/d/d3/OWASP_AppSec_Asia_2011_CFP_v2.zip
  2. Submit the form through the Easychair conference web site at http://www.easychair.org/conferences/?conf=GlobalAppSecAsia2011

Each talk should be limited to 40 minutes, followed by a 10 minute question session.

  • Submission deadline: August 22, 2011.
  • Notification of acceptance: September 9, 2011.
  • Presentation slides due: October 21, 2011.

CALL FOR Training

OWASP AppSec Asia will begin with two days of training sessions on November 10th and 11th, 2011. Proposals are solicited for the training of either a one-day (6 hours plus breaks) or two-day sessions on all topics of application security with focus on secure application design and development, threat modeling and defense strategy, and secure application testing. Each training session should cover a single topic in detail in order to allow trainees to grasp practical understanding and basic skill in the subject. Submissions should include a cover sheet and an extended abstract. The cover sheet should specify:

  1. The title and length of the training;
  2. The intended audience and prerequisite knowledge or skills, if any;
  3. Complete contact information for the trainer; and
  4. Brief biography (max. 2 paragraphs) for the trainer. The extended abstract should be 1 to 2 pages, and should include an outline of the training plan, along with descriptions of the objectives and course materials.

Training proposals in PDF or Word format must be sent via email by August 22, 2011 to Jack Li ([email protected]). The submissions will undergo review and trainings will be selected by the OWASP AppSec Asia 2011 Conference Committee. Notifications will be sent out by September 9, 2011.


For more information, please see the following web pages:

Conference Website: https://www.owasp.org/index.php/OWASP_Global_AppSec_Asia_2011

OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement OWASP Website: http://www.owasp.org Easychair conference site: https://www.easychair.org/account/signin.cgi?conf=apac2011 Presentation proposal form: https://www.owasp.org/images/b/b6/OWASP_AppSec_Asia_2011_CFP.zip


Agenda

November 8th

08:00 – 09:00 Registration
09:00 – 09:15 Rip, OWASP China
Opening Ceremony: Development of OWASP China
09:15 – 09:30 Sebastien Deleersnyder, OWASP Global Committee
Opening Ceremony
09:30 – 09:50 Liping Ding
TBD
09:50 – 10:30 Manoranjan Paul
Silver lining in dark clouds: A look at cloud computing security
10:30 – 11:00 Frank Fan
Current Web Security and its' Future
11:00 – 11:30 Jonathan Werrett
WAFs: Patch First, Ask Questions Later
11:30 – 12:00 Hanqing Wu
Flaws of Popular Application Applied Encryption Algorithms and the Corresponding Utilization"
12:00 – 14:30 Lunch & Networking
14:30 – 15:10 Cassio Goldschmidt'
The Fundamental Approaches and Tools to Achieve Secured Development Life Cycle
15:10 – 15:40 Yuming Xia
Web2.0 Secure Coding Practice
15:40 – 16:10 Marco M. Morana
The Financial Industry Web Application Single Sign-On (SSO) Framework Design and Case Studies
16:10 – 16:40 Huawei Symantec
TBD
16:40 – 17:10 Noa Bar Yosef
Hacking 2011:Lesson for 2012
17:10 – 18:00 Exhibition of Internet Security Products


November 9th

08:00 – 09:00 Registration
09:00 – 09:30 Wenju Wang
The XSS Detection and Defense Techniques and Case Studies
09:30 – 10:00 Larry Man
Data Control: Improve Database Security through Vulnerability Management
10:00 – 10:30 Daniel Ng
Beefing up Cloud Application through Genetic Network Coding
10:30 – 11:00 Dr. Meng-Chow Kang
Overview of ISO/IEC 27034 - the Application Security Standards
11:00 – 11:30 Jianmeng Li
Secure C Function: The Lightweight Solution for Buffer Overflow
11:30 – 12:00 Langyu Hu
RFID Security
12:00 – 15:00 Lunch & Networking
15:00 – 15:30 Chenming Zhong
Overview of Website Security
15:30 – 16:00 Tony
2011 Application Security with 0-Day Vulnerability Analysis
16:00 – 16:15 TBD
TBD
16:15 – 16:45 TBD
TBD
16:45 – 17:15 TBD
TBD
17:15 – 17:45 TBD
Future Plan of OWASP China. Release of WAF Testing Benchmark
17:45 – 18:00 Closing



Training

November 10th

08:00 – 12:00 Tobias Gondrom
OWASP for CISO and senior managers
14:00 – 18:00 Wei Zhang
Secured Framework Design for Online Banking System


November 11th

08:00 – 12:00 Wenjun Wang
OWASP Top 10 and Countermeasures
14:00 – 18:00 Jianmeng Li
Secure Way of Development - Resolving and Preventing Security Vulnerabilities from Origin

Sponsors

We are still soliciting sponsors for the OWASP Global AppSec Asia 2011. An exhibit hall will be held for vendor booths and presentations.

More than 500 people attended the OWASP China conference last year. As a sponsor, you will gain exclusive access to companies in Asia through a limited number of expo floor slots.

New in 2011, we are offering exclusive Global AppSec Sponsorships to provide additional benefits and streamline the planning process for our most supportive organizations.

Please contact us directly if you have any related question.

To find out more about the different sponsorship opportunities please check the document below:
OWASP_China2011_Sponsorship.pdf


Sponsors:


Gold Sponsor:

HS.jpg       

Training Sponsor:

NSFOCUS.jpg       

Exhibitors:

Venustech.gif        Dumalogo.jpg        SZB_Blogo_40.jpg       

Dbappsecurity.jpg        Ankki.gif        Trustwave-Logo-with-Tagline.jpg       

Mainway.jpg        Anchiva.png       

SECWORLD.gif        Knownsec.gif       

Cooperators:

Aiscanner.png        Broadview.jpg       




Media Partners

International Media:


Isc2_logo.jpg        InfoSecurity_logo.jpg        Fanatic_Media_Logo.jpg        Chmag.in.png       



Chinese Media:


51CTO.jpg        IT168.JPG        Hackfiles.png        Byte.jpg       

CIOlogo.jpg       CSDN.jpg       TT-China.gif       IT55464e1a65b095fb7f51.gif       

TechWeblogo.jpg       IT65f64ee35468520a-60.gif       


Team

Members (in alphabetical order)

Expense

Registration Fee

The registration is fee for OWASP members. To become a member, just click here. If you are located in the Asia Pacific region, then you may qualify for a reduced membership fee. Please contact your local chapters for details.

Accommodation

Please check the local hotel website for detail information.

Logistics

Venue

Beijing International Convention Center

No 8 Beichen Dong Road Chaoyang District, Beijing China 100101

Tel: +86-10-84979768

website: http://www.bicc.com.cn

Hotel

Attendees can enjoy preferred rates in following hotels. Please send email to Ivy before Sep 30th, 2011 and reservation is subject to our confirmation. Hotels will not reserve rooms with preferential prices for us.

1. Beijing North Star Continental Grand Hotel

Add:No.8 Beichen Dong Road, Chaoyang District, Beijing P. R. China 100101

Price for advanced Rooms: RMB 620/day (include Chinese-style breakfast)(Four star)

2. Aoyou Hotel Address: No. 8 North Star East Road, Chaoyang District, Beijing ( 10 minutes walk to conference center)

single room: RMB 240(including Breakfast),  
Double room: RMB 320(including breakfast).

Travel

How to obtain a visa for the event

  • Invitation letter will be sent out for overseas attendees after registration.
  • For detailed information on obtaining a business visa for this event, please refer to Chinese embassy

Chapter Leader Workshop

What is the Chapter Leader Workshop?

On Wednesday, November 9, 2011 at 2:30pm-5:30pm the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. Please note that this Workshop will take place on the day before the Conference starts.


Items that will be discussed are:

  • How to improve the current Chapter Leader Handbook?
  • How to start and support new chapters within the Asia/Pacific region?
  • How to support inactive chapters in the Asia/Pacific region?
  • What Governance model is required for OWASP chapters?
  • How can the Global Chapters Committee facilitate the Asian OWASP chapters?
  • ...


Additionally we hope to make time and space available to do hands-on work revising the Chapter Leader Handbook, details TBA.


Funding to Attend the Workshop

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Asia, please submit a request to Tin Zaw and Sarah Baso by September 15, 2011.


Funding for your attendance to the workshop should be worked out in the following order.

  1. Ask your employer to fund your trip to AppSec Asia conference.
  2. Utilize your chapter funds.
  3. Ask the chapter committee for funding assistance.


While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. After September 15, we will make funding decision in a fair and transparent manner. When you apply for funding, please highlight your past contributions to OWASP and your future plans for the local chapter and OWASP.


RSVP and Details

To RSVP and view more details about the Workshop, go to the OWASP Global AppSec Asia 2011 chapters workshop agenda.


Contact

Email Sarah Baso or Tin Zaw for more details.