This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP IRELAND 2010"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
+
   
  
 
Welcome to the Irish OWASP Application Security Conference!<br>
 
Welcome to the Irish OWASP Application Security Conference!<br>
  
Its Ireland's turn again&nbsp;on '''September 17, 2010'''
+
Its Ireland's turn again&nbsp;on '''September 17, 2010'''  
 
 
  
 +
<br>
  
 
'''September 17th 2010''': OWASP will hold its second Irish Application Security conference in&nbsp;Dublin University, Trinity College, Dublin, Ireland.  
 
'''September 17th 2010''': OWASP will hold its second Irish Application Security conference in&nbsp;Dublin University, Trinity College, Dublin, Ireland.  
Line 11: Line 11:
 
The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.  
 
The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.  
  
'''Training:'''<br> '''''Secure Application Development: Writing secure code (and testing it)''''' training is to be delivered on the 16 September, following the very successful model delivered in 2009 (see more details below)
+
'''[http://www.owasp.org/index.php/OWASP_IRELAND_2010#Training Training]:'''<br>'''''Secure Application Development: Writing secure code (and testing it)''''' training is to be delivered on the 16 September, following the very successful model delivered in 2009 (see more details below)  
 
 
  
 +
<br>
  
 
For more details please contact: Eoin.Keary 'at' owasp.org  
 
For more details please contact: Eoin.Keary 'at' owasp.org  
  
== Conference Location ==
+
== Conference Location ==
  
 
[[Image:AppSecIreland09 Dublin.JPG|www.tcd.ie]]  
 
[[Image:AppSecIreland09 Dublin.JPG|www.tcd.ie]]  
Line 23: Line 23:
 
<br>
 
<br>
  
== Event Sponsorship ==
+
== Event Sponsorship ==
OWASP is providing sponsors exclusive access to its audience in Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers. The conference is expected to draw 150 - 200 technologists who will be looking for ways to spend their remaining 2010 budget and planning for 2010/11. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented. <br>Sponsorship details are available here:&nbsp;  
+
 
Please review or sponsorship proposal:&nbsp;[http://www.owasp.org/images/c/c8/OWASP_sponsorship_Master.pdf Click_here]  
+
OWASP is providing sponsors exclusive access to its audience in Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers. The conference is expected to draw 150 - 200 technologists who will be looking for ways to spend their remaining 2010 budget and planning for 2010/11. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented. <br>Sponsorship details are available here:&nbsp; Please review or sponsorship proposal:&nbsp;[http://www.owasp.org/images/c/c8/OWASP_sponsorship_Master.pdf Click_here]  
 
<center>
 
<center>
 
&nbsp;
 
&nbsp;
 
</center>
 
</center>
 
=== Sponsors  ===
 
=== Sponsors  ===
'''Silver Sponsors'''
+
 
 +
'''Silver Sponsors'''  
 
<center>
 
<center>
[[Image:Cenzic_small_2.GIF]]
+
[[Image:Cenzic small 2.GIF]]
 
</center>
 
</center>
 
=== Supported by  ===
 
=== Supported by  ===
Line 38: Line 39:
 
[[Image:Irisss small.jpg]] [[Image:IISF.jpg]] [[Image:Iia-logo-small.jpg]]
 
[[Image:Irisss small.jpg]] [[Image:IISF.jpg]] [[Image:Iia-logo-small.jpg]]
 
</center>
 
</center>
 
 
== Agenda and Presentations - September 17  ==
 
== Agenda and Presentations - September 17  ==
  
Line 60: Line 60:
 
|-
 
|-
 
| style="background: #7b8abd; width: 10%" | 09:15 - 10:15  
 
| style="background: #7b8abd; width: 10%" | 09:15 - 10:15  
| style="background: #f2f2f2; width: 80%" align="center" colspan="2" | '''Keynote: "Application Security in the Real World"''' - Considerations for AppSec in non-security companies.
+
| style="background: #f2f2f2; width: 80%" align="center" colspan="2" | '''Keynote: "Application Security in the Real World"''' - Considerations for AppSec in non-security companies.  
'''''[[John_Viega|John Viega&nbsp;]]&nbsp;'''''Executive Vice President, Perimeter E-Security
+
'''''[[John Viega|John Viega&nbsp;]]&nbsp;'''''Executive Vice President, Perimeter E-Security  
  
 
'''Location: Joly Theatre'''
 
'''Location: Joly Theatre'''
Line 197: Line 197:
 
Full day - 8 Hours<br>
 
Full day - 8 Hours<br>
  
= Venue =
+
= Venue =
  
 
Trinity College, Dublin <br>[http://www.tcd.ie/Maps/map.php?q=hamilton+building Map of hamilton Building Location]  
 
Trinity College, Dublin <br>[http://www.tcd.ie/Maps/map.php?q=hamilton+building Map of hamilton Building Location]  
Line 203: Line 203:
 
[http://www.tcd.ie/Maps/map.php?q=dining+hall Dining Hall location]  
 
[http://www.tcd.ie/Maps/map.php?q=dining+hall Dining Hall location]  
  
= Transportation =
+
= Transportation =
  
=== By Air ===
+
=== By Air ===
  
 
<br>Fly to Dublin Airport: http://www.dublinairport.com/ <br>A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus)<br>
 
<br>Fly to Dublin Airport: http://www.dublinairport.com/ <br>A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus)<br>
  
=== Public Transport ===
+
=== Public Transport ===
  
= Accommodation =
+
= Accommodation =
  
 
Please see here if you wish to stay within the grounds of Trinity College:<br>http://www.owasp.org/images/2/20/TCD_Tariff_2009.pdf  
 
Please see here if you wish to stay within the grounds of Trinity College:<br>http://www.owasp.org/images/2/20/TCD_Tariff_2009.pdf  
Line 227: Line 227:
 
'''Note''': To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.  
 
'''Note''': To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.  
  
'''Cvent Registration Link: [http://guest.cvent.com/i.aspx?4W%2cM3%2c679c382d-35c2-4815-a399-c2c3a95ebfd7 Click-Here]'''
+
'''Cvent Registration Link: [http://guest.cvent.com/i.aspx?4W%2cM3%2c679c382d-35c2-4815-a399-c2c3a95ebfd7 Click-Here]'''  
  
 
= Conference Committee  =
 
= Conference Committee  =
Line 235: Line 235:
 
Eoin Keary -&nbsp;eoin.keary 'at' owasp.org  
 
Eoin Keary -&nbsp;eoin.keary 'at' owasp.org  
  
 
+
<br>
  
 
Fabio Cerullo&nbsp; - fcerullo 'at' owasp.org  
 
Fabio Cerullo&nbsp; - fcerullo 'at' owasp.org  
  
Rahim Jina - rahim.jina 'at' owasp.org
+
Rahim Jina - rahim.jina 'at' owasp.org  
  
= Call for Papers =
+
= Call for Papers =
  
 
The Conference will consist of two tracks covering both technical and risk management topics.  
 
The Conference will consist of two tracks covering both technical and risk management topics.  
Line 263: Line 263:
 
'''For some speakers, OWASP will cover some of the travel costs associated with coming to the conference.'''  
 
'''For some speakers, OWASP will cover some of the travel costs associated with coming to the conference.'''  
  
 
+
<br>
  
 
'''Please submit your presentation topics and an abstract of up to 500 words to Eoin Keary''' &lt;mailto: [email protected]&gt;
 
'''Please submit your presentation topics and an abstract of up to 500 words to Eoin Keary''' &lt;mailto: [email protected]&gt;

Revision as of 11:24, 15 June 2010

 

Welcome to the Irish OWASP Application Security Conference!

Its Ireland's turn again on September 17, 2010


September 17th 2010: OWASP will hold its second Irish Application Security conference in Dublin University, Trinity College, Dublin, Ireland.

The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.

Training:
Secure Application Development: Writing secure code (and testing it) training is to be delivered on the 16 September, following the very successful model delivered in 2009 (see more details below)


For more details please contact: Eoin.Keary 'at' owasp.org

Conference Location

www.tcd.ie


Event Sponsorship

OWASP is providing sponsors exclusive access to its audience in Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers. The conference is expected to draw 150 - 200 technologists who will be looking for ways to spend their remaining 2010 budget and planning for 2010/11. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.
Sponsorship details are available here:  Please review or sponsorship proposal: Click_here

 

Sponsors

Silver Sponsors

Cenzic small 2.GIF

Supported by

Irisss small.jpg IISF.jpg Iia-logo-small.jpg

Agenda and Presentations - September 17

The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.

Hamilton Building, TCD - September 17, 2010
Track 1: Synge Theatre Track 2: Salmon Theatre
08:00-09:00 Registration and Coffee
09:00 - 09:10 Welcome to OWASP Ireland 2010 Conference

Eoin Keary, Fabio & Rahim OWASP
Location: Joly Theatre

09:15 - 10:15 Keynote: "Application Security in the Real World" - Considerations for AppSec in non-security companies.

John Viega  Executive Vice President, Perimeter E-Security

Location: Joly Theatre

10:20 - 10:40

OWASP "State of the Nation"

Eoin KearyDinis Cruz

OWASP Global board members

10:45 - 11:10 Break - Expo
11:10 - 11:45

"Testing the Enterprise E-mail Security - from Software to Cloud-based Services"
Dr. Marian Ventuneac

"Setting up a Security Development Lifecycle for the first time"


Sébastien Gioria

11:50 - 12:30

"The Evolution of Security Testing: Testing the Resiliency of Security"

David Stubley (GIAC)

12:40 - 13:10

"Technology and Business Risk Management: How Application Security Fits In!

Peter Perfetti

13:10 - 14:10 Lunch - TCD Dining Hall, buffet Lunch
1410 - 15:00 Keynote: "The changing face of cryptography"

Professor Fred Piper, BSc, PhD (London), ARCS, DIC, CEng, CMath, FIEE, FIMA, BCS, CISSP, CISM.

Location: Joly Theatre

15:10 - 15:50


16:00 - 16:40


16:50 - 17:50

Keynote: "Hackers and Hollywood: The Implications of the Popular
Media Representation of Computer Hacking"

Damian Gordon Phd, School of Computing Dublin Institute of Technology.

Location: Joly Theatre

17:50 - 18:00 Wrap-Up
18:00-21:00 OWASP Social Gathering

Training

We intend to hold some application security training on the 16/09/2010 the day prior to the event.
This can be booked when booking a ticket to the event.
Fee: €495

Secure Application Development: Writing secure code (and testing it)

Trainers:

Eoin Keary  Senior Manager, Ernst & Young, OWASP Board Member

Rahim Jina Senior Consultant, Ernst & Young, OWASP Ireland chapter board.


Abstract
Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand.

Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.  The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

This course includes coverage of the following areas:

  • Unvalidated Input
  • Injection Flaws
  • Cross-Site Scriping
  • CSRF
  • Authentication & Session Management
  • Access control & Authorisation
  • Broken Caching
  • Error Handling
  • Cryptography
  • Resource Management
  • Rich Internet Applications & Webservices
  • The Secure SDLC


Hands on

To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat etc) that has been seeded with common web application vulnerabilities. The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises.

Audience

Developers who want to understand the most common web application security flaws, and how to avoid them and code in a secure manner

Level

Intermediate

Prerequisite

Basic knowledge of a web programming language like Java or .NET recommended but not required.

Bringing your own windows based laptop is recommended so you can participate in the hands on exercises.

Duration

Full day - 8 Hours

Venue

Trinity College, Dublin
Map of hamilton Building Location

Dining Hall location

Transportation

By Air


Fly to Dublin Airport: http://www.dublinairport.com/
A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus)

Public Transport

Accommodation

Please see here if you wish to stay within the grounds of Trinity College:
http://www.owasp.org/images/2/20/TCD_Tariff_2009.pdf

Hotels Surrounding Trinity College:

http://maps.google.com/maps?near=Dame+Street,+College+Green,+Dublin+2,+Ireland+(Trinity+College+Campus)&geocode=Cfm6cyTmqt_IFev1LQMdLZCg_yFJu3aKhBD7GA&q=hotels&f=l&dq=Trinity+College+loc:+Dublin+Ireland&sll=53.341482,-6.258302&sspn=0.012043,0.037637&ie=UTF8&ei=U6TMSZSzKpSw2QLG_-CUCA&attrid=1036f063d3d0dafc_&ll=53.343711,-6.254568&spn=0.012042,0.037637&z=15

Registration

'The fee for this conference is :
Standard: €150 Euro
OWASP Members: €100 Euro

Training: €495

Membership of OWASP is not required to attend the event.

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

Cvent Registration Link: Click-Here

Conference Committee

2010 Ireland Planning Committee Chair:

Eoin Keary - eoin.keary 'at' owasp.org


Fabio Cerullo  - fcerullo 'at' owasp.org

Rahim Jina - rahim.jina 'at' owasp.org

Call for Papers

The Conference will consist of two tracks covering both technical and risk management topics.

We are seeking presentations on any of the following topics:

  • Web Services and Application Security
  • Common Application related Threats and Risks
  • Business Risks with Application Security
  • Vulnerability Research in Application Security
  • Web Application Penetration Testing
  • OWASP Tools and Projects
  • Secure Coding/Development Practices
  • Technology specific presentations on security such as AJAX, XML, etc.
  • Anything else relating to OWASP and Application Security.

The call for papers/presentations is out. The official closing date for receiving a synopsis of the presentation is June 10th, 2010. Announcements on selected candidates will be provided the first week of July 2010. Complete presentations will need to be submitted by the 2nd of August 2010.

All presenters will receive free invitation to the conference, food and refreshments.

For some speakers, OWASP will cover some of the travel costs associated with coming to the conference.


Please submit your presentation topics and an abstract of up to 500 words to Eoin Keary <mailto: [email protected]>