This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Ireland AppSec 2009 Conference"

From OWASP
Jump to: navigation, search
(Agenda and Presentations - September 10)
(Agenda and Presentations - September 10)
 
(70 intermediate revisions by 8 users not shown)
Line 1: Line 1:
 +
[[Image:Ireland09.png|right]]
 +
 
Welcome to the Irish OWASP Application Security Conference!<br>  
 
Welcome to the Irish OWASP Application Security Conference!<br>  
After successful OWASP Conferences in the United States, Europe and Aisa, its Ireland's turn on September 10 2009!
+
After successful OWASP Conferences in the United States, Europe and Asia, its Ireland's turn on September 10, 2009!
  
 
'''September 10th 2009''': OWASP will hold its first Irish Application Security conference in historic Dublin University, Trinity College, Dublin, Ireland.  
 
'''September 10th 2009''': OWASP will hold its first Irish Application Security conference in historic Dublin University, Trinity College, Dublin, Ireland.  
 
The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.
 
The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.
 +
 +
'''Training:''' We are also offering our first web application security training course, the Foundations of Web Application Security, the day prior to the conference ('''Sept. 9th'''). See [[OWASP_Ireland_AppSec_2009_Conference#Training | below for more details]].
  
 
For more details please contact: Eoin.Keary 'at' owasp.org
 
For more details please contact: Eoin.Keary 'at' owasp.org
Line 12: Line 16:
  
 
'''Registration via the OWASP Conference Cvent site: [http://guest.cvent.com/i.aspx?4W,M3,3fab8a14-3803-47f9-b8d2-35a67077c878 CLICK HERE TO REGISTER]'''
 
'''Registration via the OWASP Conference Cvent site: [http://guest.cvent.com/i.aspx?4W,M3,3fab8a14-3803-47f9-b8d2-35a67077c878 CLICK HERE TO REGISTER]'''
 +
 +
 +
==Silver Sponsors==
 +
<center>
 +
[[Image:IBM logo blue high res - small.jpg]]
 +
</center>
 +
===Sponsors===
 +
<center>
 +
[[Image:Fortify_Logo_(Small).gif]]
 +
[[Image:Onformonics-Logo_small.png]]
 +
[[Image:Realex-small.jpg]]
 +
 +
</center>
 +
 +
===Supported by===
 +
<center>
 +
[[Image:Irisss_small.jpg]]
 +
[[Image:IISF.jpg]]
 +
[[Image:Iia-logo-small.jpg]]
 +
</center>
  
 
==Agenda and Presentations - September 10==
 
==Agenda and Presentations - September 10==
Line 18: Line 42:
  
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
  ! colspan="3" align="center" style="background:#4058A0; color:white" | Day 1 - September 10, 2009
+
  ! colspan="3" align="center" style=background:#BCA57A"; color:white" | [http://www.tcd.ie/Maps/map.php?q=hamilton+building Hamilton Building, TCD] - September 10, 2009
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1: Room 1
+
  | style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1: Synge Theatre
  | style="width:40%; background:#BCA57A" | Track 2: Room 2
+
  | style="width:40%; background:#BCA57A" | Track 2: Salmon Theatre
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee
 
  | style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 09:00-09:10 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Welcome to OWASP Ireland 2009 Conference  
 
  | style="width:10%; background:#7B8ABD" | 09:00-09:10 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Welcome to OWASP Ireland 2009 Conference  
''[[User:EoinKeary | Eoin Keary]] & [http://www.proactiverisk.com Tom Brennan], OWASP''
+
'''''[[User:EoinKeary | Eoin Keary]] & [http://www.linkedin.com/in/tombrennan Tom Brennan]''', OWASP'' <br> '''Location: Joly Theatre'''
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 09:10-10:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: Title: TBA
+
  | style="width:10%; background:#7B8ABD" | 09:10-10:00 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | '''Keynote: [[Digital Security: A Risky Business]] [http://www.owasp.org/index.php/File:Handout.doc handout]'''
'''[[Ian O. Angell]]''', ''Professor of Information Systems. London School of Economics''
+
'''[[Ian O. Angell]]''', ''Professor of Information Systems. London School of Economics''<br> '''Location: Joly Theatre'''
  
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:05-10:30 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP 3.0 where we are and where we are going?
+
  | style="width:10%; background:#7B8ABD" | 10:05-10:30 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | '''OWASP 3.0 where we are and where we are going?'''
''[http://www.proactiverisk.com Tom Brennan] & [[User:Wichers|Dave Wichers]], OWASP Board Members''
+
'''''[http://www.linkedin.com/in/tombrennan Tom Brennan] & [[User:Wichers|Dave Wichers]]''', '''[[User:Dinis.cruz|Dinis Cruz]]''' OWASP Board Members'' <br>'''Location: Joly Theatre'''
 
  |-
 
  |-
 
  | style="width:10%; background:#7B8ABD" | 10:30-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo
 
  | style="width:10%; background:#7B8ABD" | 10:30-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | Title
+
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | '''[[Organizing a Defensive Posture – Integrating Web App Testing, Source Code Analysis, and WAF’s]]''''' '''[[Frederick Donovan]], Attack Logic [http://www.owasp.org/index.php/File:Building_a_Defensive_Posture_OWASP_Ireland_2009.ppt PPT]'''
'''''Name, Organisation'''''
 
  
  | style="width:40%; background:#BCA57A" align="left" | [[Who can afford to build secure web applications?]]
+
  | style="width:40%; background:#BCA57A" align="left" | '''[[Who can afford to build secure web applications?]]'''<br> '''[[Conor McGovernan]]''', Onformonics Ltd, '''[[David Lowry]]''', Green Island
'''''[[Conor McGovernan]], [[David Lowry]], Onformonics Ltd''' ''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 11:20-12:00 || style="width:40%; background:#BC857A" align="left" | [[SQL Injection - how far does the rabbit hole go?]]
+
  | style="width:10%; background:#7B8ABD" | 11:20-12:00 || style="width:40%; background:#BC857A" align="left" | '''[[SQL Injection - how far does the rabbit hole go?]]'''
 
'''''[[Justin Clarke]]''', '''Gotham Digital Science'''''
 
'''''[[Justin Clarke]]''', '''Gotham Digital Science'''''
  | style="width:40%; background:#BCA57A" align="left" | '''[[Designing Secure Web Applications With Application Threat Modeling]]'''
+
  | style="width:40%; background:#BCA57A" align="left" | '''[[Threat modeling; A risk management approach ]]'''
'''''[[Marco Morana]]''', '''OWASP Cincinnati chapter lead'''''
+
'''''[[John Steven]]''', '''Cigital'''''
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:40%; background:#BC857A" align="left" | [[Web Application Security Testing with the Burp Suite]]
+
  | style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:40%; background:#BC857A" align="left" | '''[[The Principles of Secure Development]] [http://www.owasp.org/images/4/43/OWASP-SecureDevPrinciples-David-Rook.pdf PDF]'''
'''''[[David Rook]]''', Realex Payments''
+
'''''[[David Rook]]''', '''Realex Payments'''
  | style="width:40%; background:#BCA57A" align="left" | Title
+
  | style="width:40%; background:#BCA57A" align="left" | '''[[Developing an Effective IT Risk Assessment Arsenal]]'''
''Speaker, Organisation''
+
''[[Fabio Cerullo, Niall Lavery]], Allied Irish Bank''
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo
+
  | style="width:10%; background:#7B8ABD" | 12:30-13:45 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - [http://www.tcd.ie/Maps/map.php?q=dining+hall TCD Dining Hall], buffet Lunch
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 13:45-14:45 || style="width:40%; background:#BC857A" align="left" | How to Avoid Flaws in the First Place: The OWASP Enterprise Security API (ESAPI) Project  
+
  | style="width:10%; background:#7B8ABD" | 13:45-14:30 || style="width:40%; background:#BC857A" align="left" | '''[[How to Avoid Flaws in the First Place: The OWASP Enterprise Security API (ESAPI) Project]]''' 
 
'''''[[User:Wichers|Dave Wichers]], Aspect Security'''''
 
'''''[[User:Wichers|Dave Wichers]], Aspect Security'''''
 
+
  | style="width:40%; background:#BCA57A" align="left" rowspan=2 | '''[[The End of Alchemy. Empirical Software Security Assurance]] [http://www.owasp.org/index.php/File:Empirical_Software_Security_Assurance.ppt PPT]'''
  | style="width:40%; background:#BCA57A" align="left" | '''[[The End of Alchemy. Empirical Software Security Assurance]]'''
+
'''''[[David Harper]], Fortify'''''
'''''[[Brian Chess]], Fortify'''''
+
|-
 +
| style="width:10%; background:#7B8ABD" | 14:30-14:45 || style="width:40%; background:#BC857A" align="left" | '''[http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf OWASP O2 Platform - Open Platform for automating application security knowledge and workflows]'''
 +
'''''[[User:Dinis.cruz|Dinis Cruz]]'''''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 14:50-15:50 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: Title: '''[[Web Application Security for a Smarter Planet]] [http://www.owasp.org/images/d/df/OWASP_-_Smarter_Planet.pdf PDF]'''
 +
'''[[Danny Allan]]''', ''Director of security research with IBM Rational''
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 15:50-16:05 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 14:50-15:50 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: Title: TBA
+
  | style="width:10%; background:#7B8ABD" | 16:05-16:35 || style="width:40%; background:#BC857A" align="left" | '''[[Peter Perfetti]]''', '''[[Technology and Business Risk Management:How Application Security Fits In]] [http://www.owasp.org/index.php/File:OWASP_DUBLIN_Perfetti_Risk_Presentation.ppt PPT]'''''
'''[[Danny Allen]]''', ''Director of security research with IBM Rational''
+
| style="width:40%; background:#BCA57A" align="left" | '''WhiteHat Website Security Statistics Report'''
 +
'''''[http://www.linkedin.com/in/tombrennan Tom Brennan]''', '''WhiteHat Security'''''
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 15:50-16:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo
+
  | style="width:10%; background:#7B8ABD" | 16:40-17:15 || style="width:40%; background:#BC857A" align="left" | '''[[Taint 2.0]]''' , '''[[Yinnon Haviv]] [http://www.owasp.org/index.php/File:Taint_2_0_OWASP_Ireland.ppt PPT]''', '''IBM'''
 +
| style="width:40%; background:#BCA57A" align="left" | '''[[Federated Identity Management - To boldly go]]'''
 +
'''''[[Aidan Carty]]''', '''HEAnet Limited'''''
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 16:10-17:00 || style="width:40%; background:#BC857A" align="left" | ''[[OpenPGP for HTTP - An Introduction to Enigform]]''
+
 
'''''Arturo "[[User:Buanzo|Buanzo]]" Busleiman''', '''Buanzo Consulting'''''
+
  | style="width:10%; background:#7B8ABD" | 17:20-18:00 || colspan="2" style="width:40%; background:#BCA57A" align="left" | Panel:<br>"'''Strategic Changes in Application Security: What is most significant change that results in lowered business risk?'''"
| style="width:40%; background:#BCA57A" align="left" | WhiteHat Website Security Statistics Report
+
Moderator: '''John Steven'''<br/>
'''''[http://www.proactiverisk.com Tom Brennan]''', '''WhiteHat Security'''''
+
Panelists: '''Justin Clarke''', '''Fred Donovan''', '''Danny Allan''', '''Prof. Ian Angell'''
 
  |-
 
  |-
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || colspan="2" style="width:40%; background:#BCA57A" align="left" | Panel: tbd
+
| style="width:10%; background:#7B8ABD" | 18:00-18:05 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Wrap-Up - '''Eoin Keary & Tom Brennan'''
Moderator: tbd<br/>
 
Panelists: tbd
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 18:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering: Dinner and Drinks
+
 
 +
  | style="width:10%; background:#7B8ABD" | 18:30-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering
 
  |-
 
  |-
 
   |}
 
   |}
Line 85: Line 116:
  
 
=Training=
 
=Training=
We intend to hold some application security training on the 9/09/2009 the day prior to the event.
+
We intend to hold some application security training on the 9/09/2009 the day prior to the event.<br>
 
+
'''This can be booked when booking a ticket to the event. <br>
 +
Fee: €450'''
  
 
'''Foundations of Web Application Security'''  
 
'''Foundations of Web Application Security'''  
  
Abstract
+
'''Trainer: [[User:Wichers | Dave Wichers]], COO Aspect Security, OWASP Board Member''' <br>
 
+
<br>
 +
'''Abstract'''
 +
<br>
 
Most developers, IT professionals, and auditors learn what they know about application security on the job, usually by making mistakes. Application security is just not a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their IT security efforts. This powerful one day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.  
 
Most developers, IT professionals, and auditors learn what they know about application security on the job, usually by making mistakes. Application security is just not a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their IT security efforts. This powerful one day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.  
  
This course includes coverage of the following common vulnerability areas (the OWASP Top 10):
+
This course includes coverage of the following common vulnerability areas (the [[Top10|OWASP Top 10]]):
  
 
A1 - Cross Site Scripting (XSS)  
 
A1 - Cross Site Scripting (XSS)  
Line 117: Line 151:
  
 
   
 
   
Hands on
+
'''Hands on'''
  
To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities. The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises
+
To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities. The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises.
+
 
Audience
+
'''Audience'''
  
 
Developers who want to understand the most common web application security flaws, and how to avoid them.
 
Developers who want to understand the most common web application security flaws, and how to avoid them.
 
   
 
   
Level
+
'''Level'''
  
 
Intermediate
 
Intermediate
 
   
 
   
Prerequisite
+
'''Prerequisite'''
  
Basic knowledge of Java.
+
Basic knowledge of a web programming language like Java or .NET recommended but not required.
  
 
Bringing your own windows based laptop is recommended so you can participate in the hands on exercises.
 
Bringing your own windows based laptop is recommended so you can participate in the hands on exercises.
 
   
 
   
Duration
+
'''Duration'''
  
 
Full day
 
Full day
Line 143: Line 177:
  
 
http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=trinity+college+Dublin&sll=37.0625,-95.677068&sspn=33.29802,78.75&ie=UTF8&ll=53.346222,-6.259203&spn=0.012246,0.038452&z=15&iwloc=addr
 
http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=trinity+college+Dublin&sll=37.0625,-95.677068&sspn=33.29802,78.75&ie=UTF8&ll=53.346222,-6.259203&spn=0.012246,0.038452&z=15&iwloc=addr
 +
 +
[http://www.tcd.ie/Maps/map.php?q=hamilton+building Map of hamilton Building Location]
 +
 +
[http://www.tcd.ie/Maps/map.php?q=dining+hall Dining Hall location]
  
 
=Transportation=
 
=Transportation=
Line 158: Line 196:
 
=Accommodation=
 
=Accommodation=
 
Please see here if you wish to stay within the grounds of Trinity College:<br>
 
Please see here if you wish to stay within the grounds of Trinity College:<br>
https://www.owasp.org/images/2/20/TCD_Tariff_2009.pdf
+
http://www.owasp.org/images/2/20/TCD_Tariff_2009.pdf
 
 
  
 
'''Hotels Surrounding Trinity College:'''
 
'''Hotels Surrounding Trinity College:'''
Line 167: Line 204:
 
=Registration=  
 
=Registration=  
  
The fee for this conference is :<br>
+
'''The fee for this conference is :<br>'''
'''Standard''': 150 Euro <br> '''OWASP Members''': 110 Euro <br> '''Students''': 75 Euro<br> '''Application Security Training''': 455 Euro<br>
+
'''Standard''': €150 Euro <br> '''OWASP Members''': €110 Euro <br> '''Students''': €75 Euro<br><br> '''Application Security Training''': €450 Euro '''[[OWASP_Ireland_AppSec_2009_Conference#Training | More Information]]'''<br>
 +
<br>
 +
'''Membership of OWASP is not required to attend the event.'''<br>
 +
 
 +
<span style="color:red">'''Update'''</span> <br>
 +
<span style="color:red">'''Registration fee of €90 if registered before June 30 and €100 if registered by July 31!!!'''</span>
  
 
'''Note''': To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.  
 
'''Note''': To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.  

Latest revision as of 14:25, 21 September 2009

Ireland09.png

Welcome to the Irish OWASP Application Security Conference!
After successful OWASP Conferences in the United States, Europe and Asia, its Ireland's turn on September 10, 2009!

September 10th 2009: OWASP will hold its first Irish Application Security conference in historic Dublin University, Trinity College, Dublin, Ireland. The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.

Training: We are also offering our first web application security training course, the Foundations of Web Application Security, the day prior to the conference (Sept. 9th). See below for more details.

For more details please contact: Eoin.Keary 'at' owasp.org

Conference Location

www.tcd.ie


Registration via the OWASP Conference Cvent site: CLICK HERE TO REGISTER


Silver Sponsors

IBM logo blue high res - small.jpg

Sponsors

Fortify Logo (Small).gif Onformonics-Logo small.png Realex-small.jpg

Supported by

Irisss small.jpg IISF.jpg Iia-logo-small.jpg

Agenda and Presentations - September 10

The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.

Hamilton Building, TCD - September 10, 2009
Track 1: Synge Theatre Track 2: Salmon Theatre
08:00-09:00 Registration and Coffee
09:00-09:10 Welcome to OWASP Ireland 2009 Conference

Eoin Keary & Tom Brennan, OWASP
Location: Joly Theatre

09:10-10:00 Keynote: Digital Security: A Risky Business handout

Ian O. Angell, Professor of Information Systems. London School of Economics
Location: Joly Theatre

10:05-10:30 OWASP 3.0 where we are and where we are going?

Tom Brennan & Dave Wichers, Dinis Cruz OWASP Board Members
Location: Joly Theatre

10:30-10:40 Break - Expo
10:40-11:20 Organizing a Defensive Posture – Integrating Web App Testing, Source Code Analysis, and WAF’s Frederick Donovan, Attack Logic PPT Who can afford to build secure web applications?
Conor McGovernan, Onformonics Ltd, David Lowry, Green Island
11:20-12:00 SQL Injection - how far does the rabbit hole go?

Justin Clarke, Gotham Digital Science

Threat modeling; A risk management approach

John Steven, Cigital

12:00-12:30 The Principles of Secure Development PDF

David Rook, Realex Payments

Developing an Effective IT Risk Assessment Arsenal

Fabio Cerullo, Niall Lavery, Allied Irish Bank

12:30-13:45 Lunch - TCD Dining Hall, buffet Lunch
13:45-14:30 How to Avoid Flaws in the First Place: The OWASP Enterprise Security API (ESAPI) Project

Dave Wichers, Aspect Security

The End of Alchemy. Empirical Software Security Assurance PPT

David Harper, Fortify

14:30-14:45 OWASP O2 Platform - Open Platform for automating application security knowledge and workflows

Dinis Cruz

14:50-15:50 Keynote: Title: Web Application Security for a Smarter Planet PDF

Danny Allan, Director of security research with IBM Rational

15:50-16:05 Break - Expo
16:05-16:35 Peter Perfetti, Technology and Business Risk Management:How Application Security Fits In PPT WhiteHat Website Security Statistics Report

Tom Brennan, WhiteHat Security

16:40-17:15 Taint 2.0 , Yinnon Haviv PPT, IBM Federated Identity Management - To boldly go

Aidan Carty, HEAnet Limited

17:20-18:00 Panel:
"Strategic Changes in Application Security: What is most significant change that results in lowered business risk?"

Moderator: John Steven
Panelists: Justin Clarke, Fred Donovan, Danny Allan, Prof. Ian Angell

18:00-18:05 Wrap-Up - Eoin Keary & Tom Brennan
18:30-21:00 OWASP Social Gathering

Event Sponsorship

OWASP is providing sponsors exclusive access to its audience in Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers. The conference is expected to draw 150 - 200 technologists who will be looking for ways to spend their remaining 2009 budget and planning for 2010. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.
Sponsorship details are available here: File:Dublin Sponsorship Form.pdf

Training

We intend to hold some application security training on the 9/09/2009 the day prior to the event.
This can be booked when booking a ticket to the event.
Fee: €450

Foundations of Web Application Security

Trainer: Dave Wichers, COO Aspect Security, OWASP Board Member

Abstract
Most developers, IT professionals, and auditors learn what they know about application security on the job, usually by making mistakes. Application security is just not a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their IT security efforts. This powerful one day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

This course includes coverage of the following common vulnerability areas (the OWASP Top 10):

A1 - Cross Site Scripting (XSS)

A2 - Injection Flaws

A3 - Malicious File Execution

A4 - Insecure Direct Object Reference

A5 - Cross Site Request Forgery (CSRF)

A6 - Information Leakage and Improper Error Handling

A7 - Broken Authentication and Session Management

A8 - Insecure Cryptographic Storage

A9 - Insecure Communications

A10 - Failure to Restrict URL Access


Hands on

To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities. The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises.

Audience

Developers who want to understand the most common web application security flaws, and how to avoid them.

Level

Intermediate

Prerequisite

Basic knowledge of a web programming language like Java or .NET recommended but not required.

Bringing your own windows based laptop is recommended so you can participate in the hands on exercises.

Duration

Full day

Venue

Trinity College, Dublin

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=trinity+college+Dublin&sll=37.0625,-95.677068&sspn=33.29802,78.75&ie=UTF8&ll=53.346222,-6.259203&spn=0.012246,0.038452&z=15&iwloc=addr

Map of hamilton Building Location

Dining Hall location

Transportation

By Air


Fly to Dublin Airport: http://www.dublinairport.com/
A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus)

Public Transport

Accommodation

Please see here if you wish to stay within the grounds of Trinity College:
http://www.owasp.org/images/2/20/TCD_Tariff_2009.pdf

Hotels Surrounding Trinity College:

http://maps.google.com/maps?near=Dame+Street,+College+Green,+Dublin+2,+Ireland+(Trinity+College+Campus)&geocode=Cfm6cyTmqt_IFev1LQMdLZCg_yFJu3aKhBD7GA&q=hotels&f=l&dq=Trinity+College+loc:+Dublin+Ireland&sll=53.341482,-6.258302&sspn=0.012043,0.037637&ie=UTF8&ei=U6TMSZSzKpSw2QLG_-CUCA&attrid=1036f063d3d0dafc_&ll=53.343711,-6.254568&spn=0.012042,0.037637&z=15

Registration

The fee for this conference is :
Standard: €150 Euro
OWASP Members: €110 Euro
Students: €75 Euro

Application Security Training: €450 Euro More Information

Membership of OWASP is not required to attend the event.

Update
Registration fee of €90 if registered before June 30 and €100 if registered by July 31!!!

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

Registration via the OWASP Conference Cvent site: CLICK HERE TO REGISTER

Conference Committee

OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org

2009 Ireland Planning Committee Chair: Eoin Keary - Ernst & Young - eoin.keary 'at' owasp.org

Call for Papers

The Conference will consist of two tracks covering both technical and risk management topics.

We are seeking presentations on any of the following topics:

  • Web Services and Application Security
  • Common Application related Threats and Risks
  • Business Risks with Application Security
  • Vulnerability Research in Application Security
  • Web Application Penetration Testing
  • OWASP Tools and Projects
  • Secure Coding/Development Practices
  • Technology specific presentations on security such as AJAX, XML, etc.
  • Anything else relating to OWASP and Application Security.

The call for papers/presentations is out. The official closing date for receiving a synopsis of the presentation is June 10th, 2009. Announcements on selected candidates will be provided the first week of July 2009. Complete presentations will need to be submitted by the 2nd of August 2009. All presenters will receive free invitation to the conference, food and refreshments.

For some speakers, OWASP will cover some of the travel costs associated with coming to the conference.

Please submit your presentation topics and an abstract of up to 500 words to Eoin Keary <mailto: [email protected]>