This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "OWASP Ireland AppSec 2009 Conference"

Jump to: navigation, search
(Agenda and Presentations - September 10)
(By Air)
Line 148: Line 148:
===By Air===
===By Air===
Fly to Dublin Airport.<br>
A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus)<br>
===Public Transport===
===Public Transport===

Revision as of 09:59, 27 March 2009

Welcome to the Irish OWASP Application Security Conference!
After successful OWASP Conferences in the United States, Europe and Aisa, its Ireland's turn on September 10 2009!

September 10th 2009: OWASP will hold its first Irish Application Security conference in historic Dublin University, Trinity College, Dublin, Ireland. The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.

For more details please contact: Eoin.Keary 'at'

Conference Location

Agenda and Presentations - September 10

The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.

Day 1 - September 10, 2009
Track 1: Room 1 Track 2: Room 2
08:00-09:00 Registration and Coffee
09:00-09:10 Welcome to OWASP Ireland 2009 Conference

Eoin Keary & Tom Brennan, OWASP

09:10-09:45 Keynote: Title: TBA

Ian O. Angell, Professor of Information Systems. London School of Economics

09:45-10:20 OWASP State of the Union

Tom Brennan & Dave Wichers, OWASP Board Members

10:20-10:40 Break - Expo
10:40-11:20 SQL Injection - how far does the rabbit hole go?

Justin Clarke, Gotham Digital Science


Conor McGovernan, Onformonics Ltd

11:20-12:00 Title

Rogan Dawes, Corsaire

Designing Secure Web Applications With Application Threat Modeling

Marco Morana, OWASP Cincinnati chapter lead

12:00-12:30 Title

Arturo Busleiman, Organisation


Speaker, Organisation

12:30-14:00 Lunch - Expo
14:00-14:40 Title

Dave Wichers, Aspect Security

A Software Security Maturity Model

Brian Chess, Fortify

14:50-15:50 Keynote: Title: TBA

Danny Allen, Director of security research with IBM Rational

15:50-16:10 Break - Expo
16:10-17:00 Title

Name, Organisation


Name, Organisation

17:00-18:00 Panel: tbd

Moderator: tbd
Panelists: tbd

18:00-21:00 OWASP Social Gathering: Dinner and Drinks

Event Sponsorship

OWASP is providing sponsors exclusive access to its audience in Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers. The conference is expected to draw 150 - 200 technologists who will be looking for ways to spend their remaining 2009 budget and planning for 2010. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.
Sponsorship details are available here: File:Dublin Sponsorship Form.pdf


We intend to hold some application security training also prior to the event day.

Foundations of Web Application Security


Most developers, IT professionals, and auditors learn what they know about application security on the job, usually by making mistakes. Application security is just not a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their IT security efforts. This powerful one day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

This course includes coverage of the following common vulnerability areas (the OWASP Top 10):

A1 - Cross Site Scripting (XSS)

A2 - Injection Flaws

A3 - Malicious File Execution

A4 - Insecure Direct Object Reference

A5 - Cross Site Request Forgery (CSRF)

A6 - Information Leakage and Improper Error Handling

A7 - Broken Authentication and Session Management

A8 - Insecure Cryptographic Storage

A9 - Insecure Communications

A10 - Failure to Restrict URL Access

Hands on

To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities. The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises


Developers who want to understand the most common web application security flaws, and how to avoid them.




Basic knowledge of Java.

Bringing your own windows based laptop is recommended so you can participate in the hands on exercises.


Full day

Web Services Security - Introduction to web services security.


Trinity College, Dublin,-95.677068&sspn=33.29802,78.75&ie=UTF8&ll=53.346222,-6.259203&spn=0.012246,0.038452&z=15&iwloc=addr


By Air

Fly to Dublin Airport.
A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus)

Public Transport


Please see here if you wish to stay within the grounds of Trinity College:


The fee for this conference is :
Standard: 150 Euros
OWASP Members: 110 Euros
Students: 75 Euros

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

Booking via the OWASP Conference Cvent site at: tbd

Conference Committee

OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at'

2009 Ireland Planning Committee Chair: Eoin Keary - Ernst & Young - eoin.keary 'at'

Vendor Exhibition Chair: tbd

Refereed Papers Chair: tbd

Call for Papers

The Conference will consist of two tracks covering both technical and risk management topics.

We are seeking presentations on any of the following topics:

  • Web Services and Application Security
  • Common Application related Threats and Risks
  • Business Risks with Application Security
  • Vulnerability Research in Application Security
  • Web Application Penetration Testing
  • OWASP Tools and Projects
  • Secure Coding/Development Practices
  • Technology specific presentations on security such as AJAX, XML, etc.
  • Anything else relating to OWASP and Application Security.

The call for papers/presentations is out. The official closing date for receiving a synopsis of the presentation is June 10th, 2009. Announcements on selected candidates will be provided the first week of July 2009. Complete presentations will need to be submitted by the 2nd of August 2009. All presenters will receive free invitation to the conference, food and refreshments.

For some speakers, OWASP will cover some of the travel costs associated with coming to the conference.

Please submit your presentation topics and an abstract of up to 500 words to Eoin Keary <mailto: [email protected]>