OWASP China Summit 2010

OWASP China Summit 2010 - Beijing China
OWASP China-Mainland Chapterwill host OWASP China Summit 2010 in Beijing China on Oct 20-23, 2010, with two days of training followed by two days of conference. The summit will gather OWASP leaders, security experts, executives, technical thought leaders, developers, scientists and researchers from China and around the world for in-depth discussions of cutting-edge application security issues. The summit will draw participation from major Chinese and global organizations across various verticals including government, information technology, services and consulting, telecommunications, finance, e-commerce, Internet, universities and research institutes. About 800 people are expected to attend the summit, which will be covered by major news media. Panel discussions, vendor exhibit, and dinners will be held at the summit, providing sufficient networking opportunities.

Press Release: OWASP China Summit 2010 Announcement

中文网站
本次会议设有专门的中文网站： OWASP 2010 中国峰会中文网站.

Registration
Please register yourself to attend the OWASP China Summit. General admission is FREE.

Who Should Attend OWASP China Summit 2010:

For student discount, attendees must present proof of enrollment when picking up your badge.
 * Application Developers
 * Application Testers and Quality Assurance
 * Application Project Management and Staff
 * Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
 * Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 * Security Managers and Staff
 * Executives, Managers, and Staff Responsible for IT Security Governance
 * IT Professionals Interesting in Improving IT Security

Questions, please contact: [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

Enrollment & Questions:

 * Ivy: 13510601178, Ivy@owasp.org.cn
 * Rip: 13699898080, rip@owasp.org.cn

Trainer Bios & Course Abstracts

 * More details, please see the summit Chinese website (详情请见峰会中文网站）.

Agenda: Oct 22
Detailed Agenda in Chinese (详细会议日程).

Chenxi Wang, PhD
应用安全是很多企业安全部门的重要运行目标. 在这个报告中我们将分析全球应用安全市场动态，并看一下世界的一些领先机构是怎样在内部推广和运行应用安全产品. 我们将分析一些金融界和保险行业的成功案例 ，看一下这些公司是怎样把应用安全产品分门别类融进他们的日常运行程序，并怎样克服运行中遇到的困难. 最后我们还将讨论应用安全产品的发展和研究趋势.

Wong Onn Chee
Outbound monitoring of enterprise web servers is an oft-neglected aspect in the overall security of an enterprise web infrastructure.When outbound monitoring is missing, risks from information leakage and transmission of malware are ever present. Onn Chee will walk through the most common causes of information leakage and malware transmission from web servers. Anonymised case studies of major US and Chinese organisations will be presented for the audience to have a better understanding.

Kenny Lee
This presentation is based on the Verizon Business Data Breach Investigations Report1 (DBIR) and will be delivered by Kenny Lee, one of the contributors of  the report. The DBIR is a collaborative effort between the United States Secret Service Cyber Intelligence Section and Verizon Business to collect and analyse  what we believe to be the world’s largest study of data breaches consisting of  over 900 cases and 900 million compromised records across six years of first  hand forensic investigations. We have learned a great deal from this journey and we’re glad to have the opportunity to share these findings with you. As always, our goal is that the data and analysis presented in this report prove helpful to the planning and security  efforts of the audience. Many of the lessons learnt from this study strongly indicated the need for improvements in web application security. Data breaches are often a series of simple oversights that culminate in a significant event where huge amounts of data are stolen. We will discuss the most common issues through the use of statistics, war stories and case studies. Key recommendations will be discussed that we believe will help your organisation not be the next victim of a data breach. More information can be found at Verizon Business website.
 * Executive Summary in Chinese (中文摘要）

Pravir Chandra
Integrating security activities into the software development process remains a challenge for most organizations despite the existence of several secure SDLC models. We've learned from experience that the hard questions of "what", "when", and "how much" require answers customized to each organization and there are no simple, one-size-fits-all answers. To help organizations find their own answers, this session will introduce the Open Software Assurance Maturity Model (OpenSAMM), a flexible framework for building a balanced software security assurance (SSA) program. Using the framework, attendees will learn how to self-assess their security activities and use roadmap templates to improve in small and measurable iterations. We'll also talk about several real-world case studies that demonstrate the framework in action. Time allowing, additional case studies will also be discussed. OpenSAMM is an open a free project and has recently been donated to the Open Web Application Security Project (OWASP) Foundation. For more information on OpenSAMM, visit http://www.opensamm.org/.

Diamond Sponsors:
http://www.owasp.org/images/2/27/Dbappsecurity_logo.gif 安恒信息 https://www.owasp.org/images/9/98/Armorize.png

Gold Sponsors:
http://www.owasp.org.cn/images/stories/logo.png http://www.owasp.org/images/4/4d/VenusTech_logo.gif http://www.owasp.org.cn/images/stories/ankkilog.png深圳昂楷科技有限公司 http://www.honkwin.com/images/demo_03.gif红科网安(北京)科技有限公司

Supporting Sponsors:
http://www.owasp.org/images/f/ff/Huawei_Logo.gif 华为

微软中国

南京翰海源

Educational Sponsors:
http://www.owasp.org/images/1/15/ISCAS_logo.gif中国科学院软件研究所 http://www.owasp.org/images/2/21/InfoSec_Lab_PKU_logo.gif

Organizing Partners:
http://www.idcquan.com/images/logo2009.gif http://www.seczone.org/templates/jsn_epic_pro/images/logo.png http://www.nsace.org.cn/templets/images/toplogo.gif

Media Partners:
OWASP media resources and China mainstream IT Medias publicize this web application security summit in every rolling stage. Participated Medias include: http://image.chinabyte.com/w/pic/logo.gif http://www.it168.com/himages/logo.gif http://images.51cto.com/images/index/Images/Logo.gif http://www.cww.net.cn/images/top_logo.jpg http://image.ccidnet.com/www/logo.jpg, CTOCIO, etc.
 * Print Media：CIW, CNW, 365master, TTM, CCW, CISMAG, CBINEWS, etc
 * Network Media:

Sponsor US!
We are still soliciting sponsors for the OWASP China Summit. An exhibit hall will be held for vendor booths and presentations. For more details, please see the OWASP China Summit 2010 Investment Guide [English][Chinese]. Slots are going fast so contact [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team] to sponsor today!

Contact

 * [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team]

Organizers

 * Local host:
 * [mailto:rip@owasp.org Rip Torn] OWASP China-Mainland Chapter Chair
 * [mailto:Ivy@owasp.org.cn Ivy Zhang] OWASP China-Mainland Chapter Summit Secretary
 * Overseas:
 * [mailto:weilin.zhong@owasp.org Weilin Zhong]
 * [mailto:heleng@owasp.org Helen Gao]
 * [mailto:ggf.ish@gmail.com Zhendong Yu]

Conference Committee

 * [mailto:rip@owasp.org Rip Torn] 万振华，Chair of OWASP China Mainland chapter
 * [mailto:frank.fan@dbappsecurity.com.cn Frank Fan] 范渊，Vice President of OWASP China Mainland chapter, President of DBAPPSecurity Ltd.
 * [mailto:weilin.zhong@owasp.org Weilin Zhong] 钟卫林，Lead of OWASP Chinese Project and Honeycomb Project, Senior Info Sec Eng at Wells Fargo, CISSP
 * [mailto:heleng@owasp.org Helen Gao] 高雯，Lead of OWASP Long Island Chapter and OWASP Chinese Project, CISSP
 * [mailto:ggf.ish@gmail.com Zhendong Yu] 于振东， OWASP Chinese Project, Co-Founder, VP Engineering, Innovative Query Inc, CISSP
 * [mailto:eric@owasp.org.cn Eric Chio] 趙嘉言, Lead of OWASP Shanghai Chapter, Microsoft.
 * [mailto:nsace2009@gmail.com Jianchun Jiang] 蒋建春 - Lead of OWASP Beijing Chapter, Associate Professor, The Software Institute, Chinese Academy of Sciences, 中科院软件所副研究员. NSACE 负责人
 * [mailto:wangjie8578@yahoo.com.cn Jie Wang] 王颉 - High Speed Network Group, Dept of Electronic and Electrical Engineering, Loughborough Univ.,UK.
 * [mailto:wayne@armorize.com Wayne Huang] 黃耀文 - OWASP conference committee, OWASP Taiwan Chapter Chair, Founder and CEO of Armorize Technology.
 * [mailto:ivy@owasp.org.cn, Ivy Zhang] 张小姐 - OWASP China Summit Secretary, OWASP China-Mainland Chapter, 会务秘书

Volunteers Needed!
Get involved! We will take all the help we can get to pull off the best Web Application Security Conference of the year! E-mail the [mailto:weilin.zhong@owasp.org OWASP China Summit 2010 Organization Team].

Venue
Hotel Nikko New Century Beijing Conference Center

Hotel
Hotel Nikko New Century Beijing 北京新世纪日航酒店 北京市海淀区首体南路6号


 * Add: No.6 Southern Road, Capital Gym, Haidian District, Beijing 100044
 * Tel: 86-10-6849 2001
 * Fax: 86-10-6849 1103
 * http://www.newcenturyhotel.com.cn

http://www.owasp.org.cn/images/stories/hotel.jpg

Hotel Booking

 * Mention attending the "OWASP China Summit", you can get the discount prices.
 * The summit local team is happy to book the hotel for you, please contact:
 * Peter Zhang
 * Email: market02@owasp.org.cn
 * Tel: 010-85655622
 * Fax: +86-10-85653108
 * For more detail information, please see the summit Chinese website (详情请见峰会中文网站）.

Travel
How to obtain a visa for the event
 * Invitation letter will be sent out for overseas attendees after registration.
 * For detailed information on obtaining a business visa for this event, please refer to Chinese embassy
 * More questions, please contact [mailto:heleng@owasp.org Helen Gao]