OWASP & WASC AppSec 2007 Conference

Its now the OWASP & WASC AppSec 2007 Conference !!! @ eBay in San Jose, CA Nov 12-15, 2007
OWASP and WASC agreed to join forces to put together an incredible AppSec 2007 Conference for the application security community. A huge concentration of industry leading experts were in attendance presenting high quality web application security content. AppSec 2007 offered a unique opportunity for security professionals, software developers, and IT managers to get up to speed on the latest and greatest attack techniques, defense strategies, and industry trends in an atmosphere of peers. The conference format and venue is also perfect for networking and sharing experiences with others that are down in the trenches.

Conference Schedule and Location
The AppSec 2007 Conference was held at eBay at their facility at: 2211 North First Street in San Jose, CA Nov 12th-15th.

Training Days: November 12th-13th

Cenzic Cocktail Party: Evening of November 12th - at eBay.

Tech Expo: November 13th-14th

Breach Cocktail Party: Evening of November 13th

Main Conference: November 14th-15th

OWASP Conference Dinner: Evening of November 14th

Microsoft and Aspect Security Cocktail Party: Evening of November 15th

== Agenda and Presentations: Wednesday-Thursday - Nov 14th-15th

The agenda followed the general OWASP conference format of two tracks, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing presentations back in the main auditorium both days.

New Web Services Track: In addition, the conference had a 3rd track on the first day. This track focused on Web Services Security which is a new area for OWASP. Gunnar Peterson organized this track.

This conference included presentations from many different OWASP and WASC contributors and leading Application Security professionals, and included closing panels each day.

Training: Monday-Tuesday - Nov 12th-13th
OWASP arranged for a suite of two-day Application Security training courses to be offered prior to the conference. General details about all the tutorials including location and pricing is available here. The tutorials being offered were:

T1. Building and Testing Secure Web Applications

T2. Secure Coding for Java EE

T3. Secure Coding .NET Web Applications

T4. Web Services and XML Security

T5. Leveraging OWASP Tools and Documents to Secure Your Enterprise

T6. Open Source ModSecurity Training

Technology Expo: Tuesday-Wednesday Nov 13th-14th
Leading vendors in the application security space were at the conference for the first time giving technology demonstrations and providing access to their technical staff so they could answer in-depth questions and demonstrate the capabilities of their products or automated managed services.

The technology expo was open from 12PM - 2PM on Nov. 13th (and all tutorial attendees were given a large lunch break during that time to attend the expo). It was also open from 11AM - 6PM on Nov. 14th which was the first day of the conference.

What did conference attendees expect to get out of the Tech Expo?
 * Hands-on time using a vendor's product - The goal was to be able to walk up to vendor with a USB stick of code/binaries/etc. and actually get a taste of how the tool(s) performs, technical features, applicability & appropriateness, etc.
 * Evaluate in a non-sales environment - At the Expo, attendees were provided information about the types of tools being exhibited and independent evaluation criteria where that exists (e.g. the WAFEC from WASC, information from the OWASP_Tools_Project, etc.). It was an opportunity to ask the hard questions and talk to technical folks from the vendors that can answer them.
 * Contact info exchange at your discretion - We did not do badge scanning and the like, so attendees were in control of who they want to follow-up with (via good, old-fashioned business card exchange).

The tech expo vendors for this year's conference were: Applicure, Armorize, Art of Defense, Breach, Cenzic, Cisco, F5, Fortify, Ounce Labs, Veracode, Watchfire, and White Hat

More information about conference sponsorship and participating in a technology expo is available here.

Conference Fees
Standard: $400, OWASP Members: $350, Students: $225, Early Registration Discount (by Oct 12): $50 ($25 for students)

Conference Dinner (Evening of Nov 14th): $50

Conference Tutorial (Two day tutorials Nov 12-13): $1300, $1450 [If not attending the conference], Student Fee: $675

Note: To save on processing expenses, all fees paid for the AppSec 2007 Conference are non-refundable. OWASP can accomodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

Social Events
Breach Cocktail Party: Evening of November 13th @ Fahrenheit Ultra Lounge & Restaurant 99 East San Fernando Street San Jose, CA 95113 6:30PM - 8:30PM Space is Limited so please RSVP: More info and how to RSVP available here. PDF here

OWASP Conference Dinner: Evening of November 14th @ Holiday Inn 1740 N. First Street San Jose, CA 95112 6:30PM - ???PM Register for this event at the conference website. Microsoft and Aspect Security Cocktail Party: Evening of November 15th PDF here @ Holiday Inn 1740 N. First Street San Jose, CA 95112 6:30PM - 8:30PM

Hotel and Transportation Info
OWASP had negotiated rates at the following hotels:

Holiday Inn-San Jose OWASP Rate $129/night King or Double Room You can call reservations at 1-866-241-9878 and ask for the group "OWASP" or reserve your room online here.

Homewood Suites by Hilton- San Jose OWASP Rate $149/night (4+ nights) $169/night (3 or less nights) King room w/ sleeper sofa (comes w/ fully equipped kitchen) Call Maria Larios at 408-678-4481 and ask for the group OWASP or email her at maria.larios@dimdev.com

Transportation Info:

From San Jose International Airport (SJC): eBay is located about a mile from this airport

From San Francisco International Airport (SFO): eBay is located 40 miles from this airport

Conference Committee
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org

Web Services Security Track Chair: Gunnar Peterson - Arctec Group - gunnar 'at' arctecgroup.net

Vendor Exhibition Chair: Pravir Chandra - Cigital - chandra 'at' list.org

2008 U.S. Planning Committee Chair: Tom Brennan - Access IT Group - jinxpuppy 'at' gmail.com

Refereed Papers Chair: Frank Piessens - KU Leuven - Frank.Piessens 'at' cs.kuleuven.ac.be

OWASP & WASC AppSec 2007 Conference Sponsors
The following organizations were sponsors for this conference. If you are interested in sponsoring future OWASP conferences, please contact OWASP at: conferences 'at' owasp.org.

More information about conference sponsorship is available here.