OWASP AU Conference 2009

Conference Overview
"Setting your Application Security Agenda in 2009."

Welcome to the OWASP 2009 Conference based in Australia. The conference this year follows on from an incredibly successful conference in 2008.

In 2009, we will be returning to the same venue, but will be including many more training sessions, interesting speakers both local and international. Our Agenda & Schedule are finished and online. Registrations open shortly (Jan 12th) and we have 6 weeks to the conference.

The OWASP 2009 AU conference has attracted attention from all around the world, and this year we will feature some of the most well known industry speakers and organizations to participate in the conference. No matter where you are in the world, this is the conference on security you must attend for the beginning of 2009. Bookmark this page, and keep up to date with all the relevant news for the conference. And don't forget to register.

If you have any questions relating to the conference or just want to help out, please email the AU conference chair, [mailto:jderry@owasp.org Justin Derry]

Latest News & Information
The following latest news is available on the conference.

JAN2009 - Wiki for Conference updated, presentations online and registration open

JAN2009- Submissions have been selected, final details online and speakers allocated. Registration opens in a week.

NOV2008- Call For Papers, Presentations and Training is sent to everyone on OWASP.

NOV2008- OWASP Wiki is updated with all the relevant information about the 2009 Conference.

JUL2008- Gold Coast Convention Centre selected as the conference venue again for the 2009 event.

Conference Training & Workshops
Wednesday 25th February 2009. OWASP and selected training partners will provide training sessions for you to attend. Each course is provided at a low cost of $650 USD to attend per person.

We have two great courses on offer this year, presented by two very well respected traininers, Andrew Vanderstock (OWASP Guide Project) and Pravir Chandra (OWASP CLASP Project). You won't want to miss these courses.

Intermediate - Application Secure Architecture/Coding Course

At every other conference or training session, you've only learnt how to destroy applications by attacking their weaknesses. The days of shooting fish in a barrel are over! In this course, you'll learn how to :

Learn about how you can identity and protect your organization's crown jewels

Create secure architectures and designs

Learn about how to protect yourself using the OWASP Developer Guide, in particular touching on:

 Authentication and Identity Management

 Access Control

 Session Management

 Canonicalization, Input Validation and Encoding

 Accountability, Logging and Error Handling

 Secure the database and services

 Secure communications and storage

The course will be demonstrating how to use OWASP's ESAPI as a fundamental building block to save you slash development time, save money and be secure all at once.

We will be using OWASP's WebGoat for the demos and class exercises, so please come with the latest version of WebGoat ready to go on your laptop if you want to do the hands on component.

(Course will be delivered by Andrew Vanderstock - OWASP Guide 3.0 Author, ESAPI Project etc)

Intermediate/Advanced - In-depth Assessment Techniques: Design, Code, and Runtime

This course is targeted at those wanting to enhance their software assessment skills. Specifically, the course teaches attendees techniques for design analysis, code review, and penetration testing that uncover a wide variety of vulnerabilities and weaknesses in applications. If you have pre-existing skills and want to learn more this course is perfect. The training course will generally focus on web applications, but most information applies to software of any type. In addition, attendees will learn general methods for protecting against the security issues uncovered by each assessment technique.

The course topics include:

System decomposition for analysis

Lightweight threat/risk modeling

Identifying interfaces/attack surface

Testing business logic and edge cases

Assessing for provision of security mechanisms

Assessing for key vulnerability classes

Risk classification and weighting

Root cause analysis and patching

The course has a primary focus on intermediate/advanced assessment and testing concepts for architects and developers. Automated security assessment tools will be discussed in context, but not demoed. Delivered by Pravir Chandra.

Conference Agenda
The Conference Agenda is online. (We still have some minor updates to complete however. Check it out at.. OWASP_AU_Conference_2009_Agenda

Wednesday 25th February 2009
 * Training courses with both basic and advanced training courses offered.
 * Evening Welcome drinks, Cocktail party and just an opportunity to meet everyone.

Thursday 26th February 2009
 * Conference begins with Keynote session, Welcome and three different tracks (Business, Technical and Workshops)
 * Evening Gala Dinner (A huge hit last year) at the conference center, included food, drinks and entertainment. (meet your peers in the industry)

Friday 27th February 2009
 * Conference continues with another keynote, and the three tracks.
 * Afternoon wrap up with a short cocktails event from a sponsor.

The entire event will be recorded to MP3 and Video this year with all presentations coming online during the conference. See you there.

More information on presentations can be found at OWASP_AU_Conference_2009_Presentations

Conference Location & Accomodation
The Conference will be located at the Gold Coast Convention Center (Surfers Paradise, Australia).

NEW OWASP OFFER - CONRAD JUPITERS CASINO $180.00 A NIGHT.. WHEN BOOKING DIRECTLY WITH THE HOTEL MENTION YOU ARE WITH THE OWASP GROUP. You can contact conrad jupiters reservations team at +61 7 5592 8100

OWASP has managed to secure rooms available at the following hotels. These are within walking distance of the conference and are good rates for the Gold Coast. To book you will need to download the following form ([| Hotel Booking Form]) and then fax to the details included in the form. This will allow you to receive cheaper rates and book under the OWASP group. Another place to try is the WOTIF.COM web site, these sometimes have special discount rates.

Resort: Mantra Phoenician Location: Broadbeach Apartment Type Standard 1 - 2 Nights $238.00 AUD per night 3+ Nights $166.00 AUD per night

Resort: BreakFree Savannah Location: Broadbeach Apartment Type Standard 1 - 2 Nights $180.00 AUD per night 3+ Nights $135.00 AUD per night



Cost & Registration
There are multiple options available for participation:

OWASP Members:
 * Conference: 2 days: 26th and 27th Feb 2009) $425.00 (USD)*Register before 02/07/09 and save an additional $25!
 * Training: 1 day: $650 USD

AISA & AUSCERT Members:
 * Conference: 2 days: 26th and 27th Feb 2009) $450.00 (USD)*Register before 02/07/09 and save an additional $25!
 * Training: 1 day: $650 USD

Non OWASP Members:
 * Conference: 2 days: 26th and 27th Feb 2009) $475.00 (USD)*Register before 02/07/09 and save an additional $25!
 * Training: 1 day: $650 USD

Conference Sponsors
Once again this year there will be a technology expo for all to join, as well as the opportunity for everyone to see the different technologies available in the software security market.

Sponsorship packages are available for the conference, please visit the sponsorship page for more information and contact the organizing committee [mailto:jderry@owasp.org Justin Derry]

Platinum Sponsor: (To Be Confirmed)

Gold Sponsors: https://www.owasp.org/images/c/c7/Fortify.png http://www.owasp.org/images/c/c8/170px-IBM_logo_svg.png

Associate Sponsor: http://www.owasp.org/images/0/0f/Auscert-Header-logo.gif http://www.owasp.org/images/c/c3/AISALogo_download01jul07.gif

Conference Contacts
For more information please contact the team below for conference details, sponsorship or registration.

[mailto:jderry@owasp.org Mr Justin Derry (Conference Chair)]

Email: jderry@owasp.org

Mobile: +61 411 411 881

[mailto:kate.hartmann@owasp.org Kate Hartmann]

OWASP Operations Director

9175 Guilford Road, Suite 300

Columbia, MD 21046, USA

Phone:               +1-301-575-0189 Facsimile: +1-301-604-8033

Email: kate.hartmann@owasp.org