AsiaTour2014

=WELCOME=


 * October 22:  Wuhan, China
 * October 25:  ChengDu, China
 * November 1: Hong Kong
 * November 4:  Kuala Lumpur, Malaysia
 * November 6:  Harbin, China
 * November 7:  Singapore, Singapore - cancelled (due to cancelled venue)
 * November 29:  Tokyo, Japan
 * December 11:  Bangkok, Thailand
 * December 19: Seoul, Korea

Asia Tour Objective

The OWASP Asia Tour objective is to raise awareness about application security in the Asia region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

We are proposing a chapters conference driven model in which the sessions are free for everybody and the costs are supported by a mix of funding i.e. OWASP Foundation, local chapter budget, external sponsorship, etc. 1-day training sessions are also offered in some tour stops. These sessions’ fees are $ 200USD for OWASP members and $ 250 USD for non-members (group discounts may apply).

Who Should Attend the Asia Tour?


 * Application Developers
 * Application Testers and Quality Assurance
 * Application Project Management and Staff
 * Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
 * Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 * Security Managers and Staff
 * Executives, Managers, and Staff Responsible for IT Security Governance
 * IT Professionals Interesting in Improving IT Security
 * Anyone interested in learning about or promoting Web Application Security

Special offer - Become an OWASP Member

As part of the OWASP Asia Tour, you could become an OWASP Member by ONLY paying 20 U$D (normal price is 50 U$D). Show your support and become an OWASP member today! Please use discount code Asia when registering as member to avail this special discount.



QUESTIONS


 * If you have any questions about the Asia Tour, please send an email to tobias.gondrom@owasp.org or laura.grau@owasp.org

=Harbin=

基本信息Info
沙龙主题 Subject： Web及无线安全技术研讨会暨OWASP亚洲巡回演讲黑龙江站会议

沙龙时间 Date： 11月6日8:30-15:30

沙龙地点 Venue： 黑龙江省哈尔滨市红旗大街175号 农垦大厦 二楼大会议室

沙龙议程Agenda
8:30—9:00 参会人员报到

9:00—9:45 《无线安全的战略拐点》讲解  杨哲（ZerOne无线安全研究组织负责人）

9:45—9:50 现场提问、讨论

9:50-10:35《一体化云安全监控平台探讨》讲解 权小文（Web应用安全厂商WebRay创始人） 10:35-10:40 现场提问、讨论

10:40-10:50 会议休息

10:50-11:35《云安全防护》讲解 梁伟（北京知道创宇信息技术有限公司）

11:35-11:40 现场提问、讨论

11:40-12:25《全生命周期的防护机制及先进防御思路》讲解袁明坤（杭州安恒信息技术有限公司安全服务部技术总监）

12:25-12:30 现场提问、讨论

12:30-13:30 午餐

13:30-15:00 OWASP技术交流研讨会：

''1. OWASP中国介绍；

2. OWASP研究项目介绍；

3. 项目合作的沟通与探讨''

演讲嘉宾 Speaker Bio
演讲嘉宾：杨哲（Longas), OWASP中国区专家组成员， ZerOne无线安全研究组织leader，《无线网络安全攻防实战》系列书籍作者，CNCERT/xKungfoo/CDG GHRC会议演讲者.

议题：无线安全的战略拐点

议题简介：结合多年来研究的国内外无线安全攻击技术及安全事件，配合大量实际案例由浅及深地为不同行业已经或可能遭遇的无线安全威胁趋势提出具体分析和展望.

演讲提纲： 1. 拓宽的目标群; 2. 2015： 杀人的物联网; 3. 潜在的双重约束; 4. 建立隐形防线.

演讲嘉宾：权小文，Web应用安全厂商WebRay 创始人，CTO. 拥有2项网络安全相关的发明专利，14年信息安全从业经验，曾服务于Juniper等著名安全公司.

议题简介：0day漏洞、更高对抗技术都会使得常规安全控制手段逐渐失效，传统的封锁与安全防护机制，也存在失效的时候，安全是对抗，不可能完全防范，因此基于预警-响应-防护-善后的一体化防护策略显得尤为重要. 本次针对Web安全问题，探讨一体化防护思路.

演讲嘉宾：梁伟，OWASP中国区专家组成员，国内知名信息安全专家. 专注信息安全工作13年，在能源、运营商和金融等行业提出过先进的安全解决方案，对渗透、应急等技术积累了丰富的经验. 目前专注于大数据形式下的安全思路，致力于为用户打造基于数据能力的一体化Web安全解决方案.

演讲嘉宾：袁明坤，OWASP浙江区域负责人，OWASP中国区专家组成员. 在IT安全、安全测试和网络安全架构设计和实施方面拥有10年工作经验，同时也是浙江省安全协会专家委员会副主任，负责的OWASP开源项目有：webgoat，hacking lab，Mobile Security.

活动报名 Registration
请查看OWASP中国网站： http://www.owasp.org.cn

=Wuhan=

基本信Info
沙龙主题Subject： 培养具备网络安全思维的复合型IT人才

沙龙时间Date： 10月22日14:30-17:30

沙龙地点Venue： 湖北大学计算机与信息工程学院（科技大楼）1305会议室（湖北省武汉市武昌区友谊大道368号）

沙龙议程Agenda
14:30-14:40 领导致辞

14:40-15:20 如何培养高校信息相关专业学生动手能力--张绍浪

15:20-16:00 从大学生到信息安全专家--韩名羲

16:00-16:10 休息

16:10-17:00 如何培养具备网络安全思维的复合型IT人才--袁晓峰

17:00-17:40 如何在软件编码阶段保障软件安全--韩建

17:40-18:10 自由讨论

演讲嘉宾 Speaker Bio
韩名羲，国家信息安全水平考试（NISP）全国运营中心 副主任

袁晓峰，信息安全与IT服务管理领域专家, 持有CISSP, CISA, ISO27001 LA, CEH, CBCP, CCNP,PMP, ITIL, CCSA, Entrust PKI等国际资质证书; 拥有18年IT 工作经验, 13年信息安全实践经验, 10年基于ITIL与COBIT的IT治理与IT服务实践经验. 涉及系统管理, 网络管理, 业务连续性管理与灾难恢复,IT治理与服务管理, 信息安全与风险管理, 安全审计与IT合规,物理,人身,事件安全与风险管理,应急响应与危机处理,安全事件调查,项目管理， 供应链安全管理等多方面工作; 先后担任过加拿大安大略省卫生部和美国朗讯公司信息安全顾问, 爱立信大中国区安全与风险经理, 春秋集团安全官兼IT部质量经理, 友邦保险公司集团IT治理部信息安全与合规经理, 联想集团全球网络安全高级经理，现担任西班牙电信亚太区高级安全经理. 对ISO27001, ITIL, COBIT, BS25999, PCI-DSS, HIPPA, 等级保护等国际国内标准有深入研究和长期实践.

韩建，北京奇虎测腾科技有限公司资深安全工程师

活动报名 Registration
请提供OWASP中国区会员编号+姓名)邮件到member@owasp.org.cn报名， 邮件标题请注明“参加OWASP***区域活动”

OWASP中国： http://www.owasp.org.cn/OWASP_Events/owaspyazhou

=Chengdu=

基本信息Info：
沙龙主题 Subject：OWASP应用安全探讨

沙龙时间 Date： 10月25日14:00-17:30

沙龙地点 Venue： 成都电子科技大学沙河校区第二教学楼201教室 感谢“电子科技大信息与软件工程学院凌睿工作室” 的场地支持

沙龙议程 Agenda：
14:00-14:20 签到

14:20-15:20 高级APT战术研究-WaterWave（水波）

15:20-16:00 一体化云安全监控平台探讨-权小文

16:00-16:20 休息

16:20-17::00 基于FLASH的XSS攻击-gainover

17:00-17:30 自由讨论

演讲嘉宾Speaker Bio：
WaterWave（水波） ，OWASP会员，ISF互联网安全论坛联合创始人，资深信息安全顾问，从事信息安全工作十余年. 长期从事信息安全体系规划设计及安全事件应急响应工作，熟悉国际国内信息安全法律法规与标准，精通计算机犯罪应用心理学与计算机取证调查. 他同时也是一名IT媒体资深撰稿人，在多家专业媒体发表多篇专栏文章，并参与编写《智慧城市与信息安全》一书.

权小文，Web应用安全厂商WebRay 创始人，CTO. 拥有2项网络安全相关的发明专利，14年信息安全从业经验，曾服务于Juniper等著名安全公司.

gainover，乌云核心白帽，PKAV团队成员. 擅长WEB安全及相关开发. 议题简介： 介绍基于FLASH的XSS攻击原理、实际案例与具体危害.

活动报名Registration：
请提供OWASP中国区会员编号+姓名)邮件到member@owasp.org.cn报名， 邮件标题请注明“参加OWASP***区域活动”

= Hong Kong =

'''Please register here: https://www.facebook.com/events/351049275069652/ '''

Agenda

 * 1. 1000 - 1100: SQLi and CTF for fun and profit (Speakers: Ace Seven King and Anthony Lai) (bring your laptop encouraged for the CTF)
 * 2. 1100-1120: Turbo Talk: Web Hack Tricks (Speaker: Kenneth Tse)
 * 3. 1135-1230: Secure Coding with OWASP (Speaker: Tobias Gondrom)

Please send your registration with the following details via Facebook message in OWASP Hong Kong Chapter page.: (if N, the event is free and open to everyone, but we would welcome you to support us and register for an OWASP membership with 20 USD online: https://myowasp.force.com/MemberAppstep1?region=AsiaPac or here: https://www.owasp.org/index.php/Membership
 * Name:
 * Email:
 * Company/Party:
 * Whether you are OWASP Hong Kong Chapter member?:Y/N

Please pick "APAC", chapter allocation: Hong Kong. The fund will be kept by OWASP HQ, and 40% will be allocated to Hong Kong Chapter, so that we could invite more guest in the future or even hold the conference)

See you on Saturday and thank you so much for your support.

'''Please register here: https://www.facebook.com/events/351049275069652/ '''

=Kuala Lumpur=

Invitation: OWASP Malaysia Meetup 2014 Q4
The Open Web Open Web Application Security Project (OWASP) Malaysia Chapter would like to invite to join the 2nd OWASP Malaysia Meetup 2014 as follow:

Event

 *  Topic : OWASP Meetup Q4 2014
 *  Date : 4 November 2014 (Tuesday)
 *  Time : 9.00a.m - 1.00p.m
 *  Venue : Dewan Seminar, Menara Tun Razak, UTM, Jalan Semarak

Event Program:
Agenda
 * 8.00a.m - 9.00a.m - Arriving all OWASPrians
 * 9.00a.m - 9.15a.m - Opening Speech By OWASP Malaysia
 * 9.15a.m - 10.15a.m - Opening Ceremony by Prof. Dr. Shamsul bin Sahibuddin (Dean of Advanced Informatics School, UTM)
 * 9.45a.m - 10.15a.m - Social Activity
 * 10.15.a.m - 11.15a.m Tobias Gondrom (OWASP Foundation)
 * 10.15 .m - 10.45a.m - Wann Senn (Regal Paradigm)
 * 11.45a.m - 12.15p.m - Amir Haris Ahmad (Localhost)
 * 12.15p.m - 1.00p.m - Megat Muazzam Abdul Mutalib (CyberSecurity Malaysia)
 * 1.00p.m - Networking & End

Please register here :
https://docs.google.com/forms/d/1J05m6wonvb6BYvAgK90JXN40PFkIWLX1XqR-dXlKs64/viewform

OWASP Malaysia Chapter Malaysia
Thank you.

We had some 50 attendees and even got featured on TV in Malaysia: :-)
 * Owasp jadi rakan strategik UTM untuk keselamatan IT
 * Cabaran membina aplikasi yang lebih selamat

Ps.: and here fyi the link to the FB page of the event: https://www.facebook.com/events/1485385931721797/?ref=4

=Singapore=

=Tokyo=

OWASP Asia Tour in Japan
OWASPは、アジアパシフィック地域での活動の活性化のため、OWASP Asia Tour 2014というイベントを行います.

これは、各国のチャプターがそれぞれ連なって、国際的な（？）イベントをそれぞれ行うというもので、１０月から１２月までの期間に続々と開催されます.

URL: https://www.owasp.org/index.php/AsiaTour2014

日本では、11/29土曜日午後に"OWASP DAY"として都内で開催予定です.

これには、OWASP KANSAIチャプターにより11/28,29に関西で出展するイベント「神戸ITフェスティバル」のOWASPブースとのコラボコーナーも設ける予定です.

参加登録は１１月に入ってからオープンいたしますが、*ご予定の確保*をお願いいたします.

スケジュール
仮のスケジュールです. セッションの時間などは予告なく変更いたします.
 * 12:30 Venue Open
 * 13:00 Opening Session
 * 13:30 OWASP Japan Project Report
 * 14:00 Session 0
 * 14:40 Session 1
 * 15:20 Session 2
 * 16:00 Session 3
 * 16:30 Session 4
 * 17:00 Closing Session
 * 17:30 dismiss

スピーカー募集
また、あわせて、この特別な機会のスピーカーを募集したいと思います.

1. 氏名、ご所属

2. メールアドレス

3. スピーチタイトル

4. 概要 (200-400文字程度)

5. 以下のどのトピックに関係があるか


 * Mobile Security
 * OWASP Projects一般/共同作業のお誘い
 * Software/Application Security Defence (Defence & Countermeasures)
 * Software/Application Security Offense (Vulnerabilities & Exploits)
 * Web and Mobile Application Security
 * Cryptography
 * Critical Infrastructure Security
 * Enterprise End to End Security
 * Government Initiatives & Government Case Studies
 * Effective case studies in Policy, Governance, Architecture or Life Cycle

上記を、10/31 までに、asiatour2014 at owaspjapan.org あてにお送りください. なおスピーチは30分程度を前提としてください. もちろん、デモンストレーションを含めてもかまいません. スピーカーは日本語、英語のいずれでもかまいません.

※ OWASPのミーティングにおけるスピーカーは、OWASP Speaker Agreement に同意することが前提となります. スピーカーへの金銭的報酬はありません. また、コンテンツはオープンにできるものとなります.

=Seoul=

OWASP Asia Tour in Korea
OWASP 본부와 OWASP 코리아 챕터에서는 오는 12월 19일(금)에 애플리케이션/소프트웨어 보안 분야의 주제로 아래와 같이 'OWASP Asia Tour - Korea 2014' 컨퍼런스를 개최합니다. 한국의 소프트웨어/애플리케이션 개발자, 보안전문가, 모바일 전문가 분들의 많은 관심과 참여를 바랍니다.


 * 일자: 2014년 12월 19일(금), 12:30 – 18:00
 * 장소: 서울 삼성동 코엑스

OWASP Asia Tour in Korea 등록
컨퍼런스 등록비는 다음과 같습니다. 컨퍼런스 참여를 원하시는 분은 여기를 클릭해서 등록해주시기 바랍니다.

* 12월 12일(금)까지 등록/입금시 : OWASP 국내외 유료회원: 5만원, 비회원(회원가입) 7만원 * 12월 12일(금)이후 등록/입금시 : OWASP 국내외 유료회원: 7만원, 비회원(회원가입) 9만원 * 학생 : 3만원(12월 12일(금)까지 등록/입금시), 5만원(12월 12일(금)이후 등록/입금시)
 * 등록비:
 * 맥주파티 참가비 : 10,000원
 * 입금처 : 국민은행, 계좌번호 :515502-01-430643


 * 문의처 : 김보성(bosung.kim.zeak@gmail.com), 성윤기 이사(yune.sung@owasp.org)

행사 프로그램
OWASP Asia Tour - Korea 2014 컨퍼런스는 아래와 같이 진행됩니다.(시간은 변경될 수 있습니다.)


 * 12:30 - 13:00 : 등록(Registation)
 * 13:00 - 13:30 : OWASP 코리아 챕터 보고(Welcome and OWASP Korea speaking)
 * 13:30 - 14:00 : 키노트 발표(Keynote Session)
 * 14:00 - 14:40 : 세션 1(Session 1)
 * 14:40 - 15:20 : 세션 2(Session 2)
 * 15:20 - 15:40 : 커피 브레이크(Coffee Break)
 * 15:40 - 16:20 : 세션 3(Session 3)
 * 16:20 - 17:00 : 세션 4(Session 4)
 * 17:00 - 17:40 : 세션 5(Session 5)
 * 17:40 - 18:00 : 마감(Closing session)


 * 19:00 - 21:00 : 맥주 파티 (Beer Party)

발표자 모집
OWASP Asia Tour - Korea 2014 컨퍼런스는 아래의 주제에 대해 발표자를 모집하고 있습니다. 발표를 원하시는 분은 11월 28일(금)까지 발표 주제를 제출해 주시기 바랍니다.

발표 주제는 여기를 클릭해서 제출해 주시기 바랍니다 Topic proposal.


 * 모바일 보안(Mobile Security)
 * OWASP 프로젝트(OWASP Project)
 * 소프트웨어/애플리케이션이션 보안 기술(Software/Application Security Defense)
 * 소프트웨어/애플리케이션이션 공격 기법(Software/Application Security Offense (Vulnerabilities & Exploits))
 * 웹 및 모바일 앱 보안(Web and Mobile Application Security)
 * 암호기술(Cryptography)
 * 핵심기반시설 보안(Critical Infrastructure Security)
 * 기업 보안(Enterprise End to End Security)
 * 정부 보안연구과제(Government Initiatives & Government Case Studies)
 * 정책, 거버넌스, SDLC 등 (Effective case studies in Policy, Governance, Architecture or Life Cycle)

자원봉사자 모집
OWASP 코리아 챕터에서는 'OWASP Asia Tour - Korea 2014'컨퍼런스 컨퍼런스의 원활한 운영을 위해 자원봉사자를 모집하고자 하오니, 적극적이고, 활발하신 분들의 많은 관심과 지원 바랍니다.

자원봉사자 지원은 여기를 클릭해서 12월 5일(금)까지 지원해 주시기 바랍니다.

OWASP 코리아 챕터
추가적인 사항은 아래 코리아챕터 페이스북을 방문해 주시기 바랍니다.

OWASP 코리아 챕터 페이스북 : https://www.facebook.com/groups/owaspk/

=Bangkok=

=SPONSORS=

We are looking for Sponsors for the Asia Tour 2014
This is a truly unique opportunity to increase your brand recognition as a company dedicated to the highest standards of professional technology & security in the Asia region but also internationally throughout the world while supporting the continued activities conducted by OWASP worldwide.


 *  Sponsorship benefits for organizations specializing in IT & Security:
 * Opportunity to use the latest technological trends for professional training / development
 * Strengthen your company strategy by learning the latest trends in web software security
 * Improve your business development strategy with leading information from the security industry
 * Get networking and headhunting opportunities with world-class specialists and professionals
 * Get the chance to interact with high-need discerning users to improve product development
 * Increase your image as a professional company through this unique branding opportunity


 * Sponsorship benefits for organizations utilizing the internet in their business:
 * Opportunity to increase the international brand awareness and conduct business networking
 * Strengthen your company strategy by learning the latest trends in web software security
 * Improve your service development by understanding the latest trends in security issues & risks
 * Contribute to information society as a company by developing safe and secure services
 * Get the chance to interact with high-need discerning users to improve product development
 * Opportunity to brand your company as one that focuses on the highest standards in technology

Make your company part of the conversation. Become a sponsor of the tour today! ‎ SPONSOR OPPORTUNITIES

=TEAM=

Asia Tour Team

Chapter Leaders


 * RIP & Ivy (China)
 * Onn Chee (Singapore)
 * Fazli (Malaysia)
 * Riotaro OKADA and Sen Ueno (Japan)
 * Yune (Korea)
 * Kitisak (Thailand)

Operations


 * Laura Grau
 * Tobias Gondrom