OWASP & WASC AppSec 2007 Conference

Its now the OWASP & WASC AppSec 2007 Conference !!! @ eBay in San Jose, CA Nov 12-15, 2007
OWASP and WASC have agreed to join forces this year to put together an incredible AppSec 2007 Conference for the application security community. A huge concentration of industry leading experts will be in attendance presenting high quality web application security content. AppSec 2007 offers a unique opportunity for security professionals, software developers, and IT managers to get up to speed on the latest and greatest attack techniques, defense strategies, and industry trends in an atmosphere of peers. The conference format and venue is also perfect for networking and sharing experiences with others that are down in the trenches.

Registration is now open for the conference. See below for details.

Conference Schedule and Location
The AppSec 2007 Conference will be held at eBay at their facility at: 2211 North First Street in San Jose, CA Nov 12th-15th.

Training Days: November 12th-13th

Tech Expo: November 13th-14th

Breach Cocktail Party: Evening of November 13th

Main Conference: November 14th-15th

OWASP Conference Dinner: Evening of November 14th

Microsoft and Aspect Security Cocktail Party: Evening of November 15th

Agenda and Presentations: Wednesday-Thursday - Nov 14th-15th
The agenda will follow the general OWASP conference format of two tracks, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing presentations back in the main auditorium both days.

New Web Services Track: In addition, the conference will have a 3rd track on the first day. This track is focused on Web Services Security which is a new area for OWASP. If you are interested in speaking at this conference on a Web Services Security topic, please contact Gunnar Peterson, who is organizing that track.

This conference will include presentations from many different OWASP and WASC contributors and leading Application Security professionals, and will include closing panels each day.

Training: Monday-Tuesday - Nov 12th-13th
We have arranged for a suite of two-day Application Security training courses to be offered prior to the conference. General details about all the tutorials including location and pricing is available here. The tutorials being offered are:

T1. Building and Testing Secure Web Applications

T2. Secure Coding for Java EE

T3. Secure Coding .NET Web Applications

T4. Web Services and XML Security

T5. Leveraging OWASP Tools and Documents to Secure Your Enterprise

T6. Open Source ModSecurity Training

Technology Expo: Tuesday-Wednesday Nov 13th-14th
Leading vendors in the application security space will be at the conference for the first time this year giving technology demonstrations and providing access to their technical staff so they can answer in-depth questions and demonstrate the capabilities of their products or automated managed services.

The technology expo will be open from 12PM - 2PM on Nov. 13th (and all tutorial attendees will be given a large lunch break during that time to attend the expo). It will also be open from 11AM - 5PM on Nov. 14th which is the first day of the conference.

What can a conference attendee expect to get out of the Tech Expo?
 * Hands-on time using a vendor's product - The goal is to be able to walk up to vendor with a USB stick of code/binaries/etc. and actually get a taste of how the tool(s) performs, technical features, applicability & appropriateness, etc.
 * Evaluate in a non-sales environment - At the Expo, attendees will be provided information about the types of tools being exhibited and independent evaluation criteria where that exists (e.g. the WAFEC from WASC, information from the OWASP_Tools_Project, etc.). It's an opportunity to ask the hard questions and talk to technical folks from the vendors that can answer them.
 * Contact info exchange at your discretion - We will not be doing badge scanning and the like to provide vendors attendee information, so attendees are in control of who they want to follow-up with (via good, old-fashioned business card exchange).

More information about conference sponsorship and participating in the technology expo is available here.

Conference Fees
Standard: $400, OWASP Members: $350, Students: $225, Early Registration Discount (by Oct 12): $50 ($25 for students)

Conference Dinner (Evening of Nov 14th): $50

Conference Tutorial (Two day tutorials Nov 12-13): $1300, $1450 [If not attending the conference], Student Fee: $675

Note: To save on processing expenses, all fees paid for the AppSec 2007 Conference are non-refundable. OWASP can accomodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

Registration
Registration is now open!! Here is the registration page.

Hotel and Transportation Info
OWASP has negotiated rates at the following hotels (Please book hotel rooms by October 21st to ensure OWASP rates):

Holiday Inn-San Jose OWASP Rate $129/night King or Double Room You can call reservations at 1-866-241-9878 and ask for the group "OWASP" or reserve your room online here.

Homewood Suites by Hilton- San Jose OWASP Rate $149/night (4+ nights) $169/night (3 or less nights) King room w/ sleeper sofa (comes w/ fully equipped kitchen) Call Maria Larios at 408-678-4481 and ask for the group OWASP or email her at maria.larios@dimdev.com

Transportation Info:

From San Jose International Airport (SJC): eBay is located about a mile from this airport

From San Francisco International Airport (SFO): eBay is located 40 miles from this airport

Conference Committee
OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org

Web Services Security Track Chair: Gunnar Peterson - Arctec Group - gunnar 'at' arctecgroup.net

Vendor Exhibition Chair: Pravir Chandra - Cigital - chandra 'at' list.org

2008 U.S. Planning Committee Chair: Tom Brennan - Access IT Group - jinxpuppy 'at' gmail.com

Refereed Papers Chair: Frank Piessens - KU Leuven - Frank.Piessens 'at' cs.kuleuven.ac.be

OWASP & WASC AppSec 2007 Conference Sponsors
The following organizations are sponsors for this conference. If you are interested in sponsoring either of the 2007 OWASP conferences, please contact OWASP at: conferences 'at' owasp.org.

https://www.owasp.org/images/d/d1/Aspect_logo.gif https://www.owasp.org/images/d/d1/Fortify.JPG https://www.owasp.org/images/c/c9/Paypal_logo.gif https://www.owasp.org/images/e/e0/Ebay.gif https://www.owasp.org/images/3/33/Ounce_labs.jpg https://www.owasp.org/images/9/9c/Breach_logo.gif https://www.owasp.org/images/4/4d/Whitehat.gif https://www.owasp.org/images/4/46/IOActive.gif

We are also going to have vendor booths at this conference for the first time. If you are interested in demonstrating your application security product to a sophisticated audience of application security professionals, please contact us for more information. Please contact either Dave Wichers (the OWASP Conferences Chair) or Pravir Chandra, who will be organizing the vendor area for this conference.

More information about conference sponsorship is available here.