AppSecLatam2012

= Welcome =

= Trainings =

The trainings will be held November 18th and 19th, 2012 (Sunday and Monday) and will run from 8:30 AM to 5:30 PM each day.

AppSec Latam 2012 will be held in downtown Montevideo, Uruguay at the Antel National Telco Company. Directions are available through: Google Maps

The conference training and talks will be held in the conference auditorium and interactive room, which are adjacent to the Antel Tower.

Developing Secure Java Applications with ESAPI
Instructor: Fabio Cerullo

Fabio helps customers around the globe by assessing the security of applications developed in-house or by third parties, defining policies and standards, implementing risk management initiatives, as well as providing training on the subject to developers, auditors, executives and security professionals.

As a member of the OWASP Fundation, Fabio is part of the Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security, and has been appointed OWASP Ireland Chapter Leader since early 2010.

He holds a Msc in Computer Engineering from UCA and has been granted the CISSP & CSSLP certificates by (ISC)2.

Course Language
The course will be delivered in SPANISH (español) with simultaneous translation in English (if necessary).

Course Overview
Training Audience: Technical Required Skill Level: Intermediate

This course aims to provide the knowledge and resources required to improve the security of Java applications using the OWASP Enterprise Security API (ESAPI) Libraries. These libraries are designed to make it easier for developers to retrofit security into existing applications, and also serve as a solid foundation for new development.

Course Contents
The participants, through theory and labs, will be able to identify critical vulnerabilities in web applications and implement the necessary corrective measures using the ESAPI libraries.

Topics Include: - Introduction to ESAPI Architecture - Security Controls Overview - Authentication - Session Management - Access control - Input validation - Output encoding/escaping - Cryptography - Error handling and logging - Data Protection - HTTP security

The class is hands-on and will include labs. Attendees should have a laptop capable of running VMs. We will provide a VM at the beginning of the class.

Advanced Vulnerability Research and Exploit Development
UPDATE: THIS TRAINING HAS BEEN CANCELLED DUE TO LOW REGISTRATION NUMBERS

Instructor: Gianni Gnesa, Ptrace Security Gianni Gnesa, BCS, MSCS, CEH, OSCP, OSEE, Network+, Linux+, is a security researcher and professional trainer at Ptrace Security, a Swiss-based company that offers specialized IT security services to customers worldwide. With several years of experience in vulnerability research, exploit development, and penetration testing, Gianni is an expert in exposing the vulnerabilities of complex commercial products and modern network infrastructures. In his spare time, Gianni conducts independent security research on kernel exploitation and rootkit detection.

Hands on Web Application Testing: Assessing Web Apps the OWASP way
Instructor: Matt Tesauro

Matt Tesauro has worked in web application development and security since 2000. He has worn many different hats, from developer to DBA to System Administrator to Penetration Tester. Matt also taught graduate and undergraduate classes on web application development and XML at Texas A&M University. Currently, he's focused on application security risk assessments at Praetorian. Outside work, he is the project lead for the OWASP Live CD / WTE, a member of the OWASP Foundation board, and part of the Austin OWASP chapter leadership. Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University. He is also has the CISSP, CEH (Certified Ethical Hacker), RHCE (Red Hat Certified Engineer), and Linux+ certifications.

Course Abstract
The goal of the training session is to teach students how to identify, test, and exploit web application vulnerabilities. The creator and project lead of the OWASP Live CD, now recoined OWASP WTE, will be the instructor for this course and WTE will be a major component of the class. Through lecture, demonstrations, and hands on labs, the session will cover the critical areas of web application security testing using the OWASP Testing Guide v3 as the framework and a custom version of OWASP WTE as the platform. Students will be introduced to a number of open source web security testing tools and provided with hands on labs to sharpen their skills and reinforce what they’ve learned. Students will also receive a complementary DVD containing the custom WTE training lab, a copy of the OWASP Testing Guide, handouts and cheat-sheets to use while testing plus several additional OWASP references. Demonstrations and labs will cover both common and esoteric web vulnerabilities and includes topics such as Cross-Site Scripting (XSS), SQL injection, CSRF and Ajax vulnerabilities. Students are encouraged to continue to use and share the custom WTE lab after the class to further hone their testing skills.

More details about this class including a detailed outline, are available HERE

= Conference Schedule =

= Keynotes =

Hernán M. Racciatti
= Speakers =

These are the selected presentations and are subject to confirmation from presenters.

= Venue = AppSec Latam 2012 will be held in downtown Montevideo, Uruguay at the Antel National Telco Company. Directions are available through: Google Maps

The conference training and talks will be held in the conference auditorium and interactive room, which are adjacent to the Antel Tower. Antel Tower:

Antel Telco Auditorium (left) and Auditorium main entrance (right):

Inside the Auditorium (left) and Interactive Room (right):

]

= Registration and Fees =

Online Registration
Registration is now open: Click HERE to Register Now!

Conference Fees
Access to conference:


 * Before October 15th: 3200.00 UYU (approx. 150.00 USD)
 * Before Nov 5th: 4250.00 UYU (approx. 200.00 USD)
 * After Nov 5st:   5300.00 UYU (approx. 250.00 USD)

Training


 * Two days: 17000.00 UYU (approx. 800.00 USD)

Discounts


 * OWASP Member: 50.00 USD (Note: This discount is equal to the cost of becoming an OWASP paid Member.)
 * Student: 1600.00 UYU (approx. 75.00 USD). Note: student ID or other proof of current student status is required.
 * Students are eligible for 20% discount off training fees, making the total training cost for 2 days $640.00 USD. To take advantage of this offer, enter the discount code STUDENT_TRAINING at checkout.
 * Special discounts available for groups registrations. Please send inquiries to [mailto:appseclatam2012@owasp.org appseclatam2012@owasp.org].

= Sponsoring = We are looking for sponsors for 2012 edition of Global AppSec Latin America.

If you are interested to sponsor Global AppSec Latin America 2012, please contact the conference team: [mailto:appseclatam2012@owasp.org appseclatam2012@owasp.org]

To find out more about the different sponsorship opportunities please check the document below: OWASP AppSec Latam 2012 Sponsorship Options - English

= Travel and Accommodation =

Accommodation
We've been able to arrange for accommodation with the Four Points Sheraton Hotel for attendees. These rooms have been allocated at a special rate, and available strictly for a limited time. To book these rooms at the special rate, you need to use the booking link shown below. These rooms are available one night either side of the event ensuring that if you are travelling interstate or international it's easy to find a room at a good rate. The room rate allocated for the event is $169/USD per night and includes breakfast.

''Note: Conference events will primarily be held at the Antel National Telco Company. We will have a few events held at this hotel and are arranging for transportation between the Sheraton and Antel building.''

Four Points Sheraton Montevideo Ejido 1275 Montevideo 11100 Uruguay Phone: (598)(2) 9017000 Fax: (598)(2) 9032247 Email: [mailto:reservaciones.montevideo@fourpoints.com reservaciones.montevideo@fourpoints.com]

To make your reservation, visit: https://www.starwoodmeeting.com/StarGroupsWeb/res?id=1209182075&key=76379

Need more assistance booking your travel?
For assistance with any of the items below, feel free to utilize OWASP's preferred travel agency: Segale Travel Service contact information is: +1-800-841-2276 Sr. Travel Consultants: [mailto:mariam@segaletravel.com Maria Martinez]...ext 524 [mailto:linnv@segaletravel.com Linn Vander Molen]...ext 520

Additionally, the [mailto:appseclatam2012@owasp.org Conference Planning Team] is available to answer any questions!

= Social Events =

Wednesday 21 - Closure Diner
= Chapter Leader Workshop =

About the Workshop
2012 Chapters Workshop to be held at the Conference Venue on the afternoon of November 19th, 2012 (the day before the conference)
 * September 17th - AppSec Latam Chapters workshop sponsorship applications due
 * September 21 - Applicants notified of status

We plan to start with a 1.5 hour session including an overview of the chapter handbook. This session will be video taped and available for chapter leaders to use in their local chapters (or to be viewed by those unable to attend). The second part of the workshop will be a roundtable discussion on regional issues and challenges, with a goal of working together to create solutions. If you are interested in participating in either of these workshops, please register for the conference and select this workshop, please register for the Conference and select the optional session "chapter leaders workshop" as part of the registration process. Remember that conference attendance is free for current chapter and project leaders.

Info about last year's workshop: Meeting Minutes from Latin America Chapters Workshop 2011

Sponsorship to Attend the Chapters Workshop
If you need financial assistance to attend the Chapter Leader Workshops please submit a request to via the Contact Us Form http://owasp4.owasp.org/contactus.html by the application deadline for each of the events.
 * September 17th - AppSec Latam Chapters workshop sponsorship applications due
 * September 21 - Applicants notified of status

Additional Information for Applicants:


 * Priority of sponsorships will be given to those not covered by a sponsorship to attend a previous workshop. Additionally, we are looking for new or struggling chapter leaders who need assistance kick starting their chapter.


 * When you apply for funding, please let us know *why we should sponsor you*. While we prefer that chapter leaders use their own chapter's funds before requesting a sponsorship, this is not a requirement for application.


 * If your chapter has fund but will not be using them to sponsor your attendance, please include why you will not be using the funds for this purpose (i.e. what are the other plans for those funds?).

Questions?
If any questions, please contact us at: http://owasp4.owasp.org/contactus.html

= Team =

2012 AppSec Latam Conference Volunteer Team

 * Mateo Martinez
 * Mauro Flores
 * Felipe Zipitria
 * Mauricio Papaleo
 * Alberto Hill
 * Maximiliano Alonzo
 * Rodrigo Martinez
 * Mario Pereyra
 * Martin Tartarelli
 * Fabio Cerullo

OWASP Staff Support

 * Sarah Baso
 * Kate Hartmann

Contact us at [mailto:appseclatam2012@owasp.org appseclatam2012@owasp.org]

=Archives=

Training Instructor Agreement
By submitting your training proposal through our CFT, you are consenting to stay within the guidelines of the Training Instructor Agreement. We will ask you to sign and complete the Agreement and email it back to us if your talk is selected and you accept.

Training Instuctor Agreement

Speaker Agreement
By submitting your proposal for a talk/paper through our CFP, you are consenting to stay within the guidelines of the speaker agreement: https://www.owasp.org/index.php/Speaker_Agreement