AppSecAsiaPac2012

=Welcome=

=Trainers and Training Schedule=

The OWASP 2012 Appsec Asia Event has been able to secure world class training sessions for the conference. A number of national and International Trainers are coming along to the event, and you can join up to any of the classes below.

Training Available
2 Day Course - Assessing & Exploiting Web Applications with Samurai-WTF (Justin Searle) - Course Details & Instructor Bio

Come take the official two-day Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the end-to-end process of testing and exploiting several different web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. Primary emphasis of these instructor lead exercises is how to integrate these tools into your own manual testing procedures to improve your overall workflow. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.

More training courses to be announced over the coming week.

Training Schedule
= Conference Talks and Schedule=

=Speakers=

Alastair MacGibbon
Alastair MacGibbon is an internationally-respected authority on cybercrime, including Internet fraud, consumer victimisation and a range of Internet security and safety issues. He is the managing partner of Surete Group, a consultancy dealing with improved customer retention for Internet companies by increasing trust and reducing negative user experiences. Prior to this for almost 5 years Alastair headed Trust & Safety at eBay Australia and later eBay Asia Pacific. He was a Federal Agent with the Australian Federal Police for 15 years, his final assignment as the founding Director of the Australian High Tech Crime Centre.

Dr. Jason Smith from CERT Australia
Dr Jason Smith is an assistant director at the national CERT, CERT Australia, which is part of the Attorney-General's Department. He is an experienced cyber security researcher and consultant, having provided consultancy services over the last decade on information infrastructure protection to government and critical infrastructure utilities.

Since joining government Jason has been involved in the development and execution national scale cyber exercises and the advanced cyber security training for control systems conducted by the US Department of Homeland Security.

Jason holds a degree in software engineering and data communications, a PhD in information security and is an Adjunct Associate Professor at the Queensland University of Technology.

About CERT Australia

Jacob West
Jacob West is Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard. West is a world-recognized expert on software security and brings a technical understanding of the languages and frameworks used to build software together with extensive knowledge about how real-world systems fail. In 2007, he co-authored the book "Secure Programming with Static Analysis" with colleague and Fortify founder Brian Chess. Today, the book remains the only comprehensive guide to static analysis and how developers can use it to avoid the most prevalent and dangerous vulnerabilities in code. West is a frequent speaker at industry events, including RSA Conference, Black Hat, Defcon, OWASP, and many others. A graduate of the University of California, Berkeley, West holds dual-degrees in Computer Science and French and resides in San Francisco, California.

Jeremiah Grossman
Jeremiah Grossman is the Founder and CTO of WhiteHat Security, where he is responsible for Web security R&D and industry outreach. Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, NY Times and many other mainstream media outlets. As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on five continents at hundreds of events including BlackHat, RSA, ISSA, and others. He has been invited to guest lecture at top universities such as UC Berkeley, Stanford, Harvard, UoW Madison, UCLA, and Carnegie Mellon. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. Before founding WhiteHat, Mr. Grossman was an information security officer at Yahoo!

Mr. Grossman was recently a speaker at TEDxMaui. Learn more here.

Rafal Los
Rafal Los, Chief Security Evangelist for Hewlett-Packard Software, combines over a decade of subject-matter expertise in information security and risk management with a critical business perspective. From technical research to building and implementing enterprise application security programs, Rafal has a track record with organizations of diverse sizes and verticals. He is a featured speaker at events around the globe, and has presented at events produced by OWASP, ISSA, Black Hat, and SANS among many others. He stays active in the community by writing, speaking and contributing research, representing HP in OWASP, the Cloud Security Alliance and other industry groups. His blog, Following the White Rabbit, with his unique perspective on security and risk management has amassed a following from his industry peers, business professionals, and even the media and can be found at http://hp.com/go/white-rabbit. Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization's security and risk-management strategy internally and externally. Rafal prides himself on being able to add a 'tint of corporate realism' to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.


 * Threat Profiling the Mobile Application Ecosystem:The flood gates of the mobile age have swung wide open, and whether your organization is prepared or not - mobile applications utilizing cloud resources are the future. As organizations race to release ‘mobile’ versions of applications that do everything from home automation to managing your medications and health history, software security assurance is paramount from both regulatory and risk management perspectives. This requires an entirely different approach than simply running scans or handing off your source code to be ‘audited.’ Analyzing the source code, the mobile application, remote application interfaces and the communication protocols between them are critical to understanding the complete threat profile of the mobile application. Simply looking at one of these components can provide a dangerously misleading representation and lead to increased risk exposure. Rafal will discuss the full threat profile of mobile applications, including their real attack surface and provide thoughts on the future of mobile applications as enterprises migrate further into cloud computing.

=Sponsors=

The Conference Committee is excited to announce that the conference has been openly supported by the following vendors and associations. Without the great support of these companies and organisations the 2012 event would not be what it is today.

Diamond & Platinum Sponsors The OWASP Conference 2012, welcomes our sponsors for Diamond and Platinum. There are still spaces available for sponsorship, but it's closing fast.

More information is available on our sponsorship packages by viewing the sponsor pack. Contact our Committee for more information.

Gold & Silver Sponsors The OWASP Conference 2012, welcomes our sponsors for Gold and Silver. The conference still has availability for other Gold and Silver sponsors.



Associations & Supporters We are proudly supported by the following Industry Associations and Media outlets.



=Call For Papers=

The OWASP AppSec AsiaPac 2012 Call for Papers (CFP) is now open. Visit the following URL to submit your abstract for the April 13-14, 2012 talks in Sydney Australia:

http://sl.owasp.org/apac2012talks

'''We will make the first round of selections, based on the CFPs we have received by February 17, 2012. The final closing date for submissions is Friday, March 3, 2012. '''We look forward to talk submissions over the coming weeks from security practitioners, researchers, thought leaders, and developers in the following content areas:


 * Research in Application Security Defense (Defense & Countermeasures)
 * Research in Application Security Offense (Vulnerabilities & Exploits)
 * Web Application Security
 * Critical Infrastructure Security
 * Mobile Security
 * Government Initiatives & Government Case Studies
 * Effective case studies in Policy, Governance, Architecture or Life Cycle
 * OWASP Projects (turbo talks)

Speakers will receive free admission (nontransferable) to the conference in return for delivering a 50 minute talk or for delivering a 25 minute OWASP Projects turbo talk.

Speaker Forms
Speaker Agreement

=Call for Trainers=

OWASP AppSec AsiaPac 2012 is currently soliciting training providers for the conference. Visit the following URL to submit your training proposal for the April 11-12, 2012 training days in Sydney Australia: http://sl.owasp.org/apac2012training

The following conditions apply for people or organizations that want to provide training at the conference:


 * Training provider should provide class syllabus / training materials.
 * Proceeds will be split 75/25 (OWASP/Trainer) for the training class.
 * OWASP will provide the Venue, Marketing with Conference materials, Registration and basic AV
 * Trainers will cover travel and accommodations for the instructor(s) and all course materials for students
 * OWASP will reserve up to 2 training slots at no cost and the trainer may reserve up to one slot at no cost
 * Price per attendee: 2-Day Class $995/ 1-Day Class $595
 * Trainers can brand training materials to increase their exposure
 * Classes are to be focused around Application Security but are in no way limited to web application security.

'''We will make the first round of selections, based on the Training proposals we have received by February 17, 2012. The final closing date for submissions is Friday, March 3, 2012.''' Submit proposals to http://sl.owasp.org/apac2012training. All trainers will be required to submit a Training Instructor Agreement in order to have their classed scheduled.

Please forward to all interested practitioners and colleagues.

Trainer Forms
Training Instructor Agreement

=OWASP Track= The Call for Papers for the OWASP Track at Global AppSec AsiaPac is now open. OWASP leaders with interesting projects/activities can submit here: https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHB4VGJPWmV5cUxBRmJuY1pETklrcEE6MQ. The CFP for will close on Feburary 15th 2012.

Submissions must:
 * Be about active OWASP Projects or activities
 * Be in a 50 Minute or 15 Minute format (final schedule will be determined in conjunction with the event)
 * Authors must agree to the OWASP Speaker Agreement
 * Comply to the applicable Global Conference Committee Policies (related to all events & speakers)
 * Be OWASP branded, no company templates (presenters must limit mention of their employer to a company logo on the concluding slide of their presentation)

Recommendations:
 * Presentations that provide a link to a recording of previous presenter performance will be scored significantly higher
 * Presentations on active projects will be scored higher
 * Some projects will be determined as once OWASP wants to highlight so new project leaders should not be discouraged if they have great presentation skills

The OWASP Track initiative, jointly led by the Global Conferences Committee and the Global Projects Committee, is a new effort to help OWASP promote our projects and activities at our own major conferences. The goal of this track is to highlight and promote OWASP and offer our leaders a chance to showcase their activities. As such this is a different CFP than one typically issued, submissions should highlight a particular OWASP project or activity that is important to the community at large. The joint GCC/GPC program committee will be judging these submissions on a variety of factors, including project/activity maturity, strategic value to OWASP, relevance to the event audience, and past presentation performance. We intend to highlight brand new projects and activities along with established ones, so new project leaders should not be discouraged from applying! Keep in mind though that we are looking for polished presentations so it will help your submission if you can demonstrate that your project/activity has made recent strides in improving quality. There are limited OWASP funds to support travel for selected presenters, we will ask that presenters first solicit funding from their employers for travel to the event.

Presenters that perform well in their OWASP Track talk will be invited to join the OWASP Speakers Group.

Regards, Global Conferences Committee, Mark Bristow, Chair Global Projects Committee, Jason Li, Chair

=Chapter Leader Workshop=

=Venue=

We're excited to announce that the location of the OWASP Conference for Appsec Asia 2012 will be held at:

Four Points Sheraton, Darling Harbour 161 Sussex Street Sydney, New South Wales 2000 Australia

The facility provides hotel rooms and conference facilities, OWASP has secured cheap room rates directly in the hotel for the duration of the event.

If you don't know your way around Sydney, here's the Google Maps link to the Hotel.

http://maps.google.com.au/maps/place?q=Four+Points+by+Sheraton+Sydney,+Sussex+Street,+Sydney,+New+South+Wales&hl=en&cid=7369128618339939693



We are using both the Ground and upper levels. The majority of the event will be held on the ground level, including all breaks etc. Attendees will find the registration and conference desk located at the Ground level near Hotel Reception. (You're not going to get lost, as we take up most of the ground level for this event.)

Further details about venue locations will be posted when they become available.

=Travel and Accommodations= For assistance with any of the items below, feel free to utilize OWASP's preferred travel agency: Segale Travel Service contact information is: +1-800-841-2276 Sr. Travel Consultants: [mailto:mariam@segaletravel.com Maria Martinez]...ext 524 [mailto:linnv@segaletravel.com Linn Vander Molen]...ext 520

Additionally, the [mailto:appsecasia2012@owasp.org Conference Planning Team] is available to answer any questions!

Accommodation
We've been able to arrange for accommodation within the Four Points Sheraton Hotel(where the training and conference will be held) for attendees. These rooms have been allocated at a special rate, and available strictly for a limited time. To book these rooms at the special rate, you need to use the booking link shown below. These rooms are available one night either side of the event ensuring that if you are travelling interstate or international it's easy to find a room at a good rate. The room rate allocated for the event is $200 AUD Inclusive per night.

Four Points Sheraton, Darling Harbour 161 Sussex Street Sydney, New South Wales 2000 Australia

http://www.starwoodmeeting.com/Book/OWASP

Travel Domestic
The OWASP Conference is to be held in Sydney at the Darling Harbour precinct. Hotel Location, http://maps.google.com.au/maps/place?q=Four+Points+by+Sheraton+Sydney,+Sussex+Street,+Sydney,+New+South+Wales&hl=en&cid=7369128618339939693

International Travel
The Sydney International Airport is located adjacent to the Domestic terminal. Similar taxi fares to the city and hotel venue apply. If you are travelling by train, you can ride the train from the International terminal all the way to the Town Hall station as above.

Airport Transportation

 * Any major Airline carrier will fly you into Sydney Airport, from here, you can take a Taxi (Approx $35-40 AUD).
 * KST Sydney Airport Shuttle -- $18AUD oneway/ $32AUD roundtrip
 * Another option is the train from the Airport, which you can ride all the way into the closest station which is Town Hall. From this stop the hotel is a small downhill walk (no more then 5-10mins) from the station.

Driving Instructions
From Sydney Airport (South)

Travel along Southern Cross Drive and take the South Dowling Street exit.

Turn right onto Dacey Avenue.

At the second set of traffic lights turn left onto Anzac Parade.

Follow Anzac Parade past Moore Park on your right; Anzac Parade will become Flinders Street.

Turn left onto Oxford Street and follow to Liverpool Street; Hyde Park will be on your right.

Continue along Liverpool Street and turn right onto Kent Street.

Travel five blocks and turn left onto Erskine Street.

Immediately turn left again onto Sussex Street. The hotel will be on your right.

From East

Proceed along New South Head Road. Continue onto William Street and then onto Park Street; Hyde Park will be on your right.

Proceed along Park Street as it becomes Druitt Street and turn right onto Kent Street.

Travel approximately three blocks and turn left onto Erskine Street.

Immediately turn left again onto Sussex Street. The hotel will be on your right.

From West

Proceed along the Western Distributor towards the city taking the City North exit followed by the Sussex Street South Exit.

Turn right onto Sussex Street, the hotel will be on your right.

From North

Take the Pacific Highway/Warringah Highway and proceed over the Sydney Harbour Bridge.

Take the York street exit off the bridge and continue along before turning right into Erskine Street.

Proceed approximately three blocks before turning left into Sussex Street. The hotel will be on your right.

=FAQ=

Place holder for FAQ

=Conference Committee=

Justin Derry - Planning Committee Co-Chair Andrew van der Stock - Planning Committee Co-Chair Mohd Fazli Azran - Global Conference Committee Liaison Sarah Baso - OWASP Operational Support

If you are interested in helping out with this conference or have any questions, please contact us at: appsecasia2012@owasp.org