OWASP IRELAND 2010



Welcome to the Irish OWASP Application Security Conference!

On September 17th, 2010 OWASP held its second Irish Application Security conference in Dublin University, Trinity College, Dublin, Ireland.

The conference consisted of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.

 

Photos
Also, the social event after the conference is taking place at the Dandelion Pub... here is the link to get you there:

http://maps.google.ie/maps/place?hl=en&amp;um=1&amp;ie=UTF-8&amp;q=dandelion&amp;fb=1&amp;gl=ie&amp;hq=dandelion&amp;cid=9923837943994444337

And finally, if your are a twitter fan here is the hashtag for AppSec Ireland 2010: #appsecireland

Special RAFFLE: The draw for the Visual Studio 2008 Training raffle took place 3rd September 2010 at the New Horizons Ireland offices in central Dublin.

Alan Deery, Sales Manager at New Horizons Ireland, pulled the winning ticket (http://www.owasp.org/index.php/File:P1050389.JPG)

And the winner is... Chris Adams, please contact Alan Deery or Fabio Cerullo to provide you further details on how to claim your prize.

Congratulations to the winner and a big thank you to everyone who took part.

OWASP Ireland 2010 is only two weeks away, so grab your ticket fast!

http://www.owasp.org/index.php/OWASP_IRELAND_2010

For more details please contact: Eoin.Keary 'at' owasp.org

Event Sponsorship
OWASP is providing sponsors exclusive access to its audience in Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers. The conference is expected to draw 150 - 200 technologists who will be looking for ways to spend their remaining 2010 budget and planning for 2010/11. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented. Sponsorship details are available here: Please review or sponsorship proposal: Click_here

Sponsors
Silver Sponsors CENZIC - Cenzic provides software and SaaS solutions for dynamic, black box testing of Web applications to protect Websites against hacker attacks.Built from the ground up on a completely different technology backbone than its competitors, Cenzic goes beyond signature-based tools to find more "real" vulnerabilities. To request a free demo please visit http://www.cenzic.com

Veracode is the world’s leader in cloud-based application risk management. With patented binary code analysis, dynamic Web assessments, and partner or Veracode-delivered manual penetration testing, combined with developer e-learning and access to open source security ratings, Veracode SecurityReview® allows customers to independently verify application security in both internally developed applications and third-party software without requiring source code or expensive tools. Veracode provides the most simple, complete and accurate way to implement security best practices, reduce operational cost and comply with internal security policies or external standards such as OWASP Top 10, CWE/SANS Top 25 and PCI. Veracode works with global organizations across multiple vertical industries including Barclays PLC, California Public Employees’ Retirement System (CalPERS), Computershare, and the Federal Aviation Administration (FAA). For more information, visit www.veracode.com http://www.veracode.com/ Fortify® Software is the leader in the emerging category of Software Security Assurance (SSA). Fortify's SSA products and services protect companies from the threats posed by security flaws in business-critical software applications and result in applications that are inherently more secure and impervious to attack. Our solutions help identify and resolve critical application vulnerabilities in less time and at lower cost. http://www.fortify.com IBM Rational® offers Web site security, Web site compliance, and application security solutions for the most comprehensive approach to assessing vulnerabilities in networked applications and critical Web sites. IBM Rational AppScan® and IBM Rational Policy Tester®, Web site security, compliance, and application security solutions, can help you avoid these risks. Our solutions automate application and content analysis. They help you identify vulnerabilities, assess compliance requirements, and improve the accuracy and reliability of online systems. IBM home page: www.ibm.com/ie

Agenda and Presentations - September 17
The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.

= Training =

We intend to hold some application security training on the 16/09/2010 the day prior to the event. This can be booked when booking a ticket to the event.

Secure Application Development: Writing secure code (and testing it)
Trainers:

Eoin Keary Senior Manager, Ernst &amp; Young, OWASP Board Member

Rahim Jina Senior Consultant, Ernst &amp; Young, OWASP Ireland chapter board.

Abstract Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand.

Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

This course includes coverage of the following areas:


 * Unvalidated Input
 * Injection Flaws
 * Cross-Site Scriping
 * CSRF
 * Authentication &amp; Session Management
 * Access control &amp; Authorisation
 * Broken Caching
 * Error Handling &amp;Resource Management
 * Cryptography
 * Rich Internet Applications
 * The Secure SDLC

Hands on

To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat etc) that has been seeded with common web application vulnerabilities. The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises.

Audience

Developers who want to understand the most common web application security flaws, and how to avoid them and code in a secure manner

Level

Intermediate

Prerequisite

Basic knowledge of a web programming language like Java or .NET recommended but not required.

Bringing your own windows based laptop is recommended so you can participate in the hands on exercises.

Duration

Full day - 8 Hours

= Venue =

Trinity College, Dublin Map of hamilton Building Location

Dining Hall location

= Transportation =

By Air
Fly to Dublin Airport: http://www.dublinairport.com/ A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus)

Public Transport
= Accommodation =

Recommended Hotel:

A hotel has been block booked in the middle of the city for the OWASP Event in Dublin in September: http://www.owasp.org/index.php?title=OWASP_IRELAND_2010 The rooms have been booked for the 16th and 17th September and shall be held for OWASP until September 3rd. Hotel in question is The Morgan Hotel: http://www.themorgan.com/ Rate - 150 euro per room per night, bed and breakfast  Please quote "Trinity College" and contact hotel reservations 01 6437061 or email reservations@themorgan.com

Trinity College:

Please see here if you wish to stay within the grounds of Trinity College: http://www.owasp.org/images/2/20/TCD_Tariff_2009.pdf

Hotels Surrounding Trinity College:

http://maps.google.com/maps?near=Dame+Street,+College+Green,+Dublin+2,+Ireland+(Trinity+College+Campus)&amp;geocode=Cfm6cyTmqt_IFev1LQMdLZCg_yFJu3aKhBD7GA&amp;q=hotels&amp;f=l&amp;dq=Trinity+College+loc:+Dublin+Ireland&amp;sll=53.341482,-6.258302&amp;sspn=0.012043,0.037637&amp;ie=UTF8&amp;ei=U6TMSZSzKpSw2QLG_-CUCA&amp;attrid=1036f063d3d0dafc_&amp;ll=53.343711,-6.254568&amp;spn=0.012042,0.037637&amp;z=15

= Registration =

Conference fees (17th September): Standard: €150 Euro OWASP Members: €100 Euro

Training fees (16th September): €495 Euro Membership of OWASP is not required to attend the event or the training.

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

Cvent Registration Link: Click-Here

= Conference Committee =

2010 Ireland Planning Committee Chair:

Eoin Keary - eoin.keary 'at' owasp.org

Fabio Cerullo - fcerullo 'at' owasp.org

Rahim Jina - rahim.jina 'at' owasp.org

= Call for Papers =

The Conference will consist of two tracks covering both technical and risk management topics.

We are seeking presentations on any of the following topics:


 * Web Services and Application Security
 * Common Application related Threats and Risks
 * Business Risks with Application Security
 * Vulnerability Research in Application Security
 * Web Application Penetration Testing
 * OWASP Tools and Projects
 * Secure Coding/Development Practices
 * Technology specific presentations on security such as AJAX, XML, etc.
 * Anything else relating to OWASP and Application Security.

The call for papers/presentations is out. The official closing date for receiving a synopsis of the presentation is June 10th, 2010. Announcements on selected candidates will be provided the first week of July 2010. Complete presentations will need to be submitted by the 2nd of August 2010.

All presenters will receive free invitation to the conference, food and refreshments.

For some speakers, OWASP will cover some of the travel costs associated with coming to the conference.

Please submit your presentation topics and an abstract of up to 500 words to Eoin Keary &lt;mailto: Eoin.keary@owasp.org&gt;