OWASP New Zealand Day 2012

OWASP New Zealand Day 2012 31st August 2012 - Auckland

https://www.owasp.org/images/a/ad/Owaspnz2012logo.png

= Introduction =

Introduction
We are proud to announce the fourth annual OWASP New Zealand Day conference, to be held at the University of Auckland on Friday August 31st, 2012. OWASP New Zealand Day is a one-day conference dedicated to web application security, with an emphasis on secure development techniques to help Kiwi developers build more secure applications.

Based on feedback from last year, the structure of the conference will be slightly different this time.


 * We will be offering training on the day before the conference (Thursday August 30th) rather than at the same time as the conference.
 * After lunch on the conference day, we will split to two tracks - one focused on deep technical topics, the other on policy, compliance and risk management.

The fourth OWASP New Zealand Day will be happening thanks to the support provided by the University of Auckland School of Business, which will kindly offer the same conference venue of the last three years. Entry to the event will, as in the past, be free.

For any comments, feedback or observations, please don't hesitate to contact [mailto:nick.freeman@owasp.org?cc=adrian.hayes@owasp.org us].

Important dates

 * CFP & CFT closes:		 		15th July 2012
 * Conference Agenda due: 			30th July 2012
 * Conference Registration deadline: 		20th August 2012
 * Training Registration deadline: 		20th August 2012
 * Training Day date: 				30th August 2012
 * Conference Day date: 				31st August 2012

Conference Venue
The University of Auckland Business School Owen G Glenn Building Room: OGGB 260-073 (OGGB4) Address: 12 Grafton Road Auckland New Zealand Map

Topics
The OWASP Days have always offered a forum for discussion and exchange of ideas among researchers and practitioners who present their experiences and discuss issues related to Web Application Security from a higher level to a technical point of view.

Conference topics may include, but are not limited to:


 * OWASP Project Presentation (i.e Tool Updates/Project Status etc)
 * Threat modelling of web applications
 * Privacy Concerns with Applications and Data Storage
 * Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)
 * Baseline or Metrics for Application Security
 * Countermeasures for web application vulnerabilities - secure coding practices
 * Web application security
 * Platform or language (e.g. Java, .NET) security features that help secure web applications
 * Secure application development
 * How to use databases securely in web applications
 * Security of Service Oriented Architectures
 * Access control in web applications
 * Web services security
 * Browser security
 * PCI
 * Risk management
 * Security concepts for C*Os, project managers and other non-technical attendees

Conference Committee

 * Nick Freeman - OWASP New Zealand Leader (Auckland)
 * Adrian Hayes - OWASP New Zealand Leader (Wellington)
 * Lech Janczewski - Associate Professor - University of Auckland School of Business

Please direct all enquiries to nick.freeman@owasp.org and adrian.hayes@owasp.org.

= Call For Sponsorships =

Call For Sponsorships
As mentioned above, OWASP New Zealand Day 2012 will be held in Auckland on the 31st of August, 2012. OWASP New Zealand Day is a security conference entirely dedicated to web application security. The conference is once again being hosted by the University of Auckland with their support and assistance. OWASP New Zealand Day 2012 is a free event, but requires sponsor support to help be an instructive and quality event for the New Zealand community. OWASP is strictly non for profit. The sponsorship money will be used to help make OWASP New Zealand Day 2012 a free, compelling and valuable experience for the audience.

The sponsorship funds collected are to be used for things such as:


 * Refreshments (coffee break/lunch) - we want to keep people refreshed during the day; while we certainly bring good and interesting speakers, we don't want people to go home when they become hungry.
 * Name tags - we feel that getting to know people within the New Zealand community is important, and name tags make that possible.
 * Promotion - up to now our events are propagating by word of mouth. We would like to get to a wider audience by advertising our events.
 * Printed Materials - printed materials will include brochures, tags and lanyards.

Facts
Last year, the event was supported by 5 sponsors and attracted more than 200 participants. Plenty of constructive (and positive!) feedback from the audience was received and we are using this to make the conference more appealing to more people. For more information on last year's event, please visit: https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2011

The OWASP New Zealand community is strong and there are more than 220 people currently subscribed to the mailing-list. OWASP New Zealand Day is expected to attract between 200 and 250 attendees this year.

OWASP regular attendees are IT project managers, IT security managers, IT security consultants, web application architects and developers, QA managers, QA testers and system administrators.

Sponsorships
There are three different levels of sponsorships for the OWASP Day event:

Includes:
 * Support Sponsorship: (Covering international speaker travel expenses, media coverage/article/promotion of the event)

- Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012


 * Silver Sponsorship: 1500 NZD

Includes:

- Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012 - The publication of the sponsor logo in the event site, in the agenda, on the flyers, brochure and in all the official communications with the attendees at the conference. - The possibility to distribute the company brochures, CDs or other materials to the participants during the event.


 * Gold Sponsorship: 2750 or 3500 NZD (see below)

Includes:

- The publication of the sponsor logo in the event site, in the agenda, on the handouts and in all the official communications with the attendees at the conference. - The possibility to distribute the company brochures, CDs or other materials to the participants during the event. - Publication of the sponsor logo on the OWASP New Zealand Chapter page - Sponsor logo on the OWASP NZ site prior and during the OWASP Day event - https://www.owasp.org/index.php/New_Zealand - Publication of the sponsor logo on the event web site - https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2012 - Sponsor dedicated space at the conference (sponsor booth) to show products/services to the attendees during coffee breaks, lunch and snack breaks. If a booth is not required, the Gold Sponsorship fee is 2750 NZD instead of 3500 NZD.

Those who are interested in sponsoring OWASP New Zealand 2012 Conference can contact the [mailto:nick.freeman@owasp.org?cc=adrian.hayes@owasp.org OWASP New Zealand Board].

= Call For Papers =

Call for Papers
OWASP New Zealand Day conferences attract a high quality of speakers from a variety of security discliplines including web developers, system administrators, penetration testers, policy specialists and more. There tends to be a bias towards talks aimed at developers in an effort to provide as much assistance to Kiwi development houses, however this year the conference will consist of three tracks covering both technical and risk management topics. We are looking for presentations on a wide variety of web application security topics, including but not limited to:


 * OWASP Project Presentation (i.e Tool Updates/Project Status etc)
 * Threat modelling of web applications
 * Privacy Concerns with Applications and Data Storage
 * Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)
 * Baseline or Metrics for Application Security
 * Countermeasures for web application vulnerabilities - secure coding practices
 * Web application security
 * Platform or language (e.g. Java, .NET) security features that help secure web applications
 * Secure application development
 * How to use databases securely in web applications
 * Security of Service Oriented Architectures
 * Access control in web applications
 * Web services security
 * Browser security
 * PCI
 * Risk management
 * Security concepts for C*Os, project managers and other non-technical attendees

The timeline for submissions is as follows:

15th Jul 2012: The official closing date for receiving a synopsis of the presentation. 31st Jul 2012: Announcements on selected candidates will be provided. 20th Aug 2012: Complete presentations will need to be submitted.

The email subject must be "OWASP New Zealand 2012: CFP" and the email body must contains the following information/sections:


 * Name and Surname
 * Affiliation
 * Address
 * Telephone number
 * Email address
 * List of the author's previous papers/articles/speeches on the same topic
 * Title of the contribution
 * Type of contribution: Technical or Informative
 * Abstract (up to 500 words)
 * Why the contribution is relevant for OWASP New Zealand 2012
 * If you are not from New Zealand, will your company support your travel/accomodation costs - Yes/No

The submission will be reviewed by the OWASP New Zealand Day CFP Review Board and the highest voted talks will be selected and invited for presentation.

PLEASE NOTE:
 * Due to limited budget available, expenses for international speakers cannot be covered.
 * If your company is willing to cover travel and accomodation costs, the company will become "Support Sponsor" of the event.

Please submit your presentation topics and an abstract of up to 500 words to Nick Freeman and Adrian Hayes - nick.freeman@owasp.org & adrian.hayes@owasp.org

= Call For Trainers =

Call For Trainers
We are happy to announce that training will run on Thursday August 30th 2012, the day before the OWASP Day conference. The training venues will be auditoriums kindly provided by the University of Auckland, in the same building as the OWASP Day conference itself. Classes will contain up to 20 students, and each seat has a power point for laptop usage.

We have secured two auditoriums for the whole day, allowing for 2-4 sessions depending on their duration. Half-day or full-day courses will be considered.

Examples of training topics:

+ Securing web services + Introduction to the OWASP Top 10 + Hardening web servers + Mobile app security

If you are interested in running one of the training sessions, please contact myself or Adrian Hayes with the following information:

- Trainer name - Trainer organisation - Telephone + email contact - Training title - Trainer requirements (e.g. a projector) - Trainee requirements (e.g. laptop, VMWare/Virtualbox etc) - Training summary (less than 500 words) - Target audience (e.g. testers, project managers, security managers, web developers) - Skill level required (Basic / Intermediate / Advanced) - A few sentences about why you think this training is important to web application security - What attendees can expect to learn (key objectives) - Short Trainer bio - List of published papers/presentations - Course outline E.g.: 1. Topic 1 > Sub Topic 1.a 		> Sub Topic 1.b 		> Exercise 1 2. Topic 2 3. Topic 3 > Sub Topic 3.a 	       > Demo > Sub Topic 3.b

The fixed price per head for training will be $250 for a half-day session and $500 for a whole-day session. As this training is part of an OWASP event, part of the proceeds go back to OWASP. The split is as follows: - 25% to OWASP Global - used for OWASP projects around the world - 25% to OWASP NZ Day - used for expenses such as catering during the conference - 50% to the training provider.

If you have any further queries, or wish to submit a training course, please send the above information to the following email addresses: - nick.freeman@owasp.org - adrian.hayes@owasp.org

Accepted training sessions will be announced on July 31st 2012, together with the presentations.

= Conference Dates =

Conference Dates
Please find below important dates for the conference:


 * CFP & CFT closes:		 		15th July 2012
 * Conference Agenda due: 			30th July 2012
 * Conference Registration deadline: 		20th August 2012
 * Training Registration deadline: 		20th August 2012
 * Training Day date: 				30th August 2012
 * Conference Day date: 				31st August 2012

= Conference Committee =

OWASP New Zealand Day 2012 Organising Committee

 * Nick Freeman - OWASP New Zealand Leader (Auckland)
 * Adrian Hayes - OWASP New Zealand Leader (Wellington)
 * Lech Janczewski - Associate Professor - University of Auckland School of Business