AppSec Brasil 2009

Para a versão em português, veja em AppSec Brasil 2009 (pt-br)

=International Conference on Application Security=

TI-Controle and the Computing Centre of the Deputy Chamber present the First International Conference on Application Security that will happen in Brasilia, Capital of Brazil with the support of OWASP Brazilian Chapter. The Conference consists of two days of training sessions, followed by a two-day conference on a single track.

Conference Dates
The conference will happen from October 27th, 2009 to October 30th, 2009. The first two days will be tutorial days (see below). Plenary sessions will be held on October 29th and 30th.

Warning: the email appsec.brasil@camara.gov.br had a few issues receiving messages from Gmail in the last weeks. If you sent a proposal but haven't received a confirmation from us, please try again.

Call for Presentations
CALL FOR PRESENTATIONS

OWASP is currently soliciting presentations for the OWASP AppSec Brasil 2009 Conference that will take place at Câmara dos Deputados in Brasília, DF on October 27th through 30th of 2009. There will be training courses on October 27th and 28th followed by plenary sessions on the 29th and 30th with each day having one single track. The conference will be organized and supported by the TI-Controle Community (www.ticontrole.gov.br) and the Deputy Chamber (www2.camara.gov.br/english).

We are seeking people and organizations that want to present on any of the following topics (in no particular order):
 * Application Threat Modeling
 * Business Risks with Application Security
 * Hands-on Source Code Review
 * Metrics for Application Security
 * OWASP Tools and Projects
 * Privacy Concerns with Applications and Data Storage
 * Secure Coding Practices (J2EE/.NET)
 * Starting and Managing Secure Development Lifecycle Programs
 * Technology specific presentations on security such as AJAX, XML, etc
 * Web Application Security countermeasures
 * Web Application Security Testing
 * Web Services-, XML- and Application Security


 * Anything else relating to OWASP and Application Security

To make a submission you must include :
 * Presenter name
 * Additional author(s) name(s)
 * Presenter(s) Email and/or Phone number(s)
 * Presenter(s) bio(s) and, optionally, bios of the other authors
 * Title
 * Abstract
 * Presentation outline, defining all topics that will be covered by the presentation
 * Any supporting research/tools (will not be released outside of CFP committee)

Each presenter will have 45 minutes for the presentation, followed by 10 minutes reserved for questions from the audience. The presentations must respect the restrictions of the OWASP Speaker Agreement.

Important Dates:
 * Submission deadline is July 11th 2009 at 11:59 PM (UTC/GMT -3).
 * Notification of acceptance is August 7th 2009.
 * Final version is due September 5th 2009.

Proposals must be sent by email to appsec.brasil (at) camara.gov.br

For more information, please see the following web pages:
 * Conference Website: https://www.owasp.org/index.php/AppSec_Brasil_2009
 * FAQ: https://www.owasp.org/index.php/AppSec_Brasil_2009_-_FAQ
 * OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement
 * TI-Controle: http://www.ticontrole.gov.br
 * Deputy Chamber: http://www2.camara.gov.br/english

Call for Training Provider
CALL FOR TRAINING SESSIONS

OWASP is currently soliciting training proposals for the OWASP AppSec Brasil 2009 Conference which will take place at Câmara dos Deputados (Deputy Chamber) in Brasília, DF, on October 27th through October 30th 2009. There will be training courses on October 27th and 28th followed by plenary sessions on the 29th and 30th with one single track per day. The conference will be organized and supported by the TI-Controle Community (www.ticontrole.gov.br) and the Deputy Chamber (www2.camara.gov.br/english).

We are seeking training proposals on the following topics (in no particular order):
 * Application Threat Modeling
 * Business Risks with Application Security
 * Hands-on Source Code Review
 * Metrics for Application Security
 * OWASP Tools and Projects
 * Privacy Concerns with Applications and Data Storage
 * Secure Coding Practices (J2EE/.NET)
 * Starting and Managing Secure Development Lifecycle Programs
 * Technology specific presentations on security such as AJAX, XML, etc
 * Web Application Security countermeasures
 * Web Application Security Testing
 * Web Services-, XML- and Application Security
 * Anything else relating to OWASP and Application Security

Proposals on topics not listed above but related to the conference (i.e. which are related to Application Security) may also be accepted.

There may be 1 or 2-day courses. The proposals must respect the restrictions of the OWASP Speaker Agreement. The conference sponsors will provide lodging and domestic (within Brazil) air travel for one presenter per course, no other compensation is available. If you require a different arrangement, please contact the conference organization team at the email address bellow.

Important Dates:
 * Submission deadline is July 11th 2009 at 11:59 PM (UTC/GMT -3).
 * Notification of acceptance is August 7th 2009.
 * Final version is due September 5th 2009.

To make a proposal, please fill the form (http://www.owasp.org/images/4/4b/OWASP_AppSec_Brazil_09_CFT.docx) and send it by email to appsec.brasil (at) camara.gov.br

For more information, please see the following web pages:
 * Proposal form as a zipped RTF file: http://www.owasp.org/images/e/ea/OWASP_AppSec_Brazil_09_CFT_RTF.zip
 * Conference Website: https://www.owasp.org/index.php/AppSec_Brasil_2009
 * FAQ: https://www.owasp.org/index.php/AppSec_Brasil_2009_-_FAQ
 * OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement
 * TI-Controle: http://www.ticontrole.gov.br
 * Deputy Chamber: http://www2.camara.gov.br/english

FAQ
Q. Who is promoting the conference?

A. This conference is being supported and organized by the TI-Controle Community and the Deputy Chamber, with the contents (presentations, keynotes, training, etc) selected by the OWASP Brazilian Chapter.

Q. What will it cost?

A. Nothing. Thanks to its sponsor, the conference will be free of charge. However we have limited seats, so please register early.

Call For Papers

Q. What is the Open Web Application Security Project (OWASP)?

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work with your support.

Q. How many speaking slots are there?

Please see the Conference Agenda in its main page.

Q. What are the submission deadlines?

The CFP submission deadline is July 11th, with the final version of the presentation material due September 15th 2009.

Q: Who is allowed to submit presentations?

A: Original authors may submit presentations for consideration. Third party representatives such as PR firms or Speaker Representatives MAY NOT submit materials on behalf of a potential speaker.

Q: Why aren't Third Parties such as PR Firms allowed to submit presentations?

A: Due to potential copyright and intellectual property liability issues as well as the need for OWASP to have direct contact with potential and selected presenters to expedite selection and deliverable materials, we require that only original authors of presentations submit for the Call for Papers. Third party representatives such as PR firms or Speaker Representatives MAY NOT submit materials on behalf of a potential speaker.

Q: Are there any restrictions on the content of the presentations?

A: Yes, all presentations must respect the rules defined in the OWASP Speaker Agreement.

Q: How long will I have to wait before I am notified if I have been accepted or denied?

A: Submitters will be notified of the status (acceptance or denial) on August 7th 2009.

Q. Is there an honorarium for presenters?

No. OWASP is committed to making its conferences available to the widest possible audience. In order to do this OWASP keeps the entrance free for the AppSec Brazil 2009 to make the conference accessible. As a result we are unable to provide a monetary honorarium but we welcome our speakers as our guests to the conference where they can network with other security professionals. We will provide lodging and domestic air travel for one presenter for each selected work.

'''Q: I have been accepted. What are the materials that I have to turn in and what are the deadlines?'''

A: The following is a list of materials that are required from each accepted presentation. Failure to proceed these materials by the deadlines set forth for the event the presentation was accepted for will result in cancellation of acceptance.
 * A confirmed Speaker Agreement (July 15th 2009)
 * Presentation in PowerPoint or Keynote format using the OWASP Template (September 15th 2009)
 * Detailed Bibliography of resources, co-authors, etc. (September 15th 2009)
 * Optional White Paper for inclusion on CD (September 15th 2009)

Q: Do I have to submit a White Paper?

A: No. We would certainly appreciate any White Papers that can be included on the conference web site but they are not required. If you have written an existing white paper to go along with your presentation, please submit it with your CFP submission. Submissions with attached White Papers will receive additional consideration. '''Q: What if I have a co-author who is not presenting. How do I cite the person(s)?'''

A: All co-authors and works that have been used should be cited in a detailed bibliography that will be published on the Conference CD.

'''Q: I have been accepted and would like to add co-presenters. Can I still do this?'''

A: No. Co-presenters should have been added at the time that the Presentation was submitted. They may attend the conference and present if they register as any other participant.

'''Q: My PR company/friends/co-workers/family would like to come see me give my presentation. Will they be allowed in for free?'''

A: Yes, but they need to register on the conference web site as any other conference participant.

Q. I have more questions

A: Email appsec.brasil@camara.gov.br concerning this event.

Keynotes
Gary McGraw

CTO, Cigital



Title: The Building Security In Maturity Model (BSIMM)

Bio: Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors, produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT), and produces the Reality Check Security Podcast for CSO Online.

Jason Li

Aspect Security

Title: Agile and Secure: Can We Do Both?

Co-author: Jerry Hoff, Aspect Security

Bio: Coming soon.

Agenda
Please see the Portuguese version of this page at http://www.owasp.org/index.php/AppSec_Brasil_2009_(pt-br)#tab=Agenda

Tutorial Days - October 27-28

OWASP will host numerous 1 and 2 day tutorial sessions prior to the conference. If you are interested in delivering a tutorial at this event, please see the Call for Training Provider.

Practical Information
Venue



The event will be held in Brasília, Brazil's Capital at: Câmara dos Deputados, Anexo II, Praça dos Três Poderes.

You can check the location at Google Maps

Registration

Will be available soon.

Accommodations

To be defined

Transportation to the Conference

To be defined

How to get to the venue?

To be defined

Registration and Conference Fees

There will be no fees for this conference, only registration is required to participate.

Committees
Conference Committee

OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org

2009 AppSec Brasil Program Committee (appsec.brasil@camara.gov.br):
 * Conference Chair: Lucas C. Ferreira (lucas.ferreira at owasp.org)
 * Tutorials Organization: Eduardo V. C. Neves (eduardo.neves at owasp.org)
 * Tracks Organization: Wagner Elias (wagner.elias at owasp.org)

Pre-Event Organization Team


 * Cassio Goldschmidt (cassio 'at' owasp.org)
 * Kuai Hinojosa (kuai.hinojosa 'at' owasp.org)
 * Leonardo Cavallari - (leo.cavallari 'at' owasp.org)
 * Thiago Lechuga (thiagoalz 'at' gmail.com)
 * Dinis Cruz (dinis.cruz 'at' owasp.org)

Event Organization Team

Links and other information
Event page on LinkedIn: http://events.linkedin.com/OWASP-AppSec-Brasil/pub/65160