OWASP AppSec Asia 2008 - Taiwan

Welcome to OWASP AppSec Asia 2008! We'd like to thank Delhi, Mumbai, Singapore Taiwan, Thailand, and Vietnam Chapters for helping out with the conference and for attending the conference. We are working with other chapters across Asia to see if we can invite more chapters. If you represent an Asia chapter and are interested in attending, please email Wayne (wayne.owasp@gmail.com).

OWASP AppSec Asia 2008, Conference Schedule (Oct 27th - Oct 28th)
{| style="width:80%" border="0" align="center" ! colspan="2" align="center" style="background:#4058A0; color:white" |

(2008/10/27) - Day 1
|- {| style="width:80%" border="0" align="center" ! colspan="2" align="center" style="background:#4058A0; color:white" | 08:30 - 09:30 Door opens for registration |- {| style="width:80%" border="0" align="center" ! colspan="4" align="center" style="background:#4F81BD; color:white" |

|- | style="width:33%; background:#4F81BD; color:white" align="center" | SPEAKER |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Wayne Huang, Conference Chair  |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |   |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" |    |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | YM Chen, Director, McAfee Foundstone  |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Wayne Huang, OWASP Taiwan Chapter  {| style="width:80%" border="0" align="center" ! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch |- {| style="width:80%" border="0" align="center" ! colspan="4" align="center" style="background:#4F81BD; color:white" |
 * align="center" style="width:33%; background:#4F81BD; color:white" | TIME || style="width:33%; background:#4F81BD; color:white" align="center" | SESSION
 * align="center" style="width:20%; background:#4F81BD; color:white" | 09:30- 09:40 || style="width:30%; background:#A7BFDE" align="center" | Opening welcome and an introduction to this year’s program 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 09:40-09:50 || style="width:30%; background:#A7BFDE" align="center" | Welcome by Institute for Information Industry 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 09:50-10:00 || style="width:30%; background:#A7BFDE" align="center" | Welcome by Information Security Consortium, Information Service Industry Association 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 10:00-11:00 || style="width:30%; background:#A7BFDE" align="center" |  What's Next? Strategies for Web Application Security 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 11:10-12:00 || style="width:30%; background:#A7BFDE" align="center" | Web-based Malware obfuscation: the kung-fu and the detection

|- | style="width:33%; background:#4F81BD; color:white" align="center" | SPEAKER |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Charmi Lin, Taiwan Information & Communication Security Technology Center  |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Tim Bass, OWASP Thailand Chapter  |- {| style="width:80%" border="0" align="center" ! colspan="2" align="center" style="background:#4058A0; color:white" | 14:40 - 15:00 Coffee Break |- {| style="width:80%" border="0" align="center" ! colspan="4" align="center" style="background:#4F81BD; color:white" |
 * align="center" style="width:33%; background:#4F81BD; color:white" | TIME || style="width:33%; background:#4F81BD; color:white" align="center" | SESSION
 * align="center" style="width:20%; background:#4F81BD; color:white" | 13:00 - 13:40 || style="width:30%; background:#A7BFDE" align="center" | Why Webmail systems are hard to secure--using real case studies 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 13:50 - 14:40 || style="width:30%; background:#A7BFDE" align="center" | Proxy Caches and Web Application Security--using the recent Google Docs 0-day as an example 

|- | style="width:33%; background:#4F81BD; color:white" align="center" | SPEAKER |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | PK (Taiwan Criminal Investigation Bureau)  |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Fyodor (Guard-Info)  |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Dhruv Soi (OWASP Delhi Chapter Leader), Pukhraj Singh (OWASP Delhi Chapter)  |- {| style="width:80%" border="0" align="center" ! colspan="2" align="center" style="background:#4058A0; color:white" | 17:40 - 18:40 Asia Chapter Leader’s Meeting |- {| style="width:80%" border="0" align="center" ! colspan="2" align="center" style="background:#4058A0; color:white" |
 * align="center" style="width:33%; background:#4F81BD; color:white" | TIME || style="width:33%; background:#4F81BD; color:white" align="center" | SESSION
 * align="center" style="width:20%; background:#4F81BD; color:white" | 15:00 - 15:40 || style="width:30%; background:#A7BFDE" align="center" | How bad can Web vulnerabilities be—case study on a 50 million personal records breach 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 15:50 - 16:40 || style="width:30%; background:#A7BFDE" align="center" | Tiny coding errors, big losses: real stories of website 0wnage 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 16:50 - 17:40 || style="width:30%; background:#A7BFDE" align="center" | Crossing the Chasm: Anatomy of Client-Side and Browser-Based Attacks 

(2008/10/28) - Day 2
|- {| style="width:80%" border="0" align="center" ! colspan="4" align="center" style="background:#4F81BD; color:white" |

|- | style="width:33%; background:#4F81BD; color:white" align="center" | SPEAKER |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Robert "RSnake" Hansen (SecTheory)  |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Chenxi Wang, Ph.D. (Forrester Research)  {| style="width:80%" border="0" align="center" ! colspan="2" align="center" style="background:#4058A0; color:white" | 12:00 - 13:00 Lunch |- {| style="width:80%" border="0" align="center" ! colspan="4" align="center" style="background:#4F81BD; color:white" |
 * align="center" style="width:33%; background:#4F81BD; color:white" | TIME || style="width:33%; background:#4F81BD; color:white" align="center" | SESSION
 * align="center" style="width:20%; background:#4F81BD; color:white" | 10:00- 11:00 || style="width:30%; background:#A7BFDE" align="center" | New 0-Day Browser Exploits: Clickjacking - yea, this is bad... 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 11:00- 12:00 || style="width:30%; background:#A7BFDE" align="center" | Web 2.0, Consumerization, and Application Security 

|- | style="width:33%; background:#4F81BD; color:white" align="center" | SPEAKER |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | KK Mookhey (OWASP Mumbai)  |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Alexander Meisel (OWASP Germany)  |- {| style="width:80%" border="0" align="center" ! colspan="2" align="center" style="background:#4058A0; color:white" | 14:50 - 15:10 Coffee Break |- {| style="width:80%" border="0" align="center" ! colspan="4" align="center" style="background:#4F81BD; color:white" |
 * align="center" style="width:33%; background:#4F81BD; color:white" | TIME || style="width:33%; background:#4F81BD; color:white" align="center" | SESSION
 * align="center" style="width:20%; background:#4F81BD; color:white" | 13:00 - 13:50 || style="width:30%; background:#A7BFDE" align="center" | Good Business Penetration Testing 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 14:00 - 14:50 || style="width:30%; background:#A7BFDE" align="center" | Best Practices Guide: Web Application Firewalls 

|- | style="width:33%; background:#4F81BD; color:white" align="center" | SPEAKER |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Steven Adair (ShadowServer Foundation)  |- | style="width:40%; background:#EEF0F7; color:#4A4AFF" align="center" | Alex, Chenxi, Dhruv, Fyodor,  KK, Robert, Tim Bass, Wayne, YM  |-
 * align="center" style="width:33%; background:#4F81BD; color:white" | TIME || style="width:33%; background:#4F81BD; color:white" align="center" | SESSION
 * align="center" style="width:20%; background:#4F81BD; color:white" | 15:10 - 16:00 || style="width:30%; background:#A7BFDE" align="center" | The HTTP Botnet Research: Focusing on HTTP based DDoS Botnets<BR> 
 * align="center" style="width:20%; background:#4F81BD; color:white" | 16:10 - 17:00 || style="width:30%; background:#A7BFDE" align="center" | Panel: Manual auditing or automated tools? Blackbox, whitebox, or WAF?<BR>