Italy OWASP Day 2

From OWASP
Jump to: navigation, search
OWASP Day II: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies"

Centro Congressi dell'Università di Roma "La Sapienza"

31st March 2008 - Roma

Master.jpg



OWASP-Day Sponsors

Fortify.JPG 50px-F5_50px.jpg IBM.png Rational.gif STE.jpg Logosmallminded2.png

Introduction

Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008.

  • The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
  • Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
  • OWASP Day 2 was an all day Conference.

Topic:

Conference topics:

  • The evolution of attacks and countermeasures for the security in the Web Application.
  • Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.

Organization and goals:

  • The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
  • As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
  • Conference goal was that to create a debate on which will be the evolution of the Web Application Security.

We received more than 250 subscriptions and more than 200 attendees!


Pubblico.jpg Pubblico2.jpg Mancini2.jpg Meucci-Morana.jpg Revelli.jpg Petroque2.jpg West.jpg Morana.jpg Roundtable2.jpg


OWASP Day II Italy - Conference Schedule - Presentations are on-line!

THE AGENDA WAS:

9:00hRegistration
9.30h"Welcome and opening of the works"
Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.
9.45h"Introduction to the OWASP Day II"
Matteo Meucci - OWASP-Italy Chair, CEO Minded Security
10.00h"L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni"
Marco Bavazzano - CISO TELECOM Italia
10.30h"SQL Injection tricks: building the bridge between the Web App and the Operating System"
Alberto Revelli - Portcullis Computer Security
11.00h"Le problematiche di Web Application Security: la visione di ABI Lab"
Matteo Lucchetti - ABI Lab
11.30h"OWASP Backend Security Project"
Carlo Pelliccioni - Spike Reply
12.00hBuffet
14.00h"Web Services and SOA Security "
Laurent Petroque - F5
14.30h"How to start a software security initiative within your organization: a maturity based and metrics driven approach."
Marco Morana - OWASP USA Chapter Lead, TISO Citigroup
15.00h"Secure Programming with Static Analysis"
Jacob West - Head of Fortify Software's Security Research Group
15.30h"The Owasp Orizon project: internals and hands on"
Paolo Perego - Spike Reply
16.00hCoffe break
16.30h"Internet Banking and Web Security"
Giorgio Fedon - Minded Security
17:00hRound table: Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?

Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group.

Keynote: Matteo Meucci


Conference references

  • Marco Morana blog:

http://securesoftware.blogspot.com/2008/05/success-story-of-owasp-day-ii-here-in.html

  • Matteo Flora on Punto Informatico:

http://punto-informatico.it/p.aspx?i=2266944

  • Matteo Flora interviewig the speakers:

http://punto-informatico.it/p.aspx?i=2266944&p=3