Italy OWASP Day 2
Centro Congressi dell'Università di Roma "La Sapienza"
31st March 2008 - Roma
Welcome to the OWASP Day II Italy Conference for 2008. Following on from the great success of OWASP Day I in 2007 the second conference has taken place in March 2008.
- The conference represents a day of Web App Sec debate for all the OWASP chapters in the world during the week from 31st March to 5th April.
- Thanks to the collaboration with the Master in Information Security of the "La Sapienza" University, last 31st March we hosted the Conference: "The State of the Art of the Web Application Security and the OWASP guidelines in the Companies".
- OWASP Day 2 was an all day Conference.
- The evolution of attacks and countermeasures for the security in the Web Application.
- Case studies of how the Companies have adopted the OWASP Guidelines in their SDLC.
Organization and goals:
- The event showed several points of discussion: during the first phase we talked from a higher level of the topic, and then we discussed the problem from a technical point of view.
- As conclusion of the day, we organized a round table with international guests discussing the more interesting subjects come out during the event.
- Conference goal was that to create a debate on which will be the evolution of the Web Application Security.
We received more than 250 subscriptions and more than 200 attendees!
OWASP Day II Italy - Conference Schedule - Presentations are on-line!
THE AGENDA WAS:
|9.30h||"Welcome and opening of the works"
Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.
|9.45h||"Introduction to the OWASP Day II"
Matteo Meucci - OWASP-Italy Chair, CEO Minded Security
|10.00h||"L'approccio di Telecom Italia allo sviluppo sicuro delle applicazioni"
Marco Bavazzano - CISO TELECOM Italia
|10.30h||"SQL Injection tricks: building the bridge between the Web App and the Operating System"
Alberto Revelli - Portcullis Computer Security
|11.00h||"Le problematiche di Web Application Security: la visione di ABI Lab"
Matteo Lucchetti - ABI Lab
|11.30h||"OWASP Backend Security Project"
Carlo Pelliccioni - Spike Reply
|14.00h||"Web Services and SOA Security "
Laurent Petroque - F5
|14.30h||"How to start a software security initiative within your organization: a maturity based and metrics driven approach."
Marco Morana - OWASP USA Chapter Lead, TISO Citigroup
|15.00h||"Secure Programming with Static Analysis"
Jacob West - Head of Fortify Software's Security Research Group
|15.30h||"The Owasp Orizon project: internals and hands on"
Paolo Perego - Spike Reply
|16.30h||"Internet Banking and Web Security"
Giorgio Fedon - Minded Security
|17:00h||Round table: Quali sono le contromisure che le aziende stanno adottando ai nuovi possibili attacchi? Responsible disclosure: quale è il miglior approccio? Come si può implementare un ciclo di vita del software con processi di sicurezza garantendo un adeguato ROSI? La sensibilizzazione degli utenti: leva fondamentale al fine di implementare controlli di sicurezza?
Panelist: Raoul Chiesa - CTO @ MediaService.net, Matteo Flora - Security Evangelist,Direttore OPSI, Marco Morana - OWASP USA Chapter Lead, TISO Citigroup, Stefano Di Paola - CTO Minded Security, Paolo Cravino - Senior IT Specialist Rational Software IBM Software Group.Keynote: Matteo Meucci
- Marco Morana blog:
- Manlio Torquato interview to Matteo Meucci: http://www.oneitsecurity.it/09/05/2008/owasp-day-2-bilancio-della-conferenza-con-matteo-meucci/
- Matteo Flora on Punto Informatico:
- Matteo Flora interviewig the speakers: