Italy OWASP Day 2014 Genova

Jump to: navigation, search

Back to the Italian Chapter

OWASP-Italy.PNG logo.jpg Dibris.jpg


Thanks to the collaboration with Prof. Alessandro Armando and to the availability of Gary McGraw, Ph.D. CTO, Cigital we are planning an incredible OWASP Day next 14th May.

The Conference will be hosted by the Dipartimento di Informatica Bioingegneria, Robotica e Ingegneria dei Sistemi (DIBRIS) of the University of Genova.

DIBRIS, University of Genova
Via Dodecaneso 35
Sala Conferenze III floor, room 326bis.

If you have any questions, please email the conference committee:

Use the #owaspitaly hashtag for your tweets for OWASP Italy Day 2014 (What are hashtags?)

@OwaspItaly Twitter Feed (follow us on Twitter!) <twitter>262394051</twitter>


Gary McGraw

Ph.D. CTO, Cigital

McGraw.png Yy-hats.jpg "Cyber War, Cyber Peace, Stones, and Glass Houses".

Washington has become transfixed by cyber security and with good reason. Cyber threats cost Americans billions of dollars each year and put U.S. troops at risk. Yet, too much of the discussion about cyber security is ill informed, and even sophisticated policymakers struggle to sort hype from reality. As a result, Washington focuses on many of the wrong things. Offense overshadows defense. National security concerns dominate the discussion even though most costs of insecurity are borne by civilians. Meanwhile, effective but technical measures like security engineering and building secure software are overlooked. In my view, cyber security policy must focus on solving the software security problem ­ fixing the broken stuff. We must refocus our energy on addressing the glass house problem instead of on building faster, more accurate stones to throw.

Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for SearchSecurity and Information Security Magazine, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient (acquired by Twitter), Fortify Software (acquired by HP), Raven White, Max Financial, and Wall+Main. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by SearchSecurity).


The schedule will be as follow:

  • 15:05 Gary McGraw - Cyber War, Cyber Peace, Stones, and Glass Houses
  • 16:30 Break
  • 16:45 Matteo Meucci - Introduction to OWASP and the new projects

Abstract: in this talk Matteo will introduce the OWASP Community and the major active projects. How you can be involved and create a successful OWASP project.

Bio: Matteo is the OWASP-Italy President and the OWASP Testing Guide lead from 2006. He is the CEO and a co-founder of Minded Security. Matteo has undergraduate degrees in Computer Science Engineering from the University of Bologna.

Abstract: complex web application, traditional or mobile based, have a continuosly growing presence of JavaScript and client side programming and that trend leads the focus on Client side vulnerabities to more than ever. This talk will give an overview of this kind of issues by describing attack sceneries, solutions and some approach to their identification.

Bio:Stefano is Research & Development Director of OWASP Italian Chapter. He is the CTO and co-founder of Minded Security, where he is Head of Research and Development Lab. In the last 7 years Stefano presented several cutting edge research topics, such as DOM based XSS runtime taint analysis, Expression Language Injection, Http Parameter Pollution, ActionScript Security that lead him to be in the Top Ten Web Hacking Techniques initiative for 5 consecutive years (2007-2011). He also published several security advisories and open source security tools and contributed to the OWASP testing guide.

Abstract: Social Sign On enables website visitors to authenticate to your website using their existing credentials, such as Facebook, Twitter, OpenID, etc. As a result, users don't have to initially register to your website in order to verify their identity. Social Sign On offers a variety of benefits including increased conversion rate and more accurate contextual information. Support to Social Sign On is normally achieved through the OAuth 2.0 protocol. OAuth 2.0 is a web-based protocol that provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. I this talk I will provide a gentle introduction to Social Sign On and OAuth 2.0.

Bio: Alessandro Armando is associate professor at the University of Genova, where he received his Laurea degree in Electronic Engineering in 1988 and his Ph.D in Electronic and Computer Engineering in 1994. His appointments include a postdoctoral research position at the University of Edinburgh (1994-1995) and one as visiting researcher at INRIA-Lorraine in Nancy (1998-1999). He is co-founder and leader (since 2003) of the Artificial Intelligence Laboratory (AI-Lab) at DIST. He is also head of the Security & Trust Research Unit at the Center for Information Technologies of Bruno Kessler Foundation in Trento. He has contributed to the discovery of a serious vulnerability on the SAML-based Single Sign-On for Google Apps and to the discovery and fixing of a vulnerability that leads to a Denial of Service attack on all Android devices. His current focus is on developing cutting-edge automated reasoning techniques and on using them to build a new generation of push-button software verification and debugging tools supporting the development of complex, large-scale, distributed IT applications.