OWASP AU Conference 2009
"Setting your Application Security Agenda in 2009."
Welcome to the OWASP 2009 Conference based in Australia. The conference this year follows on from an incredibly successful conference in 2008.
In 2009, we will be returning to the same venue, but will be including many more training sessions, interesting speakers both local and international. Our Agenda & Schedule are finished and online. Registrations open shortly (Jan 12th) and we have 6 weeks to the conference.
The OWASP 2009 AU conference has attracted attention from all around the world, and this year we will feature some of the most well known industry speakers and organizations to participate in the conference. No matter where you are in the world, this is the conference on security you must attend for the beginning of 2009. Bookmark this page, and keep up to date with all the relevant news for the conference. And don't forget to register.
If you have any questions relating to the conference or just want to help out, please email the AU conference chair, Justin Derry
Latest News & Information
The following latest news is available on the conference.
JAN2009 - Wiki for Conference updated, presentations online and registration open
JAN2009- Submissions have been selected, final details online and speakers allocated. Registration opens in a week.
NOV2008- Call For Papers, Presentations and Training is sent to everyone on OWASP.
NOV2008- OWASP Wiki is updated with all the relevant information about the 2009 Conference.
JUL2008- Gold Coast Convention Centre selected as the conference venue again for the 2009 event.
Wednesday 25th February 2009. OWASP and selected training partners will provide training sessions for you to attend. Each course is provided at a low cost of $650 USD to attend per person.
We have two great courses on offer this year, presented by two very well respected traininers, Andrew Vanderstock (OWASP Guide Project) and Pravir Chandra (OWASP CLASP Project). You won't want to miss these courses.
Intermediate - Application Secure Architecture/Coding Course
At every other conference or training session, you've only learnt how to destroy applications by attacking their weaknesses. The days of shooting fish in a barrel are over! In this course, you'll learn how to :
Learn about how you can identity and protect your organization's crown jewels
Create secure architectures and designs
Learn about how to protect yourself using the OWASP Developer Guide, in particular touching on:
Authentication and Identity Management
Canonicalization, Input Validation and Encoding
Accountability, Logging and Error Handling
Secure the database and services
Secure communications and storage
The course will be demonstrating how to use OWASP's ESAPI as a fundamental building block to save you slash development time, save money and be secure all at once.
We will be using OWASP's WebGoat for the demos and class exercises, so please come with the latest version of WebGoat ready to go on your laptop if you want to do the hands on component.
(Course will be delivered by Andrew Vanderstock - OWASP Guide 3.0 Author, ESAPI Project etc)
Intermediate/Advanced - In-depth Assessment Techniques: Design, Code, and Runtime
This course is targeted at those wanting to enhance their software assessment skills. Specifically, the course teaches attendees techniques for design analysis, code review, and penetration testing that uncover a wide variety of vulnerabilities and weaknesses in applications. If you have pre-existing skills and want to learn more this course is perfect. The training course will generally focus on web applications, but most information applies to software of any type. In addition, attendees will learn general methods for protecting against the security issues uncovered by each assessment technique.
The course topics include:
System decomposition for analysis
Lightweight threat/risk modeling
Identifying interfaces/attack surface
Testing business logic and edge cases
Assessing for provision of security mechanisms
Assessing for key vulnerability classes
Risk classification and weighting
Root cause analysis and patching
The course has a primary focus on intermediate/advanced assessment and testing concepts for architects and developers. Automated security assessment tools will be discussed in context, but not demoed. Delivered by Pravir Chandra.
The Conference Agenda is online. (We still have some minor updates to complete however. Check it out at.. OWASP_AU_Conference_2009_Agenda
Wednesday 25th February 2009
- Training courses with both basic and advanced training courses offered.
- Evening Welcome drinks, Cocktail party and just an opportunity to meet everyone.
Thursday 26th February 2009
- Conference begins with Keynote session, Welcome and three different tracks (Business, Technical and Workshops)
- Evening Gala Dinner (A huge hit last year) at the conference center, included food, drinks and entertainment. (meet your peers in the industry)
Friday 27th February 2009
- Conference continues with another keynote, and the three tracks.
- Afternoon wrap up with a short cocktails event from a sponsor.
The entire event will be recorded to MP3 and Video this year with all presentations coming online during the conference. See you there.
More information on presentations can be found at OWASP_AU_Conference_2009_Presentations
Conference Location & Accomodation
The Conference will be located at the Gold Coast Convention Center (Surfers Paradise, Australia).
NEW OWASP OFFER - CONRAD JUPITERS CASINO $180.00 A NIGHT.. WHEN BOOKING DIRECTLY WITH THE HOTEL MENTION YOU ARE WITH THE OWASP GROUP. You can contact conrad jupiters reservations team at +61 7 5592 8100
OWASP has managed to secure rooms available at the following hotels. These are within walking distance of the conference and are good rates for the Gold Coast. To book you will need to download the following form ([| Hotel Booking Form]) and then fax to the details included in the form. This will allow you to receive cheaper rates and book under the OWASP group. Another place to try is the WOTIF.COM web site, these sometimes have special discount rates.
Resort: Mantra Phoenician Location: Broadbeach Apartment Type Standard 1 - 2 Nights $238.00 AUD per night 3+ Nights $166.00 AUD per night
Resort: BreakFree Savannah Location: Broadbeach Apartment Type Standard 1 - 2 Nights $180.00 AUD per night 3+ Nights $135.00 AUD per night
Cost & Registration
There are multiple options available for participation:
- Conference: 2 days: 26th and 27th Feb 2009) $425.00 (USD)*Register before 02/07/09 and save an additional $25!
- Training: 1 day: $650 USD
AISA & AUSCERT Members:
- Conference: 2 days: 26th and 27th Feb 2009) $450.00 (USD)*Register before 02/07/09 and save an additional $25!
- Training: 1 day: $650 USD
Non OWASP Members:
- Conference: 2 days: 26th and 27th Feb 2009) $475.00 (USD)*Register before 02/07/09 and save an additional $25!
- Training: 1 day: $650 USD
Once again this year there will be a technology expo for all to join, as well as the opportunity for everyone to see the different technologies available in the software security market.
Sponsorship packages are available for the conference, please visit the sponsorship page for more information and contact the organizing committee Justin Derry
Platinum Sponsor: (To Be Confirmed)
For more information please contact the team below for conference details, sponsorship or registration.
OWASP Operations Director
9175 Guilford Road, Suite 300
Columbia, MD 21046, USA