Difference between revisions of "6th OWASP AppSec Conference - Italy 2007/CFP"

From OWASP
Jump to: navigation, search
 
Line 14: Line 14:
 
As in 2006, the OWASP AppSec Europe 2007 conference will feature a refereed papers track. The goal of the refereed papers track is twofold:  
 
As in 2006, the OWASP AppSec Europe 2007 conference will feature a refereed papers track. The goal of the refereed papers track is twofold:  
  
to give academic researchers in web application security the opportunity to share their research results with practitioners, and   
+
* to give academic researchers in web application security the opportunity to share their research results with practitioners, and   
 
+
* to give industry people the possibility to share experiences with the OWASP community.  
to give industry people the possibility to share experiences with the OWASP community.  
+
  
 
Hence both research papers as well as experience papers pertaining to all aspects of web application security are solicited. Papers should describe new ideas, new implementations, or experiences related to web application security.  
 
Hence both research papers as well as experience papers pertaining to all aspects of web application security are solicited. Papers should describe new ideas, new implementations, or experiences related to web application security.  
Line 22: Line 21:
 
Topics of interest include, but are not limited to:  
 
Topics of interest include, but are not limited to:  
  
Web application security   
+
* Web application security   
 
+
* Threat modeling of web applications   
Threat modeling of web applications   
+
* Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)   
 
+
* Countermeasures for web application vulnerabilities   
Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)   
+
* Secure coding techniques   
 
+
* Static and dynamic analysis of web application technologies   
Countermeasures for web application vulnerabilities   
+
* Platform or language (e.g. Java, .NET) security features that help secure web applications   
 
+
* Open source framework features that help secure web applications  
Secure coding techniques   
+
* How to use databases securely in web applications   
 
+
* Experiences or new ideas on Secure Development Lifecycles (SDLC)   
Static and dynamic analysis of web application technologies   
+
* Experiences using web application security scanning or code analysis tools   
 
+
* Access control in web applications   
Platform or language (e.g. Java, .NET) security features that help secure web applications   
+
* Trusted computing solutions for web applications  
 
+
* Non-repudiation in web applications  
Open source framework features that help secure web applications  
+
* Web services security   
 
+
* AJAX security  
How to use databases securely in web applications   
+
* Security of Service Oriented Architectures  
 
+
Experiences or new ideas on Secure Development Lifecycles (SDLC)   
+
 
+
Experiences using web application security scanning or code analysis tools   
+
 
+
Access control in web applications   
+
 
+
Trusted computing solutions for web applications  
+
 
+
Non-repudiation in web applications  
+
 
+
Web services security   
+
 
+
AJAX security  
+
 
+
Security of Service Oriented Architectures  
+
  
 
It is explicitly allowed to submit papers that have already been published, but in a publication channel with a different audience. In particular, papers that have already been presented at academic conferences are welcomed, and will be refereed on how interesting and valuable they are to an OWASP audience. Authors are encouraged to motivate in the paper why they consider the paper relevant for the OWASP audience.
 
It is explicitly allowed to submit papers that have already been published, but in a publication channel with a different audience. In particular, papers that have already been presented at academic conferences are welcomed, and will be refereed on how interesting and valuable they are to an OWASP audience. Authors are encouraged to motivate in the paper why they consider the paper relevant for the OWASP audience.
Line 62: Line 45:
 
Important dates (APPROXIMATE - will become final when the conference date is decided):  
 
Important dates (APPROXIMATE - will become final when the conference date is decided):  
  
Submission deadline (Draft Paper): Mar 1, 2007
+
* Submission deadline (Draft Paper): Mar 1, 2007
Notification of acceptance: Mar 30, 2007
+
* Notification of acceptance: Mar 30, 2007
Final version due: April 15, 2007  
+
* Final version due: April 15, 2007  
Conference: May 16th & 17th
+
* Conference: May 16th & 17th
  
 
Instructions for authors:
 
Instructions for authors:
Line 80: Line 63:
 
Martin Johns, University of Hamburg
 
Martin Johns, University of Hamburg
 
Benjamin Livshits, Microsoft Research
 
Benjamin Livshits, Microsoft Research
Andr� Mari�n, Ubizen
+
Andre Marian, Ubizen
Mattia Monga, Universit' degli Studi di Milano, Italy
+
Mattia Monga, University degli Studi di Milano, Italy
 
Johan Peeters, secappdev.org
 
Johan Peeters, secappdev.org
 
Frank Piessens, Katholieke Universiteit Leuven (chair)
 
Frank Piessens, Katholieke Universiteit Leuven (chair)
 
Erik Poll, Radboud Universiteit Nijmegen
 
Erik Poll, Radboud Universiteit Nijmegen
 
Maarten Rits, SAP Research Labs
 
Maarten Rits, SAP Research Labs

Revision as of 13:49, 7 February 2007

Preliminary Call For Papers

Refereed Papers Track at 6th Annual OWASP AppSec Conference (Europe 2007)

Date: May 16th-17th, 2007

Location: Milan, Italy

The Open Web Application Security Project (OWASP, http://www.owasp.org) is dedicated to finding and fighting the causes of insecure software. OWASP has dozens of projects and over 50 chapters worldwide focused on application security. Our high quality tools and documentation are used everywhere, including the freely available book-length "Guide to Secure Web Applications and Services", the leading web application penetration testing tool called "WebScarab", and an advanced web application security training application called "WebGoat".

The OWASP Foundation, a not-for-profit charitable organization, ensures the ongoing availability and support for this work.

The bring together application security experts, researchers and practitioners from all over the world. Industry and academia can meet to discuss open problems and new solutions in application security. The conferences offer tutorials, keynotes, and invited presentations. As in 2006, the OWASP AppSec Europe 2007 conference will feature a refereed papers track. The goal of the refereed papers track is twofold:

  • to give academic researchers in web application security the opportunity to share their research results with practitioners, and
  • to give industry people the possibility to share experiences with the OWASP community.

Hence both research papers as well as experience papers pertaining to all aspects of web application security are solicited. Papers should describe new ideas, new implementations, or experiences related to web application security.

Topics of interest include, but are not limited to:

  • Web application security
  • Threat modeling of web applications
  • Vulnerability analysis of web applications (code review, pentest, static analysis, scanning)
  • Countermeasures for web application vulnerabilities
  • Secure coding techniques
  • Static and dynamic analysis of web application technologies
  • Platform or language (e.g. Java, .NET) security features that help secure web applications
  • Open source framework features that help secure web applications
  • How to use databases securely in web applications
  • Experiences or new ideas on Secure Development Lifecycles (SDLC)
  • Experiences using web application security scanning or code analysis tools
  • Access control in web applications
  • Trusted computing solutions for web applications
  • Non-repudiation in web applications
  • Web services security
  • AJAX security
  • Security of Service Oriented Architectures

It is explicitly allowed to submit papers that have already been published, but in a publication channel with a different audience. In particular, papers that have already been presented at academic conferences are welcomed, and will be refereed on how interesting and valuable they are to an OWASP audience. Authors are encouraged to motivate in the paper why they consider the paper relevant for the OWASP audience.

For accepted papers, and where allowed by possibly existing copyrights on the paper, the papers will be published in a proceedings distributed as a technical report from the Katholieke Universiteit Leuven, Belgium.

Important dates (APPROXIMATE - will become final when the conference date is decided):

  • Submission deadline (Draft Paper): Mar 1, 2007
  • Notification of acceptance: Mar 30, 2007
  • Final version due: April 15, 2007
  • Conference: May 16th & 17th

Instructions for authors:

Submissions should be at most 12 pages long in the Springer LNCS Style for Proceedings and Other Multiauthor Volumes. Templates for preparing papers in this style for LaTeX, Word, and other word processors can be downloaded from: http://www.springer.com/sgw/cda/frontpage/0,11855,5-164-2-72376-0,00.html .

All submissions should be sent in Adobe Portable Document Format (pdf) to Frank Piessens at Frank.Piessens_at_cs.kuleuven.be.

Programme Committee:

Sebastien Deleersnyder, Ascure Lieven Desmet, Katholieke Universiteit Leuven Martin Johns, University of Hamburg Benjamin Livshits, Microsoft Research Andre Marian, Ubizen Mattia Monga, University degli Studi di Milano, Italy Johan Peeters, secappdev.org Frank Piessens, Katholieke Universiteit Leuven (chair) Erik Poll, Radboud Universiteit Nijmegen Maarten Rits, SAP Research Labs