Difference between revisions of "AppSecEU2011"

From OWASP
Jump to: navigation, search
(Created page with '__NOTOC__ ==== Welcome ==== Next June 21-24, 2010 the biggest Application Security event in Europe will take place at Trinity College Dublin, Ireland. If you have any questi…')
 
(Schedule)
 
(193 intermediate revisions by 18 users not shown)
Line 1: Line 1:
 
__NOTOC__  
 
__NOTOC__  
 +
{|
 +
|-
 +
! width="700" align="center" |
 +
! width="500" align="center" |
 +
|-
 +
| align="center" | [[Image:Banner-trinity-web.jpg]]
 +
| align="center" |
 +
*[http://www.appseceu.org AppSec EU Website]
 +
*[http://www.owasp.org/images/1/19/AppSecEU_2011_Announcement.pdf Press Release]
 +
*[[AppSecEU2011/Media Mentions|Media Mentions]]
 +
*[[AppSecEU2011/Archived|Archived]]
 +
<br> '''Follow us on:<br>[http://www.twitter.com/appseceu https://www.owasp.org/images/f/f7/Twitter.png]
 +
[http://www.facebook.com/event.php?eid=129048447162264 https://www.owasp.org/images/5/55/Facebook.png] [http://events.linkedin.com/OWASP-AppSec-Europe-2011/pub/522459 https://www.owasp.org/images/1/1a/Linkedin.png]
 +
|}
 +
  
 
==== Welcome  ====
 
==== Welcome  ====
  
Next June 21-24, 2010 the biggest Application Security event in Europe will take place at Trinity College Dublin, Ireland.
+
{| style="width: 100%;"
 +
|-
 +
| style="width: 100%; color: rgb(0, 0, 0);" |
 +
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
 +
|-
 +
| style="width: 95%; color: rgb(0, 0, 0);" |
  
If you have any questions, please email the conference chair: ireland at owasp.org
+
We are pleased to announce that the [http://www.owasp.org/index.php/Ireland-Dublin Ireland chapter] will host the OWASP AppSec Europe 2011 global conference in beautiful Dublin, Ireland. <br>
  
[[Image:Banner-trinity-web.jpg]]
+
The AppSec Europe conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.  
  
=== Sponsors  ===
+
AppSec Europe 2011 will be held at [http://www.tcd.ie/ Trinity College Dublin] ([http://maps.google.com/maps/place?ftid=0x48670e9a84b0039b:0xacb03905ec77b553&q=Trinity+College+Dublin,+College+Green,+Dublin,+Ireland&hl=es&dtab=0&sll=53.343726,-6.254372&sspn=0.015987,0.038418&ie=UTF8&ll=53.348681,-6.26873&spn=0,0&z=15 map]) on June 7th through 10th 2011. There will be training courses on June 7th and 8th followed by plenary sessions on the 9th and 10th with each day having at least three tracks. AppSec Europe may also have BOF (informal adhoc meetings), break out, or speed talks in addition to the standard schedule depending on the submissions received.
 +
<br>
 +
If you have any questions, please email the conference chair: '''appseceu at owasp.org'''
  
Diamond sponsor:<br> Slots Available
 
  
Gold sponsors:<br> Slots Available
+
'''Who Should Attend AppSec Europe 2011:'''
  
Silver sponsors:<br> Slots Available
+
*Application Developers
 +
*Application Testers and Quality Assurance
 +
*Application Project Management and Staff
 +
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
 +
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 +
*Security Managers and Staff
 +
*Executives, Managers, and Staff Responsible for IT Security Governance
 +
*IT Professionals Interested in Improving IT Security<br>
 +
<br>
 +
'''How to get to AppSec EU?'''
  
Dinner Party sponsor:<br> Slots Available
+
The OWASP AppSec EU Conference takes place in the Arts Building in the grounds of Trinity College, Dublin 2. You could find a copy of the Trinity College grounds and some directions on how to get to the Arts Building in the URL below.
  
 +
[http://www.appseceu.org/?page_id=817 AppSec EU Venue Location]
  
Lunch sponsors: <br> Slots Available
 
  
Coffee break sponsors:<br> Slots Available
 
  
Media sponsors:<br> Slots Available
+
'''Are you an exhibitor and need to load/offload materials at Trinity College?
 +
'''
 +
Below is the map to the Arts Building Loading Bay:
  
Notepad sponsors:<br> Slots Available
+
[https://www.owasp.org/images/c/ce/Campus_map_with_Arts_Building_Loading_Bay_vehicular_route.pdf Campus Map]
 +
<br><br>
  
For full sponsoring program see the Sponsoring tab above.
+
'''Have you visited our AppSec EU conference website?'''
  
=== "AppSec Research".equals("AppSec Europe")  ===
+
[http://www.appseceu.org AppSec EU Conference Website]
 +
<br><br>
  
This conference was formerly known as OWASP AppSec Europe. We have added 'Research' to highlight that we invite both industry and academia. All the regular AppSec Europe visitors and topics are welcome along with contributions from universities and research institutes.
 
  
This simply is ''the'' European conference for anyone interested in or working with application security. Co-host 2010 was the [http://dsv.su.se/en/ Department of Computer and Systems Science] at Stockholm University, offering a great venue in the fabulous Aula Magna.
+
'''Sponsorship Options'''  
  
=== Countdown Challenges -- Free Tickets to Win!  ===
+
To find out more about the different sponsorship opportunities please check the document below:
  
There will be a challenge posted on the conference wiki page on the 21st every month up until the event. The winner gets a free entrance to the conference.
+
[http://www.appseceu.org/wp-content/uploads/2011/03/AppSecEU_Sponsorship_Packages.pdf AppSec EU Sponsorship Packages]
  
=== Organizing Committee  ===
 
  
• John Wilander, chapter leader Sweden (chair)<br> • Mattias Bergling (vice chair)<br> • Alan Davidson, Stockholm University/Royal Institute of Technology (co-host)<br> • Ulf Munkedal, chapter leader Denmark<br> • Kåre Presttun, chapter leader Norway<br> • Stefan Pettersson (sponsoring coordinator)<br> • Carl-Johan Bostorp (schedule and event coordinator)<br> • Martin Holst Swende (coffee/lunch/dinner)<br> • Michael Boman (conference guide/attendee pack)<br> • Predrag Mitrovic, OWASP Sweden Board<br> • Kate Hartmann, OWASP<br> • Sebastien Deleersnyder, OWASP Board
+
<!-- Mediawiki needs all these spaces -->  
  
==== June 21-22 (Training)  ====
+
|}
  
== Schedule  ==
+
<!-- Twitter Box -->
  
==== June 23  ====
+
| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->
 +
[[Image:Appseceurope3.png]]
  
 +
{|
 +
|-
 +
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
 +
Use the '''[http://search.twitter.com/search?q=%23AppSecEU #AppSecEU]''' hashtag for your tweets for AppSec Europe 2011 (What are [http://hashtags.org/ hashtags]?)
  
 +
'''@AppSecEU Twitter Feed ([http://twitter.com/AppSecEU follow us on Twitter!])''' <twitter>228539824</twitter>
  
==== June 24  ====
+
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 +
|}
  
 +
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 +
|}
 +
<!-- End Banner -->
  
 
==== Registration  ====
 
==== Registration  ====
  
== Registration not open yet ==
+
== [http://www.regonline.com/owasp_appsec_eu_2011 '''Registration is now open!'''] ==
 +
 
 +
[[Image:RegisterNow.jpg|link=http://www.regonline.com/owasp_appsec_eu_2011]]
 +
 
 +
 
 +
===Registration Fees===
 +
{| class="wikitable"
 +
|-
 +
! Ticket Type
 +
! Before 6th April
 +
! After 6th April
 +
! After 6th May
 +
|-
 +
| Non-Member
 +
| €250
 +
| style="background: #cef2e0;" | €300
 +
| style="background: #ffffcc;" | €350
 +
|-
 +
| Active OWASP Member
 +
| €200
 +
| style="background: #cef2e0;" | €250
 +
| style="background: #ffffcc;" | €300
 +
|-
 +
| Student
 +
| €150
 +
| style="background: #cef2e0;" | €200
 +
| style="background: #ffffcc;" | €250
 +
|}
 +
 
 +
{| class="wikitable"
 +
|-
 +
! Course
 +
! Fee
 +
|-
 +
| 1 Day Training
 +
| €495
 +
|-
 +
| 2 Day Training
 +
| €990
 +
|}
  
 
Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.
 
Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.
  
== Stay Informed ... and Tell Others ==
+
<nowiki>*</nowiki> We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size&nbsp;:).
 +
 
 +
 
 +
==== June 7th-8th (Training)  ====
 +
 
 +
== Schedule  ==
 +
 
 +
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
 +
|-
 +
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T1. Threat Modeling and Architecture Review - 2-Days (June 7-8) - 990 Euro
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |  Threat Modeling and Architecture Review are the cornerstones of a preventative approach to Application Security. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the threat an application faces and how the application will handle those potential threats. This enables the risk to be accurately assessed and appropriate changes or mitigating controls recommended.
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Pravir Chandra, Fortify
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Threat Modeling and Architecture Review Class]]
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
 +
|}
 +
 
 +
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
 +
|-
 +
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T2. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days (June 7-8) - 990 Euros
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |
 +
Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of three different web applications, and the browsers connecting to them. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a fourth web application that contains keys you must find and collect. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available open source tools.
 +
 
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |
 +
Instructor: Justin Searle: InGuardians [[Image:InGuardians.png|36x39px]]
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Assessing and Exploiting Web Applications with Samurai - WTF]]
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
 +
|-
 +
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T3. Tactical Defense with ModSecurity - 2-Days - 990 Euros
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | While application flaws should ideally be fixed in the source code, this is often not a feasible task for various reasons. Web application firewalls are often deployed as an additional layer of security that can monitor, detect and prevent attacks before they reach the web application. ModSecurity, an extremely popular open source web application firewall, is often used to help protect web applications against known and unknown vulnerabilities alike.
 +
 
 +
This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Christian Bockermann, PhD University of Dortmund
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More about the Tactical Defense With Mod Security Class]]
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
 +
|-
 +
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T4. Secure Application Development:  Writing secure code (and testing it) 1-Day - June 7th- 495 Euros
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand.
 +
Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.  The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code
 +
 
 +
Instructor: Eoin Keary, OWASP
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Secure Application Development Class]]
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
 +
|-
 +
|}
 +
 
 +
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
 +
|-
 +
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T5. Designing, Building and Testing Secure Application on Mobile Devices 1-Day - June 8th- 495 Euros
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |  This course provides an introduction to security for mobile and smartphone applications.  It walks through a basic threat model for a smartphone application.  This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications.  Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques.  Particular emphasis will be on the unique security challenges that developing software for mobile devices represent, comparing mobile software security concepts to those in the web application world
 +
 
 +
<br>Instructors: Dan Cornell, Denim Group
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Designing, Building and Testing Secure Application on Mobile Devices Class]]
 +
|-
 +
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
 +
|-
 +
|}
 +
 
 +
 
 +
==== June 9th  ====
 +
 
 +
== Schedule  ==
 +
 
 +
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
 +
|-
 +
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - June 9, 2011'''
 +
<br>
 +
 
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 +
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Defend
 +
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Prevent
 +
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Attack
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 0800-08:50
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Breakfast + Coffee
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:50-09:00
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Welcome by AppSec EU Board
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-10:00
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Brad Arkin, Adobe Corp | [http://www.appseceu.org/wp-content/presentations/Brad%20Arkin%20-%20Adobe%20Product%20Security%20Lifecycle.pdf SLIDES]
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:30
 +
|align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | [https://www.owasp.org/images/8/8e/OWASP_Global_Board_Update_AppSecEU11_consolidated_-v3.pptx OWASP Global Board Update] - Tom Brennan, Eoin Keary, Seba Deleersnyder
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:30-10:45
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:45-11:30
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Practical Browser Sandboxing on Windows with Chromium, ''Tom Keetch, Verizon Business'' <br> [http://www.appseceu.org/wp-content/presentations/Tom%20Keetch%20-%20Practical%20Sandboxing%20with%20Chromium.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Building a Robust Security Plan, ''Narainder Chandwani, Foundstone'' <br> [http://www.appseceu.org/wp-content/presentations/Narainder%20Chandwani%20-%20Building%20a%20Robust%20Application%20Security%20Plan.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | APT in a Nutshell, "David Stubley, 7 Elements Ltd" <br> [http://www.appseceu.org/wp-content/presentations/David%20Stubley%20-%20APT%20in%20a%20Nutshell.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-11:40
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:40-12:25
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | How to become Twitter's admin:  An introduction to Modern Web Service Attacks, ''Andreas Falkenberg, RUB''<br>[http://www.appseceu.org/wp-content/presentations/Andreas%20Falkenberg%20-%20How%20to%20become%20twitter%20admin.pdf SLIDES]<br>
 +
<br>
 +
 
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | The missing link:  Turning Securable apps into secure installations using SCAP, ''Charles Schmidt, MITRE Corp.'' <br> [http://www.appseceu.org/wp-content/presentations/Charles%20Schmidt%20-%20The%20Missing%20Link.pdf SLIDES]<br>
 +
<br>
 +
 
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Buzz about Fuzz:  An enhanced approach to finding vulnerabilities, ''Joe Basirico, Security Innovation'' <br> [http://www.appseceu.org/wp-content/presentations/Joe%20Basirico%20-%20Whats%20the%20Buzz%20About%20Fuzz.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:25-13:25
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:25-14:25
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Giles Hogben, ENISA | [https://www.owasp.org/index.php/File:Giles_Hogben_-_Smartphones,_App-stores_and_HTML_5.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:25-14:40
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:40-15:25
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | OWASP Secure Coding Practices Quick Reference Guide, ''Keith Turpin, The Boeing Company'' <br> [http://www.appseceu.org/wp-content/presentations/Keith%20Turpin%20-%20Secure%20Coding%20Practices%20Quick%20Ref%20Guide.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Integrating security testing into a SDLC:  what we learned and have the scars to prove it, ''Mark Crosbie, IBM'' <br> [http://www.appseceu.org/wp-content/presentations/Mark%20Crosbie%20-%20Integrating%20Security%20Testing%20into%20a%20SDLC.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Intranet Footprinting:  Discovering Resources from outside, ''Javier Marcos de Prado & Juan Galiana Lara, IBM'' <br> [http://www.appseceu.org/wp-content/presentations/JM%20del%20Prado%20%26%20JG%20Lara%20-%20Intranet%20Footprinting.pdf SLIDES]
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:25-15:40
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:40-16:25
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Building Large Scale Detectors for Web-based Malware, ''Marco Balduzzi & Davide Canali, EURECOM''<br>[http://www.appseceu.org/wp-content/presentations/Marco%20Cova%20%26%20Davide%20Canali%20-%20Building%20Large%20Scale%20Detectors%20for%20Web%20Based%20Malware.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Infosec Stats:  Reading between the lines, ''Chris Eng, Veracode''<br> [http://www.appseceu.org/wp-content/presentations/Chris%20Eng%20-%20Reading%20Between%20the%20Lines.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Python Basics for Web App Pentesters, ''Justin Searle, InGuardians Inc'' <br>[http://www.appseceu.org/wp-content/presentations/Justin%20Searle%20-%20Python%20Basics%20for%20Web%20App%20Pentesters.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:25-16:35
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:35-17:20
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | OWASP AppSensor Project, ''Colin Watson, Watson Hall Ltd''<br> [http://www.appseceu.org/wp-content/presentations/Colin%20Watson%20-%20OWASP%20AppSensor%20Project.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | A buffer overflow Story:  From Responsible Disclosure to Closure, ''Douglas Held, Fortify (HP)''<br> [http://www.appseceu.org/wp-content/presentations/Doug%20Held%20-%20A%20Buffer%20Overflow%20Story.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | CTF:  Bringing back more than sexy!, ''Mark Hillick, KTF'' <br>[http://www.appseceu.org/wp-content/presentations/Mark%20Hillick%20-%20CTF%20Bring%20back%20more%20than%20sexy.pdf SLIDES]
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" |
 +
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 19:00-23:00
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Networking Event - Drinks at the Church Bar
 +
|}
  
[https://lists.owasp.org/mailman/listinfo/appsec_eu_2010 People subscribed to the conference '''mailing list''']. This was the official information channel and you'd be sure to get any updates and practical info before the conference.
 
  
[http://events.linkedin.com/OWASP-AppSec-Research-2010/pub/185990 People added the event to their '''LinkedIn''' profle] to tell all their business contacts that AppSec Research 2010 was the place to be.
+
==== June 10th  ====
  
Then people got on the '''Twitter''' stream by using the tags '''#OWASP''' and '''#AppSecEU'''.
+
== Schedule  ==
  
== Conference Fees (June 23-24)  ==
+
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
 +
|-
 +
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 2 - June 10, 2011'''
 +
<br>
  
*Regular registration: €350
+
|-
*OWASP individual member (not just chapter member): €300
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
*Full-time students*: €225
+
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Defend
 +
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Prevent
 +
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Attack
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:00-08:50
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:50-09:00
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Day 2 Opening Remarks
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-10:00
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Janne Uusilehto, Nokia | [http://www.appseceu.org/wp-content/presentations/Janne%20Uusilehto%20-%20Is%20SW%20Security%20just%20coding%3f.pdf SLIDES]
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:10
 +
|align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:55
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Software Security:  Is OK Good Enough?, ''John Dickson, Denim Group Ltd.''<br> [http://www.appseceu.org/wp-content/presentations/John%20Dickson%20-%20Software%20Security%20Is%20OK%20Good%20Enough.pdf SLIDES] <br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | An Overview of Threat Modeling, ''Paco Hope, Cigital Inc.''<br> [http://www.appseceu.org/wp-content/presentations/Paco%20Hope%20-%20Threat%20Modeling%20Overview.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | An Introduction to the OWASP Zed Attack Proxy, "Simon Bennetts, OWASP" <br>[http://www.appseceu.org/wp-content/presentations/Simon%20Bennetts%20-%20OWASP%20Zed%20Attack%20Proxy.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:55-11:10
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:10-11:55
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | New standards and upcoming technologies in browser security, ''Tobias Gondrom, IETF WG''<br> [http://www.appseceu.org/wp-content/presentations/Tobias%20Gondrom%20-%20New%20standards%20and%20upcoming%20technologies%20in%20browser%20security.pdf SLIDES]<br>
 +
<br>
  
<nowiki>*</nowiki> We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size&nbsp;:).  
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Simple Approach to Sepcifying Security Requirements for Online Developments, ''Alexis Fitzgerald, RITS''<br>[http://www.appseceu.org/wp-content/presentations/Alexis%20FitzGerald%20-%20Simple%20Approach%20to%20Specifying%20Security%20Requirements.pdf SLIDES]<br>
 +
<br>
  
== Training Fee (June 21-22) ==
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | A Case Study on Enterprise E-mail (in) Security Solutions, ''Marian Ventuneac, Genworth Financial''<br>[http://www.appseceu.org/wp-content/presentations/Marian%20Ventuneac%20-%20Case%20Study%20on%20Enterprise%20E-mail%20(in)Security%20Solutions.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:55-12:05
 +
|align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:05-12:50
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Empty Slot<br>
 +
<br>
  
*Training fee is €990 for two days, see Training tab above
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | A Critical Look at the Classification Schemes for Privacy Risks, ''Elke Roth-Mandutz and Georg Simon, Ohm University''<br> [http://www.appseceu.org/wp-content/presentations/Elke%20Roth-Mandutz%20-%20A%20Critical%20Look%20at%20Classification%20Schemes%20for%20Privacy%20Risks.pdf SLIDES]<br>
 +
<br>
  
==== Practical Info ====
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Testing Security Testing: Evaluating Quality of Security Testing, ''Ofer Maor, Seeker Security''<br>[http://www.appseceu.org/wp-content/presentations/Ofer%20Maor%20-%20Testing%20Security%20Testing.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:50-13:50
  
== Tailor-Made Visitors' Guide ==
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:50-14:50
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Alex Lucas, Microsoft | [http://www.appseceu.org/wp-content/presentations/Alex%20Lucas%20-%20Security%20Science,%20The%20SDL%20and%20Openness.pdf SLIDES]
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:50-15:00
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:00-15:45
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Putting the Smart into Smartphones:  Security Testing Mobile Applications, ''Dan Cornell, Denim Group''<br> [http://www.appseceu.org/wp-content/presentations/Dan%20Cornell%20-%20Putting%20the%20Smart%20in%20Smartphones-Security%20Testing%20Mobile%20Applications.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Wordpress Security, ''Steve Lord, Mandalorian Security Ltd.''<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Dark Side:  Measuring and Analyzing Malicious Activity On Twitter, ''Daniel Peck, Barracuda Networks''<br>[http://www.appseceu.org/wp-content/presentations/Daniel%20Peck%20-%20The%20Dark%20Side%20of%20Social%20Networking.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:45-16:00
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-16:45
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Threat modeling of banking malware-based attacks using the P.A.S.T.A. framework, ''Marco Morana, Cincinnati Chapter Lead & Tony UcedaVelez, VerSprite''<br> [https://www.owasp.org/index.php/File:Marco_Morana_and_Tony_UV_-_Threat_Modeling_of_Banking_Malware.pdf SLIDES]<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | PCI DSS v2.0:  a new challenge for web application security testing?, ''Laurent Benameur Sauvaire, Espion, Ltd.''<br>
 +
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Practical Crypto Attacks Against Web Applications, ''Justin Clarke, Gotham Digital Science'' <br>[http://www.appseceu.org/wp-content/presentations/Justin%20Clarke%20-%20Practical%20Crypto%20Attacks%20against%20Web%20Apps.pdf SLIDES]<br>
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:45-16:55
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:55-17:40
  
We have tailor-made a 15-page visitors' guide to the conference and Stockholm. With this guide you'll know how to get to and from the airport, find your way to the hotel and conference, know where good bars are, know when and how to tip etc. Check it out! [http://www.owasp.org/images/e/eb/OWASP_AppSec_Research_2010_Visitors_Guide_A4.pdf pdf]
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Arian Evans, Whitehat Security
  
== Swedish Wall Plugs ==
+
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" |
 +
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 17:40-18:00
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Conference Closure and Raffle
 +
|}
  
This is how Swedish wall plugs look like (image below). The left one is not grounded and the right one is, having small metal connectors on the sides. Be sure to bring adapters, for instance like [http://international-electrical-supplies.com/sweden-plug-adapters.html these], if your's look different.
 
  
[[Image:Swedish_wall_plugs.jpg]]
 
  
== Weather Forecast ==
+
==== Accommodation  ====
  
YR.no has good coverage of the weather in Stockholm. Checkit out [http://www.yr.no/place/Sweden/Stockholm/Stockholm/ here].
+
'''The Morgan Hotel:<br>
  
== Travel  ==
+
Stay in one of the best luxury hotels in Dublin, The Morgan, Design hotel is located in Temple Bar. This 4 star Hotel Dublin offers an oasis of calm in a central location. The hotel’s cool modern interiors, chic design and boutique luxury hotel rooms are all part of an experience designed to pamper guests and breathe new life and style into hotel living.
  
Stockholm's foremost international airport is Arlanda (ARN). Clean and convenient speed trains will take you between Arlanda and Stockholm Central in 20 minutes. You can also fly to Stockholm Skavsta (NYO) or Stockholm Västerås (VST) where coaches take you to Stockholm Central in 1 h 20 min.  
+
This city centre Dublin hotel is just a few blocks away from Trinity College, Grafton Street, the main shopping thoroughfare, theatres, shopping, music and nightlife along with proximity to the IFSC, Dublin’s main business district. There is no other 4 star hotel Dublin quite like it!
  
== Accommodation  ==
 
  
You can choose hotel/hostel freely in Stockholm but we provided three suggestions with pre-booked rooms so many OWASPers are staying there. '''Check with sites like [http://www.hotels.com hotels.com] since they might have better prices than the hotels state themselves!'''
+
Stay in the heart of the conference action at a hotel specially discounted for its attendees.
  
[[Image:Stockholm map with hotels and public transportation.jpg]]
+
Rooms can be booked by emailing reservations@themorgan.com and quoting OWASP.
  
Subways and buses are convenient and safe and will take you right up to the venue (station/stop "Universitetet") from these three hotels:  
+
The contact in reservations is Bernadette Doyle and you could contact her for special requests at the following number: +353 1 643 7000
  
'''Best Western Time Hotel'''<br> Why? Closest to the university, direct bus or subway to the conference<br> [http://www.timehotel.se/index.aspx?languageID=5 Best Western Time Hotel]<br> Single room: 1395 SEK/€145/$195<br> Double room: 1575 SEK/€160/$220<br> (Rooms were pre-booked until May 18 under code "G#73641 OWASP")<br>
+
Special Rates:
 +
€130 Bed & Full Irish Breakfast – Single Occupancy
 +
€140 Bed & Full Irish Breakfast – Double Occupancy
  
'''Scandic Continental'''<br> Why? Right at the Central Station, convenient travel to and from airport, direct subway to the conference<br> [http://www.scandichotels.com/en/Hotels/Countries/Sweden/Stockholm/Hotels/Scandic-Continental-Stockholm/ Scandic Continental]<br> Single room: 1590 SEK/€165/$220<br> Double room: 1690 SEK/€175/$235<br> (Rooms were pre-booked until early May under code "OWASP")<br>
+
Special rate deadline:  
 +
6 May 2011
  
'''Fridhemsplan's Hostel'''<br> Why? Affordable stay in Stockholm's nicest hostel, direct bus to the conference<br> [http://fridhemsplan.se/?p=Main&c= Fridhemsplan's Hostel]<br> Rooms cost €35-€55 ($50-$80)<br> Book directly with them through their webpage.  
+
The Morgan Hotel
 +
10 Fleet st, Temple Bar, Dublin 2
 +
Phone: +353 1 6437000 Fax: +353 1 6437060
 +
http://www.themorgan.ie
  
==== Social Events ====
+
<br>
  
== Official Meet Up at "Mosebacke", Tuesday, June 22  ==
+
'''Trinity College:'''<br>
Regardless whether you're one of the lucky ones who will attend training or you'll just attend the conference you are invited to join us at "Mosebacke" on the evening the 22nd. Mosebacke is one of Stockholm's older establishments and is beautifully situated in the south of Stockholm city (only 2 subway stations from Central Station). The official meet up time is 20:00 CEST. We plan on beverage only, but for those who don't mind spending a little extra money on food, you can reserve a table for early evening by calling +46 8 556 098 90 during 2 pm - 5 pm (work days) or with some luck by e-mailing to mosebacke@mosebacke.se.
+
Accommodation is also available on the historic campus at Trinity College Dublin, located right in the centre of the city. The bedrooms, many of which have been recently renovated, are excellent value with prices ranging from Euro 55.00 to Euro 100.00 per night. Rooms are serviced daily and continental breakfast is included in room rates.
  
How will you recognize all the other OWASPers? Some of us will have OWASP-branded grey caps, some you met earlier, some you recognize from pictures, and if you hear any non-Swedish speaking male I guess chances are they're just like you - here for the AppSec conference :).
+
For more information visite: https://accommodation.tcd.ie/kxHotel/
  
'''What''': Informal gathering, beer etc.<br>
 
'''When''': 8 pm CEST<br>
 
'''Where''': Mosebacke, Mosebacke Torg 3 [http://maps.google.se/maps?f=q&source=s_q&hl=sv&geocode=&q=Mosebacke+Etablissement,+Stockholm&sll=59.320492,18.074398&sspn=0.024831,0.077162&gl=se&ie=UTF8&hq=Mosebacke&hnear=Mosebacke,+Mosebacke+Torg+3,+116+46+Stockholm&ll=59.320492,18.074398&spn=0.024831,0.077162&t=h&z=14&iwloc=A Google Maps]<br>
 
'''How to get there''': Subway to "Slussen" (2 stops from "T-centralen"), best exit towards "Götgatan". Walk upwards but take the first left to "Hökens gata". Straight up on that one.<br>
 
'''How to get there + short sightseeing''': Walk from "T-centralen" along "Drottninggatan" towards Old Town, then towards Slussen and Götgatan. Takes about 30 minutes.<br>
 
  
Hope to meet you there!
+
==== KartCon EU ====
  
== Gala Dinner at City Hall, Wednesday, June 23  ==
+
It was about time for Europe to host this adrenaline fueled event!
All two-day conference attendees including sponsors are welcome to the official AppSec Gala Dinner at Stockholm City Hall on Wednesday June 23rd. We start with a drink at 6:30 pm and sit down for a three course dinner with entertainment at 7 pm. Don't be late.
 
  
'''What''': Gala dinner, three course dinner with entertainment<br>
+
Kylemore Karting, Ireland’s largest indoor Karting arena, has a choice of three 360 mtr tracks with flyovers, underpasses, hills and banked corners waiting for you.
'''Clothes''': Nice pants/trousers + shirt or a suit is appropriate for men. Women have so many more choices so we opt-out of any suggestions. :)<br>
 
'''When''': 6:30 pm CEST<br>
 
'''Where''': City Hall, Ragnar Östbergs plan 1 [http://maps.google.se/maps?um=1&ie=UTF-8&q=stadshuset&fb=1&gl=se&hq=stadshuset&hnear=Stockholm&cid=0,0,15456533754099492758&ei=t8wYTJ7IGd6jOJqd6aEL&sa=X&oi=local_result&ct=image&resnum=1&ved=0CB0QnwIwAA Google Maps]<br>
 
'''How to get there''': Walk from Central Station / "T-centralen"). Takes about 10 minutes. Or take a taxi/cab and tell the driver "City Hall, please"<br>
 
  
Whatever you do, don't skip the gala dinner!
+
'''Race for best time – Race for best crash – Race for fun'''
  
==== Venue  ====
 
  
The venue for both training and conference is Aula Magna at Stockholm University.
+
This is your chance to sit down, strap in and race for the finish line to “Rev Up” for APPSEC EU 2011.
  
'''Address''' (for instance for deliveries):<br>
+
The doors open Wednesday 8th June at 7:30pm and there will be transportation available from Dublin city centre.
Aula Magna<br>
 
Stockholms universitet<br>
 
Frescativägen 6<br>
 
SE-106 91 Stockholm<br>
 
Sweden<br>
 
  
[[Image:AppSec Research 2010 Aula Magna.jpg]]
+
More info could be found here:
  
==== Sponsoring  ====
+
Kylemore Karting
<center>
+
Unit 1A,
[[Image:AppSec Research 2010 Microsoft diamond sponsor.jpg|250px|Microsoft - Diamond Sponsor]] [[Image:AppSec Research 2010 Google 20k sponsor.jpg|150px|Google - Dinner Party and Expo Sponsor]] [[Image:Portwise logo.png|130px|PortWise - Gold and Badge Sponsor]] [[Image:Cybercom logo.png|100px|Cybercom - Gold Sponsor]] [[Image:Fortify logo AppSec Research 2010.png|120px|Fortify - Gold Sponsor]] [[Image:Omegapoint logo.png|110px|Omegapoint - Gold Sponsor]] [[Image:Mnemonic logo.png|100px|Mnemonic - Silver Sponsor]] [[Image:AppSec Research 2010 sponsor Nixu logo.jpg|100px|NIXU - Silver Sponsor]] [[Image:Hps_logo.png|140px|High Performance Systems - Silver Sponsor]] [[Image:AppSec Research 2010 sponsor F5 logo.jpg|70px|F5 - Silver Sponsor]] [[Image:AppSec Research 2010 sponsor Imperva logo.jpg|100px|Imperva - Silver Sponsor]] [[Image:AppSec_Research_2010_sponsor_Promon_logo.jpg|100px|Promon - Silver Sponsor]] [[Image:IIS logo.png|100px|Stiftelsen för Internetinfrastruktur - Lunch Sponsor]] [[Image:MyNethouse logo.png|100px|MyNethouse - Coffee Break Sponsor]] [[Image:AppSec Research 2010 Help Net Security sponsor.jpg|100px|Help Net Security - Media Sponsor]] [[Image:TrustwaveLogo.jpg|100px|Trustwave - Notepad sponsor]]
+
Kylemore Industrial Estate,
</center>
+
Killeen Road,
We are still welcoming sponsors for OWASP AppSec Research 2010. Take the opportunity to support this year's major appsec event in Europe! The full sponsoring program is available as pdfs:
+
Kylemore, Dublin 10
 +
http://www.kylemore-karting.com
  
Sponsoring program in English:&nbsp;[[Image:OWASP Sponsorship AppSec Research 2010 (eng).pdf]]
+
REGISTRATION IS OPEN. Please visit URL below to register:
  
Sponsoring program in Swedish:&nbsp;[[Image:OWASP Sponsorship AppSec Research 2010 (swe).pdf]]
+
http://www.regonline.com/owasp_appsec_eu_2011
  
 
==== Challenges  ====
 
==== Challenges  ====
Line 168: Line 462:
 
=== Countdown Challenges -- Free Tickets to Win!  ===
 
=== Countdown Challenges -- Free Tickets to Win!  ===
  
There will be a challenge posted on the conference wiki page the 21st every month up until the event. The winner will get free entrance to the conference. Be sure to sign up for [https://lists.owasp.org/mailman/listinfo/appsec_eu_2010 the conference mailing list] to get a monthly reminder.
+
You could check all challenges here: http://www.appseceu.org/?page_id=197
 +
 
 +
<br>
 +
 
 +
==== Team  ====
 +
 
 +
'''AppSec EU Conference Team'''
 +
 
 +
'''Chairs'''
 +
 
 +
Eoin Keary<br>
 +
Fabio Cerullo<br>
 +
Fiona Walsh<br>
 +
 
 +
'''Operations'''
 +
 
 +
Kate Hartmann<br>
 +
Lorna Alamri<br>
 +
Sarah Baso<br>
 +
Ana Loza<br>
 +
Ralph Durkee<br>
 +
 
 +
'''Volunteers'''
 +
 
 +
Owen Pendlebury<br>
 +
Niall Jordan<br>
 +
Ronan O'Mullane<br>
 +
Federico Feraboli<br>
 +
 
 +
 
 +
==== Chapters Workshop ====
 +
On June 9, 14h30-18h in Trinity College - Arts Building room 3126,  we organize a chapter leader workshop for all the chapter leaders that attend the conference.
 +
 
 +
Items that will be discussed are:
 +
* How to improve the current Chapter Leader Handbook?
 +
* How to start and support new chapters within Europe?
 +
* How to support inactive chapters within Europe?
 +
* What Governance model is required for OWASP chapters?
 +
* How can the global chapters committee facilitate the European chapters?
 +
* ...
 +
 
 +
Agenda and room details are online at [[AppSecEU 2011 chapters workshop agenda]].
 +
 
 +
Contact [mailto:seba@owasp.org Seba] for more details.
 +
 
 +
'''[https://docs.google.com/a/owasp.org/document/d/1PrGmwy1pxs2cb4LyewXS4TonbzAY7nORWvj-NJYaEnk/edit?hl=en_US Minutes from Workshop]'''
 +
 
 +
 
 +
==== Industry Outreach Sessions ====
 +
 
 +
{{:AppSecEU2011/Industry_Outreach}}
 +
 
 +
==== Sponsorship Options ====
 +
 
 +
OWASP is providing sponsors exclusive access to its audience in Trinity College Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers.Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.
 +
 
 +
The conference is expected to draw over 400 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.
 +
 
 +
Sponsorship opportunities are filling up rapidly. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit), driving funding for research grants, tools and documents, local chapters, and more.
 +
 
 +
All sponsorship opportunities feature significant discounts to OWASP members, allowing you year-round access the web application security’s top thinkers as well as use of OWASP materials in product and service delivery.
  
== AppSec Research Final Challenge: Internet Treasure Hunt  ==
+
To find out more about the different sponsorship opportunities please check the document below:
  
It's May 21st, one month to AppSec Research 2010, and '''the last chance to win a free ticket''' to this year's number one conference in appsec.
+
http://www.appseceu.org/wp-content/uploads/2011/03/AppSecEU_Sponsorship_Packages.pdf
  
 +
==== SoccerCon EU ====
  
'''The Treasure Hunt in a Nutshell'''<br>
+
We are organizing a Futbol (Soccer) friendly in Ireland for AppSec EU.  For those that partook in the friendly in Portugal, the event was a big success
Your mission is to find several small AppSec Research logotypes hidden among the websites of our sponsors and hosts. Every logo found is associated with a keyword (a dictionary word) in some way. When you've found all the keywords you email them to us.
+
despite the fact we played at 8am, inebriated, with a semi-deflated ball, on a slick concrete court - all of such conditions which allow me to continue my personal denial for the loss we experienced against the Portuguese/ Brazilian Chapter leads.  All that aside, I would like to know if there are
 +
any members interest to relive this in much better fashion while in Dublin.
  
[[Image:Owasp_appsec_research_2010_logo_by_daniel_kozlowski.jpg|40px|OWASP AppSec Research 2010 logo by Daniel Kozlowski]]
+
Date: 10th June at 7:00PM - Trinity College Sports Centre
  
 +
Proud Soccer Field Sponsor:
  
'''Instructions'''<br>
+
[[File:Trustwave.png]]
* Please don't do anything malicious during your hunt. And don't produce considerable load on the websites. You should be able to find the keywords anyway :).
 
* To check if you found all keywords you compare the md5 of all keywords concatenated in alphabetical order with this hash: 1a7b54ba9cee6cccd9890e7800b83208
 
* You can calculate the hash by doing the following in a shell: echo "Keywords concatenated in alphabetical order" | md5
 
* To ensure your hash function produces the same as our you can try: echo "owasp" | md5 ... which should result in the hash 2bdce47b1a6c527b134d4b658b033702
 
  
 +
Bring your shorts and show us your Messi skills. ;-)
  
'''How to Win'''<br>
+
If you plan to attend, please fill in your name below:
To win you email all keywords (not the hash) concatenated in alphabetical order to stefan dot pettersson at owasp dot org. Stefan will let you know if you were the first one with the correct answer!
 
  
 +
* Tony UcedaVelez
 +
* Tom Brennan
 +
* Fabio Cerullo
 +
* Dan Cornell
 +
* Frederick Donovan
 +
* ...
  
'''Example:'''<br>
+
Contact [mailto:tonyuv@owasp.org Tony] for more details.
* You found three logos and the keywords were: golf, king, apple
 
* You calculate the hash by doing: echo "applegolfking" | md5
 
* If the hash matches 1a7b54ba9cee6cccd9890e7800b83208 you email applegolfking to Stefan.
 
  
Let the best hunter win!
 
  
<br> <headertabs />
+
<headertabs />
 +
[[Category:OWASP AppSec Conference]]

Latest revision as of 14:36, 2 October 2011

Banner-trinity-web.jpg


Follow us on:
Twitter.png
Facebook.png Linkedin.png


Welcome

We are pleased to announce that the Ireland chapter will host the OWASP AppSec Europe 2011 global conference in beautiful Dublin, Ireland.

The AppSec Europe conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

AppSec Europe 2011 will be held at Trinity College Dublin (map) on June 7th through 10th 2011. There will be training courses on June 7th and 8th followed by plenary sessions on the 9th and 10th with each day having at least three tracks. AppSec Europe may also have BOF (informal adhoc meetings), break out, or speed talks in addition to the standard schedule depending on the submissions received.
If you have any questions, please email the conference chair: appseceu at owasp.org


Who Should Attend AppSec Europe 2011:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security


How to get to AppSec EU?

The OWASP AppSec EU Conference takes place in the Arts Building in the grounds of Trinity College, Dublin 2. You could find a copy of the Trinity College grounds and some directions on how to get to the Arts Building in the URL below.

AppSec EU Venue Location


Are you an exhibitor and need to load/offload materials at Trinity College? Below is the map to the Arts Building Loading Bay:

Campus Map

Have you visited our AppSec EU conference website?

AppSec EU Conference Website


Sponsorship Options

To find out more about the different sponsorship opportunities please check the document below:

AppSec EU Sponsorship Packages



Appseceurope3.png

Use the #AppSecEU hashtag for your tweets for AppSec Europe 2011 (What are hashtags?)

@AppSecEU Twitter Feed (follow us on Twitter!) <twitter>228539824</twitter>

Registration

Registration is now open!

RegisterNow.jpg


Registration Fees

Ticket Type Before 6th April After 6th April After 6th May
Non-Member €250 €300 €350
Active OWASP Member €200 €250 €300
Student €150 €200 €250
Course Fee
1 Day Training €495
2 Day Training €990

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

* We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size :).


June 7th-8th (Training)

Schedule

T1. Threat Modeling and Architecture Review - 2-Days (June 7-8) - 990 Euro
Threat Modeling and Architecture Review are the cornerstones of a preventative approach to Application Security. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the threat an application faces and how the application will handle those potential threats. This enables the risk to be accurately assessed and appropriate changes or mitigating controls recommended.
Instructor: Pravir Chandra, Fortify
Learn More About the Threat Modeling and Architecture Review Class
Click here to register
T2. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days (June 7-8) - 990 Euros

Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of three different web applications, and the browsers connecting to them. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a fourth web application that contains keys you must find and collect. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available open source tools.

Instructor: Justin Searle: InGuardians InGuardians.png

Learn More About the Assessing and Exploiting Web Applications with Samurai - WTF
Click here to register
T3. Tactical Defense with ModSecurity - 2-Days - 990 Euros
While application flaws should ideally be fixed in the source code, this is often not a feasible task for various reasons. Web application firewalls are often deployed as an additional layer of security that can monitor, detect and prevent attacks before they reach the web application. ModSecurity, an extremely popular open source web application firewall, is often used to help protect web applications against known and unknown vulnerabilities alike.

This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities

Instructor: Christian Bockermann, PhD University of Dortmund
Learn More about the Tactical Defense With Mod Security Class
Click here to register
T4. Secure Application Development: Writing secure code (and testing it) 1-Day - June 7th- 495 Euros
Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand.

Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code

Instructor: Eoin Keary, OWASP

Learn More About the Secure Application Development Class
Click here to register
T5. Designing, Building and Testing Secure Application on Mobile Devices 1-Day - June 8th- 495 Euros
This course provides an introduction to security for mobile and smartphone applications. It walks through a basic threat model for a smartphone application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques. Particular emphasis will be on the unique security challenges that developing software for mobile devices represent, comparing mobile software security concepts to those in the web application world


Instructors: Dan Cornell, Denim Group

Learn More About the Designing, Building and Testing Secure Application on Mobile Devices Class
Click here to register


June 9th

Schedule

Conference Day 1 - June 9, 2011



Track 1 - Defend Track 2 - Prevent Track 3 - Attack
0800-08:50 Registration and Breakfast + Coffee
08:50-09:00 Welcome by AppSec EU Board
09:00-10:00 Keynote: Brad Arkin, Adobe Corp | SLIDES
10:00-10:30 OWASP Global Board Update - Tom Brennan, Eoin Keary, Seba Deleersnyder
10:30-10:45 Coffee Break
10:45-11:30 Practical Browser Sandboxing on Windows with Chromium, Tom Keetch, Verizon Business
SLIDES
Building a Robust Security Plan, Narainder Chandwani, Foundstone
SLIDES
APT in a Nutshell, "David Stubley, 7 Elements Ltd"
SLIDES
11:30-11:40 Break
11:40-12:25 How to become Twitter's admin: An introduction to Modern Web Service Attacks, Andreas Falkenberg, RUB
SLIDES


The missing link: Turning Securable apps into secure installations using SCAP, Charles Schmidt, MITRE Corp.
SLIDES


The Buzz about Fuzz: An enhanced approach to finding vulnerabilities, Joe Basirico, Security Innovation
SLIDES
12:25-13:25 Lunch
13:25-14:25 Keynote: Giles Hogben, ENISA | SLIDES
14:25-14:40 Break
14:40-15:25 OWASP Secure Coding Practices Quick Reference Guide, Keith Turpin, The Boeing Company
SLIDES
Integrating security testing into a SDLC: what we learned and have the scars to prove it, Mark Crosbie, IBM
SLIDES
Intranet Footprinting: Discovering Resources from outside, Javier Marcos de Prado & Juan Galiana Lara, IBM
SLIDES
15:25-15:40 Coffee Break
15:40-16:25 Building Large Scale Detectors for Web-based Malware, Marco Balduzzi & Davide Canali, EURECOM
SLIDES
Infosec Stats: Reading between the lines, Chris Eng, Veracode
SLIDES
Python Basics for Web App Pentesters, Justin Searle, InGuardians Inc
SLIDES
16:25-16:35 Break
16:35-17:20 OWASP AppSensor Project, Colin Watson, Watson Hall Ltd
SLIDES
A buffer overflow Story: From Responsible Disclosure to Closure, Douglas Held, Fortify (HP)
SLIDES
CTF: Bringing back more than sexy!, Mark Hillick, KTF
SLIDES
19:00-23:00 Networking Event - Drinks at the Church Bar


June 10th

Schedule

Conference Day 2 - June 10, 2011



Track 1 - Defend Track 2 - Prevent Track 3 - Attack
08:00-08:50 Registration
08:50-09:00 Day 2 Opening Remarks
09:00-10:00 Keynote: Janne Uusilehto, Nokia | SLIDES
10:00-10:10 Break
10:10-10:55 Software Security: Is OK Good Enough?, John Dickson, Denim Group Ltd.
SLIDES
An Overview of Threat Modeling, Paco Hope, Cigital Inc.
SLIDES
An Introduction to the OWASP Zed Attack Proxy, "Simon Bennetts, OWASP"
SLIDES
10:55-11:10 Coffee Break
11:10-11:55 New standards and upcoming technologies in browser security, Tobias Gondrom, IETF WG
SLIDES


Simple Approach to Sepcifying Security Requirements for Online Developments, Alexis Fitzgerald, RITS
SLIDES


A Case Study on Enterprise E-mail (in) Security Solutions, Marian Ventuneac, Genworth Financial
SLIDES
11:55-12:05 Break
12:05-12:50 Empty Slot


A Critical Look at the Classification Schemes for Privacy Risks, Elke Roth-Mandutz and Georg Simon, Ohm University
SLIDES


Testing Security Testing: Evaluating Quality of Security Testing, Ofer Maor, Seeker Security
SLIDES
12:50-13:50 Lunch
13:50-14:50 Keynote: Alex Lucas, Microsoft | SLIDES
14:50-15:00 Break
15:00-15:45 Putting the Smart into Smartphones: Security Testing Mobile Applications, Dan Cornell, Denim Group
SLIDES
Wordpress Security, Steve Lord, Mandalorian Security Ltd.
The Dark Side: Measuring and Analyzing Malicious Activity On Twitter, Daniel Peck, Barracuda Networks
SLIDES
15:45-16:00 Coffee Break
16:00-16:45 Threat modeling of banking malware-based attacks using the P.A.S.T.A. framework, Marco Morana, Cincinnati Chapter Lead & Tony UcedaVelez, VerSprite
SLIDES
PCI DSS v2.0: a new challenge for web application security testing?, Laurent Benameur Sauvaire, Espion, Ltd.
Practical Crypto Attacks Against Web Applications, Justin Clarke, Gotham Digital Science
SLIDES
16:45-16:55 Break
16:55-17:40 Keynote: Arian Evans, Whitehat Security
17:40-18:00 Conference Closure and Raffle


Accommodation

The Morgan Hotel:

Stay in one of the best luxury hotels in Dublin, The Morgan, Design hotel is located in Temple Bar. This 4 star Hotel Dublin offers an oasis of calm in a central location. The hotel’s cool modern interiors, chic design and boutique luxury hotel rooms are all part of an experience designed to pamper guests and breathe new life and style into hotel living.

This city centre Dublin hotel is just a few blocks away from Trinity College, Grafton Street, the main shopping thoroughfare, theatres, shopping, music and nightlife along with proximity to the IFSC, Dublin’s main business district. There is no other 4 star hotel Dublin quite like it!


Stay in the heart of the conference action at a hotel specially discounted for its attendees.

Rooms can be booked by emailing reservations@themorgan.com and quoting OWASP.

The contact in reservations is Bernadette Doyle and you could contact her for special requests at the following number: +353 1 643 7000

Special Rates: €130 Bed & Full Irish Breakfast – Single Occupancy €140 Bed & Full Irish Breakfast – Double Occupancy

Special rate deadline: 6 May 2011

The Morgan Hotel 10 Fleet st, Temple Bar, Dublin 2 Phone: +353 1 6437000 Fax: +353 1 6437060 http://www.themorgan.ie


Trinity College:
Accommodation is also available on the historic campus at Trinity College Dublin, located right in the centre of the city. The bedrooms, many of which have been recently renovated, are excellent value with prices ranging from Euro 55.00 to Euro 100.00 per night. Rooms are serviced daily and continental breakfast is included in room rates.

For more information visite: https://accommodation.tcd.ie/kxHotel/


KartCon EU

It was about time for Europe to host this adrenaline fueled event!

Kylemore Karting, Ireland’s largest indoor Karting arena, has a choice of three 360 mtr tracks with flyovers, underpasses, hills and banked corners waiting for you.

Race for best time – Race for best crash – Race for fun


This is your chance to sit down, strap in and race for the finish line to “Rev Up” for APPSEC EU 2011.

The doors open Wednesday 8th June at 7:30pm and there will be transportation available from Dublin city centre.

More info could be found here:

Kylemore Karting Unit 1A, Kylemore Industrial Estate, Killeen Road, Kylemore, Dublin 10 http://www.kylemore-karting.com

REGISTRATION IS OPEN. Please visit URL below to register:

http://www.regonline.com/owasp_appsec_eu_2011

Challenges

Countdown Challenges -- Free Tickets to Win!

You could check all challenges here: http://www.appseceu.org/?page_id=197


Team

AppSec EU Conference Team

Chairs

Eoin Keary
Fabio Cerullo
Fiona Walsh

Operations

Kate Hartmann
Lorna Alamri
Sarah Baso
Ana Loza
Ralph Durkee

Volunteers

Owen Pendlebury
Niall Jordan
Ronan O'Mullane
Federico Feraboli


Chapters Workshop

On June 9, 14h30-18h in Trinity College - Arts Building room 3126, we organize a chapter leader workshop for all the chapter leaders that attend the conference.

Items that will be discussed are:

  • How to improve the current Chapter Leader Handbook?
  • How to start and support new chapters within Europe?
  • How to support inactive chapters within Europe?
  • What Governance model is required for OWASP chapters?
  • How can the global chapters committee facilitate the European chapters?
  • ...

Agenda and room details are online at AppSecEU 2011 chapters workshop agenda.

Contact Seba for more details.

Minutes from Workshop


Industry Outreach Sessions

For more information about any of the sessions or to R.S.V.P. contact Sarah Baso


Security for Managers and Executives

10:15-11:00 AM, Conference Day 2, 10 June 2011
Location: Arts Building room 3106


The purpose for this session is to help organizations understand why application security is important and how OWASP can help in making their applications more secure. It will give them an opportunity to learn what documentation, training, architecture, tools and infrastructure is available. The best part is all these materials are free. OWSAP provides the solution for their application security needs. We are also looking to improve collaboration by helping get more organization participating in OWASP projects. This will help us ensure that we account for the various needs of industry and develop well vetted best practices.

Security For Managers and Executives - Industry Outreach Presentation  


Presented by: Nishi Kumar, IT Architect Specialist, FIS
View Presenter's Bio


CISO Survey

12:05-12:50 PM, Conference Day 2, 10 June 2011
Location: Arts Building room 3106

The objective of this session is to solicit feedback from industry leaders to help inform the content of the upcoming OWASP CISO survey. Specifically, we are interested in what they would like to see in a survey of their peers and leaders and how they think such a survey should be executed. The session will provide participants an opportunity to meet with peers in a vendor-free environment and discuss their problems with and solutions to information security. It will also allow them to shape the focus of the upcoming survey to maximize the return value to them.


Presented by: Rex Booth, Senior Manager, Grant Thornton
View Presenter's Bio


Global Industry Roundtable

15:00-15:45 PM, Conference Day 2, 10 June 2011
Location: Arts Building room 3106

This roundtable session will involve a series of questions aimed at driving discussion to determine: How can the OWASP Global Industry Committee become more relevant and work to achieve a better working relationship with industry verticals? What would types of OWASP resources (if none are currently available) would your company find value in? If you are not currently an OWASP member or corporate supporter, why not?

The outcomes of this session, as well as similar sessions that we hope to host at the other OWASP global appsec conferences this year, will be used determine whether a new membership model (esp. for corporate supporters) is needed within OWASP as well as where committee resources should be focused in the upcoming year(s).


Facilitated by: Sarah Baso, Operations Manager for the OWASP Global Industry Committee
With remote participation from: Joe Bernik, Chief Information Security Officer for Fifth Third Bank and OWASP GIC Committee Chair
View Presenters' Bios


Sponsorship Options

OWASP is providing sponsors exclusive access to its audience in Trinity College Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers.Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.

The conference is expected to draw over 400 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.

Sponsorship opportunities are filling up rapidly. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit), driving funding for research grants, tools and documents, local chapters, and more.

All sponsorship opportunities feature significant discounts to OWASP members, allowing you year-round access the web application security’s top thinkers as well as use of OWASP materials in product and service delivery.

To find out more about the different sponsorship opportunities please check the document below:

http://www.appseceu.org/wp-content/uploads/2011/03/AppSecEU_Sponsorship_Packages.pdf

SoccerCon EU

We are organizing a Futbol (Soccer) friendly in Ireland for AppSec EU. For those that partook in the friendly in Portugal, the event was a big success despite the fact we played at 8am, inebriated, with a semi-deflated ball, on a slick concrete court - all of such conditions which allow me to continue my personal denial for the loss we experienced against the Portuguese/ Brazilian Chapter leads. All that aside, I would like to know if there are any members interest to relive this in much better fashion while in Dublin.

Date: 10th June at 7:00PM - Trinity College Sports Centre

Proud Soccer Field Sponsor:

Trustwave.png

Bring your shorts and show us your Messi skills. ;-)

If you plan to attend, please fill in your name below:

  • Tony UcedaVelez
  • Tom Brennan
  • Fabio Cerullo
  • Dan Cornell
  • Frederick Donovan
  • ...

Contact Tony for more details.