Difference between revisions of "AppSecEU2013"

From OWASP
Jump to: navigation, search
(Friday 23. August)
m
 
(42 intermediate revisions by 3 users not shown)
Line 9: Line 9:
 
__TOC__
 
__TOC__
  
'''<span style="color:blue; font-size:120%;">For a more detailed description of everything see our main [http://appsec.eu/ AppSec Research 2013 Web Site].</span>'''
+
'''<span style="color:blue; font-size:120%;">For a more detailed description of everything see our main [http://2013.appsec.eu/ AppSec Research 2013 Web Site].</span>'''
  
  
 
== Presentations ==
 
== Presentations ==
 +
=== Videos ===
 +
Videos from the talks are available for [https://www.its.fh-muenster.de/owasp-appseceu13/rooms/Grosser_Saal/ Großer Saal]
 +
and [https://www.its.fh-muenster.de/owasp-appseceu13/rooms/Aussichtsreich_+_Freiraum/ Aussichtsreich + Freiraum]. There are also [https://ssl.really-force.net/owasp-appseceu13/ Mirror1] and [http://2013.appsec.eu/mirror-videos/ Mirror2].
  
 +
Thx to Christiaan008 the conference videos were uploaded (unofficially but appreciated) to [http://www.youtube.com/playlist?list=PLwP_SiAcdui2WyA6YsaC9av_KHIEn4XRx youtube].
 +
=== Slides ===
 
Quick links to the presentations. All slides are under [http://creativecommons.org/licenses/by-sa/3.0/ CC-BY-SA] license.
 
Quick links to the presentations. All slides are under [http://creativecommons.org/licenses/by-sa/3.0/ CC-BY-SA] license.
  
=== Thursday 22. August ===
+
==== Thursday, August 22nd ====
* [[Media:Welcome_Note_-_Dirk_Wetter.pdf|Welcome Note]]; Dirk Wetter
+
* [[Media:Welcome_Note_-_Dirk_Wetter.pdf|Welcome Note]]: Dirk Wetter
* [[Media:OWASP_Where_we_are.._Where_we_are_going.pdf|OWASP Where we are.. Where we are going]]
+
* Keynote Angela Sasse -- [[Media:OWASP_angela_sasse_appsec_eu_aug2013.pdf|Busting The Myth of Dancing Pigs: Angela's Top 10 list of reasons why users bypass security measures]]
* [[Media:--comming soon--]]; Henning Perl, Michael Brenner
+
* OWASP Introduction+Update: Michael Coates, Sarah Baso: [[Media:OWASP_Where_we_are.._Where_we_are_going.pdf|OWASP: Where we are... Where we are going]]
* [[Media:Recipes_for_enabling_HTTPS_-_Thomas_Herlea+Neils_Boucke+Johann_Peeters.pdf|Recipes for enabling HTTPS]]; Thomas Herlea, Neils Boucke, Johann Peeters
+
* [[Media:A Qualitative Comparison of SSL Validation Alternatives - Henning Perl+Michael Brenner+Mathew Smith.pdf|A Qualitative Comparison of SSL Validation Alternatives]]: Henning Perl, Michael Brenner
* [[Media:A_Perfect_CRIME__TIME_Will_Tell_-_Tal_Beery.pdf|A Perfect CRIME? TIME Will Tell]]; Tal Be'ery
+
* [[Media:Recipes_for_enabling_HTTPS_-_Thomas_Herlea+Neils_Boucke+Johann_Peeters.pdf|Recipes for enabling HTTPS]]: Thomas Herlea, Neils Boucke, Johann Peeters
* [[Media:--comming soon--]]; Marian Harbach, Matthew Smith
+
* [[Media:A_Perfect_CRIME_TIME_Will_Tell_-_Tal_Beery.pdf|A Perfect CRIME? TIME Will Tell]]: Tal Be'ery
* [[Media:HTTP(S)-Based_Clustering_for_Assisted_Cybercrime_Investigations_-_Balduzzi.pdf‎|HTTP(S) - Based Clustering for Assisted Cybercrime Investigations]]; Marco Balduzzi
+
* [[Media:Hunting Down Broken SSL in Android Apps - Sascha Fahl+Marian Harbach+Mathew Smith.pdf|Hunting Down Broken SSL in Android Apps]]: Marian Harbach, Matthew Smith
* [[Media:Improving_the_Security_of_Session_Management_in_Web_Applications_-_Philippe_De_Ryck.pdf|Improving the Security of Session Management in Web Applications]]Philippe DeRyck
+
* [[Media:HTTP(S)-Based_Clustering_for_Assisted_Cybercrime_Investigations_-_Balduzzi.pdf‎|HTTP(S) - Based Clustering for Assisted Cybercrime Investigations]]: Marco Balduzzi
* [[Media:A_Doorman_for_Your_Home--Control-Flow_Integrity_Means_in_Web_Frameworks_-_Bastian_Brown.pdf|A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks]]; Bastian Braun
+
* [[Media:Improving_the_Security_of_Session_Management_in_Web_Applications_-_Philippe_De_Ryck.pdf|Improving the Security of Session Management in Web Applications]]: Philippe DeRyck
 +
* [[Media:A_Doorman_for_Your_Home--Control-Flow_Integrity_Means_in_Web_Frameworks_-_Bastian_Brown.pdf|A Doorman for Your Home - Control-Flow Integrity Means in Web Frameworks]]: Bastian Braun
 +
* [[Media:Technical_Due_Diligence_-_Amir_Alsbih.pdf|Experience made in Technical Due Diligence]]: Amir Alsbih
 +
* [[Media:OWASP-CISO_Guide_and_CISO_report_2013_for_managers_-_Tobias_Gondrom.pdf|OWASP - CISO Guide and CISO report 2013 for managers]]: Tobias Gondrom
 +
* [[Media:Real World Agile SDLC - Chris Eng+Ryan OBoyle.pdf|Real World Agile SDLC]]: Chris Eng, Ryan O'Boyle
 +
* OWASP Top 10 Proactive Controls: Jim Manico (external link: presentation done by Jason Johnson at http://prezi.com/_oug648-i4yr/owasp-top-ten-defenses )
 +
* [[Media:CSP--the_panacea_for_XSS_or_placebo_-_Taras_Ivashchenko.pdf‎|CSP - the panacea for XSS or placebo]]: Taras Ivashchenko
 +
* [[Media:Security_Testing_Guidelines_for_mobile_Apps_-_Florian_Stahl+Johannes_Stroeher.pdf|Security Testing Guidelines for mobile Apps]]: Florian_Stahl, Johannes Stroeher
  
* [[Media:Technical_Due_Diligence_-_Amir_Alsbih.pdf|Experiance made in Technical Due Diligence]]; Amir Alsbih
+
* Keynote HackPra Allstars -- [[Media:]]: Jörg Schwenk
* [[Media:OWASP-CISO_Guide_and_CISO_report_2013_for_managers_-_Tobias_Gondrom.pdf|OWASP - CISO Guide and CISO report 2013 for managers]]; Tobias Gondrom
+
* HackPra Allstars -- [[Media:HackPraAllstars_Rooting_Your_Internals_-_Michele_Orru.pdf|Rooting Your Internals]]: Michele Orrù
* [[Media:--comming soon--]]; Chris Eng, Ryan O'Boyle
+
* HackPra Allstars -- [[Media:HackPra_Allstars-Burp_Pro_Tips_and_Tricks_-_Nicolas_Grégoire.pdf|Burp Pro Tips and Tricks]]: Nicolas Grégoire
* [[Media:OWASP Top 10 Proactive Controls.pdf]]; Jim Manico
+
* HackPra Allstars -- [[Media:HackPra_Allstars-Augmented_Reality_in_your_web_proxy_-_Roberto_Suggi_Liverani.pdf‎|Augmented Reality in your web proxy]]: Roberto Suggi Liverani
* [[Media:CSP--the_panacea_for_XSS_or_placebo_-_Taras_Ivashchenko.pdf‎|CSP - the panacea for XSS or placebo]]; Taras Ivashchenko
+
* HackPra Allstars -- Browser Timing Attacks [http://contextis.co.uk/files/Browser_Timing_Attacks.pdf| (Paper)] and the [[Media:HackPra_Allstars-Browser_Timing_Attacks_-_Paul_Stone.pdf‎| talk (updated slides)]]: Paul Stone
* [[Media:Security_Testing_Guidelines_for_mobile_Apps_-_Florian_Stahl+Johannes_Stroeher.pdf|Security_Testing_Guidelines_for_mobile_Apps]]; Florian_Stahl, Johannes Stroeher
+
  
* [[Media:HTML5--ALL_THE_THINGS_-_Thomas_Roessler.pdf|HTML5 - ALL THE THINGS]]; Thomas Roessler
+
<!-- Slides entsprechen nicht dem Speakers Agreement
  
* HackPra Allstars [[Media:HackPraAllstars_Rooting_Your_Internals_-_Michele_Orru.pdf|Rooting Your Internals]]; Michele Orru
 
* HackPra Allstars [[Media:--comming soon--]]; Paul Stone
 
* HackPra Allstars [[Media:HackPra_Allstars-Burp_Pro_Tips_and_Tricks_-_Nicolas_Grégoire.pdf|Burp Pro Tips and Tricks]]; Nicolas Grégoire
 
* HackPra Allstars [[Media:HackPra_Allstars-Augmented_Reality_in_your_web_proxy_-_Roberto_Suggi_Liverani.pdf‎|Augmented Reality in your web proxy]]; Roberto Suggi Liverani
 
 
* HackPra Allstars [[Media:--comming soon--]]; Gareth Heyes
 
* HackPra Allstars [[Media:--comming soon--]]; Gareth Heyes
 
* HackPra Allstars [[Media:--comming soon--]]; Eduardo Vela
 
* HackPra Allstars [[Media:--comming soon--]]; Eduardo Vela
 
* HackPra Allstars [[Media:--comming soon--]]; Mario Heiderich
 
* HackPra Allstars [[Media:--comming soon--]]; Mario Heiderich
 
+
-->
 +
<!--
 
* OSS [[Media:]]; Mario Vilas
 
* OSS [[Media:]]; Mario Vilas
 +
-->
 +
* OSS [[Media:OWTF--Summer_StormShort-newer_-_Abraham_Aranguren.pdf|OWTF  Summer StormShort (newer)]]: Abraham Aranguren
 +
<!-- not provided and we don't worry:
 
* OSS [[Media:]]; Christian Bockermann
 
* OSS [[Media:]]; Christian Bockermann
 
* OSS [[Media:]]; Guido Witmond
 
* OSS [[Media:]]; Guido Witmond
 
* OSS [[Media:]]; Miroslav Stampar
 
* OSS [[Media:]]; Miroslav Stampar
 
* OSS [[Media:]]; Dan Cornell
 
* OSS [[Media:]]; Dan Cornell
 +
-->
  
=== Friday 23. August ===
+
==== Friday August, 23rd ====
* [[Media:--comming soon--]]; Nick Nikiforakis
+
* Keynote Thomas Roessler -- [[Media:HTML5--ALL_THE_THINGS_-_Thomas_Roessler.pdf|Secure all the things: fiction from the Web’s immediate future]]
* [[Media:--comming soon--]]; Milton Smith
+
* [[Media:OWASP_AppSec_Research_2013_-_Webfingerprinting.pdf|Web Fingerprinting: How, who and why?]]: Nick Nikiforakis  
* [[Media:OWASP_Top-10_2013--AppSec_EU_2013_-_Dave_Wichers.pdf|OWASP Top-10 2013]]; Dave Wichers
+
* [[Media:Making_the_Future_Secure_with_Java_-_Milton_Smith.pdf‎|Making the Future Secure with Java]]: Milton Smith
* [[Media:WASC-OWASP_WAFEC_-_Achim_Hoffmann+Ofer_Shezaf.pdf|WASC/OWASP WAFEC]]; Achim Hoffmann, Ofer Shezaf
+
* [[Media:OWASP_Top-10_2013--AppSec_EU_2013_-_Dave_Wichers.pdf|OWASP Top-10 2013]]: Dave Wichers
* [[Media:An_Alternate_Approach_for_SQLi_Detection_-_Reto_Ischi.pdf|An Alternate Approach for SQLi Detection]]; Reto Ischi
+
* [[Media:WASC-OWASP_WAFEC_-_Achim_Hoffmann+Ofer_Shezaf.pdf|WASC/OWASP WAFEC]]: Achim Hoffmann, Ofer Shezaf
* [[Media:OWASP_AppSensor--In_Theory,_In_Practice_and_In_Print_-_Colin_Watson.pdf|OWASP AppSensor - In Theory, In Practice and In Print]]; Colin Watson
+
* [[Media:An_Alternate_Approach_for_SQLi_Detection_-_Reto_Ischi.pdf|An Alternate Approach for SQLi Detection]]: Reto Ischi
* [[Media:Introducing_ASVS_2013_-_Sahba_Kazerooni+Daniel_Cuthbert.pdf|Introducing ASVS 2013]]; Sahba Kazerooni, Daniel Cuthbert
+
* [[Media:OWASP_AppSensor--In_Theory,_In_Practice_and_In_Print_-_Colin_Watson.pdf|OWASP AppSensor - In Theory, In Practice and In Print]]: Colin Watson
 
+
* [[Media:Introducing_ASVS_2013_-_Sahba_Kazerooni+Daniel_Cuthbert.pdf|Introducing ASVS 2013]]: Sahba Kazerooni, Daniel Cuthbert
* [[Media:--comming soon--]]; Erlend Oftedal
+
<!-- Slides entsprechen nicht dem Speakers Agreement
* [[Media:Insane_in_the_IFRAME_-_David_Ross.pdf|Insane in the IFRAME]]; David Ross
+
* [[Media:--comming soon--]]: Erlend Oftedal
* [[Media:JS_Libraries_Insecurity_-_Stefano_DiPaola.pdf|JS Libraries Insecurity]]; Stefano DiPaola
+
-->
* [[Media:--comming soon--]]; Sebastian Lekies, Ben Stock
+
* [[Media:Insane_in_the_IFRAME_-_David_Ross.pdf|Insane in the IFRAME]]: David Ross
* [[Media:Origin_Policy_Enforcement_in_Modern_Browsers_-_Frederik_Braun.pdf|Origin Policy Enforcement in Modern Browsers]]; Federik Braun
+
* [[Media:JS_Libraries_Insecurity_-_Stefano_DiPaola.pdf|JS Libraries Insecurity]]: Stefano DiPaola
* [[Media:I_am_in_your_browser,_pwning_your_stuff_-_Krzysztof_Kotowicz.pdf‎|I am in your browser, pwning your stuff]]; Krzysztof Kotowicz
+
* [[Media:Clickjacking_Protection_Under_Non-trivial_Circumstances_-_Sebastian_Lekies+Martin_Johns.pdf|Clickjacking Protection Under Non-trivial Circumstances]]: Sebastian Lekies, Martin Johns
* [[Media:Sandboxing-Javascript_-_Lieven_Desmet+Nick_Nikiforakis.pdf|Sandboxing Javascript]]; Lieven Desmet, Nick Nikiforakis
+
* [[Media:Origin_Policy_Enforcement_in_Modern_Browsers_-_Frederik_Braun.pdf|Origin Policy Enforcement in Modern Browsers]]: Frederik Braun
 
+
* [[Media:I_am_in_your_browser,_pwning_your_stuff_-_Krzysztof_Kotowicz.pdf‎|I am in your browser, pwning your stuff]]: Krzysztof Kotowicz
* [[Media:RaspberryPi_for_the_Infrasturcture_and_hacker_-_Fred_Donavan.pdf|RaspberryPi for the Infrasturcture and hacker]]; Fred Donavan
+
* [[Media:Sandboxing-Javascript_-_Lieven_Desmet+Nick_Nikiforakis.pdf|Sandboxing Javascript]]: Lieven Desmet, Nick Nikiforakis
* [[Media:--comming soon--]]; Yvan Boily
+
* [[Media:RaspberryPi_for_the_Infrasturcture_and_hacker_-_Fred_Donavan.pdf|RaspberryPi for the Infrastructure and hacker]]: Fred Donavan
* [[Media:ZAP_Innovations_-_Simon_Benetts.pdf|ZAP Innovations]]; Simon Benetts
+
* [[Media:Minion--Making Security Accessible for Developers - Yvan Boily.tar|Minion - Making Security Accessible for Developers]]: Yvan Boily (download tar and open index.html in your browser; all sources are [https://github.com/ygjb/appsec-eu-2013 here])
* [[Media:Do_You_Have_a_Scanner_or_Scanning_Program_-_Dan_Cornell.pdf‎|Do_You_Have a Scanner or Scanning Program]]; Dan Cornell
+
* [[Media:ZAP_Innovations_-_Simon_Benetts.pdf|ZAP Innovations]]: Simon Benetts
* [[Media:OWTF--Summer_StormShort_-_Abraham_Aranguren.pdf|OWTF  Summer StormShort]]; Abraham Aranguren
+
* [[Media:Do_You_Have_a_Scanner_or_Scanning_Program_-_Dan_Cornell.pdf‎|Do_You_Have a Scanner or Scanning Program]]: Dan Cornell
* [[Media:--comming soon--]]; Luca Viganò, Luca Compagna
+
* [[Media:OWTF--Summer_StormShort_-_Abraham_Aranguren.pdf|OWTF  Summer StormShort]]: Abraham Aranguren
* OSS [[Media:OWASP_Hackademic_Challenges_-_Konstantinos_Papapanagiotou+Spyros_Gasteratos.pdf|OWASP Hackademic Challenges]]; Konstantinos Papapanagiotou
+
* [[Media:OWASP_Hackademic_Challenges_-_Konstantinos_Papapanagiotou+Spyros_Gasteratos.pdf|OWASP Hackademic Challenges]]: Konstantinos Papapanagiotou
 +
* [[Media:SPaCIoS_-_Luca_Compagna.pdf|SPaCIoS]]: Luca Viganò, Luca Compagna
 +
<!-- see above
 
* OSS [[Media:]]; Dinis Cruz
 
* OSS [[Media:]]; Dinis Cruz
 
* OSS [[Media:]]; Juray Somorowsky
 
* OSS [[Media:]]; Juray Somorowsky
* [[Media:Closing_Note_-_Dieter_Gollmann.pdf‎|Closing Note]]; Dieter Gollmann
+
-->
* [[Media:Closing-Ceremony_-_Dirk_Wetter.pdf‎|Closing Ceremony]]; Dirk Wetter
+
* Closing Note Dieter Gollmann: [[Media:Closing_Note_-_Dieter_Gollmann.pdf‎|Access Control of the Web – The Web of Access Control]]  
 +
* [[Media:Closing-Ceremony_-_Dirk_Wetter.pdf‎|Closing Ceremony]]: Dirk Wetter
  
 
== Welcome ==
 
== Welcome ==
Line 83: Line 98:
 
The <u>[[Germany|German OWASP Chapter]]</u> is hosting the global OWASP AppSec Research 2013 conference in <u>[http://en.wikipedia.org/wiki/Hamburg Hamburg]</u>, Germany from August 20-23. Hamburg is the second biggest city in Germany, <u>[https://maps.google.com/maps?q=Hamburg,+Germany&hl=en&ll=51.426614,10.239258&spn=12.838461,14.589844&sll=37.0625,-95.677068&sspn=61.799062,58.359375&oq=hamburg&hnear=Hamburg,+Germany&t=m&z=6 located in the north]</u>. To quote New York Times: <u>[http://travel.nytimes.com/2012/01/22/travel/36-hours-hamburg-germany.html No one tells you how pretty Hamburg is]</u>. We do.  
 
The <u>[[Germany|German OWASP Chapter]]</u> is hosting the global OWASP AppSec Research 2013 conference in <u>[http://en.wikipedia.org/wiki/Hamburg Hamburg]</u>, Germany from August 20-23. Hamburg is the second biggest city in Germany, <u>[https://maps.google.com/maps?q=Hamburg,+Germany&hl=en&ll=51.426614,10.239258&spn=12.838461,14.589844&sll=37.0625,-95.677068&sspn=61.799062,58.359375&oq=hamburg&hnear=Hamburg,+Germany&t=m&z=6 located in the north]</u>. To quote New York Times: <u>[http://travel.nytimes.com/2012/01/22/travel/36-hours-hamburg-germany.html No one tells you how pretty Hamburg is]</u>. We do.  
  
The AppSec Research conference will be a premier gathering of Information Security leaders, also it is going to have a research part.
+
The AppSec Research conference will be a premier gathering of Information Security leaders, also it has a research part.
  
 
Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology and many other verticals.  
 
Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology and many other verticals.  
Line 92: Line 107:
 
==== Facts in a nutshell ====
 
==== Facts in a nutshell ====
 
;Date:
 
;Date:
:[https://appsec.eu/trainings/ Trainings]: August 20-21, 2013
+
:[http://2013.appsec.eu/trainings/ Trainings]: August 20-21, 2013
 
:Conference: August 22-23, 2013
 
:Conference: August 22-23, 2013
 
;Location: <u>[http://www.emporio-hamburg.de/en/ Emporio Hamburg]</u>
 
;Location: <u>[http://www.emporio-hamburg.de/en/ Emporio Hamburg]</u>
 
;Program
 
;Program
: [https://appsec.eu/program/ Complete Program]
+
: [http://2013.appsec.eu/program/ Complete Program]
: [https://appsec.eu/trainings/ Trainings]  
+
: [http://2013.appsec.eu/trainings/ Trainings]  
: [https://appsec.eu/program/open-source-security-showcase/ Open Source (Security) Showcase]
+
: [http://2013.appsec.eu/program/open-source-security-showcase/ Open Source (Security) Showcase]
: [https://appsec.eu/program/hackpra-allstars/ HackPra Allstars Track ]
+
: [http://2013.appsec.eu/program/hackpra-allstars/ HackPra Allstars Track ]
 
;Events
 
;Events
 
: Dinner ...
 
: Dinner ...
;Sponsors: <u>[https://www.owasp.org/images/0/03/Sponsorship_Description_AppSec_EU_2013.pdf Sponsorship Description]</u>, find out more [https://appsec.eu/sponsors/sponsorship/ here].
+
;Sponsors: <u>[https://www.owasp.org/images/0/03/Sponsorship_Description_AppSec_EU_2013.pdf Sponsorship Description]</u>, find out more [http://2013.appsec.eu/sponsors/sponsorship/ here].
 
;Call for ...
 
;Call for ...
 
: Closed: <s>May 15, was extended: May 22: [[AppSecEU2013/CfPapers|Papers]]</s> (Research).
 
: Closed: <s>May 15, was extended: May 22: [[AppSecEU2013/CfPapers|Papers]]</s> (Research).
: Closed: <s>[[AppSecEU2013/CfPresos|Presentations]]</s> (Industry). [https://appsec.eu/program/talk-teaser/ Talk teasers] are here, [https://appsec.eu/program/ Program] comming soon.
+
: Closed: <s>[[AppSecEU2013/CfPresos|Presentations]]</s> (Industry). [http://2013.appsec.eu/program/talk-teaser/ Talk teasers] are here, [http://2013.appsec.eu/program/ Program] comming soon.
: Closed: <s>[[AppSecEU2013/CfTrainings|Call for Trainings]]</s>.  [https://appsec.eu/trainings/ Program] is published
+
: Closed: <s>[[AppSecEU2013/CfTrainings|Call for Trainings]]</s>.  [http://2013.appsec.eu/trainings/ Program] is published
: Closed: <s>[https://appsec.eu/submissions/open-source-showcase-call-for-entries/ OWASP Open Source (Security) Showcase (OSS)]</s>
+
: Closed: <s>[http://2013.appsec.eu/submissions/open-source-showcase-call-for-entries/ OWASP Open Source (Security) Showcase (OSS)]</s>
;Registration: Is open, please see  https://appsec.eu/registration/ .
+
;Registration: Is open, please see  http://2013.appsec.eu/registration/ .
 
;Mailinglist: please subscribe to: [https://lists.owasp.org/mailman/listinfo/appseceu2013 https://lists.owasp.org/mailman/listinfo/appseceu2013]
 
;Mailinglist: please subscribe to: [https://lists.owasp.org/mailman/listinfo/appseceu2013 https://lists.owasp.org/mailman/listinfo/appseceu2013]
  
; Partners + Supporters: [https://appsec.eu/sponsors/supporters/ External Web Site]
+
; Partners + Supporters: [http://2013.appsec.eu/sponsors/supporters/ External Web Site]
  
 
== Sponsorship ==
 
== Sponsorship ==
Line 142: Line 157:
 
== Call for {Presentations,Papers,Trainings} ==
 
== Call for {Presentations,Papers,Trainings} ==
  
We have there separate "Calls":
+
We had there separate "Calls":
  
 
* Closed: <s>The <u>[[AppSecEU2013/CfPapers|Call for Papers]]</u> is for the Research track</s>
 
* Closed: <s>The <u>[[AppSecEU2013/CfPapers|Call for Papers]]</u> is for the Research track</s>
 
* Closed: <s>[[AppSecEU2013/CfPresos|Call for Presentations]] is the standard one for the regular tracks</s>
 
* Closed: <s>[[AppSecEU2013/CfPresos|Call for Presentations]] is the standard one for the regular tracks</s>
 
* Closed: <s>[[AppSecEU2013/CfTrainings|Call for Trainings]]</s>
 
* Closed: <s>[[AppSecEU2013/CfTrainings|Call for Trainings]]</s>
 +
 +
== Ticket Challenge ==
 +
 +
.. [[AppSecEU2013/TicketChallenge|for the record]]
  
 
== Teams ==
 
== Teams ==
Line 153: Line 172:
 
:[[User:Dirk Wetter|Dirk Wetter]] (Chair)
 
:[[User:Dirk Wetter|Dirk Wetter]] (Chair)
 
:[[User:Kai Jendrian|Kai Jendrian]] (Co-Chair)
 
:[[User:Kai Jendrian|Kai Jendrian]] (Co-Chair)
:Birgit Bernskötter (External)
 
 
:[[User:Ingo Hanke|Ingo Hanke]]
 
:[[User:Ingo Hanke|Ingo Hanke]]
 
:Boris Hemkemeier
 
:Boris Hemkemeier
Line 171: Line 189:
 
:[https://twitter.com/#!/search/OWASP_de Twitter: @OWASP_de] (German account)
 
:[https://twitter.com/#!/search/OWASP_de Twitter: @OWASP_de] (German account)
  
 
== Countdown Challenges ==
 
 
;Closed <s>Win Free Tickets to AppSec EU Research 2013! [[AppSecEU2013/Ticket-Challenge|here]] or [https://appsec.eu/ticket-challenge/ https://appsec.eu/ticket-challenge/] </s>.
 
 
How to Start
 
 
<nowiki>=================================</nowiki>
 
 
Step0
 
    Prepare your client with a preconfigured virtual host in VMware Player or VirtualBox.
 
    Install the LiveCD image in your virtual host. It can be downloaded here:
 
    https://www.hacking-lab.com/Remote_Sec_Lab/livecd.html
 
 
    Download links for VMware Player and VirtualBox are:
 
    * https://www.virtualbox.org/wiki/Downloads
 
    * http://www.vmware.com/products/player/
 
 
Step1
 
    Follow the link from your mail or posted at conference wiki.
 
 
Step2
 
    Login
 
 
Step3
 
    After login you'll see the list of Running Events
 
    Switch to the challenge AppSec EU 2013 Ticket Challenge 6
 
 
Step4
 
    To solve the task you need a VPN connection as shown in
 
    https://www.hacking-lab.com/Remote_Sec_Lab/lab-infrastructure.html
 
 
Step5
 
    Connect to hacking-lab.com after starting your Live-CD from within your virtual host as described in
 
    https://www.hacking-lab.com/Remote_Sec_Lab/OpenVPN.html
 
 
Step6
 
    To complete the task (event), send your description of the vulnerability including an exploit
 
    and a description for mitigations using the provided "Send Solution" button.
 
;Good luck!!
 
 
== University Challenges ==
 
AppSec Research 2013 will have a OWASP [[AppSecEU2013/Uni-Challenge| University Challenges]], details see [[AppSecEU2013/Uni-Challenge|here]].
 
 
== Capture the Flag ==
 
There will be a ''Capture the Flag'' event at AppSec Research 2013. Details will come sone [[AppSecEU2013/Capture-the-Flag|here]].
 
 
More detailed description is available on our [[AppSecEU2013/external web site|external web site]].
 
 
----
 
----
 
[[Germany|<Germany>]]
 
[[Germany|<Germany>]]

Latest revision as of 05:07, 15 March 2014

original photo from IqRS


For a more detailed description of everything see our main AppSec Research 2013 Web Site.


Presentations

Videos

Videos from the talks are available for Großer Saal and Aussichtsreich + Freiraum. There are also Mirror1 and Mirror2.

Thx to Christiaan008 the conference videos were uploaded (unofficially but appreciated) to youtube.

Slides

Quick links to the presentations. All slides are under CC-BY-SA license.

Thursday, August 22nd

Friday August, 23rd

Welcome

The German OWASP Chapter is hosting the global OWASP AppSec Research 2013 conference in Hamburg, Germany from August 20-23. Hamburg is the second biggest city in Germany, located in the north. To quote New York Times: No one tells you how pretty Hamburg is. We do.

The AppSec Research conference will be a premier gathering of Information Security leaders, also it has a research part.

Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology and many other verticals.

The conference will be held from August 20-23, 2013 at the Emporio Hamburg. It's centrally located in the heart of the city with a splendid view over Binnen-, Aussenalster and River Elbe.


Facts in a nutshell

Date
Trainings: August 20-21, 2013
Conference: August 22-23, 2013
Location
Emporio Hamburg
Program
Complete Program
Trainings
Open Source (Security) Showcase
HackPra Allstars Track
Events
Dinner ...
Sponsors
Sponsorship Description, find out more here.
Call for ...
Closed: May 15, was extended: May 22: Papers (Research).
Closed: Presentations (Industry). Talk teasers are here, Program comming soon.
Closed: Call for Trainings. Program is published
Closed: OWASP Open Source (Security) Showcase (OSS)
Registration
Is open, please see http://2013.appsec.eu/registration/ .
Mailinglist
please subscribe to: https://lists.owasp.org/mailman/listinfo/appseceu2013
Partners + Supporters
External Web Site

Sponsorship

AppSec Research is seeking for sponsors. We have several possibilities how you can promote your company, seek for employees and on the other side support the conference. Please find the description, pricing and possible items in a PDF here.

Thanks to our following sponsors

Platin
www.riverbed.com/products-solutions/products/application-delivery-stingray/

Gold Silver Bronze
    www.hpenterprisesecurity.com

www.imperva.com  www.f5.com  
www.barracuda.com   www.securenet.de  www.checkmarx.com  www.acunetix.com   www.denyall.com    www.securityinnovation.com   www.whitehatsec.com www.schutzwerk.com

www.tele-consulting.com   www.trustwave.com  www.ergon.ch  www.microsoft.com www.sap.com

Call for {Presentations,Papers,Trainings}

We had there separate "Calls":

Ticket Challenge

.. for the record

Teams

Conference Orga

Dirk Wetter (Chair)
Kai Jendrian (Co-Chair)
Ingo Hanke
Boris Hemkemeier
Achim Hoffmann
Martin Johns
Hartwig Gelhausen
Tobias Glemser
Sebastien Deleersnyder
Kelly Santalucia
Sarah Baso

Contact: orga2013//lists/appsec/eu


Twitter
Twitter: @appseceu
Twitter: @OWASP_de (German account)

<Germany>