Difference between revisions of "AppSecIreland2012"

From OWASP
Jump to: navigation, search
 
(46 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
! width="500" align="center" |  
 
! width="500" align="center" |  
 
|-
 
|-
| align="center" | [[Image:Banner-trinity-web.jpg]]  
+
| align="center" | [[Image:AppSecBanner.png]]  
 
| align="center" |  
 
| align="center" |  
 
<br> '''Follow us on:<br>
 
<br> '''Follow us on:<br>
Line 14: Line 14:
  
  
==== Welcome  ====
+
= Welcome  =
  
 
{| style="width: 100%;"
 
{| style="width: 100%;"
Line 23: Line 23:
 
| style="width: 95%; color: rgb(0, 0, 0);" |  
 
| style="width: 95%; color: rgb(0, 0, 0);" |  
  
We are pleased to announce that the [http://www.owasp.org/index.php/Ireland-Dublin Ireland chapter] will host the OWASP AppSec Europe 2011 global conference in beautiful Dublin, Ireland. <br>
+
The OWASP AppSec Ireland Conference will be held at [http://www.tcd.ie/ Trinity College Dublin] ([http://maps.google.com/maps/place?ftid=0x48670e9a84b0039b:0xacb03905ec77b553&q=Trinity+College+Dublin,+College+Green,+Dublin,+Ireland&hl=es&dtab=0&sll=53.343726,-6.254372&sspn=0.015987,0.038418&ie=UTF8&ll=53.348681,-6.26873&spn=0,0&z=15 map]) from September 4th through 6th 2012. There will be training courses on September 4th and 5th followed by plenary sessions on the 6th. This conference, in its 4th consecutive year, is a premier gathering for Information Security leaders, executives from Fortune 500 firms along with technical thought leaders, security architects and lead developers to share cutting-edge ideas, initiatives and technology advancements. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 300 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.  
  
The AppSec Europe conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 400-500 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.  
+
If you have any questions, please send an email to '''ireland at owasp.org'''
  
AppSec Europe 2011 will be held at [http://www.tcd.ie/ Trinity College Dublin] ([http://maps.google.com/maps/place?ftid=0x48670e9a84b0039b:0xacb03905ec77b553&q=Trinity+College+Dublin,+College+Green,+Dublin,+Ireland&hl=es&dtab=0&sll=53.343726,-6.254372&sspn=0.015987,0.038418&ie=UTF8&ll=53.348681,-6.26873&spn=0,0&z=15 map]) on June 7th through 10th 2011. There will be training courses on June 7th and 8th followed by plenary sessions on the 9th and 10th with each day having at least three tracks. AppSec Europe may also have BOF (informal adhoc meetings), break out, or speed talks in addition to the standard schedule depending on the submissions received.
 
<br>
 
If you have any questions, please email the conference chair: '''appseceu at owasp.org'''
 
  
 
+
===Who Should Attend AppSec Ireland 2012:===
'''Who Should Attend AppSec Europe 2011:'''
+
  
 
*Application Developers  
 
*Application Developers  
Line 43: Line 39:
 
*IT Professionals Interested in Improving IT Security<br>
 
*IT Professionals Interested in Improving IT Security<br>
 
<br>
 
<br>
'''How to get to AppSec EU?'''
+
===How to get to AppSec Ireland?===
 
+
The OWASP AppSec EU Conference takes place in the Arts Building in the grounds of Trinity College, Dublin 2. You could find a copy of the Trinity College grounds and some directions on how to get to the Arts Building in the URL below.
+
 
+
[http://www.appseceu.org/?page_id=817 AppSec EU Venue Location]
+
 
+
 
+
 
+
'''Are you an exhibitor and need to load/offload materials at Trinity College?
+
'''
+
Below is the map to the Arts Building Loading Bay:
+
 
+
[https://www.owasp.org/images/c/ce/Campus_map_with_Arts_Building_Loading_Bay_vehicular_route.pdf Campus Map]
+
<br><br>
+
 
+
'''Have you visited our AppSec EU conference website?'''
+
 
+
[http://www.appseceu.org AppSec EU Conference Website]
+
<br><br>
+
 
+
 
+
'''Sponsorship Options'''
+
 
+
To find out more about the different sponsorship opportunities please check the document below:
+
 
+
[http://www.appseceu.org/wp-content/uploads/2011/03/AppSecEU_Sponsorship_Packages.pdf AppSec EU Sponsorship Packages]
+
  
 +
The OWASP AppSec Ireland Conference takes place in the Hamilton Building in the grounds of Trinity College, Dublin 2.
  
 
<!-- Mediawiki needs all these spaces -->  
 
<!-- Mediawiki needs all these spaces -->  
Line 78: Line 50:
  
 
| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->  
 
| style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->  
[[Image:Appseceurope3.png]]  
+
<!-- There be dragons here -->
 +
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[File:AppSecWEB2.png|300px|link=http://www.appsecireland.org|AppSec Ireland Website]]  
  
 
{|
 
{|
 
|-
 
|-
 
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |  
 
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |  
Use the '''[http://search.twitter.com/search?q=%23AppSecEU #AppSecEU]''' hashtag for your tweets for AppSec Europe 2011 (What are [http://hashtags.org/ hashtags]?)  
+
Use the '''[http://search.twitter.com/search?q=%23appsecireland #appsecireland]''' hashtag for your tweets for AppSec Ireland 2012 (What are [http://hashtags.org/ hashtags]?)  
  
'''@AppSecEU Twitter Feed ([http://twitter.com/AppSecEU follow us on Twitter!])''' <twitter>228539824</twitter>  
+
'''@Appsecireland Twitter Feed ([http://twitter.com/appsecireland follow us on Twitter!])''' <twitter>498867302</twitter>  
  
 
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |  
 
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |  
Line 94: Line 67:
 
<!-- End Banner -->  
 
<!-- End Banner -->  
  
==== Registration  ====
+
=CFP CFT=
  
== [http://www.regonline.com/owasp_appsec_eu_2011 '''Registration is now open!''']  ==
+
OWASP is currently soliciting training & presentation proposals for the OWASP AppSec Ireland 2012 Conference which will take place at Trinity College Dublin in Ireland, on September 4th through September 6th 2012. There will be training courses on September 4th & 5th followed by plenary sessions on September 6th.
  
[[Image:RegisterNow.jpg|link=http://www.regonline.com/owasp_appsec_eu_2011]]
+
===Topics===
  
 +
In accordance with the broader OWASP mission stemming from the 2011 OWASP Global Summit, AppSec Ireland is working to reflect the move of OWASP towards embracing all facets of Application Security, and not restricting it's content to strictly to the realm of web applications. Therefore we invite all practitioners of application security and those who work with or interact with all facets of application security to submit papers and training proposals to the conference.
  
===Registration Fees===
+
===Call for Papers===
{| class="wikitable"
+
|-
+
! Ticket Type
+
! Before 6th April
+
! After 6th April
+
! After 6th May
+
|-
+
| Non-Member
+
| €250
+
| style="background: #cef2e0;" | €300
+
| style="background: #ffffcc;" | €350
+
|-
+
| Active OWASP Member
+
| €200
+
| style="background: #cef2e0;" | €250
+
| style="background: #ffffcc;" | €300
+
|-
+
| Student
+
| €150
+
| style="background: #cef2e0;" | €200
+
| style="background: #ffffcc;" | €250
+
|}
+
  
{| class="wikitable"
+
The AppSec Ireland 2012 Conference Committee is seeking presentations in the following subject areas:
|-
+
! Course
+
! Fee
+
|-
+
| 1 Day Training
+
| €495
+
|-
+
| 2 Day Training
+
| €990
+
|}
+
  
Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.
+
*OWASP Projects
 +
*Research in Application Security Defense (Defense & Countermeasures)
 +
*Research in Application Security Offense (Vulnerabilities & Exploits)
 +
*Web Application Security
 +
*Critical Infrastructure Security
 +
*Mobile Security
 +
*Government Initiatives & Government Case Studies
 +
*Effective Case studies in Policy, Governance, Architecture or Life Cycle
 +
*and other application security topics
  
<nowiki>*</nowiki> We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size&nbsp;:).
+
===Call for Training===
  
 +
The AppSec Ireland 2012 Conference Committee is seeking trainings in the following subject areas:
  
==== June 7th-8th (Training)  ====
+
- Security in Web 2.0, Web Services/XML
 +
- Advanced penetration testing
 +
- Static analysis for security
 +
- Threat modeling of applications
 +
- Secure coding practices
 +
- Security in J2EE/.NET patterns and frameworks
 +
- Application security with ESAPI
 +
- OWASP tools in practice
  
== Schedule  ==
+
We will look favorably on laboratory-based/hands-on training.
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
===Submission deadline and instructions===
|-
+
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T1. Threat Modeling and Architecture Review - 2-Days (June 7-8) - 990 Euro
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |  Threat Modeling and Architecture Review are the cornerstones of a preventative approach to Application Security. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the threat an application faces and how the application will handle those potential threats. This enables the risk to be accurately assessed and appropriate changes or mitigating controls recommended.
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Pravir Chandra, Fortify
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Threat Modeling and Architecture Review Class]]
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
+
|}
+
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
Submit papers/training proposals to http://cfp.appsecireland.org. Submission deadline is Wednesday June 6th 2012.  Inquires can be made to '''ireland at owasp.org'''.
|-
+
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T2. Assessing and Exploiting Web Applications with Samurai - WTF - 2-Days (June 7-8) - 990 Euros
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |
+
Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of three different web applications, and the browsers connecting to them. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a fourth web application that contains keys you must find and collect. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available open source tools.  
+
  
|-
+
To submit a paper, you will have to sign up for an EasyChair account at https://www.easychair.org/account/signup.cgi.
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |
+
Instructor: Justin Searle: InGuardians [[Image:InGuardians.png|36x39px]]
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Assessing and Exploiting Web Applications with Samurai - WTF]]
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
+
|-
+
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T3. Tactical Defense with ModSecurity - 2-Days - 990 Euros
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | While application flaws should ideally be fixed in the source code, this is often not a feasible task for various reasons. Web application firewalls are often deployed as an additional layer of security that can monitor, detect and prevent attacks before they reach the web application. ModSecurity, an extremely popular open source web application firewall, is often used to help protect web applications against known and unknown vulnerabilities alike.
+
  
This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities
+
Please specify in the form whether you are submitting a Training or a Presentation proposal. Eg. Title: "Training - Introduction to Web Application Security"
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Instructor: Christian Bockermann, PhD University of Dortmund
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More about the Tactical Defense With Mod Security Class]]
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
+
|-
+
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T4. Secure Application Development:  Writing secure code (and testing it) 1-Day - June 7th- 495 Euros
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |  Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand.
+
Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.  The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code
+
  
Instructor: Eoin Keary, OWASP
+
===Special Note only for Training Proposals===
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Secure Application Development Class]]
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
+
|-
+
|}
+
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
To submit your training proposal please fill out the OWASP CFT Proposal document located below and attach it while filling out the online form. Upon acceptance you’ll be requested to fill out the Training Instructor Agreement where you’ll find details on revenue split etc.
|-
+
! align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | T5. Designing, Building and Testing Secure Application on Mobile Devices 1-Day - June 8th- 495 Euros
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" |  This course provides an introduction to security for mobile and smartphone applications.  It walks through a basic threat model for a smartphone application.  This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques.  Particular emphasis will be on the unique security challenges that developing software for mobile devices represent, comparing mobile software security concepts to those in the web application world
+
  
<br>Instructors: Dan Cornell, Denim Group
+
http://www.appsecireland.org/wp-content/uploads/2012/05/OWASP_CFT_Proposal.doc
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [[Learn More About the Designing, Building and Testing Secure Application on Mobile Devices Class]]
+
|-
+
| style="background: none repeat scroll 0% 0% rgb(242, 242, 242);" | [http://www.regonline.com/owasp_appsec_eu_2011 Click here to register]
+
|-
+
|}
+
  
 +
=Secure Coding Competition=
  
==== June 9th  ====
+
==OWASP AppSec Ireland 2012 Secure Coding Competition==
  
== Schedule  ==
+
===What’s this about?===
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
OWASP AppSec Ireland 2012 will host a secure coding competition to give you and your friends the chance to test your secure coding skills and challenge other secure coders for the title of AppSec Ireland 2012 Secure Coding Competition (SCC) Champions. The competition is open to everybody and is designed to promote awareness of the benefits of designing and developing secure applications – a skill that all aspiring and accomplished software developers should aim to possess.
|-
+
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 1 - June 9, 2011'''
+
<br>
+
  
|-
+
===Tell me more...===
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
+
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Defend
+
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Prevent
+
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Attack
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 0800-08:50
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration and Breakfast + Coffee
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:50-09:00
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Welcome by AppSec EU Board
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-10:00
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Brad Arkin, Adobe Corp | [http://www.appseceu.org/wp-content/presentations/Brad%20Arkin%20-%20Adobe%20Product%20Security%20Lifecycle.pdf SLIDES]
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:30
+
|align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | [https://www.owasp.org/images/8/8e/OWASP_Global_Board_Update_AppSecEU11_consolidated_-v3.pptx OWASP Global Board Update] - Tom Brennan, Eoin Keary, Seba Deleersnyder
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:30-10:45
+
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:45-11:30
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Practical Browser Sandboxing on Windows with Chromium, ''Tom Keetch, Verizon Business'' <br> [http://www.appseceu.org/wp-content/presentations/Tom%20Keetch%20-%20Practical%20Sandboxing%20with%20Chromium.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Building a Robust Security Plan, ''Narainder Chandwani, Foundstone'' <br> [http://www.appseceu.org/wp-content/presentations/Narainder%20Chandwani%20-%20Building%20a%20Robust%20Application%20Security%20Plan.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | APT in a Nutshell, "David Stubley, 7 Elements Ltd" <br> [http://www.appseceu.org/wp-content/presentations/David%20Stubley%20-%20APT%20in%20a%20Nutshell.pdf SLIDES]<br>
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30-11:40
+
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:40-12:25
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | How to become Twitter's admin:  An introduction to Modern Web Service Attacks, ''Andreas Falkenberg, RUB''<br>[http://www.appseceu.org/wp-content/presentations/Andreas%20Falkenberg%20-%20How%20to%20become%20twitter%20admin.pdf SLIDES]<br>
+
<br>
+
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | The missing link:  Turning Securable apps into secure installations using SCAP, ''Charles Schmidt, MITRE Corp.'' <br> [http://www.appseceu.org/wp-content/presentations/Charles%20Schmidt%20-%20The%20Missing%20Link.pdf SLIDES]<br>
+
You and your friends will form a team of between 2 and 4 people to design and develop the most secure Java or .NET application based on a web application requirement specification that will be handed out on the morning of the first day of the competition. The onus will be on developing a functioning and usable web application without sacrificing on security. Teams will be scored on functionality, usability, reliability and security.
<br>
+
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Buzz about Fuzz:  An enhanced approach to finding vulnerabilities, ''Joe Basirico, Security Innovation'' <br> [http://www.appseceu.org/wp-content/presentations/Joe%20Basirico%20-%20Whats%20the%20Buzz%20About%20Fuzz.pdf SLIDES]<br>
+
If you'd like to take part in the competition but don't have a team to join, you can email one of the organising team and let us know. We will keep a list of people wanting to join a team and we can put you in touch with each other, after which the team can register.
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:25-13:25
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:25-14:25
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Giles Hogben, ENISA | [https://www.owasp.org/index.php/File:Giles_Hogben_-_Smartphones,_App-stores_and_HTML_5.pdf SLIDES]<br>
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:25-14:40
+
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:40-15:25
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | OWASP Secure Coding Practices Quick Reference Guide, ''Keith Turpin, The Boeing Company'' <br> [http://www.appseceu.org/wp-content/presentations/Keith%20Turpin%20-%20Secure%20Coding%20Practices%20Quick%20Ref%20Guide.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Integrating security testing into a SDLC:  what we learned and have the scars to prove it, ''Mark Crosbie, IBM'' <br> [http://www.appseceu.org/wp-content/presentations/Mark%20Crosbie%20-%20Integrating%20Security%20Testing%20into%20a%20SDLC.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Intranet Footprinting:  Discovering Resources from outside, ''Javier Marcos de Prado & Juan Galiana Lara, IBM'' <br> [http://www.appseceu.org/wp-content/presentations/JM%20del%20Prado%20%26%20JG%20Lara%20-%20Intranet%20Footprinting.pdf SLIDES]
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:25-15:40
+
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:40-16:25
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Building Large Scale Detectors for Web-based Malware, ''Marco Balduzzi & Davide Canali, EURECOM''<br>[http://www.appseceu.org/wp-content/presentations/Marco%20Cova%20%26%20Davide%20Canali%20-%20Building%20Large%20Scale%20Detectors%20for%20Web%20Based%20Malware.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Infosec Stats:  Reading between the lines, ''Chris Eng, Veracode''<br> [http://www.appseceu.org/wp-content/presentations/Chris%20Eng%20-%20Reading%20Between%20the%20Lines.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Python Basics for Web App Pentesters, ''Justin Searle, InGuardians Inc'' <br>[http://www.appseceu.org/wp-content/presentations/Justin%20Searle%20-%20Python%20Basics%20for%20Web%20App%20Pentesters.pdf SLIDES]<br>
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:25-16:35
+
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:35-17:20
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | OWASP AppSensor Project, ''Colin Watson, Watson Hall Ltd''<br> [http://www.appseceu.org/wp-content/presentations/Colin%20Watson%20-%20OWASP%20AppSensor%20Project.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | A buffer overflow Story:  From Responsible Disclosure to Closure, ''Douglas Held, Fortify (HP)''<br> [http://www.appseceu.org/wp-content/presentations/Doug%20Held%20-%20A%20Buffer%20Overflow%20Story.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | CTF:  Bringing back more than sexy!, ''Mark Hillick, KTF'' <br>[http://www.appseceu.org/wp-content/presentations/Mark%20Hillick%20-%20CTF%20Bring%20back%20more%20than%20sexy.pdf SLIDES]
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" |
+
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 19:00-23:00
+
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Networking Event - Drinks at the Church Bar
+
|}
+
  
 +
===How will it be judged?===
  
==== June 10th  ====
+
Teams and their finished applications will scored on a number of areas:
  
== Schedule  ==
+
*Short discussion with the esteemed judging panel on design approach and consideration for OWASP Top 10 web application vulnerabilities
 +
*Demonstration of working functionality as per requirements
 +
*Automated secure code review using a leading commercial static source code analysis tool
 +
*Automated vulnerability scanning of application using a leading commercial application vulnerability scanner
  
{| border="0" align="center" class="FCK__ShowTableBorders" style="width: 80%;"
+
Scoring will be designed to promote both a secure approach to, and implementation of, web applications. We want you to demonstrate that there does not need to be a trade-off between functionality and security.
|-
+
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 2 - June 10, 2011'''
+
<br>
+
  
|-
+
===When is it on?===
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
+
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Track 1 - Defend
+
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Track 2 - Prevent
+
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Track 3 - Attack
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:00-08:50
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:50-09:00
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Day 2 Opening Remarks
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00-10:00
+
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Janne Uusilehto, Nokia | [http://www.appseceu.org/wp-content/presentations/Janne%20Uusilehto%20-%20Is%20SW%20Security%20just%20coding%3f.pdf SLIDES]
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:10
+
|align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:10-10:55
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Software Security:  Is OK Good Enough?, ''John Dickson, Denim Group Ltd.''<br> [http://www.appseceu.org/wp-content/presentations/John%20Dickson%20-%20Software%20Security%20Is%20OK%20Good%20Enough.pdf SLIDES] <br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | An Overview of Threat Modeling, ''Paco Hope, Cigital Inc.''<br> [http://www.appseceu.org/wp-content/presentations/Paco%20Hope%20-%20Threat%20Modeling%20Overview.pdf SLIDES]<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | An Introduction to the OWASP Zed Attack Proxy, "Simon Bennetts, OWASP" <br>[http://www.appseceu.org/wp-content/presentations/Simon%20Bennetts%20-%20OWASP%20Zed%20Attack%20Proxy.pdf SLIDES]<br>
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:55-11:10
+
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:10-11:55
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | New standards and upcoming technologies in browser security, ''Tobias Gondrom, IETF WG''<br> [http://www.appseceu.org/wp-content/presentations/Tobias%20Gondrom%20-%20New%20standards%20and%20upcoming%20technologies%20in%20browser%20security.pdf SLIDES]<br>
+
<br>
+
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Simple Approach to Sepcifying Security Requirements for Online Developments, ''Alexis Fitzgerald, RITS''<br>[http://www.appseceu.org/wp-content/presentations/Alexis%20FitzGerald%20-%20Simple%20Approach%20to%20Specifying%20Security%20Requirements.pdf SLIDES]<br>
+
The competition will be ran over the two training days of the conference on the 4th and 5th of September, with the results and prizes awarded on the day of the presentations, the 6th of September. Teams will need to be around the conference for short presentations to the judges on the 6th as well.
<br>
+
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | A Case Study on Enterprise E-mail (in) Security Solutions, ''Marian Ventuneac, Genworth Financial''<br>[http://www.appseceu.org/wp-content/presentations/Marian%20Ventuneac%20-%20Case%20Study%20on%20Enterprise%20E-mail%20(in)Security%20Solutions.pdf SLIDES]<br>
+
===What do we need to bring with us?===
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:55-12:05
+
|align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:05-12:50
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Empty Slot<br>
+
<br>
+
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | A Critical Look at the Classification Schemes for Privacy Risks, ''Elke Roth-Mandutz and Georg Simon, Ohm University''<br> [http://www.appseceu.org/wp-content/presentations/Elke%20Roth-Mandutz%20-%20A%20Critical%20Look%20at%20Classification%20Schemes%20for%20Privacy%20Risks.pdf SLIDES]<br>
+
You are allowed to bring any equipment you want and you can set up a local area network between your team if desired. In order to reflect the realities of the modern constantly connected world, Internet access will be allowed and will be provided. However, abuse of this privilege, such as attempts to plagiarize other applications, could lead to disqualification. Teams will be responsible for providing their own software (SDK, web server and database) and software licenses.
<br>
+
  
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Testing Security Testing:  Evaluating Quality of Security Testing, ''Ofer Maor, Seeker Security''<br>[http://www.appseceu.org/wp-content/presentations/Ofer%20Maor%20-%20Testing%20Security%20Testing.pdf SLIDES]<br>
+
===What can I win?===
|-
+
 
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:50-13:50
+
The winning team first and foremost will be showered with the adulation and adoration of the OWASP community. In addition, the winning team will receive a cash prize and goody bags, the inaugural trophy and be crowned OWASP AppSec Ireland 2012 SCC Champions! There will be runner-up prizes and goody bags for second and third place.
 +
 
 +
===Who can enter?===
 +
 
 +
The competition is open to everyone from academic, students, open-source and industry backgrounds. A registration fee of €100 per team is required in order to prevent teams signing up and then not showing up on the day. In some cases this registration fee may be waived - please contact the organising team for applicability. Due to the time and resources required to run this type of event places will be limited to 8 teams in total so registering early is vital if you want to reserve your place.
 +
 
 +
===OK I'm interested. Where can I sign up?===
 +
 
 +
Registration is now open here: [http://reg.appsecireland.org http://reg.appsecireland.org] (redirects to cevent.com). Just follow the usual registration process and select the "Secure Coding Competition" option and the give the details of your team. Make sure to read the longer list of rules in the fine print section below.
 +
 
 +
===Who can I contact about this?===
 +
 
 +
Please contact Niall Jordan ( niall.jordan at owasp dot org), Marian Ventuneac (marian.ventuneac at owasp dot org) or Eoin Keary (eoin.keary at owasp dot org) for any questions relating to the competition
 +
 
 +
===So what's the sneaky fine print?===
 +
Here is fine print that we think you should know about before registering (it's not really sneaky):
 +
*As stated already, you are responsible for providing your own software, hardware and licenses. As well as obviously requiring a SDK and a web application server, teams will also need to have some form of database software for the web application to interface with.
 +
*A detailed requirements specification for the application will be provided to the teams on the first morning - Tuesday the 4th.
 +
*A room will setup at the conference for the teams which will be open between 9am and 6:00pm. Participants will be allowed to take their equipment home at the end of the day as expecting people to do without their laptop during the evening is not realistic, along with the other concerns such as security and insurance.
 +
*Internet access is allowed. Obvious signs of plagiarism will lead to disqualification so please only use it for reference and help. We will endeavour to provide wi-fi access to all teams but prudence would suggest bringing your own 3G access if possible.
 +
*Teams are expected to produce the following deliverables to the judges by 6pm on Wednesday the 5th:
 +
**Buildable/compilable source code for manual and automated static code analysis
 +
**Working web application that is accessible to a browser and application vulnerability assessment tool. Networking equipment to create a LAN for judging purposes will be provided so teams just have to make sure it the application is externally accessible
 +
*We don't wish to endorse one browser over another, but in the interests of uniformity we will be viewing all applications with Internet Explorer. We suggest you optimize the application to work on Internet Explorer 8 or later.
 +
*As part of the judging process, teams will be expected to present and demonstrate their completed application to the judging panel, and answer any questions they may have. This will contribute a certain amount to your score. These presentation will take place on the morning of Thursday the 6th and should take no longer than 30 minutes for each team.
 +
*In all cases the judging panel's decision will be final.
 +
*The organising committee reserves the right to make changes to any of the rules and regulations without prior notice.
 +
*The organising committee reserves the right to defer or cancel the competition due to Acts of God, health advisories by relevant Government authorities, or circumstances beyond our control.
 +
*All submitted code must be original and not infringe any copyrights or any third party intellectual property rights. The applicants agree to indemnify the organising committee and supporting organisations against any disputes, liabilities or damages howsoever arising.
 +
*Collaboration, copying/sharing across teams is disallowed. We don't mean to discourage sharing, but we need to be fair to everyone.
 +
*Any infringement of the rules and regulations by any team members may result in the disqualification of the whole team.
 +
*No substitution of team members is allowed once the competition starts.
 +
*All team members must be present throughout the competition.
 +
*Collaboration, copying/sharing across teams is disallowed.
 +
 
 +
=  Sponsorship  =
 +
 
 +
OWASP is providing sponsors exclusive access to its audience in Trinity College Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers.Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.
 +
 
 +
The conference is expected to draw over 300 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.
 +
 
 +
Sponsorship opportunities are filling up rapidly. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit), driving funding for research grants, tools and documents, local chapters, and more.
 +
 
 +
All sponsorship opportunities feature significant discounts to OWASP members, allowing you year-round access the web application security’s top thinkers as well as use of OWASP materials in product and service delivery.
  
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch
+
To find out more about the different sponsorship opportunities please check the document below:
 +
 
 +
https://www.owasp.org/images/9/93/Ireland_OWASP_sponsorship_2012.pdf
 +
 
 +
 
 +
= Registration  =
 +
 
 +
== [http://reg.appsecireland.org/ '''Registration is NOW open!''']  ==
 +
 
 +
[[Image:RegisterNow.jpg|link=http://reg.appsecireland.org/]]
 +
 
 +
 
 +
===Registration Fees===
 +
{| class="wikitable"
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:50-14:50
+
! Ticket Type
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Alex Lucas, Microsoft | [http://www.appseceu.org/wp-content/presentations/Alex%20Lucas%20-%20Security%20Science,%20The%20SDL%20and%20Openness.pdf SLIDES]
+
! Before 4th July
 +
! After 4th July
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:50-15:00
+
| Non-Member
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
+
| €140
 +
| style="background: #cef2e0;" | €165
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:00-15:45
+
| Active OWASP Member
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Putting the Smart into Smartphones:  Security Testing Mobile Applications, ''Dan Cornell, Denim Group''<br> [http://www.appseceu.org/wp-content/presentations/Dan%20Cornell%20-%20Putting%20the%20Smart%20in%20Smartphones-Security%20Testing%20Mobile%20Applications.pdf SLIDES]<br>
+
| €100
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | Wordpress Security, ''Steve Lord, Mandalorian Security Ltd.''<br>
+
| style="background: #cef2e0;" | €125
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | The Dark Side:  Measuring and Analyzing Malicious Activity On Twitter, ''Daniel Peck, Barracuda Networks''<br>[http://www.appseceu.org/wp-content/presentations/Daniel%20Peck%20-%20The%20Dark%20Side%20of%20Social%20Networking.pdf SLIDES]<br>
+
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:45-16:00
+
| Student
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break
+
| €75
 +
| style="background: #cef2e0;" | €100
 +
|}
 +
 
 +
{| class="wikitable"
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-16:45
+
! Course
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" | Threat modeling of banking malware-based attacks using the P.A.S.T.A. framework, ''Marco Morana, Cincinnati Chapter Lead & Tony UcedaVelez, VerSprite''<br> [https://www.owasp.org/index.php/File:Marco_Morana_and_Tony_UV_-_Threat_Modeling_of_Banking_Malware.pdf SLIDES]<br>
+
! Fee
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 165, 122);" | PCI DSS v2.0:  a new challenge for web application security testing?, ''Laurent Benameur Sauvaire, Espion, Ltd.''<br>
+
| align="left" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" | Practical Crypto Attacks Against Web Applications, ''Justin Clarke, Gotham Digital Science'' <br>[http://www.appseceu.org/wp-content/presentations/Justin%20Clarke%20-%20Practical%20Crypto%20Attacks%20against%20Web%20Apps.pdf SLIDES]<br>
+
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:45-16:55
+
| 1 Day Training
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
+
| €495
 
|-
 
|-
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:55-17:40
+
| 2 Day Training
 
+
| €990
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote: Arian Evans, Whitehat Security
+
 
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" |
+
| align="left" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |
+
|-
+
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 17:40-18:00
+
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Conference Closure and Raffle
+
 
|}
 
|}
  
 +
Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.
  
 +
<nowiki>*</nowiki> We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size&nbsp;:).
  
==== Accommodation  ====
+
= Accommodation  =
  
'''The Morgan Hotel:<br>
+
===The Morgan Hotel:<br>===
  
 
Stay in one of the best luxury hotels in Dublin, The Morgan, Design hotel is located in Temple Bar. This 4 star Hotel Dublin offers an oasis of calm in a central location. The hotel’s cool modern interiors, chic design and boutique luxury hotel rooms are all part of an experience designed to pamper guests and breathe new life and style into hotel living.
 
Stay in one of the best luxury hotels in Dublin, The Morgan, Design hotel is located in Temple Bar. This 4 star Hotel Dublin offers an oasis of calm in a central location. The hotel’s cool modern interiors, chic design and boutique luxury hotel rooms are all part of an experience designed to pamper guests and breathe new life and style into hotel living.
  
 
This city centre Dublin hotel is just a few blocks away from Trinity College, Grafton Street, the main shopping thoroughfare, theatres, shopping, music and nightlife along with proximity to the IFSC, Dublin’s main business district. There is no other 4 star hotel Dublin quite like it!
 
This city centre Dublin hotel is just a few blocks away from Trinity College, Grafton Street, the main shopping thoroughfare, theatres, shopping, music and nightlife along with proximity to the IFSC, Dublin’s main business district. There is no other 4 star hotel Dublin quite like it!
 
  
 
Stay in the heart of the conference action at a hotel specially discounted for its attendees.
 
Stay in the heart of the conference action at a hotel specially discounted for its attendees.
Line 413: Line 263:
 
€130 Bed & Full Irish Breakfast – Single Occupancy
 
€130 Bed & Full Irish Breakfast – Single Occupancy
 
€140 Bed & Full Irish Breakfast – Double Occupancy
 
€140 Bed & Full Irish Breakfast – Double Occupancy
 
Special rate deadline:
 
6 May 2011
 
  
 
The Morgan Hotel
 
The Morgan Hotel
Line 422: Line 269:
 
http://www.themorgan.ie
 
http://www.themorgan.ie
  
<br>
+
===Trinity College:<br>===
 
+
'''Trinity College:'''<br>
+
 
Accommodation is also available on the historic campus at Trinity College Dublin, located right in the centre of the city. The bedrooms, many of which have been recently renovated, are excellent value with prices ranging from Euro 55.00 to Euro 100.00 per night. Rooms are serviced daily and continental breakfast is included in room rates.
 
Accommodation is also available on the historic campus at Trinity College Dublin, located right in the centre of the city. The bedrooms, many of which have been recently renovated, are excellent value with prices ranging from Euro 55.00 to Euro 100.00 per night. Rooms are serviced daily and continental breakfast is included in room rates.
  
 
For more information visite: https://accommodation.tcd.ie/kxHotel/
 
For more information visite: https://accommodation.tcd.ie/kxHotel/
  
 +
=  KartCon EU  =
  
==== KartCon EU ====
+
Following the success of last year, we are going to host this adrenaline fueled event again!
 
+
It was about time for Europe to host this adrenaline fueled event!
+
  
 
Kylemore Karting, Ireland’s largest indoor Karting arena, has a choice of three 360 mtr tracks with flyovers, underpasses, hills and banked corners waiting for you.
 
Kylemore Karting, Ireland’s largest indoor Karting arena, has a choice of three 360 mtr tracks with flyovers, underpasses, hills and banked corners waiting for you.
Line 439: Line 283:
  
  
This is your chance to sit down, strap in and race for the finish line to “Rev Up” for APPSEC EU 2011.
+
This is your chance to sit down, strap in and race for the finish line to “Rev Up” for AppSec Ireland 2012.
  
The doors open Wednesday 8th June at 7:30pm and there will be transportation available from Dublin city centre.
+
The doors open Wednesday 5th September at 7:30pm and there will be transportation available from Dublin city centre.
  
 
More info could be found here:
 
More info could be found here:
Line 452: Line 296:
 
http://www.kylemore-karting.com
 
http://www.kylemore-karting.com
  
REGISTRATION IS OPEN. Please visit URL below to register:
+
REGISTRATION IS NOT OPEN YET. Please visit URL below to register:
  
http://www.regonline.com/owasp_appsec_eu_2011
+
http://tbd
  
==== Challenges  ====
+
= Challenges  =
  
 
=== Countdown Challenges -- Free Tickets to Win!  ===
 
=== Countdown Challenges -- Free Tickets to Win!  ===
  
You could check all challenges here: http://www.appseceu.org/?page_id=197
+
You could check all challenges here: TBD
 
+
<br>
+
 
+
==== Team  ====
+
 
+
'''AppSec EU Conference Team'''
+
 
+
'''Chairs'''
+
 
+
Eoin Keary<br>
+
Fabio Cerullo<br>
+
Fiona Walsh<br>
+
 
+
'''Operations'''
+
 
+
Kate Hartmann<br>
+
Lorna Alamri<br>
+
Sarah Baso<br>
+
Ana Loza<br>
+
Ralph Durkee<br>
+
 
+
'''Volunteers'''
+
 
+
Owen Pendlebury<br>
+
Niall Jordan<br>
+
Ronan O'Mullane<br>
+
Federico Feraboli<br>
+
 
+
 
+
==== Chapters Workshop ====
+
On June 9, 14h30-18h in Trinity College - Arts Building room 3126,  we organize a chapter leader workshop for all the chapter leaders that attend the conference.
+
 
+
Items that will be discussed are:
+
* How to improve the current Chapter Leader Handbook?
+
* How to start and support new chapters within Europe?
+
* How to support inactive chapters within Europe?
+
* What Governance model is required for OWASP chapters?
+
* How can the global chapters committee facilitate the European chapters?
+
* ...
+
 
+
Agenda and room details are online at [[AppSecEU 2011 chapters workshop agenda]].
+
 
+
Contact [mailto:seba@owasp.org Seba] for more details.
+
 
+
'''[https://docs.google.com/a/owasp.org/document/d/1PrGmwy1pxs2cb4LyewXS4TonbzAY7nORWvj-NJYaEnk/edit?hl=en_US Minutes from Workshop]'''
+
 
+
 
+
==== Industry Outreach Sessions ====
+
 
+
{{:AppSecEU2011/Industry_Outreach}}
+
 
+
==== Sponsorship Options ====
+
 
+
OWASP is providing sponsors exclusive access to its audience in Trinity College Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers.Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.
+
 
+
The conference is expected to draw over 400 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.
+
 
+
Sponsorship opportunities are filling up rapidly. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit), driving funding for research grants, tools and documents, local chapters, and more.
+
 
+
All sponsorship opportunities feature significant discounts to OWASP members, allowing you year-round access the web application security’s top thinkers as well as use of OWASP materials in product and service delivery.
+
 
+
To find out more about the different sponsorship opportunities please check the document below:
+
 
+
http://www.appseceu.org/wp-content/uploads/2011/03/AppSecEU_Sponsorship_Packages.pdf
+
 
+
==== SoccerCon EU ====
+
 
+
We are organizing a Futbol (Soccer) friendly in Ireland for AppSec EU.  For those that partook in the friendly in Portugal, the event was a big success
+
despite the fact we played at 8am, inebriated, with a semi-deflated ball, on a slick concrete court - all of such conditions which allow me to continue my personal denial for the loss we experienced against the Portuguese/ Brazilian Chapter leads.  All that aside, I would like to know if there are
+
any members interest to relive this in much better fashion while in Dublin.
+
 
+
Date: 10th June at 7:00PM - Trinity College Sports Centre
+
 
+
Proud Soccer Field Sponsor:
+
 
+
[[File:Trustwave.png]]
+
 
+
Bring your shorts and show us your Messi skills. ;-)
+
 
+
If you plan to attend, please fill in your name below:
+
  
* Tony UcedaVelez
+
=  Team  =
* Tom Brennan
+
* Fabio Cerullo
+
* Dan Cornell
+
* Frederick Donovan
+
* ...
+
  
Contact [mailto:tonyuv@owasp.org Tony] for more details.
+
===AppSec Ireland Conference Team===
  
 +
*Eoin Keary (eoin.keary at owasp.org)<br>
 +
*Fabio Cerullo (fcerullo at owasp.org)<br>
 +
*Fiona Walsh (fiona.walsh at owasp.org)<br>
 +
*Marian Ventuneac (marian.ventuneac at owasp.org)<br>
 +
*Kate Hartmann (kate.hartmann at owasp.org)<br>
 +
*Sarah Baso (sarah.baso at owasp.org)<br>
 +
*Ana Loza (ana.loza at owasp.org)<br>
 +
*Owen Pendlebury (owen.pendlebury at owasp.org)<br>
 +
*Niall Jordan (niall.jordan at owasp.org)<br>
 +
*Federico Feraboli (federico.feraboli at owasp.org)<br>
 +
*Adrian Hermoso (adrian.hermoso at owasp.org)<br>
 +
*Claire Woll (claire.woll at owasp.org)<br>
 +
*Michelle Fagan (michelle.fagan at owasp.org)<br>
  
 
  <headertabs />
 
  <headertabs />
 
[[Category:OWASP AppSec Conference]]
 
[[Category:OWASP AppSec Conference]]

Latest revision as of 10:25, 6 August 2012

AppSecBanner.png


Follow us on:
AppSec Ireland Website Twitter.png Facebook.png Linkedin.png


[edit]

The OWASP AppSec Ireland Conference will be held at Trinity College Dublin (map) from September 4th through 6th 2012. There will be training courses on September 4th and 5th followed by plenary sessions on the 6th. This conference, in its 4th consecutive year, is a premier gathering for Information Security leaders, executives from Fortune 500 firms along with technical thought leaders, security architects and lead developers to share cutting-edge ideas, initiatives and technology advancements. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 300 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

If you have any questions, please send an email to ireland at owasp.org


Who Should Attend AppSec Ireland 2012:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security


How to get to AppSec Ireland?

The OWASP AppSec Ireland Conference takes place in the Hamilton Building in the grounds of Trinity College, Dublin 2.



                                                                                                                              AppSec Ireland Website

Use the #appsecireland hashtag for your tweets for AppSec Ireland 2012 (What are hashtags?)

@Appsecireland Twitter Feed (follow us on Twitter!)

OWASP is currently soliciting training & presentation proposals for the OWASP AppSec Ireland 2012 Conference which will take place at Trinity College Dublin in Ireland, on September 4th through September 6th 2012. There will be training courses on September 4th & 5th followed by plenary sessions on September 6th.

Topics

In accordance with the broader OWASP mission stemming from the 2011 OWASP Global Summit, AppSec Ireland is working to reflect the move of OWASP towards embracing all facets of Application Security, and not restricting it's content to strictly to the realm of web applications. Therefore we invite all practitioners of application security and those who work with or interact with all facets of application security to submit papers and training proposals to the conference.

Call for Papers

The AppSec Ireland 2012 Conference Committee is seeking presentations in the following subject areas:

  • OWASP Projects
  • Research in Application Security Defense (Defense & Countermeasures)
  • Research in Application Security Offense (Vulnerabilities & Exploits)
  • Web Application Security
  • Critical Infrastructure Security
  • Mobile Security
  • Government Initiatives & Government Case Studies
  • Effective Case studies in Policy, Governance, Architecture or Life Cycle
  • and other application security topics

Call for Training

The AppSec Ireland 2012 Conference Committee is seeking trainings in the following subject areas:

- Security in Web 2.0, Web Services/XML - Advanced penetration testing - Static analysis for security - Threat modeling of applications - Secure coding practices - Security in J2EE/.NET patterns and frameworks - Application security with ESAPI - OWASP tools in practice

We will look favorably on laboratory-based/hands-on training.

Submission deadline and instructions

Submit papers/training proposals to http://cfp.appsecireland.org. Submission deadline is Wednesday June 6th 2012. Inquires can be made to ireland at owasp.org.

To submit a paper, you will have to sign up for an EasyChair account at https://www.easychair.org/account/signup.cgi.

Please specify in the form whether you are submitting a Training or a Presentation proposal. Eg. Title: "Training - Introduction to Web Application Security"

Special Note only for Training Proposals

To submit your training proposal please fill out the OWASP CFT Proposal document located below and attach it while filling out the online form. Upon acceptance you’ll be requested to fill out the Training Instructor Agreement where you’ll find details on revenue split etc.

http://www.appsecireland.org/wp-content/uploads/2012/05/OWASP_CFT_Proposal.doc

OWASP AppSec Ireland 2012 Secure Coding Competition

What’s this about?

OWASP AppSec Ireland 2012 will host a secure coding competition to give you and your friends the chance to test your secure coding skills and challenge other secure coders for the title of AppSec Ireland 2012 Secure Coding Competition (SCC) Champions. The competition is open to everybody and is designed to promote awareness of the benefits of designing and developing secure applications – a skill that all aspiring and accomplished software developers should aim to possess.

Tell me more...

You and your friends will form a team of between 2 and 4 people to design and develop the most secure Java or .NET application based on a web application requirement specification that will be handed out on the morning of the first day of the competition. The onus will be on developing a functioning and usable web application without sacrificing on security. Teams will be scored on functionality, usability, reliability and security.

If you'd like to take part in the competition but don't have a team to join, you can email one of the organising team and let us know. We will keep a list of people wanting to join a team and we can put you in touch with each other, after which the team can register.

How will it be judged?

Teams and their finished applications will scored on a number of areas:

  • Short discussion with the esteemed judging panel on design approach and consideration for OWASP Top 10 web application vulnerabilities
  • Demonstration of working functionality as per requirements
  • Automated secure code review using a leading commercial static source code analysis tool
  • Automated vulnerability scanning of application using a leading commercial application vulnerability scanner

Scoring will be designed to promote both a secure approach to, and implementation of, web applications. We want you to demonstrate that there does not need to be a trade-off between functionality and security.

When is it on?

The competition will be ran over the two training days of the conference on the 4th and 5th of September, with the results and prizes awarded on the day of the presentations, the 6th of September. Teams will need to be around the conference for short presentations to the judges on the 6th as well.

What do we need to bring with us?

You are allowed to bring any equipment you want and you can set up a local area network between your team if desired. In order to reflect the realities of the modern constantly connected world, Internet access will be allowed and will be provided. However, abuse of this privilege, such as attempts to plagiarize other applications, could lead to disqualification. Teams will be responsible for providing their own software (SDK, web server and database) and software licenses.

What can I win?

The winning team first and foremost will be showered with the adulation and adoration of the OWASP community. In addition, the winning team will receive a cash prize and goody bags, the inaugural trophy and be crowned OWASP AppSec Ireland 2012 SCC Champions! There will be runner-up prizes and goody bags for second and third place.

Who can enter?

The competition is open to everyone from academic, students, open-source and industry backgrounds. A registration fee of €100 per team is required in order to prevent teams signing up and then not showing up on the day. In some cases this registration fee may be waived - please contact the organising team for applicability. Due to the time and resources required to run this type of event places will be limited to 8 teams in total so registering early is vital if you want to reserve your place.

OK I'm interested. Where can I sign up?

Registration is now open here: http://reg.appsecireland.org (redirects to cevent.com). Just follow the usual registration process and select the "Secure Coding Competition" option and the give the details of your team. Make sure to read the longer list of rules in the fine print section below.

Who can I contact about this?

Please contact Niall Jordan ( niall.jordan at owasp dot org), Marian Ventuneac (marian.ventuneac at owasp dot org) or Eoin Keary (eoin.keary at owasp dot org) for any questions relating to the competition

So what's the sneaky fine print?

Here is fine print that we think you should know about before registering (it's not really sneaky):

  • As stated already, you are responsible for providing your own software, hardware and licenses. As well as obviously requiring a SDK and a web application server, teams will also need to have some form of database software for the web application to interface with.
  • A detailed requirements specification for the application will be provided to the teams on the first morning - Tuesday the 4th.
  • A room will setup at the conference for the teams which will be open between 9am and 6:00pm. Participants will be allowed to take their equipment home at the end of the day as expecting people to do without their laptop during the evening is not realistic, along with the other concerns such as security and insurance.
  • Internet access is allowed. Obvious signs of plagiarism will lead to disqualification so please only use it for reference and help. We will endeavour to provide wi-fi access to all teams but prudence would suggest bringing your own 3G access if possible.
  • Teams are expected to produce the following deliverables to the judges by 6pm on Wednesday the 5th:
    • Buildable/compilable source code for manual and automated static code analysis
    • Working web application that is accessible to a browser and application vulnerability assessment tool. Networking equipment to create a LAN for judging purposes will be provided so teams just have to make sure it the application is externally accessible
  • We don't wish to endorse one browser over another, but in the interests of uniformity we will be viewing all applications with Internet Explorer. We suggest you optimize the application to work on Internet Explorer 8 or later.
  • As part of the judging process, teams will be expected to present and demonstrate their completed application to the judging panel, and answer any questions they may have. This will contribute a certain amount to your score. These presentation will take place on the morning of Thursday the 6th and should take no longer than 30 minutes for each team.
  • In all cases the judging panel's decision will be final.
  • The organising committee reserves the right to make changes to any of the rules and regulations without prior notice.
  • The organising committee reserves the right to defer or cancel the competition due to Acts of God, health advisories by relevant Government authorities, or circumstances beyond our control.
  • All submitted code must be original and not infringe any copyrights or any third party intellectual property rights. The applicants agree to indemnify the organising committee and supporting organisations against any disputes, liabilities or damages howsoever arising.
  • Collaboration, copying/sharing across teams is disallowed. We don't mean to discourage sharing, but we need to be fair to everyone.
  • Any infringement of the rules and regulations by any team members may result in the disqualification of the whole team.
  • No substitution of team members is allowed once the competition starts.
  • All team members must be present throughout the competition.
  • Collaboration, copying/sharing across teams is disallowed.

OWASP is providing sponsors exclusive access to its audience in Trinity College Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers.Attendees will be pushed through the Expo floor for breakfast, lunch and coffee breaks giving them direct access to sponsors’ booths and technology.

The conference is expected to draw over 300 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.

Sponsorship opportunities are filling up rapidly. All proceeds from sponsorship support the conference and the mission of the OWASP Foundation (501c3 Not-For-Profit), driving funding for research grants, tools and documents, local chapters, and more.

All sponsorship opportunities feature significant discounts to OWASP members, allowing you year-round access the web application security’s top thinkers as well as use of OWASP materials in product and service delivery.

To find out more about the different sponsorship opportunities please check the document below:

https://www.owasp.org/images/9/93/Ireland_OWASP_sponsorship_2012.pdf


Registration is NOW open!

RegisterNow.jpg


Registration Fees

Ticket Type Before 4th July After 4th July
Non-Member €140 €165
Active OWASP Member €100 €125
Student €75 €100
Course Fee
1 Day Training €495
2 Day Training €990

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

* We need some kind of proof of your full-time student status. Either ask your local OWASP chapter leader to vouch for you by email to Kate.Hartmann@owasp.org, or email Kate a scanned image of your student ID (please compress the file size :).

The Morgan Hotel:

Stay in one of the best luxury hotels in Dublin, The Morgan, Design hotel is located in Temple Bar. This 4 star Hotel Dublin offers an oasis of calm in a central location. The hotel’s cool modern interiors, chic design and boutique luxury hotel rooms are all part of an experience designed to pamper guests and breathe new life and style into hotel living.

This city centre Dublin hotel is just a few blocks away from Trinity College, Grafton Street, the main shopping thoroughfare, theatres, shopping, music and nightlife along with proximity to the IFSC, Dublin’s main business district. There is no other 4 star hotel Dublin quite like it!

Stay in the heart of the conference action at a hotel specially discounted for its attendees.

Rooms can be booked by emailing reservations@themorgan.com and quoting OWASP.

The contact in reservations is Bernadette Doyle and you could contact her for special requests at the following number: +353 1 643 7000

Special Rates: €130 Bed & Full Irish Breakfast – Single Occupancy €140 Bed & Full Irish Breakfast – Double Occupancy

The Morgan Hotel 10 Fleet st, Temple Bar, Dublin 2 Phone: +353 1 6437000 Fax: +353 1 6437060 http://www.themorgan.ie

Trinity College:

Accommodation is also available on the historic campus at Trinity College Dublin, located right in the centre of the city. The bedrooms, many of which have been recently renovated, are excellent value with prices ranging from Euro 55.00 to Euro 100.00 per night. Rooms are serviced daily and continental breakfast is included in room rates.

For more information visite: https://accommodation.tcd.ie/kxHotel/

Following the success of last year, we are going to host this adrenaline fueled event again!

Kylemore Karting, Ireland’s largest indoor Karting arena, has a choice of three 360 mtr tracks with flyovers, underpasses, hills and banked corners waiting for you.

Race for best time – Race for best crash – Race for fun


This is your chance to sit down, strap in and race for the finish line to “Rev Up” for AppSec Ireland 2012.

The doors open Wednesday 5th September at 7:30pm and there will be transportation available from Dublin city centre.

More info could be found here:

Kylemore Karting Unit 1A, Kylemore Industrial Estate, Killeen Road, Kylemore, Dublin 10 http://www.kylemore-karting.com

REGISTRATION IS NOT OPEN YET. Please visit URL below to register:

http://tbd

Countdown Challenges -- Free Tickets to Win!

You could check all challenges here: TBD

AppSec Ireland Conference Team

  • Eoin Keary (eoin.keary at owasp.org)
  • Fabio Cerullo (fcerullo at owasp.org)
  • Fiona Walsh (fiona.walsh at owasp.org)
  • Marian Ventuneac (marian.ventuneac at owasp.org)
  • Kate Hartmann (kate.hartmann at owasp.org)
  • Sarah Baso (sarah.baso at owasp.org)
  • Ana Loza (ana.loza at owasp.org)
  • Owen Pendlebury (owen.pendlebury at owasp.org)
  • Niall Jordan (niall.jordan at owasp.org)
  • Federico Feraboli (federico.feraboli at owasp.org)
  • Adrian Hermoso (adrian.hermoso at owasp.org)
  • Claire Woll (claire.woll at owasp.org)
  • Michelle Fagan (michelle.fagan at owasp.org)