Difference between revisions of "AppSecResearch2012"

From OWASP
Jump to: navigation, search
Line 306: Line 306:
 
|}
 
|}
  
 +
 +
 +
{| border="0" align="center" style="width: 80%;"
 +
|-
 +
| align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | '''Conference Day 2 – Friday, July 13th, 2012''
 +
R = Research paper  D = Demo  P = Presentation
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
 +
| style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" align="center" | Builders
 +
| style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" align="center" | Defenders
 +
| style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="center" | Brakers
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:45-09:30
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration/Coffee
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:30-10:00
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" |
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00-10:45
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote:
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:45-11:00
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Brake
 +
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:00-11:40
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" |
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" |
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" |
 +
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:40-11:50
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |Brake
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:50-12:30
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" |
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" |
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" |
 +
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:30-12:40
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |Brake
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:40-13:25
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote:
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:25-14:25
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch Brake
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:25-15:10
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" | Keynote:
 +
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:10-15:20
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Break
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:20-16:00
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" |
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" |
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" |
 +
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00-16:15
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Brake
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:15-16:55
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(188, 133, 122);" |
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(161, 161, 161);" |
 +
 +
| align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(153, 255, 153);" |
 +
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:55-17:45
 +
| align="center" colspan="3" style="width: 80%; background: none repeat scroll 0% 0% rgb(252, 252, 150);" |
 +
 +
 +
|-
 +
| style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 20:00
 +
| align="center" colspan="3" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" |
 +
|}
  
  

Revision as of 12:22, 21 July 2012


AppsecResearch2012Banner.jpg

[edit]

We are happy to announce that the OWASP Greek Chapter will be hosting the AppSec Research 2012 in Athens Greece

This conference is practically the OWASP AppSec Europe. Every two years we add “Research” in order to highlight that we invite both industry and academia to participate, share thoughts, knowledge and insight on application security.

OWASP AppSec Research is the European conference for anyone interested in application security

This year it will be hosted by the Department of Informatics and Telecommunications of the University of Athens, Greece and will take place between July 10-13th.

The first OWASP AppSec Research conference was held in Stockholm in 2010.


AppSec Research Conference Website



@appseceu Twitter Feed (follow us on Twitter!)


The conference is expected to draw over 400 international attendees; all with budgets dedicated to web application security initiatives. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.


Sponsorship Information can be downloaded here also you can find it online here


Sponsors

Platinum



Imperva 250x34.jpg

Gold



AppSec Research 2010 sponsor F5 logo.jpg

Silver



TrustwaveSpiderLabs.png

AppSecDC2012-Cigital.jpg

Syntax small.png

Other Sponsors



Watson.png

Gotham Logo.gif

BCC LOGO.jpg

Census.png

Communications Partner



Effect.png

Supporters



Isaca .jpg AppSecDC2012-ISC2.png

Eellak.png Emipee.jpg

Etee.jpg Linuxinside-logo.png



As part of AppSec Research 2012, on Wednesday, July 11 at 1:30PM-5:00PM, the Global Chapter Committee is organizing a chapter leader workshop for all the chapter leaders that attend the conference. Please note that this Workshop will take place on the day before the Conference starts.


Agenda

We plan to start with a 1.5 hour session run by experienced leaders (panel) on how to run a successful chapter. The second part of the workshop will be a roundtable discussion on regional issues and challenges, with a goal of working together to create solutions.


Are there other topics you would like to discuss? Please add them below:

  • Best practices of Chapter organization
  • How long should a leader lead a chapter?
  • Means of chapter fundraising and participation

Funding to Attend Workshop

If you need financial assistance to attend the Chapter Leader Workshop at AppSec Research, please submit a request to Josh Sokol and Sarah Baso by May 15, 2012.


Funding for your attendance to the workshop should be worked out in the following order.

  1. Ask your employer to fund your trip to AppSec Research in Athens, Greece.
  2. Utilize your chapter funds.
  3. Ask the chapter committee for funding assistance.


While we wish we could fund every chapter leader, due to the limited amount of budget allocated for this event, we may not be able to fund 100% to all the requests. Priority of sponsorships will be given to those not covered by a sponsorship to attend a workshop in 2011. Additionally, we are looking for new or struggling chapter leaders who need assistance kick starting their chapter.

After May 15, the Global Chapters Committee will make funding decision in a fair and transparent manner. When you apply for funding, please let us know why we should sponsor you. While we prefer that chapter leaders use their own chapter's funds before requesting a sponsorship, this is not a requirement for application. If your chapter has fund but will not be using them to sponsor your attendance, please include why you will not be using the funds for this purpose (i.e. what are the other plans for those funds?).


Participants

If you plan to attend, please fill in your name and chapter below:

  • Sarah Baso (OWASP Operational Support)
  • Tobias Glemser (OWASP German Chapter Leader)
  • Abbas Naderi Afooshteh (OWASP Iran Chapter Leader)
  • Ofer Shezaf (Founder and board member, Israeli chapter)
  • Seba Deleersnyder (OWASP Belgium Chapter founder and leader)
  • ...

Remote Participation

Join the Webinar Remotely

2011 Chapter Leader Workshops


Questions?

Contact us:
Josh Sokol, Chapters Committee Chair
Sarah Baso, OWASP Operational Support - Conference Logistics & Community Relations


The Call For Papers Is Now Closed!!!

Download Call for Papers in PDF format

OWASP AppSec Research 2012 July 10-13th, Athens, Greece

Aims and Scope The objective of OWASP AppSec Research 2012 is to discuss and demonstrate the importance of security risks, threats, and countermeasures in software applications. The majority of recent high-profile security breaches are mainly attributed to application-level vulnerabilities. Additionally, recent surveys indicate that government applications demonstrate increased vulnerabilities and at the same time elevated risk, as they store and process critical information such as PII, health information, national security data and furthermore operate critical systems. Traditionally, the focus of the security community has been mainly placed on the network perimeter, ignoring, to a large extent, the increased risk of insecure software. In addition, the proliferation of the use of web-based applications and services from traditional desktop-based browsers to mobile devices, or even the “cloud” has only increased the potential surface of attack and overall complexity. As a result, the challenges in the field of application security have only increased for those that build, test or defend software applications. OWASP AppSec Research focuses on new threats and vulnerabilities but also novel methodologies for testing and defending applications.

List of Topics We welcome the submission of both presentation proposals and research papers from the full spectrum of application security.

  • Application security
  • Security aspects of new/emerging web technologies/paradigms (mashups, web 2.0, offline support, etc)
  • Security in web services, XML, REST, and service oriented architectures
  • Security in cloud-based services
  • Security of development frameworks (Struts, Spring, ASP.Net MVC etc)
  • New security features in platforms or languages
  • Next-generation browser security
  • Security for the mobile web
  • Secure application development (methods, processes etc) and secure coding practices
  • Business risks of Application Security
  • Starting and Managing Secure Development Lifecycle Programs.
  • Privacy Concerns regarding applications and Data Storage
  • Threat modeling of applications
  • Vulnerability analysis and application security testing (code review, pentest, static analysis etc)
  • Countermeasures for application vulnerabilities
  • Metrics for application security
  • Application security awareness and education
  • Securing e-government applications and services
  • Government Initiatives & Case Studies
  • OWASP Tools and Projects
  • Anything else relating to OWASP and Application Security.

Important Dates Submission of papers by: April 15th, 2012 Notification of acceptance: May 18th, 2012 Camera-ready version of papers: June 3rd, 2012 Conference Dates July 12-13, 2012

Submissions

All papers and presentation/demo proposals should be submitted through:

http://www.easychair.org/conferences/?conf=appseceu2012

We accept the following types of submissions:

Presentation/Demo Proposals A presentation proposal should consist of a 2 page extended abstract representing the essential matter proposed by the speaker(s). Presentation slides and video takes will be posted on the OWASP wiki after the conference. A demo proposal should consist of a 1 page abstract summarizing the matter proposed by the speaker(s) and 1 page containing demo screenshot(s). Demos will have ordinary speaker slots but the speakers are expected to run a demo during the talk (live coding counts as a demo), not just a slideshow. Presentation slides and video takes will be posted on the OWASP wiki after the conference. Research Papers Authors are invited to submit original research papers offering novel contribution, written in English, with a very precise and concise presentation of no more than 12 pages in Springer LNCS style for "Proceedings and Other Multiauthor Volumes". Templates for preparing papers in this style for LaTeX, Word, etc can be downloaded from: http://www.springer.com/computer/lncs?SGWID=0-164-7-72376-0. Full papers must be submitted in a form suitable for anonymous review: remove author names and affiliations from the title page, and avoid explicit self-referencing in the text. Submission implies the willingness of at least one of the authors to register and present the paper. All papers will be anonymously reviewed by at least two members of the program committee. Full papers, presentation slides and video takes will be posted on the OWASP wiki after the conference.

Extended versions of the best research papers on the topic of “Security for E-Government Applications and Services” will be selected for publication on the Special Issue on “Security and Privacy of E-Government Applications and Services” of the International Journal of E-Government.

OWASP AppSec Research 2012 Co-Chairs Konstantinos Papapanagiotou, OWASP, Greece (Konstantinos@owasp.org) Vasileios Vlachos, TEI of Larissa, Greece (vsvlachos@gmail.com)

OWASP AppSec Research 2012 Program Committee Yiorgos Adamopoulos, TEE, Greece Andreas Fuchsberger, Royal Holloway, UK Panagiotis Georgiadis, University of Athens, Greece Giles Hogben, ENISA, EU Christos Ilioudis, TEI of Thessaliniki, Greece Vassilis Katos, Democritus University of Thrace, Greece Emmanouel Kellinis, UK Angelos Keromytis, Columbia University, USA Athanasios Kostopoulos, independent researcher, Greece Harry Manifavas, TEI of Crete, Greece Dimitris Mitropoulos, Athens University of Economics and Business, Greece Alex Papanikolaou, TEI of Larissa, Greece Carlos Serrao, ISCTE, Portugal Stelios Tigkas, FortConsult, Denmark Costas Vassilakis, University of Peloponnese, Greece John Wilander, OWASP, Sweden


For information on presentations please visit our site


Conference Day 1 – Thursday, July 12th, 2012

R = Research paper D = Demo P = Presentation


Builders Defenders Brakers
08:45-09:30 Registration/Coffee
09:30-10:00 Welcome
OWASP Foundation, Where we are… Where we are Going
OWASP Board
10:00-10:45 Keynote: Software Security Goes Mobile
Jacob West, CTO, Fortify Products, HP
10:45-11:00 Coffee Brake
11:00-11:40 (P) Teaching an Old Dog New Tricks Securing Development with PMD

Justin Clarke
(Gotham Digital Science)

OWASP Top Ten Defensive Techniques

Jim Manico
(Whitehat)

(P) Screw You and the Script You Rode in On

David Byrne and Charles Henderson
(Trustwave)

11:40-11:50 Brake
11:50-12:30 Unraveling some of the Mysteries around DOMbased XSS

Dave Wichers
(Aspect Security)

(P) Breaking is easy, preventing is hard

Matias Madou
(HP)

What Permissions Does Your Database User REALLY Need?

Dan Cornell
(Denim Group)

12:30-12:40 Brake
12:40-13:25 Keynote: From EasySQL to CPUs

Duncan Harris, Director of Security Assurance, Oracle

13:25-14:25 Lunch Brake
14:25-15:10 Keynote: Finding Malware on a Web Scale

Ben Livshits, Researcher, Microsoft Research

15:10-15:20 Break
15:20-16:00 (P) Tricolour Alphanumerical Spaghetti

Colin Watson
(Watson Hall)

CISO’s Guide to Securing SharePoint

Tsvika Klein
(Imperva)

(P) I>S+D! – Integrated Application Security Testing (IAST), Beyond SAST/DAST

Ofer Maor
(Seeker Security)

16:00-16:15 Coffee Brake
16:15-16:55 (R) CSP AiDer: An Automated Recommendation of Content Security Policy for Web Applications

Ashar Javed
(Ruhr University Bochum)

Things Your Smartphone Does When Nobody’s Looking

Chris Eng
(Veracode)

(P) Achieving Sustainable Delivery of Web Application Security Virtual Laboratory Resources for Distance Learning

Adrian Winckles and Ibrahim Jeries
(Anglia Ruskin University)


16:55-17:45 Panel - PCI Security Standards and Application Security

Jeremy King (PCI Council)

20:00 Cocktail


'Conference Day 2 – Friday, July 13th, 2012

R = Research paper D = Demo P = Presentation


Builders Defenders Brakers
08:45-09:30 Registration/Coffee
09:30-10:00
10:00-10:45 Keynote:
10:45-11:00 Coffee Brake


11:00-11:40


11:40-11:50 Brake
11:50-12:30


12:30-12:40 Brake
12:40-13:25 Keynote:
13:25-14:25 Lunch Brake
14:25-15:10 Keynote:


15:10-15:20 Break
15:20-16:00


16:00-16:15 Coffee Brake
16:15-16:55


16:55-17:45


20:00


The conference will take place at the Department of Informatics and Telecommunications, University of Athens, Greece.

The Department of Informatics and Telecommunications is located in the University of Athens main campus, just a 15' walk from the Evangelismos metro station.

Travel Information is available online plus our suggestions


Greekchapterlogo.gif

Organizing Committee

  • Konstantinos Papapanagiotou (General Chair)
  • Panagiotis Georgiads (co-host)
  • Vasileios Vlachos (Vice-Chair)
  • Spyros Gasteratos
  • Stathis Mavrovouniotis
  • Emmanuel Kellinis
  • Stelios Tigkas

CFP Program Committee

  • Yiorgos Adamopoulos, TEE, Greece
  • Andreas Fuschberger, Royal Holloway, UK
  • Giles Hogben, ENISA, EU
  • Christos Ilioudis, TEI of Thessaliniki, Greece
  • Vassilis Katos, Democritus University of Thrace, Greece
  • Emmanouel Kellinis, UK
  • Angelos Keromytis, Columbia University, USA
  • Athanasios Kostopoulos, independent researcher
  • Harry Manifavas, TEI of Crete, Greece
  • Dimitris Mitropoulos, Athens University of Economics and Business, Greece
  • Alex Papanikolaou, TEI of Larissa, Greece
  • Carlos Serrao, ISCTE, Portugal
  • Stelios Tigkas, FortConsult, Denmark
  • Costas Vassilakis, University of Peloponnese, Greece
  • Vasileios Vlachos, TEI of Larissa, Greece
  • John Wilander, OWASP, Sweden



Contributions

The AppSec Research Conference Website's artwork was made by Mis Thaleia V. Mis Marianna Preen is the person who designed the icons

TimeTable

You Can download theMedia:Appsecschedule2012grfinal.pdf or view it online on our site here: [1]

There will be a number of socializing opportunities: Cocktail Party at the main auditorium of the university and the OWASP band performance you can find more: http://www.appsecresearch.org/social-events/