Difference between revisions of "AppSec Brasil 2010"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
__NOTOC__
+
<p>__NOTOC__  
 
+
</p><p><img src="/images/8/88/LogoAppSecBrazil.002.jpg" _fck_mw_filename="LogoAppSecBrazil.002.jpg" alt="" />
[[File:LogoAppSecBrazil.002.jpg]]
+
</p><p><b>Para a versão em português, veja em <a _fcknotitle="true" href="AppSec Brasil 2010 (pt-br)">AppSec Brasil 2010 (pt-br)</a></b>
 
+
</p>
'''Para a versão em português, veja em [[AppSec Brasil 2010 (pt-br)]]'''
+
<h1> OWASP AppSec Brasil 2010  </h1>
 
+
<p>The Second Edition of OWASP's flagship conference in South America will happen in Campinas, SP, Brazil. The Conference consists of two days of training sessions, followed by a two-day conference on a single track.  
= OWASP AppSec Brasil 2010  =
+
</p>
 
 
The Second Edition of OWASP's flagship conference in South America will happen in Campinas, SP, Brazil. The Conference consists of two days of training sessions, followed by a two-day conference on a single track.  
 
 
 
 
<center>
 
<center>
[[File:AppSec_Brasil_2010_Campinas.jpg|500px]]
+
<p><img src="/images/thumb/4/4b/AppSec_Brasil_2010_Campinas.jpg/500px-AppSec_Brasil_2010_Campinas.jpg" _fck_mw_filename="AppSec Brasil 2010 Campinas.jpg" _fck_mw_width="500" alt="" />
</center>
+
</p>
 
+
</center>  
== Conference Dates  ==
+
<h2> Conference Dates  </h2>
 
+
<p>The conference will happen from <b>November 16th, 2010 to November 19th, 2010</b>. The first two days will be tutorial days (see below). Plenary sessions will be held on November 18th and 19th.  
The conference will happen from '''November 16th, 2010 to November 19th, 2010'''. The first two days will be tutorial days (see below). Plenary sessions will be held on November 18th and 19th.  
+
</p><p><br />
 
+
</p>
<br>  
+
<h4> About </h4>
====About====
+
<h2> About the conference </h2>
 
+
<p>Following the success of the first AppSec Brasil, held in Brasilia in 2009, the OWASP Brazilian Chapter is organizing its second edition in 2010. AppSec Brasil 2010 will happen in the city of Campinas, located 90 km from São Paulo.  
==About the conference==
+
</p><p>Campinas is the 3rd biggest city in the State of São Paulo and is an important economic center and hosts major universities and research centers. It is known to concentrate several high tech industries, including important multi-national companies in the fields of electronics, telecom and chemicals.  
Following the success of the first AppSec Brasil, held in Brasilia in 2009, the OWASP Brazilian Chapter is organizing its second edition in 2010. AppSec Brasil 2010 will happen in the city of Campinas, located 90 km from São Paulo.
+
</p><p>This year, we expect to gather a number of Brazilian and Latin American practitioners and researchers to share state-of-the-art information about application security.  
 
+
</p>
Campinas is the 3rd biggest city in the State of São Paulo and is an important economic center and hosts major universities and research centers. It is known to concentrate several high tech industries, including important multi-national companies in the fields of electronics, telecom and chemicals.
+
<h4> Calls </h4>
 
+
<p>The call for presentations will be released soon.  
This year, we expect to gather a number of Brazilian and Latin American practitioners and researchers to share state-of-the-art information about application security.
+
</p>
 
+
<h2> Call for training providers </h2>
====Calls====
+
<pre>**OWASP APPSEC BRASIL 2010**
 
 
The call for presentations will be released soon.
 
 
 
==Call for training providers==
 
 
 
<pre>
 
**OWASP APPSEC BRASIL 2010**
 
 
**CALL FOR TRAINING SESSIONS**
 
**CALL FOR TRAINING SESSIONS**
  
Line 119: Line 109:
 
in the proposal form will not be considered ************
 
in the proposal form will not be considered ************
  
</pre>
+
</pre>
 +
<h4> Sponsorship  </h4>
 +
<p>We are currently soliciting sponsors for the AppSec Brasil 2010 Conference. Detailed <a href="OWASP_AppSec_Brasil_2010_Sponsorship_Opportunities.pdf" class="internal"  _fck_mw_filename="OWASP_AppSec_Brasil_2010_Sponsorship_Opportunities.pdf" _fck_mw_type="media" title="OWASP AppSec Brasil 2010 Sponsorship Opportunities.pdf">sponsorship oportunities</a> are now available.
 +
</p><p>If you are interested in sponsoring AppSec Brasil 2010, please contact the Conference Organization Team (organizacao2010@appsecbrasil.org).
 +
</p>
 +
<h2> Sponsors  </h2>
 +
<table cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0% transparent; -moz-background-inline-policy: continuous; color: white;">
  
==== Sponsorship ====
+
<tr>
 
+
<td>
We are currently soliciting sponsors for the AppSec Brasil 2010 Conference. Detailed [[Media:OWASP_AppSec_Brasil_2010_Sponsorship_Opportunities.pdf | sponsorship oportunities]] are now available.
+
<h2> Platinum Sponsors </h2>
 
+
</td><td> <img src="/images/thumb/f/f7/AppSec_Brasil_2010_CPQD.jpg/200px-AppSec_Brasil_2010_CPQD.jpg" _fck_mw_filename="AppSec Brasil 2010 CPQD.jpg" _fck_mw_width="200" alt="" />
If you are interested in sponsoring AppSec Brasil 2010, please contact the Conference Organization Team (organizacao2010@appsecbrasil.org).
+
</td></tr>
 
+
<tr>
== Sponsors ==
+
<td> &nbsp;
 
+
</td></tr>
{| cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0% transparent; -moz-background-inline-policy: continuous; color: white;"
+
<tr>
|-
+
<td>
|
+
<h2> Gold Sponsors </h2>
== Platinum Sponsors ==
+
</td><td>
 
+
</td></tr>
| [[Image:AppSec Brasil 2010 CPQD.jpg|200px|link=http://www.cpqd.com.br]]
+
<tr>
|-
+
<td> &nbsp;
| &nbsp;
+
</td></tr>
|-
+
<tr>
|
+
<td>
== Gold Sponsors ==
+
<h2> Silver Sponsors </h2>
 
+
</td><td>
|
+
</td></tr>
|-
+
<tr>
| &nbsp;
+
<td>
|-
+
</td></tr>
|
+
<tr>
== Silver Sponsors ==
+
<td>
 
+
</td></tr>
|
+
<tr>
|-
+
<td>
|
+
</td></tr>
|-
+
<tr>
|
+
<td> &nbsp;
|-
+
</td></tr>
|
+
<tr>
|-
+
<td> &nbsp;
| &nbsp;
+
</td></tr>
|-
+
<tr>
| &nbsp;
+
<td> &nbsp;
|-
+
</td></tr>
| &nbsp;
+
<tr>
|-
+
<td>
|
+
<h3> Organizational Sponsors </h3>
=== Organizational Sponsors ===
+
</td></tr>
 
+
<tr>
|-
+
<td> &nbsp;
| &nbsp;
+
</td></tr>
|-
+
<tr>
|
+
<td>
=== Reception Sponsors ===
+
<h3> Reception Sponsors </h3>
 
+
</td></tr>
|-
+
<tr>
|
+
<td>
=== Coffee Sponsors ===
+
<h3> Coffee Sponsors </h3>
 
+
</td></tr></table>
|}
+
<h2> Promoted by  </h2>
 
+
<center>
== Promoted by ==
+
<p><img src="/images/a/a6/Appsec_Brasil_2010_InstitutoTuring.png" _fck_mw_filename="Appsec Brasil 2010 InstitutoTuring.png" alt="" />
 +
</p>
 +
</center>
 +
<h4> Keynotes  </h4>
 +
<h2> Bruce Schneier </h2>
 +
<p><a href="http://bt.counterpane.com/index.html">BT</a>
 +
</p><p><i>Title:</i> <b>TBD.</b>
 +
</p><p><i>Bio:</i> Bruce Schneier is an internationally renowned security technologist, referred to by The Economist as a "security guru." He is the author of nine books -- including the best sellers Beyond Fear, Secrets and Lies, and Applied Cryptography – as well as hundreds of articles and essays, and many more academic papers. His influential newsletter "Crypto-Gram," and his blog "Schneier on Security," are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, served on several government technical committees, and is regularly quoted in the press. Schneier is the Chief Security Technology Officer of BT.
 +
</p><p><br />
 +
</p>
 +
<h2> Jeremiah Grossman </h2>
 +
<p><a href="http://www.whitehatsec.com/">WhiteHat Security</a>
 +
</p><p><i>Title:</i> <b>TBD.</b>
 +
</p><p><i>Bio:</i> Jeremiah Grossman, founder and CTO, WhiteHat Security, is a world-renowned Web security expert. A co-founder of the Web Application Security Consortium (WASC), he was named to InfoWorld's Top 25 CTOs in 2007 and is frequently quoted by business and technical media. He has authored dozens of articles and whitepapers, is credited with the discovery of many cutting-edge attack and defensive techniques, and is a co-author of "XSS Attacks: Cross Site Scripting Exploits and Defense." Grossman is also an influential blogger who offers insight and encourages open dialogue regarding Web security research and trends. Prior to WhiteHat, Grossman was an information security officer at Yahoo!
 +
</p><p><br />
 +
</p>
 +
<h4> Agenda  </h4>
 +
<h2> Conference Program - Day 1 - November 18th 2010  </h2>
 
<center>
 
<center>
[[Image:Appsec Brasil 2010 InstitutoTuring.png|link=http://www.institutoturing.org]]
+
<table width="80%" class="t">
</center>
 
==== Keynotes ====
 
  
==Bruce Schneier==
+
<tr>
 
+
<td width="14%" height="17" align="right"> 08:30 - 09:00
[http://bt.counterpane.com/index.html BT]
+
</td><td bgcolor="#8595c2" align="CENTER"> <b>Reception Desk Open</b>
 
+
</td></tr>
''Title:'' '''TBD.'''
+
<tr>
 
+
<td width="14%" height="17" align="right"> 09:00 - 10:20
''Bio:'' Bruce Schneier is an internationally renowned security technologist, referred to by The Economist as a "security guru." He is the author of nine books -- including the best sellers Beyond Fear, Secrets and Lies, and Applied Cryptography – as well as hundreds of articles and essays, and many more academic papers.  His influential newsletter "Crypto-Gram," and his blog "Schneier on Security," are read by over 250,000 people.  He has testified before Congress, is a frequent guest on television and radio, served on several government technical committees, and is regularly quoted in the press.  Schneier is the Chief Security Technology Officer of BT.
+
</td><td bgcolor="#eeeeee" align="CENTER"> <b>Opening Ceremony - About OWASP</b>
 
+
</td></tr>
 
+
<tr>
 
+
<td width="14%" height="17" align="right"> 10:20 - 10:40
==Jeremiah Grossman==
+
</td><td bgcolor="#d98b66" align="CENTER"> <b>Break</b>
 
+
</td></tr>
[http://www.whitehatsec.com/ WhiteHat Security]
+
<tr>
 
+
<td width="14%" height="49" align="right"> 10:40 - 11:40
''Title:'' '''TBD.'''
+
</td><td bgcolor="#b9c2dc" align="CENTER"> <b>Bruce Schneier</b><br /> TBD
 
+
</td></tr>
''Bio:'' Jeremiah Grossman, founder and CTO, WhiteHat Security, is a world-renowned Web security expert. A co-founder of the Web Application Security Consortium (WASC), he was named to InfoWorld's Top 25 CTOs in 2007 and is frequently quoted by business and technical media. He has authored dozens of articles and whitepapers, is credited with the discovery of many cutting-edge attack and defensive techniques, and is a co-author of "XSS Attacks: Cross Site Scripting Exploits and Defense." Grossman is also an influential blogger who offers insight and encourages open dialogue regarding Web security research and trends. Prior to WhiteHat, Grossman was an information security officer at Yahoo!
+
<tr>
 
+
<td width="14%" height="17" align="right"> 11:40 - 12:30
<BR>
+
</td><td bgcolor="#eeeeee" align="CENTER"> <b>TBD<br /></b> TBD
 
+
</td></tr>
==== Agenda  ====
+
<tr>
 
+
<td width="14%" height="17" align="right"> 12:30 - 14:00
==Conference Program - Day 1 - November 18th 2010 ==
+
</td><td bgcolor="#d98b66" align="CENTER"> <b>Lunch Break</b>
 +
</td></tr>
 +
<tr>
 +
<td width="14%" height="47" align="right"> 14:00 - 14:50
 +
</td><td bgcolor="#b9c2dc" align="CENTER"> <b>TBD<br /></b> TBD
 +
</td></tr>
 +
<tr>
 +
<td width="14%" height="32" align="right"> 14:50 - 15:40
 +
</td><td bgcolor="#eeeeee" align="CENTER"> <b>TBD<br /></b> TBD
 +
</td></tr>
 +
<tr>
 +
<td width="14%" height="17" align="right"> 15:40 - 16:00
 +
</td><td bgcolor="#d98b66" align="CENTER"> <b>Break</b>
 +
</td></tr>
 +
<tr>
 +
<td width="14%" height="47" align="right"> 16:00 - 16:50
 +
</td><td bgcolor="#b9c2dc" align="CENTER"> <b>TBD<br /></b> TBD
 +
</td></tr>
 +
<tr>
 +
<td width="14%" height="32" align="right"> 16:50 - 17:40
 +
</td><td bgcolor="#eeeeee" align="CENTER"> <b>TBD<br /></b> TBD
 +
</td></tr>
 +
<tr>
 +
<td width="14%" height="47" align="right"> 17:40 - 18:30
 +
</td><td bgcolor="#b9c2dc" align="CENTER"> <b>TBD <br /></b> TBD
 +
</td></tr>
 +
<tr>
 +
<td width="14%" height="17" align="right"> 18:30 - 18:35
 +
</td><td bgcolor="#cccccc" align="CENTER"> <b>End of the First Day</b>
 +
</td></tr></table>
 +
</center>
 +
<p><br />
 +
</p>
 +
<h2> Conference Program - Day 2 - November 19th 2010 </h2>
 
<center>
 
<center>
{| width="80%" class="t"
+
<table width="80%" class="t">
|-
 
| height="17" width="14%" align="right" | 08:30 - 09:00
 
| bgcolor="#8595c2" align="CENTER" | '''Reception Desk Open'''
 
|-
 
| height="17" width="14%" align="right" | 09:00 - 10:20
 
| bgcolor="#eeeeee" align="CENTER" | '''Opening Ceremony -  About OWASP'''
 
|-
 
| height="17" width="14%" align="right" | 10:20 - 10:40
 
| bgcolor="#d98b66" align="CENTER" | '''Break'''
 
|-
 
| height="49" width="14%" align="right" | 10:40 - 11:40
 
| bgcolor="#b9c2dc" align="CENTER" | '''Bruce Schneier'''<br> TBD
 
|-
 
| height="17" width="14%" align="right" | 11:40 - 12:30
 
| bgcolor="#eeeeee" align="CENTER" | '''TBD<br>''' TBD
 
|-
 
| height="17" width="14%" align="right" | 12:30 - 14:00
 
| bgcolor="#d98b66" align="CENTER" | '''Lunch Break'''
 
|-
 
| height="47" width="14%" align="right" | 14:00 - 14:50
 
| bgcolor="#b9c2dc" align="CENTER" | '''TBD<br>''' TBD
 
|-
 
| height="32" width="14%" align="right" | 14:50 - 15:40
 
| bgcolor="#eeeeee" align="CENTER" | '''TBD<br>''' TBD
 
|-
 
| height="17" width="14%" align="right" | 15:40 - 16:00
 
| bgcolor="#d98b66" align="CENTER" | '''Break'''
 
|-
 
| height="47" width="14%" align="right" | 16:00 - 16:50
 
| bgcolor="#b9c2dc" align="CENTER" | '''TBD<br>''' TBD
 
|-
 
| height="32" width="14%" align="right" | 16:50 - 17:40
 
| bgcolor="#eeeeee" align="CENTER" | '''TBD<br>''' TBD
 
|-
 
| height="47" width="14%" align="right" | 17:40 - 18:30
 
| bgcolor="#b9c2dc" align="CENTER" | '''TBD <br>''' TBD
 
|-
 
| height="17" width="14%" align="right" | 18:30 - 18:35
 
| bgcolor="#cccccc" align="CENTER" | '''End of the First Day'''
 
|}
 
</center>
 
<br>  
 
  
==Conference Program - Day 2 - November 19th 2010==
+
<tr>
<center>
+
<td width="14%" height="17" align="right"> 08:30 - 09:00
{| width="80%" class="t"
+
</td><td bgcolor="#8595c2" align="CENTER"> <b>Reception Desk Open</b>
|-
+
</td></tr>
| height="17" width="14%" align="right" | 08:30 - 09:00  
+
<tr>
| bgcolor="#8595c2" align="CENTER" | '''Reception Desk Open'''
+
<td width="14%" height="32" align="right"> 09:00 - 10:30
|-
+
</td><td bgcolor="#b9c2dc" align="CENTER"> <b>Jeremiah Grossman</b><br /> TBD
| height="32" width="14%" align="right" | 09:00 - 10:30  
+
</td></tr>
| bgcolor="#b9c2dc" align="CENTER" | '''Jeremiah Grossman'''<br> TBD
+
<tr>
|-
+
<td width="14%" height="17" align="right"> 10:30 - 10:50
| height="17" width="14%" align="right" | 10:30 - 10:50  
+
</td><td bgcolor="#d98b66" align="CENTER"> <b>Break</b>
| bgcolor="#d98b66" align="CENTER" | '''Break'''
+
</td></tr>
|-
+
<tr>
| height="47" width="14%" align="right" | 10:30 - 11:40  
+
<td width="14%" height="47" align="right"> 10:30 - 11:40
| bgcolor="#eeeeee" align="CENTER" | '''TBD'''<br> TBD
+
</td><td bgcolor="#eeeeee" align="CENTER"> <b>TBD</b><br /> TBD
|-
+
</td></tr>
| height="32" width="14%" align="right" | 11:40 - 12:30  
+
<tr>
| bgcolor="#b9c2dc" align="CENTER" | '''TBD'''<br> TBD
+
<td width="14%" height="32" align="right"> 11:40 - 12:30
|-
+
</td><td bgcolor="#b9c2dc" align="CENTER"> <b>TBD</b><br /> TBD
| height="17" width="14%" align="right" | 12:30 - 14:00  
+
</td></tr>
| bgcolor="#d98b66" align="CENTER" | '''Lunch Break'''
+
<tr>
|-
+
<td width="14%" height="17" align="right"> 12:30 - 14:00
| height="32" width="14%" align="right" | 14:00 - 15:10  
+
</td><td bgcolor="#d98b66" align="CENTER"> <b>Lunch Break</b>
| bgcolor="#eeeeee" align="CENTER" | '''TBD'''<br> TBD
+
</td></tr>
|-
+
<tr>
| height="32" width="14%" align="right" | 15:10 - 16:00  
+
<td width="14%" height="32" align="right"> 14:00 - 15:10
| bgcolor="#b9c2dc" align="CENTER" | '''TBD'''<br> TBD
+
</td><td bgcolor="#eeeeee" align="CENTER"> <b>TBD</b><br /> TBD
|-
+
</td></tr>
| height="17" width="14%" align="right" | 16:00 - 16:20  
+
<tr>
| bgcolor="#d98b66" align="CENTER" | '''Break'''
+
<td width="14%" height="32" align="right"> 15:10 - 16:00
|-
+
</td><td bgcolor="#b9c2dc" align="CENTER"> <b>TBD</b><br /> TBD
| height="32" width="14%" align="right" | 16:20 - 17:10  
+
</td></tr>
| bgcolor="#eeeeee" align="CENTER" | '''TBD'''<br> TBD
+
<tr>
|-
+
<td width="14%" height="17" align="right"> 16:00 - 16:20
| height="32" width="14%" align="right" | 17:10 - 18:00  
+
</td><td bgcolor="#d98b66" align="CENTER"> <b>Break</b>
| bgcolor="#b9c2dc" align="CENTER" | '''TBD'''<br> TBD
+
</td></tr>
|-
+
<tr>
| height="17" width="14%" align="right" | 18:00 - 18:30  
+
<td width="14%" height="32" align="right"> 16:20 - 17:10
| bgcolor="#cccccc" align="CENTER" | '''End of the Conference'''
+
</td><td bgcolor="#eeeeee" align="CENTER"> <b>TBD</b><br /> TBD
|}
+
</td></tr>
 +
<tr>
 +
<td width="14%" height="32" align="right"> 17:10 - 18:00
 +
</td><td bgcolor="#b9c2dc" align="CENTER"> <b>TBD</b><br /> TBD
 +
</td></tr>
 +
<tr>
 +
<td width="14%" height="17" align="right"> 18:00 - 18:30
 +
</td><td bgcolor="#cccccc" align="CENTER"> <b>End of the Conference</b>
 +
</td></tr></table>
 
</center>  
 
</center>  
<br>
+
<p><br />  
 
+
</p>
====Trainings====
+
<h4> Trainings </h4>
==='''Aspect Security - Secure Coding for J2EE Applications'''===
+
<p><img src="/images/3/3e/Jasonli_appsecBR2010.jpg" _fck_mw_filename="Jasonli appsecBR2010.jpg" alt="align=&quot;left&quot;" />
'''Date and time: TBD'''<br>
+
</p>
'''Instructor: Jason Li'''<br>
+
<h3> <b>Aspect Security - Secure Coding for J2EE Applications</b> </h3>
'''Summary'''<br>
+
<p><b>Date and time: TBD</b><br /> <b>Instructor: Jason Li</b><br /> <b>Summary</b><br /> Training developers on secure coding practices offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Java EE Secure Coding Training raises developer awareness of application security issues and provides examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and is delivered in a very interactive manner. This class includes hands-on exercises where the students get to perform security analysis and testing on a live Java EE web application. This specially designed environment includes deliberate flaws the students have to find, diagnose, and fix. The class also uses Java EE coding exercises to provide students with realistic hands-on secure coding experience. Students gain hands-on experience using freely available web application security test tools to find and diagnose flaws and learn to avoid them in their own code.<br />  
Training developers on secure coding practices offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source.
+
</p><p><b>Audience</b><br /> The intended audience for this course is intended for Java EE software developers and Java EE software testers who know how to program.<br />  
Aspect’s Java EE Secure Coding Training raises developer awareness of application security issues and provides examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and is delivered in a very interactive manner. This class includes hands-on exercises where the students get to perform security analysis and testing on a live Java EE web application. This specially designed environment includes deliberate flaws the students have to find, diagnose, and fix. The class also uses Java EE coding exercises to provide students with realistic hands-on secure coding experience. Students gain hands-on experience using freely available web application security test tools to find and diagnose flaws and learn to avoid them in their own code.<br>
+
</p><p><b>Learning Objectives</b><br /> At the highest level, the objective for this course is to ensure that developers are capable of designing, building, and testing secure Java EE applications and understand why this is important.<br />  
 
+
</p><p><b>Topics</b><br />  
'''Audience'''<br>
+
</p>
The intended audience for this course is intended for Java EE software developers and Java EE software testers who know how to program.<br>
+
<ul><li><b>HTTP Fundamentals</b><br />
 
+
<ul><li>Understand and be able to employ the security features involved with using HTTP (e.g., headers, cookies, SSL)<br />  
'''Learning Objectives'''<br>
+
</li></ul>
At the highest level, the objective for this course is to ensure that developers are capable of designing, building, and testing secure Java EE applications and understand why this is important.<br>
+
</li><li><b>Design Principles and Patterns</b><br />  
 
+
<ul><li>Understand and be able to apply application security design principles.<br />  
'''Topics'''<br>
+
</li></ul>
*'''HTTP Fundamentals'''<br>
+
</li><li><b>Threats</b><br />
**Understand and be able to employ the security features involved with using HTTP (e.g., headers, cookies, SSL)<br>
+
<ul><li>Be able to identify and explain common web application security threats (e.g. , cross-site scripting, SQL injection, denial of service attacks, "Man-in-the-middle" attacks, etc.) and implement mitigation techniques.<br />  
*'''Design Principles and Patterns'''<br>
+
</li></ul>
**Understand and be able to apply application security design principles.<br>
+
</li><li><b>Authentication and Session Management</b><br />  
*'''Threats'''<br>
+
<ul><li>Be able to handle credentials securely while providing the full range of authentication support functions, including login, change password, forgot password, remember password, logout, reauthentication, and timeouts.<br />  
**Be able to identify and explain common web application security threats (e.g. , cross-site scripting, SQL injection, denial of service attacks, "Man-in-the-middle" attacks, etc.) and implement mitigation techniques.<br>
+
</li></ul>
*'''Authentication and Session Management'''<br>
+
</li><li><b>Access Control</b><br />  
**Be able to handle credentials securely while providing the full range of authentication support functions, including login, change password, forgot password, remember password, logout, reauthentication, and timeouts.<br>
+
<ul><li>Be able to implement access control rules for the user interface, business logic, and data layers.<br />  
*'''Access Control'''<br>
+
</li></ul>
**Be able to implement access control rules for the user interface, business logic, and data layers.<br>
+
</li><li><b>Input Validation</b><br />  
*'''Input Validation'''<br>
+
<ul><li>Be able to recognize potential input validation issues, particularly injection and Cross-site Scripting (XSS) problems, and implement appropriate input validation mechanisms for user input and other sources of input.<br />  
**Be able to recognize potential input validation issues, particularly injection and Cross-site Scripting (XSS) problems, and implement appropriate input validation mechanisms for user input and other sources of input.<br>
+
</li></ul>
*'''Command Injection'''<br>
+
</li><li><b>Command Injection</b><br />  
**Understand the dangers of command injection and techniques for avoiding the introduction of this type vulnerability.<br>
+
<ul><li>Understand the dangers of command injection and techniques for avoiding the introduction of this type vulnerability.<br />  
*'''Error Handling'''<br>
+
</li></ul>
**Be able to implement a consistent error (exception) handling and logging approach for an entire web application.<br>
+
</li><li><b>Error Handling</b><br />
*'''Cryptography'''<br>
+
<ul><li>Be able to implement a consistent error (exception) handling and logging approach for an entire web application.<br />  
**Learn when to apply cryptographic techniques and be able to choose algorithms and use encryption/decryption and hash functions securely.<br>
+
</li></ul>
'''Jason’s Bio'''<br>
+
</li><li><b>Cryptography</b><br />  
Jason is a remarkable trainer, mastering five different training courses within a year’s time to our most valuable longstanding but diverse clients. The client base included a large financial institution, several leading shipping and logistics Management Company, and a leading Government systems integrator.
+
<ul><li>Learn when to apply cryptographic techniques and be able to choose algorithms and use encryption/decryption and hash functions securely.<br />
Jason has also taught Advanced Web Application Security Testing and Building Secure Web Applications classes at OWASP 2008 conferences in Belgium and India.<br>
+
</li></ul>
Common remarks returned from Jason’s class evaluations include '''“This is probably one of the most important classes I‘ve been exposed to here”''' and '''“One of the best instructors I’ve ever had. Really knowledgeable of the subject. Kept class interested by sharing real life examples that depicted good scenarios”'''<br>
+
</li></ul>
==== Venue  ====
+
<p><b>Jason’s Bio</b><br /> Jason is a remarkable trainer, mastering five different training courses within a year’s time to our most valuable longstanding but diverse clients. The client base included a large financial institution, several leading shipping and logistics Management Company, and a leading Government systems integrator. Jason has also taught Advanced Web Application Security Testing and Building Secure Web Applications classes at OWASP 2008 conferences in Belgium and India.<br /> Common remarks returned from Jason’s class evaluations include <b>“This is probably one of the most important classes I‘ve been exposed to here”</b> and <b>“One of the best instructors I’ve ever had. Really knowledgeable of the subject. Kept class interested by sharing real life examples that depicted good scenarios”</b><br />  
 
+
</p>
The event will be held in Campinas, SP, Brazil at: [http://www.cpqd.com.br Fundação CPQD].  
+
<h4> Venue  </h4>
 
+
<p>The event will be held in Campinas, SP, Brazil at: <a href="http://www.cpqd.com.br">Fundação CPQD</a>.  
You can check the location at [http://maps.google.com.br/maps/ms?source=embed&hl=pt-BR&geocode=&ie=UTF8&update=1&t=h&msa=0&msid=104978801628275418750.000462bf2d1a49a7571af&ll=-22.83125,-47.044315&spn=0.03718,0.04034&z=14 Google Maps]
+
</p><p>You can check the location at <a href="http://maps.google.com.br/maps/ms?source=embed&amp;hl=pt-BR&amp;geocode=&amp;ie=UTF8&amp;update=1&amp;t=h&amp;msa=0&amp;msid=104978801628275418750.000462bf2d1a49a7571af&amp;ll=-22.83125,-47.044315&amp;spn=0.03718,0.04034&amp;z=14">Google Maps</a>
 
+
</p><p><i>How to get there</i>
''How to get there''
+
</p><p>TBD  
 
+
</p>
TBD
+
<h4> Registration  </h4>
 
+
<h2> Online Registration </h2>
==== Registration  ====
+
<p>TBD  
 
+
</p>
== Online Registration==
+
<h2> Conference Fees </h2>
TBD
+
<p>TBD  
 
+
</p>
==Conference Fees ==
+
<h4> Committees  </h4>
TBD
+
<h2> Conference Committee </h2>
 
+
<p>OWASP Global Conferences Committee Chair: Mark Bristow  
==== Committees  ====
+
</p><p>OWASP <a _fcknotitle="true" href="Brazilian">Brazilian</a> Chapter Leader: Wagner Elias  
 
+
</p><p>AppSec Brasil 2010 Organization Team (organizacao2010 at appsecbrasil.org):  
==Conference Committee==
+
</p>
 
+
<ul><li>Conference General Chair: Lucas C. Ferreira  
OWASP Global Conferences Committee Chair: Mark Bristow  
+
</li><li>Tutorials Chair: Eduardo Camargo Neves  
 
+
</li><li>Tracks Chair: Luiz Otávio Duarte  
OWASP [[Brazilian]] Chapter Leader: Wagner Elias
+
</li><li>Local Chair: Alexandre Melo Braga
 
+
</li></ul>
AppSec Brasil 2010 Organization Team (organizacao2010 at appsecbrasil.org):  
+
<h3> Team Members </h3>
 
+
<ul><li>Alexandre Melo Braga  
*Conference General Chair: Lucas C. Ferreira
+
</li><li>Eduardo Camargo Neves  
*Tutorials Chair: Eduardo Camargo Neves
+
</li><li>Lucas C. Ferreira  
*Tracks Chair: Luiz Otávio Duarte
+
</li><li>Luiz Otávio Duarte  
*Local Chair: Alexandre Melo Braga
+
</li><li>Wagner Elias  
 
+
</li><li>Eduardo Alves Nonato da Silva  
===Team Members ===
+
</li><li>Leonardo Buonsanti  
* Alexandre Melo Braga
+
</li><li>Dinis Cruz  
* Eduardo Camargo Neves
+
</li><li>Paulo Coimbra
* Lucas C. Ferreira
+
</li></ul>
* Luiz Otávio Duarte
+
<p><br /> <br />  
* Wagner Elias
+
</p>
* Eduardo Alves Nonato da Silva
+
<h4> Travel </h4>
* Leonardo Buonsanti
+
<p>TBD  
* Dinis Cruz
+
</p>
* Paulo Coimbra
+
<h4> Links </h4>
 
+
<p>Blog: http://blog.appsecbrasil.org
 
+
</p><p>Twitter: http://twitter.com/owaspappsecbr
<br>  
+
</p><p><br /> <span class="fck_mw_special" _fck_mw_customtag="true" _fck_mw_tagname="headertabs" />
 
+
</p><a _fcknotitle="true" href="Category:OWASP_AppSec_Conference">OWASP_AppSec_Conference</a>
====Travel====
 
TBD
 
 
 
====Links====
 
 
 
Blog: http://blog.appsecbrasil.org
 
 
 
Twitter: http://twitter.com/owaspappsecbr
 
 
 
 
 
<headertabs />
 
[[Category:OWASP_AppSec_Conference]]
 

Revision as of 18:45, 13 July 2010

<img src="/images/8/88/LogoAppSecBrazil.002.jpg" _fck_mw_filename="LogoAppSecBrazil.002.jpg" alt="" />

Para a versão em português, veja em <a _fcknotitle="true" href="AppSec Brasil 2010 (pt-br)">AppSec Brasil 2010 (pt-br)</a>

OWASP AppSec Brasil 2010

The Second Edition of OWASP's flagship conference in South America will happen in Campinas, SP, Brazil. The Conference consists of two days of training sessions, followed by a two-day conference on a single track.

<img src="/images/thumb/4/4b/AppSec_Brasil_2010_Campinas.jpg/500px-AppSec_Brasil_2010_Campinas.jpg" _fck_mw_filename="AppSec Brasil 2010 Campinas.jpg" _fck_mw_width="500" alt="" />

Conference Dates

The conference will happen from November 16th, 2010 to November 19th, 2010. The first two days will be tutorial days (see below). Plenary sessions will be held on November 18th and 19th.


About

About the conference

Following the success of the first AppSec Brasil, held in Brasilia in 2009, the OWASP Brazilian Chapter is organizing its second edition in 2010. AppSec Brasil 2010 will happen in the city of Campinas, located 90 km from São Paulo.

Campinas is the 3rd biggest city in the State of São Paulo and is an important economic center and hosts major universities and research centers. It is known to concentrate several high tech industries, including important multi-national companies in the fields of electronics, telecom and chemicals.

This year, we expect to gather a number of Brazilian and Latin American practitioners and researchers to share state-of-the-art information about application security.

Calls

The call for presentations will be released soon.

Call for training providers

**OWASP APPSEC BRASIL 2010**
**CALL FOR TRAINING SESSIONS**

Colleagues,

OWASP is currently soliciting training proposals for the OWASP
AppSec Brazil 2010 Conference which will take place at Fundação CPqD
in Campinas, SP, Brazil, on November 16 through November 19, 2010.
There will be training courses on November 16 and 17 followed by
plenary sessions on the 18 and 19 with one single track per day.

We are seeking training proposals on the following topics (in no
particular order):
- Application Threat Modeling
- Business Risks with Application Security
- Hands-on Source Code Review
- Metrics for Application Security
- OWASP Tools and Projects
- Privacy Concerns with Applications and Data Storage
- Secure Coding Practices (J2EE/.NET)
- Starting and Managing Secure Development Lifecycle Programs
- Technology specific presentations on security such as AJAX, XML, etc
- Web Application Security countermeasures
- Web Application Security Testing
- Web Services, XML- and Application Security
- Anything else relating to OWASP and Application Security

Proposals on topics not listed above but related to the conference
(i.e. which are related to Application Security) may also be accepted.

To make a submission you must fill out the form available at
http://www.owasp.org/images/1/1a/OWASP_AppSec_Brasil_2010_CFT.rtf.zip
and submit by email to organizacao2010@appsecbrasil.org

There may be 1 or 2-day courses. The proposals must respect the
restrictions of the OWASP Speaker Agreement. The conference will
reward trainers with at least 30% of the total revenue of their
courses, based on a minimum attendance. Courses that attract more
students may be granted higher percentages. No other compensation
(such as tickets or lodging) will be provided. If you require a
different arrangement, please contact the conference chair at the
email address below.

**Compensation**
Instructors and authors will be paid based on the number of students
in their training sessions. If the training gathers only the minimum
number of students, the compensation will be 30% of the revenue. For
each group of 10 extra students enrolled, the compensation will be
increased by 5% of the revenue, up to a maximum of 45% of the training
revenue. For example, a 1-day training with 10 to 19 students will
generate a compensation of 30% of the revenue. For classes of 20 to 29
students, the compensation raises to 35% percent of the revenue.

In exceptional cases, different compensation schemes may be accepted.
Please contact the conference organization team by email
(organizacao2010@appsecbrasil.org) for details.

**Training cost**
 1-day training: R$ 450 per student
 2-day training: R$ 900 per student
All prices in Brazilian Reais (BRL)

**Minimum number of students**
 1-day trainings: 10 students
 2-day trainings: 20 students

**Important Dates:**
 Submission deadline is July 26, 2010, at 11:59 PM (UTC/GMT-3).
 Notification of acceptance will be August 16, 2010.
 Final version is due September 15, 2010.

The conference organization team may be contacted by email at
organizacao2010 (at) appsecbrasil.org

For more information, please see the following web pages:
 Conference Website: https://www.owasp.org/index.php/AppSec_Brasil_2010
 OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement
 OWASP Website: http://www.owasp.org
 Easychair conference site:
http://www.easychair.org/conferences/?conf=appsecbr2010
 Presentation proposal form:
http://www.owasp.org/images/1/1a/OWASP_AppSec_Brasil_2010_CFT.rtf.zip

********** WARNING: Submissions without all the information requested
in the proposal form will not be considered ************

Sponsorship

We are currently soliciting sponsors for the AppSec Brasil 2010 Conference. Detailed <a href="OWASP_AppSec_Brasil_2010_Sponsorship_Opportunities.pdf" class="internal" _fck_mw_filename="OWASP_AppSec_Brasil_2010_Sponsorship_Opportunities.pdf" _fck_mw_type="media" title="OWASP AppSec Brasil 2010 Sponsorship Opportunities.pdf">sponsorship oportunities</a> are now available.

If you are interested in sponsoring AppSec Brasil 2010, please contact the Conference Organization Team (organizacao2010@appsecbrasil.org).

Sponsors

Platinum Sponsors

<img src="/images/thumb/f/f7/AppSec_Brasil_2010_CPQD.jpg/200px-AppSec_Brasil_2010_CPQD.jpg" _fck_mw_filename="AppSec Brasil 2010 CPQD.jpg" _fck_mw_width="200" alt="" />
 

Gold Sponsors

 

Silver Sponsors

 
 
 

Organizational Sponsors

 

Reception Sponsors

Coffee Sponsors

<img src="/images/a/a6/Appsec_Brasil_2010_InstitutoTuring.png" _fck_mw_filename="Appsec Brasil 2010 InstitutoTuring.png" alt="" />

Keynotes

Bruce Schneier

<a href="http://bt.counterpane.com/index.html">BT</a>

Title: TBD.

Bio: Bruce Schneier is an internationally renowned security technologist, referred to by The Economist as a "security guru." He is the author of nine books -- including the best sellers Beyond Fear, Secrets and Lies, and Applied Cryptography – as well as hundreds of articles and essays, and many more academic papers. His influential newsletter "Crypto-Gram," and his blog "Schneier on Security," are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, served on several government technical committees, and is regularly quoted in the press. Schneier is the Chief Security Technology Officer of BT.


Jeremiah Grossman

<a href="http://www.whitehatsec.com/">WhiteHat Security</a>

Title: TBD.

Bio: Jeremiah Grossman, founder and CTO, WhiteHat Security, is a world-renowned Web security expert. A co-founder of the Web Application Security Consortium (WASC), he was named to InfoWorld's Top 25 CTOs in 2007 and is frequently quoted by business and technical media. He has authored dozens of articles and whitepapers, is credited with the discovery of many cutting-edge attack and defensive techniques, and is a co-author of "XSS Attacks: Cross Site Scripting Exploits and Defense." Grossman is also an influential blogger who offers insight and encourages open dialogue regarding Web security research and trends. Prior to WhiteHat, Grossman was an information security officer at Yahoo!


Agenda

Conference Program - Day 1 - November 18th 2010

08:30 - 09:00 Reception Desk Open
09:00 - 10:20 Opening Ceremony - About OWASP
10:20 - 10:40 Break
10:40 - 11:40 Bruce Schneier
TBD
11:40 - 12:30 TBD
TBD
12:30 - 14:00 Lunch Break
14:00 - 14:50 TBD
TBD
14:50 - 15:40 TBD
TBD
15:40 - 16:00 Break
16:00 - 16:50 TBD
TBD
16:50 - 17:40 TBD
TBD
17:40 - 18:30 TBD
TBD
18:30 - 18:35 End of the First Day


Conference Program - Day 2 - November 19th 2010

08:30 - 09:00 Reception Desk Open
09:00 - 10:30 Jeremiah Grossman
TBD
10:30 - 10:50 Break
10:30 - 11:40 TBD
TBD
11:40 - 12:30 TBD
TBD
12:30 - 14:00 Lunch Break
14:00 - 15:10 TBD
TBD
15:10 - 16:00 TBD
TBD
16:00 - 16:20 Break
16:20 - 17:10 TBD
TBD
17:10 - 18:00 TBD
TBD
18:00 - 18:30 End of the Conference


Trainings

<img src="/images/3/3e/Jasonli_appsecBR2010.jpg" _fck_mw_filename="Jasonli appsecBR2010.jpg" alt="align="left"" />

Aspect Security - Secure Coding for J2EE Applications

Date and time: TBD
Instructor: Jason Li
Summary
Training developers on secure coding practices offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Java EE Secure Coding Training raises developer awareness of application security issues and provides examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and is delivered in a very interactive manner. This class includes hands-on exercises where the students get to perform security analysis and testing on a live Java EE web application. This specially designed environment includes deliberate flaws the students have to find, diagnose, and fix. The class also uses Java EE coding exercises to provide students with realistic hands-on secure coding experience. Students gain hands-on experience using freely available web application security test tools to find and diagnose flaws and learn to avoid them in their own code.

Audience
The intended audience for this course is intended for Java EE software developers and Java EE software testers who know how to program.

Learning Objectives
At the highest level, the objective for this course is to ensure that developers are capable of designing, building, and testing secure Java EE applications and understand why this is important.

Topics

  • HTTP Fundamentals
    • Understand and be able to employ the security features involved with using HTTP (e.g., headers, cookies, SSL)
  • Design Principles and Patterns
    • Understand and be able to apply application security design principles.
  • Threats
    • Be able to identify and explain common web application security threats (e.g. , cross-site scripting, SQL injection, denial of service attacks, "Man-in-the-middle" attacks, etc.) and implement mitigation techniques.
  • Authentication and Session Management
    • Be able to handle credentials securely while providing the full range of authentication support functions, including login, change password, forgot password, remember password, logout, reauthentication, and timeouts.
  • Access Control
    • Be able to implement access control rules for the user interface, business logic, and data layers.
  • Input Validation
    • Be able to recognize potential input validation issues, particularly injection and Cross-site Scripting (XSS) problems, and implement appropriate input validation mechanisms for user input and other sources of input.
  • Command Injection
    • Understand the dangers of command injection and techniques for avoiding the introduction of this type vulnerability.
  • Error Handling
    • Be able to implement a consistent error (exception) handling and logging approach for an entire web application.
  • Cryptography
    • Learn when to apply cryptographic techniques and be able to choose algorithms and use encryption/decryption and hash functions securely.

Jason’s Bio
Jason is a remarkable trainer, mastering five different training courses within a year’s time to our most valuable longstanding but diverse clients. The client base included a large financial institution, several leading shipping and logistics Management Company, and a leading Government systems integrator. Jason has also taught Advanced Web Application Security Testing and Building Secure Web Applications classes at OWASP 2008 conferences in Belgium and India.
Common remarks returned from Jason’s class evaluations include “This is probably one of the most important classes I‘ve been exposed to here” and “One of the best instructors I’ve ever had. Really knowledgeable of the subject. Kept class interested by sharing real life examples that depicted good scenarios”

Venue

The event will be held in Campinas, SP, Brazil at: <a href="http://www.cpqd.com.br">Fundação CPQD</a>.

You can check the location at <a href="http://maps.google.com.br/maps/ms?source=embed&hl=pt-BR&geocode=&ie=UTF8&update=1&t=h&msa=0&msid=104978801628275418750.000462bf2d1a49a7571af&ll=-22.83125,-47.044315&spn=0.03718,0.04034&z=14">Google Maps</a>

How to get there

TBD

Registration

Online Registration

TBD

Conference Fees

TBD

Committees

Conference Committee

OWASP Global Conferences Committee Chair: Mark Bristow

OWASP <a _fcknotitle="true" href="Brazilian">Brazilian</a> Chapter Leader: Wagner Elias

AppSec Brasil 2010 Organization Team (organizacao2010 at appsecbrasil.org):

  • Conference General Chair: Lucas C. Ferreira
  • Tutorials Chair: Eduardo Camargo Neves
  • Tracks Chair: Luiz Otávio Duarte
  • Local Chair: Alexandre Melo Braga

Team Members

  • Alexandre Melo Braga
  • Eduardo Camargo Neves
  • Lucas C. Ferreira
  • Luiz Otávio Duarte
  • Wagner Elias
  • Eduardo Alves Nonato da Silva
  • Leonardo Buonsanti
  • Dinis Cruz
  • Paulo Coimbra



Travel

TBD

Links

Blog: http://blog.appsecbrasil.org

Twitter: http://twitter.com/owaspappsecbr


<span class="fck_mw_special" _fck_mw_customtag="true" _fck_mw_tagname="headertabs" />

<a _fcknotitle="true" href="Category:OWASP_AppSec_Conference">OWASP_AppSec_Conference</a>