Difference between revisions of "EUTour2013 Belgium Agenda"

From OWASP
Jump to: navigation, search
 
Line 54: Line 54:
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 18:00<br>(30 mins)
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 17:30<br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Welcome & sandwiches
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  
 +
|-
 +
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:15<br>(15 mins)
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | OWASP Update
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Sebastien Deleersnyder
 +
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:30<br>(45 mins)  
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 18:30<br>(45 mins)  
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead.
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Eoin Keary, CTO and founder of BCC Risk Advisory Ltd.
 +
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | TBD
 +
|-
 +
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 19:30<br>(45 mins)
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Teaching an Old Dog New Tricks: Securing Development with PMD
 +
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Justin Clarke, Director and Co-Founder of Gotham Digital Science
 +
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Using static analysis to identify software bugs is not a new paradigm. For years, developers have used static analysis tools to identifying code quality issues. While these tools may not be specifically designed for identifying security bugs. This presentation will discuss how custom security rules can be added to existing code quality tools to identify potential software security bugs. Writing custom software security rules for the popular Java code scanning tool PMD will be the focus of the presentation.
 +
Justin Clarke is a Director and Co-Founder of Gotham Digital Science. He is the lead author/technical editor of "SQL Injection Attacks and Defense" (Syngress), co-author of "Network Security Tools" (O'Reilly), contributor to "Network Security Assessment, 2nd Edition" (O'Reilly), as well as a speaker at numerous security conferences and events such as Black Hat, EuSecWest, ISACA, BruCON, OWASP AppSec, OSCON, RSA and SANS. Justin is the Chapter Leader for the OWASP London chapter in the United Kingdom.
 +
|-
 +
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 20:30<br>(45 mins)
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Vulnerability Prediction in Android Applications
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Vulnerability Prediction in Android Applications
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Aram Hovsepyan, Ph. D.
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Aram Hovsepyan, Ph. D.
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | We present an approach to predict which components of a software system contain security vulnerabilities. Prediction models are a key instrument to identify the weak spots that deserve special scrutiny. Our approach is based on text mining the source code of an application. We have explored the potential of the bag-of-words representation and discovered that a dependable prediction model can be built by means of machine learning techniques. In a validation with 10 Android applications we have obtained performance results that often outclass state-of-the-art approaches.
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | We present an approach to predict which components of a software system contain security vulnerabilities. Prediction models are a key instrument to identify the weak spots that deserve special scrutiny. Our approach is based on text mining the source code of an application. We have explored the potential of the bag-of-words representation and discovered that a dependable prediction model can be built by means of machine learning techniques. In a validation with 10 Android applications we have obtained performance results that often outclass state-of-the-art approaches.
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 19:15<br>(45 mins)
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA
 
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA
 
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | BLABLABLA
 
 
|}
 
|}
 
<br><br>
 
<br><br>
 
== Bio ==
 
== Bio ==
 
* Dr. Aram Hovsepyan received both his Master's Degree in Informatics and PhD Degree in Engineering from KU Leuven. Since July 2011, he has been working as a senior researcher in the iMinds-DistriNet research group at KU Leuven where he collaborates with Dr. Riccardo Scandariato and Prof. Wouter Joosen. Dr. Hovsepyan's main research interests lie in the area of model-driven software development and empirical software engineering with a particular focus on security vulnerability prediction techniques.
 
* Dr. Aram Hovsepyan received both his Master's Degree in Informatics and PhD Degree in Engineering from KU Leuven. Since July 2011, he has been working as a senior researcher in the iMinds-DistriNet research group at KU Leuven where he collaborates with Dr. Riccardo Scandariato and Prof. Wouter Joosen. Dr. Hovsepyan's main research interests lie in the area of model-driven software development and empirical software engineering with a particular focus on security vulnerability prediction techniques.

Latest revision as of 12:20, 22 May 2013

Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

CONFERENCE AND TRAINING

OWASP Europe Tour - Belgium 2013

Thursday 6th June (Conference)
'

DESCRIPTION
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
OWASP MEMBERSHIP
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here


CONFERENCE (Monday 13th May)

Fecha Lugar
Thursday 6th June Venue Location: University of Leuven

Venue Address: Department of Computer Science
Celestijnenlaan 200 A
3001 Heverlee
Venue Map: google maps

Price and registration
This event is FREE
Registration Link to the Europe Tour - Belgium: REGISTER HERE!



Conference Details
Time Title Speaker Description
17:30
(45 mins)
Welcome & sandwiches
18:15
(15 mins)
OWASP Update Sebastien Deleersnyder
18:30
(45 mins)
Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead. Eoin Keary, CTO and founder of BCC Risk Advisory Ltd. TBD
19:30
(45 mins)
Teaching an Old Dog New Tricks: Securing Development with PMD Justin Clarke, Director and Co-Founder of Gotham Digital Science Using static analysis to identify software bugs is not a new paradigm. For years, developers have used static analysis tools to identifying code quality issues. While these tools may not be specifically designed for identifying security bugs. This presentation will discuss how custom security rules can be added to existing code quality tools to identify potential software security bugs. Writing custom software security rules for the popular Java code scanning tool PMD will be the focus of the presentation.

Justin Clarke is a Director and Co-Founder of Gotham Digital Science. He is the lead author/technical editor of "SQL Injection Attacks and Defense" (Syngress), co-author of "Network Security Tools" (O'Reilly), contributor to "Network Security Assessment, 2nd Edition" (O'Reilly), as well as a speaker at numerous security conferences and events such as Black Hat, EuSecWest, ISACA, BruCON, OWASP AppSec, OSCON, RSA and SANS. Justin is the Chapter Leader for the OWASP London chapter in the United Kingdom.

20:30
(45 mins)
Vulnerability Prediction in Android Applications Aram Hovsepyan, Ph. D. We present an approach to predict which components of a software system contain security vulnerabilities. Prediction models are a key instrument to identify the weak spots that deserve special scrutiny. Our approach is based on text mining the source code of an application. We have explored the potential of the bag-of-words representation and discovered that a dependable prediction model can be built by means of machine learning techniques. In a validation with 10 Android applications we have obtained performance results that often outclass state-of-the-art approaches.



Bio

  • Dr. Aram Hovsepyan received both his Master's Degree in Informatics and PhD Degree in Engineering from KU Leuven. Since July 2011, he has been working as a senior researcher in the iMinds-DistriNet research group at KU Leuven where he collaborates with Dr. Riccardo Scandariato and Prof. Wouter Joosen. Dr. Hovsepyan's main research interests lie in the area of model-driven software development and empirical software engineering with a particular focus on security vulnerability prediction techniques.