Difference between revisions of "Italy OWASP Day 2012"

From OWASP
Jump to: navigation, search
m
m
Line 123: Line 123:
 
= Agenda and slides =
 
= Agenda and slides =
 
<font size=2pt>
 
<font size=2pt>
 
+
[[File:CilliOWASPDay2012.pdf]]
 
<center>
 
<center>
 
<table width="80%">
 
<table width="80%">

Revision as of 11:05, 24 November 2012

Back to the Italian Chapter

OWASPITDay2012.jpg




[edit]

LogoMasterSapienza.jpg

Thanks to the collaboration with the Master on Information Security of the Universita di Roma "La Sapienza",we realized the OWASP Italy Day 2012 conference in Rome, Italy. .

The Conference was held last 23rd November 2012 at the University of Rome "La Sapienza"
Aula Odeion - Museo dell'Arte Classica, Facoltà di Lettere - Piazzale Aldo Moro, 5 - Roma

In collaboration with:
CSAItalylogo.gif ISC2Italy.jpg LogoIsecLab.png Rome4c.jpg



If you have any questions, please email the conference committee: owasp-italy@owasp.org



Official invitation [[1]]





Use the #owaspitaly hashtag for your tweets for OWASP Italy Day 2012 (What are hashtags?)

@OwaspItaly Twitter Feed (follow us on Twitter!)


Marco Morana

Responsible for security risk and architecture governance of global application programs in Citigroup Institutional Clients Group (ICG) EMEA



Morana.png "My web site has been breached and my customer's data have been published online, what I can do next?".

In this talk, Marco Morana, will show an example of data breach and the business impact on a Company. Marco will discuss the importance of adopting the OWASP Guide for CISO that could be useful to mitigate the next impacts by adopting a strategic approach to application security. This approach is focused on risk management, IS governance and software security assurance.


Marco Morana with more than 16 years of professional experience in application security (6 years of it in the financial sector) in diverse professional roles such as technology officer, program manager, business partner and company founder, team leader, security architect, security consultant, software contractor and engineer.

Marco is SVP of Technology Risks & Controls in Citigroup Institutional Clients Group (ICG) EMEA, with the role of Senior Security Analyst. Previously, Marco was VP of Information Security Citigroup Global Consumer North America, with the role of Information Technology Security Officer (TISO). For previously at Citigroup, Mark has gained more than 10 years of experience in the field of security software in Foundstone consulting company McAfee Inc. In 2002, he founded the consulting firm of application security CerbTech LLC and has contributed to the development of security services and applications for various clients such as VISA and Data Processing Services CompuCredit. In 2001 he assumed the position of European Operations Manager for EWA IIT and carried out activities of project management for information security in the consortium Thyreaus Datamat SpA and EWA IIT. Between 1998 and 2001 he worked as a software engineer for IBM Internet Security Systems and developed several products for the security of the network as SafeSuite Decision and Internet Security Scanner (ISS). Between 1996 and 1998 he worked at the NASA Ames center in California where he developed the first commercial application of secure email based on Technology and Entrust S / MIME protocol. For this application, Marco obtained a patent and an honorary degree for his contribution to the security of infrastructures NASA (1996). Marco has a Masters in Computer Systems Engineering at the Northwestern Politechnic University and a degree in Mechanical Engineering (Dr Eng) at the University of Padova (Italy).


Vincenzo Iozzo

Director of vulnerability intelligence at Trail Of Bits Inc



Iozzo.png

Abstract: This talk will analyze recent trends in the mobile threats landscape, suggest effective strategies to mitigate these issues and try to gauge what the future looks like for companies and organizations seeking to protect themselves. Specifically the talk will highlight how mobile poses a totally different set of problems that have very little similarities with desktops and why the security community at large has to make a mindset shift to handle them. Finally assisted by data collected in the past few years we will discuss future trends and threats.

Bio: Vincenzo Iozzo leads the collection and analysis of vulnerability intelligence at Trail of Bits. Prior to Trail of Bits, Vincenzo founded Tiqad, an information security consulting firm, worked as a penetration tester for Secure Network srl and was a reverse engineer for Zynamics GmbH. Vincenzo serves as a committee member on the Black Hat Review Board and is a co-author of the "iOS Hacker's Handbook" (Wiley, 2012). He is perhaps best known for his participation in Pwn2Own, where he co-wrote the exploits for BlackBerryOS and iOS that won the contest in 2010 and 2011 and where he co-wrote exploits for Firefox, Internet Explorer, and Safari that placed second in 2012.




File:CilliOWASPDay2012.pdf

9:00hRegistration
9.30h"Welcome and opening of the works"
L.V.Mancini - Master in Information Security - Sapienza Università di Roma.
9.45h"Introduction to the OWASP Day 2012"
Matteo Meucci - OWASP-Italy Chair
10.00h"My web site has been breached and my customer's data have been published online, what I can do next?"
Marco Morana - CISO Citigroup
10.30h"Attackers, lies and you"
Vincenzo Iozzo - Director of vulnerability intelligence at Trail Of Bits Inc
11.00h“SPARQL Injection - attacking the triple store”
Simone Onofri — Consultant, Techub SpA, Luca Napolitano — Freelance
11.30h“Android and mobile security: client side, server side, privacy (do android malware writers dream of electric sheep?)"
Igor Falcomatà — CTO, Enforcer srl
12.00h"La convergenza tra OWASP ed (ISC)2: connubio tra approccio empirico e sistematico"
Paolo Ottolino, Claudio Sasso - Board (ISC)2 Italy Chapter
12.15h"ISACA Roma: Strumenti per la Governance IT"
Prof. C. Cilli - Presidente ISACA Roma
12.30h "CSA Italy: Portabilità, interoperabilità e sicurezza applicativa nel cloud"
Matteo Cavallini - CSA Italy chapter, Vice President
12.45hIsecLab: "Cutting-edge research in system security"
Marco Balduzzi, Ph.D., Sr. Security Researcher
13.00h"Secure Banking Expert Community: unire forze e competenze tecniche per arginare il crimine (sempre più) organizzato"
Claudio Santacesaria