Italy OWASP Day 2012

Revision as of 17:52, 2 November 2012 by Mmeucci (talk | contribs)

Jump to: navigation, search

Back to the Italian Chapter


Thanks to the collaboration with the Master on Information Security of the Universita di Roma "La Sapienza",we are pleased to announce that the OWASP Italy chapter will host the OWASP Italy Day 2012 conference in Rome, Italy at the University of Rome La Sapienza next 23rd November 2012.

The Conference will be held at the University of Rome "La Sapienza"
Aula Odeion - Museo dell'Arte Classica, Facoltà di Lettere - Piazzale Aldo Moro, 5 - Roma

In collaboration with: CSAItalylogo.gif

If you have any questions, please email the conference committee:

Who Should Attend:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interested in Improving IT Security

Use the #owaspitaly hashtag for your tweets for OWASP Italy Day 2012 (What are hashtags?)

@OwaspItaly Twitter Feed (follow us on Twitter!) <twitter>262394051</twitter>

OWASP solicits contributions on the above topics, or general matters of interest to the community. Those who are interested in participating as speakers to the conference can submit an abstract of the speech to the OWASP-Italy Board by email at: The email subject must be "OWASP Italy Day 2012: CFP" and the email body must contains the following information/sections:

  • Name and Surname
  • Email address
  • Telephone number
  • Company name and role
  • Short biography(max 100 words)
  • List of the author's previous papers/articles/speeches on the same topics
  • Title of the contribution
  • Type of contribution: Technical or Informative
  • Abstract
  • Why the contribution is relevant for OWASP-Italy Day 2012

Areas of interest: - Mobile Security: testing, developing, threats - Malware Security and Mobile - New researches on Application Security

The submission will be reviewed by the OWASP-Italy Board and the 8-9. most interesting ones will be selected and invited for presentation (30 minutes for slot).
Please send an email to the conference committee:

Important dates:

  • Contributions submission deadline: 30th October 2012

Additional information:

The OWASP-Italy community encourages Industries, Research Institutions and Individuals to sponsor their activities and events.

Two types of sponsorships are available:

  • Silver sponsorship: 1.000,00 euro. It Includes: the publication of the sponsor logo on the web site.
  • Gold Sponsorship: 1.500,00 euro. It includes: the publication of the sponsor logo in the agenda, on the web site, on the flyers and in all the official communications with the attendees at the conference. The possibility to distribute the Company brochures, CDs or other materials to the participants during the event.

If you are interested to sponsor the Conference, please contact the conference team:

Marco Morana

Responsible for security risk and architecture governance of global application programs in Citigroup Institutional Clients Group (ICG) EMEA

Morana.png "My web site has been breached and my customer's data have been published online, what I can do next?".

In this talk, Marco Morana, will show an example of data breach and the business impact on a Company. Marco will discuss the importance of adopting the OWASP Guide for CISO that could be useful to mitigate the next impacts by adopting a strategic approach to application security. This approach is focused on risk management, IS governance and software security assurance.

Marco Morana with more than 16 years of professional experience in application security (6 years of it in the financial sector) in diverse professional roles such as technology officer, program manager, business partner and company founder, team leader, security architect, security consultant, software contractor and engineer.

Marco is SVP of Technology Risks & Controls in Citigroup Institutional Clients Group (ICG) EMEA, with the role of Senior Security Analyst. Previously, Marco was VP of Information Security Citigroup Global Consumer North America, with the role of Information Technology Security Officer (TISO). For previously at Citigroup, Mark has gained more than 10 years of experience in the field of security software in Foundstone consulting company McAfee Inc. In 2002, he founded the consulting firm of application security CerbTech LLC and has contributed to the development of security services and applications for various clients such as VISA and Data Processing Services CompuCredit. In 2001 he assumed the position of European Operations Manager for EWA IIT and carried out activities of project management for information security in the consortium Thyreaus Datamat SpA and EWA IIT. Between 1998 and 2001 he worked as a software engineer for IBM Internet Security Systems and developed several products for the security of the network as SafeSuite Decision and Internet Security Scanner (ISS). Between 1996 and 1998 he worked at the NASA Ames center in California where he developed the first commercial application of secure email based on Technology and Entrust S / MIME protocol. For this application, Marco obtained a patent and an honorary degree for his contribution to the security of infrastructures NASA (1996). Marco has a Masters in Computer Systems Engineering at the Northwestern Politechnic University and a degree in Mechanical Engineering (Dr Eng) at the University of Padova (Italy).

Vincenzo Iozzo (Snagg)

Director of vulnerability intelligence at Trail Of Bits Inc


Abstract: This talk will analyze recent trends in the mobile threats landscape, suggest effective strategies to mitigate these issues and try to gauge what the future looks like for companies and organizations seeking to protect themselves. Specifically the talk will highlight how mobile poses a totally different set of problems that have very little similarities with desktops and why the security community at large has to make a mindset shift to handle them. Finally assisted by data collected in the past few years we will discuss future trends and threats.

Bio: Vincenzo Iozzo leads the collection and analysis of vulnerability intelligence at Trail of Bits. Prior to Trail of Bits, Vincenzo founded Tiqad, an information security consulting firm, worked as a penetration tester for Secure Network srl and was a reverse engineer for Zynamics GmbH. Vincenzo serves as a committee member on the Black Hat Review Board and is a co-author of the "iOS Hacker's Handbook" (Wiley, 2012). He is perhaps best known for his participation in Pwn2Own, where he co-wrote the exploits for BlackBerryOS and iOS that won the contest in 2010 and 2011 and where he co-wrote exploits for Firefox, Internet Explorer, and Safari that placed second in 2012.

9.30hWelcome and opening of the works
Prof. L.Mancini - Director of the Master in Information Security, Università "La Sapienza" Rome.
9.45hIntroduction to the OWASP Day 2012
Matteo Meucci - OWASP-Italy Chair, CEO Minded Security
10.00h"My web site has been breached and my customer's data have been published online, what I can do next?"
Marco Morana - CISO Citigroup
Vincenzo Iozzo - Director of vulnerability intelligence at Trail Of Bits Inc
Speaker - Role
Speaker - Role
12.00hISC2 Italy
Speaker - Role
12.15hISACA Roma
Speaker - Role
12.30hCSA Italy: Portabilità, interoperabilità e sicurezza apllicativa nel cloud
Matteo Cavallini - CSA Italy chapter, Vice President
Speaker - Role

To be published next 10th November.

OWASP Italy Day 2012 will be held at the University of Rome "La Sapienza"
Aula Odeion - Museo dell'Arte Classica, Facoltà di Lettere - Piazzale Aldo Moro, 5 -

Roma Directions are available through: Google Maps

Online Registration

Registration will open soon




OWASP Staff Support

  • Sarah Baso
  • Kate Hartmann

Speaker Agreement

By submitting your proposal for a talk/paper through our CFP, you are consenting to stay within the guidelines of the speaker agreement: