Italy OWASP Day 4

From OWASP
Revision as of 09:24, 10 October 2009 by Mmeucci (Talk | contribs)

Jump to: navigation, search

Back to the Italian Chapter

OWASPDayIV.png

WELCOME

Introduction

Welcome to the OWASP Day IV Italy Conference for 2009. Following on from the great success of last OWASP Days, the new conference will take place next November 2009 in Milan.


Organization and goals:

  • The event will show several points of discussion: we will present the state of the art of the Secure Software Initiatives and technical speeches about the new researches in Application Security.
  • As conclusion of the day, we organize a round table discussing the most interesting subjects came out during the event.
  • Conference goal is creating a debate on which will be the evolution of the research for the Web Application Security, and how to start a secure software initiative.


References:


"Avete finito di imbottire le vostre reti di firewall e altre diavolerie simili? Allora è tempo di cambiare prospettiva e rendersi conto che oggi, dopo aver messo in sicurezza il perimetro dei nostri sistemi informativi, le minacce più serie provengono dalle nostre stesse applicazioni che, a volte, non sono progettate ed implementate, tenendo conto delle migliori pratiche di sviluppo di software sicuro. In questo campo l’OWASP rappresenta un punto di riferimento costante ed una miniera di informazioni e strumenti, ed al Ministero dell’Istruzione, Università e Ricerca abbiamo imparato ad apprezzarne i materiali e le informazioni disponibili sul suo sito web, nell’ambito del nostro gruppo che si occupa di sicurezza del sistema informativo. Per conoscere le iniziative dell’OWASP, avere un’anteprima delle principali novità in tema di sicurezza del software, incontrare i maggiori esperti in questo settore, partecipate all’OWASP DAY – ITALY IV il 6 novembre prossimo a Milano, sarà un’occasione utilissima di approfondimento."

Paolo De Santis – Dirigente della Direzione Generale per gli Studi, la Statistica ed i Sistemi Informativi del MIUR

“L’OWASP Day è il luogo e il momento per incontrare altri professionisti e appassionati del settore. E’ un’opportunità per conoscere direttamente dai protagonisti le metodologie, le tecniche e gli ambiti di ricerca nel mondo della sicurezza applicativa divenuto ormai il fattore principale, insieme a quello umano, nel campo dell’Information Security. “

Massimo Trevisani—CSO IWBank

"Le conferenze OWASP in Italia rappresentano un momento importante di awareness sulla sicurezza applicativa. L'evento rappresenta un punto di riferimento in cui i professionisti dell'IT possono valutare nuovi approcci allo sviluppo sicuro del software e alla difesa delle proprie applicazioni on-line"

Marco Bavazzano—CISO Telecom Italia


Key Speakers:


Marco Morana — CISO Citigroup
Marco Morana serves the OWASP organization by leading the USA Cincinnati chapter  and he is a key contributor of many OWASP projects. Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the software security coding standards, management of security assessments during the SDLC related to application security. The aim of this presentation is help application security practitioners such as project managers and information security officers to make business cases for software security initiatives. The presentation will first introduce the need to position the organization’s Software Security Initiatives with respect to software security models such as BSIMM and SAMM. In order to create the business case for software security it is essential to make the case for business (e.g. costs) as well as security (e.g. engineering, vulnerability management).

Tobias Christen — CTO, DSwiss Ltd
Tobias began his career  in a research team of a swiss bank specializing in new internet technologies. He then went on to join a leading international security-software company - Stonesoft - where he served as Head of R&D, Head of Product Management, and CTO of the company. For several years Tobias was working at Zurich Financial Services where he built up a new security architecture, and developing their IT risk strategy. In early 2008 Tobias joined DSwiss as CTO.   In this presentation we look at some typical usability versus security mistakes. We see examples where lack of usability in security controls resulted in work arounds from users, and we also see typical examples where lack of security is blindly accepted. We discuss what is considered "acceptable" security by the general audience and discuss technologies that have a better usability versus security tradeoff.


Sponsors

If you want to become a Sponsor of the Initiative, please drop an email to: Matteo Meucci

Gold Sponsors:

FortifyNew.JPG IBM.pngRational.gif

Silver Sponsors:

Agenda

DRAFT: The conference schedule will be published the 10th of October 2009

9:00hRegistration
9.30h Introduction to the OWASP-Day
Matteo Meucci - OWASP-Italy Chair
9.50h How to Create Business cases for Your Software Security Initiative
Marco Morana — CISO, Citigroup
10.30 II talk
11.10hCoffee break
11.40h III talk
12.20h IV talk
13.00hBusiness Lunch
14.00h V talk
14.40h VI talk
15.20h VII talk
16.00h Round table

Call For Sponsorships

The OWASP-Italy community encourages Industries, Research Institutions and Individuals to sponsor their activities and events. Two types of sponsorships are available:

  • Silver sponsorship: 2500 euro. It Includes: the publication of the sponsor logo on the web site
  • Gold Sponsorship: 3500 euro. It includes: the publication of the sponsor logo in the agenda, on the web site, on the flyers and in all the official communications with the attendees at the conference. The possibility to distribute the Company brochures, CDs or other materials to the participants during the event.

Those who are interested in sponsoring OSWAP-Italy Day IV Conference can contact the OWASP Italy Day IV Organizing Committees:
Voice : +393283019559 Mail: OWASP-Italy

REGISTRATION (Open)

Registration is now open.
Who Should Attend the Conference:
- Application Developers
- Application Testers and Quality Assurance
- Application Project Management and Staff
- Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
- Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
- Security Managers and Staff
- Executives, Managers, and Staff Responsible for IT Security Governance
- IT Professionals Interesting in Improving IT Security
Please register here

The Conference will be taking place at: Milan Marriott Hotel Via Washington, 66 Milano - Italy, +39 02 4852 2834

Venue

The Conference will be taking place at:
Milan Marriott Hotel
Via Washington, 66 Milano - Italy, +39 02 4852 2834

We've partnered with the Milan Marriott Hotel to bring you luxury accommodations at a reasonable price for your stay during our conference. Price is 130 euro for a single, 150 euro for a double room.

The Marriott Hotel is located near to Wagner Metro Station.

MilanMarriott.png

Important dates

  • Contributions submission deadline: 3rd October 2009
  • Communication of acceptance for contributions: 10th October 2009
  • Registration deadline: 30th October 2009
  • Conference Agenda due: 15th October 2009
  • Conference date: 06th November 2009