Difference between revisions of "SecurityByte and OWASP Asia AppSec Conference 2009"

From OWASP
Jump to: navigation, search
(Two Days Conference)
Line 1: Line 1:
{| cellspacing="0" cellpadding="0" border="0" align="center" class="FCK__ShowTableBorders"
 
|-
 
| [[Image:SB OWASP 2009 banner.gif|center|link=http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009]]
 
|-
 
| valign="middle" align="center" | [http://www.ichotelsgroup.com/h/d/cp/1/en/hotel/ndegg/transportation?start=1 Hotel Crowne Plaza] &#124; [http://www.eventavenue.com/attReglogin.do?eventId=EVT1987 Registrations]<br>
 
|}
 
 
<br>
 
 
*<b>Only One Week Left ! Register Online today to grab your seat for India's best Security Conference.</b><br><br>
 
*<b>Honorable Former President of India, Dr. A.P.J Abdul Kalam to Inaugrate the India Technology Leadership Summit 2009. </b>This event is an Invitation ONLY event.
 
 
 
'''[http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Registrations Click Here]''' for more information.
 
 
==== Welcome  ====
 
 
Securitybyte &amp; OWASP are proud to welcome you to the annual international information security conference – Securitybyte &amp; OWASP AppSec Asia Conference 2009, Nov 17th through Nov 20th in Delhi &amp; NCR, India.
 
 
This is a landmark event, as both Securitybyte and OWASP join hands to present India’s largest InfoSec event with world renowned and most regarded international speakers.
 
 
Securitybye &amp; OWASP AppSec Asia Conference 2009 will be held at [http://www.ichotelsgroup.com/h/d/cp/1/en/hotel/ndegg/transportation?start=1 Hotel Crowne Plaza, Gurgaon, NCR, India.] on 17th November through 20th November 2009.
 
 
'''Who Should Attend Securitybyte &amp; OWASP AppSec Asia Conference 2009:'''
 
 
*Application Developers
 
*Security Researchers
 
*Application Testers and Quality Assurance
 
*Penetration Testers
 
*Application Project Management and Staff
 
*IT Security Professionals
 
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
 
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 
*Security Managers and Staff
 
*Executives, Managers, and Staff Responsible for IT Security Governance
 
*IT Professionals Interesting in Improving IT Security
 
 
==== About  ====
 
 
== About Conference  ==
 
 
Securitybyte and OWASP AppSec Asia Conference 2009 comprise of three parallel conference talks to be conducted in 3 separate halls for two days i.e . 17th &amp; 18th November 2009. Attendees will carry the freedom to switch the halls as per their interest towards a particular talk. Conference talks are being delivered by world renowned and most regarded speakers from around the world.
 
 
== About Trainings  ==
 
 
Two days post-conference are dedicated towards best-of-breed trainings being conducted in association with SANS, ISC2 and other organizations. Trainings tracks have been made available as One-Day tracks and Two-Day tracks scheduled for 19th &amp; 20th November 2009.
 
 
==== Registrations  ====
 
 
== [http://www.eventavenue.com/attReglogin.do?eventId=EVT1987 Registration] is now open!  ==
 
 
=== You can register [http://www.eventavenue.com/attReglogin.do?eventId=EVT1987 here]  ===
 
 
*[http://www.eventavenue.com/attReglogin.do?eventId=EVT1987 Click Here] for Online Registrations.
 
*[http://securitybyte.org/index.php/register.html Click Here] for Offline Registrations.<br>
 
<b>Please check out our Exclusive Discount Offer, available Starting October 6th - 15th, 2009. "SAVE BIG NOW !"</b><br><br>
 
'''''The below pricing reflects the Standard Registration Prices .'''''
 
 
{| class="FCK__ShowTableBorders"
 
|-
 
| Two Days of Conference (17th and 18th November 2009)
 
| <br>
 
| Rs.8,500/- INR
 
| General Public
 
|-
 
| Two Days of Conference (17th and 18th November 2009)
 
| <br>
 
| Rs.5,000/- INR
 
| Students
 
|-
 
| Two-Day Training Tracks (19th and 20th November 2009)
 
| <br>
 
| Rs.25,000/- INR
 
|-
 
| One-Day Training Tracks (19th OR 20th November 2009)
 
| <br>
 
| Rs.12,500/- INR
 
|}
 
 
<nowiki>** Service Tax @ 10.3% will be charged extra.</nowiki><br><br>
 
*<b>ISC2</b> Members can avail a Special 15% discount on Conference & Training Registration.
 
(Please provide your ISC2 Certification ID number to avail the above Discount)
 
For Registrations contact us at registrations@securitybyte.org
 
== Exclusive Offers ==
 
 
<b>- Group / Team Discounts available: Kindly contact us at registrations@securitybyte.org<br><br>
 
Special University Student discount</b> <br>
 
- University Students can register for two days of conference for just Rs. 5000 (including taxes)<br>
 
- Special 15 % Discounts for Training registration<br>
 
 
 
[http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Trainings Click here for details on the training courses that are available.]<br>
 
 
== Who Should Attend Securitybyte &amp; OWASP AppSec Asia Conference 2009: ==
 
 
*Application Developers
 
*Security Researchers
 
*Application Testers and Quality Assurance
 
*Penetration Testers
 
*Application Project Management and Staff
 
*IT Security Professionals
 
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
 
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
 
*Security Managers and Staff
 
*Executives, Managers, and Staff Responsible for IT Security Governance
 
*IT Professionals Interesting in Improving IT Security<br>
 
 
<br>For student discount, attendees must present proof of enrollment when picking up your badge.
 
 
==== Schedule  ====
 
 
Three parallel conference talks are scheduled for 17th &amp; 18th November 2009 in three different halls. Training tracks have been divided in one-day tracks scheduled for 19th or 20th November 2009 and two-day tracks those are schedule to continue for two days both on 19th &amp; 20th November 2009. Follow the tabs to learn the details on both conference and trainings.
 
 
*[http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Conference Click here] to view the '''Conference Schedule''' for 17th &amp; 18th November 2009.
 
 
*[http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Trainings Click here] to view '''Training Schedule''' on 19th &amp; 20th November 2009.
 
 
==== Conference  ====
 
 
 
<p><font face="Arial" size="2">Securitybyte and OWASP AppSec Asia Conference 2009 comprise of three parallel training sessions to be conducted in 3 separate halls for two days i.e . 17th &amp; 18th November 2009. Attendees will carry the freedom to switch the halls as per their interest towards a particular session. Conference talks are being delivered by world renowned and most regarded speakers from around the world. Below is the conference schedule listing confirmed speakers and talks. Couple of talks are under review by the CFP (Call For Papers) Committee and shall be available as soon as those are confirmed. Event also follows two days of InfoSec trainings to be delivered in association with SANS, ISC2 and other organizations.</font></p>
 
<p><font face="Arial" size="2">Securitybyte and OWASP AppSec Asia Conference 2009 comprise of three parallel training sessions to be conducted in 3 separate halls for two days i.e . 17th &amp; 18th November 2009. Attendees will carry the freedom to switch the halls as per their interest towards a particular session. Conference talks are being delivered by world renowned and most regarded speakers from around the world. Below is the conference schedule listing confirmed speakers and talks. Couple of talks are under review by the CFP (Call For Papers) Committee and shall be available as soon as those are confirmed. Event also follows two days of InfoSec trainings to be delivered in association with SANS, ISC2 and other organizations.</font></p>
 
<p><font face="Arial" size="2">
 
<p><font face="Arial" size="2">
Line 465: Line 346:
 
</table>
 
</table>
 
</div>
 
</div>
<p>&nbsp;</p>
 
</body>
 
 
== Hotel Stay & Travel Information  ==
 
 
To help our valued delegates with Hotel and Travel services, we have negotiated with some of the best and Budget Category Guest houses in Gurgaon that are located within a radius of 3 - 4 Kms from the venue.
 
 
Limited cheaper accommodation is available near the venue hotel in budget hotels/apartments area. The tariff of these hotels ranges from Rs.2000 onwards per room night (inclusive of Room Rent, Breakfast and Luxury Tax).  Interested delegates / students can send a formal request for the desired accommodations and dates to our official travel agent.
 
 
 
<b>OFFICIAL TRAVEL AGENT</b>
 
 
<b>Dreamz conference Management Pvt.Ltd</b> will look after your hotel accommodation in Gurgaon and New Delhi, pre & post conference tours / travel needs in India for delegates and visitors independently. If you wish to go for sightseeing tour within New Delhi and around it to places like Agra, Jaipur, Rajasthan etc. However, we would encourage you to make early bookings which will be done on “first – come - first service” basis and let us know of your interest, since that would ultimately work in your favour. Early reservation is strongly recommended as November being a high demand period for hotels in Gurgaon.
 
 
 
 
For further details please contact:
 
 
DREAMZ CONFERENCE MANAGEMENT PVT.LTD
 
 
406, Ansal’s Majestic Tower, Vikas Puri, New Delhi – 110018
 
 
Tel: 91 – 11 – 41586401, 402, Fax: 91 – 11 – 41586400
 
 
Email: info@dreamztravel.net / dreamztravelindia@yahoo.com
 
 
Website: www.dreamztravel.net
 
 
Contact Person: Jitin Batra ( +91 9810558569 )
 
 
 
<br>
 
==== Capture the Flag  ====
 
 
== HackHunt 2009  ==
 
 
<b>India's foremost Hacking Challenge </b>
 
 
Your Shot to the Title of India's best hacker along with Prize money of more than <b>Rs 150,000</b> up for grabs!
 
 
 
 
<b>Search for India’s Best Ethical Hacker </b>
 
 
HackHunt is India’s leading hacking competition and aims at awarding the best ethical hackers in the country. The competition is brought to you by Appin Security Group, a leading Information Security and Ethical Hacking Company and Securitybyte, a global Information Security Conference Company.
 
 
The competition will be conducted in 3 phases. The 1st two rounds will be online and the 3rd and final round will take place at“Securitybyte & OWASP Appsec Asia 2009” on November 17, 2009at Crowne Plaza, Gurgaon.
 
 
Level 1 – Knowledge Check
 
All the participants will be answering a quiz and based on the score top 10% will be shortlisted to 2nd round.
 
 
Level 2 – Skill Check
 
This stage will require an attacker to get to the final FLAG file which he/she would need to register for the event.
 
 
Level 3 – Final Round
 
This stage will require the attackers to exploit a pre-announced SSID which has WPA (or wpa 2).
 
 
 
To participate and for more details visit website :- http://www.hackerscouncil.org/
 
 
== PacketWars  ==
 
<b>First time in India brought to you by Securitybyte! </b><br>                                             
 
About PacketWars
 
 
PacketWars is an intense, real-time information warfare simulation. Unlike other “capture the flag” games, the battlegrounds featured in PacketWars use the same software and hardware you would encounter in the real world.
 
 
PacketWars is designed to operate like a sport. Think Formula One Racing meets professional golf with a dash of Ultimate Fighting thrown in for good measure. Serious fun!
 
 
Visit http://packetwars.com/ for more details.
 
How To Play?
 
 
PacketWars is a Sport like nothing you have ever experienced! Games known as “BATTLES” pit individual players and teams against each other in a race to achieve defined objectives.
 
 
The rules of engagement are simple:
 
- Illegal activity of any kind is prohibited
 
- Protect yourself at all times
 
- Battles are designed to be of a low, medium or high difficulty level based on the battle objectives and battle duration
 
- Primary, Secondary and Tertiary objectives are defined and assigned points based on difficulty
 
- Battles have time limits and other defined constraints
 
- Constraints are sometimes known to the combatants and other times are not
 
- Anything that is not expressly prohibited is allowed
 
- Points are awarded for FLARE
 
 
Equipment Needed:
 
- Most combants use a notebook and a BackTrack CD however you are only limited by your imagination and bank account
 
- You need a battle field and a PacketMaster…Oh yeah, skillz come in handy also!How To Play<br><br>
 
<b.How can I participate?</b><br>
 
PacketWars to be held at the Hotel Crowne Plaza, Gurgaon on Nov 17 & Nov 18, 2009. Participation is FREE! Schedule will be announced soon.
 
 
== WebWar III  ==
 
 
<b>About</b>
 
Hackers attack, coders defend, when you get them together you end up with Web War III. WWIII is designed to put your Web Application attack and defense skills to the test.<br><br>
 
 
<b>Teams</b>
 
Each team consists of two players, an attacker and a defender. The attacker would be capable of identifying Web Application Vulnerabilities (OWASP Top 10). The defender would be capable of writing secure Java code.
 
<br><br>
 
 
 
<b>Game Format</b><br>
 
 
The game has two stages:
 
 
Stage 1:
 
Each team is given a VM Ware image containing a web server hosting a vulnerable web application. During this stage each team identifies the vulnerabilities in their application.
 
They try to fix the identified vulnerabilities by making code changes.<br>
 
 
Stage 2:
 
The IP addresses of the Web Server's of all the teams is announced.
 
Each team looks for vulnerabilities in the Web Applications of the other teams.
 
Vulnerabilities found on the opponents' application get positive points.
 
Vulnerabilities found by the opponents on your application get negative points.<br>
 
 
Team with the highest points at the end of Stage 2 wins.
 
<br><br>
 
 
<b>Tools and Equipments</b>
 
 
Each team should bring their own laptop with VM Ware installed.
 
The attacker can use any tools they bring.
 
The applications come with ESAPI to help the defenders fix the code quicker.
 
<br>
 
==== Leadership Summit 2009  ====
 
<b>India's top technology thought leaders coming together to discuss "Security concerns in off-shoring"</b><br>
 
 
<b>Honored Guests</b><br>
 
-Honorable Former President of India, Dr. A.P.J Abdul Kalam to inaugrate the Leadership Summit 2009.<br>
 
-Prof. Howard A. Schmidt(Advisor, NIST; Former Vice Chair - President’s Critical Infrastructure Board; Former Special Advisor – Cyberspace Security for White House)<br>
 
-Mr. Hord Tipton, Executive Director (ISC)2<br>
 
 
<b>About the Event</b><br>
 
An elite gathering of 200 technology leaders, decision makers & InfoSec experts from leading service providers, government agencies and various industry verticals.
 
<br>
 
Two hours of panel discussions between three panels of 12 distinguished industry experts representing outsourcing companies, service providers and the regulatory bodies.  Panel discussions will be followed by networking dinner & cocktails.<br>
 
 
Prof Howard A. Schmidt (Advisor, NIST; Former Vice Chair - President’s Critical Infrastructure Board; Former Special Advisor – Cyberspace Security for White House) will facilitate the panel discussions. Thought leaders participating in the panel discussions are:<br>
 
 
<b>Outsourcing Organizations</b><br>
 
Mr. Raghavendra Vaidya, CIO - GE Capital India<br>
 
Mr. CRN Vairavelu, VP - Ford Technology Services India<br>
 
Mr. Pankaj Agrawal, CISO - Aircel Limited<br>
 
TBD<br>
 
<br>
 
<b>Service Providers</b><br>
 
Mr. Terry Thomas, Partner - Ernst & Young<br>
 
Mr. Debashis Ghosh, Head (LS&H ISU) - Tata Consultancy Services<br>
 
Mr. Sunil Gujral, EVP & CTO - Quatrro<br>
 
Mr. Sunil Goyal, COO - Sopra group<br>
 
<br>
 
<b>Regulatory Bodies</b><br>
 
Dr. Kamlesh Bajaj, CEO - DSCI (a NASSCOM initiative)<br>
 
Dr. Gulshan Rai, Director - CERT-in<br>
 
Mr. Hord Tipton, Executive Director - ISC2 (ex CIO, US Department of Interior)<br>
 
Mr. Vakul Sharma, Lawyer - Supreme Court<br>
 
<br>
 
The event is exclusive to industry leaders and is by private invitation only. If you are interested in attending the event, please email your business card to info@securitybyte.org This e-mail address is being protected from spambots.<br>
 
 
Venue - Hotel Crowne Plaza, Gurgaon | Timings - 5:30PM - 9:00PM
 
<br>
 
__NOTOC__ <headertabs />
 
Please contact [http://www.owasp.org/index.php/Category:India#OWASP_India_Co-Chairs Chair - OWASP India] for sponsorship opportunities.
 
<br>
 
 
[http://www.owasp.org/index.php/Category:India Category: OWASP India]
 

Revision as of 06:04, 13 November 2009

Securitybyte and OWASP AppSec Asia Conference 2009 comprise of three parallel training sessions to be conducted in 3 separate halls for two days i.e . 17th & 18th November 2009. Attendees will carry the freedom to switch the halls as per their interest towards a particular session. Conference talks are being delivered by world renowned and most regarded speakers from around the world. Below is the conference schedule listing confirmed speakers and talks. Couple of talks are under review by the CFP (Call For Papers) Committee and shall be available as soon as those are confirmed. Event also follows two days of InfoSec trainings to be delivered in association with SANS, ISC2 and other organizations.

 

Where > Conference Hall 1   Conference Hall 2   Conference Hall 3: 
Who > (Security Researchers & Enthusiasts) (Security Auditors, Developers, QA, Architects) (Leaders, Managers, C&S professionals)
Schedule Topic Speaker Topic Speaker Topic Speaker

9:00AM   - 10:30AM</td>

Keynote Sessions</td> </tr>

10:30AM - 11:00AM</td>

Tea break & Snacks on Exhibition Floor</td> </tr>

11:00AM - 12:00PM</td>

TBD</td>

IBM</td>

 </td>

How To Blackbox Test Almost Anything</td>

Aviram Jenik, Beyond Security</td>

 </td>

The International State of Cyber Security, Risk reduction in a high threat world</td>

Howard A. Schmidt, Former Cyber Security Advisor to the White house</td> </tr>

12:00PM - 1:00PM</td>

Reconsidering Network Defenses or NOT !</td>

Cedric Blancher, EADS Innovation Works</td>

Lust 2.0 – Desire for free WiFi and the threat of the Imposter </td>

Lava Kumar Kuppan, Independent Security Researcher</td>

Applications - The new cyber security frontier</td>

Mano Paul, Software Assurance Advisor (ISC)2</td> </tr>

1:00PM    - 2:00PM</td>

Lunch</td> </tr>

2:00PM    - 3:00PM</td>

Exploiting Firefox Extensions</td>

Roberto Suggi Liverani, Security-Assessment.com</td>

 </td>

Threat Modeling </td>

Varun Sharma, Microsoft Corp.</td>

 </td>

Behind the scenes at the Microsoft Security Response Center</td>

Dave Midturi and Suresh Venkateswaran, Microsoft Security Response Center</td> </tr>

3:00PM    - 4:00PM</td>

SQL Server Forensics 2.0</td>

Kevvie Fowler, TELUS & Ringzero</td>

Vbootkit 2.0: Attacking Windows 7 Via Boot Sectors</td>

Nitin Kumar/Vipin Kumar, Independent Security Researchers, Nvlabs</td>

Business Case-Risk Management/Compliance at leading Education Group at AMITY</td>

Dr J.S Sodhi, AMITY</td> </tr>

4:00PM    - 4:30PM</td>

Business Continuity Case Study</td>

Venkataram Arabolu, BSI</td>

Usability and Privacy in Security</td>

Ponnurangam Kumaraguru, IIIT </td> </tr>

4:30 PM   - 5:30 PM</td>

Tea break & Snacks on Exhibition Floor</td> </tr>

7:00PM    - 10:00PM</td>

India Technology Leadership Summit 2009 (Exclusive by invitation only) -" Information Security Concerns for Offshoring"</td> </tr>

 </td> </tr>

Where ></td>

Conference Hall 1</td>

 </td>

Conference Hall 2</td>

 </td>

Conference Hall 3: </td> </tr>

Who ></td>

(Security Researchers & Enthusiasts)</td>

(Security Auditors, Developers, QA, Architects)</td>

(Leaders, Managers, C&S professionals)</td> </tr>

Schedule</td>

Topic</td>

Speaker</td>

Topic</td>

Speaker</td>

Topic</td>

Speaker</td> </tr>

9:00AM   - 10:00AM</td>

Round Table with Speakers / Industry Panel - "Security Today & Tomorrow'</td> </tr>

10:00AM - 10:30AM</td>

Tea break & Snacks on Exhibition Floor</td> </tr>

10:30AM - 11:30AM</td>

Ten Things Web Developers Still Aren't Doing</td>

Frank Kim, ThinkSec Consulting</td>

 </td>

SANS Dshield Webhoneypot Project</td>

Jason Lam, Independent Security Researcher</td>

 </td>

Critical Infrastructure Security “Danger Without borders” </td>

John Bumgarner, US Cyber Consequence Unit (USCCU)</td> </tr>

11:30AM - 12:30PM</td>

Cloud Hacking – Distributed Attack & Exploit Platform</td>

Shreeraj Shah, Blueinfy Solutions</td>

Testing JSON Applications For Security Holes</td>

Aviram Jenik, Beyond Security</td>

Critical Infrastructure Security “Danger Without borders” </td>

John Bumgarner, US Cyber Consequence Unit (USCCU)</td> </tr>

12:30PM  - 1:30PM</td>

Lunch</td> </tr>

1:30PM    - 2:30PM</td>

All Your Packets Belong to Us - Attacking Backbone Technologies </td>

Daniel Mende, Security Researcher, ERNW</td>

 </td>

Risk based Penetration Testing</td>

K. K. Mookhey, Founder & Principal Consultant, NII Consulting</td>

 </td>

Wi-Fi security: the good, the bad and the ugly</td>

Cedric Blancher, EADS Innovation Works</td> </tr>

2:30PM    - 3:30PM</td>

Xprobe3 - What's New? Going Application Level</td>

Fyodor Yarochkin, Guard-info</td>

OWASP SAMM</td>

Pravir Chandra, OWASP</td>

Do you wanna Play a Game Game theory and Cyberwar</td>

Bryan K. Fite, HackSecKlahn</td> </tr>

3:30PM-4:00PM</td>

Tea break & Snacks on Exhibition Floor</td> </tr>

4:00 PM   - 5:00PM</td>

Rumbling Infections – Web Malware Ontology</td>

Aditya K. Sood, COSEINC</td>

 </td>

 Hacking Oracle From Web</td>

Sid, Independent Security Researcher</td>

 </td>

Connected Information Security Framework</td>

Anil Kumar Chintala, Microsoft</td> </tr>

5:00PM    - 5:30PM</td>

Closing Remarks by Organizing Committee</td> </tr> </table> </div>