Summit 2011

From OWASP
Revision as of 22:41, 12 December 2010 by Lorna Alamri (Talk | contribs)

Jump to: navigation, search


Welcome

OWASPGlobalSummitLogo-3THISONEHASTHEMOSTVOTESSOFAR.jpg

Dear OWASP Leaders and appsec community,


The Summit will be held February 8th-11th at CampoReal Resort in central Oeste Portugal, 38 km north of Lisbon and 18 km inland from the Atlantic Ocean. This will be the place where appsec experts meet, discuss, work, socialize, and set the roadmap for OWASP in coming years.

The Summit Activates *You*

Whereas the OWASP AppSec conferences are great places to listen to interesting talks, go for training, and meet with OWASP people, the Global Summit is the place where we all sit down together and take the time to discuss and work out plans, projects and solutions for the appsec future.

Examples of topics:

  • How should we support the OWASP projects?
  • How can we work with browser vendors to enhance security (see "Browser Day" tab above)?
  • How should the community reach out to developers and education institutions?
  • How often should we publish the OWASP Top 10?
  • How can OWASP support your chapter?

Organizing Committee

Lorna Alamri, Sarah Baso, Brad Causey, Justin Clarke, Paulo Coimbra, Dinis Cruz, Martin Knobloch, Dave Wichers, John Wilander, and Jason Li.

Who's Invited?

As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info.



OWASP Around the World

OWASP is a fast growing global community. How should we support and manage this growth? During this session we'll look into issues of:

More Topics

You know how OWASP works - it's all up to you. Please edit this tab and enter topics we should cover during the Global Summit 2011! If you want you can add your name after each suggestion and we can work out the details with you.

  • Discussion on Douglas Crockford's bold statement that we should stop HTML5 development, fix XSS, and then start over. Is he right? How is OWASP active in the HTML5 development? Check this webcast, jump to 20:50 to hear the XSS part. /John Wilander
  • Better engagement/partnerships with the development community - Mark Bristow
  • Ways to recognize participation in OWASP in a tangable way - Mark Bristow
  • Foundation/Board/Committee Governance & Standardization - Mark Bristow
  • OWASP Website
    • Securing
    • Re-Structuring
    • Re-Design
  • OWASP Branding
  • Can/should OWASP push for fundamental change to flawed specs?
    • OWASP Influence change - or - Is it enough to make/use bandages on poor specs?
      • HTML spec - separate data and code
      • HTTP - CSRF should be at a much lower level than the app layer
      • OpenID - transparent login is a security issue
      • SSL - long list of CAs, who delegate CAs <recurse> - trust? security?
  • [Your topic here]

How Do I Join? / Mailing list

As an OWASP leader you are automatically invited to the summit. Cost to attend the summit is $800 USD (shared accommodations) plus travel expenses. Please see "Applying for Chapter and Project Funding" and "Letters and Summit Materials" tabs for more information on finding funding help for expenses.

The first thing to do is to join the Summit 2011 mailing list.

On the mailing list you'll get first hand information on how to register, exact dates, updates to the agenda, funding for your trip etc.

If you are a leading appsec expert from industry or academia but not yet an OWASP leader you can just contact John.Wilander at owasp.org and we'll try to get you in.

Social Events

It goes without saying - the summit is all about meeting people. So there will be a constant mixture of workshops, dinners, beers and wine. We like to think of the summit as a very social event in itself.


Summit Pricing and Reservations

[edit]

PERSON(S) TICKET COMBINATION COST IN EUROS COST IN USD
Individual Summit Participant Ticket
(includes meals, no accommodation)
€260 EUR $350 USD
Individual Summit Participant Ticket
+ 4 Nights Shared Accommodation
€590 EUR $800 USD

The total cost for most attendees will be €590 EUR or $800 USD (Summit Participant Ticket + 4 Nights Shared Accommodation). Shared accommodations will be contained in multi-room villas which hold between four and six persons. You should expect to share a room in these villas - in fact, the shared experience has been cited as the most fun and beneficial part of the previous Summit.

A more detailed price chart with variations based on how many nights you will be staying, whether you want shared or private accommodations, and whether you have a companion is available below.

Summit Participant Tickets are tickets for individual participants and include the meals listed below during each day of the Summit. Individual participants should also select their preferred accommodations (shared or private).

Individual participants may also bring companions who are not participating in the Summit. Participants with companions must reserve private accommodations and purchase the Summit Companion Ticket. The Summit Companion Ticket covers the meals each day for the companion and the additional fees for an appropriate private room for both the participant and companion.

*NOTE CHANGE* As of 10 January 2011, all Summit Tickets must be purchased through the RegOnline System. OWASP Sponsored attendees must contact Sarah Baso for a coupon code before going to RegOnline to get their Summit Ticket and book their accommodations. For help regarding the RegOnline System, contact Kate Hartmann. Please note if you previously booked your Summit Ticket, accommodations, or flight through Diplomata Tours, we still have your reservation and you 'DO NOT' need to re-register.

REGISTER NOW 244.jpg

Included Meals

The following meals are included each day of the Summit for Summit Participant and Companion Tickets:

  • Morning Coffee Break
  • Lunch (consisting of pack of a sandwich, bag of chips, yogurt, fruit, cake, and soft drink or mineral water)
  • Afternoon Coffee Break
  • Dinner (buffet style with beverages)

If you are staying at Campo Real, 3 meals per day as well as 2 coffee breaks will be provided (Tuesday through Friday) If you are not staying at Campo Real and purchased only a Summit Participant Ticket, only 2 meals per day (lunch and dinner) and 2 coffee breaks will be provided.

Shared Accommodations will be villa-style suites each containing two or three bedrooms. The bedrooms will contain multiple beds and attendees will be expected to share rooms with other attendees. Each villa has a common area living room and kitchenette which can be used to socialize and collaborate. Private Accommodations will be a single hotel room containing one bed.

In addition, breakfast is included with all accommodation packages.

If you wish to arrive early at Campo Real or stay after the Summit is over, you are more than welcome. The extra night rates are €67 EUR for a single (with breakfast) and €127 EUR for a couple (with breakfast).

As of 10 January 2011, accommodations must be booked through the RegOnline System instead of Diplomata Tours. Also, do not book directly with the Campo Real Resort.

*NOTE CHANGE* Attendees should purchase Summit Tickets and reserve accommodations through the RegOnline System. All OWASP Sponsored attendees must contact Sarah Baso for a coupon code before going to RegOnline to get their Summit Ticket and book their accommodations. For help regarding the RegOnline System, contact Kate Hartmann.

Attendees should arrange for their own airfare, unless they are being funded by OWASP, in which case the attendee must book their airfare through Sarah Baso. Attendees arranging their own air travel should send their flight itinerary to Lorna, Sarah or Jason so that we can arrange airport transfers to the Summit venue.

REGISTER NOW 244.jpg

While we encourage all participants to stay in shared accommodations, we recognize that not all participants will be comfortable sharing accommodations. Individual hotel rooms with single beds are available at an additional cost. The typical total cost for single attendees desiring these private accommodations will be €664 EUR (Summit Participant Ticket + 4 Nights Private Accommodation).

Participants that wish to bring a companion must stay in private accommodations and the companion will cost an additional €404 EUR for a typical grand total of €1068 EUR (Summit Participant Ticket + Summit Companion Ticket + 4-Nights Private Accommodation).

PERSON(S) TICKET COMBINATION COST IN EUROS APPROXIMATE COST IN USD
Individual Summit Participant Ticket
(includes meals, no accommodation)
€260 EUR ≈$350 USD
Individual Summit Participant Ticket
+ 3 Nights Shared Accommodation
€515 EUR ≈$700 USD
Individual Summit Participant Ticket
+ 3 Nights Private Accommodation
€590 EUR ≈$800 USD
Individual Summit Participant Ticket
+ 4 Nights Shared Accommodation
€590 EUR ≈$800 USD
Individual Summit Participant Ticket
+ 4 Nights Private Accommodation
€664 EUR ≈$900 USD
Couple Summit Participant Ticket + Summit Companion Ticket
+ 3 Nights Private Accommodation
*Attendees with companions must stay in Private Accommodations
€920 EUR ≈$1250 USD
Couple Summit Participant Ticket + Summit Companion Ticket
+ 4 Nights Private Accommodation
€1068 EUR ≈$1450 USD
Individual Extra Night of Private Accommodation (includes breakfast) €67 EUR ≈$90 USD
Couple Extra Night of Private Accommodation with Companion (includes breakfast) €127 EUR ≈$170 USD

PDF or Google Docs version of pricing table on OWASP Global Summit Letterhead.




PERSON(S) TICKET COMBINATION COST IN EUROS COST IN USD
Individual Summit Participant Ticket
(includes meals, no accommodation)
€260 EUR $350 USD
Individual Summit Participant Ticket
+ 4 Nights Shared Accommodation
€590 EUR $800 USD

The total cost for most attendees will be €590 EUR or $800 USD (Summit Participant Ticket + 4 Nights Shared Accommodation). Shared accommodations will be contained in multi-room villas which hold between four and six persons. You should expect to share a room in these villas - in fact, the shared experience has been cited as the most fun and beneficial part of the previous Summit.

A more detailed price chart with variations based on how many nights you will be staying, whether you want shared or private accommodations, and whether you have a companion is available below.

Summit Participant Tickets are tickets for individual participants and include the meals listed below during each day of the Summit. Individual participants should also select their preferred accommodations (shared or private).

Individual participants may also bring companions who are not participating in the Summit. Participants with companions must reserve private accommodations and purchase the Summit Companion Ticket. The Summit Companion Ticket covers the meals each day for the companion and the additional fees for an appropriate private room for both the participant and companion.

*NOTE CHANGE* As of 10 January 2011, all Summit Tickets must be purchased through the RegOnline System. OWASP Sponsored attendees must contact Sarah Baso for a coupon code before going to RegOnline to get their Summit Ticket and book their accommodations. For help regarding the RegOnline System, contact Kate Hartmann. Please note if you previously booked your Summit Ticket, accommodations, or flight through Diplomata Tours, we still have your reservation and you 'DO NOT' need to re-register.

REGISTER NOW 244.jpg

Included Meals

The following meals are included each day of the Summit for Summit Participant and Companion Tickets:

  • Morning Coffee Break
  • Lunch (consisting of pack of a sandwich, bag of chips, yogurt, fruit, cake, and soft drink or mineral water)
  • Afternoon Coffee Break
  • Dinner (buffet style with beverages)

If you are staying at Campo Real, 3 meals per day as well as 2 coffee breaks will be provided (Tuesday through Friday) If you are not staying at Campo Real and purchased only a Summit Participant Ticket, only 2 meals per day (lunch and dinner) and 2 coffee breaks will be provided.

Shared Accommodations will be villa-style suites each containing two or three bedrooms. The bedrooms will contain multiple beds and attendees will be expected to share rooms with other attendees. Each villa has a common area living room and kitchenette which can be used to socialize and collaborate. Private Accommodations will be a single hotel room containing one bed.

In addition, breakfast is included with all accommodation packages.

If you wish to arrive early at Campo Real or stay after the Summit is over, you are more than welcome. The extra night rates are €67 EUR for a single (with breakfast) and €127 EUR for a couple (with breakfast).

As of 10 January 2011, accommodations must be booked through the RegOnline System instead of Diplomata Tours. Also, do not book directly with the Campo Real Resort.

*NOTE CHANGE* Attendees should purchase Summit Tickets and reserve accommodations through the RegOnline System. All OWASP Sponsored attendees must contact Sarah Baso for a coupon code before going to RegOnline to get their Summit Ticket and book their accommodations. For help regarding the RegOnline System, contact Kate Hartmann.

Attendees should arrange for their own airfare, unless they are being funded by OWASP, in which case the attendee must book their airfare through Sarah Baso. Attendees arranging their own air travel should send their flight itinerary to Lorna, Sarah or Jason so that we can arrange airport transfers to the Summit venue.

REGISTER NOW 244.jpg

While we encourage all participants to stay in shared accommodations, we recognize that not all participants will be comfortable sharing accommodations. Individual hotel rooms with single beds are available at an additional cost. The typical total cost for single attendees desiring these private accommodations will be €664 EUR (Summit Participant Ticket + 4 Nights Private Accommodation).

Participants that wish to bring a companion must stay in private accommodations and the companion will cost an additional €404 EUR for a typical grand total of €1068 EUR (Summit Participant Ticket + Summit Companion Ticket + 4-Nights Private Accommodation).

PERSON(S) TICKET COMBINATION COST IN EUROS APPROXIMATE COST IN USD
Individual Summit Participant Ticket
(includes meals, no accommodation)
€260 EUR ≈$350 USD
Individual Summit Participant Ticket
+ 3 Nights Shared Accommodation
€515 EUR ≈$700 USD
Individual Summit Participant Ticket
+ 3 Nights Private Accommodation
€590 EUR ≈$800 USD
Individual Summit Participant Ticket
+ 4 Nights Shared Accommodation
€590 EUR ≈$800 USD
Individual Summit Participant Ticket
+ 4 Nights Private Accommodation
€664 EUR ≈$900 USD
Couple Summit Participant Ticket + Summit Companion Ticket
+ 3 Nights Private Accommodation
*Attendees with companions must stay in Private Accommodations
€920 EUR ≈$1250 USD
Couple Summit Participant Ticket + Summit Companion Ticket
+ 4 Nights Private Accommodation
€1068 EUR ≈$1450 USD
Individual Extra Night of Private Accommodation (includes breakfast) €67 EUR ≈$90 USD
Couple Extra Night of Private Accommodation with Companion (includes breakfast) €127 EUR ≈$170 USD

PDF or Google Docs version of pricing table on OWASP Global Summit Letterhead.


Venue

Hotel entrance 697x395.jpg

Below is the link to the Venue of the 2011 OWASP Global Summit -- CampoReal Resort. CampoReal is located in central Oeste Portugal 38 km north of Lisbon and 18 km inland from the Atlantic Ocean.

http://www.camporeal.pt/en/hotel-residences.aspx

Download a PDF factsheet about CampoReal Resort

The hotel has an Airport Shuttle, Gym and Fitness Center, Gootball camp, Horse Back Riding, Day Spa, Internet WiFi, and Golfcourse as well as many other amenities.

Meals and coffee breaks will be provided by OWASP.

Villas.jpg

Villa Accommodations:

Residence-Pool 3 or 4 bedrooms
- Villa

Each Residence includes:
- Private bathroom(s)
- Kitchenette
- Balcony or garden
- Swimming-pool shared by apartment/townhouse block
- Residence-Pool for 3 bedroom and 4 bedroom villas include a private swimming-pool


A Day in Lisbon, Portugal:

Cascais2.jpg

Click this link to see all the City of Lisbon has to offer, which is only a short train ride from the resort.
http://www.golisbon.com/portugal/cities/cascais.html
or
http://www.travel-in-portugal.com/Cascais/
Lisbon - Spreading out along the right bank of the Tagus, its downtown, the Baixa, is located in the 18th-century area around Rossio. East of the arcade Praça do Comércio, are the medieval quarters of Alfama and Mouraria, crowned by the magnificent St. George's Castle. To the west lie Bairro Alto and Madragoa, with their typical streets, and on the western extreme is Belém, with its Belém Tower, (the sentinel over the Tagus river that protects the entrance into Lisbon), the Jerónimos Monastery (masterpieces of Manueline architecture and classified in UNESCO's International Heritage list) and the Cultural Center of Belém.
Museums:
Ancient Art, Chiado (Contemporary Art), Tile, Archaeology, Ethnology, Coach, Costume, Theater, Maritime, Military, City, Gulbenkian, Modern Art Center, and the Ricardo Espirito Santo Silva Foundation. Palaces open to the public: Ajuda and Fronteira. Churches: Cathedral (with Treasury); São Vicente de Fora; Conceição Velha (Manueline), São Roque and Sacred Art; Madre Deus; Santa Engrácia Pantheon (Baroque), and the Estrela Basilica.
Shopping: Downtown; Avenida de Roma, Praça de Londres, Avenida Guerra Junqueiro, and Amoreiras.
Nightlife: Bairro Alto and Avenida 24 de Julho.
Guided Tours


Sponsoring

We will welcome a few sponsors of this very special event, typically organizations that participate in the summit.

A number of opportunities to sponsor attendees are available:

  • For organizations that are sponsoring their employees attending the summit, logo promotion and links on the Summit Attendee page
  • Organizations can sponsor an individual non-employee attendee for USD$2,000, with associated logo promotion and links on the Summit Attendee page
  • Organizations can sponsor an entire villa (5 attendees) for USD$10,000, with associated logo promotion and links on the Summit Attendee page, promotional mentions, and on-site promotion and photo opportunities (such as banner advertising on the sponsored villa)

Other sponsorship options are under discussion, and will be posted here soon.

If you are interested in supporting the global summit, please contact Lorna.Alamri at owasp.org or 651-338-0243


Attending the Summit

The summit is open to the OWASP community, and the members of the general Application Security community invited to participate and add to the summit working sessions.

Some leaders that are active within OWASP may qualify to have all or partial transportation and lodging paid for by OWASP.
To be considered for qualification, you must meet one or more of the following criteria:

  1. Member of the OWASP Board
  2. Active member of a Global Committee (as determined by the OWASP Board)
  3. Operational personnel that are necessary for the operation of the Summit

The current OWASP sponsorship budget is $50,000 for the Summit.

If you feel you might qualify, please contact Brad Causey or Jason Li. If you do not meet these criteria, and still feel that you should be sponsored, please contact Brad Causey @ or Jason Li @ or apply for Chapter or Project Sponsorship.
Please visit our Summit Attendee Page to see who will be joining us in Portugal or to add your name to the list!

600x166px


Applying for Chapter or Project Sponsorship

Application for OWASP Chapter or Project Funding

*DATES HAVE BEEN EXTENDED!!!

Please submit forms - we will continue to process until mid-January.


WorkflowProcesstoApplyforChapterorProjectFunding.png


Letters and Summit Materials

Summit 2011 Presentation for AppSec DC
Application for OWASP Chapter or Project Funding
Confirmed 2011 OWASP Global Summit Attendees

Template Letter - 2011 Global Summit Basic Invitation
Template Letter - 2011 Global Summit University Outreach Invitation
Template Letter - 2011 Global Summit Government Invitation
Template Letter - 2011 Global Summit Request for Employer Funding and Sponsorship
Template Letter - 2011 Global Summit Request for Employer Funding, Version 2
Template Letter - 2011 Global Summit Request for Employer SUPPORT - no funding


Working Sessions

Click on the working session name to see the home page for that particular session. During the Summit those working session home pages will be used to document discussions and outcomes.

If you're interested in adding a Working Session for the 2011 Summit, there still is time to start a session! Please review the Working Session methodology for Working Session rules.


See Track Details


Schedule and Tracks

Final summit quarter half.jpg

twitter-a.png

REGISTER NOW SUMMIT 2011.jpg

funds to OWASP earmarked for Summit.

Click to return to Summit 2011's main page

Work Model

The Fixed Working Sessions Model

Given the number of existent working sessions, trying to include them all into a fixed agenda would mean that each session would need to be allocated to a slot of 15 minutes.

In order to make the Summit a hub of productive and meaningful discussions, we have decided that the fixed schedule would only include the sessions with:

  • Higher number of attendees;
  • Focus on matters of interest to the wider community.

The rest of the sessions are scheduled during the Dynamic sessions, which are available HERE

The fixed schedule working sessions are organized into 2 tracks in the 2 main conference rooms:

Here is the list of the fixed schedule working sessions:

Tuesday:

Wednesday:

Thursday:

Tuesday, Feb 8

Time Conference Room: CampoReal 1 Conference Room: Alentejo
Work Time Slot Work Time Slot
08h30 - 09h30 Final Registration
09h40 - 10h00 Summit Launch
10h00 - 11h20

XSS and the Frameworks
XSS - Awareness, Resources, and Partnerships


OWASP Training
OWASP Academies

11h20 - 11h30 Coffee Break
11h30 - 13h00

WAF Mitigations for XSS
Virtual Patching Best Practices


OWASP Exams
University Outreach

13h00 - 14h00 Lunch
14h00 - 14h15 Luis Magalhães - Head of Knowledge Society Agency - addresses OWASP
14h15 - 15h30

Risk Metrics
Metrics and Labeling


Government Outreach

15h30 - 16h50

Counting and scoring application security defects



OWASP Secure Coding Practices Project

16h50 - 17h00 Coffee Break
17h00 - 18h30

Enterprise Web Defense Roundtable




Threat Modeling

18h30 - 19h50 Leisure Time
20h00 Dinner


Wednesday, Feb 9

Time Conference Room: CampoReal 1 Conference Room: Alentejo
Work Time Slot Work Time Slot
09h40 - 10h00 Keynote
10h00 - 11h20

Protecting Information Stored Client-Side



Common structure and numbering for all guides
OWASP Common vulnerability list


11h20 - 11h30 Coffee Break
11h30 - 13h00

Providing Access to Persisted Data



OWASP Testing Guide

13h00 - 13h50 Lunch
14h00 - 15h20

Site Security Policy



OWASP Industry Outreach

15h30 - 16h45

Microsoft's SDL in 16 steps (and lessons learned)



OWASP Projects

16h45 - 17h00 Coffee Break
17h00 - 18h20

DOM Sandboxing



Overhauling the OWASP Website

18h30 - 19h50 Leisure Time
20h00 Dinner


Thursday, Feb 10

Time Conference Room: CampoReal 1 Conference Room: Alentejo
Work Time Slot Work Time Slot
09h40 - 10h00 Keynote
10h00 - 11h20

Contextual Output Encoding
ESAPI-CORE


OWASP Board/Committee Governance
Board Structure


11h20 - 11h30 Coffee Break
11h30 - 13h00

ESAPI for Ruby
Applying ESAPI Input Validation


Professionalize OWASP
OWASP funding and CEO discussion

13h00 - 13h50 Lunch
14h00 - 15h20

EcmaScript 5 Security



OWASP Certification

15h30 - 16h45

HTML5 Security



What is an OWASP Leader?
Tracking OWASP Participation

16h45 - 17h00 Coffee Break
17h00 - 18h20

Mobile Security



OWASP Licensing Test

18h30 - 19h50 Leisure Time
20h00 Dinner
22h00 OWASP Band gig!!!

Friday, Feb 11

Time Conference Room: CampoReal 1 Conference Room: Alentejo
Work Time Slot Work Time Slot
10h00 - 11h15



11h15 - 11h30 Coffee Break
12h00 - 13h30 Closing Session
Campo Real I Room