Tuesday, October 13, 2009

AppSec DC and OWASP Global Summit 2009

OWASP Appsec 09
November 10-13
Walter E. Washington Convention Center, Washington DC

OWASP 2009 Summit
November 11
Walter E. Washington Convention Center, Washington DC

Come join the best in the web application security in
Washington DC, November 10-13!

Important reminders for those attending OWASP AppSec DC:

- The OWASP Summit for 2009 is happening in conjunction with AppSecDC the day before the talks (November 11th). http://www.owasp.org/index.php/Summit_2009 This is a great opportunity for OWASP leaders and members to take advantage of both events, as well as things such as the discounted rate for accommodations for conference.

- This week is the LAST week that we can guarantee the generously discounted room rate we have negotiated with the Grand Hyatt. If you book after 10/19/09, we can NOT guarantee that you will get the discounted rate. This applies to people attending both the summit and the conference.

You can make your reservations online here:


or by calling the Grand Hyatt and using the promo code "OWAS" . (It is a 4 letter code – no “P”

- There are still openings in some of our Training Classes. The training options at AppSecDC are substantially cheaper than other comparative industry events. Training options are detailed here:


About AppSecDC:

AppSecDC 2009 ( http://appsecdc.org ) will provide two days of world class training on topics like Assessing Web Applications, Threat Modeling, and Secure Code Review, followed by two days of presentations.

Speakers will include subject matter experts and leaders from public and private sectors in eight tracks across two days, with keynotes from leading federal names in application security, an Industry SDLC panel, a Federal CISO panel, and more.

Admission for the presentations is only $395 for two days of talks. OWASP Chapter leaders may be subsidized by the OWASP foundation for the cost of their admission. All events qualify for CPEs if you have ISC2 certifications to maintain.

Visit our website: http://appsecdc.org

Visit the summit website: http://www.owasp.org/index.php/Summit_2009

Register now to guarantee your spot: http://guest.cvent.com/i.aspx?4W,M3,26bc4c77-e1ef-4bad-be46-eb7b0124276c

Book your hotel: https://resweb.passkey.com/Resweb.do?mode=welcome_ei_new&eventID=1401279&fromResdesk=true

Find out more details: http://www.owasp.org/index.php/OWASP_AppSec_US_2009_-_Washington_DC
Kate Hartmann

OWASP Operations Director
9175 Guilford Road
Suite 300
Columbia, MD 21046

Skype: kate.hartmann1

AppSec Brazil 2009 - Call for Participation

International Conference on Application Security, sponsored by TI-Control Community and the Brazilian Chamber of Deputies, in partnership with OWASP and support from the University of Brasília, UnB.

The Computing Centre of the Brazilian Chamber of Deputies and TI-Control invite all interest parties to attend AppSec Brazil 2009, which will happen in Brasília, Brazil, from October 27th to October 30th 2009.

The Conference comprises training sessions on October 27th and 28th, followed by plenary sessions on October 29th and 30th 2009.


Dr. Gary McGraw, CTO, Cigital Inc.

The Building Security In Maturity Model(BSIMM)

Jason Li, Aspect Security

Agile and Secure: Can we do both?

Dinis Cruz, OWASP Board

OWASP Project Overview

Kuai Hinojosa, NY University e OWASP

Implementing Secure Web Applications using OWASP Resources

Selected talks

The Conference will have several technical talks on several aspects of Application Security. Some of the subjects are:

  • Web Application Security
  • Security expenses optimization
  • SQL Ownage
  • Tools

Training Sessions

The Conference will also present 5 training sessions:

  • Gestão de Riscos de Segurança Aplicada a Web Services (in Portuguese)
  • Segurança Web: Técnicas para Programação Segura de Aplicações (in Portuguese)
  • Segurança Computacional no Desenvolvimento de Web Services (in Portuguese)
  • Tecnologias de Segurança em Web Services (in Portuguese)
  • Hands on Web Application Testing using the OWASP Testing Guide (in English)


The conference will be at the Brazilian Chamber of Deputies, in Brasília. The plenary sessions will occur at Auditório Nereu Ramos, Anexo II. The training sessions will be at the Centro de Formação, Treinamento e Aperfeiçoamento.


Thanks to the sponsors, there will be no fee to attend the Conference, but registration will be required to avoid overcrowding the auditorium.

Registration will be open beginning September 29th, 2009, at the URL: http://www.camara.gov.br/appsecbrasil2009

More Information

For more information, please consult the web sites listed below or write to


Registration and general information: http://www.camara.gov.br/appsecbrasil2009

TI-Control Community: http://www.ticontrole.gov.br
Chamber of Deputies: http://www.camara.gov.br

Kate Hartmann

OWASP Operations Director
9175 Guilford Road
Suite 300
Columbia, MD 21046

Skype: kate.hartmann1

Monday, October 12, 2009

OWASP-Italy Day IV

Next 6th November we will have the next OWASP-Italy Day.

In this occasion CIOs, CTOs, CISOs, Auditors, IT managers, Security Managers and Security Governance managers, will have the opportunity to uptade about the evolution about the Application Security and the new intiatives about Software Security.

The Agenda:

9:00h Registration
9.30h Introduction to the OWASP-Day
Matteo Meucci - OWASP-Italy Chair
9.50h How to Create Business cases for Your Software Security Initiative
Marco Morana — CISO, Citigroup
10.30 OWASP SAMM / Open Software Assurance Maturity Model
Claudio Merloni — Software Security Consultant, Fortify Software
11.10h Coffee break
11.40h From Web Attacks to Malware. Can Secure Software Development Help Internet Banking Security?
Giorgio Fedon — COO, Minded Security
12.20h Usability versus security: securing Internet facing applications while keeping them highly attractive for everybody
Tobias Christen — CTO, DSwiss Ltd
13.00h Business Lunch
14.00h NoScript, CSP and ABE: When the Browser Is Not Your Enemy
Giorgio Maone — CTO, InformAction
14.40h Building Security In Maturity Model: A Review of Successful Software
Gabriele Giuseppini — Technical Manager, Cigital
15.20h The art of code reviewing
Paolo Perego — Senior Consultant, Spike Reply
16.00h Round Table: Why Software Security is not a priority in our digital world?
Marco Morana, Carlo Merloni, Gabriele Giuseppini, Stefano Di Paola — Keynote Raoul Chiesa


"Avete finito di imbottire le vostre reti di firewall e altre diavolerie simili? Allora è tempo di cambiare prospettiva e rendersi conto che oggi, dopo aver messo in sicurezza il perimetro dei nostri sistemi informativi, le minacce più serie provengono dalle nostre stesse applicazioni che, a volte, non sono progettate ed implementate, tenendo conto delle migliori pratiche di sviluppo di software sicuro. In questo campo l’OWASP rappresenta un punto di riferimento costante ed una miniera di informazioni e strumenti, ed al Ministero dell’Istruzione, Università e Ricerca abbiamo imparato ad apprezzarne i materiali e le informazioni disponibili sul suo sito web, nell’ambito del nostro gruppo che si occupa di sicurezza del sistema informativo. Per conoscere le iniziative dell’OWASP, avere un’anteprima delle principali novità in tema di sicurezza del software, incontrare i maggiori esperti in questo settore, partecipate all’OWASP DAY – ITALY IV il 6 novembre prossimo a Milano, sarà un’occasione utilissima di approfondimento."
Paolo De Santis – Dirigente della Direzione Generale per gli Studi, la Statistica ed i Sistemi Informativi del MIUR

“L’OWASP Day è il luogo e il momento per incontrare altri professionisti e appassionati del settore. E’ un’opportunità per conoscere direttamente dai protagonisti le metodologie, le tecniche e gli ambiti di ricerca nel mondo della sicurezza applicativa divenuto ormai il fattore principale, insieme a quello umano, nel campo dell’Information Security. “
Massimo Trevisani—CSO IWBank

"Le conferenze OWASP in Italia rappresentano un momento importante di awareness sulla sicurezza applicativa. L'evento rappresenta un punto di riferimento in cui i professionisti dell'IT possono valutare nuovi approcci allo sviluppo sicuro del software e alla difesa delle proprie applicazioni on-line"
Marco Bavazzano—CISO Telecom Italia