OWASP AppSec Europe Videos Posted
Labels: appsec europe, videos
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Labels: appsec europe, videos
**OWASP APPSEC BRASIL 2009**
**CALL FOR TRAINING SESSIONS**
Colleagues,
OWASP is currently soliciting training proposals for the OWASP AppSec Brazil 2009 Conference which will take place at Câmara dos Deputados (Deputy Chamber) in Brasília, DF, on October 27th through October 30th 2009. There will be training courses on October 27th and 28th followed by plenary sessions on the 29th and 30th with one single track per day. The conference will be organized and supported by the TI-Controle Community (www.ticontrole.gov.br) and the Deputy Chamber (www2.camara.gov.br/english).
We are seeking training proposals on the following topics (in no
particular order):
- Application Threat Modeling
- Business Risks with Application Security
- Hands-on Source Code Review
- Metrics for Application Security
- OWASP Tools and Projects
- Privacy Concerns with Applications and Data Storage
- Secure Coding Practices (J2EE/.NET)
- Starting and Managing Secure Development Lifecycle Programs
- Technology specific presentations on security such as AJAX, XML, etc
- Web Application Security countermeasures
- Web Application Security Testing
- Web Services-, XML- and Application Security
- Anything else relating to OWASP and Application Security
Proposals on topics not listed above but related to the conference
(i.e. which are related to Application Security) may also be accepted.
There may be 1 or 2-day courses. The proposals must respect the
restrictions of the OWASP Speaker Agreement. The conference sponsors
will provide lodging and domestic (within Brazil) air travel for one
presenter per course, no other compensation is available. If you
require a different arrangement, please contact the conference
organization team at the email address bellow.
**Important Dates:**
Submission deadline is July 11th 2009 at 11:59 PM (UTC/GMT -3).
Notification of acceptance is August 7th 2009.
Final version is due September 5th 2009.
To make a proposal, please fill the form
(http://www.owasp.org/images/4/4b/OWASP_AppSec_Brazil_09_CFT.docx) and
send it by email to appsec.brasil (at) camara.gov.br
For more information, please see the following web pages:
Kate Hartmann
OWASP Operations Director
9175 Guilford Road
Suite 300
Columbia, MD 21046
301-275-9403
kate.hartmann@owasp.org
Skype: kate.hartmann1
In exactly one year -- June 21-24, 2010 -- we'll all meet in beautiful Stockholm, Sweden. OWASP Sweden, Norway, and Denmark hereby invite you to OWASP AppSec Research 2010.
AppSec Research = AppSec Europe
This conference was formerly known as OWASP AppSec Europe. We have added 'Research' to highlight that we invite both industry and academia. All the regular AppSec Europe visitors and topics are welcome along with contributions from universities and research institutes.
This is the European conference for anyone interested in or working with application security. Co-host is the Department of Computer and Systems Science at Stockholm University, offering a great venue in the fabulous Aula Magna.
Countdown Challenges -- Free Tickets to Win!
There will be a challenge posted on the conference wiki page the 21st every month up until the event. The winner will get free entrance to the conference. What are you waiting for? The first challenge is posted. Go, go, go -- https://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm%2C_Sweden#AppSec_Research_Challenge_1:_Input_Validation_and_Regular_Expressions.
Call for Papers and Proposals
We offer two options:
1. Full papers. Peer-reviewed 12 page papers that will be published in formal proceedings by Springer-Verlag Lecture Notes in Computer Science (final approval pending).
2. Presentation proposals. A presentation proposal should consist of a 2-page position paper representing the essential matter proposed by the speaker(s). Proposals must include sufficient material for the reviewers to make an informed decision.
Topics of Interest
We encourage the publication and presentation of new tools, new methods, empirical data, novel ideas, and lessons learned in the following areas:
• Web application security
• Security aspects of new/emerging web technologies/paradigms (mashups, web 2.0, offline support, etc)
• Security in web services, REST, and service oriented architectures
• Security in cloud-based services
• Security of frameworks (Struts, Spring, ASP.Net MVC etc)
• New security features in platforms or languages
• Next-generation browser security
• Security for the mobile web
• Secure application development (methods, processes etc)
• Threat modeling of applications
• Vulnerability analysis (code review, pentest, static analysis etc)
• Countermeasures for application vulnerabilities
• Metrics for application security
• Application security awareness and education
Submission Deadline and Instructions
Submission deadline is Sunday February 7th 23:59 (Apia, Samoa time). Submissions should be at most 12 pages long in the Springer LNCS style for "Proceedings and Other Multiauthor Volumes". Templates for preparing papers in this style for LaTeX, Word, etc can be downloaded from: http://www.springer.com/computer/lncs?SGWID=0-164-7-72376-0. Full papers must be submitted in a form suitable for anonymous review: remove author names and affiliations from the title page, and avoid explicit self-referencing in the text.
Program Committee
• John Wilander, Omegapoint and Linköping University (chair)
• Alan Davidson, Stockholm University/Royal Institute of Technology (co-host)
• Andrei Sabelfeld, Chalmers UT
• Engin Kirda, Institute Eurecom
• Lieven Desmet, Katholieke Universiteit Leuven
• Martin Johns, University of Passau
• Christoph Kern, Google
• Sergio Maffeis, Imperial College London
Organizing Committee
• John Wilander, chapter leader Sweden (chair)
• Mattias Bergling (vice chair)
• Alan Davidson, Stockholm University/Royal Institute of Technology (co-host)
• Ulf Munkedal, chapter leader Denmark
• Kåre Presttun, chapter leader Norway
• Stefan Pettersson (sponsoring coordinator)
• Carl-Johan Bostorp (schedule and event coordinator)
• Martin Holst Swende (coffee/lunch/dinner)
• Kate Hartmann, OWASP
• Sebastien Deleersnyder, OWASP Board
Welcome to Stockholm next year!
OWASP created the project assessment criteria to define the quality levels for OWASP Projects with the purpose of evaluating all OWASP projects. The overall goal was to ensure that consistent quality levels are maintained by OWASP projects. This benefits both the external audience and those working on projects. The criteria allows the external audience to determine the quality of any OWASP project they are considering. For project members, it provides a method to measure the quality of their project in relation to other OWASP projects. Additionally, the criteria allows for excellent contributions to be recognized and projects which need further work to be identified.
Currently, OWASP projects fall into three primary categories:
The Tools and Documents categories are easily understood. The Activities and Research category is less obvious and is used for projects which either have multiple sub-projects or have project releases which fall into both the tools and documents category. Thus, Activities and Research can be used for parent projects that cover multiple smaller sub-projects. Some examples will make this clearer:
All existing projects and their current ratings are here. Any new OWASP project and its releases will be assessed based on the criteria below as well as any new Season of Code project. The goal is to eventually have all OWASP projects and releases, past and future, assessed under a version of this criteria. The initial set of assessment criteria was created for the OWASP Summer of Code 2008 and was designated version 1.0. The current version below was derived from version 1.0 and is version 2.0. Labelling any new criteria with a version number allows for graceful transitions to occur should any criteria change.
Any OWASP project will consist of two critical pieces:
Each of these pieces will be have different methods with which they are reviewed.
Depending on the size and scope of a project, the roles below may be done by separate parties or a single individual may take on multiple roles. Roles vary in their level on involvement with the project, the areas of involvement, their lifespan with a project, etc.
Each role will be described in the next revision of this document --Mtesauro 16:09, 4 May 2009 (UTC)
OWASP is now launching its Season of Code 2009 (OWASP SoC 09) with a provisional budget US$90,000, following the previous OWASP Summer of Code 2008, in which 33 projects were approved and a budget of more than US$125,000 have been made available, the OWASP Spring of Code 2007 (SpoC 07), in which 21 projects were sponsored with a budget of US$117,500, and the OWASP Autumn of Code 2006 (AoC 06), in which 9 projects were sponsored with a budget of US$20,000. The OWASP SoC 2009 is an OWASP grant program to encourage participants/developers to work together on OWASP (and web security) related projects.
OWASP SoC 2009 introduces a shift in grant structure from previous Seasons of Code. Going forward, we would like to see Season of Code grants used towards operating expenses. The driving idea behind this shift is that OWASP, as an organization, has plenty of technical talent and knowledge. As a result, our money is best spent on things that we cannot already do right now as an organization. These expenses include things like marketing our best projects, printing promotional samples of our best OWASP documents, graphic design, travel expenses to hold mini-summits, etc.
With this goal in mind, all project proposals should include a budget detailing how much money the team is expecting (up to 20k) and how they plan on using those funds. While all projects will be reviewed by the SoC Jury, preference will be given to projects that use the funds for expenses incurred outside of the OWASP community. The SoC Jury will provide feedback on proposals whose allocations and costs are deemed to be too high.
Although we welcome any project proposals (from improving Quality of existing OWASP projects to new innovative research), the areas below will be preferred:
In particular, any projects that wishes to participate in the current SoC with the goal of improving their project quality is welcome to submit an application. Several project leaders have already indicated that they would like to do this even without SoC grant funds. For proposals that do not request SoC grant funds, we will do our best to offer alternative rewards in the form of project promotion (recognition, featured placement on the OWASP website, speaking slots to highlight projects at OWASP conferences, etc).
The OWASP SoC 09 jury is constituted by the OWASP Board Members (Jeff Williams, Dave Wichers, Tom Brennan, Sebastien Deleersnyder and Dinis Cruz) plus respective Committee representative.
Welcome to the OWASP New Zealand for 2009, the first all day security conference dedicated to web application security in New Zealand.
The University of Auckland Business School
Owen G Glenn Building
Room: OGGB 260-073 (OGGB4)
Address: 12 Grafton Road
Auckland
New Zealand
Map
You are invited to attend to the OWASP Day conference at no charge (Free as in beer). However to ensure an orderly, well run event we require that all attendees register before the registration close off date (20th June 2009). At this time there will be no plan to allow "on the day registration", so register now to reserve your place.
To register at the conference, please click the registration button below:
The OWASP Days have always offered a forum for discussion and exchange of ideas among researchers and practitioners who present their experiences and discuss issues related to Web Application Security from a higher level to a technical point of view.
Conference topics include, but are not limited to:
OWASP New Zealand Day 2009 will be all day Conference. The conference aims to provide a workshop-like atmosphere in which contributions can be presented and then time is allowed for constructive discussion of their results and processes.
It will be structured in two parallel streams. During the conference two coffee breaks (one in the morning and one in the afternoon) and the lunch are in program. These might be offered by the sponsors.
The detailed agenda of the conference will be available on the web site before the event.