Friday, August 21, 2009

AppSec DC 2009

OWASP Announces International Application Security Conference for 2009 Speaker Agenda Released and Registration Open for 2009's Largest Web Application Security Event

Washington DC August 20th, 2009 -- Following in the footsteps of the Open Web Application Security Project's (OWASP, ) immensely successful and popular conferences earlier this year in Australia, Poland, Ireland, and Brazil, Washington DC will be hosting the 2009 OWASP Application Security Conference (AppSec DC, ), North America's premier web application security conference, at the Walter E. Washington Convention Center on November 10-13th, 2009.

AppSec DC 2009 will provide a venue for hundreds of IT professionals interested in securing web technologies to learn, interact, network, and attend presentations and training given by some of the world's top practitioners of web application security, suitable for everyone from federal decision makers and management to application security engineers and developers. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead
developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next” in the world of application security. The conference is expected to draw 600-700 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

"AppSec DC is a unique opportunity for federal decision makers and key technologists to become familiar with OWASP and the resources it has to offer," said Doug Wilson, co-chair of the Washington DC OWASP Chapter and organizer of AppSecDC. "The federal government has already
embraced the OWASP Top Ten and other OWASP guidelines. OWASP's mission and community align closely with the goals set forth by the US Chief Information Officer: transparency, engagement of staff, reduction of cost, and innovation in technology. OWASP can enable the government to attain these goals in the pursuit of securing critical technologies that depend on the web."

Highlights for AppSec DC 2009 include a keynote from Joe Jarzombek, Director for Software Assurance in the Department of Homeland Security's (DHS) National Cyber Security Division (NCSD), a panel discussion of US Federal Government Chief Information Security Officers on their experiences with application security, a panel of industry experts on implementing security in development cycles, and a wide variety of talks by leading personalities in the field of web
application security, including Robert "RSnake" Hansen, Robert Auger, Chris Wysopal, and others.

"For AppSec DC 2009, We're really trying to reach out to developers, testers and quality assurance staff because they are pivotal to solving the root causes of application security problems," said Mark Bristow, an organizer of AppSec DC and a founding member of the OWASP Global Conferences Committee. "To this end, we have a dedicated secure development track designed specifically for these folks to give them the skills they need to build secure software effectively."

AppSec DC 2009 will feature interactive, hands-on training courses led by some of the leaders in application security (Security Compass, Aspect Security, WhiteHat Security, Inguardians and others) on the 10th and 11th of November followed by four distinct speaking tracks on the 12th and 13th. Opportunities to interact with AppSec sponsors and vendors will also be available, as well as an OWASP-sponsored Capture the Flag competition and other events.

Who Should Attend AppSec DC 2009:

* Application Developers
* Application Testers and Quality Assurance
* Application Project Management and Staff
* Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
* Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
* Security Managers and Staff
* Executives, Managers, and Staff Responsible for IT Security Governance
* IT Professionals Interesting in Improving IT Security

If you would like more information about AppSec DC 2009, please visit
the conference website at

About OWASP:

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true
application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work from Individuals, Organization Supporters & Accredited University Supporters.

For more information, please visit

About the OWASP DC Chapter:

The OWASP DC Chapter is Washington DC's local OWASP presence with bi-monthly meetings and is taking the lead on organizing AppSec DC 2009.

For more information, please visit

Tuesday, August 11, 2009

August 2009 update

(authored by Tom Brennan)

The OWASP Aug 2009 meeting has completed.

** Driven by interest of individuals to become board members, a
proposal for addition of 6th board member put to vote. Proposal
process of filling the position to be unveiled in November. Members
would have voting privileges.

What was the agenda?,_2009_Agenda

What was the outcome?

Where are all the meetings located?

What else is happening at OWASP Globally? See:


Thursday, August 6, 2009

OWASP AppSec Germany 2009 Call for Presentations

OWASP AppSec Germany 2009 Call for Presentations

(For German version see below)

The OWASP German Chapter is delighted to invite you to the OWASP AppSec Germany 2009 conference at 13th October, 2009. The conference will this year take place in parallel to the IT security trade fair it-sa in Nuremberg.

Call for Presentations

A presentation proposal should consist of a 2-page position paper representing the essential matter proposed by the speaker(s). Proposals must include sufficient material for the organizing committee to make an informed decision.

Topics of Interest

We encourage in particular presentations about development, operations, and testing aspects of web based applications. We aim to complement the well established technical aspects of web application security with IT management, business, and user oriented topics. The conference language is German but talks are also welcome in English. Topics of interests are all topics related to web application security and OWASP, in particular (all with focus on web application security):

  • Technical talks with particular relevancy to practice.
  • Secure development frameworks and best practices
  • Security awareness programs for developers, testers, architects and business people
  • Security management of web based applications
  • Security management in outsourcing and off-shoring projects and operations
  • Lessons learned talks about web application security, in particular about the introduction of internal web application security processes, internal and/or external auditing etc.
  • OWASP in your enterprise or university
  • Application security and metrics

Depending on the submissions the conference will be organized in one or two parallel tracks. Presentations are scheduled for 30 or 45 minutes. All presentations are held and published under the OWASP speakers agreement (see below).

The conference aims to provide a lab room available for demonstrations or hands on discussions (tbc).

  • Conference participants and in particular all speakers are invited to the pre-opening event at 12th October, 2009. Details will be published shortly.


  • Submission deadline is the 17th August, 2009. Please indicate the proposed duration (30 / 45 minutes) of your talk. Submission email address is . Your submission will be confirmed shortly. Please not if you like to present 30 or 45 minutes and if you like to use the lab.
  • Acceptance notification until 31st August, 2009.
  • Submission deadline for presentation slides (prefinal) 1st October, 2009
  • Conference 13th October 2009 (pre-opening event at 12th October, 2009)

Additional information:


Email: . Thomas Schreiber und Georg Hess (OWASP German Chapter Leaders), Boris Hemkemeier (OWASP German Chapter Board Member)


OWASP AppSec Germany 2009 Call for Presentations

Die deutsche Sektion des Open Web Application Security Project (OWASP) richtet die zweite Konferenz OWASP AppSec Germany 2009 am 13.10.2009 aus. Die Konferenz findet begleitend zur IT- Security-Messe it-sa in Nürnberg (Messe) statt. Das German OWASP Chapter ruft für diese Konferenz einen Call for Presentations (CfP) aus. Die Konferenz richtet sich primär an ein deutsches Publikum, die Konferenzsprache ist Deutsch, aber Vorträge sind auch in Englisch willkommen. Die OWASP AppSec Germany 2009 soll eine Ergänzung zu bekannten technologieorientierten Security-Konferenzen darstellen und auch fachliche Vorträge zu Entwicklung, Betrieb und Test von webbasierten Anwendungen bieten.

Call for Presentations

Für die Einreichung von Vorträgen bitten wir um eine maximal zweiseitige Zusammenfassung oder eine Vorabversion des Vortrags.

Erwünschte Themengebiete

Alle Themen mit Bezug zu Web Application Security und OWASP, insbesondere – jeweils bzgl. Web Application Security:

  • Praxisrelevante technische Vorträge
  • Sichere Entwicklungsframeworks und Best Practices
  • Secure Development Lifecycle
  • Security-Awareness Programme für Entwickler, Tester, Architekten und Auftraggeber
  • Security Management von Anwendungen im Unternehmen
  • Anwendungssicherheit bei Outsourcing- und Offshoring-Projekten
  • Erfahrungsberichte aus Unternehmen, insb. bzgl. Einführung von Web Application Security Prozessen, internem und externem Auditing etc.
  • OWASP in Ihrem Unternehmen, Ihrer Hochschule etc.
  • Anwendungssicherheit und Metriken

Abhängig von der Anzahl eingehender Vorträge werden ein oder zwei Tracks angeboten.

Präsentationen können 30 oder 45 Minuten dauern. Wird der Beitrag akzeptiert, kann ggfs. Rücksprache bzgl. der Länge erfolgen.

Alle Vorträge werden unter der OWASP Lizenz (OWASP-Speaker Agreement – siehe unten) auf der Konferenzwebseite veröffentlicht.

Es wird darauf hingewiesen, dass das OWASP-Speaker Agreement vor der Konferenz ohne Änderung akzeptiert und unterschrieben werden muss.

Voraussichtlich wird neben den Konferenzbeiträgen ein kleines Lab angeboten, in dem Demos aus den Vorträgen vorgeführt werden können oder nach dem Vortrag einzelne Themen mit Interessierten praktisch vertieft werden können.

Teilnehmer und insbesondere Vortragende sind herzlich eingeladen zur Vorabendveranstaltung am 12.10.2009.


  • Einreichungen bis 17.08.2009 per Email an . Bitte fügen Sie eine Zusammenfassung des Vortrags oder eine Vorabversion des Foliensatzes sowie, wenn möglich, eine Kurzbiographie bei. Bitte geben Sie auch die gewünschte Dauer (30 oder 45 Minuten) mit an. Wenn Sie am Lab interessiert sind, vermerken Sie dies bitte.
  • Benachrichtigung der Vortragenden 31.08.2009.
  • Einreichung der Foliensätze (prefinal) 01.10.2009
  • Konferenz 13.10.2009 (mit Vorabendveranstaltung am 12.10.2009)

Weitere Informationen

Kontakt: .Thomas Schreiber und Georg Hess (OWASP German Chapter Leaders), Boris Hemkemeier (OWASP German Chapter Board Member)

Kate Hartmann
OWASP Operations Director
9175 Guilford Road
Suite 300
Columbia, MD 21046

Skype: kate.hartmann1