Wednesday, July 21, 2010

Interview with Jeff Williams


The conference guide for OWASP AppSec Research 2010 featured an interview I did with Jeff Williams, volunteer chair of OWASP. Now it's online. Read his view on:

* Will OWASP ever reach out to developers?
* Application security and the word Trust
* Do developers care about rugged software?
* Java rootkits and trusted developers

Regards, John

John Wilander
Chapter leader OWASP Sweden,
Conference chair OWASP AppSec Research 2010,

OWASP July Newsletter

I am pleased to forward the link to the July edition of the OWASP Newsletter:

As you can see from the front page, our global community is going to be very busy this fall, beginning with our US AppSec event in Irvine, California. If you have not done so already, please visit,_CA for the training courses being offered as well as the updated agenda! You can also find information on travel, special room discounts, sponsorship, and registration.

As always, if you need any assistance, do not hesitate to send me an email or give me a call!

I hope to see everyone in California in September!

Kate Hartmann
OWASP Operations Director
9175 Guilford Road
Suite 300
Columbia, MD 21046

Skype: kate.hartmann1

OWASP New Zealand Day 2010

Hi everyone,

The OWASP New Zealand Day 2010 conference was great and it was cool to see 160 delegates gathering for the event! At the end, we had 7 presentations including an impromptu one ;-).

Feedback forms returned indicate audience was satisfied with the overall quality of the event and I believe this feedback recognized all the efforts to make this conference happen. In fact, I must thank again all the speakers for the time spent and their contribution to the OWASP community. Without them, there won't be a conference.

I would also like to remember that entry to the conference was free and sponsors and Lateral Security offered coffee, lunch and snack breaks to all the attendees.

Some of the presentations have been published and can be downloaded from:

Remaining presentations will be probably published later next month.

OWASP NZ Day 2010 had also some blog coverage:

- Kirk Jackson wrote an excellent article covering all the key points raised during the conference:,category,OWASP.aspx

If anyone is planning to write or wrote articles/stories on the conference/talks, please let me know.

Feel free to check upcoming OWASP NZ chapter activities at the following page:

or if you haven't yet, subscribe to the OWASP NZ Chapter mailing-list for future announcements:

Thanks again,

Roberto Suggi Liverani

OWASP New Zealand Day 2010 was kindly offered and supported by the following sponsors:

- University of Auckland (ICT and Department of Information Systems and Operations Management) -
- NZISF (New Zealand Information Security Forum) -
- -
- Lateral Security -

Sunday, July 11, 2010




OWASP is currently soliciting training proposals for the OWASP AppSec Brazil 2010 Conference which will take place at Fundação CPqD in Campinas, SP, Brazil, on November 16 through November 19, 2010. There will be training courses on November 16 and 17 followed by plenary sessions on the 18 and 19 with one single track per day.

We are seeking training proposals on the following topics (in no particular order):
- Application Threat Modeling
- Business Risks with Application Security
- Hands-on Source Code Review
- Metrics for Application Security
- OWASP Tools and Projects
- Privacy Concerns with Applications and Data Storage
- Secure Coding Practices (J2EE/.NET)
- Starting and Managing Secure Development Lifecycle Programs
- Technology specific presentations on security such as AJAX, XML, etc
- Web Application Security countermeasures
- Web Application Security Testing
- Web Services, XML- and Application Security
- Anything else relating to OWASP and Application Security

Proposals on topics not listed above but related to the conference (i.e. which are related to Application Security) may also be accepted.

To make a submission you must fill out the form available at and submit by email to

There may be 1 or 2-day courses. The proposals must respect the restrictions of the OWASP Speaker Agreement. The conference will reward trainers with at least 30% of the total revenue of their courses, based on a minimum attendance. Courses that attract more students may be granted higher percentages. No other compensation (such as tickets or lodging) will be provided. If you require a different arrangement, please contact the conference chair at the email address below.

Instructors and authors will be paid based on the number of students in their training sessions. If the training gathers only the minimum number of students, the compensation will be 30% of the revenue. For each group of 10 extra students enrolled, the compensation will be increased by 5% of the revenue, up to a maximum of 45% of the training revenue. For example, a 1-day training with 10 to 19 students will generate a compensation of 30% of the revenue. For classes of 20 to 29
students, the compensation raises to 35% percent of the revenue.

In exceptional cases, different compensation schemes may be accepted. Please contact the conference organization team by email ( for details.

**Training cost**
1-day training: R$ 450 per student
2-day training: R$ 900 per student
All prices in Brazilian Reais (BRL)

**Minimum number of students**
1-day trainings: 10 students
2-day trainings: 20 students

**Important Dates:**
Submission deadline is July 26, 2010, at 11:59 PM (UTC/GMT-3).
Notification of acceptance will be August 16, 2010.
Final version is due September 15, 2010.

The conference organization team may be contacted by email at organizacao2010 (at)

For more information, please see the following web pages:
Conference Website:
OWASP Speaker Agreement:
OWASP Website:
Easychair conference site:
Presentation proposal form:

********** WARNING: Submissions without all the information requested in the proposal form will not be considered ************

Please forward to all interested practitioners and colleagues.