[Owasp-leaders] CONFidence 2009 - Call for Papers

Sun Feb 15 05:36:44 EST 2009

Hi Andrzej, this is my cfp answer.

Paolo

On Thu, Jan 29, 2009 at 9:25 AM, Andrzej Targosz
<andrzej.targosz at proidea.org.pl> wrote:
> This year CONFidence conference will be held in Poland just after
> OWASP EU, where we help with organization.
> If you're planning to be at OWASP EU (I hope you are) maybe you could give a
> talk during CONFidence? Before you send your submission please note
> that it would be perfect if the topic was different than the one you
> submitted for OWASP EU (I think that a lot of OWASP EU attendees will
> continue their conference experience at CONFidence).
>
> Calling all practitioners in the field of IT security!
> The 5th edition of the best Polish IT security conference, CONFIDENCE
> 2009, is taking place on May 15/16, 2009 in Krakow.
> The Keynote Speakers will be Bruce Schneier, Joanna Rutkowska.
>
> We invited all to send the proposed topic and abstracts of
> presentation till the 15th of February. Please, remember that CONFidence
> is an open, international conference and all presentations should be
> given in English. If you want to give your lecture in Polish, please
> send an e-mail to the address given below.
>
> The answer to CfP should include:
> # name, last name and e-mail address of the potential speaker
> # speaker's short bio, describing his experience and skills
> # speaker's place of residence
> # presentation topic with short description of proposed lecture (no
> more than 500 words) non-standard technical requirements
>
> Applications should be sent to andrzej.targosz{@}proidea.org.pl till
> 15th February, 2009.
>
> We are especially interested in presentation concerning:
> # Web applications security and cryptographic
> # Firewall technologies
> # 3G/4G, SS7, WLAN, RFID, Bluetooth Security
> # Analysis and reverse engineering of malicious code
> # Analysis of vulnerability, attacks and defence against networks, hardware, software
> # Virtualization and operating systems security
> # Data recovery, Forensic and Incident Response
> # Physical security
>
> Caution! We do not accept marketing, non-technical presentations aimed
> at presenting and selling any products. If you lecture presents
> company or its product, please do not send it!
>
>
> Information
>
> ==========
>
> CONFidence conference is a non-profit oriented event and speakers are
> not paid. However, we are always trying to cover financial help on travel expenses and accommodation is
> possible. It needs to be agreed upon after acceptance of the
> submission, though.
>
> Sponsoring
>
> ==========
>
> If you want to support the initiative and gain visibility by sponsoring,
> please contact us by writing an e-mail to andrzej.targosz{@}proidea.org.pl
>
> Sincerely,
>
> --
> Andrzej Targosz :1024D/E2DE0833 :gpg:  http://www.proidea.org.pl/gpg/at
> Fundacja Wspierania Edukacji Informatycznej PROIDEA
> ul. Czarnowiejska 38 (teren AGH) 30-049 Krakow tel./fax: +4812 2920229
> e-mail: andrzej.targosz at proidea.org.pl
> JID: andrzej.targosz at jabber.wroc.pl
> www.proidea.org.pl
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>

-- 
"stay hungry, stay foolish"

OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"
-------------- next part --------------
Speaker: Paolo Perego, <thesp0nge at owasp.org>

Short Bio: 
Paolo Perego (aka thesp0nge) is a Senior Security consultant for Spike
Reply where he works as penetration tester, code reviewer and SSDLC
designer.

He started as Linux Kernel hacker in 1996 with a security project with
the ambitious goal to turn a linux box into an unoffensive party in a
network. AngeL project was a LSM that hijack linux system call table and
netfilter hooks placing sanity checks before packet leaving the box or
system call execution granted to the user.

He is now devoted to source code assessment and code reviewing mission
and he leads the Owasp Orizon project, an opensource code review engine.

He is also a Code review guide author, contributing to defining source
code flaws categories and a scoring system for a code review tool. 

More infos you can find to Owasp Orizon blog or dropping him an email
to: thesp0nge_at_owasp.org

Residence: Milan, Italy

Speech extimated time: 30 minutes

----------- Proposed Speech (the same as Owasp AppSec '09)  -----------

Title: 
Mirage: building an application model made easy (Owasp Orizon v1.2) 

Category:
Owasp Tools / Application security

Abstract:
Facing the problem to statically analyze a source code for security
issues, the first task is to build a model for an application trying to
figure out something about its behaviour.

Building the model is essential also to determine tha data and the
execution flow, so to properly identify taint propagation, unused code,
uncatched expection and thing like this.

In the newer Owasp Orizon release, the Mirage subsystem is introduced to
build a whole application model starting from the source code.

The speech will be about the news introduced in Orizon v1.2, the newer
Mirage engine and the overall status of the project for 1Q-2Q 2009.