[Owasp-germany] Last call: OWASP AppSec Research 2013, the whole nine yards of web security!

Dirk Wetter dirk at owasp.org
Wed Aug 7 08:47:19 UTC 2013

... will be presented at this year's OWASP AppSec Research 2013 (https://appsec.eu/) ,  taking place in 2 weeks in Hamburg!
Hurry up to reserve your spot!

Excerpt of what good things gonna happen there:

A: Top-notch trainings  (https://appsec.eu/trainings/)

Two days of pre‐conference technical training with a focus on builders, a bit of breaking and
defending. Last but not least satisfying the signs of time: Mobile! Important: Trainers with
outstanding international reputation! Highlights:

* Hawaiian Jim Manico, Irishman Eoin Keary: Web Application, Web Service and Mobile Secure Coding
* Dave Wichers (Project Lead OWASP Top 10): Securing Mobile Devices and Applications
* (sold out): Marcus Pinto (WAHH): MDSec’s Web Application Hacker’s Handbook, Live Edition
* Big stuff: SAP ABAP Pentesting from Frederik Weidemann
* New Stuff: Tiago Teles Defensive Programming for JavaScript & HTML5
* Solid stuff: Paco Hope (author of "web seurity testing book"): Defensive Programming in PHP
* Go-away stuff: Christian Bockermann (AuditConsole) teaches ModSecurity in depth
* Management Stuff:: Tobias Gondrom's CISO training – Managing Web & Application Security, OWASP style

(3 of the trainings have in total 6 seats left)

B1: High-class conference program highlights in 2 days featuring 3 tracks (http://sched.appsec.eu/)
Teasers @ https://appsec.eu/program/talk-teaser/, https://appsec.eu/program/hackpra-allstars/

* David Ross (Master mind of the XSS filter in IE8+): Insane in the IFRAME
* Yvan Boily (Mozilla): New testing framework Minion
* Stefano Di Paola ("DOMinator"): JavaScript libraries (in)security: A showcase of reckless uses and unwitting misuses
* Taras Ivashchenko (Yandex): CSP on a service with an audience more than 11 million users per week
* Chris Eng: Real‐World Agile SDLC in a big software engineering company
* Simon Bennetts (Mozilla/OWASP): OWASP Zed Attack Proxy Innovations
* Jim Manico (WhiteHat/OWASP): Release Top 10 Proactive Controls for Developers
* Dave Wichers (Aspect/OWASP): First presentation of OWASP Top 10 2013
* Milton Smith (Product Security Manager for Java products @ Oracle) explains howto "Make the Future Secure with Java"
* Krzysztof Kotowicz (Amazon 1 Button Chrome Extension): I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome extensions
* Michele Orrù, Sardinian: Rooting your internals: Inter-Protocol Exploitation, custom shellcode and BeEF
* Paul Stone: Precision Timing – Attacking browser privacy with SVG and CSS
* Gareth Heyes, Scottish Highlander, will present an array of so far unpublished XSS attack techniques in his XSS Horror Show
* Mario Heiderich, believes that XSS can be eradicated by using JavaScript, will cover HTML injections that break each and every
  HTML filter and also shows buggy browsers
* Two Raspberry PIs in a network playing good boy and bad boy (Fred Donovan)
* Fun w/ Broken SSL libs on Android, spotted by MalloDroid, a story which made it to Wall Street Journal last year
* ... some more interesting SSL stuff!

--> Keynotes
    * Angela Sasse (University College London):  Busting The Myth of Dancing Pigs: Angela’s Top 10 list of reasons why users bypass security measures
    * Thomas Roessler (W3C): Secure all the things: fiction from the Web’s immediate future
    * Jörg Schwenk (Ruhr University Bochum): Cryptography in Web Security: Stupid, Broken, and maybe Working?
    * Dieter Gollmann (Technical University of Hamburg-Harburg)

B2: Open Source Security Showcase (https://appsec.eu/program/open-source-security-showcase/)
   runs in parallel to the sessions

* SQLmap: Would you like to inject some SQL? Miroslav Stampar -- maintainer/author of SQLmap -- will show you!
* Chris Bockermann: Honeynetting the web with community collectors running mod_security
* A new kid on the webservices penetration testing block: WS-Attacker presented by the XML-Security dudes Juraj Somorovsky and Christian Mainka
* ThreadFix simplifying vulnerability management with an Open Source management platform (Dan Cornell)
* Eccenctric Authentication makes the cryptography trivial by rearranging the tools (Guido Witmond)
  and much much more!

The conference will be held from August 22-23, 2013 (trainings from August 20-21) at the Emporio Hamburg.
It's centrally located in the heart of the city with a splendid view over Binnen-, Aussenalster and River Elbe.
As conference tickets are subsidized by sponsors (anybody still interested? http://is.gd/QY8PT2), entry
fees are a bargain (excl. VAT) in exchange of what you get:

* 350 € (ISACA/ISC2/OWASP member)
* 420 € (normal price)
* 160 € (student price)

trainings come extra. Included is the Conference Dinner on the Cap San Diego at the harbor of Hamburg,
this is something special!

The Open Web Application Security Project (OWASP) is a global open project composed of individuals, educational
organizations and supporting corporations from around the world. OWASP has quickly become the de facto standards
body for web application and software security by providing free, vendor‐neutral, practical, cost‐effective
application security guidelines.

We thank our following sponsors which make this event possible:

* Platinum
 - Riverbed http://www.riverbed.com/products-solutions/products/application-delivery-stingray

* Gold
  - HP http://www.hpenterprisesecurity.com/
  - Imperva  http://www.imperva.com/
  - F5 http://www.f5.com/

* Silver
  - Barracuda http://www.barracuda.com/
  - SecureNet http://www.securenet.de/
  - Checkmarx http://www.checkmarx.com/
  - Acunetix http://www.acunetix.com/
  - DenyAll http://www.denyall.com/
  - Security Innovation https://www.securityinnovation.com/
  - WhiteHat Security https://www.whitehatsec.com/

* Bronze
  - Schutzwerk http://www.schutzwerk.com/
  - Tele-Consulting http://www.tele-consulting.com/
  - Trustwave http://www.trustwave.com/
  - Ergon http://www.ergon.ch/
  - Microsoft http://www.microsoft.com/
  - SAP http://www.sap.com/

German OWASP Board, Conference Chair AppSec EU 2013
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1

More information about the Owasp-germany mailing list