Setting the Web Application Security Agenda for 2009: OWASP Invites You to Join Our Summit in Portugal

http://www.owasp.org/index.php/OWASP_EU_Summit_2008

With the theme ‘Setting the AppSec agenda for 2009′, the OWASP Summit will be a worldwide gathering of OWASP leaders and key industry players to present and discuss the latest OWASP tools, documentation projects, and web application security trends. Join us in Portugal in just a few short weeks! This venue hosts a diverse selection of training courses along with technical and business tracks, making it THE place to learn about web application security and the resources OWASP has available for use today.

OWASP is a not-for-profit organization with the purpose of supporting the Web Application Security community around the world, and has granted $250,000 USD for web application security research. In addition to over 40 presentations from the OWASP Leaders and grant recipients, the OWASP Summit will host multiple Working Sessions designed to improve collaboration, achieve specific objectives and identify roadmaps for OWASP projects, chapters, and the OWASP community itself.

To facilitate this event, OWASP is investing $150,000 USD which will be used to cover air travel and accommodation expenses for OWASP leaders, active contributors, and select key industry leaders. With their confirmed presence, the OWASP Summit will provide a relaxed but professional environment to meet, discuss, influence and contribute to OWASP projects.

There are still funds available! If you are interested in attending and you meet the profile of the current OWASP supported attendees (see list here: http://spreadsheets.google.com/pub?key=pAX6n7m2zaTVLrPtR07riBA) contact Paulo Coimbra (paulo.coimbra@owasp.org). Please note that you should do so only if you meet the paid attendance criteria (see herehttps://www.owasp.org/index.php/OWASP_EU_Summit_2008_paid_participation_rules) and are unable to get corporate support to attend this event (for other corporate sponsorship opportunities see http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Sponsors).

The OWASP Summit will also host a large and diverse selection of training courses, covering multiple OWASP specific and Web Application Security Topics.

The remarkable impact of OWASP is made possible only by the collaboration of many dedicated people and organizations worldwide. In that spirit of cooperation, OWASP invites all its members (who have 20% discount + 1 VIP Ticket) and interested individuals and companies to attend this thrilling event. Please join us and help to set the Web Application Security Agenda for 2009!

Please see below for additional details about the OWASP Summit or visit the OWASP Summit website: http://www.owasp.org/index.php/OWASP_EU_Summit_2008.

Projects

OWASP projects selected for Summit presentation include new documentation and innovative tools to help developers, architects, and security specialists ensure that applications are secure:

• Application Security Verification Standard,
• Code review guide, V1.1,
• Ruby on Rails Security Guide v2,
• Securing WebGoat using ModSecurity,
• Testing Guide v3,
• GTK+ GUI for w3af project,
• Access Control Rules Tester,
• AntiSamy .NET,
• Live CD & DVD Project,
• OpenPGP Extensions for HTTP,
• Orizon Project,
• Python Static Analysis,
• WebScarab-NG,
• And many, many others.

Working Sessions

Expecting the presence of the application security industry key players, the Working Sessions will cover a wide range of issues such as:

• OWASP Top 10 2009,
• Browser Security,
• Web Application Framework Security,
• Enterprise Security API Project,
• Best Practices for OWASP Chapter Leaders,
• OWASP Documentation Projects,
• OWASP Tools Projects,
• OWASP Education Project,
• OWASP Strategic Planning for 2009,
• OWASP Certification,
• OWASP Winter of Code 2009
• Two-way Internationalization of OWASP Content
• And many more.

Training

These 2-day, 1-day or 1/2-day training courses cover a wide range of OWASP specific and Web Application Security Topics:

• OWASP Top 10 - What Developers Should Know on Web Application Security
• Uncovering WebScarab’s Secret Treasures
• Securing WebGoat with ModSecurity
• Secure Programming with Java
• Advanced Web Application Security Testing
• Building Secure Web 2.0 Applications
• Building Secure Web Services
• Building Secure Web Applications with OWASP’s Enterprise Security API (ESAPI)
• Classic ASP Security using OWASP tools
• Web Application Assessments
• Hacking Owasp Orizon Project v1.0
• Ajax Security
• Practical Penetration Testing: Think Like an Attacker to Stop Attacks
• Linux Software Exploitation
• Web server/services hardening using SELinux

Main Contact:

Kate Hartmann
OWASP Operations Director
9175 Guilford Road, Suite 300
Columbia, MD 21046, USA
Phone: +1-301-575-0189
Facsimile: +1-301-604-8033
Email: kate.hartmann@owasp.org

This year, we are particularly looking for submissions from topics other than anonymous communications, so if work from your field may be applied, or is otherwise related, to the topic of privacy, I’d encourage you to consider PETS as a potential venue.

The submission deadline for the main session is 2 March 2009. As with last year, we will also have a “HotPETS” event, for new and exciting work in the field which is still in a formative state. Submissions for HotPETS should be received by 8 May 2009.

Further information can be found in the call for papers.

Finding Zune-Fi: Ina Fried of News.com wanders the polite streets of San Francisco in search of Zune connections over Wi-Fi. She finds a few, and has a good experience. One cafe owner sees the ease with which she can stream music and calls it cool. She can't connect at the long-running Google-sponsored free Wi-Fi at Union Square, however, which means the Wi-Fi likely has an accept button that must be pressed. Surely Microsoft could insert a little technology that would allow a browser-free acceptance of terms? Probably involves Yet Another Protocol: the Wi-Fi Terms Browser-Free Presentation Protocol (WTBFPP).

Kodak adds interesting Wi-Fi enabled all-in-one: The new Kodak ESP 9 is a multi-function printer (fax, scan, print, copy) that connects to a network via Wi-Fi or Ethernet. The $300 device spits out 30 pages per minutes in color, 32 ppm in black only. Kodak claims that the model line to which the ESP belongs uses ink in a vastly more efficient manner than the "average of comparable consumer inkjet printers."

As we get closer to the conference dates, I wish that I had made plans to fly back to the US to meet everyone.    However, I have been cutting back on public speaking, taking a break since May.  In addition, Gartner did not ask me to speak at their Event Processing Summit this year, I assume because they did not want to pay airfare for my flight from Thailand to the US.    Also, Gartner always likes to fill their conference speaking slots with as many Gartner speakers as they can, unless you are a paid sponsor; and I noticed a number of Gartner employees speaking in multiple slots.

(Editorial Note) Then again, maybe I complained to much about the lack of organization and conference problems when I was invited at be a Gartner keynote speaker last time - reservations not made propertly,  problems with the guest speaker registration list at sign-in, rooms shifted without notifying the speakers and panelists.   Admittedly, I was not happy with the conference organizers at the last get together.  This was my fault, as I am accustomed to better conference execution and am probally too “picky” about details these days - my bad.  Anyway, the Gartner organizers apologized numerous times, saying they had too many conferences going on at the same time and not enough people to cover them all.

One of the problems with spending so much time in Asia, especially in Thailand, is that guest speakers are really treated as VIPs.  There are usually special comfy couches set up for the speakers and the conference staff really treat you very nice, taking care of you every step of the way.   In fact, there is an entire very nice culture around how guest speakers are treated in Thailand.   Often, they pin flowers on the VIP speakers and take your photos like you are a star.    Very nice culture.

I absolutely look forward to speaking on event processing or CEP at a future venue and meeting everyone face-to-face instead of over the net.  My sincere and deepest apologies for not attending either the Gartner or the EPTS event this year.   

PS:  If you take up a collection and send me a RT business class air ticket, I might change my mind

The big difference between the two cities is the amount of time that the InteropNet team gets to produce a live, fully operational and redundant network. In Las Vegas, this was nearly a full week of time - a tight timeframe across 17 different vendors, but now we’re looking back at that timeframe as a luxury. In NY, we’ll be getting started Saturday morning, and the network needs to be delivered on Sunday morning for the registration desk and exhibitor move-in to begin. If you’re keeping score, that’s about 24 hours to deliver a working network. Sounds hard, but it’s even harder when you consider that this means four DS-3s from two different locations, 17 full and 7 half racks of network gear, all the fiber and copper that the network is delivered over, etc all have to get done. Good thing that with 2 and 3/4 kids, I’m not planning on much sleep, and I don’t think the rest of the team is either.

In order to try and get the network delivered in that short timeframe, we worked hard at Hot Stage to assure that everything is ready to go. With some luck, the work that we’ve done here will allow us simply to roll the network gear into place, run the cables, fire up and go.

Now, things never really work out that way but that’s what EM7 is going to be there for. We’ll watch in real time as the network elements come live and be able to let the other InteropNet vendors know if their gear isn’t behaving as expected or is not visible for all the areas of the network that it should be. We’ll keep track of all of this in the EM7 ticketing system so that after the show we’ll be able to analyze the behavior of the network and systems as we did after Vegas.

I’m looking forward to the show and once again working with some of the top engineers in the country on a complex and rapidly deployed network.  Speaking of which, we’re still looking for volunteers to help in the NOC.  Volunteers get to work with some really smart people, get an education that would be hard to get anywhere else, and get a trip to NY where your expenses (for things like hotel accommodations and food provided by the show) are taken care of.  Sound interesting?  Be sure and check out the application.

ShareThis

I recently spoke with a friend who left the DC region for a position in Silicon Valley. When I asked what he thought of the move he said, “Well, you have the same giant buildings with technology company names on the outside rising out of nowhere. You have the same high quality of engineer, but it seems that the difference is in DC, everyone wears a suit or a tie and looks down upon you if you grab a drink at lunch, or unwind like a younger person would.” 

I thought long and hard about his comment and decided that I would have to find out for myself. Is the DC area high tech community really that stuffy? Do people really not enjoy a good stiff drink after a long day? 

Last night, I attended the Twin Tech party, a sponsored happy hour with the worthy goal of “mixing up our vast, and somewhat fragmented technology culture here in the greater DC region”. I can officially say, the DC tech scene is changing and it’s changing fast.

Let’s start with the venue, instead of holding this event in the suburbs (McCormick & Schmicks anyone?) or at a large hotel bar, they chose to have the event at a trendy up-and-coming part of town in what can be best described as one of DC’s hottest bars, Local 16.  Not only that, because of the overwhelming response to attend, they had to rent out the bar next to it as well. 

I expected that I would arrive and find the place mostly empty and have a few suits there chatting over a drink or 2.  Instead I found myself at the overflow bar with a number of young up and comers in the space.  It was impossible to get into the original venue, and the second venue was packed as well!  Amongst all the people I found a friendly, happy, open vibe that allowed for great conversation, and interesting discussion about new technologies and the ideas people had about using and building the future. 

It was the best of both worlds for a young technologist.  I was able to discuss the topics and issues that were most facilitating and relevant (Social Networking from a corporate perspective, new blogging ideas, how new media is helping old media, etc), while still having a great time, and allowing myself to be properly refreshed for a hot DC summer night.

ShareThis

Alltel launches domestic US hotspot service: Alltel is reselling Boingo's offering at $20 per month or $4 per day with no commitment. That's 25,000 US hotspots. The No. 5 cell operator, which is in the process of being acquired by Verizon, also runs a EVDO network available nationally as part of a Verizon partnership (Alltel covers a ton of areas Verizon doesn't), which costs $60 per month. Combine Wi-Fi and 3G and pay $70 per month.

Beijing's Wi-Fi network launches with a limp; no 3G at Olympics, either: The Wall Street Journal says the WiCity project that will cover the Olympic venue with Wi-Fi (about 100 sq km) got off to a rough start at its launch, with reports from their bureau and others of poor signal strength; no answer on the customer-support hotline; and broken links on the Web site. The blog entry also notes that visitors who expect 3G over their cell will be bitterly disappointed, as anyone in the industry knows: China didn't adopt either worldwide 3G standard. They claim that their own TD-SCDMA 3G technology will be up and running in time, but that won't really help visitors much, now will it? I'm surprised no waivers were granted to run temporary cell installations for EVDO and HSPA just for the games. Wouldn't have been that big a deal.