Re: OWASP Ireland September 17th 2010
OWASP are holding its annual Irish event in September.
We have the pleasure to announce a number of key figures from industry which should provide some unique insight into the latest trends, threats and methodologies in the world of application security.
http://www.owasp.org/index.php/OWASP_IRELAND_2010
Keynotes:
John Viega: “Application Security in the Real World” – Considerations for AppSec in non-security companies.
John is Executive Vice President of Products and Engineering at Perimeter E-Security. John has authored numerous books on security, including the recent “Myths of Security”, and the seminal “Building Secure Software”, which was the first book on application security.
http://www.owasp.org/index.php/John_Viega
Professor Fred Piper “The changing face of cryptography”
Fred Piper was appointed Professor of Mathematics at the University of London in 1975 and has worked in information security since 1979. In 1985, he formed a company, Codes & Ciphers Ltd, which offers consultancy advice in all aspects of information security. He has acted as a consultant to over 80 companies including a number of financial institutions and major industrial companies in the UK, Europe, Asia, Australia, South Africa and the USA. The consultancy work has been varied and has included algorithm design and analysis, work on EFTPOS and ATM networks, data systems, security audits, risk analysis and the formulation of security policies. He has lectured worldwide on information security, both academically and commercially, has published more than 100 papers and is joint author of Cipher Systems (1982), one of the first books to be published on the subject of protection of communications, Secure Speech Communications (1985), Digital Signatures – Security & Controls (1999) and Cryptography: A Very Short Introduction (2002).
http://www.owasp.org/index.php/User:Professor_Fred_Piper
Damian Gordon Phd: “Hackers and Hollywood: The Implications of the Popular Media Representation of Computer Hacking”
Damian Gordon is a lecturer with the School of Computing at the Dublin Institute of Technology and is Programme Co-ordinator for the School’s Masters in Computing (Assistive Technology). He was primary researcher on two EU funded projects whose particular focus was looking at issues associated with technoacceptance – the ILT and the E4 projects – and was Educational Advisor for the Ireland-China EMERSION project. His research interests include Differentiated Instruction, Computer Security, Technostress, ICT and Special Needs, Virtual Learning Environments, Image reconstruction from specular reflections, and Lateral Thinking Techniques.
http://www.owasp.org/index.php/User:Damian_Gordon
We also have some great international and local speakers covering topics from Smart phone application security to SDLC to Penetration testing techniques:
· Dan Cornell (”Smart Phones with Dumb Apps”)
· Ryan Berg (”Path to a Secure Application”)
· Dr Marian Ventunaec (”Testing the Enterprise E-mail Security – from Software to Cloud-based Services”)
· Fred Donovan and (“Counter Intelligence as Defense……”)
· Nick Coblentz (“Microsoft’s Security Development Lifecycle……”) but to name a few
http://www.owasp.org/index.php/OWASP_IRELAND_2010#Agenda_and_Presentations_-_September_17
Training:
http://www.owasp.org/index.php/OWASP_IRELAND_2010#Training
Secure application development training shall also be held on the 16th (day prior to the event):
“Secure Application Development: Writing secure code (and testing it)”
Testing shall be delivered by
Eoin Keary, OWASP board member and “The OWASP Code Review Guide” (http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project) Lead
Rahm Jina, Senior consultant with Ernst & Young.
This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25.
The course reqires interaction and Lab exercises using the OWASP Live CD.
The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code, covering of the following areas:
Unvalidated Input
Injection Flaws
Cross-Site Scriping
CSRF
Authentication & Session Management
Access control & Authorisation
Broken Caching
Error Handling
Cryptography
Resource Management
The Secure SDLC
