pt.webappsec » conferências

IBWAS’10 muda de data

Carlos Serrao — Thu, 15 Jul 2010 22:12:36 +0000

A 2ª Conferência Ibero-Americana em Segurança de Aplicações Web (IBero-american Web Application Security conference – IBWAS), alterou as suas datas de realização, devido ao facto de que o OWASP SUMMIT 2010, ter sido marcado para uma data que era coincidente com a IBWAS’10, impedindo assim que muitos dos membros da OWASP perdessem a oportunidade de estarem presentes em ambos os eventos.

Assim, optou-se por adiar a realização da conferência IBWAS’10 por duas semanas, sendo que as novas datas são dia 25 e 26 de Novembro.

Aproveito igualmente para informar que os prazos para a submissão de artigos foram igualmente estendidos.

Continuamos apostados em fazer da IBWAS’10 um excelente evento na área da segurança de informação.

WOOT’10 Call for Papers

Carlos Serrao — Sat, 01 May 2010 00:10:07 +0000

Aqui fica um Call for Papers para uma conferência da USENIX em Segurança de Informação, a WOOT’10 4th USENIX Workshop on Offensive Technologies.

O deadline para a submissão de papers é dia 28 de Maio e a WOOT’10 terá lugar a 9 de Agosto em Washington DC.

Princípios de desenvolvimento de aplicações Web em Segurança

Carlos Serrao — Sun, 21 Mar 2010 00:30:32 +0000

Aqui fica uma excelente apresentação do Líder do capítulo OWASP de Genebra, António Fontes, na ConFoo.ca em Montreal, sobre a “Segurança de Aplicações Web e os Primeiros Passos no direcção de um Ciclo de Vida de Desenvolvimento de Software Seguro”.

A principal mensagem está no slide 43. Vale a pena ver…

OWASP AppSec Research 2010

Carlos Serrao — Sat, 23 Jan 2010 17:55:24 +0000

Vai realizar-se na Suécia, em Estocolmo, a OWASP AppSec Research 2010 entre 21 e 24 de Junho. A OWASP AppSec Research 2010 é organizada em conjunto pelos chapters OWASP da Suécia, Noruega e Dinamarca.

“AppSec Research”.equals(“AppSec Europe”)
This conference was formerly known as OWASP AppSec Europe. We have added ‘Research’ to highlight that we invite both industry an academia. All the regular AppSec Europe visitors and topics are welcome along with contributions from universities and research institutes.
This will be the European conference for anyone interested in or working with application security. Co-host is the Department of Computer and Systems Science at Stockholm University, offering a great venue in the fabulous Aula Magna.

O Call for Papers já está disponível a partir deste link, em três modelos distintos:

Publish or Perish
Demo or Die
Present or Repent

Bem, pelo menos não se podem queixar da falta de imaginação…

Existe ainda a possibilidade de participar num dos múltiplos concursos para ganhar alguma entradas à borla na conferência. Quem estiver interessado deve/pode aproveitar.

IBWAS09 – Conferência em Segurança de Aplicações Web

Carlos Serrao — Mon, 30 Nov 2009 12:19:33 +0000

First Iberic Conference on Web-Applications Security (IBWAS’09)
Escuela Universitaria de Ingeniería Técnica de Telecomunicacíon – Universidad Politécnica de Madrid
10th – 11th December 2009
Madrid, Spain
http://www.ibwas.com, http://www.owasp.org/index.php/OWASP_AppSec_Iberia_2009
[organised by OWASP Spain and OWASP Portugal]

There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.

As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.

This conference will bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

Conference proceedings will be published by Springer in the “Communications in Computer and Information Science” (CCIS) series.

Keynote Speakers
—————-
* Bruce Schneier, acclaimed security guru, author, BT CSTO (confirmed)
* Inspector Jorge Martín from the High Tech Crime Unit of the Spanish National Police (confirmed)

Speakers
——–
* Justin Clarke, Gotham Digital Science
* Dinis Cruz, OWASP
* Luis Corrons, Panda Security
* Marc Chisinevski, OWASP
* Simon Roses, Microsoft
* Dave Harper, Fortify Software
* Raul Siles, Taddong
* Miguel Almeida, Independent Security Consultant
* Daniele Catteddu, ENISA
* Kuai Hinojosa, OWASP
* Fabio E Cerullo, OWASP
* Paulo Querido, Publico/Expresso
* Martin Knobloch, OWASP
* Javier Fernández-Sanguino, University Rey Juan Carlos

Agenda
——
The agenda can be found in the following locations:
http://www.ibwas.com/site/programme.html
http://www.owasp.org/index.php/OWASP_AppSec_Iberia_2009#tab=Agenda.2FSchedule

Who should attend?
——————
- Academics
- Researchers
- Lifelong learning educators
- Technical staff
- Secondary, vocational, or tertiary educators
- Professionals from the private and public sector
- Technologists and Scientifics
- School counsellors, principals and teachers
- Education policy development representatives
- General personnel from vocational sectors
- Student counsellors
- Career/employment officers
- Education advisers
- Student Unions
- Bridging program lecturers & support staff
- Library personnel
- International support and services staff
- Open learning specialists
- Application Developers
- Application Testers and Quality Assurance
- Application Project Management and Staff
- Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
- Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
- Security Managers and Staff
- Executives, Managers, and Staff Responsible for IT Security Governance
- IT Professionals Interesting in Improving IT Security
…and any person interested in Web Application and Services Security and Information Security in general.

Conference Topics
—————–
• Secure application development
• Security of service oriented architectures
• Security of development frameworks
• Threat modelling of web applications
• Cloud computing security
• Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
• Metrics for application security
• Countermeasures for web application vulnerabilities
• Secure coding techniques
• Platform or language security features that help secure web applications
• Secure database usage in web applications
• Access control in web applications
• Web services security
• Browser security
• Privacy in web applications
• Standards, certifications and security evaluation criteria for web applications
• Application security awareness and education
• Security for the mobile web
• Attacks and Vulnerability Exploitation

Web-site
http://www.ibwas.com
http://www.owasp.org/index.php/OWASP_AppSec_Iberia_2009

Secretariat
E-mail: secretariat@ibwas.com

Iberic Conference on Web-Applications Security (IBWAS’09)

Carlos Serrao — Wed, 15 Jul 2009 12:20:04 +0000

First Iberic Conference on Web-Applications Security (IBWAS’09)
Escuela Universitaria de Ingeniería Técnica de Telecomunicacíon – Universidad Politécnica de Madrid
10th – 11th December 2009
Madrid, Spain
http://www.ibwas.com

Announce and Call for Papers

Introduction
————
There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.

As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.

This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

Keynote Speakers
—————-
* Bruce Schneier, acclaimed security guru, author, BT CSTO (confirmed)
* (another keynote speaker will be confirmed in the near future)

Conference Topics
—————–
Suggested topics for papers submission include (but are not limited to):
• Secure application development
• Security of service oriented architectures
• Security of development frameworks
• Threat modelling of web applications
• Cloud computing security
• Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
• Metrics for application security
• Countermeasures for web application vulnerabilities
• Secure coding techniques
• Platform or language security features that help secure web applications
• Secure database usage in web applications
• Access control in web applications
• Web services security
• Browser security
• Privacy in web applications
• Standards, certifications and security evaluation criteria for web applications
• Application security awareness and education
• Security for the mobile web
• Attacks and Vulnerability Exploitation

Paper Submission Instructions
—————————–
Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure (http://paperman.ibwas.com). Please check the paper formats so you may be aware of the accepted paper page limits (8 pages, in accordance to a supplied template).

The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.

Each paper should clearly indicate the nature of its technical/scientific contribution, and the problems, domains or environments to which it is applicable.
Papers that are out of the conference scope or contain any form of plagiarism will be rejected without reviews.

Remarks about the on-line submission procedure:
1. A “double-blind” paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the author’s personal details, the acknowledgements section and any reference that may disclose the authors identity
2. Papers in ODF, PDF, DOC, DOCX or RTF format are accepted
3. The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.

Paper submission types
———————-
Regular Paper Submission
A regular paper presents a work where the research is completed or almost finished. It does not necessary means that the acceptance is as a full paper. It may be accepted as a “full paper” (30 min. oral presentation), a “short paper” (15 min. oral presentation) or a “poster”.

Position Paper Submission
A position paper presents an arguable opinion about an issue. The goal of a position paper is to convince the audience that your opinion is valid and worth listening to, without the need to present completed research work and/or validated results. It is, nevertheless, important to support your argument with evidence to ensure the validity of your claims. A position paper may be a short report and discussion of ideas, facts, situations, methods, procedures or results of scientific research (bibliographic, experimental, theoretical, or other) focused on one of the conference topic areas. The acceptance of a position paper is restricted to the categories of “short paper” or “poster”, i.e. a position paper is not a candidate to acceptance as “full paper”.

Camera-ready
After the reviewing process is completed, the contact author (the author who submits the paper) of each paper will be notified of the result, by e-mail. The authors are required to follow the reviews in order to improve their paper before the camera-ready submission.

Publications
All accepted papers will be published in the conference proceedings, under an ISBN reference, in paper and in CD-ROM support.

Web-site
http://www.ibwas.com

Secretariat
E-mail: secretariat@ibwas.com

Important Dates
Submission of papers due: 30th September 2009
Notification of acceptance: 20th October 2009
Camera-ready version of accepted contributions: 15th November 2009
Conference: 10th – 11th December 2009

Conference Chairs
—————–
Vicente Aguilera, OWASP Spain, Spain
Carlos Serrão, ISCTE-IUL Instituto Universitário de Lisboa, OWASP Portugal, Portugal
Fabio Cerullo, OWASP Global Education Commitie, OWASP Ireland, Ireland

Conference Program Committee
—————————-
André Zúquete, Universidade De Aveiro, Portugal
Candelaria Hernández-Goya, Universidad De La Laguna, Spain
Carlos Costa, Universidade De Aveiro, Portugal
Carlos Ribeiro, Instituto Superior Técnico, Portugal
Eduardo Neves, OWASP Education Committee, OWASP Brazil, Brazil
Francesc Rovirosa i Raduà, Universitat Oberta de Catalunya (UOC), Spain
Gonzalo Álvarez Marañón, Consejo Superior de Investigaciones Científicas (CSIC), Spain
Isaac Agudo, University of Malaga, Spain
Jaime Delgado, Universitat Politecnica De Catalunya, Spain
Javier Hernando, Universitat Politecnica De Catalunya, Spain
Javier Rodríguez Saeta, Barcelona Digital, Spain
Joaquim Castro Ferreira, Universidade de Lisboa, Portugal
Joaquim Marques, Instituto Politécnico de Castelo Branco, Portugal
Jorge Dávila Muro, Universidad Politécnica de Madrid (UPM), Spain
Jorge E. López de Vergara, Universidad Autónoma de Madrid, Spain
José Carlos Metrôlho, Instituto Politécnico de Castelo Branco, Portugal
José Luis Oliveira, Universidade De Aveiro, Portugal
Kuai Hinojosa, New York University, United States
Leonardo Chiariglione, Cedeo, Italy
Manuel Sequeira, ISCTE-IUL Instituto Universitário de Lisboa, Portugal
Marco Vieira, Universidade de Coimbra, Portugal
Mariemma I. Yagüe, University of Málaga, Spain
Miguel Correia, Universidade de Lisboa, Portugal
Miguel Dias, Microsoft, Portugal
Nuno Neves, Universidade de Lisboa, Portugal
Panos Kudumakis, Queen Mary University of London, United Kingdom
Paulo Sousa, Universidade de Lisboa, Portugal
Rodrigo Roman, University of Malaga, Spain
Rui Cruz, Instituto Superior Técnico, Portugal
Rui Marinheiro, ISCTE-IUL Instituto Universitário de Lisboa, Portugal
Sérgio Lopes, Universidade do Minho, Portugal
Víctor Villagrá, Universidad Politécnica de Madrid (UPM), Spain
Vitor Filipe, Universidade de Trás-os-Montes e Alto Douro, Portugal
Vitor Santos, Microsoft, Portugal
Vitor Torres, Universitat Pompeu Fabra, Spain
Wagner Elias, OWASP Brazil Chapter Leader, Brazil

(this list is not yet complete)