**CALL FOR TRAINING SESSIONS**



IBWAS and OWASP is currently soliciting training proposals for the OWASP Ibero-American Web Applications Security 2010 Conference (IBWAS’10) which will take place at ISCTE-IUL, Lisboa, Portugal, on November 24 through November 26, 2010.

There will be training courses on November 24 followed by plenary sessions on the 25 and 26 with multiple tracks per day.



We are seeking training proposals on the following topics (in no particular order):

- Application Threat Modeling

- Business Risks with Application Security

- Hands-on Source Code Review

- Metrics for Application Security

- OWASP Tools and Projects

- Privacy Concerns with Applications and Data Storage

- Secure Coding Practices (J2EE/.NET)

- Starting and Managing Secure Development Lifecycle Programs

- Technology specific presentations on security such as AJAX, XML, etc

- Web Application Security countermeasures

- Web Application Security Testing

- Web Services, XML and Application Security

- Anything else relating to OWASP and Application Security



Proposals on topics not listed above but related to the conference (i.e. which are related to Application Security) may also be accepted.


To make a submission you must fill out the form available at http://ibwas09.netmust.eu/files/ibwas10/OWASP_IBWAS_2010_CFT.rtf.zip and submit by email to secretariat@ibwas.com.

There may be 1 or half a day courses. The proposals must respect the restrictions of the OWASP Speaker Agreement. The conference will reward trainers with at least 30% of the total revenue of their courses, based on a minimum attendance. Courses that attract more students may be granted higher percentages. No other compensation (such as tickets or lodging) will be provided. If you require a different arrangement, please contact the conference chair at the email address below.

**Compensation**
Instructors and authors will be paid based on the number of students in their training sessions. If the training gathers only the minimum number of students, the compensation will be 30% of the revenue. For each group of 10 extra students enrolled, the compensation will be increased by 5% of the revenue, up to a maximum of 45% of the training revenue. For example, a 1-day training with 10 to 19 students will generate a compensation of 30% of the revenue. For classes of 20 to 29 students, the compensation raises to 35% percent of the revenue.

In exceptional cases, different compensation schemes may be accepted. Please contact the conference organization team by email (secretariat@ibwas.com) for details.

**Training cost**
half-day training: 250 EUR per student
1-day training: 450 EUR per student
All prices in Euros (EUR)

**Minimum number of students**
half-day trainings: 10 students
1-day trainings: 20 students


**Important Dates:**

Submission deadline is September 20, 2010.

Notification of acceptance will be October 8, 2010.

Final version is due October 29, 2010.



The conference organization team may be contacted by email at secretariat@ibwas.com



For more information, please see the following web pages:
Conference Website: http://www.ibwas.com, http://www.owasp.org/index.php/IBWAS10
OWASP Speaker Agreement: http://www.owasp.org/index.php/Speaker_Agreement
OWASP Website: http://www.owasp.org
Easychair conference site: http://www.easychair.org/conferences/?conf=ibwas10
Presentation proposal form: http://ibwas09.netmust.eu/files/ibwas10/OWASP_IBWAS_2010_CFT.rtf.zip

********** WARNING: Submissions without all the information requested in the proposal form will not be considered ************

Please forward to all interested practitioners and colleagues.

Assim, optou-se por adiar a realização da conferência IBWAS’10 por duas semanas, sendo que as novas datas são dia 25 e 26 de Novembro.

Aproveito igualmente para informar que os prazos para a submissão de artigos foram igualmente estendidos.

Continuamos apostados em fazer da IBWAS’10 um excelente evento na área da segurança de informação.

Introduction

There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.

As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.

This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

Conference Topics

Suggested topics for papers submission include (but are not limited to):

• Secure application development
• Security of service oriented architectures
• Security of development frameworks
• Threat modelling of web applications
• Cloud computing security
• Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
• Metrics for application security
• Countermeasures for web application vulnerabilities
• Secure coding techniques
• Platform or language security features that help secure web applications
• Secure database usage in web applications
• Access control in web applications
• Web services security
• Browser security
• Privacy in web applications
• Standards, certifications and security evaluation criteria for web applications
• Application security awareness and education
• Security for the mobile web
• Attacks and Vulnerability Exploitation
• Paper Submission Instructions
  
• … and more.

Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure (http://paperman.ibwas.com). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template).

The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.

Each paper should clearly indicate the nature of its technical/scientific contribution, and the problems, domains or environments to which it is applicable.

Papers that are out of the conference scope or contain any form of plagiarism will be rejected without reviews.

Remarks about the on-line submission procedure:

1. A “double-blind” paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the author’s personal details, the acknowledgements section and any reference that may disclose the authors identity
2. Papers in ODF, PDF, DOC, DOCX or RTF format are accepted
3. The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.

Paper submission types

Regular Paper Submission

A regular paper presents a work where the research is completed or almost finished. It does not necessary means that the acceptance is as a full paper. It may be accepted as a “full paper” (30 min. oral presentation), a “short paper” (15 min. oral presentation) or a “poster”.

Position Paper Submission

A position paper presents an arguable opinion about an issue. The goal of a position paper is to convince the audience that your opinion is valid and worth listening to, without the need to present completed research work and/or validated results. It is, nevertheless, important to support your argument with evidence to ensure the validity of your claims. A position paper may be a short report and discussion of ideas, facts, situations, methods, procedures or results of scientific research (bibliographic, experimental, theoretical, or other) focused on one of the conference topic areas. The acceptance of a position paper is restricted to the categories of “short paper” or “poster”, i.e. a position paper is not a candidate to acceptance as “full paper”.

Camera-ready

After the reviewing process is completed, the contact author (the author who submits the paper) of each paper will be notified of the result, by e-mail. The authors are required to follow the reviews in order to improve their paper before the camera-ready submission.

Publications

All accepted papers will be published in the conference proceedings, under an ISBN reference. Conference proceedings will be published by Springer in the Communications in Computer and Information Science (CCIS) series.

Web-site

http://www.ibwas.com

Secretariat

E-mail: secretariat@ibwas.com

Important Dates

Submission of papers and all other contributions due: 24th September 2010 Notification of acceptance: 8th October 2010
Camera-ready version of accepted contributions: 15th October 2010
Conference: 11th – 12th November 2010

Este ano, a IBWAS’10 realiza-se em Portugal, em Lisboa, no ISCTE-IUL. Toda comunidade de segurança nacional e internacional está convidada a participar. O respectivo Call for Papers já foi igualmente lançado, e a organização da IBWAS’10 agradece a sua divulgação e disseminação.

Mais uma vez, a comunidade local e internacional do OWASP estará reunida durante 2 dias cheios, juntamente com a comunidade académica, profissionais e empresas para debater o estado actual e futuro da segurança na Web.

A organização está igualmente a estabelecer um painel de keynote speakers e de panel speakers de qualidade. Mais notícias irão surgindo à medida que se justifique.

Estão desde já todos convidados a participar.

Podem encontrar a newsletter neste link.

A conferência contou com a presença de um alargado número de researchers e de participantes da indústria, a IBWAS’09 foi um sucesso!

A IBWAS’09 teve a presença de um conjunto de speakers de qualidade (nos quais se destaca a presença de Bruce Schneier, um dos maiores gurus mundiais em Segurança de Informação), que se organizaram em diversos painéis de científicos, de indústria e de keynotes.

No final da conferência foi ainda organizado um painel de discussão em que foram elaboradas um conjunto de recomendações a adoptar pelos governos mundiais em 2010.

Para o ano há mais… e já se prepara a IBWAS’10. A não perder.

Deste painel surgiu um conjunto de recomendações que se resumem no seguinte comunicado de imprensa emitido hoje pela OWASP, e o qual se reproduz de seguida de forma integral.

IBWAS’09
Iberic Web Application Security Conference

Comunicado de Imprensa
A OWASP desafia Governos a melhorar segurança das aplicações Web

Cerca de 40 participantes e dezenas de estudantes de tecnologia e os seus professores estiveram presentes na Conferência Ibérica de Segurança em Aplicações Web (Iberic Web Application Security, IBWAS’09) realizada a 10 e 11 de Dezembro último na Escuela Universitaria de Ingeniería Técnica de Telecomunicación, Universidad Politécnica de Madrid, Espanha.

Esta conferência, tendo sido organizada pelas delegações regionais de Espanha e Portugal daOpen Web Application Security Project (OWASP) Foundation, juntou especialistas, investigadores e indústria com o intuito de discutir problemas e soluções associados à Segurança das Aplicações Informáticas que funcionam na Internet.

Através de uma intensa e bem sucedida discussão mantida no painel Segurança nas AplicaçõesWeb: o que devem fazer os governos nacionais em 2010? várias conclusões foram tiradas.

Estas conclusões reflectem as decisões assumidas pelo painel e serão debatidas e actualizadas antes de serem publicadas pela OWASP sob a forma de um corpo de recomendações.

Conclusões do Painel:

1. Desafiamos os Governos a trabalhar com a OWASP no sentido de aumentar a transparência na segurança de aplicações web, particularmente no que respeita aos sistemas financeiros, de saúde e todos os outros onde as questões da privacidade e confidencialidade da informação são cruciais;
2. A OWASP procurará colaborar com os Governos mundiais no sentido de desenvolver recomendações para a incorporação de requisitos específicos de segurança nas aplicações e desenhar procedimentos de certificação adequados à selecção e aquisição governamental de software;
3. A OWASP oferecerá a sua assistência para clarificar e modernizar as leis de segurança informática, por forma a contribuir para que os Governos, cidadãos e organizações possam tomar decisões informadas sobre segurança;
4. A OWASP pedirá aos Governos que encorajem as empresas na criação de standards de segurança de aplicações que, quando utilizados, aumentarão a protecção contra quebras de segurança que podem potencialmente expor informação confidencial e permitir transacções fraudulentas gerando, assim, consequentes responsabilidades legais;
5. A OWASP estará disponível para trabalhar com os Governos regionais e nacionais no sentido de criar instrumentos de escrutínio e de suporte das decisões de investimento na área da segurança informática.

Tal como anunciado previamente, os participantes da Conferência incluíram os seguintes keynote epanel speakers:

Keynote:

• Bruce Schneier — especialista de prestígio internacional e autor, descrito pela Economist como um security guru, é conhecido pela imparcialidade e lucidez dos seus comentários nas questões de segurança web.
• Jorge Martin — inspector do Cuerpo Nacional de Policía da Espanha e Chefe do Grupo de Segurança Lógica da Unidade de Crimes Tecnológicos da Comisaria General de Policía Judicial.

Panel:

• Justin Clarke — SQL Injection how far does the rabbit hole go?
• Dinis Cruz — OWASP 3.0 — Where are we going? e OWASP 02 Platform-Open Platform for automating application security knowledge and workflows.
• Luis Corrons — Growth and complexity of the underground cybercrime economy.
• Marc Chisinevski — The OWASP Logging Project.
• Simon Roses — Microsoft Infosec Team: Security Tools Roadmap.
• Dave Harper — Empirical Software Security Assurance.
• Raul Siles — Assessing and Exploiting Web Applications with the open-source Samurai Web Testing Framework.
• Miguel Almeida — Authentication: choosing a method that fits.
• Daniele Catteddu — Cloud Computing: Benefits, risks and recommendations for information security.
• Fabio E Cerullo — OWASP TOP 10 2010.
• Martin Knobloch — Threat Modelling.
• Paulo Querido — What Security in a Liquid Web?.

IBWAS ’09 — Endereços Web:
http://www.owasp.org/index.php/OWASP_AppSec_Iberia_2009
http://www.ibwas.com

Sobre a OWASP (Open Web Application Security Project Foundation):
http://www.owasp.org
Sendo em termos legais uma Fundação regida pelo direito dos Estados Unidos da América, a OWASP é uma organização internacional, não lucrativa, com uma forte cultura open-source, que tem por missão promover a segurança do software e das aplicações informáticas que funcionam na Internet.

Contactos

• Vicente Aguilera, OWASP Spain Chapter Leader, vicente.aguilera@owasp.org
• Carlos Serrão, OWASP Portuguese Chapter Leader, carlos.j.serrao@gmail.com
• Fabio Cerullo, OWASP Global Education Committee, fcerullo@owasp.org