Home » Events » OWASP Application Security Conf.

News Stories

Job Search


Back to Events »

OWASP Application Security Conf.

Time09:00:13 Phone
DateFriday, September 17, 2010 Web
VenueTrinity College, Dublin 2 Email

OWASP Application Security Conference


OWASP will hold its second Irish Application Security conference in Trinity College, Dublin, Ireland on September 17th.


The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity. There are several key figures from industry who will provide some unique insight into the latest trends, threats and methodologies in the world of application security.




John Viega: "Application Security in the Real World" - Considerations for AppSec in non-security companies.


John is Executive Vice President of Products and Engineering at Perimeter E-Security. John has authored numerous books on security, including the recent "Myths of Security", and the seminal "Building Secure Software", which was the first book on application security.



Professor Fred Piper "The changing face of cryptography"

Fred Piper was appointed Professor of Mathematics at the University of London in 1975 and has worked in information security since 1979. In 1985, he formed a company, Codes & Ciphers Ltd, which offers consultancy advice in all aspects of information security. He has acted as a consultant to over 80 companies including a number of financial institutions and major industrial companies in the UK, Europe, Asia, Australia, South Africa and the USA. The consultancy work has been varied and has included algorithm design and analysis, work on EFTPOS and ATM networks, data systems, security audits, risk analysis and the formulation of security policies. He has lectured worldwide on information security, both academically and commercially, has published more than 100 papers and is joint author of Cipher Systems (1982), one of the first books to be published on the subject of protection of communications, Secure Speech Communications (1985), Digital Signatures - Security & Controls (1999) and Cryptography: A Very Short Introduction (2002).



Damian Gordon Phd: "Hackers and Hollywood: The Implications of the Popular Media Representation of Computer Hacking"

Damian Gordon is a lecturer with the School of Computing at the Dublin Institute of Technology and is Programme Co-ordinator for the School's Masters in Computing (Assistive Technology). He was primary researcher on two EU funded projects whose particular focus was looking at issues associated with technoacceptance - the ILT and the E4 projects - and was Educational Advisor for the Ireland-China EMERSION project. His research interests include Differentiated Instruction, Computer Security, Technostress, ICT and Special Needs, Virtual Learning Environments, Image reconstruction from specular reflections, and Lateral Thinking Techniques.



There are also some great international and local speakers covering topics from Smart phone application security to SDLC to Penetration testing techniques:

  • Dan Cornell ("Smart Phones with Dumb Apps")
  • Ryan Berg ("Path to a Secure Application")
  • Dr Marian Ventunaec ("Testing the Enterprise E-mail Security - from Software to Cloud-based Services")
  • Fred Donovan and ("Counter Intelligence as Defense......")
  • Nick Coblentz ("Microsoft's Security Development Lifecycle......") but to name a few


Testing shall be delivered by Eoin Keary, OWASP board member and "The OWASP Code Review Guide" Lead & Rahm Jina, Senior consultant with Ernst & Young.




Prior to the conference, is a training day entitled Secure Application Development: Writing secure code (and testing it)


This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code, covering of the following areas:

  • Unvalidated Input
  • Injection Flaws
  • Cross-Site Scriping
  • CSRF
  • Authentication & Session Management
  • Access control & Authorisation
  • Broken Caching
  • Error Handling
  • Cryptography
  • Resource Management
  • Rich Internet Applications & Webservices
  • The Secure SDLC


For More information, visit the OWASP Website