1 May 17:25
OWASP AppSec Europe 2008
From: Ivan Ristic <ivan.ristic <at> gmail.com>
Subject: OWASP AppSec Europe 2008
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-01 15:26:26 GMT
Subject: OWASP AppSec Europe 2008
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-01 15:26:26 GMT
I thought it would be useful to copy & paste my blog post about the forthcoming AppSec conference here. Please have a look at the last paragraph, where I propose to use these conferences for bi-yearly ModSecurity user meetings. Judging from the list of talks alone, it looks like OWASP AppSec Europe in Belgium is going to be a great conference, especially if you are interested in web application firewalls and ModSecurity: 1. I will be giving a talk on web application firewall evaluation (Evaluation Criteria for Web Application Firewalls), which will be based on the Web Application Firewall Evaluation Criteria (WAFEC) project. 2. Christian Folini will be discussing the REMO project (Positive ModSecurity rulesets / Input validation). 3. Alexander Meisel will be talking about how to best use a web application firewall (Best Practices Guide: Web Application Firewalls), which is based on the document of the same name (available in German, as PDF). 4. Mario Heiderich will be promoting the PHPIDS project (PHPIDS Monitoring attack surface activity). Ofer Shezaf, the Core Rules guru, and Ryan Barnett, the ModSecurity Community Manager will be there (Ofer will be giving his talk about web hacking trends: Trends in Web Hacking Incidents: What's Hot in 2008), as will be Christian Bockermann (it is rumoured), who has been working on some very interesting software related to ModSecurity. Finally, Ryan is going to be teaching a two-day ModSecurity training course, which will cover a lot of ground, starting from the basics and into the advanced stuff. This is a great-value course, and I urge you to register if you are a ModSecurity user. You will not only find out about stuff you never knew existed in ModSecurity, but we will also give a thorough overview of various web application security issues. In the recent survey, many people expressed a desire to meet with other ModSecurity users. Our community is large, but it's very diverse and spread geographically, and probably not yet large enough for regular local meetings. It strikes me that OWASP conferences may be a great opportunity for us to meet twice a year—once in Europe, and then the second time in the US. If you will be coming to the conference in Belgium and you are a ModSecurity user, please send me an email. With enough people interested, we may be able to organise a meeting. -- -- Ivan Ristic ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
RSS Feed