OWASP中国2014上海沙龙

沙龙主题：外国知名安全专家分享

沙龙时间：2014年3月29日13:30-17:30

沙龙地点：上海市黄浦区西藏南路760号安基大厦1506(地铁8/9号线陆家浜路站4号口出来)

沙龙议程：

议题名称："Managing Web & Application Security with OWASP – bringing it all together"

演讲嘉宾：Tobias Gondrom is CEO at Thames Stanley, and he has 15 years of experience in software development, application security, cryptography, electronic signatures. Tobias is OWASP Global Board Member and OWASP CISO Survey Project Lead. He is also the chair of the web security workgroup at the IETF(Internet Engineering Task Force). Tobias has authored the Internet standards RFC 4998, RFC 6283 and RFC 7034, also co-authored the books “Secure Electronic Archiving“ and the OWASP CISO Guide. Tobias is a frequent presenter at conferences and publication of articles (e.g. AppSec, IETF, ISSE etc).

议题简介：Setting up, managing and improving your global information security organization using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organizational stages and how OWASP tools help organizations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organization.

议题名称：再谈RESTful API的安全

演讲嘉宾：王文君是HP Software安全架构师，负责HP软件威胁建模，安全测试，风险响应以及安全培训。现任OWASP上海区负责人之一，OWASP中国AntiSamy Java项目和Mobile Security项目负责人之一。同时也是《Web应用安全威胁与防治 - 基于OWASP Top 10与ESAPI》作者之一，以及《Android应用程序安全》译者之一。

议题简介：RESTful API已经被各个web应用广泛采用，而且业界已经有很多的框架供我们使用。本议题讲解RESTful API一些常见的设计漏洞，以及如何利用一个常见的RESTful framework漏洞得到Shell。

议题名称：New Browser Security Technologies

演讲嘉宾：Tobias Gondrom

议题简介：Protecting against Insufficient Transport Layer Protection: HSTS - HTTP Strict Transport Security, Cert Pinning, and New Protection against XSS and Clickjacking: X-Frame-Options and CSP

致谢：

场地支持：此次沙龙地点由上海汇哲信息科技有限公司提供

媒体支持：沙龙官方媒体继续由FreebuF黑客与极客 (围脖)全程支持

报名方式：请提供(OWASP中国区会员编号+姓名)邮件到member#owasp.org.cn报名， 邮件标题请注明“参加OWASP2014上海沙龙”。