OWASP AppSec USA 2010 is Coming to California!

FOR IMMEDIATE RELEASE:
Open Web Application Security Project (OWASP) announces AppSec USA 2010, the premiere web application security conference in North America

Los Angeles, California – July 9, 2010 - Open Web Application Security Project (OWASP) announces AppSec USA, which will be held from September 7 to 10 at the University of California at Irvine.

The conference consists of two days of in-depth training classes on September 7 and 8, followed by two days of plenary sessions on September 9 and 10. BOF (Birds of Feathers) sessions and panel discussions round out the conference offerings.
Jeff Williams, keynote speaker and Chairman of the OWASP Foundation notes, “Software is simultaneously getting radically more critical, complex, and interconnected. This creates a perfect storm for attackers, who are having a field day with our systems. We will never hack our way secure. Instead, we need to change the way we think about software, build software, and buy software. OWASP's audacious goal is to reach all developers everywhere and help them build rugged code - because our future depends on it”.

Williams continues, “I've attended many OWASP AppSec Conferences, and they truly bring together the leading researchers, innovators, and community leaders to focus on application security in a free and open noncommercial forum. There's a fantastic sense of community and shared purpose. We encourage anyone interested in secure code to come and find out what application security is all about. Our 501(c)(3) not-for-profit status allows us to keep prices extremely low”.

Another keynote speaker, Bill Cheswick, is a well known security researcher with AT&T Research; his very popular book Firewalls and Internet Security has influenced many security practitioners.

The third keynote speaker, David Rice, is an internationally recognized information security professional. Mr. Rice , author of the highly acclaimed book, Geekonomics, which promotes awareness of the true cost of insecure software, made significant contributions to advance the security of our nation’s critical infrastructure.

HD Moore, the final keynote speaker, is widely acclaimed for his creativity and technical skills, and brings a distinct perspective to AppSec. Mr. Moore’s best known contribution to the security community is the Metasploit Project, an open-source project which can be used to find vulnerabilities in computer systems in order to protect or exploit them.

Irvine, located in Southern California, is beautiful year-round and the UC Irvine campus offers famous architecture, a large park, art, and modern facilities in a pleasant environment. Irvine is situated in the heart of Orange County and is next door to Los Angeles, San Diego, and many other attractions.

Richard Greenberg, Co-Chair of Conference Organizing Committee, says, “If you can only get away from the office for one conference, this is it. We all are aware of the insidious exploits taking advantage of all types of application security vulnerabilities”.

Greenberg continues, “We need to learn from the experts in order to counter the attacks - to build solid and secure applications. The knowledge we pride ourselves of amassing is insufficient to meet the new evolving threats. Only by sharing our collective wisdom and experiences can we realistically expect to protect our assets”.

The conference is still soliciting sponsors of different levels.
For more information on sponsorship, or to register, please visit http://www.AppSecUSA.org or contact Kate Hartmann at kate.hartmann@owasp.org.

Know Your Neighbor

Protecting sensitive and confidential information at work is everyone's job. There are usually a vast amount of security protections in place, but there are additional safeguards we can all practice.


Something as simple as knowing who your neighbors are can go a long way towards providing these protections. If you know who should be in the neighboring office or looking at the computer on the next desk, you can help protect information by making sure that the person you observe has a right to be there. If you do not believe that the person has that right, asking the simple questions like, “Who are you?” and, “Why are you here?” can be a tremendous help.  Asking your supervisor if the person has a right to be there is another way to protect information. As supervisors and managers, you must respect and support your subordinates’ inquiries.


It is everyone’s responsibility to look out for and report any suspected Privacy or Security breach. You don’t have to be sure there is a breach, you just have to be observant. If something doesn’t look right, alert the people who have the job of being sure. This responsibility to be observant and report what doesn’t look right can protect more than just information. This is a good practice at any time.


The simple question you need to ask yourself is, “If it was my information being displayed, should this person be looking at it or taking it away? If you don’t like the answer, do the right thing and report the situation in a timely manner, before it can become a security incident. Notify your supervisor or your Help Desk if you think things are not right. It is all of our jobs!