Open Web Application Security Project (OWASP)
OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security.
This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.
Days until the next conference
NL-1078 GZ Amsterdam
Amsterdam RAI Exhibition and Convention Centre
21-07-2014 | Last month, I had the opportunity to attend OWASP AppSec Europe in Cambridge. The conference was split into two parts. The first two days consisted of training courses and project summits, where the different OWASP project teams met to discuss problems and further proceedings, and the last two days were conference and research presentations. Read more
25-11-2013 | Last week I attended the OWASP AppSecUSA conference in New York City. OWASP AppSecUSA as the name implies focused on application security. I only had the opportunity to attend the last two days of the conference, but there was training and other events earlier in the week. Overall I came away from the conference with a positive experience. Read more
30-08-2013 | I was lucky to be able to attend OWASP’s AppSec EU Research conference in Hamburg, Germany. I’ve been to the one in Dublin and looked forward to the German edition. With 400+ attendees I thought that the conference was surprisingly well attended. And rightfully so. The people organising it were doing a fantastic job. Everything seemed to work smoothly and although I volunteered I was able to see a good bunch of talks. Read more
20-09-2012 | As the sun sets over the Irish Sea just outside my window, I feel hopeful that OWASP is finding its way and there is a bright future for security. A few points then, and a clarification on that comment about OWASP finding its way.
First, Jim Manico who is one of the smartest AppSec people I can name, loves to teach people how to develop more securely and his genuine excitement over OWASP’s push to return to teaching secure development was a beacon for me. Read more
This talk will discuss the past methods used for XSS defence that were only partially effective. Learning from these lessons, will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer.
This presentation will delve into the science and process behind secure code review and will continue to discuss a simplified approach to secure code review
A panel discussion with Michael Coates (Mozilla), Chris Evans (Google), Jeremiah Grossman (WhiteHat Security), Adam Mein (Google), Alex Rice (Facebook)
The talk uses fresh examples of application cryptography successes and failures, and also incorporates the new OWASP ESAPI.
Architects and developers often perceive threat modeling as being too difficult. During this talk, we’ll attempt to bust these myths and show how organizations can incrementally obtain better results.