Preliminary Call For Papers
Refereed Papers Track at OWASP AppSec Europe 2007 Conference
Date: April or May 2007
Location: Italy
(Precise date and location to be confirmed, please consult
http://www.owasp.org/index.php/6th_OWASP_AppSec_Conference_-_Italy_2007
for details as they become available)
The Open Web Application Security Project (OWASP,
http://www.owasp.org) is dedicated to finding and fighting
the causes of insecure software. OWASP has dozens of projects
and over 50 chapters worldwide focused on application security.
Our high quality tools and documentation are used everywhere,
including the freely available book-length "Guide to Secure
Web Applications and Services", the leading web application
penetration testing tool called "WebScarab", and an advanced
web application security training application called "WebGoat".
The OWASP Foundation, a not-for-profit charitable
organization, ensures the ongoing availability and
support for this work.
The OWASP AppSec conferences
(http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference)
bring together application security experts, researchers and
practitioners from all over the world. Industry and academia
can meet to discuss open problems and new solutions in
application security. The conferences offer tutorials, keynotes,
and invited presentations.
As in 2006, the OWASP AppSec Europe 2007 conference will feature
a refereed papers track. The goal of the refereed papers track is
twofold:
1) to give academic researchers in web application security
the opportunity to share their research results with
practitioners, and
2) to give industry people the possibility to share
experiences with the OWASP community.
Hence both research papers as well as experience papers pertaining
to all aspects of web application security are solicited. Papers
should describe new ideas, new implementations, or experiences
related to web application security.
Topics of interest include, but are not limited to:
- Web application security
- Threat modeling of web applications
- Vulnerability analysis of web applications (code review, pentest,
static analysis, scanning)
- Countermeasures for web application vulnerabilities
- Secure coding techniques
- Static and dynamic analysis of web application technologies
- Platform or language (e.g. Java, .NET) security features that
help secure web applications
- Open source framework features that help secure web applications
- How to use databases securely in web applications
- Experiences or new ideas on Secure Development Lifecycles (SDLC)
- Experiences using web application security scanning or code
analysis tools
- Access control in web applications
- Trusted computing solutions for web applications
- Non-repudiation in web applications
- Web services security
- AJAX security
- Security of Service Oriented Architectures
It is explicitly allowed to submit papers that have already been
published, but in a publication channel with a different audience.
In particular, papers that have already been presented at academic
conferences are welcomed, and will be refereed on how interesting
and valuable they are to an OWASP audience. Authors are encouraged
to motivate in the paper why they consider the paper relevant for
the OWASP audience.
For accepted papers, and where allowed by possibly existing
copyrights on the paper, the papers will be published in a
proceedings distributed as a technical report from the
Katholieke Universiteit Leuven, Belgium.
Important dates (APPROXIMATE - will become final when the
conference date is decided):
Submission deadline (Draft Paper): Feb 15, 2007
Notification of acceptance: Mar 15, 2007
Final version due: April 1, 2007
Conference: April or May
Instructions for authors:
Submissions should be at most 12 pages long in the Springer
LNCS Style for Proceedings and Other Multiauthor Volumes.
Templates for preparing papers in this style for LaTeX, Word,
and other word processors can be downloaded from:
http://www.springer.com/sgw/cda/frontpage/0,11855,5-164-2-72376-0,00.html
All submissions should be sent in Adobe Portable Document Format (pdf) to
Frank Piessens at Frank.Piessens_at_cs.kuleuven.be.
Programme Committee:
Sebastien Deleersnyder, Ascure
Lieven Desmet, Katholieke Universiteit Leuven
Martin Johns, University of Hamburg
Benjamin Livshits, Microsoft Research
André Mariën, Ubizen
Mattia Monga, Università degli Studi di Milano, Italy
Johan Peeters, secappdev.org
Frank Piessens, Katholieke Universiteit Leuven (chair)
Erik Poll, Radboud Universiteit Nijmegen
Maarten Rits, SAP Research Labs
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
-------------------------------------------------------------------------
Sponsored by: Watchfire
Today's hackers exploit web applications to expose, embarrass and even
steal. Firewalls and SSL may be commonplace but recent studies indicate 3
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing
Challenges in Application Security" whitepaper, explains what to do and
provides a guideline to improving your own application security.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
