沙龙主题：外国知名安全专家分享

沙龙时间：2014年3月29日13:30-17:30

沙龙地点：上海市黄浦区西藏南路760号安基大厦1506(地铁8/9号线陆家浜路站4号口出来)

主办方：OWASP中国上海分会、上海汇哲信息科技有限公司
媒体支持：FreeBuf
费用：免费参与，饮料及餐饮自理

沙龙议程：

议题名称："Managing Web& Application Security with OWASP – bringing it all together"

演讲嘉宾：Tobias Gondrom isCEO at Thames Stanley, and he has 15 years of experience in softwaredevelopment, application security, cryptography, electronic signatures. Tobiasis OWASP Global Board Member and OWASP CISO Survey Project Lead. He is also thechair of the web security workgroup at the IETF(Internet Engineering TaskForce). Tobias has authored the Internet standards RFC 4998, RFC6283 and RFC 7034, also co-authored the books “Secure Electronic Archiving“ andthe OWASP CISO Guide. Tobias is a frequent presenter at conferences andpublication of articles (e.g. AppSec, IETF, ISSE etc).

议题简介：Setting up,managing and improving your global information security organization usingmature OWASP projects and tools. Achieving cost-effective application securityand bringing it all together on the management level. A journey throughdifferent organizational stages and how OWASP tools help organizations movingforward improving their web and application security. This talk will discuss anumber of quick wins and how to effectively manage global security initiativesand use OWASP tools inside your organization. 

议题名称：再谈RESTful API的安全

演讲嘉宾：王文君是HP Software安全架构师，负责HP软件威胁建模，安全测试，风险响应以及安全培训。现任OWASP上海区负责人之一，OWASP中国AntiSamy Java项目和Mobile Security项目负责人之一。同时也是《Web应用安全威胁与防治 – 基于OWASPTop 10与ESAPI》作者之一，以及《Android应用程序安全》译者之一。

议题简介：RESTful API已经被各个web应用广泛采用，而且业界已经有很多的框架供我们使用。本议题讲解RESTful API一些常见的设计漏洞，以及如何利用一个常见的RESTful framework漏洞得到Shell。

议题名称：New BrowserSecurity Technologies

演讲嘉宾：Tobias Gondrom

议题简介：Protecting againstInsufficient Transport Layer Protection: HSTS – HTTP Strict Transport Security,Cert Pinning, and New Protection against XSS and Clickjacking: X-Frame-Optionsand CSP

致谢：

场地支持：此次沙龙地点由上海汇哲信息科技有限公司提供

报名方式：请提供(OWASP中国区会员编号+姓名)邮件到member#owasp.org.cn报名， 邮件标题请注明“参加OWASP2014上海沙龙”。