OWASP Italy

Welcome to the OWASP Italy Chapter!

We aim to regularly organize the following activities of the chapter:

  • One annual conference, the OWASP Italy Day
  • Three virtual OWASP Italy Meetups (over Zoom)

How can you help?

  • If you would like to speak at the OWASP Italy Day, keep an eye on open calls for speakers before the event or contact the leaders for informal inquiries
  • If you would like to organize or be involved in a meetup, contact the leaders to apply
  • Attend the events: The success of the events depends upon you!
  • Spread the word: Reaching out for more people who may be interested in our activities
  • Keep in touch: Join our community on Meetup

Participation

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapter Leader Handbook. Financial contributions should only be made online using the authorized online donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP Project, independent research, or related software security topic you would like to present.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.

Stay tuned for the next update!

NEXT INCOMING EVENT 20th June: OWASP Italy Day in Cagliari!

For further details and registration regarding the event, please refer to the following link

2024 Planned Events

We are planning the following events for 2024:

  • Thanks to Stefano Chiccarelli and MOCA team, Giuseppe Porcu and Stefano Maistri are organizing a booth for OWASP Italy @ M0CA 2024

  • 2 Meetup online meetings: July and November


Past Event 2024:

21st March 2024: OWASP Italy at Security Summit 2024

Please refer to the following link

8th March 2024 - OWASP Italy Meetup

Please refer to the following link


Past Events 2023

Meetup online meetings - 24th November 2023

For further details regarding the event, please refer to the following link

OWASP Italy Day - PoliMi University - 11th September 2023

For further details regarding the OWASP Italy Day 2023, please refer to the following link

OWASP Italy @ CyberJourney 2023

Where: Thotel Cagliari

When: 22nd June 2023

Thanks to AssureMoss H2020 and CyberJourney, we will have 4 talks from our chapter talking about AppSec and OWASP!

Link: https://cyberjourney.it

OWASP Italy @ Security Summit 2023

Where: Unahotels Expo Fiera Milano, Via Giovanni Keplero 12, Pero (Mi)

When: 15th March at 3 PM.

More information here

Past Events 2021-2022

ASSG 2022: AppSec and Cybersecurity Governance 2022

Last 7th October 2022 thanks to the collaboration with Ca’ Foscari University of Venice and ISACA Venice we held the AppSec and CyberSec Governance Conferance in the scientific campus of Ca’ Foscari. More information here

OWASP Italy @ RomHack 2022

We had the chance to be part of the RomHack Community last 23-24-25th September 2022. More information online

OWASP Italy meetup - 16th June 2022

The program of the event is available online

OWASP Italy meetup - 25th March 2022

The program of the event is available online

OWASP Italy Meetup - 17th December 2021

The program of the event is available online

OWASP Italy Meetup - 30th September 2021

The program of the event is available online

OWASP Italy Day - 28th April 2021

The program of the event is available online

OWASP Italy Meetup - 26th March 2021

  • 14:00 OWASP News and Introduction - Matteo Meucci, Stefano Calzavara
  • 14:30 - 17.00: Heap exploitation and CTF - f00kies@unive

Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.


OWASP Italy Day 2024

Cagliari - 20th June 2024

For further details regarding the OWASP Italy Day 2024, please refer to the following link


PAST EVENTS

OWASP-Italy@ISACA VENICE 2020

Thanks to ISACA Venice, we had a talk on Software Security last 4th October 2020. Where: UNAHOTELS EXPO FIERA, via Keplero 12, Pero Please see the presentations here:

More information here: ISACA VENICE AppSec Conf 2020

OWASP Day in Udine - 14th December 2019

The conference has taken place September 14th December 2019.

More information here:

https://www.owasp.org/index.php/Italy_OWASP_Day_Udine_2019

OWASP/WIA initiatives - 26th March 2019

Thanks to Loredana Mancini and Zoe Braiterman we will have an OWASP-Italy /WIA initiatives at the Link Campus in Rome next 26th March. Venue: Link Campus University Via del Casale di San Pio V, 44 - 00165 Roma (RM)

Speakers: Prof.ssa Paola Giannetakis (Link Campus University), Zoe Braiterman (OWASP/WIA Chair), Luciana Scognamiglio (Senior security expert /HPE), Matteo Meucci (OWASP-Italy Chair).

http://it.expandi-web.com/aruba/2019/aruba_oswap/form.html

OWASP-Italy@Security Summit 2019

Thanks to CLUSIT, Giuseppe Trotta and Lorenzo De Meo had a talk at the OWASP-Italy corner during the Security Summit in Milan When: 14th March 2019 at 16:10-16:50 Where: UNAHOTELS EXPO FIERA, via Keplero 12, Pero Please see the presentations here: Federico De Meo: “Cloud Security Testing”

Giuseppe Trotta: “New generation of phishing attacks”

OWASP-Italy Cagliari Day 2018 - 19th October 2018

Università di Cagliari.

More information here: Italy OWASP Day 2018

OWASP-Italy Day 2018 @ Milano 16th June 2018

Politecnico of Milano

More information here: Italy OWASP Day 2018

OWASP Italy @ Security Summit 2018

OWASP Italy did participate to the Security Summit 2018 in Milan with 2 talks. More information here: https://www.securitysummit.it/agenda-details/93

OWASP-Italy Day 2017 @ Cagliari 20th October 2017

Cagliari , 6th October 2017, Università di Cagliari

More information here: Italy OWASP Day 2017

OWASP-Isaca Conference @ Venice 6th October 2017

V Conference on Application Security and Modern Technologies

Mestre, 6th October 2017, Università Ca’ Foscari

http://www.isaca.org/chapters5/Venice/Pages/default.aspx

OWASP Italy @ Security Summit 2017

OWASP Italy will participate to the Security Summit 2017 in Milan with 2 talks. Antonio Parata will give a talk on EyePyramid malware and Fabrizio Bugli will talk about (3rd) Party like nobody’s watching

https://www.securitysummit.it/agenda-details/93

OWASP AppSec Europe 2016 in Rome!

![](OWASPAppSecEU2016.jpg "File:OWASPAppSecEU2016.jpg")

OWASP is organizing the next OWASP AppSecEU in Rome. See the agenda and buy your ticket here: http://2016.appsec.eu/

OWASP Italy @ Security Summit 2016

OWASP Italy will participate to the Security Summit 2016 in Milan with 2 talks. See here for all the details

Adopt OSS. First Edition

OWASP Italy is pleased to announce a new initiative: Adopt OpenSourceSoftware Given OWASP’s mission to help organizations with application security, we have established a new initiative to provide free, voluntary-based support to open source software projects. Thanks to Adopt OSS, security enthusiasts are paired with participating open source projects, thus gaining exposure to real-life security engineering challenges and the opportunity for career growth. In turn, the participating projects are able to obtain free professional expertise to better improve their security posture, and ultimately build secure software. Over a six months period, OWASP Italy will facilitate the effort by coordinating the initiative and providing support when needed. The first edition of this initiative will take place between May and November 2015, and will see the participation of 7 OWASP Italy members and 3 major OpenSource projects. At the end of the six months period, OWASP Italy will publish results and feedback from both volunteers and OSS maintainers. The official flyer can be downloaded from here.

Ntopng

Alessio Petracca, Mattia Folador, Giuseppe Longo Ntop is the de-facto standard for real-time network traffic monitoring. OWASP Italy wants to help the project by increasing the security level of ntopng, performing security testing activities and supporting the remediation process. We will act in two steps:

  • First, a penetration test targeting the web interface of ntopng will be performed, following the OWASP Testing Methodology
  • Secondly, source code review of ntopng main components (such as the C++ core engine) will be statically reviewed. The objective is to address all relevant checks contained within the OWASP Code Review Guide

In case the activities above are completed before the end of the six-months period, additional activities (such as the development of security plugins) will be discussed. Luca Deri and Arianna Avanzini will support Alessio Petracca and Mattia Folador in these activities, by providing guidance and insights.

WordPress

Paolo Perego, Sandro Zaccarini WordPress is the facto standard for web publishing. If you need a blog, if you need a new showcase website for your portfolio or a tiny e-commerce web site for your small company you will look at WordPress to start. Paying the cost to be the boss, WordPress during the years suffered tons of security issues, 3 major issues only in the beginning of May 2015. Either the core, plugins and themes are developed with easy to use in mind and they need to be hardened. OWASP Italy wants to support WordPress adopting it with the “Stand by WordPress” initiative. We will deploy the software in three different standard configurations: blog, company’s portfolio and e-commerce. We will do continuous appsec during development of 4.3 version in order to quickly spot security issues before the August release. In addition, we will take care of hardening guidelines and both plugins and themes subsystems in order to improve the overall architecture. You can follow the progress of the “Stand by WordPress” initiative here: https://standbywordpress.wordpress.com

GlobaLeaks

Luca Carettoni, Giovanni Cerrato, Marco Lancini

GlobaLeaks is the first open-source whistleblowing framework. It empowers anyone to easily set up and maintain an anonymous whistleblowing platform. Considering the potential hostile environments in which the application may be hosted, security vulnerabilities and abuses are primary concerns for GlobaLeaks’ maintainers. We want to help the team in their excellent application security practices, by performing vulnerability research activities in order to discover unknown bugs within the boundaries of their specific threat model. In particular, we will be focusing on two main software components (GLBackend and GLClient) and new security-relevant changes (upcoming authentication re-factoring and end-to-end encryption).

For more information on Adopt OSS, please send an email to [email protected]

== OWASP Italy @ Security Summit 2015 == OWASP Italy participated to the Security Summit 2015 in Milan with 3 talks. See here for all the details

OWASP-Isaca Conference @ Rome 11-12th December 2014

The agenda is online!

http://www.isacaroma.it/images/owasp_agenda_11-12-12-2014.JPG

OWASP-Isaca Conference @ Venice 3rd October 2014

The agenda: ![](Venice2014.jpg "File:Venice2014.jpg") Here is the [flyer](/www-pdf-archive/OWASPVenice2014.pdf)

OWASP-Italy Day @ the University of Genova (14th May 2014)

Thank to the collaboration with Prof. Alessandro Armando and to the availability of Gary McGraw, Ph.D. CTO, Cigital we are planning an incredible OWASP Day next 14th May.

== OWASP Italy @ Security Summit 2014 == OWASP Italy participated to the Security Summit 2014 in Milan with 3 talks. See here for all the details

OWASP EU Tour 2013 - 27th June - Rome

Thanks to the collaboration with Università Degli Studi Roma Tre, next 27th June we will have the OWASP EU Tour Rome Conference. OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

The conference will be held at Università Degli Studi Roma Tre. Address: Via Vito Volterra, 62, Rome.

Here you can find the agenda and all the information to participate

OWASP Italy @ Security Summit 2013

OWASP Italy participated to the Security Summit 2013 in Milan with 2 talks. See here for all the details

OWASP Italy Day 2012: “Web Security in a Mobile World”

We are pleased to announce that the OWASP Italy Chapeter will host the OWASP Italy Day 2012 conference in Rome, Italy at the University of Rome La Sapienza next 23rd November 2012.

More information here

Partnerships

  • ISC2-Italian Chapter: Thanks to Marco Misitano, Paolo Ottolino and Claudio Sasso, OWASP Italy collaborates with the ISC2-Italian Chapter for new initiatives regarding Security Conferences, articles and contentes regarding SDLC.

https://www.owasp.org/images/a/a3/ISC2Italy.jpg

  • CSA Italy Partnership

https://www.owasp.org/images/6/6a/CSAItalylogo.gif

Thanks to Alberto Manfredi (CSA Italy President) we are starting a collaboration with the Italian Chapter of the Cloud Security Alliance.

  • IsecLab Partnership

http://www.owasp.org/images/4/4b/LogoIsecLab.png

We are beginning a collaboration with David Balzarotti and Marco Balduzzi of International Secure Systems Lab(IsecLab) with the goal of sharing and improving new WebAppSec projects.

  • CLUSIT Member

http://www.clusit.it/logo_clusit/clusit_logo_b130.gif

Thanks to CLUSIT and OWASP Foundation we have established a cross-membership between the two organizations. So OWASP-Italy is now a CLUSIT member and CLUSIT is an OWASP Educational Member.

  • ISACA Rome

http://www.owasp.org/images/9/98/Isacaroma.gif

Thanks to Ugo Spaziani, we are developing seminars and new ideas with ISACA Rome.

News

Security Summit 2012

- 21st March 2012, OWASP Italy will present 3 talks:

- Antonio Parata e Paolo Perego:”Security Testing for developers” - Giorgio Fedon: “Banking Malware evolution in Italy: defense approach” - Stefano Di Paola:”DOM Xss: la nuova generazione di vulnerabilità applicative” Please subscribe for free here: https://www.securitysummit.it/eventi/view/21

Security Summit 2011

- 15th March 2011, OWASP-Italy presented a seminar about OWASP news. Here you can download the presentations: - Matteo Meucci: “OWASP Future and the OWASP Guidelines: how your company can adopt it to obtain best results” - Paolo Perego: “OWASP tools for the Software Security” - Giorgio Fedon: “Myth Busting Automatic Code Review tools” More information here: https://www.securitysummit.it/eventi/view/24

OWASP Books are out!

Now you can download or buy a book on the OWASP Projects. Check it here: http://stores.lulu.com/owasp

Activities

  • (Jun 10): OWASP Testing Guide presentation at FBK (Fondazione Bruno Kessler).
  • (May 10): OWASP Training at London: last 28th May in London, OWASP leaders deliver a course focused on the main OWASP Projects. This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.

This Course was FREE for OWASP Members. http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_you_can_use_TODAY

  • (Jan 09) OWASP Testing Guide v3 is finished! You can download or browse it here
  • (Mar 07) Luca Carettoni has published an interview to OWASP-Italy (OWASP interviews OWASP :) )

Here the full article.

  • (Oct 06) ISACA Roma has published several interview with OWASP-Italy members:

Matteo Meucci Alberto Revelli Antonio Parata Paolo Perego Carlo Pelliccioni

  • Top10 Vulnerabilities - OWASP-Italy survey:

Image:Top 10 vulnerabilities-mini.GIF

  • (21 Jun 06) Infosecurity 2006: the event is organized and managed by the CLUSIT.

Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: “Web Application Security: guidelines and security auditing for web applications”. More info here

  • (1 Jun 06) “Quaderno CLUSIT”

CLUSIT has published a book entitled: “La verifica della sicurezza di applicazioni Web-based e il progetto OWASP”. Several OWASP-Italy members (R.Chiesa, L.De Santis, M.Graziani, L.Legato, M.Meucci, A.Revelli) have contributed to the writing. The document is now reserved to CLUSIT members, but will be made public in about 3 months.

  • (31 May 06) Luca Carettoni has published the article “La sicurezza delle applicazioni Web secondo l’Open Web Application Security Project”. Hereyou can read the full article.
  • (1 Mar 06) OWASP-Boston, Microsoft

Thanks to Jim Weiler, Matteo Meucci has presented “Anatomy of two web attacks” at the OWASP-Boston meeting. More info here

  • (18 Nov 05) IDC - European Banking Forum

Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we will have a great speech at the IDC European IT Banking Forum 2005. Agenda: - New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair

  • Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy

    • (Oct 05) SMAU 2005 is the 42a International ICT & Consumer Electronics Exhibition for Italy.

SMAU has accepted our submission! More info here

  • (Giu 05) Thanks to Massimiliano Graziani we have translated in italian the “OWASP Pen Test Checklist v.1.1”. You can download it here.

Thanks to the collaboration with CLUSIT, this doc is available also here.

  • (Apr 05) We have written an article describing the OWASP projects, Web Application Security and the next challenges. ICT Security.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.
  • The presentation of the seminar we have done in ISACA Rome (31th March 2005) is now available here.
  • (Apr 05) We have published a presentation describing a detailed case study of a web application vulnerabilty (MMS Spoofing).
  • (Mar 05) Thanks to Matteo Paolelli we have translated the “OWASP Top Ten Vulnerabilties in Web Application Security” in italian language. You can download it here.
  • Here you can read an interview talking about OWASP.

Events

15th March, 2011 - OWASP-Italy@Security Summit

- 15th March 2011, OWASP-Italy presented a seminar about OWASP news. Here you can download the presentations: - Matteo Meucci: “OWASP Future and the OWASP Guidelines: how your company can adopt it to obtain best results” - Paolo Perego: “OWASP tools for the Software Security” - Giorgio Fedon: “Myth Busting Automatic Code Review tools” More information here: https://www.securitysummit.it/eventi/view/24

November, 2010 - OWASP-Italy Day V

- OWASP Day for E-Gov 2010: 9th November 2010 - Rome. An event organized by Consip. More information here

November, 2009 - OWASP-Italy Day IV


Following on from the great success of last OWASP Days the forth conference has taken place in November 2009 in Milan. More information here OWASP Day for E-Gov 2009: 5th November 2009 - Rome. More information here

31st March, 2009 - OWASP-Italy @ PCI Milan


Matteo Meucci was invited to talk about OWASP Testing Guide and PCI-DSS Standard at the PCI Milan event last 31st March.

The presentation is published here

23rd February, 2009 - OWASP Day III


“Web Application Security: research meets industry” Presentations are online!

10th October, 2008 - Isaca Roma PCM 2008


Matteo Meucci presented the new OWASP Projects and the Application Security in the Italian Companies. More information here

31st March, 2008 - OWASP Day II


“The State of the Art of the Web Application Security and the OWASP guidelines in the Companies” Presentations are online!

February 2008 - OWASP Italy at InfoSecurity 2008


5th February:

  • 14:30 - The Owasp Orizon project: internals and hands on

Paolo Perego

6th February:

  • 14:30 - Costruire Software Sicuro dalle Fondamenta

Antonio Parata

7th February:

  • 10:30 - Tu programmi. Io buco.

Luca Carettoni

Here you can read more information about it.

November 30th, 2007 - OWASP-Italy @ Elsag Datamat Security Forum


Matteo Meucci was invited to talk about OWASP Guidelines and SDLC Security at the Elsag Datamat Security Forum 2007 Where: Pescara When: 30th November 2007, h.12.30

October 20th, 2007 - OWASP Italy at SMAU E-Academy 2007


Last 20th October 2007 we had 5 speeches at SMAU E-Academy 2007, here you can download our presentations:

  • Giorgio Fedon, COO at Minded Security:

“Dove sono finiti i miei soldi? Internet Banking e Cross Site Scripting” (coming soon) Image:FedonSMAU07.pdf

  • Paolo Perego, Senior Security Consultant at Spike Reply:

“The Owasp Orizon project - bring security at the source”

  • Antonio Parata, Security Consultant at eMaze:

“Valutazione del rischio tramite la logica fuzzy” (coming soon) Image:ParataSMAU07.pdf

  • Alberto Revelli, Senior Security Consultant at Portcullis Security:

“Anti-Anti-XSS: bypass delle difese del browser”

  • Stefano Di Paola, CTO at Minded Security:

“Cros-site Flashing! Gli attacchi Web di ultima generazione parlano multipiattaforma” (coming soon) Image:DiPaolaSMAU07.pdf

September 10th, 2007 - OWASP Day WorldWide: “Privacy in the 21st Century”


https://www.owasp.org/index.php/Italy_OWASP_Day_1

May 29th, 2007 - Seminar: “Software Security”


May 15th-17th, 2007 - 6th OWASP AppSec Conference in Italy


  • We are in the initial planning stages for the next OWASP Europe conference, which we plan to hold in Italy in May 2007.

Here you can find all the details about the conference, cfp and sponsorship.

April 14th, 2007 - Master on Information Security, University of Rome “La Sapienza”


March 30th, 2007 - University of Rome “La Sapienza”


  • Thanks to Prof. Mancini and Roberto D’Addario, we will talk about OWASP at the convention “Institutions, Companies and Information Security: comparing the problems”

Here you can find more details.

March 1st, 2007 - EuSecWest 07


Alberto Revelli and Matteo Meucci presented the new OWASP Testing Guide at EUSecWest. Here you take a look at the presentation.

February 6th-8th, 2007 - InfoSecurity


  • February 6th:15.30

After the great success obtained form CCC at Berlin, Stefano Di Paola and Giorgio Fedon will talk about:” Web Security Client Side: attacks at Web 2.0” More information here.

  • February 6th:16.30

After the great effort on the Testing Guide Project, Matteo Meucci and Alberto Revelli will present: “The new OWASP Testing Guide” More Information here.

  • February 7th:12.30

Authors of innovative SQL injection tools, Alberto Revelli and Antonio Parata will show: “Advanced SQL Injection: testing tools and defensive strategies.” More Information here

  • February 7th:13.30

Author of the new OWASP Orizon project, Paolo Perergo will present:”Secure programming: from theory to practice” More Information here.

January 25th, 2007 - Isaca Rome


Matteo Meucci will discuss the new OWASP Testing Guide v2 For more information: http://www.isacaroma.it/html/GiornateDiStudio.html

October 7th, 2006 - SMAU 2006


- “The quest for secure code: code review and fundamental of secure coding.” Matteo Meucci will present an introduction to the new OWASP Projects and OWASP-Italy activities. Paolo Perego (sp0nge) will speak about safe coding and the importance of code periodic review as natural software life cycle. Paolo will give a vision on code review and its phases http://www.webb.it/event/eventview/5772

Here are the presentations: Meucci_SMAU06 Perego_SMAU 06

- “Advanced SQL Injection.” Antonio Parata (S4tan) will explain SQL Injection, and how SQL Inference works on PHP/MySql platform. He will present an open source tool to support the testing. Alberto Revelli (icesurfer) will focus on Microsoft SQL Server: he will perform a live demo of sqlninja (http://sqlninja.sf.net), explaining how to obtain a pseudo-shell over SQL, how to escalate privileges, and how to play with the exotic equation: “SQL Injection + debug.exe + DNS = DOS prompt” ! http://www.webb.it/event/eventview/5774

Revelli_SMAU06 Parate_SMAU06 Image:OWASP-Italy at SMAU06 2.JPG Luca, Carlo, Alberto, Antonio, Stefano Matteo, Paolo, Giorgio

September 29th, 2006 - OpenExp 2006


September 30th, at 10:45 Antonio Parata (S4tan) will speak about SQL Injection: techniques, tools and practical examples.

Abstract: Antonio will introduce some basic concepts about software security. It will be shown how SQL Inference works on PHP/MySql platform and presented an open source tool to support the testing. Finally will be listed some advises to avoid common bugs. http://www.openexp.it/

OWASP-Italy will have a stand from September 29th to October 1st.

Image:Antonio Matteo Carlo.JPG Image:Antonio
speech.JPG Image:Carlo.JPG Image:Claudio
Luca.JPG Image:Mayhem
Matteo.JPG Image:OWASP
Banner2.JPG Image:OWASP
Banner.JPG

June 21th, 2006 - InfoSecurity 2006


Alberto Revelli and Matteo Meucci will partecipate as speakers at the seminar: “Web Application Security: guidelines and security auditing for web applications”. The event is organized and managed by the CLUSIT.

Where: Sheraton Roma Hotel - Viale Del Pattinaggio, 100 When: 10,30 - 17,00 Who: Matteo Meucci and Alberto Revelli Link: http://www.infosecurity.it/Roma/programma.php

Agenda: – I Session – Introduction to Web Application Security • Which are the risks? • Risk assessment of a web application • Core pillars of web security How to develop secure web applications: • Guidelines and case-studies

-- II Session – How to realize a security audit of a web application • The methodology OWASP Penetration Testing • The tools: OWASP WebScarab • Hands-on web application vulnerabilities: OWASP WebGoat • Advanced SQL Injection.

March 1st, 2006 - OWASP-Boston, Microsoft


Thanks to Jim Weiler (OWASP-Boston Chair), Matteo Meucci has presented “Anatomy of two web attacks” at the OWASP-Boston meeting of march. More info here

November 5th, 2005 - IDC - European Banking Forum


Thanks to Raoul Chiesa (Director of Communication OWASP-Italy), we have had a great speech at the IDC European IT Banking Forum 2005 (18 Nov 2005). http://www.idc.com/italy/events/banking05/banking05_agenda.jsp Agenda:

  • New standards for the ICT security auditing in the italian banking scenario: OSSTMM and OWASP. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy and Matteo Meucci, OWASP-Italy Chair
  • Workshop: unusual form of attacks and banking system violation: live experience. Raoul Chiesa, Director of Communications, ISECOM/OWASP-Italy.

You can download the report here.

You can download the Case-Study of a vulnerable Home Banking Web Application here.

October 5th, 2005 - OWASP-Italy@SMAU2005


SMAU is the 42a International ICT & Consumer Electronics Exhibition for Italy. Alberto Revelli (our Technical Director) and Matteo Meucci have conducted a seminar talking about Web Application Security. Alberto has presented his new project: sqlninja. Very cool!!

http://www.webb.it/event/eventview/4488/1/progetto_owasp__case_study_di_applicativi_web_vulnerabili

May 25th, 2005 - ISACA Rome 2nd meeting


May 25th we’ll be in ISACA Rome to present OWASP WebGoat and a real case of a Web Application Vulnerability. Every one is invited to join the meeting.

Here is the agenda: 14.30 Registration 14.45 Matteo Meucci - Web Application Security Phase II - OWASP WebScarab and PenTest Checklist

  • A case-study of a Web Application Vulnerability: MMS Spoofing

-– Web Application analysis — Authentication and Billing of the MMS service — Vulnerabilities — Attack Analysis

  • Learning the most common web application vulnerabilities: OWASP WebGoat

-– Http Basics — HTML Clues — Hidden Field Tampering — How to spoof a Session Cookie — Stored Cross Site Scripting — Command Injection — SQL Injection — Fail Open Authentication

The meeting is hold at: Via Volturno, 65 (Rome) - Auditorium ATAC

You can download the presentation here.

May 18th, 2005 - Workshop on Computer Crime 2005


May 18th, 2005 OWASP-Italy is invited to present OWASP Top 10 to the “Workshop on Computer Crime 2005” titled: “EVOLUZIONI NORMATIVE E RECENTI PROBLEMATICHE DI SICUREZZA”

The meeting is held at: Sala delle conferenze dell’Istituto Centrale della Banche Popolari Italiane Via Verziere, 11

You can download the presentation here.

March 31th, 2005 - ISACA Rome meeting


March 31th we’ll be in ISACA Rome to present OWASP and the Web Application Security. Every one is invited to join the meeting.

Here is the agenda: 14.15 Registration 14.30 Matteo Meucci - Web Application Security - OWASP Guide: how to build secure web application

  • How to test your Web Application: WebScarab and the WebApp PenTest Checklist - How to learn the most common web application vulnerability: WebGoat - The Top Ten WebApp vulnerabilities - Common error on developing Web Application: Authentication mechanisms not “secure” Buffer Overflow and crash of the service Thief of identity: Cross Site Scripting Manipulation of company data: SQL Injection Reserved information: misconfiguration Bad session management and thief of identity - OWASP-Italy: projects and next challenges

The meeting is hold at: Via Volturno, 65 (Rome) - Auditorium ATAC http://www.isacaroma.it/html/GiornateDiStudio.html

You can download the presentation here.

March 21th, 2005 - OWASP-Italy conducts a seminar in AlmaWeb


March, the 21th OWASP-Italy has been invited at the University of Bologna to conduct a seminar regards to Master in Management and Information Technology titled “Web Application Security and OWASP”.

Here is the agenda: - OWASP & Web Application Security - Common Web Application Vulnerabilities - A real case of web application vulnerability: MMS Spoofing\&Billing - Training: WebGoat

Publications

October 2009 Interview on “Il sole 24 ore”


Gary McGraw and Matteo Meucci interviewed by NOVA, talking about BSIMM and OWASP.

March, 2007 Interview on HTML.it


Luca Carettoni has published an interview to OWASP-Italy (OWASP interviews OWASP :) ) Here the full article.

October, 2006 ISACA Roma interviews OWASP-Italy


After the speeches that OWASP-Italy has done at SMAU E-Academy 2006, ISACA Roma has interviewed some of the people of the Italian chapter. Follow the links for the full interviews (in italian): Matteo Meucci Alberto Revelli ] [Antonio Parata Paolo Perego Stefano Di Paola & Giorgio Fedon

Aug, 2006 - Article on Banca Finanza magazine


Banca Finanza, the italian magazine about finance and banking, has interviewed Raoul Chiesa talking about the new risks for the on-line banking security. Raoul speaks about OWASP and web application security Media:042006BF.pdf

June, 2006 - Quaderno CLUSIT


CLUSIT has published a book entitled: “La verifica della sicurezza di applicazioni Web-based e il progetto OWASP”. Several OWASP-Italy members (R.Chiesa, L.De Santis, M.Graziani, L.Legato, M.Meucci, A.Revelli) have contributed to the writing. The document is now reserved to CLUSIT members, but it will be public in about 3 months.

June, 2006 - Paper on SQL Injection and Inference on PHP/MySQLInference


Antonio “s4tan” Parata has published an article about SQL Injection based on Inference for testing web application on PHP/MySQL platform. Hereyou can read the full article.

May, 2006 - Published an article about OWASP and Top-10 Vulnerabilities


Luca Carettoni has published the article “La sicurezza delle applicazioni Web secondo l’Open Web Application Security Project”. Hereyou can read the full article.

June, 2005 - OWASP Pen Test Checklist v 1.1 in Italian


Thanks to Massimiliano Graziani we have translated in italian the “OWASP Pen Test Checklist v.1.1”. You can download it here. Thanks to the collaboration with CLUSIT, this doc is available also here.

May, 2005 - Isaca Roma Newsletter about OWASP-Italy


ISACA Roma Newsletter has published an interview to OWASP-Italy

April, 2005 - Published “MMS Spoofing”


We have published a presentation describing a detailed case study of a web application vulnerabilty (MMS Spoofing).

Jim Hewitt, CISSP PMP working at CGI-AMS, affirms (slide#78): “Very interesting analysis of spoofed cell phone messaging and fraudulent billing”. See: www.techvalleynyissa.org/Resources/2005_07_WebApplicationSecurity.ppt

April, 2005 - Published an article on ICT Security magazine


We have written an article describing the OWASP projects, Web Application Security and the next challenges. ICT Security.(the italian magazine about Information Security) has published the article on the number 33 - April 2005.

March, 2005 - OWASP Top-10 in Italian


Thanks to Matteo Paolelli we have translated the “OWASP Top Ten Vulnerabilties in Web Application Security” in italian language. You can download it here.

January 2005 - OWASP Italy was born!

Matteo Meucci did found the OWASP Italy Chapter


Tools & Research


Nov, 2007 - sqlmap v0.5

Bernardo Damele and Daniele Bellucci have released the fifth versions of the tool sqlmap. sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

You can download the latest stable version from its SourceForge File List page or the latest development version from its SourceForge SVN repository.

Dec, 2006 - sqlmap v0.2

Bernardo Damele and Daniele Bellucci have released a second version of the tool “sqlmap” for Automatic Blind SQL Injection. Here you can download the tool

September, 2006 - Wisec Project

Stefano Di Paola is developing Wisec - The Wiki Security Project Here you can accesses the project.

July, 2006 - Sqlmap v0.0.1

Daniele Bellucci has developed a first version of the tool “sqlmap” for Automatic Blind SQL Injection. Here you can download the tool


NOTOC

Category:OWASP_Chapter Category:Europe

``` {info.md}

This separate file is where you should place links to your Google Group and Meetup page. It will be automatically rendered in the column sidebar.

{leaders.md}

Another separate file that should simply include each leaders name with mailto link as a list. It will also be automatically rendered in the column sidebar.

–>