Call For Papers: 2006 OWASP AppSec Europe Conference

[dave.wichers at aspectsecurity.com (Dave Wichers)]

Call For Papers - Refereed Papers Track at OWASP AppSec 
Europe 2006 Conference 


The Open Web Application Security Project (OWASP, 
http://www.owasp.org) is dedicated to finding and 
fighting the causes of insecure software. OWASP has 
dozens of projects and over 50 chapters worldwide 
focused on application security. Our high quality 
tools and documentation are used everywhere, 
including the freely available book-length "Guide 
to Secure Web Applications and Services", the leading 
web application penetration testing tool called 
"WebScarab", and an advanced web application security 
training application called "WebGoat". 
The OWASP Foundation, a not-for-profit charitable 
organization, ensures the ongoing availability and 
support for this work.

The OWASP AppSec conferences 
(http://www.owasp.org/conferences.html) bring together 
application security experts, researchers and 
practitioners from all over the world. 
Industry and academia can meet to discuss open problems 
and new solutions in application security. 
The conferences offer tutorials, keynotes, and invited 
presentations. 
  
For the first time, the 2006 OWASP AppSec Europe 
conference will feature refereed papers. Original research 
papers pertaining to all aspects of web application 
security are solicited. Papers should describe new ideas, 
new implementations, or experiences related to web 
application security. 

Topics of interest include, but are not limited to: 

 - Web application security 
 - Threat modeling of web applications 
 - Vulnerability analysis of web applications (code review, 
   pentest, static analysis, scanning) 
 - Countermeasures for web application vulnerabilities 
 - Secure coding techniques 
 - Static and dynamic analysis of web application technologies 
 - Platform or language (e.g. Java, .NET) security features 
   that help secure web applications 
 - Open source framework features that help secure web applications
 - How to use databases securely in web applications 
 - Experiences or new ideas on Secure Development Lifecycles (SDLC) 
 - Experiences using web application security scanning or code 
   analysis tools 
 - Access control in web applications 
 - Web services security 

It is the intention of the organizers to publish accepted 
papers in a conference proceedings. 


Important dates: 

Submission deadline (Draft Paper): March 20
Notification of acceptance: April 20 
Final version due: May 20 
Conference: May 29-31, 2006 (May 29 training 
day) (May 30-31 Conference) 

Instructions for authors:

Submitted papers should not substantially overlap with papers 
that have been published. Submissions should be at most 12 pages 
long in the Springer LNCS Style for Proceedings and Other 
Multiauthor Volumes. 
Templates for preparing papers in this style for LaTeX, Word, 
and other word processors can be downloaded from:
http://www.springer.com/sgw/cda/frontpage/0,11855,5-164-2-72376-0,00.html

All submissions should be sent in Adobe Portable Document 
Format (pdf) to Frank Piessens at 
Frank.Piessens_at_cs.kuleuven.ac.be.

Programme Committee: 
Konstantin Beznosov, University of British Columbia, Canada
Sebastien Deleersnyder, Ascure and OWASP Belgian Chapter, Belgium
Andreas Fuchsberger, Royal Holloway, University of London, UK
Andre Marien, Ubizen, Belgium
Mattia Monga, Milan University, Italy
Johan Peeters, secappdev.org, Belgium
Frank Piessens, Katholieke Universiteit Leuven, Belgium (chair)
Erik Poll, Radboud Universiteit Nijmegen, The Netherlands
Maarten Rits, SAP Research, France
Chris Vanden Berghe, IBM Research, Switzerland