The OWASP AppSec Conference series is a focused forum for industry and security researchers to communicate about application security issues. OWASP Delhi Chapter is dedicated to supporting OWASP initiatives and is committed to the growth of the application security community in India.

OWASP Appsec India conference 2008 was a two day event; with first day being the conference on “Application Security Trends & Challenges” and second day was dedicated to six sessions of multi-track trainings covering today’s burning application security issues. Trainings were conducted by industry leaders and experts in application security representing organizations like HP Software, Microsoft, Aspect Security Inc. , Security Compass, BlueInfy and SecuRisk Solutions, USA.

This premier event was proudly backed by HP Software as one of the premium sponsors among others who are the leading players in security space such as Torrid Networks, SDG Corporation, Paladion Networks, Armorize Technologies / OSTFOLD Software and supported by CERT-IN, Data Security Council of India (a NASSCOM initiative) and ISC2 – the world leader in information security trainings and certifications. Over 300 delegates from over 80 companies participated in this first-of-its-kind grand gathering to place in India. The participation also included delegations from Hong Kong, Sri Lanka, Middle East and other neighboring countries.

The conference featured key personalities such as Dr. Kamlesh Bajaj – CEO DSCI , Mr. Mano Paul – Software Assurance Advisor, ISC2 , Jason Li- OWASP Foundation, Mr. Murli Krishnan from HP Software who delivered the conference keynote talk.

Welcoming the delegates, Dhruv Soi, the founder and director of OWASP Delhi chapter said,

The ‘web surface’ is always left open and becomes the most critical asset to be protected from external or internal threats. Web security can only be achieved by making the software development and deployment teams aware about software security roles fitting into their profiles and then, equipping them with right set of tools, frameworks and guidelines. This inherits security into software development life cycle at much lower cost than estimated by most of the companies. OWASP’s launch in India with this particular event opens up opportunities for the Indian industry to become aware about software security and take advantage of the tools, guidelines already developed by volunteer members of OWASP from around the world. With more companies around the world getting matured and emerging as direct competitors to the Indian industry, it’s the time to lay-off traditional software development approach where focus is more towards functionality of approach with least privilege to security and get recognized as leaders in ‘Secure Software Development’, to eventually deliver a secured environment to our clients and customers.

Delivering the Keynote Mr. Jason Li from OWASP Foundation talked about how OWASP is growing worldwide through its local chapters and the increasing number of projects being undertaken by OWASP to help organization address application security issues and challenges.

In his keynote Dr. Bajaj stressed on the growing concern of data protection and privacy issues faced by organizations around the globe. He appreciated Delhi Chapter’s efforts for initiating such events that provide the much needed platform for discussion on these burning topics. He then walked through some interesting security statistics and the initiatives undertaken by DSCI in dealing with India’s data protection and privacy issues and the laws governing the same.

The conference featured some of the great topics such as ‘Web 2.0 Security- Next Generation Threats On The Rise’ by Shreeraj Shah; tour of OWASP Projects by Jason Li which attracted lot of interest from the audience. The event progressed with some more eye-opening topics accompanied by interesting demos. The last and the most interesting talk was delivered by Nish Bhalla on ‘Building Enterprise Application Security Program’ that attracted lot of questions from the audience.

Second day showcased an overwhelming response to application security training tracks and more than 200+ participants attended six multi-track sessions spread during first and the second half of the day. Candidates gained in-depth knowledge on topics such as Web2.0 Security, Writing Secure Code – Java / J2EE & .NET, Application Security for Managers, Application Security Assessments, Application Security Code Review and Advanced Threat Modeling techniques. The key take-away was the wealth of knowledge and the confidence to effectively manage application security challenges.