~ - Taking Apache access logs to the next level: Complying to PCI DSS
~   for fun and profit
~   (Christian Folini - Technical Consultant at netnea)
                                                                                
~     The PCI DSS is rather vague, when it comes to logfiles. It does
~     make clear, that writing logfiles and reading them is a
~     requirement though. But it leaves it up to you to define your
~     setup and your processes. Apache brings numerous logging
~     possibilities, but they are rarely used in practice. Based on a
~     sample enterprise setup, I will discuss key items of a
~     revision-proof architecture. System components and methods will be
~     examined and a few interesting techniques presented.

~  - Implementing an Application Security Lifecycle programme
~    (Alessandro Moretti - Executive director for IT security risk
~     management at UBS Investment Bank)

~     Topic:
~     A case study at UBS Investment Bank - how the Application Security
~     Lifecycle Programme aims to implement proactive and reactive IT
~     security management and promote application security across the  
~     global UBS IT community.
                                                         
~     Short description:
~     UBS IT Security Risk Management will provide an overview of the
~     risk strategy, and an insight into the strategic initiative, based
~     partly on OWASP, to enhance the application security with each
~     phase of the software development lifecycle. The presentation will
~     provide details on the vision, the overall programme approach and
~     on selected deliverables as part of the programme. Topics include,
~     security education, risk management, source code testing,
~     penetration testing and web application firewalls. A question and
~     answer session will follow.

~  - WebAppSec the Big Picture                
~    (Sven Vetsch - Security Tester at Dreamlab Technologies)

~     Most of the actual vulnerabilities which security researchers and
~     also bad guys (doesn't) report every day, are related to web
~     applications. Even if this is the case, the security community
~     didn't get the big picture of what security related problems we've
~     got through web applications. In this demonstration, we will show
~     you an overview of the most important web vulnerabilities like SQL
~     Injections, XSS, CSRF, Path Traversal, Session Fixation and much
~     more. The focus in this demonstration is not to show you the              
~     latest research results in webappsec, it's to show you the big            
~     picture of this topic.