Raising security awareness in India

Securitybyte & OWASP AppSec Asia Conference 2009, India’s largest security conference, opened its doors today at the magnificent Hotel Crowne Plaza in Gurgaon.

One of Delhi’s four major satellite cities and the industrial and financial center of Haryana state, Gurgaon is one of the most prominent outsourcing and offshoring hubs in the world and houses regional headquarters of many multinational companies. It has also been proclaimed the best city in India to live and work according to a recent survey by Business Today magazine.

Last year the conference was organized singlehandedly by OWASP and was a smaller affair. This year, they wanted to cover more than just Web application security, so they partnered with Securitybyte and brought a more diverse range of security subject and issues. They also plan to make this a yearly event, since the interest for this kind of topics is great.

The conference, gathering many security experts and around 400 visitors, is scheduled to last 4 days. The first two days are dedicated to sessions, while on Thursday and Friday one- and two-day trainings will take place.

The event was supposed to be inaugurated by Dr. A. P. J. Abdul Kalam, former President of India, and Vice Admiral Shekhar Sinha, Chief of Integrated Defence Staff at the Indian Ministry of Defence, but the former unfortunately had to cancel his appearance at the last moment due to scheduling conflicts.

Opening keynotes were also held by Howard Schmidt (former special advisor – Cyberspace Security for the White House), John Bumgarner (Research Director and CTO – U.S. Cyber Consequences Unit) and Hord Tipton (ED – ISC2, ex-CIO US Department of the Interior).

The sessions are organized in three tracks.

The first is dedicated to security researchers and enthusiasts – the topics are mostly very technical and range from new functions in the new version of Xprobe3 by Fyodor Yarochkin of Guard-info, to active man-in-the-middle attacks by Adi Sharabani of IBM.

The second track is aimed at security auditors, developers and Q&A teams architects, and includes topics such as “How To Blackbox Test Almost Anything” by Aviram Jenik of Beyond Security.

The third track is directed at leaders, managers and C&S professionals, and comprised an address by Mano Paul, Software Assurance Advisor at (ISC)2 and a very interesting lecture by Howard Schmidt about the international state of cyber security.

The sessions were interrupted some 4-5 times during the day by a power failure, so generators had to be switched on – which, apparently, is an everyday occurrence in that area.

All the competitions were held in the main hallway: a capture the flag contest organized by Appin Knowledge Solutions and the extremely interesting Packet Wars competition – a digital cyberwar that saw the participants of the conference organizing attacks aimed at specific (local) computer targets.

In between the morning and the afternoon sessions, lunch and socializing was organized on the front lawn of the hotel, which contributed to a relaxed and pleasant atmosphere. There were also some exhibition booths set up on the lawn – belonging to SANS, (ISC)2, and a couple of other sponsors – including the local distributors for Armorize, and the Indian company Bandvalley Technologies (the manufacturers of SniperIT, a user based Client-Server Data security and monitoring system).

The end of the first day of the conference was marked by the India Technology Leadership Summit 2009, an exclusive, invitation-only summit about “Information Security Concerns for Offshoring”.

In spite of the one-hour delay of the opening keynotes and the consequent delays of the various sessions, the participants seemed to think that the organizers have really done a good job at setting up a promising conference that the Indian IT market was in great need of.