FIST-Conference 2004, February Edition - Frankfurt, Germany

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

hey All,

Everybody from this list is invited to our FIST Conference Frankfurt
2004 February Edition this coming Wednesday!

FIST Conferences are free and open events where to present and talk
about different aspects of penetration testing and information
security. Presentations of recent conferences in Madrid, Bombay,
Delhi, Bangalore, Pune are available here.... /

*** We are still looking for guest speakers!   ****

Feel free to forward this invitation to anyone (or to any mailing
list) who / whose members you think would likely be interested in
attending the conference. Some FAQs about FIST are given in the end of
this e-mail. Please confirm your attendance to myself in advance, it
will help to organise the event better.

Details of the upcoming conference are as follows:

FIST-Conference 2004, February Edition - Frankfurt, Germany
Registration: Drop me an email.
Sponsor: Johann Wolfgang Goethe-Universität

* 18:00 Introduction - by Frank Sadowski <frankae at web dot de>
Cordinator OISSG Frankfurt and Balwant Rathore from OISSG
* 18:10 Information System Security Testing Framework (ISSTF) draft -
by Balwant Rathore, CISSP from OISSG
* 19:00 ISSTF Source Code Auditing Approach - by Gyan Chawdhary
<gunnu45 at hotmail dot com> from OISSG
Break 19:50 - 20:00
* 20:00 ISSTF Web Application Security Testing Approach by Frank
* 20:50 <yet to be decided>
* 22:00 Improvised food, drink @ Carnival ;-)

Date and Time
Wednesday 25.2.2004 @ 18-21:30h.

Johann Wolfgang Goethe-Universität /,
Campus Bockenheim
General instructions for getting there (in German):

Specifically, go to building „3 Hörsaalgebäude" as you can see at:
Inside the building, find "Hörsaal B" (=auditorium B) Use any language
translation tool:

Point of Contact: Frank Sadowski Cell: +49 (0)160 99 55 13 66

First Improvised Security Testing Conference (FIST) FAQ


- How we came up with the name of FIST?
In March 2003, Balwant started a study group on Penetration Testing in
Mumbai, India. A message was posted on securityfocus PenTest list
regarding this and thus a yahoo group we created for this group and
initially meeting were held in Mumbai. In July 2003 the PenTest study
group's Madrid, Spain meeting was announced. Balwnat met group member
Alejandro Barrera in Madrid to find out a venue. Alejandro and Balwant
did some and during this a message was posted to Argo hacking list.
After this two more security specialists Vicente Aceituno and Rafael
Ausejo met Alejandro and Balwant together. And finally they come to
the name FIST. The FIST Conference stands for "First Improvised
Security Testing" Conference, as we felt little fast-paced
self-organizing way of finding the speakers, the venue and audience.

As a plus, it doesn't feel so bad when there is a small mishap in an
improvised event! Following conferences are known as "FIST Conference
Month/Place Edition". The "First" stands for the first of this kind,
that's why there are no "Second" of "Third" Improvised Security

- Who is the audience?
Anyone willing to learn about Information Security.

- How much does it cost to attend?
Nothing, it's a free event.

- Can I get a certificate for assistance?
That depends on the committee and the sponsor.

- Is there any prize or contest?
We are thinking on giving an award for the best presentation of every
year, but nothing is set-up as yet.

- Can I take photos or film?
As long as it doesn't interfere with the presentation.

- Do you Webcast the conference?
That depends on the sponsor.

-    How can I help?
· Promote the event.
· Help the committee.
· Become a speaker.
· Become a member of your city's committee.
· Become a sponsor.

Committee Members

- I want to organize a FIST conference in my city, what do i have to
Create your own committee.

- What are a FIST Committee duties?
Normally is a good idea to split responsibilities between committee
· Find suitable venue.
· Find volunteer speakers. Help them to tune the presentations quality
and length to make the conference a pleasant experience for everyone.
Make a presentation template available when possible.
· Promote the event.
· Be prepared to be main or backup speakers.
· Update information on the event's to be maintained by the group
website Webmaster saman007uk at oddpost dot com.
· Coordinate with the international committee.

- What is supposed to be a Backup Speaker?
Being  a backup speaker means that you should be prepared to
substitute a main speaker for any reason. In case someone drops or you
don't get enough speakers, you should present your own speech.

- How  can I find speakers ?
Contact experts that you know or you meet in this or other events.
Frequently the speakers for the next edition contact the committee
during the very FIST conference.

- I have to choose a date for my FIST... is there any  restriction?
The date for the conference depends on the sponsor/speaker
availability and audience convenience. But we are trying to held it
every two months, the last Friday or Saturday of the month.

- Is it necessary to have a sponsor?
No if you can get all the resources (room, beamer, water, sound
system) by yourself. Anyway, sponsors can help in many ways like
providing a suitable place for the conference, material resources and
promotion of the event.
- Is there any Conference Banner Template?
Write a mail to balwant at mahindrabt dot com and get it, soon it
would be available at group WebSite

- I don't know how to promote the event, what can I do?
You can try posting the conference banner to newspapers, magazines
related to technology, blogs, Security Portals, Universities and
mailing lists. You can prepare a poster too.

- What are the important conference details to give?
· Place.
· How to get there.
· Registration requirements.
· Date and time.
· Program.
· Duration.
· Web link for more info.

- How does the event develop?
Normally the sponsor presents the FIST committee, The FIST
representative presents the speakers, then the speakers speak (there
might be a short break), and finally the sponsor and the FIST
committee close the event. Don't forget to thank the sponsor and the

- Is registration needed?
This is a sponsor's decision. It's often enough to show up, but a
simple registration is used sometimes.

- I want to be a speaker, what should I do?
Contact a FIST committee. To be a speaker means to have something
interesting to say in the field of penetration testing or information
security in
general. Some guidelines:
· The speaker should be the author of the presentations, but to speak
on someone else work is ok, as long as you ask permission and give
credit where credit is due.
· Presentations should be licensed GPL-FDL or Open Content License.
The presentations will be made available through group
WebSite after the conference is held.
· Be at the conference room early. Bring your presentation with you in
at least two different removable media (floppy and CD for example).
Don't bring your own laptop as using differents computers with a
beamer is proven to the troublesome.
· Slides take two to two minutes and a half. Take this into account
when preparing the presentation and fitting it into your time frame.
· Be as technical as you like. This a free and open event, but that
doesn't mean that presentations need to be understood for people
without knowledge of the subject matter.

- I'm going to prepare a speech. Which language should I use?, Is
there any language restriction for my presentation?
You can give the speech in the language of your choice, but your
slides must be in English for the widest possible dissemination after
the event.
- Where can I get the Presentation Template?
You can download the presentation template from OISSG page. /


- I want to be a sponsor, what can I do?
To be a sponsor means to provide some or all of:
· A conference room.
· Beamer.
· Laptop.
· Internet connection.
· Webcast of the conference.
· Conference promotion.
· Attendance registry.
· Some water for the speakers.

Thanking you.

Balwant Rathore, CISSP
Moderator, PenTest Group /
Phone: +49 (0) 160 99 55 13 66

Site Timeline