[Owasp-leaders] AppSec Monthly Themes

Azeddine Islam Mennouchi azeddine.mennouchi at owasp.org
Sun Mar 25 12:34:18 UTC 2012


cool idea i would be glad to help

On Fri, Mar 23, 2012 at 4:31 AM, Mat Caughron <caughron at gmail.com> wrote:

>
> Or say hello to my four of a kind: SQL injection, header injection, shell
> injection, multi-encoding injection.
>
>
> Mat
>
>
> On Thu, Mar 22, 2012 at 12:45 PM, Eoin <eoin.keary at owasp.org> wrote:
>
>> My ace of xss beats ur queen of CSRF.
>>
>> Eoin Keary
>> BCC Risk Advisory
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 22 Mar 2012, at 19:38, "Dennis Groves, MSc" <dennis.groves at owasp.org>
>> wrote:
>>
>> > On 22 Mar 2012, at 15:40, Colin Watson wrote:
>> >
>> >> :-)
>> >>
>> >> I had been trying to think about an AppSensor (defense vs attacks)
>> >> version of the card game Trumps, and get them printed on decks of
>> >> playing cards - either as the game itself or as the card "backs". Then
>> >> they could be used for promotional give-aways.
>> >>
>> >> But maybe the idea (52 cards) could be used for 13 themes x 4
>> >> messages, or something like that? Perhaps developers and others would
>> >> prefer a pack of playing cards to a book.
>> >>
>> >> I think we'd have to change "joker" to "hacker" though.
>> >>
>> >
>> > I have always wanted to design a deck of cards. This could be so fun in
>> so many, many ways… Let me know if you actually want to execute on this….
>> >
>> > Maybe we can even have them done in time for the 2013 trip to the
>> Casino^H^H^H^H^H^H Summit! :-)
>> >
>> > Dennis
>> >
>> >
>> >> Colin
>> >>
>> >> On 22 March 2012 12:46, Eoin <eoin.keary at owasp.org> wrote:
>> >>> "The owasp ten commandments"
>> >>> project!!
>> >>>
>> >>> Eoin Keary
>> >>> BCC Risk Advisory
>> >>> Owasp Global Board
>> >>> +353 87 977 2988
>> >>>
>> >>>
>> >>> On 22 Mar 2012, at 08:23, "Dennis Groves, MSc" <
>> dennis.groves at owasp.org> wrote:
>> >>>
>> >>>> Michael & Jim, (and the rest of the leaders…)
>> >>>>
>> >>>> Brilliant Idea, A good friend of mine and productivity expert - JD
>> Meier speaks of 30 day improvement sprints. I guess my thought is that it
>> would be best to map out a year of these first and prepare materials in
>> advance of the controlled release. This way sick days and holidays don't
>> interfere with the flow. Another idea would be to alternate builder,
>> breaker and defender months - so that we rotate through each of those
>> topics 4 times during the year.
>> >>>>
>> >>>> In fact, on that note Jim - your very cool "parameterize, don't
>> jeopardise" SQL injection maximum causes me to wonder if we couldn't
>> distill another 11 of those 'tweet' sides ideas and create the 'OWASP laws
>> of application security.'
>> >>>>
>> >>>> Dennis
>> >>>>
>> >>>> On 22 Mar 2012, at 5:18, Jim Manico wrote:
>> >>>>
>> >>>>> Awesome idea.
>> >>>>>
>> >>>>> How about we focus specifically on a SQL Injection awareness
>> campaign
>> >>>>> for the first month? We could be even more specific and bring
>> >>>>> awareness to the coding technique of query parameterization.
>> >>>>>
>> >>>>> "Parameterize, don't jeopardize" ;)
>> >>>>>
>> >>>>> --
>> >>>>> Jim Manico
>> >>>>> (808) 652-3805
>> >>>>>
>> >>>>> On Mar 22, 2012, at 7:08 AM, Michael Coates <
>> michael.coates at owasp.org> wrote:
>> >>>>>
>> >>>>>> Leaders,
>> >>>>>>
>> >>>>>> I've been toying with the idea of a centralized security theme for
>> each month.  The idea is to flood the airwaves (or is it the pipes?) with a
>> large amount of information on a particular application security topic.
>> >>>>>>
>> >>>>>> For example, April could be "Injection Flaws" and anyone
>> interested could blog about this topic.  I'm hoping to see articles from
>> the perspective of builders, breakers and defenders. Also articles that
>> dive into code examples, frameworks, lifecycle considerations, tools and
>> more.  We can have have a push for video examples, podcasts, and project
>> updates (if relevant to the monthly theme) and more.
>> >>>>>>
>> >>>>>> This "coordinated" assault on the issue is then magnified by
>> retweets from the OWASP twitter account and syndication on the OWASP news
>> feed.  At the end of the month we then have an OWASP blog post that
>> captures the definitive list to all articles, posts, tools, etc that were
>> created during that month.  We could also award the top contributions and
>> feature them in the newsletter.
>> >>>>>>
>> >>>>>> Anyone interested in this idea?  I'm thinking we work through a
>> few of the OWASP top 10, then maybe jump around with a month for mobile
>> security, cloud security, lifecylce, risk analysis, etc.
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> April the month of Injection Flaws?
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> -------
>> >>>>>> Michael Coates | OWASP
>> >>>>>> michael.coates at owasp.org | @_mwc
>> >>>>>> OWASP Board
>> >>>>>>
>> >>>>>> _______________________________________________
>> >>>>>> OWASP-Leaders mailing list
>> >>>>>> OWASP-Leaders at lists.owasp.org
>> >>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>>>> _______________________________________________
>> >>>>> OWASP-Leaders mailing list
>> >>>>> OWASP-Leaders at lists.owasp.org
>> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>>>
>> >>>>
>> >>>> --
>> >>>> [Dennis Groves](http://about.me/dennis.groves), MSc
>> >>>> [dennis.groves at gmail.com](mailto:dennis.groves at gmail.com)
>> >>>>
>> >>>> *"What is the use of living, if it be not to strive for noble causes
>> and make this muddled world a better place for those who will live in it
>> after we have gone."* -- Winston Churchill, October 10th, 1908
>> >>>> _______________________________________________
>> >>>> OWASP-Leaders mailing list
>> >>>> OWASP-Leaders at lists.owasp.org
>> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>> _______________________________________________
>> >>> OWASP-Leaders mailing list
>> >>> OWASP-Leaders at lists.owasp.org
>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> >
>> > Dennis
>> >
>> > --
>> > [Dennis Groves](http://www.owasp.org/index.php/User:Dennis_Groves), MSc
>> > [dennis.groves at owasp.org](dennis.groves at owasp.org)
>> >
>> > *This work is licensed under the Creative Commons
>> > Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy
>> of
>> > this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/or
>> > send a letter to Creative Commons, 444 Castro Street, Suite 900,
>> Mountain
>> > View, California, 94041, USA.*
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Islam Azeddine Mennouchi
OWASP ALGERIA Chapter Leader
phone n°: +213796314102
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120325/9a240c7a/attachment.html>


More information about the OWASP-Leaders mailing list