[Owasp-london] Owasp-london Digest, Vol 8, Issue 2
sgsanchez at gmail.com
Mon Sep 10 12:18:14 EDT 2007
Thanks Ivan, I enjoyed the meeting and will try to get more people from work
to go next time.
On 10/09/2007, owasp-london-request at lists.owasp.org <
owasp-london-request at lists.owasp.org> wrote:
> Send Owasp-london mailing list submissions to
> owasp-london at lists.owasp.org
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> owasp-london-request at lists.owasp.org
> You can reach the person managing the list at
> owasp-london-owner at lists.owasp.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-london digest..."
> Today's Topics:
> 1. September 5 Meeting Notes (Ivan Ristic)
> Message: 1
> Date: Sun, 09 Sep 2007 22:27:02 +0100
> From: Ivan Ristic <ivanr at webkreator.com>
> Subject: [Owasp-london] September 5 Meeting Notes
> To: owasp-london at lists.owasp.org
> Message-ID: <46E46526.1040503 at webkreator.com>
> Content-Type: text/plain; charset=ISO-8859-1
> The meeting on September 5th was held in the Auriol Kensington Rowing
> Club (http://www.akrowing.com/page.php?page=findus). Breach Security
> (http://www.breach.com) covered the cost of the venue.
> There were 13 people at the meeting. A few others wanted to come but
> were prevented either by work or the tube strike.
> The meeting kicked off with a video message from Jeff Williams. Well,
> not really a video message because we didn't get to actually see
> Jeff. We only got to hear his voice over some slides describing OWASP.
> PDP spoke next. His talk was very interesting (you can find the
> whitepaper here:
> http://www.gnucitizen.org/blog/for-my-next-trick-hacking-web20); it
> lasted longer than anticipated. This wasn't a problem for PDP or
> the audience, but it did affect the activities scheduled for after
> - some people had to leave.
> After a short break, the mandatory discussion on privacy issues
> followed. The overall impression is that the topic of privacy is
> much larger than web application security. Even if we fixed all
> issues we could (in this area) the issues of privacy would remain
> largely unaffected.
> An idea was floated to force all sites to declare what they are
> going to do with personal information. And to have them inspected
> (certified) by a third party on regular basis. For example:
> - Provide a list containing each piece of information kept.
> - For each such piece declare how long it will be kept.
> A third party could certify the site was developed in accordance
> with best security development practices. (Note that it would
> not certify that the site does not contain any problems.)
> Ultimately, however, the problem is that the majority of people
> simply do not care for the privacy and security issues. Until
> that changes it is not likely for things to improve.
> The plan, initially, was to also discuss the future of the OWASP
> chapter but because it was already 22:30 most people wanted to
> leave. However, the topic was brought up several times during the
> meeting, in the breaks between the activities. The good news is there
> is both will and interest. I will summarise in a separate email and
> move discussion to the mailing list.
> Some suggestions I got from people:
> - Meet more often.
> - Have shorter meetings (7pm - 9pm was suggested).
> Owasp-london mailing list
> Owasp-london at lists.owasp.org
> End of Owasp-london Digest, Vol 8, Issue 2
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-london