[Global_education_committee] London Training

fabio.e.cerullo at aib.ie fabio.e.cerullo at aib.ie
Thu May 13 06:12:44 EDT 2010


I could do Webgoat no problem... can I suggest after Colin's session about 
Webscarab as both projects are quite related?

Thanks,

Fabio Cerullo
Divisional Information Security 
Bankcentre D1, 
Ballsbridge,
Dublin 4,
Ireland.

Tel: +353 1 772 6309
Email: fabio.e.cerullo at aib.ie





global_education_committee-request at lists.owasp.org
Sent by: global_education_committee-bounces at lists.owasp.org
13/05/2010 10:41
Please respond to global_education_committee
 
        To:     global_education_committee at lists.owasp.org
        cc: 
        Subject:        Global_education_committee Digest, Vol 19, Issue 
19




Send Global_education_committee mailing list submissions to
                 global_education_committee at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
                 
https://lists.owasp.org/mailman/listinfo/global_education_committee
or, via email, send a message with subject or body 'help' to
                 global_education_committee-request at lists.owasp.org

You can reach the person managing the list at
                 global_education_committee-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Global_education_committee digest..."


Today's Topics:

   1. Re: Voluntary/Trainer deliver the          Software Assurance 
Maturity
      Model module in the forthcoming            OWASP Training Course.
      (Martin Knobloch)
   2. Re: OWASP Testing Guide.. (Martin Knobloch)
   3. Re: Voluntary/Trainer deliver the          Software Assurance 
Maturity
      Model module in the forthcoming            OWASP Training Course. 
(Paulo Coimbra)


----------------------------------------------------------------------

Message: 1
Date: Thu, 13 May 2010 10:23:13 +0200
From: Martin Knobloch <martin.knobloch at owasp.org>
Subject: Re: [Global_education_committee] Voluntary/Trainer deliver
                 the             Software Assurance Maturity Model module 
in the forthcoming               OWASP
                 Training Course.
To: paulo.coimbra at owasp.org
Cc: Colin Watson <colin.watson at owasp.org>, samm at lists.owasp.org,
                 Justin Clarke <justin.clarke at owasp.org>,
                 global_education_committee at lists.owasp.org
Message-ID:
 <AANLkTilSwT8vKBypyvUysT0KZk5PXwmg_rJOcMZrYCFH at mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"

Hi Paulo,

Of course, Pravir is the most wanted man on this. If he can't make it, I
could!
Also, I see there is still no trainer for the WebGoat v5, I could do as
well!

Cheers,
Martin

On Thu, May 13, 2010 at 3:19 AM, Paulo Coimbra 
<paulo.coimbra at owasp.org>wrote:

>  Hope you all are well.
>
>
>
> We are looking for a trainer to deliver the Software Assurance Maturity
> Model<
http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model
>module in the forthcoming OWASP Training Course to be held in London, 
May,
> 28th.
>
>
>
>
> 
http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_you_can_use_TODAY

>
>
>
> As you may know, this event is our first attempt to institutionalize an
> OWASP training model.  In conceptual terms, we are proposing a Chapters
> driven model with local Chapter organization in which the courses are 
free
> for OWASP members, the contents are OWASP projects focused and the costs 
are
> supported by a mix of funding i.e. local chapter budget, external
> sponsorship, trainers sponsorship i.e. trip and/or accommodation paid by
> themselves and local chapter members? sponsorship i.e. taking trainers 
in as
> guests.
>
>
>
> That being said, if you feel comfortable enough to teach SAMM and have 
the
> will and the spare cycles to give us a hand, please drop me a line.
>
>
>
> Additionally, in terms of financial framework, for budget reasons we 
will
> give preference to a voluntary/candidate currently living in the United
> Kingdom and, in accordance with what is above being said, the OWASP 
London
> Chapter will assume the flight cost and will either find an OWASP Member 
to
> host the chosen voluntary or will pay his accommodation.
>
>
>
> For now that?s all. I thank you for reading this long text. Please do 
not
> hesitate and get back to me if you feel I can clarify anything less 
clear in
> our current invitation.
>
>
>
> I thank you in advance, best regards,
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <https://www.owasp.org/index.php/Main_Page>
>
>
>
> _______________________________________________
> Global_education_committee mailing list
> Global_education_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_education_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
https://lists.owasp.org/pipermail/global_education_committee/attachments/20100513/2b45ebb7/attachment-0001.html 


------------------------------

Message: 2
Date: Thu, 13 May 2010 10:32:16 +0200
From: Martin Knobloch <martin.knobloch at owasp.org>
Subject: Re: [Global_education_committee] OWASP Testing Guide..
To: Nishi Kumar <nishi787 at hotmail.com>
Cc: global_education_committee at lists.owasp.org
Message-ID:
 <AANLkTinrOuU2zOMT1phAOV9WcqikaCcRu6Z-s0WS3QAE at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi Nishe,

There has been a metrics project, if I recall correctly. But I am not sure
how alive that is.

As SDL, there is CLASP, covering all roles and responsibilities inside a
SDL.
The guides, as shown on the attachment, are documentations for a certain
step during a development process. The guides being consistent over the
whole process, as common reverence, the ASDR (application security desk
reference).

The ASVS can be used as "what level use as target" and verification "what
level is reached". There is also Threat Modeling information on the OWASP
Wiki: http://www.owasp.org/index.php/Category:Threat_Modeling
<http://www.owasp.org/index.php/Category:Threat_Modeling>What is following
closely the Microsoft approach.

Hope this answers your question, else, don't hesitate to ask!

Cheers,
~Martin

On Wed, May 12, 2010 at 10:56 PM, Nishi Kumar <nishi787 at hotmail.com> 
wrote:

>  Hi All,
>
> I am in the process of creating the presentations for OWASP Testing 
Guide
> and had few questions. I am including here a screen shot of OWASP SDLC 
which
> I found in one of the Testing Guide presentation.
> 1. What is the right documentation project for policy and Standards and
> Develop Metrics?
> 2. Is ASVS is the right document for Security Requirements and Threat
> Modeling?
>
> Thanks
> Nishi Kumar
> OWASP Global Education Committee
>
> ------------------------------
> From: nishi787 at hotmail.com
> To: paulo.coimbra at owasp.org; matteo.meucci at owasp.org
> Date: Mon, 26 Apr 2010 16:10:25 -0500
> CC: global_education_committee at lists.owasp.org
> Subject: [Global_education_committee] OWASP Testing Guide..
>
>
> Hi All,
>
> I have to do two training session for for our QA team based on OWASP
> Testing guide. One a high level overview which brings general awareness 
of
> testing for Security and another one a detail session for the QA group 
who
> will actually be doing the application and infrastructure testing. Is 
there
> any existing power point presentation we have on OWASP Testing guide 
that I
> can leverage to prepare this presentation. I will appreciate if somebody 
can
> point me to any relevant material in this topic.
>
> Thanks
> Nishi Kumar
> OWASP Education Committee
>
> ------------------------------
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars 
with
> Hotmail. Get busy.<
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
>
> ------------------------------
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars 
with
> Hotmail. Get busy.<
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
>
>
> _______________________________________________
> Global_education_committee mailing list
> Global_education_committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global_education_committee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
https://lists.owasp.org/pipermail/global_education_committee/attachments/20100513/65aa2e89/attachment-0001.html 


------------------------------

Message: 3
Date: Thu, 13 May 2010 10:44:20 +0100
From: "Paulo Coimbra" <paulo.coimbra at owasp.org>
Subject: Re: [Global_education_committee] Voluntary/Trainer deliver
                 the             Software Assurance Maturity Model module 
in the forthcoming               OWASP
                 Training Course.
To: "'Paulo Coimbra'" <paulo.coimbra at owasp.org>,
                 <owasp-webgoat at lists.owasp.org>
Cc: 'Colin Watson' <colin.watson at owasp.org>,
                 global_education_committee at lists.owasp.org, 'Justin 
Clarke'
                 <justin.clarke at owasp.org>
Message-ID: <4bebca8b.2126e30a.4a13.4fb0 at mx.google.com>
Content-Type: text/plain; charset="us-ascii"

Hi all,

 

As you may have already realised, in my email below I mistakenly referred
Software
<http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model
>
Assurance Maturity Model where I wanted to say OWASP
<http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project>  WebGoat
Project. Please accept my apologies. 

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: quinta-feira, 13 de Maio de 2010 02:22
To: 'owasp-webgoat at lists.owasp.org'
Cc: 'global_education_committee at lists.owasp.org'; 'dinis cruz'; 'Justin
Clarke'; 'Colin Watson'
Subject: Voluntary/Trainer deliver the Software Assurance Maturity Model
module in the forthcoming OWASP Training Course.

 

Hope you all are well. 

 

We are looking for a trainer to deliver the Software
<http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model
>
Assurance Maturity Model module in the forthcoming OWASP Training Course 
to
be held in London, May, 28th. 

 

http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_

you_can_use_TODAY

 

As you may know, this event is our first attempt to institutionalize an
OWASP training model.  In conceptual terms, we are proposing a Chapters
driven model with local Chapter organization in which the courses are free
for OWASP members, the contents are OWASP projects focused and the costs 
are
supported by a mix of funding i.e. local chapter budget, external
sponsorship, trainers sponsorship i.e. trip and/or accommodation paid by
themselves and local chapter members' sponsorship i.e. taking trainers in 
as
guests. 

 

That being said, if you feel comfortable enough to teach SAMM and have the
will and the spare cycles to give us a hand, please drop me a line.

 

Additionally, in terms of financial framework, for budget reasons we will
give preference to a voluntary/candidate currently living in the United
Kingdom and, in accordance with what is above being said, the OWASP London
Chapter will assume the flight cost and will either find an OWASP Member 
to
host the chosen voluntary or will pay his accommodation.

 

For now that's all. I thank you for reading this long text. Please do not
hesitate and get back to me if you feel I can clarify anything less clear 
in
our current invitation.

 

I thank you in advance, best regards,

 

Paulo Coimbra,

OWASP Project Manager <https://www.owasp.org/index.php/Main_Page> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
https://lists.owasp.org/pipermail/global_education_committee/attachments/20100513/754d04f6/attachment.html 


------------------------------

_______________________________________________
Global_education_committee mailing list
Global_education_committee at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/global_education_committee


End of Global_education_committee Digest, Vol 19, Issue 19
**********************************************************


******************************************************
This document is strictly confidential and is intended for use by the addressee unless otherwise indicated.

This email has been scanned by an external email security system.

Allied Irish Banks

AIB and AIB Group are registered business names of Allied Irish Banks p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311; Registered in Ireland: Registered No. 24173

Please consider the environment before printing this e-mail. 
******************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_education_committee/attachments/20100513/f7f27171/attachment-0001.html 


More information about the Global_education_committee mailing list