[Owasp-board] FW: extracurricular (for me) are your interested?

Dinis Cruz dinis at ddplus.net
Wed Jan 24 17:50:44 UTC 2007


Hi Matteo,

Good stuff,

Aggred this could be very interresting

Dinis

On 1/24/07, Matteo Meucci <matteo.meucci at gmail.com> wrote:
> Hi Dinis,
> Albert has answered me. No extra information:
> He says that he wants to create a kick off meeting and set up a
> working team to begin the project. This is really interesting for
> OWASP
>
> Bye,
> Mat
>
>
> ---------- Forwarded message ----------
> From: Caruana Albert J at OPM <albert.j.caruana at gov.mt>
> Date: Jan 24, 2007 4:23 PM
> Subject: FW: extracurricular (for me) are your interested?
> To: Matteo Meucci <matteo.meucci at gmail.com>
>
>
> Sto rispondendo dall email ufficiale anche se questa è un'attività
> extracurriculare.
>
> Grazie mille per la risposta.
>
> Infatti anche DINIS CRUZ della OWASP si è interessato per la materia.
> altri sono Fraunhofer IESE che stanno pensando di fare
> un'accreditazione per "secure software developers" e Pete Herzon della
> ISECOM (OSSTMM). c'è anche Ernest Cachia dell'università di Malta
> (Software process improvement)
>
> il Progetto ha lo scopo finale di usare testing non puramente per
> trovare difetti, ma per poter paragonare utensili e frameworks,
> approcii ecc. diversi, comunemente usati per construire applicazioni
> (web), per determinare se un metodo è superiore all'altro nella
> produzione di software senza difetti e per trovare le cause principali
> di produzione di difetti nelle applicazioni.
>
> Sto cercando fondi per fare un meeting kick-off.
> Sto anche cercare un capo progetto e un capo tecnico per guidare il progetto.
>  L'idea è di fare un progetto FP7 (o senza fondi UE)
> qui sotto un "outline"
>
> Vedremo cosa si potrà fare.
>
> ciao
> Albert
>
> (caruabertu at gmail.com)
>
>
>
> 2007/1/24, Matteo Meucci <matteo.meucci at gmail.com>:
>
>     Buongiorno,
>     ho visto con piacere che è tornato fuori il tema di una possibile
>     collaborazione.
>     Mi riferisco al thread: "extracurricular (for me) are your interested?"
>     Se posso in qualche modo aiutarla a veicolare qualche informazione in
>     OWASP, sono a sua disposizione.
>
>     Grazie e buona giornata,
>     Matteo Meucci
>
>     --
>     Matteo Meucci
>     OWASP-Italy Chair, CISSP, CISA
>     http://www.owasp.org/index.php/Italy
>     OWASP Testing Guide AoC lead
>     http://www.owasp.org/index.php/Testing_Guide
>
>
>     On 10/17/06, Matteo Meucci <matteo.meucci at gmail.com> wrote:
>     > La ringrazio e perdoni il mio errore.
>     > Sono a sua disposizione per eventuali collaborazioni.
>     >
>     > Grazie e buona giornata,
>     > Matteo
>     >
>     >
> .....................
>     >
> Tel     +356 22 00 11 04
> Cel/SMS +356 99 29 33 81
> Fax     +356 22 00 14 92
>
> The opinions expressed in this message are solely those of the author and do
> not reflect an official position of the Government of Malta.
> This message may contain sensitive information and is intended solely for the
> individual named. If you are not the intended recipient you should not
> disseminate, distribute or copy the contents of this e-mail. If you have
> received this message by mistake, please notify the sender immediately and
> permanently destroy both the message and its contents.
> In the absence of qualified digital signatures and encrypted transmission, the
> security, reliability of delivery and integrity of this e-mail transmission
> cannot be guaranteed, as information could be modified in transit or may
> contain viruses. The sender, therefore, does not in any way accept any
> liability that may arise through this message.
> +++++++++++++++++++++++++++++++
>
> ||With FP7, I am trying to realise an ideal of mine:
> ||
> ||      to get system development moving towards the state of
> |the art of the
> ||manufacturing industry - around 1985 - when people started
> |counting the
> ||cost of rework and of scrap and decided to embrace Product quality
> ||management, Total quality management and Six-sigma in succession to
> ||reduce the sources of error.
> ||
> ||Below a project concept for your information and, while I have some
> ||expression of interest from Fraunhofer IESE already, I would like to
> ||ask whether your team would contribute.
> ||
> ||I am in fact thinking of circulating a form of the attached as
> ||invitation and would like to ask whether we could meet e.g.
> |in ISPRA to
> ||formulate a more solid FP7 project proposal on this basis
> |with some of
> ||the interested or potentially interested parties - OWASP, WASC and
> ||OASIS members, your own contacts - around the EU.
> ||
> ||Any feedback would be welcome.
> ||
> ||Funding even of a kick-off meeting could be a problem so any
> |ideas you
> ||could give me would be more than welcome.
> ||
> ||While the project aims at the exploding area of web services, what is
> ||learnt there can in my opinion then be fed back into other forms of
> ||application development systems down to embedded systems using weird
> ||dialects of common OS, layered and programming language products.
> ||
> ||The conceptual model of the project would be:
> ||
> ||Work product 1: generate common terminology accepted worldwide
> ||
> ||review already available resources for the (relatively few) web
> ||application vulnerabilities with the aim of generating a
> |usable common
> ||reference work analogous to or integrated in the Mitre.org
> |CVE database
> ||for infrastructure vulnerabilities.
> ||(Various attempts OVAL, AVDL etc...)
> ||
> ||Work Product 2 - select targets
> ||-     review lists of available widely used products for
> ||generating web applications for the purpose of creating a
> |shortlist of
> ||most popular tools (to reduce the number of variables in the software
> ||engineering process.
> ||
> ||
> ||Work Product 3: review the major reputable toolkits for
> |generating web
> ||applications for percent first-pass, first-quality product in
> |practice
> ||(e.g. when used by a novice team at university, by a standard
> |software
> ||house, by a high end software house team)
> ||      - choose toolkits as being widely used
> ||      - establish a test harness to evaluate them, building
> |on current
> ||published work comparing various semi-automated webappsec test tools
> ||      - carry out tests on known "benchmarks" - e.g. Hacme
> |websites provided
> ||by foundstone, Webgoat etc...
> ||
> ||Work product 4 - what is the cause of faults in web services?
> ||
> ||      - correlate vulnerability names described in WP1 with
> |sources of error
> ||in commonly used tools
> ||
> ||Work product 5 - how can you avoid errors?
> ||
> ||      - in specification (obtaining user requirements and performance
> ||criteria)
> ||      - in drafting the model
> ||      - in building the first pilot
> ||      - in minimising changes to the first pilot
> ||      - in refining the pilot (scale up/load testing)
> ||      - in user testing and acceptance
> ||
> ||
> ||
>
>
> --
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy
> OWASP Testing Guide AoC lead
> http://www.owasp.org/index.php/Testing_Guide
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org



More information about the Owasp-board mailing list