[Owasp-board] [Owasp-leaders] OWASP Milan Agenda (needs review and help fillingin)

Dinis Cruz dinis at ddplus.net
Tue Mar 27 00:12:14 UTC 2007


no problem at all

On 3/26/07, Dave Wichers <dave.wichers at owasp.org> wrote:
>
>  I screwed this up and sent it to the leaders list/ not the board, but I
> don't think it caused any harm.
>
>
>
> -Dave
>
>
>  ------------------------------
>
> *From:* Matt Fisher [mailto:mfisher at spidynamics.com]
> *Sent:* Sunday, March 25, 2007 9:29 PM
> *To:* Dave Wichers; owasp-leaders at lists.owasp.org
> *Subject:* RE: [Owasp-leaders] OWASP Milan Agenda (needs review and help
> fillingin)
>
>
>
> Re: the two proposed additional talks: I would vote "yes" on Gunnar's
> talk.  His various blog entries are informed, insightful, and articulate.
> Honestly, I'm not sure the world needs another " I'll malcode your whole
> subnet" talk, however.
>
>
>
> Re: WebGoat/Scarab: you could almost do a half-hour each to intro the
> completely product, unless you strictly wanted to discuss the diff between
> versions.
>
>
>
> Top Ten is a venerable project and long overdue for an overhaul.  I would
> "unveil" it directly after the opening talk and treat it with a little
> fanfare. If you can't do that, then after Alex Lucas' talk would be a good
> time since everyone will still be in 'single-track' mode.
>
>
>
>
>
>
>
>
>
>
>   ------------------------------
>
> *From:* owasp-leaders-bounces at lists.owasp.org on behalf of Dave Wichers
> *Sent:* Sun 3/25/2007 9:02 PM
> *To:* owasp-leaders at lists.owasp.org
> *Subject:* [Owasp-leaders] OWASP Milan Agenda (needs review and help
> fillingin)
>
> Dinis (and Jeff/Andrew):
>
>
>
> I have now put online what I have figured out so far:
>
>
>
>
> http://www.owasp.org/index.php/6th_OWASP_AppSec_Conference_-_Italy_2007/Agenda
>
>
>
> please review and provide any suggested updates.  Particularly Dinis.
>
>
>
> Here are four other proposed talks that haven't made it onto the agenda
> yet:
>
>
>
> Pravir Chandra: CLASP Talk
>
> SWAAT – Presentation (Speaker?)
>
> Gunnar Peterson - project update on the XML Security Gateway evaluation
> criteria project? Could be short like 20 min, or longer
>
> Andre Ludwig - leveraging web application vulnerabilities to compromise
> internal networks – This probably overlaps somewhat with PDP's talk so may
> not make it.
>
>
>
> I'm OK with these but I'd like to see how much room we have after all the
> missing OWASP projects (from Dinis) get filled in.
>
>
>
> a) What other OWASP Projects should we invite to participate?
>
>
>
> I can make more or less room in a number of ways by the way:
>
>
>
> 1)    I have proposed that I do an hour+ on the new webgoat / webscarab.
> We could compress this into a half hour somewhere.
>
> 2)    I have put the pdp and Simon's 2nd talk together into a single LONG
> session. I would prefer to put two 40 minute talks into these long blocks
> rather than have one LONG talk in these sessions.
>
> 3)    Metteo's Testing guide presentation could be one of the 4 refereed
> paper slots which would free up a whole new slot.
>
>
>
> b) Dinis, after we figure out what OWASP projects are presenting, can you
> present a quick tour of the rest in your talk near the end of the 2nd day?
>
>
>
> c) Also, we really should do a short presentation on the new top 10.
> Should we do that as the kickoff to Dinis' talk right after Microsoft on the
> 1st day? i.e., something like, here's the new OWASP Top 10 and how we
> created it, and here's the stuff OWASP is doing to help people avoid these
> kinds of problems. I think we need to particularly emphasize the importance
> of CSRF and maybe even challenge some of the attendees to come up with
> generic solutions to this problem (I.e., Microsoft is in the audience. It
> would be nice if .NET defended against this automatically since I think they
> are so close already).
>
>
>
> d) I also need someone to take ownership of the 1st panel on day 1. Gunnar
> is taking the second. Anyone you can think of that we can ask to moderate?
>
>
>
> I'm also totally OK with rearranging anything I have here to make the
> talks shorter or longer based on what we prefer or putting like talks
> together.  I.e., I don't really have any theme for the tracks yet.
>
>
>
> Thanks!!
>
>
>
> -Dave
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070327/99ee41ae/attachment-0002.html>


More information about the Owasp-board mailing list