[Owasp-board] [Owasp-leaders] OWASP Milan Agenda (needs review and help filling in)

Dinis Cruz dinis at ddplus.net
Tue Mar 27 00:34:22 UTC 2007

On 3/26/07, Dave Wichers <dave.wichers at owasp.org> wrote:
>  b) Dinis, after we figure out what OWASP projects are presenting, can you
> present a quick tour of the rest in your talk near the end of the 2nd day?

Sure, I will do a presentation of all OWASP projects (and go into a bit more
detail on the projects that are not represented by individual presentations)

c) Also, we really should do a short presentation on the new top 10. Should
> we do that as the kickoff to Dinis' talk right after Microsoft on the 1stday?
> i.e., something like, here's the new OWASP Top 10 and how we created it,
> and here's the stuff OWASP is doing to help people avoid these kinds of
> problems. I think we need to particularly emphasize the importance of CSRF
> and maybe even challenge some of the attendees to come up with generic
> solutions to this problem (I.e., Microsoft is in the audience. It would be
> nice if .NET defended against this automatically since I think they are so
> close already).

I agree with the comment made by Matt where we should really talk UP the new
OWASP top 10.

I also think that I should give a keynote similar to the one I did in
Seattle (maybe a bit shorter) on OWASP, how it works,etc...

In fact if the 4 of us are going to be there, we all should do it.

And this 'OWASP' presentation should be the first one of the day

And we need to anounce here the 10 Open Source projects that will receive
the 1,000 USD grants

d) I also need someone to take ownership of the 1st panel on day 1. Gunnar
> is taking the second. Anyone you can think of that we can ask to moderate?

Can't we get some guys from those companies that pay for vulnerabilities?

I'm also totally OK with rearranging anything I have here to make the talks
> shorter or longer based on what we prefer or putting like talks together.
> I.e., I don't really have any theme for the tracks yet.

Your are going a grand job. All I would say is that we should aim at having
smaller talks since in Seattle I heard several comments that some talks were
very long (for the content presented).

On that note can you give me a 25m slot on day one Track 2 (for example)  to
do a presentation on: "Using smart fuzzing to discover hard-to-find but
exploitable vulnerabilities"


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070327/7ac4fa67/attachment-0002.html>

More information about the Owasp-board mailing list