[Owasp-board] FW: OWASP Con Tutorials

Sebastien Deleersnyder seba at deleersnyder.eu
Thu Jan 24 10:05:31 UTC 2008


Currently I have:

ModSecurity Training (Ryan Barnett - Breach)
2-day general Web App Sec, AND 1-day Leader/Mgr followed by 1-day Rich
Internet Applications course (Aspect Security: who will do it?).
To be confirmed: Threat Modelling Training (tbd - Microsoft) - I know who it
is (but I'll keep it as suprise)
To be confirmed: Gunnar's 2-day web services security course

With your approval I will send out an invitation to leaders / appsec mailing
lists to propose a 1 or 2 day tutorial.

Normally we have foreseen 6 rooms for tutorials, but if we have more
subscriptions we will find a solution (depends on the venue).

Regards

Seba

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Jeff Williams
Sent: 27 December 2007 16:09
To: 'Dinis Cruz'; 'OWASP Board'
Subject: Re: [Owasp-board] FW: OWASP Con Tutorials

I agree this is a good model to shoot for. But I never want to see an
"ad-libbed" course at OWASP ever again. Michelle informed me that many
of
the attendees were extremely disappointed in the class, and suggested we
refund their money based on their feedback.  Therefore, I'd like to add
that
we must receive the course materials along with the proposal.

--Jeff

-----Original Message-----
From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Wednesday, December 26, 2007 12:30 PM
To: OWASP Board
Subject: Re: [Owasp-board] FW: OWASP Con Tutorials

Something that I really would like to see at the next OWASP
conferences is the 'opening' up of our training.

Basically what we need to have is the BlackHat model were there are a
bunch of courses being offered (see for example
http://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html)
that work in the following format:

 - Company X or individual contacts OWASP that they want to provide 1
or 2 courses at the next conference (& submits proposal)
 - OWASP conference comity analyses the proposal (for quality, past
delivery experiences, relevance to OWASP and conflict with other
courses) and says YES or NO (I would expect most answers to be YES)
- If YES, course is added to registration page and registration for
them is open.
- 1 month (or two weeks) before conference, courses that have less
than 5 students are dropped (unless the OWASP board or Conference
comity decides that they are strategic for OWASP and want to go ahead
with it)
 - course is delivered & students fill evaluation forms
- the courses with positive evaluation are invited for the next OWASP
conference, and the ones with 'not so good feedback' are dropped (note
that here there is some room for maneuver since the Conference comity
could decide to replace a 'not very popular' course with a new one)

Everybody should be able to submit a course proposal and we should
give preference to OWASP contributors. The financial model is the one
described by Dave (2,000 USD per training day + Expenses (with extra
1,000 USD if the course has more than 20 students)

Regarding my (Dinis) course for delivery at the next OWASP conferences
I will want to continue to deliver the course on OWASP since I think
it is a very important course for OWASP (and with a couple more
deliveries I will get it into a good shape). So for .NET I will see if
I can get a couple guys I know to propose one (note: The .NET course I
delivered was 100% add-libed so I could easily do it independently (I
could break these two courses into 1 day each, but that might be too
short for the materials to cover))

Dinis

On 12/22/07, Dave Wichers <dave.wichers at aspectsecurity.com> wrote:
> Have you two started working on this at all to figure out how to roll
it
out?
>
> -Dave
>
> -----Original Message-----
> From: Tom Brennan - OWASP [mailto:tomb at owasp.org]
> Sent: Saturday, December 22, 2007 9:03 AM
> To: Dave Wichers; Sebastien Deleersnyder
> Cc: Alison McNamee
> Subject: Re: OWASP Con Tutorials
>
> Its a great oppertunity for a independant trainer or a commercial firm
that wants to donate the training offering to OWASP turn-key.
>
> Any news on the membership packs/credit to attend events etc?
>
> Tom Brennan
> OWASP Foundation Board Member
> Tel: 973-202-0122 | Url: www.owasp.org
>
>
>
> -----Original Message-----
> From: "Dave Wichers" <dave.wichers at aspectsecurity.com>
>
> Date: Sat, 22 Dec 2007 08:44:57
> To:"Sebastien Deleersnyder" <seba at deleersnyder.eu>,<tomb at owasp.org>
> Cc:"Alison McNamee" <alison.mcnamee at owasp.org>
> Subject: RE: OWASP Con Tutorials
>
>
> Are you asking about the revenue share model for people delivering the
courses? For people delivering classes, its $2K / day plus travel. And
for
every 10 students above 20 they get in their class, it's another
$1K/day.
>
> The pricing for the courses should be similar to last year in Milan.
Could
be the same, or slightly higher. That's up to you.
>
> -Dave
>
>
>
> From: Sebastien Deleersnyder [mailto:seba at deleersnyder.eu]
>  Sent: Friday, December 21, 2007 11:57 PM
>  To: Dave Wichers; tomb at owasp.org
>  Cc: 'Alison McNamee'
>  Subject: RE: OWASP Con Tutorials
>
> Dave,
>
> I'll include your recommendation for Europe
> Aspect: 2-day general Web App Sec, AND 1-day Leader/Mgr followed by
1-day
Rich Internet Applications course.
> And will contact Gunnar & Dinis.
>
> How is the pricing model? Fixed for teachers?
>
> Regards
>
> Seab
>
>
> ----------------
>
> From: Dave Wichers [mailto:dave.wichers at aspectsecurity.com]
>  Sent: maandag 17 december 2007 23:03
>  To: tomb at owasp.org; Sebastien Deleersnyder
>  Cc: Alison McNamee
>  Subject: OWASP Con Tutorials
>
> Guys,
>
> Aspect is interested in being a tutorial provider at both conferences
of
course.
>
> What tutorials were you trying to get at your respective conferences
in
terms of topics?
>
> I think a basic class, and language and topic specific classes are a
good
idea. At the OWASP San Jose event we had these tutorials with the
following
# of attendees:
>
> General two day Web Application Security (Aspect Security): abt 30 -
We've
had 1 or 2 day versions of this at every conference
> Two-Day Java/J2EE Web Application Security (Aspect Security): About 17
attendees
> Two-Day .NET Web Application Security (Aspect Security): 5 Attendees
> Two-Day Web Services Security (Gunnar Peterson): abt 30 - We've had 1
or 2
day versions of this at every conference
> Two-Day OWASP Projects/Tools Class (Dinis Cruz): 5 attendees -
> Two-Day Mod Security Tutorial (Breach Security): 2 attendees
>
> The standard and web services classes are staples that should in every
conference. You can contact Gunnar at: gunnar at arctecgroup.net
>
> I'd recommend some language specific classes as well. Dinis does a
great
.NET class, but he'd need to build it again from scratch. He previously
used
IOActive's content and doesn't have access to that any more.
>
> Aspect has a 1-day class for managers that I would recommend for both
conferences. We've taught this class at least 40 times already. Aspect
also
has a 1-day Rich Internet Applications/AJAX class that we could pair
with it
to take up the 2-days.
>
> I'd also like to get other providers teaching there as well so I'd
suggest
you solicit, find other vendors. Historically its been 1 class from
Aspect,
1 from Gunnar, and 1 from Dinis. I'd like to get more providers and
Aspect
would like to teach 2 different classes if we can. More if you want us
to J.
>
> For Europe, I think we can only commit to 2, but for NY we could do as
many as you'd like us to teach, but I don't think its appropriate to be
the
'Aspect' show, so 2 or at the most 3 from Aspect would probably be best.
>
> In summary: I'd recommend the following:
>
> Europe: 2-day general Web App Sec, AND 1-day Leader/Mgr followed by
1-day
Rich Internet Applications course.
> U.S. The above, plus the 2-day Java course.
>
> For both conferences I'd also recommend Gunnar's 2-day web services
security course. [Gunnar is also willing to help both of you organize a
web
services security track. Please contact him about that.]
>
> I'd also encourage Dinis to build his own 2-day .NET class so he can
offer
that class at both conferences as well. When Dinis offered a .NET class
at
OWASP, he frequently got 15-20 attendees because people know he is
REALLY
good at .NET stuff.
>
> -Dave
>
>
>
>
>
_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board


-- 
No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.19.10/1240 - Release Date: 23/01/2008
17:47




More information about the Owasp-board mailing list