[Owasp-board] FW: [GPC] Fwd: New OWASP Project Proposal - Recruitment

Paulo Coimbra paulo.coimbra at owasp.org
Thu Sep 2 10:27:24 UTC 2010


Please see below, fyi. Thanks,

Paulo Coimbra,
OWASP Project Manager

-----Original Message-----
From: global-projects-committee-bounces at lists.owasp.org
[mailto:global-projects-committee-bounces at lists.owasp.org] On Behalf Of
Christian Heinrich
Sent: quinta-feira, 2 de Setembro de 2010 06:27
To: Global Projects Committee
Subject: [GPC] Fwd: New OWASP Project Proposal - Recruitment


Would I be able to propose this as a new OWASP documentation project?

I have extensive experience as an end user which includes the security
management of the employment services offered by the Australian

---------- Forwarded message ----------
From: Christian Heinrich <christian.heinrich at owasp.org>
Date: Fri, Mar 19, 2010 at 8:09 AM
Subject: Re: [Owasp-leaders] Questions to ask devs in hiring interviews
To: owasp-leaders at lists.owasp.org


I would base the interview questions around the Top Ten focusing on
how to validate input.

To take a step back, I would have them confirm that the applicant
knows of the existence of OWASP, WASC, etc.  In the past I have been
rejected for a webappsec role in Australia because the person who
reviewed my application didn't know about these organisations and
hence I had to contact the hiring manager to have this decision

I am more then willing to lead an OWASP project that could put
together a factsheet for recruiters/HR/etc who are not familiar with

On Fri, Mar 19, 2010 at 7:10 AM, Matt Tesauro <mtesauro at gmail.com> wrote:
> Just got this request from one of our PMs and I wanted to throw it out
> to the collective wisdom of OWASP:
>> Could you provide me with two questions w/answers I could use as
>> interview questions?  The position is an new FTE, Programmer VI to be
>> a tech lead for the [app name here] team.  I know you all want the
>> developers to improve their knowledge and skills to write more secure
>> applications.. so I thought you might give me some ideas on
>> qualifications and work experience.
> My problem is limiting it to two questions/answers.  I can come up with
> tons of good questions but just two is hard.  Add to that the fact that
> I likely won't be in these interviews to evaluate the answers and it
> gets very interesting.  I've got some ideas but I'm curious what the
> community will say.
> Two questions about app sec with answers that non-security people will
> be evaluating.
> BTW, the [app name here] is written in .NET if that changes anything.
> Cheers!
> --
> -- Matt Tesauro
> OWASP Live CD Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site

Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Global-projects-committee mailing list
Global-projects-committee at lists.owasp.org

More information about the Owasp-board mailing list