[Owasp-board] contributing OWASP-EAS project

Paulo Coimbra paulo.coimbra at owasp.org
Thu Sep 16 01:38:04 UTC 2010


Hello Alexander,

 

First of all I apologise for my delayed response. Not deferrable personal issues have kept me out of work for a considerable period of time and consequently I haven’t been able to seasonably deal with my OWASP duties. I thank in advance your understanding.

 

Secondly, thank you for volunteering to lead an OWASP Project.  It is with volunteers like yourselves that OWASP continues to succeed in making application security visible. 

 

Thirdly, I’ve edited the http://www.owasp.org/index.php/OWASP_Enterprise_Application_Security_Project wiki page and placed it amongst all the other OWASP Projects http://www.owasp.org/index.php/Category:OWASP_Project#tab=Alpha_Status_Projects 

 

Please check it out and let me know if you find any problems or mistakes. 

 

Feel free to add any additional information to the project’s wiki page or to request assistance regarding its edition.

 

Please note that we are missing both wiki username and email address info regarding Michail Markevich, the contributor you’ve chosen to replace Dmitry Chastuhin. Also, Dmitriy Evdokimov username link http://www.owasp.org/index.php?title=User:EvdokimovDS <http://www.owasp.org/index.php?title=User:EvdokimovDS&action=edit&redlink=1> &action=edit&redlink=1 is still empty.

 

We recommend that every project leader or contributor creates a wiki account and makes it available on his project page. Those elements will help us with building a proper idea of their technical profile and will facilitate the contact within OWASP contributors. Please see below the tutorial’s first paragraph and an example. 

 

http://www.owasp.org/index.php/Tutorial

 

http://www.owasp.org/index.php/User:Mtesauro 

 

Fourthly, the OWASP Global Projects Committee (GPC) will look at the roadmap and provide feedback on your project:  suggesting projects which are closely related, resources and contacts which may assist your efforts and any other suggestions to increase your project's success.

 

Fifthly, when your project reaches a point that you'd like OWASP to assist in its promotion, the GPC will need the following to help spread the word about your project:


 * Project Flyer/Pamphlet (PDF file): http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project-flyerpamphlet-thing/. 

 

 * Conference style presentation describing the project in at least 3 slides - http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide-presentation-thing/

 

Sixthly, as work on your project progresses and you are ready to create a new release, please let the GPC know of the change in status.  

 

The GPC can work with you to get your project assessed and moved up the OWASP quality ladder from Alpha to Beta to Stable.  Not every release requires an assessment - feel free to email the GPC if you are unsure about your project's requirements.  


That is all for now - I wish you and your project great success.  Thank you for supporting OWASP's mission.

Should you have any questions or require any further information, please do not hesitate to contact me. 

 

Many thanks, best regards,

 

PS. Please let me know whether or not you wish an OWASP email address. 

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Поляков Александр [mailto:sh2kerr at gmail.com] 
Sent: quarta-feira, 1 de Setembro de 2010 22:08
To: Paulo Coimbra
Cc: dinis.cruz at owasp.org; jason.li at owasp.org; mtesauro at gmail.com; leonardocavallari at gmail.com; pravir.chandra at gmail.com; bradcausey at gmail.com
Subject: contributing OWASP-EAS project

 

 

Hello Guys

 

Sending you details about project and we are planning to release first version in 15-18 th september to present it in source barcelona conference and we need your acceptance  please review it as fast as possible. 

 

 

 

Details to create your project page:

(0) Project Name,

OWASP Enterprise Application Security Project

 

(1) Project purpose / overview,

 

Enterprise applications security is one of the major topics in overall security area because those applications controls money and resources and every security violation can result a significant money loss. Purpose of this project is to aware people about enterprise application security problems and create a guideline for EA security assessment. Here are our primary goals:

1 Aware people about EA security vulnerabilities by making an annual (later quarterly) statistics of enterprise application security vulnerabilities. 

2 Help companies to begin assessment EA by creating a guideline for security assessing EA 

3 Create a top 10 vulnerabilities  or similar report for EA

4 Publish a free tools for EA assessment

 

(2) Project Roadmap (as mentioned above),

 

1 Creation of a starting page with high level overview

2 Creation of a starting page about security assessment

3 Creation links to other guidelines

4. Publish a annual statistic’s report for 2009

5. Creation OWASP EAS Top 10 vulnerabilities page 

6  Finishing our first tool for security assessment

 

(3) Project links (if any) to external sites,

ERPSCAN.com 

Site of ERPSCAN –  free online services and commercial products for assessing Enterprise business applications and ERP security. (coming soon)

DSECRG.com

Site of Digital Security Research Group – company of researchers that are focused on ERP and SAP security assessment and research with publishing information  advisories and whitepapers  

(4) Project License 

Creative Commons Attribution ShareAlike 3.0 license

(5) Project Leader name, 

Alexander Polyakov

(6) Project Leader email address,

a.polyakov at dsec.ru

(7) Project Leader wiki account - the username (you'll need this to edit the wiki),

Sh2kerr

(8) Project Contributor(s) (if any) - name email and wiki account (if any),

Dmitry Evdokimov  d.evdokimov at dsec.ru  EvdokimovDS

Dmitry Chastuhin     d.chastuhin at dsec.ru  Chipik

 

 

 

 

23 июня 2010 г. 20:51 пользователь Paulo Coimbra <paulo.coimbra at owasp.org> написал:

 

I would say that there is no need to create a new project name/wiki page as the OWASP Enterprise Application Security Project seems to be totally stalled and so it can adopted. Nevertheless, in the unlikely scenario of the former project leader appearance to reclaim the projects leadership, I suggest we re-assess the situation. To be honest, right now, it’s impossible for me to determine precisely what the project’s status is given that I have never contacted with the former project’s leadership and there is no email available in the project’s page.

 

Many thanks, best regards,

 

Paulo Coimbra,

OWASP Project <https://www.owasp.org/index.php/Main_Page>  Manager

 

From: Поляков Александр [mailto:sh2kerr at gmail.com] 
Sent: quarta-feira, 23 de Junho de 2010 17:44
To: Paulo Coimbra
Subject: Re: contributing OWASP project

 

Thanks for the replay.

Just one question.

 

Do i need to create a new Project name or use the existing OWASP_Enterprise_Application_Security_Project

 

23 июня 2010 г. 20:12 пользователь Paulo Coimbra <paulo.coimbra at owasp.org> написал:

Hello,

 

First of all, thank you for volunteering to lead an OWASP Project.  It is with volunteers like yourself that OWASP continues to succeed in making application security visible.

Second, regarding your new leadership of this project, I'd like to request that you send a project roadmap - basically the high level details of where you'd like to take the project.  The OWASP Global Projects Committee (GPC) will look at the roadmap and provide feedback on your project:  suggesting projects which are closely related, resources and contacts which may assist your efforts and any other suggestions to increase your project's success.

 

To get your project started, here are a couple of references for your review:

 - The Guidelines for OWASP Projects provide a quick overview of items key to a projects success - http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects,


 - OWASP's Assessment Criteria is the metric by which projects are evaluated.  There are three categories for projects: Alpha, Beta, and Release.  The Assessment Criteria allows project leaders to know what aspects of projects OWASP values - http://www.owasp.org/index.php/Category:OWASP_Project_Assessment,

 

 - OWASP's GPC blog - http://globalprojectscommittee.wordpress.com/,


Your project will have an OWASP wiki page to inform and promote your project to the OWASP community.  To setup your project's page, please provide the details below so that the GPC can establish your initial project page.  The details provided will be used to complete OWASP's project template.  Feel free to add any additional information to wiki page or request assistance about how to add to your projects wiki page.

Details to create your project page:
(0) Project Name,

(1) Project purpose / overview,
(2) Project Roadmap (as mentioned above),
(3) Project links (if any) to external sites,
(4) Project License (http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Project_Licensing),
(5) Project Leader name, 

(6) Project Leader email address,
(7) Project Leader wiki account - the username (you'll need this to edit the wiki),
(8) Project Contributor(s) (if any) - name email and wiki account (if any),

As your project reaches a point that you'd like OWASP to assist in its promotion, the GPC will need the following to help spread the word about your project:

 * Conference style presentation describing the project in at least 3 slides - http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide-presentation-thing/


 * Project Flyer/Pamphlet (PDF file) - http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project-flyerpamphlet-thing/


As work on your project progresses and you are ready to create a release, please let the GPC know of the change in status.  The GPC can work with you to get your project assessed and moved up the OWASP quality ladder from Alpha to Beta to Stable.  Every release does not require an assessment - feel free to email the GPC if you are unsure about your project's requirements.  For examples of projects at various quality levels, please see the OWASP Project page - http://www.owasp.org/index.php/Category:OWASP_Project

That is all for now - I wish you and your project great success.  Thank you for supporting OWASP's mission.

Should you have any questions or require any further information, please do not hesitate to contact me. 

Many thanks, best regards,

 

Paulo Coimbra,

OWASP Project <https://www.owasp.org/index.php/Main_Page>  Manager

 

From: Поляков Александр [mailto:sh2kerr at gmail.com] 
Sent: terça-feira, 22 de Junho de 2010 17:01
To: paulo.coimbra at owasp.org
Cc: dinis.cruz at owasp.org; jason.li at owasp.org; mtesauro at gmail.com; leonardocavallari at gmail.com; pravir.chandra at gmail.com; bradcausey at gmail.com
Subject: contributing OWASP project

 

 

Good afternoon dear colegues

I'm writing to you to express our wish to join to the OWASP contributors as there is definitely a project we would like to develop, more specifically OWASP_Enterprise_Application_Security_Project. 

 As we can see, for reasons unknown, it was brought to a halt and we if there's an opportunity would like to get engaged in the project as a project leader or make a similar new project and lead it.What should we do to lead this project?

We are very interested in the OWASP activities and can assure you we are well grounded in the topic and have a lot to develop and contribute to that is why below I provided the information about us in brief.

As for me i am an expert in enterprise application security in SAP, Oracle,JDedwards and other products. found many vulnerabilities (dsecrg.com) write pappers and talk in conferences(hitb,troopers,t2 and many russian).

I represent the Digital Security Research Group a part of Digital Security company which is the leading IT security company in Russia, providing information security consulting, ERP and enterprise application security assesment, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 , PCI DSS and PA-DSS standards. 
Our company has its own Research Lab (called DSecRG) that focuses on enterprise application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


For more information about Digital Security please visit: http://www.dsec.ru (in Russian) 

and our Research Lab website: http://www.dsecrg.com.(english)

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100916/1994fa3f/attachment-0002.html>


More information about the Owasp-board mailing list