[Owasp-board] We need to begin to direct appropriately

dinis cruz dinis.cruz at owasp.org
Thu Jan 20 21:27:23 UTC 2011


Should we add a deliverables column?

Dinis Cruz

On 20 Jan 2011, at 20:29, Jeff Williams <jeff.williams at owasp.org> wrote:

All,

Here is some input on each of the working group objectives.  Hopefully this
is in a format you can use.  My comments are prefaced by the word
“DELIVERABLE”

I’ve tried hard to imagine a deliverable from each session that we can share
with the world and build ecosystems around.   Hopefully this will help the
working groups focus and really accomplish something great.

P.S. Any working group that has the objective of “discuss something” or
“work on something” needs to get focused right away.



*<image002.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_Metrics_Track>
*
Category: Summit 2011 Metrics
Track<http://www.owasp.org/index.php/Category:Summit_2011_Metrics_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session055&action=edit>

*Risk Metrics<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055>
*

Chris Wysopal <cwysopal at Veracode.com>
Chris Eng <ceng at Veracode.com>

Colin Watson <colin.watson at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session056>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session056&action=edit>

*Tools Interoperability (Data
Instrumentation)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session056>
*

DELIVERABLE: A standard schema for describing application security risks of
all types, with a place for all relevant information – whether derived
statically, dynamically, manually, or architecturally.

Dinis Cruz <dinis.cruz at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session057&action=edit>

*Metrics and Labelling<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057>
*

DELIVERABLE: White paper sketching out a standard for a software security
label and a plan to finalize the standard.

Chris Wysopal <cwysopal at Veracode.com>
Chris Eng <ceng at Veracode.com>

Colin Watson <colin.watson at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session058&action=edit>

*Counting and scoring application security
defects<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058>
*

DELIVERABLE: White paper sketching out a standard for rating risks that
accomodates individual minor defects all the way through architectural flaws
(that may represent many individual defects)

Chris Wysopal <cwysopal at Veracode.com>
Chris Eng <ceng at Veracode.com>

Jason Taylor <jtaylor at securityinnovation.com>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session059&action=edit>

*Measuring SDLC process
performance<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059>
*

Chris Wysopal <cwysopal at Veracode.com>
Chris Eng <ceng at Veracode.com>

Justin Clarke <justin at gdssecurity.com>

Nishi Kumar <nishi.kumar at owasp.org>

Colin Watson

Jason Taylor <jtaylor at securityinnovation.com>

Matthew Chalmers <matthew.chalmers at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session085>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session085&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session086&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session037>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037&action=edit>



*<image004.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track>
*
Category: Summit 2011 Browser Security
Track<http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session001&action=edit>

*Browser Security Working
Group<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001>
*

   1. Work on and discuss how to enhance enduser security in web
   applications,
   2. Work on and discuss browser-based countermeasures against XSS, CSRF,
   man-in-the-middle, man-in-the-browser and full remote access exploits

DELIVERABLE: White paper describing specific recommendations for browser
vendors.

John Wilander <john.wilander at owasp.org>

Email John Wilander if you are unable to edit the Wiki and would like to
sign up! <john.wilander at owasp.org>

Michael Coates

Colin Watson

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session002&action=edit>

*Sandboxing<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002>
*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session003&action=edit>

*Securing Plugins<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003>
*

DELIVERABLE: A whitepaper with concrete recommendations for:

-         Developers to build secure plugins

-         Users to select, install, and use plugins securely

-         Browser makers to defend against malicious plugins

-         Recommendations for shared security controls that plugins can
share

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session004&action=edit>

*Enduser Warnings<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004>
*

DELIVERABLE: Recommendations to browser makers about making effective
warnings.



DELIVERABLE: Awareness materials to help raise awareness about the meaning
and consequences of the different enduser warnings

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session005&action=edit>

*Blacklisting<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005>
*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session006&action=edit>

*OS Integration<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006>
*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session007>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session007&action=edit>

*JavaScript<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session007>
*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session008>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session008&action=edit>

*New HTTP Headers<http://www.owasp.org/index.php/Working_Sessions_Browser_Working_Group_New_HTTP_Headers>
*

DELIVERABLE White paper describing (for each new header): what the problem
is, why a new header will help, and recommendations for implementation of
the new header on both browser and server-side.

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session046>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session046&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session087>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session087&action=edit>



*<image006.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_XSS_Eradication_Track>
*
Category: Summit 2011 XSS Eradication
Track<http://www.owasp.org/index.php/Category:Summit_2011_XSS_Eradication_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session009&action=edit>

*XSS and the Frameworks<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009>
*

   1. Work on how OWASP can engage with the major web frameworks to move
   towards a "secure by default" stance
   2. Work on OWASP resources to provide patches/design approaches in
   conjunction with the frameworks

DELIVERABLE: White paper or standard for what we want the web frameworks to
provide.

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session010>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session010&action=edit>

*XSS - Awareness, Resources, and
Partnerships<http://www.owasp.org/index.php/Working_Sessions_XSS_AwarnessResourcesPartnerships>
*

   1. Work on what partners we can reach, and what resources they can
   provide us access to
   2. Work on who we can work with to reach a maximum amount of developers
   writing web applications
   3. Plan engagement with identified organizations
   4. Plan a call to action for OWASP chapters for identified XSS resources

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session043>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session043&action=edit>

*WAF Mitigations for
XSS<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session043>
*

   1. Improve XSS Attack Payload Detection Techniques
   2. Identifying Improper Output Handling Flaws in Web Apps
   3. Feasibility of Profile Page Scripts/Iframes
   4. Testing Injection of JS Sandbox Code in Responses

Ryan Barnett <ryan.barnett at owasp.org>

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Achim Hoffmann <achim at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session044>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session044&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session045>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session045&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session049>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session049&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session038>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session038&action=edit>



*<image008.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_Mitigation_Track>
*
Category: Summit 2011 Mitigation
Track<http://www.owasp.org/index.php/Category:Summit_2011_Mitigation_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session091>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session091&action=edit>

*Virtual Patching Best
Practices<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session091>
*

   1. Identify which attacks/vulnerabilities are best suited for virtual
   patching
   2. Identify which tools are best suited for virtual patching (appliance
   vs. embedded, WAFs vs IPS, etc...)
   3. Identify who should be responsible for virtual patching
   4. How to develop/test virtual patches

DELIVERABLE: White paper cataloguing

Ryan Barnett <ryan.barnett at owasp.org>

Colin Watson

Achim Hoffmann <achim at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session092&action=edit>

*Scaling Web Application Security
Testing<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092>
*

Arian Evans
Dinis Cruz

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Achim Hoffmann <achim at owasp.org>

Steven van der Baan <steven.van.der.baan at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session093&action=edit>

*How to report known security vulnerabilities (for
websites)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093>
*

   1. Discuss the OWASP strategy and policy on responsible disclosure of
   known vulnerabilities in public web applications.
   2. Should OWASP provide an OT10-Leaks platform in a country with legal
   protection for anonymous sources?

Dinis Cruz / Seba

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session094>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session094&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session095>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session095&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session096>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session096&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session097>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session097&action=edit>



*<image010.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_University_Education_Training_Track>
*
Category: Summit 2011 University Education Training
Track<http://www.owasp.org/index.php/Category:Summit_2011_University_Education_Training_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session012&action=edit>

*University Outreach<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012>
*

   1. Estimation of Security prorams currently exist in university settings
   around the world
   2. How can OWASP participate and influence the curricula of these
   educational programs?
   3. How can we foster relationships between OWASP and universities?
   4. How can the relationship between OWASP and universities be
   standardized?
   5. What can OWASP offer universities and what can they, in turn, expect
   from each other?

Martin Knobloch <martin.knobloch at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Cecil Su <cecil.su at owasp.org>

Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>

Heiko Richler <heiko.richler at ohm-hochschule.de>

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Jason Taylor <jtaylor at securityinnovation.com>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session024&action=edit>

*Computer Crime
Laws<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024>
*

   1. Understand the current laws/frameworks in place in relation to
   computer crime and prevention
   2. Discuss ways these laws are currently failing consumers in protecting
   assets
   3. Discuss possible amendments to the laws/frameworks to better protect
   the public

Daniel Cuthbert <Daniel.Cuthbert at owasp.org>

Matthew Chalmers <matthew.chalmers at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session040&action=edit>

*OWASP Academies<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040>
*

   1. Identification of goals;
   2. Definition of methodology;
   3. Analysis of legal aspects and relationship with Universities, other
   Academic institutions and Governmental initiatives;
   4. Identification of Trainers and their involvement;
   5. Certification of Contents and materials.

Sandra Paiva <sandra.paiva at owasp.org>

Martin Knobloch <martin.knobloch at owasp.org>

Paulo Coimbra <paulo.coimbra at owasp.org>

Dinis Cruz <dinis.cruz at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Cecil Su <cecil.su at owasp.org>

Heiko Richler <heiko.richler at owasp.org>

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Jason Taylor <jtaylor at securityinnovation.com>

Mateo Martinez <mateo.martinez at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session041&action=edit>

*OWASP Training<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041>
*

   1. Consolidation of the OWASP Training Model (Paid and Non Paid):
   2. Methodolgies;
   3. Contents and materials;
   4. Trainers Database;
   5. Training Kit

Sandra Paiva <sandra.paiva at owasp.org>

Martin Knobloch <martin.knobloch at owasp.org>

Paulo Coimbra <paulo.coimbra at owasp.org>

Dinis Cruz <dinis.cruz at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Cecil Su <cecil.su at owasp.org>

Heiko Richler <heiko.richler at owasp.org>

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Colin Watson

Jason Taylor <jtaylor at securityinnovation.com>

Achim Hoffmann <achim at owasp.org>

Mark Bristow <mark.bristow at owasp.org>

Mateo Martinez <mateo.martinez at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session042&action=edit>

*Developer's Security Training
Package<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042>
*

   1. To create an organized package that can be used by companies for the
   purposes of educating developers on securely coding web applications and web
   services

Brad Causey <bradcausey at owasp.org>

Martin Knobloch <martin.knobloch at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Jason Taylor <jtaylor at securityinnovation.com>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session069&action=edit>

*OWASP TOP 10 online training in
Hacking-Lab<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069>
*

   1. To learn more about the OWASP TOP 10 cases in Hacking-Lab - Vulnerable
   Apps in HL
   2. Experience the users's view of a training - lab descriptions,
   exercises, send-solution, ranking, global ranking, my profile
   3. Experience the teacher's view of a training - solution movies, accpet
   or reject solutions from users, solution movie
   4. Experience the Hacking-Lab LiveCD (accessing the lab), teaming, levels
   in HL, avatar, rankings
   5. Talk about a potential collaboration between OWASP and Hacking-Lab for
   the future. Free OWASP TOP 10 training.

Ivan Buetler <ivan.buetler at csnc.ch>

Nishi Kumar <nishi.kumar at owasp.org>

Cecil Su <cecil.su at owasp.org>

Jason Taylor <jtaylor at securityinnovation.com>

Achim Hoffmann <achim at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session088&action=edit>

*How to present worldwide David Rice's Pollution
keynote<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088>
*

Dinis Cruz

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session089>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session089&action=edit>

*OWASP Exams<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session089>
*

   1. Establish model for CC-licensed exams creation
   2. Establish model for CC-licensed exams distribution and usage
   3. Establish a first CC-licensed exam to test the concept (an alpha will
   be brought to the working session)
   4. Try OWASP training and exam end-to-end to experience and improve
   training and exam usage scenarios

Jason Taylor <jason.taylor at owasp.org>

Dinis Cruz

Matthew Chalmers <matthew.chalmers at owasp.org>

Mateo Martinez <mateo.martinez at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session039&action=edit>

*OWASP Certification<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039>
*

   1. Determine whether certification would have value for OWASP's Community
   2. Determine a model by which certification based on OWASP materials
   could succeed
   3. Determine a model for creation and distribution of a CC-licensed
   certification exam based on OWASP materials
   4. (if agreed) Determine a model for supporting the administration of
   certification based on OWASP Materials

Dinis Cruz

Matthew Chalmers <matthew.chalmers at owasp.org>

Mateo Martinez <mateo.martinez at owasp.org>



*<image012.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track>
*
Category: Summit 2011 OWASP Secure Coding Workshop
Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session025&action=edit>

*Applying ESAPI Input
Validation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025>
*

   1. Serial Decomp: Decode, canonicalize, filter
   2. Structured data (SSN, CC, etc.)
   3. Unstructured data (comments, blogs, etc.)
   4. Other input exaples (ws-, database, etc.)

Chris Schmidt <chris.schmidt at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Colin Watson

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session026&action=edit>

*Defining AppSensor Detection
Points<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026>
*

   1. Understand AppSensor Fundamentals
   2. Define AppSensor Detection Points applicable to most applications
   3. Implement detection points into code

Michael Coates <michael.coates at owasp.org>

Ryan Barnett <Ryan.Barnett at owasp.org>

Colin Watson

Chris Schmidt <chris.schmidt at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session027&action=edit>

*Contextual Output
Encoding<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027>
*

   1. Provide real-world examples of the ESAPI encoder class stopping
   injection attacks.

Jim Manico <jim.manico at owasp.org>

Colin Watson

Chris Schmidt <chris.schmidt at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session028&action=edit>

*Protecting Information Stored
Client-Side<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028>
*

John Steven <John.Steven at owasp.org>

Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>

Colin Watson

Chris Schmidt <chris.schmidt at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session029&action=edit>

*Protecting Against
CSRF<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029>
*

Eric Sheridan

Chris Schmidt <chris.schmidt at owasp.org>

Achim Hoffmann <achim at owasp.org>

Ryan Barnett <Ryan.Barnett at owasp.org>

Colin Watson

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session030&action=edit>

*Providing Access to Persisted
Data<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030>
*

   1. Create design and code examples for protecting access to database
   tables by role
   2. Create design and code examples for protecting access to data when
   'auto-wiring' and marshalling
   3. Create design and code examples for protecting sensitive data at rest
   4. Create design and code examples for providing SQL-like querying
   capabilities in a safe manner

Dan Cornell <dan at denimgroup.com>

Colin Watson

Chris Schmidt <chris.schmidt at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

Dan Cornell <dan at denimgroup.com>

John Steven <john.steven at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session031&action=edit>

*The Future of the OWASP Secure Coding
Workshop<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031>
*

   1. Determine how to scale the idea
   2. Determine how to get funding for it
   3. Schedule at least two following OWASP Secure Coding Workshop days in
   2011

John Steven <john.steven at owasp.org>
Chris Schmidt <chris.schmidt at owasp.org>

Colin Watson

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session032>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session032&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session033>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session033&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session034>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session034&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session047>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session047&action=edit>



*<image014.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_Individual_OWASP_Projects_Track>
*
Category: Summit 2011 Individual OWASP Projects
Track<http://www.owasp.org/index.php/Category:Summit_2011_Individual_OWASP_Projects_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session062>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session062&action=edit>

*ESAPI - Output
Validation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session062>
*

Jeff Williams <jeff.williams at owasp.org>
Chris Schmidt <chris.schmidt at owasp.org>
Jim Manico <jim.manico at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session063&action=edit>

*O2 Platform<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063>
*

Dinis Cruz <dinis.cruz at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Jason Taylor <jtaylor at securityinnovation.com>

Steven van der Baan <steven.van.der.baan at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session065&action=edit>

*Mobile Security<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065>
*

   1. *Primary: Create core knowledge base on project wiki site*
   2. Recruit volunteers to contribute to project
   3. Establish relationships with key players (i.e. Apple/Google/etc)

Mike Zusman <mike.zusman at intrepidusgroup.com>
David Campbell <dcampbell at owasp.org>

Colin Watson

Tom Neaves <tom.neaves at verizonbusiness.com>

Mateo Martinez <mateo.martinez at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session066&action=edit>

*Development Guide<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066>
*

   1. Discussion of major enhancements to the next version of the
   development guide.

Vishal Garg <vishalgrg at gmail.com>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session067&action=edit>

*ASVS Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067>
*

Matthias Rohr <mail at matthiasrohr.de>

Nishi Kumar <nishi.kumar at owasp.org>

Steven van der Baan <steven.van.der.baan at owasp.org>

Wojciech Dworakowski <wojciech.dworakowski at securing.pl>

Jim Manico <jim.manico at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session068&action=edit>

*Enterprise Web Defense
Roundtable<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>
*

   1. What techniques are effective for scaling web security within a large
   company?
   2. Strategies for developer education that work?
   3. Automated defenses - what techniques are currently in use?
   4. Benefits/considerations for using security bounty programs and public
   hacking initiatives.
   5. What can OWASP build or develop to assist with enterprise wide
   application security?

Michael Coates <michael.coates at owasp.org>
Chris Lyon <clyon at mozilla.com>

Colin Watson

Dinis Cruz

Chris Schmidt <chris.schmidt at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session052&action=edit>

*OWASP Testing Guide<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052>
*

Matteo Meucci <matteo.meucci at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Cecil Su <cecil.su at owasp.org>

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Colin Watson

Achim Hoffmann <achim at owasp.org>

Tom Neaves <tom.neaves at verizonbusiness.com>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session053&action=edit>

*OWASP Java Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053>
*

   1. Restart the Java project
   2. Find new leadership
   3. Recruit volunteers
   4. Build a new Roadmap for the project

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Mateo Martinez <mateo.martinez at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session048>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session048&action=edit>

*OWASP Portuguese Language
Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session048>
*

   1. Kickstart the project
   2. Define leadership and roles
   3. Prioritize documents
   4. List all Portuguese materials available

Lucas C. Ferreira <lucas.ferreira at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session099&action=edit>

*Threat Modeling<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099>
*

   1. Discuss on various components of threat modeling
   2. Various threat modeling methodologies and their challenges
   3. If you have an idea to discuss, please email Anurag Agarwal at
   anurag at myappsecurity.com

Anurag Agarwal <anurag at myappsecurity.com>

Matthew Chalmers <matthew.chalmers at owasp.org>

Colin Watson <colin.watson at owasp.org>

Mateo Martinez <mateo.martinez at owasp.org>

Dinis Cruz <dinis.cruz at owasp.org>

Jim Manico <jim.manico at owasp.org>

Neil Matatall <neil at owasp.org>

Christian Martorella <laramies at gmail.com>

Steven van der Baan <steven.van.der.Baan at owasp.org>

Nishi Kumar <nishi787 at hotmail.com>



*<image016.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Governance_Track>
*
Category: Summit 2011 OWASP Governance
Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Governance_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session013>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session013&action=edit>

*OWASP Board/Committee
Governance<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session013>
*

   1. Universal Committee Governance Document/Policies
   2. Review Board Governance and By-Laws (Including Board
   composition/elections)
   3. Committee alignment to OWASP Goals/Mission including Authorities,
   Individual Missions and Areas of Responsibility (AoR).
   4. Providing budgets to committees for direct oversight and spending in
   their AoR
   5. Additional transparency in OWASP accounting (Expenditures, Expense
   Reports for Officers/Committee Members.....)

Mark Bristow <mark.bristow at owasp.org>
Jason Li <jason.li at owasp.org>
Tom Brennan <tomb at owasp.org>

Jim Manico <jim at manico.net>

Nishi Kumar <nishi.kumar at owasp.org>

Joe Bernik

Matthew Chalmers <matthew.chalmers at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session014>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session014&action=edit>

*Projects<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session014>
*

   1. Assessment Criteria & Orphaned
Projects<http://www.owasp.org/index.php/Working_Sessions_Projects_Assessment_Criteria_and_Orphaned_Projects>
   2. Funding, Marking & Commercial
Services<http://www.owasp.org/index.php/Working_Sessions_Projects_Funding_Marketing_and_Commerical_Services>

Brad Causey <bradcausey at owasp.org>
Jason Li <jason.li at owasp.org>

Seba <seba at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session015>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session015&action=edit>

*Industry<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session015>
*

Yiannis Pavlosoglou <yiannis at owasp.org>

Lorna Alamri <lorna.alamri at owasp.org>

David Campbell

Eoin Keary

Matt Tesauro

Joe Bernik

Nishi Kumar <nishi.kumar at owasp.org>

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Tobias Gondrom

Vehbi Tasar

Colin Watson

Jason Taylor <jtaylor at securityinnovation.com>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session016&action=edit>

*Membership<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016>
*

   1. Develop a plan for reaching out to other organizations in order to
   expand OWASP's exposure to the larger security and developer communities.
   2. Create a budget and funding plan for the Membership Committee
   3. Be ready to conduct a survey of new and existing OWASP Members and
   Supporters. Develop survey questions and specifics for the implementation.

Dan Cornell <dan at denimgroup.com>

Michael Coates <michael.coates at owasp.org>

Mateo Martinez <mateo.martinez at owasp.org>

Dan Cornell <dan at denimgroup.com>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session017&action=edit>

*Connections<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017>
*

Jim Manico <jim.manico at owasp.org>
Justin Clarke <justin.clarke at owasp.org>

Achim Hoffmann <achim at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session018&action=edit>

*Chapters<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018>
*

   1. Challenges and solutions to run a successful OWASP chapter

Seba <seba at owasp.org>

Mandeep Khera

Matthew Chalmers <matthew.chalmers at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session019&action=edit>

*Education<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019>
*

   1. Estimate how the past achievements do support the current educational
   developments
   2. Evaluate how we can get the projects involved in developing (or at
   least reviewing) training material
   3. Define new goals for the upcoming period
   4. Define success factors for the upcoming period

Martin Knobloch <martin.knobloch at owasp.org>
Seba <seba at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Cecil Su <cecil.su at owasp.org>

Jason Taylor <jtaylor at securityinnovation.com>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session020&action=edit>

*Conferences - Improving Conference Planner
Support<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020>
*

   1. Discuss the GCC's current 2011
Plan<http://www.owasp.org/index.php/Global_Conferences_Committee_2011_Plan>of
action and new initiatives
   2. Review comments provided in the Conference Planner Survey
   3. Discuss mechanisms to improve Planner/Operational Support
   4. Discuss mechanisms to improve event marketing/sponsorships
   5. Discuss Global Conference Sponsorship Plan

Mark Bristow <mark.bristow at owasp.org>

Lorna Alamri <lorna.alamri at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Ralph Durkee <Ralph.Durkee at owasp.org>

Matthew Chalmers <matthew.chalmers at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session071>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session071&action=edit>

*Tracking OWASP
Participation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session071>
*

   1. Identify the specific needs for a participation tracking system
   2. Develop a working framework that provides an open, distributed and
   accountable mechanism to track participation
   3. Discuss initial "points system" detail and point values
   4. Discuss normalization of system points

Mark Bristow <mark.bristow at owasp.org>

Jason Li <jason.li at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session076>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session076&action=edit>

*Professionalize
OWASP<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session076>
*

   1. Having annual OWASP Foundation Bord Member election? During annual
   OWASP Summit's?
   2. Professionalize OWASP PR, hiring more OWASP employees, at least one
   for PR?
   3. Hiring more OWASP professionals?
   4. Paying for OWASP Board Members and OWASP Leaders?
   5. Creating an European OWASP entity?

Martin Knobloch <martin.knobloch at owasp.org>

Nishi Kumar <nishi.kumar at owasp.org>

Lorna Alamri <lorna.alamri at owasp.org>

Colin Watson

Matthew Chalmers <matthew.chalmers at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session035&action=edit>

*Building the OWASP Brazilian Leaders
Group<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035>
*

   1. Define the members of the group
   2. Define the rules of engagement for the group
   3. Discuss how to fund Brazilian chapters
   4. Discuss the translation of OWASP materials to Portuguse
   5. Define the rules for hosting AppSec Brazil

Lucas C. Ferreira <lucas.ferreira at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session037>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session054>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session054&action=edit>



*<image018.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Track>
*
Category: Summit 2011 OWASP
Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Track>
*

*Name of Working Session*

*Objective(s)*

*Owner/Leader*

*Members/Attendees*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session021&action=edit>

*OWASP Around the
World<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021>
*

   1. Internationalization
   2. Global Job Board
   3. New OWASP chapters in parts of the world where we have not spread much
   yet

Matthew Chalmers <matthew.chalmers at owasp.org>

Mateo Martinez <mateo.martinez at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session022&action=edit>

*What is an OWASP
Leader?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022>
*

   1. Define what it means to be an OWASP Leader

Dinis Cruz <dinis.cruz at owasp.org>

Matthew Chalmers <matthew.chalmers at owasp.org>

Chris Schmidt <chris.schmidt at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session023>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session023&action=edit>

*Overhauling the OWASP
Website<http://www.owasp.org/index.php/Working_Sessions_OWASP_Website>
*

   1. Revisit goals from previous working
session<http://www.owasp.org/index.php/OWASP_Working_Session_-_OWASP_Website>
   2. Identify available Google Apps (e.g. Code Review, Moderator, Short
   Links, Project Hosting, Groups, etc) that we can leverage to support OWASP
   Website Infrastructure.
   3. Review Website Overhaul
Proposal<http://www.owasp.org/index.php?title=Website_Overhaul_Proposal&action=edit&redlink=1>for
consideration
   4. Decide what elements should be outsourced/contracted to expedite
   implementation
   5. Resolve on schedule for achieving goals

Jason Li <jason.li at owasp.org>

Larry Casey

Achim Hoffmann <achim at owasp.org>

Michael Coates

Colin Watson

Nishi Kumar <nishi.kumar at owasp.org>

Dinis Cruz

Matthew Chalmers <matthew.chalmers at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session070&action=edit>

*Managing the OWASP
Brand<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070>
*

Jason Li <jason.li at owasp.org>

Lucas C. Ferreira <lucas.ferreira at owasp.org>

Matthew Chalmers <matthew.chalmers at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session072&action=edit>

*Developer Outreach<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072>
*

Mark Bristow <mark.bristow at owasp.org>
Jason Li <jason.li at owasp.org>

Martin Knobloch <martin.knobloch at owasp.org>

Steven van der Baan <steven.van.der.baan at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session073&action=edit>

*Privacy - Personal Data/PII, Legislation and
OWASP<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073>
*

   1. Discuss whether OWASP needs to be more proactive about privacy
   2. Define how we build privacy matters into existing tools and resources
   3. Identify gaps

Colin Watson <colin.watson(at)owasp.org>

Matthew Chalmers <matthew.chalmers at owasp.org>

Lorna Alamri <lorna.alamri at owasp.org>

Achim Hoffmann <achim at owasp.org>

Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session074&action=edit>

*Replicating Samy's EU Tour across
OWASP<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074>
*

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session075&action=edit>

*S is for Safety (as well as
Security)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075>
*

   1. Define how OWASP can take the lead in *application security for safety
   *

Colin Watson <colin.watson(at)owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session060&action=edit>

*OWASP Quotes<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060>
*

   1. Open letter to governments
   2. Open letter to insurance companies
   3. Tools inoperability
   4. Tools customization by security consultants
   5. Wiki leaks & WebAppSec

Dinis Cruz <dinis.cruz at owasp.org>

Matthew Chalmers <matthew.chalmers at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session061&action=edit>

*Did OWASP Failed to achieve its full potential? (and lessons
learned)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061>
*

Dinis Cruz

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session077&action=edit>

*Should OWASP hire a Chief Executive Officer
(CEO)?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077>
*

TBD

Matthew Chalmers <matthew.chalmers at owasp.org>

Dinis Cruz

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session078&action=edit>

*Less preaching to the choir, engage more with the
outsiders<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078>
*

TBD

Matthew Chalmers <matthew.chalmers at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session079&action=edit>

*Investment justification for Web Application
Security<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079>
*

TBD

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session080&action=edit>

*Should OWASP work directly with
PCI-DSS?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080>
*

TBD

Matthew Chalmers <matthew.chalmers at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session081>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session081&action=edit>

*How can OWASP reach/talk/engage with
developers<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session081>
*

TBD

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session082&action=edit>

*How can OWASP reach/talk/engage with
auditors<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082>
*

   1. Educate security professionals and developers on, and dispel the myths
   about, audit and control
   2. Educate auditors on OWASP, software development and web & application
   security
   3. Discuss ways OWASP can help security pros, developers and auditors
   work together for mutual benefit and world domination

Matthew Chalmers <matthew.chalmers at owasp.org>

Matthew Chalmers <matthew.chalmers at owasp.org>

Achim Hoffmann <achim at owasp.org>

Justin Clarke <justin.clarke at owasp.org>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session083>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session083&action=edit>

*OWASP and Facebook, Lessons
Learned<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session083>
*

Jim Manico <jim at manico.net>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session084&action=edit>

*Creating an Application Security Career - For the Average IT/Network
Security Practitioner<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084>
*

TBD

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session090>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session090&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session098>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session098&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session100>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session100&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session101>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session101&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session102>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session102&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session103>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session103&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session104>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session104&action=edit>

view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session105>
edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session105&action=edit>

*Subcategories*

This category has the following 10 subcategories, out of 10 total.











--Jeff





*From:* owasp-board-bounces at lists.owasp.org [mailto:
owasp-board-bounces at lists.owasp.org] *On Behalf Of *Paulo Coimbra
*Sent:* Thursday, January 20, 2011 10:39 AM
*To:* 'Kate Hartmann'; 'Sandra Paiva'; 'sarah cruz'; 'Deb Brewer'; 'Linda
Potjes'; 'Sarah Baso'
*Cc:* 'OWASP Foundation Board List'; owasp-summit-2011 at lists.owasp.org
*Subject:* Re: [Owasp-board] We need to begin to direct appropriately



All,



As you know we had recently asked our community to work a bit more on the
working sessions by adding more content and detailing as much possible
overview, objectives, outcomes and participants. We are meanwhile diving
into the content already available to try and find out a way to increase its
coherence so as to create the conditions for us to have a productive
meeting. We are also thinking about a new template - simpler to work with
and abler to capture the entire range of questions implicit in each WS. We
will inform you if we manage to build anything new and, for us, better than
the template currently in use.



We have also been told that Jeff Williams will work on this issue and we
will be ready to seek convergence with his initiative as soon as his path
allows us to engage. While this is being done we will make sure that
requests to create or change the current WS are timely answered.





Thanks,

- Paulo





Paulo Coimbra,

OWASP Project Manager <http://www.owasp.org/index.php/User:Paulo_Coimbra>



*From:* Kate Hartmann [mailto:kate.hartmann at owasp.org]
*Sent:* quinta-feira, 20 de Janeiro de 2011 03:43
*To:* paulo.coimbra at owasp.org; Sandra Paiva; sarah cruz; Deb Brewer; Linda
Potjes; Sarah Baso
*Cc:* dinis.cruz at owasp.org
*Subject:* We need to begin to direct appropriately



All, following up on my email from yesterday, I have posted roles here:
http://www.owasp.org/index.php/Summit_2011_Committee#Summit_Logistical_Team_.28Who_do_I_ask.3F.29



Paulo and Sandra, when will you be arriving so we can include your
information.



I also need some contact information for Marta.



We have about 19 days left:  http://countdown.onlineclock.net/  I don’t know
how to get this onto the wiki, but it would be cool.



Anyway, I highly recommend that we begin to really settle into our roles.
Paulo and Sandra, you will probably be more and more busy with the working
sessions as we get closer to February 8, 2011, so please let the group know
how we should help!  You two are the wiki masters!



I hope to fill out these roles in the upcoming days with more specific
tasks, but for now I’m fairly confident we all have plenty to keep us busy.




If you have any questions/concerns, please don’t hesitate to raise your
voice.



Thank you!







Kate Hartmann

Operations Director

301-275-9403

www.owasp.org

Skype:  Kate.hartmann1



_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-board/attachments/20110120/04dc6c4a/attachment-0001.html 


More information about the Owasp-board mailing list