[Owasp-board] We need to begin to direct appropriately

Paulo Coimbra paulo.coimbra at owasp.org
Sun Jan 23 19:40:22 UTC 2011


Jeff,

 

I and Sandra are currently updating the wiki by filling in the deliverables.
Could you please give us more details on the templates you are requesting? 

 

Thanks,

- Paulo

 

 

Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager

 

From: Jeff Williams [mailto:jeff.williams at owasp.org] 
Sent: domingo, 23 de Janeiro de 2011 05:16
To: 'Paulo Coimbra'; Kate Hartmann; 'Sandra Paiva'; 'sarah cruz'; 'Deb
Brewer'; 'Linda Potjes'; 'Sarah Baso'
Cc: 'OWASP Foundation Board List'; owasp-summit-2011 at lists.owasp.org
Subject: RE: [Owasp-board] We need to begin to direct appropriately

 

Hi,

Could someone put these into the wiki for me?   The lack of responsiveness
is making it difficult for me to complete the task.

Every working group is going to have to have a *scribe* who will get the
appropriate template (We need to get these drafted up quickly) and fill it
out as the working group works.  I suggest we make these easily available on
Google Docs and pray that the damn network works well.

* OWASP 2011 Committee Plan Template

* OWASP White Paper Template

* OWASP Standard Template

* OWASP Project Business Plan Template

--Jeff

 

 <http://www.owasp.org/index.php/Category:Summit_2011_Metrics_Track>
Description: Description: Description:
http://www.owasp.org/images/1/18/T._metrics.jpg
Category: Summit 2011 Metrics Track
<http://www.owasp.org/index.php/Category:Summit_2011_Metrics_Track> 

	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session05
5&action=edit>  

Risk Metrics
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055>  

	Chris Wysopal <mailto:cwysopal at Veracode.com>  
Chris Eng <mailto:ceng at Veracode.com>  

Colin Watson <mailto:colin.watson at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session056>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session05
6&action=edit>  

Tools Interoperability (Data Instrumentation)
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session056>  

DELIVERABLE: A standard schema for describing application security risks of
all types, with a place for all relevant information - whether derived
statically, dynamically, manually, or architecturally.

Dinis Cruz <mailto:dinis.cruz at owasp.org>  

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session05
7&action=edit>  

Metrics and Labelling
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057>  

DELIVERABLE: White paper sketching out a standard for a software security
label and a plan to finalize the standard.

Chris Wysopal <mailto:cwysopal at Veracode.com>  
Chris Eng <mailto:ceng at Veracode.com>  

Colin Watson <mailto:colin.watson at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session05
8&action=edit>  

Counting and scoring application security defects
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058>  

DELIVERABLE: White paper sketching out a standard for rating risks that
accomodates individual minor defects all the way through architectural flaws
(that may represent many individual defects)

Chris Wysopal <mailto:cwysopal at Veracode.com>  
Chris Eng <mailto:ceng at Veracode.com>  

Jason Taylor <mailto:jtaylor at securityinnovation.com>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session05
9&action=edit>  

Measuring SDLC process performance
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059>  

	Chris Wysopal <mailto:cwysopal at Veracode.com>  
Chris Eng <mailto:ceng at Veracode.com>  

Justin Clarke <mailto:justin at gdssecurity.com>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Colin Watson 

Jason Taylor <mailto:jtaylor at securityinnovation.com>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session085>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
5&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
6&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session037>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
7&action=edit>  

				

 

 
<http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track>
Description: Description: Description:
http://www.owasp.org/images/d/dc/T._browser_security.jpg
Category: Summit 2011 Browser Security Track
<http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track>


	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
1&action=edit>  

Browser Security Working Group
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001>  

1.	Work on and discuss how to enhance enduser security in web
applications,
2.	Work on and discuss browser-based countermeasures against XSS, CSRF,
man-in-the-middle, man-in-the-browser and full remote access exploits

DELIVERABLE: White paper describing specific recommendations for browser
vendors.

John Wilander <mailto:john.wilander at owasp.org>  

Email John Wilander if you are unable to edit the Wiki and would like to
sign up! <mailto:john.wilander at owasp.org>  

Michael Coates 

Colin Watson 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
2&action=edit>  

Sandboxing
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002>  

			

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
3&action=edit>  

Securing Plugins
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003>  

DELIVERABLE: A whitepaper with concrete recommendations for:

-         Developers to build secure plugins

-         Users to select, install, and use plugins securely

-         Browser makers to defend against malicious plugins

-         Recommendations for shared security controls that plugins can
share

		

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
4&action=edit>  

Enduser Warnings
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004>  

DELIVERABLE: White paper capturing specific recommendations to browser
makers about making effective warnings.

 

DELIVERABLE: Awareness materials (such as posters, logos, banners, etc.) to
help raise awareness about the meaning and consequences of the different
enduser warnings

		

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
5&action=edit>  

Blacklisting
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005>  

			

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
6&action=edit>  

OS Integration
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006>  

			

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session007>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
7&action=edit>  

JavaScript
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session007>  

			

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session008>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
8&action=edit>  

New HTTP Headers
<http://www.owasp.org/index.php/Working_Sessions_Browser_Working_Group_New_H
TTP_Headers>  

DELIVERABLE White paper (standard?) describing (for each new header): what
the problem is, why a new header will help, and recommendations for
implementation of the new header on both browser and server-side.

		

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session046>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
6&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session087>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
7&action=edit>  

				

 

 <http://www.owasp.org/index.php/Category:Summit_2011_XSS_Eradication_Track>
Description: Description: Description:
http://www.owasp.org/images/e/e6/T._cross_site.jpg
Category: Summit 2011 XSS Eradication Track
<http://www.owasp.org/index.php/Category:Summit_2011_XSS_Eradication_Track> 

	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session00
9&action=edit>  

XSS and the Frameworks
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009>  

1.	Work on how OWASP can engage with the major web frameworks to move
towards a "secure by default" stance
2.	Work on OWASP resources to provide patches/design approaches in
conjunction with the frameworks

DELIVERABLE: White paper or standard for what we want the web frameworks to
provide in terms of XSS defenses.  Turning the XSS Prevention Cheat Sheet
into a standard/metric for frameworks would be great.

DELIVERABLE: OWASP Standard defining an appraisal methodology for a
framework's XSS prevention capability based on the other deliverable.

Justin Clarke <mailto:justin.clarke at owasp.org>  

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session010>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
0&action=edit>  

XSS - Awareness, Resources, and Partnerships
<http://www.owasp.org/index.php/Working_Sessions_XSS_AwarnessResourcesPartne
rships>  

1.	Work on what partners we can reach, and what resources they can
provide us access to
2.	Work on who we can work with to reach a maximum amount of developers
writing web applications
3.	Plan engagement with identified organizations
4.	Plan a call to action for OWASP chapters for identified XSS
resources

DELIVERABLE: A concrete, specific business plan for investing OWASP Funds in
a campaign designed to ensure that every developer knows about XSS and what
to do to prevent it.  The plan should have specific goals, measures, and
targets over time so we know if it is on track.

Justin Clarke <mailto:justin.clarke at owasp.org>  

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session043>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
3&action=edit>  

WAF Mitigations for XSS
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session043>  

1.	Improve XSS Attack Payload Detection Techniques
2.	Identifying Improper Output Handling Flaws in Web Apps
3.	Feasibility of Profile Page Scripts/Iframes
4.	Testing Injection of JS Sandbox Code in Responses

DELIVERABLE: White paper describing "Next Generation WAF Capabilities" such
as the ones described above.  Include areas requiring additional research
and funding.

Ryan Barnett <mailto:ryan.barnett at owasp.org>  

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Achim Hoffmann <mailto:achim at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session044>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
4&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session045>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
5&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session049>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
9&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session038>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
8&action=edit>  

				

 

 <http://www.owasp.org/index.php/Category:Summit_2011_Mitigation_Track>
Description: Description: Description:
http://www.owasp.org/images/5/53/T._mitigation.jpg
Category: Summit 2011 Mitigation Track
<http://www.owasp.org/index.php/Category:Summit_2011_Mitigation_Track> 

	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session091>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
1&action=edit>  

Virtual Patching Best Practices
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session091>  

1.	Identify which attacks/vulnerabilities are best suited for virtual
patching
2.	Identify which tools are best suited for virtual patching (appliance
vs. embedded, WAFs vs IPS, etc...)
3.	Identify who should be responsible for virtual patching
4.	How to develop/test virtual patches

DELIVERABLE: White paper on "Effective Virtual Patching" that discusses the
scenarios above.

Ryan Barnett <mailto:ryan.barnett at owasp.org>  

Colin Watson 

Achim Hoffmann <mailto:achim at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
2&action=edit>  

Scaling Web Application Security Testing
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092>  

DELIVERABLE: A white paper describing strategies for scaling application
security verification programs beyond a single application at a time.
Should address achieving coverage of expected controls, depth of assurance,
both automated and manual approaches, custom rules, rule management, rule
deployment.

Arian Evans 
Dinis Cruz 

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Achim Hoffmann <mailto:achim at owasp.org>  

Steven van der Baan <mailto:steven.van.der.baan at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
3&action=edit>  

How to report known security vulnerabilities (for websites)
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093>  

1.	Discuss the OWASP strategy and policy on responsible disclosure of
known vulnerabilities in public web applications.
2.	Should OWASP provide an OT10-Leaks platform in a country with legal
protection for anonymous sources?

DELIVERABLE: A white paper evaluating the various options for handing
discovered vulnerabilities.  Possible standards and recommendations
associated with the options.

Dinis Cruz / Seba 

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session094>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
4&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session095>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
5&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session096>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
6&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session097>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
7&action=edit>  

				

 

 
<http://www.owasp.org/index.php/Category:Summit_2011_University_Education_Tr
aining_Track> Description: Description: Description:
http://www.owasp.org/images/e/ef/T._university.jpg
Category: Summit 2011 University Education Training Track
<http://www.owasp.org/index.php/Category:Summit_2011_University_Education_Tr
aining_Track> 

	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
2&action=edit>  

University Outreach
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012>  

1.	Estimation of Security prorams currently exist in university
settings around the world
2.	How can OWASP participate and influence the curricula of these
educational programs?
3.	How can we foster relationships between OWASP and universities?
4.	How can the relationship between OWASP and universities be
standardized?
5.	What can OWASP offer universities and what can they, in turn, expect
from each other?

DELIVERABLE: A study with facts, numbers, and other metrics about
application secuirity in academia.  The  OWASP Academic State of the World. 

DELIVERABLE: A white paper with strategies for infiltrating academia with
our priorities.

Martin Knobloch <mailto:martin.knobloch at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Cecil Su <mailto:cecil.su at owasp.org>  

Elke Roth-Mandutz <mailto:elke.roth-mandutz at ohm-hochschule.de>  

Heiko Richler <mailto:heiko.richler at ohm-hochschule.de>  

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Jason Taylor <mailto:jtaylor at securityinnovation.com>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
4&action=edit>  

Computer Crime Laws
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024>  

1.	Understand the current laws/frameworks in place in relation to
computer crime and prevention
2.	Discuss ways these laws are currently failing consumers in
protecting assets
3.	Discuss possible amendments to the laws/frameworks to better protect
the public

DELIVERABLE: A study evaluating the existing computer crime laws and how
they might be applied to the current set of application security attacks.
Recommendations for a new legal framework.

Daniel Cuthbert <mailto:Daniel.Cuthbert at owasp.org>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
0&action=edit>  

OWASP Academies
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040>  

1.	Identification of goals;
2.	Definition of methodology;
3.	Analysis of legal aspects and relationship with Universities, other
Academic institutions and Governmental initiatives;
4.	Identification of Trainers and their involvement;
5.	Certification of Contents and materials.

DELIVERABLE: Deliver the above as a fundable business plan complete with
financial and resource requirements, timelines, metrics, etc.

Sandra Paiva <mailto:sandra.paiva at owasp.org>  

Martin Knobloch <mailto:martin.knobloch at owasp.org>  

Paulo Coimbra <mailto:paulo.coimbra at owasp.org>  

Dinis Cruz <mailto:dinis.cruz at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Cecil Su <mailto:cecil.su at owasp.org>  

Heiko Richler <mailto:heiko.richler at owasp.org>  

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Jason Taylor <mailto:jtaylor at securityinnovation.com>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
1&action=edit>  

OWASP Training
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041>  

1.	Consolidation of the OWASP Training Model (Paid and Non Paid):
2.	Methodolgies;
3.	Contents and materials;
4.	Trainers Database;
5.	Training Kit

DELIVERABLE: Deliver the above as a fundable business plan complete with
financial and resource requirements, timelines, metrics, etc.

Sandra Paiva <mailto:sandra.paiva at owasp.org>  

Martin Knobloch <mailto:martin.knobloch at owasp.org>  

Paulo Coimbra <mailto:paulo.coimbra at owasp.org>  

Dinis Cruz <mailto:dinis.cruz at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Cecil Su <mailto:cecil.su at owasp.org>  

Heiko Richler <mailto:heiko.richler at owasp.org>  

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Colin Watson 

Jason Taylor <mailto:jtaylor at securityinnovation.com>  

Achim Hoffmann <mailto:achim at owasp.org>  

Mark Bristow <mailto:mark.bristow at owasp.org>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
2&action=edit>  

Developer's Security Training Package
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042>  

1.	To create an organized package that can be used by companies for the
purposes of educating developers on securely coding web applications and web
services

DELIVERABLE: A curriculum for the above based on OWASP materials and a plan
to build it out.

Brad Causey <mailto:bradcausey at owasp.org>  

Martin Knobloch <mailto:martin.knobloch at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Jason Taylor <mailto:jtaylor at securityinnovation.com>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
9&action=edit>  

OWASP TOP 10 online training in Hacking-Lab
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069>  

1.	To learn more about the OWASP TOP 10 cases in Hacking-Lab -
Vulnerable Apps in HL
2.	Experience the users's view of a training - lab descriptions,
exercises, send-solution, ranking, global ranking, my profile
3.	Experience the teacher's view of a training - solution movies,
accpet or reject solutions from users, solution movie
4.	Experience the Hacking-Lab LiveCD (accessing the lab), teaming,
levels in HL, avatar, rankings
5.	Talk about a potential collaboration between OWASP and Hacking-Lab
for the future. Free OWASP TOP 10 training.

DELIVERABLE: A plan to create free awesome OWASP T10 awareness training
using HL and others.  Integrate the various environments and create a
prototype if possible.

Ivan Buetler <mailto:ivan.buetler at csnc.ch>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Cecil Su <mailto:cecil.su at owasp.org>  

Jason Taylor <mailto:jtaylor at securityinnovation.com>  

Achim Hoffmann <mailto:achim at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
8&action=edit>  

How to present worldwide David Rice's Pollution keynote
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088>  

DELIVERABLE: A plan for a marketing/awareness campaign that starts to
promote the top and bottom-line business advantages of application security.
Prototype awareness concepts if possible.

Dinis Cruz 

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session089>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
9&action=edit>  

OWASP Exams
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session089>  

1.	Establish model for CC-licensed exams creation
2.	Establish model for CC-licensed exams distribution and usage
3.	Establish a first CC-licensed exam to test the concept (an alpha
will be brought to the working session)
4.	Try OWASP training and exam end-to-end to experience and improve
training and exam usage scenarios

DELIVERABLE: A business plan for evaluation by the community at large. What
is the investment, schedule, metrics, benefit.

Jason Taylor <mailto:jason.taylor at owasp.org>  

Dinis Cruz 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
9&action=edit>  

OWASP Certification
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039>  

1.	Determine whether certification would have value for OWASP's
Community
2.	Determine a model by which certification based on OWASP materials
could succeed
3.	Determine a model for creation and distribution of a CC-licensed
certification exam based on OWASP materials
4.	(if agreed) Determine a model for supporting the administration of
certification based on OWASP Materials

DELIVERABLE: A business plan for evaluation by the community at large.

	Dinis Cruz 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  

 

 
<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Wor
kshop_Track> Description: Description: Description:
http://www.owasp.org/images/5/54/T._secure_coding.jpg
Category: Summit 2011 OWASP Secure Coding Workshop Track
<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Wor
kshop_Track> 

	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
5&action=edit>  

Applying ESAPI Input Validation
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025>  

1.	Serial Decomp: Decode, canonicalize, filter
2.	Structured data (SSN, CC, etc.)
3.	Unstructured data (comments, blogs, etc.)
4.	Other input exaples (ws-, database, etc.)

DELIVERABLE: A clear and concise user guide for getting ESAPI input
validation up and running.

Chris Schmidt <mailto:chris.schmidt at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Colin Watson 

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
6&action=edit>  

Defining AppSensor Detection Points
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026>  

1.	Understand AppSensor Fundamentals
2.	Define AppSensor Detection Points applicable to most applications
3.	Implement detection points into code

DELIVERABLE: 

Michael Coates <mailto:michael.coates at owasp.org>  

Ryan Barnett <mailto:Ryan.Barnett at owasp.org>  

Colin Watson 

Chris Schmidt <mailto:chris.schmidt at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
7&action=edit>  

Contextual Output Encoding
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027>  

1.	Provide real-world examples of the ESAPI encoder class stopping
injection attacks.

DELIVERABLE: A clear and concise user guide for getting ESAPI encoding up
and running.

DELIVERABLE: An XSS-Proofing Guideline for UI framework developers on how to
ensure proper contextual context encoding for browsers.  The goal should be
XSS is IMPOSSIBLE in their application.

DELIVERABLE: An open letter and offer of support to framework developers to
think about their security and consider what is available in ESAPI.

Jim Manico <mailto:jim.manico at owasp.org>  

Colin Watson 

Chris Schmidt <mailto:chris.schmidt at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
8&action=edit>  

Protecting Information Stored Client-Side
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028>  

DELIVERABLE: A practical guideline (cookbook?) for safely storing
information in a client program, particularly browsers.  Suggest tying
recommendations to a threat model.

John Steven <mailto:John.Steven at owasp.org>  

Elke Roth-Mandutz <mailto:elke.roth-mandutz at ohm-hochschule.de>  

Colin Watson 

Chris Schmidt <mailto:chris.schmidt at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
9&action=edit>  

Protecting Against CSRF
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029>  

 

DELIVERABLE: A practical guideline for protecting against CSRF in the real
world.

 

DELIVERABLE: A concise, clear standard for determining whether an
application is vulnerable to CSRF.

Eric Sheridan 

Chris Schmidt <mailto:chris.schmidt at owasp.org>  

Achim Hoffmann <mailto:achim at owasp.org>  

Ryan Barnett <mailto:Ryan.Barnett at owasp.org>  

Colin Watson 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
0&action=edit>  

Providing Access to Persisted Data
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030>  

1.	Create design and code examples for protecting access to database
tables by role
2.	Create design and code examples for protecting access to data when
'auto-wiring' and marshalling
3.	Create design and code examples for protecting sensitive data at
rest
4.	Create design and code examples for providing SQL-like querying
capabilities in a safe manner

DELIVERABLE:  A short reference architecture/coding examples type of
guideline that clearly explains positive and negative examples of accessing
persisted data.

Dan Cornell <mailto:dan at denimgroup.com>  

Colin Watson 

Chris Schmidt <mailto:chris.schmidt at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  

Dan Cornell <mailto:dan at denimgroup.com>  

John Steven <mailto:john.steven at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
1&action=edit>  

The Future of the OWASP Secure Coding Workshop
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031>  

1.	Determine how to scale the idea
2.	Determine how to get funding for it
3.	Schedule at least two following OWASP Secure Coding Workshop days in
2011

DELIVERABLE: A business plan for OSCW to be evaluated by the community at
large. What is the investment, schedule, metrics, benefit.

John Steven <mailto:john.steven at owasp.org>  
Chris Schmidt <mailto:chris.schmidt at owasp.org>  

Colin Watson 

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session032>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
2&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session033>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
3&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session034>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
4&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session047>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
7&action=edit>  

				

 

 
<http://www.owasp.org/index.php/Category:Summit_2011_Individual_OWASP_Projec
ts_Track> Description: Description: Description:
http://www.owasp.org/images/0/04/T._individual_projects.jpg
Category: Summit 2011 Individual OWASP Projects Track
<http://www.owasp.org/index.php/Category:Summit_2011_Individual_OWASP_Projec
ts_Track> 

	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session062>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
2&action=edit>  

ESAPI - Output Validation
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session062>  

	Jeff Williams <mailto:jeff.williams at owasp.org>  
Chris Schmidt <mailto:chris.schmidt at owasp.org>  
Jim Manico <mailto:jim.manico at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
3&action=edit>  

O2 Platform
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063>  

DELIVERABLE: ?? Maybe a simple user's guide that shows how to install,
configure, and use O2 to do a few simple common things.  Alternatively, how
about detailed workflows for the more complex features?

Dinis Cruz <mailto:dinis.cruz at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Jason Taylor <mailto:jtaylor at securityinnovation.com>  

Steven van der Baan <mailto:steven.van.der.baan at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
5&action=edit>  

Mobile Security
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065>  

1.	Primary: Create core knowledge base on project wiki site
2.	Recruit volunteers to contribute to project
3.	Establish relationships with key players (i.e. Apple/Google/etc)

DELIVERABLE: A project home page, roadmap, and action plan. Look at the
OWASP Ecosystem concept to see what all you should have in place.

Mike Zusman <mailto:mike.zusman at intrepidusgroup.com>  
David Campbell <mailto:dcampbell at owasp.org>  

Colin Watson 

Tom Neaves <mailto:tom.neaves at verizonbusiness.com>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
6&action=edit>  

Development Guide
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066>  

1.	Discussion of major enhancements to the next version of the
development guide.

DELIVERABLE: An updated outline for the development guide that is tied into
the OWASP common numbering scheme

DELIVERABLE: A short white paper with ideas for revisions to the Development
Guide for evaluation and discussion by the community at large.

DELIVERABLE: A committed project manager who can reach out to experts to get
the document completed.

Vishal Garg <mailto:vishalgrg at gmail.com>  

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
7&action=edit>  

ASVS Project
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067>  

DELIVERABLE: A short white paper with ideas for revisions to the ASVS, ready
for evaluation by the community at large.  Actual suggested revisions to the
document are helpful, but not required if time does not allow.

Matthias Rohr <mailto:mail at matthiasrohr.de>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Steven van der Baan <mailto:steven.van.der.baan at owasp.org>  

Wojciech Dworakowski <mailto:wojciech.dworakowski at securing.pl>  

Jim Manico <mailto:jim.manico at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
8&action=edit>  

Enterprise Web Defense Roundtable
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>  

1.	What techniques are effective for scaling web security within a
large company?
2.	Strategies for developer education that work?
3.	Automated defenses - what techniques are currently in use?
4.	Benefits/considerations for using security bounty programs and
public hacking initiatives.
5.	What can OWASP build or develop to assist with enterprise wide
application security?

DELIVERABLE: A white paper detailing specific recommendations for Enterprise
Web Security.

DELIVERABLE: A plan for building an ecosystem specifically targeting
enterprise web security. What does it take to scientifically advance the
state of the art?

Michael Coates <mailto:michael.coates at owasp.org>  
Chris Lyon <mailto:clyon at mozilla.com>  

Colin Watson 

Dinis Cruz 

Chris Schmidt <mailto:chris.schmidt at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session05
2&action=edit>  

OWASP Testing Guide
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052>  

DELIVERABLE: An updated outline for the testing guide that is tied into the
OWASP common numbering scheme

DELIVERABLE: A short white paper with ideas for revisions to the Testing
Guide for evaluation and discussion by the community at large.

DELIVERABLE: A committed project manager who can reach out to experts to get
the document completed.



Matteo Meucci <mailto:matteo.meucci at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Cecil Su <mailto:cecil.su at owasp.org>  

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Colin Watson 

Achim Hoffmann <mailto:achim at owasp.org>  

Tom Neaves <mailto:tom.neaves at verizonbusiness.com>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session05
3&action=edit>  

OWASP Java Project
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053>  

1.	Restart the Java project
2.	Find new leadership
3.	Recruit volunteers
4.	Build a new Roadmap for the project

DELIVERABLE: An updated outline for the Java project that is tied into the
OWASP common numbering scheme

DELIVERABLE: A committed project manager who can reach out to experts to get
the project documents completed.

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session048>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session04
8&action=edit>  

OWASP Portuguese Language Project
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session048>  

1.	Kickstart the project
2.	Define leadership and roles
3.	Prioritize documents
4.	List all Portuguese materials available

DELIVERABLE: A prioritized action plan for getting OWASP materials created
in Portuguese

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
9&action=edit>  

Threat Modeling
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099>  

1.	Discuss on various components of threat modeling
2.	Various threat modeling methodologies and their challenges
3.	If you have an idea to discuss, please email Anurag Agarwal at
anurag at myappsecurity.com

DELIVERABLE: An OWASP standard defining what a threat model is.

DELIVERABLE: A white paper providing recommendations on how organizations
can use threat modeling to achieve better security earlier in the process.
Including a business-case rationale for threat modeling would be excellent.

Anurag Agarwal <mailto:anurag at myappsecurity.com>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Colin Watson <mailto:colin.watson at owasp.org>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  

Dinis Cruz <mailto:dinis.cruz at owasp.org>  

Jim Manico <mailto:jim.manico at owasp.org>  

Neil Matatall <mailto:neil at owasp.org>  

Christian Martorella <mailto:laramies at gmail.com>  

Steven van der Baan <mailto:steven.van.der.Baan at owasp.org>  

Nishi Kumar <mailto:nishi787 at hotmail.com>  

 

 
<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Governance_Track>
Description: Description: Description:
http://www.owasp.org/images/c/c6/T._global_committees.jpg
Category: Summit 2011 OWASP Governance Track
<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Governance_Track>


	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session013>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
3&action=edit>  

OWASP Board/Committee Governance
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session013>  

1.	Universal Committee Governance Document/Policies
2.	Review Board Governance and By-Laws (Including Board
composition/elections)
3.	Committee alignment to OWASP Goals/Mission including Authorities,
Individual Missions and Areas of Responsibility (AoR).
4.	Providing budgets to committees for direct oversight and spending in
their AoR
5.	Additional transparency in OWASP accounting (Expenditures, Expense
Reports for Officers/Committee Members.....)

DELIVERABLE: The OWASP 2011 Governance Plan - describing all aspects of the
OWASP Governance Model, providing commentary on each part of the model, and
recommending specific changes to the model with a rationale for the
recommended change.

Mark Bristow <mailto:mark.bristow at owasp.org>  
Jason Li <mailto:jason.li at owasp.org>  
Tom Brennan <mailto:tomb at owasp.org>  

Jim Manico <mailto:jim at manico.net>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Joe Bernik 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session014>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
4&action=edit>  

Projects
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session014>  

1.	Assessment Criteria
<http://www.owasp.org/index.php/Working_Sessions_Projects_Assessment_Criteri
a_and_Orphaned_Projects> & Orphaned Projects
2.	Funding, Marking
<http://www.owasp.org/index.php/Working_Sessions_Projects_Funding_Marketing_
and_Commerical_Services> & Commercial Services

DELIVERABLE: The OWASP 2011 Project Plan - describing the state of OWASP
Projects and making recommendations about how the project model should be
improved.

DELIVERABLE: A white paper suggesting an approach for how OWASP should
recognize commercial services that are based on OWASP materials. 

Brad Causey <mailto:bradcausey at owasp.org>  
Jason Li <mailto:jason.li at owasp.org>  

Seba <mailto:seba at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session015>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
5&action=edit>  

Industry
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session015>  

DELIVERABLE: The OWASP 2011 Industry Plan which will describe the plan for
working with groups like ISC^2, FS-ISAC, and IETF.  The plan should contain
specific activities, commitments, dates, and expected outcomes.

Yiannis Pavlosoglou <mailto:yiannis at owasp.org>  

Lorna Alamri <mailto:lorna.alamri at owasp.org>  

David Campbell 

Eoin Keary 

Matt Tesauro 

Joe Bernik 

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Tobias Gondrom 

Vehbi Tasar 

Colin Watson 

Jason Taylor <mailto:jtaylor at securityinnovation.com>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
6&action=edit>  

Membership
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016>  

1.	Develop a plan for reaching out to other organizations in order to
expand OWASP's exposure to the larger security and developer communities.
2.	Create a budget and funding plan for the Membership Committee
3.	Be ready to conduct a survey of new and existing OWASP Members and
Supporters. Develop survey questions and specifics for the implementation.

DELIVERABLE: The OWASP 2011 Membership Plan - describing the membership
program and recommendations, marketing plans. The plan should contain
specific membership targets for all membership classes and detailed
strategies for achieving the goals.

Dan Cornell <mailto:dan at denimgroup.com>  

Michael Coates <mailto:michael.coates at owasp.org>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  

Dan Cornell <mailto:dan at denimgroup.com>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
7&action=edit>  

Connections
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017>  

DELIVERABLE: The OWASP 2011 Connection Plan - describing the current
connections program and detailing the specifics for what will happen in
2011.  The plan should contain specific goals and strategies for achieving
the goals.

Jim Manico <mailto:jim.manico at owasp.org>  
Justin Clarke <mailto:justin.clarke at owasp.org>  

Achim Hoffmann <mailto:achim at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
8&action=edit>  

Chapters
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018>  

1.	Challenges and solutions to run a successful OWASP chapter

DELIVERABLE: The OWASP 2011 Chapter Plan - describing the current state of
OWASP chapters worldwide and identifying what will happen in 2011 to grow
the number of chapters and improve their quality.

Seba <mailto:seba at owasp.org>  

Mandeep Khera 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session01
9&action=edit>  

Education
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019>  

1.	Estimate how the past achievements do support the current
educational developments
2.	Evaluate how we can get the projects involved in developing (or at
least reviewing) training material
3.	Define new goals for the upcoming period
4.	Define success factors for the upcoming period

DELIVERABLE: The OWASP 2011 Education Plan - describing the specific plans
for education in 2011 with schedule, targets, action plans, etc.

Martin Knobloch <mailto:martin.knobloch at owasp.org>  
Seba <mailto:seba at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Cecil Su <mailto:cecil.su at owasp.org>  

Jason Taylor <mailto:jtaylor at securityinnovation.com>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
0&action=edit>  

Conferences - Improving Conference Planner Support
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020>  

1.	Discuss the GCC's current 2011 Plan
<http://www.owasp.org/index.php/Global_Conferences_Committee_2011_Plan>  of
action and new initiatives
2.	Review comments provided in the Conference Planner Survey
3.	Discuss mechanisms to improve Planner/Operational Support
4.	Discuss mechanisms to improve event marketing/sponsorships
5.	Discuss Global Conference Sponsorship Plan

DELIVERABLE: The OWASP 2011 Conference Plan - describing the plan for
continuing to make our conferences even better, specifically defining the
various tiers of conferences, naming, partnering with other entities, and
other challenges.

Mark Bristow <mailto:mark.bristow at owasp.org>  

Lorna Alamri <mailto:lorna.alamri at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Ralph Durkee <mailto:Ralph.Durkee at owasp.org>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session071>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
1&action=edit>  

Tracking OWASP Participation
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session071>  

1.	Identify the specific needs for a participation tracking system
2.	Develop a working framework that provides an open, distributed and
accountable mechanism to track participation
3.	Discuss initial "points system" detail and point values
4.	Discuss normalization of system points

DELIVERABLE: A white paper recommending an approach for tracking/measuring
OWASP participation to be used for prioritizing support whenever needed.

Mark Bristow <mailto:mark.bristow at owasp.org>  

Jason Li <mailto:jason.li at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session076>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
6&action=edit>  

Professionalize OWASP
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
6>  

1.	Having annual OWASP Foundation Bord Member election? During annual
OWASP Summit's?
2.	Professionalize OWASP PR, hiring more OWASP employees, at least one
for PR?
3.	Hiring more OWASP professionals?
4.	Paying for OWASP Board Members and OWASP Leaders?
5.	Creating an European OWASP entity?

DELIVERABLE: A white paper recommending an approach for professionalizing
OWASP without upsetting the progress we are making in the existing
structure. Specifically consider the budget requirements for the plan and
the effect that this would have on existing budgets.

Martin Knobloch <mailto:martin.knobloch at owasp.org>  

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Lorna Alamri <mailto:lorna.alamri at owasp.org>  

Colin Watson 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
5&action=edit>  

Building the OWASP Brazilian Leaders Group
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035>  

1.	Define the members of the group
2.	Define the rules of engagement for the group
3.	Discuss how to fund Brazilian chapters
4.	Discuss the translation of OWASP materials to Portuguse
5.	Define the rules for hosting AppSec Brazil

DELIVERABLE: A white paper describing how OWASP can build and expand a
bridge with Brazil specifically considering how it can serve as a model for
working with other governments around the world.

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session037>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session03
7&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session054>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session05
4&action=edit>  

				

 

 <http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Track>
Description: Description: Description:
http://www.owasp.org/images/4/47/T._owasp.jpg
Category: Summit 2011 OWASP Track
<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Track> 

	
Name of Working Session 

Objective(s) 

Owner/Leader 

Members/Attendees 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
1&action=edit>  

OWASP Around the World
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021>  

1.	Internationalization
2.	Global Job Board
3.	New OWASP chapters in parts of the world where we have not spread
much yet

DELIVERABLE: A white paper with specific recommendations on how we can
ensure the greatest amount of access and involvement with OWASP for all
people everywhere.

	Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Mateo Martinez <mailto:mateo.martinez at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
2&action=edit>  

What is an OWASP Leader?
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022>  

1.	Define what it means to be an OWASP Leader

DELIVERABLE: A standard defining exactly what characterizes an OWASP Leader,
for use in providing benefits and prioritizing support.

Dinis Cruz <mailto:dinis.cruz at owasp.org>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Chris Schmidt <mailto:chris.schmidt at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session023>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session02
3&action=edit>  

Overhauling the OWASP Website
<http://www.owasp.org/index.php/Working_Sessions_OWASP_Website>  

1.	Revisit goals from previous working session
<http://www.owasp.org/index.php/OWASP_Working_Session_-_OWASP_Website> 
2.	Identify available Google Apps (e.g. Code Review, Moderator, Short
Links, Project Hosting, Groups, etc) that we can leverage to support OWASP
Website Infrastructure.
3.	Review Website Overhaul Proposal
<http://www.owasp.org/index.php?title=Website_Overhaul_Proposal&action=edit&
redlink=1>  for consideration
4.	Decide what elements should be outsourced/contracted to expedite
implementation
5.	Resolve on schedule for achieving goals

DELIVERABLE: A project plan describing the future of web support for the
OWASP ecosystem (think social) that covers all the various constituents,
stakeholders, users, leaders, etc.. The plan will define all the steps
necessary to get there and provide a rough estimate of the effort to get
there.  To the maximum extent possible, the plan will be designed to be
parallelizable so that parts can be worked independently.

Jason Li <mailto:jason.li at owasp.org>  

Larry Casey 

Achim Hoffmann <mailto:achim at owasp.org>  

Michael Coates 

Colin Watson 

Nishi Kumar <mailto:nishi.kumar at owasp.org>  

Dinis Cruz 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
0&action=edit>  

Managing the OWASP Brand
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070>  

DELIVERABLE: A white paper describing the OWASP brand and the challenges of
getting people to use the brand without abusing it. The paper will update
the OWASP Brand Guidelines and make recommendations about other ways to
promote and protect the brand.

	Jason Li <mailto:jason.li at owasp.org>  

Lucas C. Ferreira <mailto:lucas.ferreira at owasp.org>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
2&action=edit>  

Developer Outreach
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072>  

DELIVERABLE: A white paper describing strategies for reaching developers
with OWASP philosophy, materials, tools, etc. 

Mark Bristow <mailto:mark.bristow at owasp.org>  
Jason Li <mailto:jason.li at owasp.org>  

Martin Knobloch <mailto:martin.knobloch at owasp.org>  

Steven van der Baan <mailto:steven.van.der.baan at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
3&action=edit>  

Privacy - Personal Data/PII, Legislation and OWASP
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073>  

1.	Discuss whether OWASP needs to be more proactive about privacy
2.	Define how we build privacy matters into existing tools and
resources
3.	Identify gaps

DELIVERABLE: A white paper discussing how the privacy ecosystem overlaps
with the OWASP ecosystem and whether there should be more bridges built
between them.

Colin Watson <mailto:colin.watson(at)owasp.org>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Lorna Alamri <mailto:lorna.alamri at owasp.org>  

Achim Hoffmann <mailto:achim at owasp.org>  

Elke Roth-Mandutz <mailto:elke.roth-mandutz at ohm-hochschule.de>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
4&action=edit>  

Replicating Samy's EU Tour across OWASP
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074>  

DELIVERABLE: A white paper describing the outcomes from Samy's EU tour and
whether it is something that we can or should replicate.

		

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
5&action=edit>  

S is for Safety (as well as Security)
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075>  

1.	Define how OWASP can take the lead in application security for
safety

DELIVERABLE: A white paper describing how the safety ecosystem overlaps with
the OWASP ecosystem and whether there should be more bridges built between
them.

Colin Watson <mailto:colin.watson(at)owasp.org>  

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
0&action=edit>  

OWASP Quotes
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060>  

1.	Open letter to governments
2.	Open letter to insurance companies
3.	Tools inoperability
4.	Tools customization by security consultants
5.	Wiki leaks & WebAppSec

DELIVERABLE: A white paper on how OWASP can use "quotes" effectively to
drive awareness and action.  The paper will suggest specific strategies for
obtaining, vetting, and promoting quotes to achieve our aims.

Dinis Cruz <mailto:dinis.cruz at owasp.org>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session06
1&action=edit>  

Did OWASP Failed to achieve its full potential? (and lessons learned)
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061>  

DELIVERABLE: A white paper capturing possible missed opportunities during
the 2000's and suggesting strategies for doing better in the 2010's.

Dinis Cruz 

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
7&action=edit>  

Should OWASP hire a Chief Executive Officer (CEO)?
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077>  

DELIVERABLE: A white paper analyzing the governance structure of OWASP and
recommending whether or not the investment in a CEO would be cost-effective.

TBD 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Dinis Cruz 


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
8&action=edit>  

Less preaching to the choir, engage more with the outsiders
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078>  

	TBD 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session07
9&action=edit>  

Investment justification for Web Application Security
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079>  

	TBD 

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
0&action=edit>  

Should OWASP work directly with PCI-DSS?
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080>  

	TBD 

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session081>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
1&action=edit>  

How can OWASP reach/talk/engage with developers
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session081>  

	TBD 

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
2&action=edit>  

How can OWASP reach/talk/engage with auditors
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082>  

1.	Educate security professionals and developers on, and dispel the
myths about, audit and control
2.	Educate auditors on OWASP, software development and web &
application security
3.	Discuss ways OWASP can help security pros, developers and auditors
work together for mutual benefit and world domination

DELIVERABLE: A white paper describing  specific strategies for interacting
with auditors as described above.

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Matthew Chalmers <mailto:matthew.chalmers at owasp.org>  

Achim Hoffmann <mailto:achim at owasp.org>  

Justin Clarke <mailto:justin.clarke at owasp.org>  


view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session083>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
3&action=edit>  

OWASP and Facebook, Lessons Learned
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session083>  

	Jim Manico <mailto:jim at manico.net>  

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session08
4&action=edit>  

Creating an Application Security Career - For the Average IT/Network
Security Practitioner
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084>  

	TBD 

	

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session090>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
0&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session098>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session09
8&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session100>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session10
0&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session101>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session10
1&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session102>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session10
2&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session103>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session10
3&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session104>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session10
4&action=edit>  

				

view
<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session105>  
edit
<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session10
5&action=edit>  

				

Subcategories

This category has the following 10 subcategories, out of 10 total. 

 

 

 

 

 

--Jeff

 

 

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo Coimbra
Sent: Thursday, January 20, 2011 10:39 AM
To: 'Kate Hartmann'; 'Sandra Paiva'; 'sarah cruz'; 'Deb Brewer'; 'Linda
Potjes'; 'Sarah Baso'
Cc: 'OWASP Foundation Board List'; owasp-summit-2011 at lists.owasp.org
Subject: Re: [Owasp-board] We need to begin to direct appropriately

 

All,

 

As you know we had recently asked our community to work a bit more on the
working sessions by adding more content and detailing as much possible
overview, objectives, outcomes and participants. We are meanwhile diving
into the content already available to try and find out a way to increase its
coherence so as to create the conditions for us to have a productive
meeting. We are also thinking about a new template - simpler to work with
and abler to capture the entire range of questions implicit in each WS. We
will inform you if we manage to build anything new and, for us, better than
the template currently in use. 

 

We have also been told that Jeff Williams will work on this issue and we
will be ready to seek convergence with his initiative as soon as his path
allows us to engage. While this is being done we will make sure that
requests to create or change the current WS are timely answered.

 

 

Thanks,

- Paulo

 

 

Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager

 

From: Kate Hartmann [mailto:kate.hartmann at owasp.org] 
Sent: quinta-feira, 20 de Janeiro de 2011 03:43
To: paulo.coimbra at owasp.org; Sandra Paiva; sarah cruz; Deb Brewer; Linda
Potjes; Sarah Baso
Cc: dinis.cruz at owasp.org
Subject: We need to begin to direct appropriately

 

All, following up on my email from yesterday, I have posted roles here:
http://www.owasp.org/index.php/Summit_2011_Committee#Summit_Logistical_Team_
.28Who_do_I_ask.3F.29 

 

Paulo and Sandra, when will you be arriving so we can include your
information.

 

I also need some contact information for Marta.

 

We have about 19 days left:  http://countdown.onlineclock.net/  I don't know
how to get this onto the wiki, but it would be cool.

 

Anyway, I highly recommend that we begin to really settle into our roles.
Paulo and Sandra, you will probably be more and more busy with the working
sessions as we get closer to February 8, 2011, so please let the group know
how we should help!  You two are the wiki masters!

 

I hope to fill out these roles in the upcoming days with more specific
tasks, but for now I'm fairly confident we all have plenty to keep us busy.


 

If you have any questions/concerns, please don't hesitate to raise your
voice.  

 

Thank you!

 

 

 

Kate Hartmann

Operations Director

301-275-9403

www.owasp.org <http://www.owasp.org/>  

Skype:  Kate.hartmann1

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 7569 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 9907 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 14174 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 8140 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 17633 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 13500 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 11462 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0006.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.jpg
Type: image/jpeg
Size: 10803 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0007.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image009.jpg
Type: image/jpeg
Size: 9010 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110123/5cbefc57/attachment-0008.jpg>


More information about the Owasp-board mailing list