[Owasp-board] We need to begin to direct appropriately

dinis cruz dinis.cruz at owasp.org
Thu Jan 20 23:56:30 UTC 2011


Ok Jeff, I just added a column for Deliverable(s) to the main Track's page,
so please add your ideas directly on the respective Working Session page
(there are 5 fields in the wiki template that you can use for these, which
will be automatically shown on the main Track's page,  as you can see here
:
http://www.owasp.org/index.php/Summit_2011_Working_Sessions#Category:_Summit_2011_OWASP_Governance_Track
 )

Dinis Cruz


On 20 January 2011 21:34, Jeff Williams <jeff.williams at owasp.org> wrote:

> Sure.  I apologize for sending this too early by accident.  I'll finish
> tonight and send the complete version
>
> --Jeff
>
> Jeff Williams
> Aspect Security
> work: 410-707-1487
> main: 301-604-4882
>
>
>
> On Jan 20, 2011, at 4:27 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>
> Should we add a deliverables column?
>
> Dinis Cruz
>
> On 20 Jan 2011, at 20:29, Jeff Williams < <jeff.williams at owasp.org>
> jeff.williams at owasp.org> wrote:
>
> All,
>
> Here is some input on each of the working group objectives.  Hopefully this
> is in a format you can use.  My comments are prefaced by the word
> “DELIVERABLE”
>
> I’ve tried hard to imagine a deliverable from each session that we can
> share with the world and build ecosystems around.   Hopefully this will help
> the working groups focus and really accomplish something great.
>
> P.S. Any working group that has the objective of “discuss something” or
> “work on something” needs to get focused right away.
>
>
>
> *<image002.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_Metrics_Track>
> *
> Category: Summit 2011 Metrics Track<http://www.owasp.org/index.php/Category:Summit_2011_Metrics_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session055&action=edit>
>
> *Risk Metrics<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055>
> *
>
> Chris Wysopal <cwysopal at Veracode.com>
> Chris Eng <ceng at Veracode.com>
>
> Colin Watson <colin.watson at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session056>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session056&action=edit>
>
> *Tools Interoperability (Data Instrumentation)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session056>
> *
>
> DELIVERABLE: A standard schema for describing application security risks of
> all types, with a place for all relevant information – whether derived
> statically, dynamically, manually, or architecturally.
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session057&action=edit>
>
> *Metrics and Labelling<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057>
> *
>
> DELIVERABLE: White paper sketching out a standard for a software security
> label and a plan to finalize the standard.
>
> Chris Wysopal <cwysopal at Veracode.com>
> Chris Eng <ceng at Veracode.com>
>
> Colin Watson <colin.watson at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session058&action=edit>
>
> *Counting and scoring application security defects<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058>
> *
>
> DELIVERABLE: White paper sketching out a standard for rating risks that
> accomodates individual minor defects all the way through architectural flaws
> (that may represent many individual defects)
>
> Chris Wysopal <cwysopal at Veracode.com>
> Chris Eng <ceng at Veracode.com>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session059&action=edit>
>
> *Measuring SDLC process performance<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059>
> *
>
> Chris Wysopal <cwysopal at Veracode.com>
> Chris Eng <ceng at Veracode.com>
>
> Justin Clarke <justin at gdssecurity.com>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Colin Watson
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session085>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session085&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session086&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session037>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037&action=edit>
>
>
>
> *<image004.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track>
> *
> Category: Summit 2011 Browser Security Track<http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session001&action=edit>
>
> *Browser Security Working Group<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001>
> *
>
>    1. Work on and discuss how to enhance enduser security in web
>    applications,
>    2. Work on and discuss browser-based countermeasures against XSS, CSRF,
>    man-in-the-middle, man-in-the-browser and full remote access exploits
>
> DELIVERABLE: White paper describing specific recommendations for browser
> vendors.
>
> John Wilander <john.wilander at owasp.org>
>
> Email John Wilander if you are unable to edit the Wiki and would like to
> sign up! <john.wilander at owasp.org>
>
> Michael Coates
>
> Colin Watson
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session002&action=edit>
>
> *Sandboxing<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session003&action=edit>
>
> *Securing Plugins<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session003>
> *
>
> DELIVERABLE: A whitepaper with concrete recommendations for:
>
> -         Developers to build secure plugins
>
> -         Users to select, install, and use plugins securely
>
> -         Browser makers to defend against malicious plugins
>
> -         Recommendations for shared security controls that plugins can
> share
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session004&action=edit>
>
> *Enduser Warnings<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004>
> *
>
> DELIVERABLE: Recommendations to browser makers about making effective
> warnings.
>
>
>
> DELIVERABLE: Awareness materials to help raise awareness about the meaning
> and consequences of the different enduser warnings
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session005&action=edit>
>
> *Blacklisting<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session006&action=edit>
>
> *OS Integration<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session007>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session007&action=edit>
>
> *JavaScript<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session007>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session008>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session008&action=edit>
>
> *New HTTP Headers<http://www.owasp.org/index.php/Working_Sessions_Browser_Working_Group_New_HTTP_Headers>
> *
>
> DELIVERABLE White paper describing (for each new header): what the problem
> is, why a new header will help, and recommendations for implementation of
> the new header on both browser and server-side.
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session046>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session046&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session087>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session087&action=edit>
>
>
>
> *<image006.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_XSS_Eradication_Track>
> *
> Category: Summit 2011 XSS Eradication Track<http://www.owasp.org/index.php/Category:Summit_2011_XSS_Eradication_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session009&action=edit>
>
> *XSS and the Frameworks<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009>
> *
>
>    1. Work on how OWASP can engage with the major web frameworks to move
>    towards a "secure by default" stance
>    2. Work on OWASP resources to provide patches/design approaches in
>    conjunction with the frameworks
>
> DELIVERABLE: White paper or standard for what we want the web frameworks to
> provide.
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session010>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session010&action=edit>
>
> *XSS - Awareness, Resources, and Partnerships<http://www.owasp.org/index.php/Working_Sessions_XSS_AwarnessResourcesPartnerships>
> *
>
>    1. Work on what partners we can reach, and what resources they can
>    provide us access to
>    2. Work on who we can work with to reach a maximum amount of developers
>    writing web applications
>    3. Plan engagement with identified organizations
>    4. Plan a call to action for OWASP chapters for identified XSS
>    resources
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session043>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session043&action=edit>
>
> *WAF Mitigations for XSS<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session043>
> *
>
>    1. Improve XSS Attack Payload Detection Techniques
>    2. Identifying Improper Output Handling Flaws in Web Apps
>    3. Feasibility of Profile Page Scripts/Iframes
>    4. Testing Injection of JS Sandbox Code in Responses
>
> Ryan Barnett <ryan.barnett at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session044>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session044&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session045>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session045&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session049>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session049&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session038>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session038&action=edit>
>
>
>
> *<image008.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_Mitigation_Track>
> *
> Category: Summit 2011 Mitigation Track<http://www.owasp.org/index.php/Category:Summit_2011_Mitigation_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session091>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session091&action=edit>
>
> *Virtual Patching Best Practices<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session091>
> *
>
>    1. Identify which attacks/vulnerabilities are best suited for virtual
>    patching
>    2. Identify which tools are best suited for virtual patching (appliance
>    vs. embedded, WAFs vs IPS, etc...)
>    3. Identify who should be responsible for virtual patching
>    4. How to develop/test virtual patches
>
> DELIVERABLE: White paper cataloguing
>
> Ryan Barnett <ryan.barnett at owasp.org>
>
> Colin Watson
>
> Achim Hoffmann <achim at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session092&action=edit>
>
> *Scaling Web Application Security Testing<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092>
> *
>
> Arian Evans
> Dinis Cruz
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Steven van der Baan <steven.van.der.baan at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session093&action=edit>
>
> *How to report known security vulnerabilities (for websites)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093>
> *
>
>    1. Discuss the OWASP strategy and policy on responsible disclosure of
>    known vulnerabilities in public web applications.
>    2. Should OWASP provide an OT10-Leaks platform in a country with legal
>    protection for anonymous sources?
>
> Dinis Cruz / Seba
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session094>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session094&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session095>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session095&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session096>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session096&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session097>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session097&action=edit>
>
>
>
> *<image010.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_University_Education_Training_Track>
> *
> Category: Summit 2011 University Education Training Track<http://www.owasp.org/index.php/Category:Summit_2011_University_Education_Training_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session012&action=edit>
>
> *University Outreach<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012>
> *
>
>    1. Estimation of Security prorams currently exist in university
>    settings around the world
>    2. How can OWASP participate and influence the curricula of these
>    educational programs?
>    3. How can we foster relationships between OWASP and universities?
>    4. How can the relationship between OWASP and universities be
>    standardized?
>    5. What can OWASP offer universities and what can they, in turn, expect
>    from each other?
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>
>
> Heiko Richler <heiko.richler at ohm-hochschule.de>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session024&action=edit>
>
> *Computer Crime Laws<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024>
> *
>
>    1. Understand the current laws/frameworks in place in relation to
>    computer crime and prevention
>    2. Discuss ways these laws are currently failing consumers in
>    protecting assets
>    3. Discuss possible amendments to the laws/frameworks to better protect
>    the public
>
> Daniel Cuthbert <Daniel.Cuthbert at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session040&action=edit>
>
> *OWASP Academies<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040>
> *
>
>    1. Identification of goals;
>    2. Definition of methodology;
>    3. Analysis of legal aspects and relationship with Universities, other
>    Academic institutions and Governmental initiatives;
>    4. Identification of Trainers and their involvement;
>    5. Certification of Contents and materials.
>
> Sandra Paiva <sandra.paiva at owasp.org>
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Paulo Coimbra <paulo.coimbra at owasp.org>
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Heiko Richler <heiko.richler at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session041&action=edit>
>
> *OWASP Training<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041>
> *
>
>    1. Consolidation of the OWASP Training Model (Paid and Non Paid):
>    2. Methodolgies;
>    3. Contents and materials;
>    4. Trainers Database;
>    5. Training Kit
>
> Sandra Paiva <sandra.paiva at owasp.org>
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Paulo Coimbra <paulo.coimbra at owasp.org>
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Heiko Richler <heiko.richler at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Colin Watson
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Achim Hoffmann <achim at owasp.org>
>
> Mark Bristow <mark.bristow at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session042&action=edit>
>
> *Developer's Security Training Package<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042>
> *
>
>    1. To create an organized package that can be used by companies for the
>    purposes of educating developers on securely coding web applications and web
>    services
>
> Brad Causey <bradcausey at owasp.org>
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session069&action=edit>
>
> *OWASP TOP 10 online training in Hacking-Lab<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069>
> *
>
>    1. To learn more about the OWASP TOP 10 cases in Hacking-Lab -
>    Vulnerable Apps in HL
>    2. Experience the users's view of a training - lab descriptions,
>    exercises, send-solution, ranking, global ranking, my profile
>    3. Experience the teacher's view of a training - solution movies,
>    accpet or reject solutions from users, solution movie
>    4. Experience the Hacking-Lab LiveCD (accessing the lab), teaming,
>    levels in HL, avatar, rankings
>    5. Talk about a potential collaboration between OWASP and Hacking-Lab
>    for the future. Free OWASP TOP 10 training.
>
> Ivan Buetler <ivan.buetler at csnc.ch>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Achim Hoffmann <achim at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session088&action=edit>
>
> *How to present worldwide David Rice's Pollution keynote<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088>
> *
>
> Dinis Cruz
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session089>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session089&action=edit>
>
> *OWASP Exams<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session089>
> *
>
>    1. Establish model for CC-licensed exams creation
>    2. Establish model for CC-licensed exams distribution and usage
>    3. Establish a first CC-licensed exam to test the concept (an alpha
>    will be brought to the working session)
>    4. Try OWASP training and exam end-to-end to experience and improve
>    training and exam usage scenarios
>
> Jason Taylor <jason.taylor at owasp.org>
>
> Dinis Cruz
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session039&action=edit>
>
> *OWASP Certification<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039>
> *
>
>    1. Determine whether certification would have value for OWASP's
>    Community
>    2. Determine a model by which certification based on OWASP materials
>    could succeed
>    3. Determine a model for creation and distribution of a CC-licensed
>    certification exam based on OWASP materials
>    4. (if agreed) Determine a model for supporting the administration of
>    certification based on OWASP Materials
>
> Dinis Cruz
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
>
>
> *<image012.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track>
> *
> Category: Summit 2011 OWASP Secure Coding Workshop Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session025&action=edit>
>
> *Applying ESAPI Input Validation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025>
> *
>
>    1. Serial Decomp: Decode, canonicalize, filter
>    2. Structured data (SSN, CC, etc.)
>    3. Unstructured data (comments, blogs, etc.)
>    4. Other input exaples (ws-, database, etc.)
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Colin Watson
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session026&action=edit>
>
> *Defining AppSensor Detection Points<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026>
> *
>
>    1. Understand AppSensor Fundamentals
>    2. Define AppSensor Detection Points applicable to most applications
>    3. Implement detection points into code
>
> Michael Coates <michael.coates at owasp.org>
>
> Ryan Barnett <Ryan.Barnett at owasp.org>
>
> Colin Watson
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session027&action=edit>
>
> *Contextual Output Encoding<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027>
> *
>
>    1. Provide real-world examples of the ESAPI encoder class stopping
>    injection attacks.
>
> Jim Manico <jim.manico at owasp.org>
>
> Colin Watson
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session028&action=edit>
>
> *Protecting Information Stored Client-Side<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028>
> *
>
> John Steven <John.Steven at owasp.org>
>
> Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>
>
> Colin Watson
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session029&action=edit>
>
> *Protecting Against CSRF<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029>
> *
>
> Eric Sheridan
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Ryan Barnett <Ryan.Barnett at owasp.org>
>
> Colin Watson
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session030&action=edit>
>
> *Providing Access to Persisted Data<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030>
> *
>
>    1. Create design and code examples for protecting access to database
>    tables by role
>    2. Create design and code examples for protecting access to data when
>    'auto-wiring' and marshalling
>    3. Create design and code examples for protecting sensitive data at
>    rest
>    4. Create design and code examples for providing SQL-like querying
>    capabilities in a safe manner
>
> Dan Cornell <dan at denimgroup.com>
>
> Colin Watson
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> Dan Cornell <dan at denimgroup.com>
>
> John Steven <john.steven at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session031&action=edit>
>
> *The Future of the OWASP Secure Coding Workshop<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031>
> *
>
>    1. Determine how to scale the idea
>    2. Determine how to get funding for it
>    3. Schedule at least two following OWASP Secure Coding Workshop days in
>    2011
>
> John Steven <john.steven at owasp.org>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Colin Watson
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session032>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session032&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session033>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session033&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session034>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session034&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session047>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session047&action=edit>
>
>
>
> *<image014.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_Individual_OWASP_Projects_Track>
> *
> Category: Summit 2011 Individual OWASP Projects Track<http://www.owasp.org/index.php/Category:Summit_2011_Individual_OWASP_Projects_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session062>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session062&action=edit>
>
> *ESAPI - Output Validation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session062>
> *
>
> Jeff Williams <jeff.williams at owasp.org>
> Chris Schmidt <chris.schmidt at owasp.org>
> Jim Manico <jim.manico at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session063&action=edit>
>
> *O2 Platform<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063>
> *
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> Steven van der Baan <steven.van.der.baan at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session065&action=edit>
>
> *Mobile Security<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065>
> *
>
>    1. *Primary: Create core knowledge base on project wiki site*
>    2. Recruit volunteers to contribute to project
>    3. Establish relationships with key players (i.e. Apple/Google/etc)
>
> Mike Zusman <mike.zusman at intrepidusgroup.com>
> David Campbell <dcampbell at owasp.org>
>
> Colin Watson
>
> Tom Neaves <tom.neaves at verizonbusiness.com>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session066&action=edit>
>
> *Development Guide<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066>
> *
>
>    1. Discussion of major enhancements to the next version of the
>    development guide.
>
> Vishal Garg <vishalgrg at gmail.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session067&action=edit>
>
> *ASVS Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067>
> *
>
> Matthias Rohr <mail at matthiasrohr.de>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Steven van der Baan <steven.van.der.baan at owasp.org>
>
> Wojciech Dworakowski <wojciech.dworakowski at securing.pl>
>
> Jim Manico <jim.manico at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session068&action=edit>
>
> *Enterprise Web Defense Roundtable<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068>
> *
>
>    1. What techniques are effective for scaling web security within a
>    large company?
>    2. Strategies for developer education that work?
>    3. Automated defenses - what techniques are currently in use?
>    4. Benefits/considerations for using security bounty programs and
>    public hacking initiatives.
>    5. What can OWASP build or develop to assist with enterprise wide
>    application security?
>
> Michael Coates <michael.coates at owasp.org>
> Chris Lyon <clyon at mozilla.com>
>
> Colin Watson
>
> Dinis Cruz
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session052&action=edit>
>
> *OWASP Testing Guide<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052>
> *
>
> Matteo Meucci <matteo.meucci at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Colin Watson
>
> Achim Hoffmann <achim at owasp.org>
>
> Tom Neaves <tom.neaves at verizonbusiness.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session053&action=edit>
>
> *OWASP Java Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053>
> *
>
>    1. Restart the Java project
>    2. Find new leadership
>    3. Recruit volunteers
>    4. Build a new Roadmap for the project
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session048>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session048&action=edit>
>
> *OWASP Portuguese Language Project<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session048>
> *
>
>    1. Kickstart the project
>    2. Define leadership and roles
>    3. Prioritize documents
>    4. List all Portuguese materials available
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session099&action=edit>
>
> *Threat Modeling<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099>
> *
>
>    1. Discuss on various components of threat modeling
>    2. Various threat modeling methodologies and their challenges
>    3. If you have an idea to discuss, please email Anurag Agarwal at
>    <anurag at myappsecurity.com> <anurag at myappsecurity.com>
>    anurag at myappsecurity.com
>
> Anurag Agarwal <anurag at myappsecurity.com>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Colin Watson <colin.watson at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Jim Manico <jim.manico at owasp.org>
>
> Neil Matatall <neil at owasp.org>
>
> Christian Martorella <laramies at gmail.com>
>
> Steven van der Baan <steven.van.der.Baan at owasp.org>
>
> Nishi Kumar <nishi787 at hotmail.com>
>
>
>
> *<image016.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Governance_Track>
> *
> Category: Summit 2011 OWASP Governance Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Governance_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session013>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session013&action=edit>
>
> *OWASP Board/Committee Governance<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session013>
> *
>
>    1. Universal Committee Governance Document/Policies
>    2. Review Board Governance and By-Laws (Including Board
>    composition/elections)
>    3. Committee alignment to OWASP Goals/Mission including Authorities,
>    Individual Missions and Areas of Responsibility (AoR).
>    4. Providing budgets to committees for direct oversight and spending in
>    their AoR
>    5. Additional transparency in OWASP accounting (Expenditures, Expense
>    Reports for Officers/Committee Members.....)
>
> Mark Bristow <mark.bristow at owasp.org>
> Jason Li <jason.li at owasp.org>
> Tom Brennan <tomb at owasp.org>
>
> Jim Manico <jim at manico.net>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Joe Bernik
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session014>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session014&action=edit>
>
> *Projects<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session014>
> *
>
>    1. Assessment Criteria & Orphaned Projects<http://www.owasp.org/index.php/Working_Sessions_Projects_Assessment_Criteria_and_Orphaned_Projects>
>    2. Funding, Marking & Commercial Services<http://www.owasp.org/index.php/Working_Sessions_Projects_Funding_Marketing_and_Commerical_Services>
>
> Brad Causey <bradcausey at owasp.org>
> Jason Li <jason.li at owasp.org>
>
> Seba <seba at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session015>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session015&action=edit>
>
> *Industry<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session015>
> *
>
> Yiannis Pavlosoglou <yiannis at owasp.org>
>
> Lorna Alamri <lorna.alamri at owasp.org>
>
> David Campbell
>
> Eoin Keary
>
> Matt Tesauro
>
> Joe Bernik
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Tobias Gondrom
>
> Vehbi Tasar
>
> Colin Watson
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session016&action=edit>
>
> *Membership<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016>
> *
>
>    1. Develop a plan for reaching out to other organizations in order to
>    expand OWASP's exposure to the larger security and developer communities.
>    2. Create a budget and funding plan for the Membership Committee
>    3. Be ready to conduct a survey of new and existing OWASP Members and
>    Supporters. Develop survey questions and specifics for the implementation.
>
> Dan Cornell <dan at denimgroup.com>
>
> Michael Coates <michael.coates at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> Dan Cornell <dan at denimgroup.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session017&action=edit>
>
> *Connections<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017>
> *
>
> Jim Manico <jim.manico at owasp.org>
> Justin Clarke <justin.clarke at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session018&action=edit>
>
> *Chapters<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018>
> *
>
>    1. Challenges and solutions to run a successful OWASP chapter
>
> Seba <seba at owasp.org>
>
> Mandeep Khera
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session019&action=edit>
>
> *Education<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019>
> *
>
>    1. Estimate how the past achievements do support the current
>    educational developments
>    2. Evaluate how we can get the projects involved in developing (or at
>    least reviewing) training material
>    3. Define new goals for the upcoming period
>    4. Define success factors for the upcoming period
>
> Martin Knobloch <martin.knobloch at owasp.org>
> Seba <seba at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Cecil Su <cecil.su at owasp.org>
>
> Jason Taylor <jtaylor at securityinnovation.com>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session020&action=edit>
>
> *Conferences - Improving Conference Planner Support<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020>
> *
>
>    1. Discuss the GCC's current 2011 Plan<http://www.owasp.org/index.php/Global_Conferences_Committee_2011_Plan>of action and new initiatives
>    2. Review comments provided in the Conference Planner Survey
>    3. Discuss mechanisms to improve Planner/Operational Support
>    4. Discuss mechanisms to improve event marketing/sponsorships
>    5. Discuss Global Conference Sponsorship Plan
>
> Mark Bristow <mark.bristow at owasp.org>
>
> Lorna Alamri <lorna.alamri at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Ralph Durkee <Ralph.Durkee at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session071>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session071&action=edit>
>
> *Tracking OWASP Participation<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session071>
> *
>
>    1. Identify the specific needs for a participation tracking system
>    2. Develop a working framework that provides an open, distributed and
>    accountable mechanism to track participation
>    3. Discuss initial "points system" detail and point values
>    4. Discuss normalization of system points
>
> Mark Bristow <mark.bristow at owasp.org>
>
> Jason Li <jason.li at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session076>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session076&action=edit>
>
> *Professionalize OWASP<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session076>
> *
>
>    1. Having annual OWASP Foundation Bord Member election? During annual
>    OWASP Summit's?
>    2. Professionalize OWASP PR, hiring more OWASP employees, at least one
>    for PR?
>    3. Hiring more OWASP professionals?
>    4. Paying for OWASP Board Members and OWASP Leaders?
>    5. Creating an European OWASP entity?
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Lorna Alamri <lorna.alamri at owasp.org>
>
> Colin Watson
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session035&action=edit>
>
> *Building the OWASP Brazilian Leaders Group<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035>
> *
>
>    1. Define the members of the group
>    2. Define the rules of engagement for the group
>    3. Discuss how to fund Brazilian chapters
>    4. Discuss the translation of OWASP materials to Portuguse
>    5. Define the rules for hosting AppSec Brazil
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session037>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session054>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session054&action=edit>
>
>
>
> *<image018.jpg>*<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Track>
> *
> Category: Summit 2011 OWASP Track<http://www.owasp.org/index.php/Category:Summit_2011_OWASP_Track>
> *
>
> *Name of Working Session*
>
> *Objective(s)*
>
> *Owner/Leader*
>
> *Members/Attendees*
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session021&action=edit>
>
> *OWASP Around the World<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021>
> *
>
>    1. Internationalization
>    2. Global Job Board
>    3. New OWASP chapters in parts of the world where we have not spread
>    much yet
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Mateo Martinez <mateo.martinez at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session022&action=edit>
>
> *What is an OWASP Leader?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session022>
> *
>
>    1. Define what it means to be an OWASP Leader
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Chris Schmidt <chris.schmidt at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session023>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session023&action=edit>
>
> *Overhauling the OWASP Website<http://www.owasp.org/index.php/Working_Sessions_OWASP_Website>
> *
>
>    1. Revisit goals from previous working session<http://www.owasp.org/index.php/OWASP_Working_Session_-_OWASP_Website>
>    2. Identify available Google Apps (e.g. Code Review, Moderator, Short
>    Links, Project Hosting, Groups, etc) that we can leverage to support OWASP
>    Website Infrastructure.
>    3. Review Website Overhaul Proposal<http://www.owasp.org/index.php?title=Website_Overhaul_Proposal&action=edit&redlink=1>for consideration
>    4. Decide what elements should be outsourced/contracted to expedite
>    implementation
>    5. Resolve on schedule for achieving goals
>
> Jason Li <jason.li at owasp.org>
>
> Larry Casey
>
> Achim Hoffmann <achim at owasp.org>
>
> Michael Coates
>
> Colin Watson
>
> Nishi Kumar <nishi.kumar at owasp.org>
>
> Dinis Cruz
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session070&action=edit>
>
> *Managing the OWASP Brand<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070>
> *
>
> Jason Li <jason.li at owasp.org>
>
> Lucas C. Ferreira <lucas.ferreira at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session072&action=edit>
>
> *Developer Outreach<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072>
> *
>
> Mark Bristow <mark.bristow at owasp.org>
> Jason Li <jason.li at owasp.org>
>
> Martin Knobloch <martin.knobloch at owasp.org>
>
> Steven van der Baan <steven.van.der.baan at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session073&action=edit>
>
> *Privacy - Personal Data/PII, Legislation and OWASP<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073>
> *
>
>    1. Discuss whether OWASP needs to be more proactive about privacy
>    2. Define how we build privacy matters into existing tools and
>    resources
>    3. Identify gaps
>
> Colin Watson <colin.watson(at)owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Lorna Alamri <lorna.alamri at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Elke Roth-Mandutz <elke.roth-mandutz at ohm-hochschule.de>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session074&action=edit>
>
> *Replicating Samy's EU Tour across OWASP<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074>
> *
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session075&action=edit>
>
> *S is for Safety (as well as Security)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075>
> *
>
>    1. Define how OWASP can take the lead in *application security for
>    safety*
>
> Colin Watson <colin.watson(at)owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session060&action=edit>
>
> *OWASP Quotes<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060>
> *
>
>    1. Open letter to governments
>    2. Open letter to insurance companies
>    3. Tools inoperability
>    4. Tools customization by security consultants
>    5. Wiki leaks & WebAppSec
>
> Dinis Cruz <dinis.cruz at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session061&action=edit>
>
> *Did OWASP Failed to achieve its full potential? (and lessons learned)<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061>
> *
>
> Dinis Cruz
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session077&action=edit>
>
> *Should OWASP hire a Chief Executive Officer (CEO)?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077>
> *
>
> TBD
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Dinis Cruz
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session078&action=edit>
>
> *Less preaching to the choir, engage more with the outsiders<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078>
> *
>
> TBD
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session079&action=edit>
>
> *Investment justification for Web Application Security<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079>
> *
>
> TBD
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session080&action=edit>
>
> *Should OWASP work directly with PCI-DSS?<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080>
> *
>
> TBD
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session081>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session081&action=edit>
>
> *How can OWASP reach/talk/engage with developers<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session081>
> *
>
> TBD
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session082&action=edit>
>
> *How can OWASP reach/talk/engage with auditors<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082>
> *
>
>    1. Educate security professionals and developers on, and dispel the
>    myths about, audit and control
>    2. Educate auditors on OWASP, software development and web &
>    application security
>    3. Discuss ways OWASP can help security pros, developers and auditors
>    work together for mutual benefit and world domination
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Matthew Chalmers <matthew.chalmers at owasp.org>
>
> Achim Hoffmann <achim at owasp.org>
>
> Justin Clarke <justin.clarke at owasp.org>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session083>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session083&action=edit>
>
> *OWASP and Facebook, Lessons Learned<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session083>
> *
>
> Jim Manico <jim at manico.net>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session084&action=edit>
>
> *Creating an Application Security Career - For the Average IT/Network
> Security Practitioner<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084>
> *
>
> TBD
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session090>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session090&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session098>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session098&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session100>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session100&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session101>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session101&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session102>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session102&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session103>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session103&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session104>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session104&action=edit>
>
> view<http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session105>
> edit<http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session105&action=edit>
>
> *Subcategories*
>
> This category has the following 10 subcategories, out of 10 total.
>
>
>
>
>
>
>
>
>
>
>
> --Jeff
>
>
>
>
>
> *From:* <owasp-board-bounces at lists.owasp.org>
> owasp-board-bounces at lists.owasp.org [mailto:<owasp-board-bounces at lists.owasp.org>
> owasp-board-bounces at lists.owasp.org] *On Behalf Of *Paulo Coimbra
> *Sent:* Thursday, January 20, 2011 10:39 AM
> *To:* 'Kate Hartmann'; 'Sandra Paiva'; 'sarah cruz'; 'Deb Brewer'; 'Linda
> Potjes'; 'Sarah Baso'
> *Cc:* 'OWASP Foundation Board List'; <owasp-summit-2011 at lists.owasp.org><owasp-summit-2011 at lists.owasp.org>
> owasp-summit-2011 at lists.owasp.org
> *Subject:* Re: [Owasp-board] We need to begin to direct appropriately
>
>
>
> All,
>
>
>
> As you know we had recently asked our community to work a bit more on the
> working sessions by adding more content and detailing as much possible
> overview, objectives, outcomes and participants. We are meanwhile diving
> into the content already available to try and find out a way to increase its
> coherence so as to create the conditions for us to have a productive
> meeting. We are also thinking about a new template - simpler to work with
> and abler to capture the entire range of questions implicit in each WS. We
> will inform you if we manage to build anything new and, for us, better than
> the template currently in use.
>
>
>
> We have also been told that Jeff Williams will work on this issue and we
> will be ready to seek convergence with his initiative as soon as his path
> allows us to engage. While this is being done we will make sure that
> requests to create or change the current WS are timely answered.
>
>
>
>
>
> Thanks,
>
> - Paulo
>
>
>
>
>
> Paulo Coimbra,
>
> OWASP Project Manager <http://www.owasp.org/index.php/User:Paulo_Coimbra>
>
>
>
> *From:* Kate Hartmann [mailto: <kate.hartmann at owasp.org>
> kate.hartmann at owasp.org]
> *Sent:* quinta-feira, 20 de Janeiro de 2011 03:43
> *To:* <paulo.coimbra at owasp.org>paulo.coimbra at owasp.org; Sandra Paiva;
> sarah cruz; Deb Brewer; Linda Potjes; Sarah Baso
> *Cc:* <dinis.cruz at owasp.org> <dinis.cruz at owasp.org>dinis.cruz at owasp.org
> *Subject:* We need to begin to direct appropriately
>
>
>
> All, following up on my email from yesterday, I have posted roles here:
> <http://www.owasp.org/index.php/Summit_2011_Committee#Summit_Logistical_Team_.28Who_do_I_ask.3F.29><http://www.owasp.org/index.php/Summit_2011_Committee#Summit_Logistical_Team_.28Who_do_I_ask.3F.29>
> http://www.owasp.org/index.php/Summit_2011_Committee#Summit_Logistical_Team_.28Who_do_I_ask.3F.29
>
>
>
> Paulo and Sandra, when will you be arriving so we can include your
> information.
>
>
>
> I also need some contact information for Marta.
>
>
>
> We have about 19 days left:  <http://countdown.onlineclock.net/><http://countdown.onlineclock.net/>
> http://countdown.onlineclock.net/  I don’t know how to get this onto the
> wiki, but it would be cool.
>
>
>
> Anyway, I highly recommend that we begin to really settle into our roles.
> Paulo and Sandra, you will probably be more and more busy with the working
> sessions as we get closer to February 8, 2011, so please let the group know
> how we should help!  You two are the wiki masters!
>
>
>
> I hope to fill out these roles in the upcoming days with more specific
> tasks, but for now I’m fairly confident we all have plenty to keep us busy.
>
>
>
>
> If you have any questions/concerns, please don’t hesitate to raise your
> voice.
>
>
>
> Thank you!
>
>
>
>
>
>
>
> Kate Hartmann
>
> Operations Director
>
> 301-275-9403
>
> <http://www.owasp.org/> <http://www.owasp.org>www.owasp.org
>
> Skype:  Kate.hartmann1
>
>
>
> _______________________________________________
> Owasp-board mailing list
> <Owasp-board at lists.owasp.org>Owasp-board at lists.owasp.org
> <https://lists.owasp.org/mailman/listinfo/owasp-board>
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110120/72b7548c/attachment-0002.html>


More information about the Owasp-board mailing list