[Owasp-board] Project Summit Appsec EU lessons learned and next summit?

johanna curiel curiel johanna.curiel at owasp.org
Fri May 29 11:24:21 UTC 2015


Board members

The past Appsec Summit in Amsterdam was a great event where more than 10
projects had the opportunity to share ideas and get some work done

I want to thank Martin for the excellent support. Martin is was an awesome
conference :)

We had groups teaming up to work on specific improvements:

   - ASVS (Jim/Andrew) Made a complete review together with some external
   participants and other project leaders from companies such as SAP among
   others on a new ASVS version
   - OWTF worked on a new architecture with the help of Python Security
   project leader Enrico Branca
   - Enrico(Python Security Project) and Achim (EnDe project) discussed
   serious issues in SSL certificates. I'm also helping out with an algorithm
   to crunch data, awesome research.
   - Security Sheperd worked on major improvements in their wiki page after
   a quick project review.Check out their wiki.
   - ZAP Simon met for the first time with some major contributors and
   worked with external collaborators from Yahoo to plan upcoming improvements
   for ZaaS and ZAP desktop app
   - Colin Watson(Appsensor/Cournicopia/Snake & Ladders) did some serious
   work, attached in details:
      -
      https://docs.google.com/spreadsheets/d/1Ez7JBp7xEueFgMtOhEvAeVFcKR4jcgil-PxT6Rxieps/edit?usp=sharing
   - Project Review team worked with leaders to create videos and work on
   documentation for Cournicopia, OWTF also participated on this
   - Hackademics received a major review and tips on how to work on their
   project. Their leaders worked on a new plan for improvements
   - KBA project leaders also teamed up with ASVS to understand better the
   technical issues sorrowing Knowledge Based authentication
   - Code Review leader(Gary Robinson) also teamed up with ASVS to see how
   to make some major improvements for the final release. Also discussed with
   the Project review team issues surrounding the final release
   - Top Ten Privacy Risk leader Stephan was also there to share the latest
   updates

In general was  great energy among leaders and I'm really satisfied what we
were able to achieve in these couple of days

Some major lessons compared to other summits

   - Leaders cannot expect many external contributors coming but mostly we
   need to target architects in companies doing the same and trying to solve
   the same issues like SAP and Yahoo
   - Team up experts based on their knowledge like OWTF and Python security
   projects because they are programming on the same language
   - Team up with leaders working on similar issues and get some
   collaboration and exchange sessions
   - Other leaders prefer to focus on their project, then is important to
   have enough and private space so they can work on it

My question to the board is: Do we want to organise a similar summit in
APPSEC US? If you approve and I'll put this together again ;-)

Regards

Johanna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150529/53d40e9f/attachment-0001.html>


More information about the Owasp-board mailing list