[Owasp-board] Project Summit Appsec EU lessons learned and next summit?

Timo Goosen timo.goosen at owasp.org
Fri May 29 13:12:11 UTC 2015


Project Summit was great. Thanks for organising everything and making
everything possible Johanna.

I think what many people don't realise is that Johanna is OWASP volunteer
and that she has a full time job too, but stil finds time to make things
happen.
Thanks Johanna.

I think for future project summits we should consider reviewing all of the
OWASP books that go out for print and updating them with the latest info.
For example the OWASP Testing Guide is used quite extensively around the
world. We could use the enthusiasm and wit of the ASVS team and all those
who worked on the ASVS projects new document at the project summit for all
future documentation efforts.

Was nice to meet everyone in person.

Regards.
Timo

On Fri, May 29, 2015 at 1:24 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Board members
>
> The past Appsec Summit in Amsterdam was a great event where more than 10
> projects had the opportunity to share ideas and get some work done
>
> I want to thank Martin for the excellent support. Martin is was an awesome
> conference :)
>
> We had groups teaming up to work on specific improvements:
>
>    - ASVS (Jim/Andrew) Made a complete review together with some external
>    participants and other project leaders from companies such as SAP among
>    others on a new ASVS version
>    - OWTF worked on a new architecture with the help of Python Security
>    project leader Enrico Branca
>    - Enrico(Python Security Project) and Achim (EnDe project) discussed
>    serious issues in SSL certificates. I'm also helping out with an algorithm
>    to crunch data, awesome research.
>    - Security Sheperd worked on major improvements in their wiki page
>    after a quick project review.Check out their wiki.
>    - ZAP Simon met for the first time with some major contributors and
>    worked with external collaborators from Yahoo to plan upcoming improvements
>    for ZaaS and ZAP desktop app
>    - Colin Watson(Appsensor/Cournicopia/Snake & Ladders) did some serious
>    work, attached in details:
>       -
>       https://docs.google.com/spreadsheets/d/1Ez7JBp7xEueFgMtOhEvAeVFcKR4jcgil-PxT6Rxieps/edit?usp=sharing
>    - Project Review team worked with leaders to create videos and work on
>    documentation for Cournicopia, OWTF also participated on this
>    - Hackademics received a major review and tips on how to work on their
>    project. Their leaders worked on a new plan for improvements
>    - KBA project leaders also teamed up with ASVS to understand better
>    the technical issues sorrowing Knowledge Based authentication
>    - Code Review leader(Gary Robinson) also teamed up with ASVS to see
>    how to make some major improvements for the final release. Also discussed
>    with the Project review team issues surrounding the final release
>    - Top Ten Privacy Risk leader Stephan was also there to share the
>    latest updates
>
> In general was  great energy among leaders and I'm really satisfied what
> we were able to achieve in these couple of days
>
> Some major lessons compared to other summits
>
>    - Leaders cannot expect many external contributors coming but mostly
>    we need to target architects in companies doing the same and trying to
>    solve the same issues like SAP and Yahoo
>    - Team up experts based on their knowledge like OWTF and Python
>    security projects because they are programming on the same language
>    - Team up with leaders working on similar issues and get some
>    collaboration and exchange sessions
>    - Other leaders prefer to focus on their project, then is important to
>    have enough and private space so they can work on it
>
> My question to the board is: Do we want to organise a similar summit in
> APPSEC US? If you approve and I'll put this together again ;-)
>
> Regards
>
> Johanna
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150529/d906ea09/attachment.html>


More information about the Owasp-board mailing list