[Owasp-board] Project Summit Appsec EU lessons learned and next summit?

psiinon psiinon at gmail.com
Fri May 29 13:17:29 UTC 2015


I absolutely agree with Timo's comments about the Summit and Johanna's
outstanding contributions.
Thanks Johanna!

I plan to do a write up of the ZAP Summit asap .. but dont hold your
collective breaths ;)

Cheers,

Simon

On Fri, May 29, 2015 at 2:12 PM, Timo Goosen <timo.goosen at owasp.org> wrote:

> Project Summit was great. Thanks for organising everything and making
> everything possible Johanna.
>
> I think what many people don't realise is that Johanna is OWASP volunteer
> and that she has a full time job too, but stil finds time to make things
> happen.
> Thanks Johanna.
>
> I think for future project summits we should consider reviewing all of the
> OWASP books that go out for print and updating them with the latest info.
> For example the OWASP Testing Guide is used quite extensively around the
> world. We could use the enthusiasm and wit of the ASVS team and all those
> who worked on the ASVS projects new document at the project summit for all
> future documentation efforts.
>
> Was nice to meet everyone in person.
>
> Regards.
> Timo
>
> On Fri, May 29, 2015 at 1:24 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Board members
>>
>> The past Appsec Summit in Amsterdam was a great event where more than 10
>> projects had the opportunity to share ideas and get some work done
>>
>> I want to thank Martin for the excellent support. Martin is was an
>> awesome conference :)
>>
>> We had groups teaming up to work on specific improvements:
>>
>>    - ASVS (Jim/Andrew) Made a complete review together with some
>>    external participants and other project leaders from companies such as SAP
>>    among others on a new ASVS version
>>    - OWTF worked on a new architecture with the help of Python Security
>>    project leader Enrico Branca
>>    - Enrico(Python Security Project) and Achim (EnDe project) discussed
>>    serious issues in SSL certificates. I'm also helping out with an algorithm
>>    to crunch data, awesome research.
>>    - Security Sheperd worked on major improvements in their wiki page
>>    after a quick project review.Check out their wiki.
>>    - ZAP Simon met for the first time with some major contributors and
>>    worked with external collaborators from Yahoo to plan upcoming improvements
>>    for ZaaS and ZAP desktop app
>>    - Colin Watson(Appsensor/Cournicopia/Snake & Ladders) did some
>>    serious work, attached in details:
>>       -
>>       https://docs.google.com/spreadsheets/d/1Ez7JBp7xEueFgMtOhEvAeVFcKR4jcgil-PxT6Rxieps/edit?usp=sharing
>>    - Project Review team worked with leaders to create videos and work
>>    on documentation for Cournicopia, OWTF also participated on this
>>    - Hackademics received a major review and tips on how to work on
>>    their project. Their leaders worked on a new plan for improvements
>>    - KBA project leaders also teamed up with ASVS to understand better
>>    the technical issues sorrowing Knowledge Based authentication
>>    - Code Review leader(Gary Robinson) also teamed up with ASVS to see
>>    how to make some major improvements for the final release. Also discussed
>>    with the Project review team issues surrounding the final release
>>    - Top Ten Privacy Risk leader Stephan was also there to share the
>>    latest updates
>>
>> In general was  great energy among leaders and I'm really satisfied what
>> we were able to achieve in these couple of days
>>
>> Some major lessons compared to other summits
>>
>>    - Leaders cannot expect many external contributors coming but mostly
>>    we need to target architects in companies doing the same and trying to
>>    solve the same issues like SAP and Yahoo
>>    - Team up experts based on their knowledge like OWTF and Python
>>    security projects because they are programming on the same language
>>    - Team up with leaders working on similar issues and get some
>>    collaboration and exchange sessions
>>    - Other leaders prefer to focus on their project, then is important
>>    to have enough and private space so they can work on it
>>
>> My question to the board is: Do we want to organise a similar summit in
>> APPSEC US? If you approve and I'll put this together again ;-)
>>
>> Regards
>>
>> Johanna
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150529/344e4328/attachment.html>


More information about the Owasp-board mailing list