[Owasp-board] Project Summit Appsec EU lessons learned and next summit?

Fabio Cerullo fcerullo at owasp.org
Fri May 29 13:48:44 UTC 2015


Based on the feedback and interactions generated I would certainly support another Summit in USA.

Thanks Johanna and all other project leaders who have organised this activity.

Regards,

Fabio Cerullo
Global Board Member
OWASP Foundation
https://www.owasp.org

> On 29 May 2015, at 14:17, psiinon <psiinon at gmail.com> wrote:
> 
> I absolutely agree with Timo's comments about the Summit and Johanna's outstanding contributions. 
> Thanks Johanna!
> 
> I plan to do a write up of the ZAP Summit asap .. but dont hold your collective breaths ;)
> 
> Cheers,
> 
> Simon
> 
> On Fri, May 29, 2015 at 2:12 PM, Timo Goosen <timo.goosen at owasp.org <mailto:timo.goosen at owasp.org>> wrote:
> Project Summit was great. Thanks for organising everything and making everything possible Johanna. 
> 
> I think what many people don't realise is that Johanna is OWASP volunteer and that she has a full time job too, but stil finds time to make things happen.
> Thanks Johanna.
> 
> I think for future project summits we should consider reviewing all of the OWASP books that go out for print and updating them with the latest info. For example the OWASP Testing Guide is used quite extensively around the world. We could use the enthusiasm and wit of the ASVS team and all those who worked on the ASVS projects new document at the project summit for all future documentation efforts.
> 
> Was nice to meet everyone in person.
> 
> Regards.
> Timo
> 
> On Fri, May 29, 2015 at 1:24 PM, johanna curiel curiel <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
> Board members
> 
> The past Appsec Summit in Amsterdam was a great event where more than 10 projects had the opportunity to share ideas and get some work done
> 
> I want to thank Martin for the excellent support. Martin is was an awesome conference :)
> 
> We had groups teaming up to work on specific improvements:
> ASVS (Jim/Andrew) Made a complete review together with some external participants and other project leaders from companies such as SAP among others on a new ASVS version
> OWTF worked on a new architecture with the help of Python Security project leader Enrico Branca
> Enrico(Python Security Project) and Achim (EnDe project) discussed serious issues in SSL certificates. I'm also helping out with an algorithm to crunch data, awesome research.
> Security Sheperd worked on major improvements in their wiki page after a quick project review.Check out their wiki.
> ZAP Simon met for the first time with some major contributors and worked with external collaborators from Yahoo to plan upcoming improvements for ZaaS and ZAP desktop app
> Colin Watson(Appsensor/Cournicopia/Snake & Ladders) did some serious work, attached in details:
> https://docs.google.com/spreadsheets/d/1Ez7JBp7xEueFgMtOhEvAeVFcKR4jcgil-PxT6Rxieps/edit?usp=sharing <https://docs.google.com/spreadsheets/d/1Ez7JBp7xEueFgMtOhEvAeVFcKR4jcgil-PxT6Rxieps/edit?usp=sharing>
> Project Review team worked with leaders to create videos and work on documentation for Cournicopia, OWTF also participated on this
> Hackademics received a major review and tips on how to work on their project. Their leaders worked on a new plan for improvements
> KBA project leaders also teamed up with ASVS to understand better the technical issues sorrowing Knowledge Based authentication
> Code Review leader(Gary Robinson) also teamed up with ASVS to see how to make some major improvements for the final release. Also discussed with the Project review team issues surrounding the final release
> Top Ten Privacy Risk leader Stephan was also there to share the latest updates
> In general was  great energy among leaders and I'm really satisfied what we were able to achieve in these couple of days
> 
> Some major lessons compared to other summits
> Leaders cannot expect many external contributors coming but mostly we need to target architects in companies doing the same and trying to solve the same issues like SAP and Yahoo
> Team up experts based on their knowledge like OWTF and Python security projects because they are programming on the same language
> Team up with leaders working on similar issues and get some collaboration and exchange sessions
> Other leaders prefer to focus on their project, then is important to have enough and private space so they can work on it
> My question to the board is: Do we want to organise a similar summit in APPSEC US? If you approve and I'll put this together again ;-)
> 
> Regards
> 
> Johanna
> 
> 
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
> 
> 
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-board <https://lists.owasp.org/mailman/listinfo/owasp-board>
> 
> 
> 
> 
> -- 
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150529/a8f25027/attachment-0001.html>


More information about the Owasp-board mailing list