[Owasp-board] Project Summit Appsec EU lessons learned and next summit?

Tobias tobias.gondrom at owasp.org
Sun May 31 18:26:18 UTC 2015


Hi Johanna and the whole team,

yes! I heard a lot of great feedback!
This was a great success for our projects attending and I heard from 
several projects that we made great progress. So in my view money well 
spend and I would definitely support to do it again for AppSecUS.

And let me say a big THANK YOU to you and the whole team for organising!

Thanks a lot!

All the best, Tobias


Tobias Gondrom
Chairman OWASP Global Board
email: tobias.gondrom at owasp.org <mailto:tobias.gondrom at owasp.org>
skype: tgondrom
twitter: @tgondrom



On 29/05/15 15:48, Fabio Cerullo wrote:
> Based on the feedback and interactions generated I would certainly 
> support another Summit in USA.
>
> Thanks Johanna and all other project leaders who have organised this 
> activity.
>
> Regards,
>
> Fabio Cerullo
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
>
>> On 29 May 2015, at 14:17, psiinon <psiinon at gmail.com 
>> <mailto:psiinon at gmail.com>> wrote:
>>
>> I absolutely agree with Timo's comments about the Summit and 
>> Johanna's outstanding contributions.
>> Thanks Johanna!
>>
>> I plan to do a write up of the ZAP Summit asap .. but dont hold your 
>> collective breaths ;)
>>
>> Cheers,
>>
>> Simon
>>
>> On Fri, May 29, 2015 at 2:12 PM, Timo Goosen <timo.goosen at owasp.org 
>> <mailto:timo.goosen at owasp.org>> wrote:
>>
>>     Project Summit was great. Thanks for organising everything and
>>     making everything possible Johanna.
>>
>>     I think what many people don't realise is that Johanna is OWASP
>>     volunteer and that she has a full time job too, but stil finds
>>     time to make things happen.
>>     Thanks Johanna.
>>
>>     I think for future project summits we should consider reviewing
>>     all of the OWASP books that go out for print and updating them
>>     with the latest info. For example the OWASP Testing Guide is used
>>     quite extensively around the world. We could use the enthusiasm
>>     and wit of the ASVS team and all those who worked on the ASVS
>>     projects new document at the project summit for all future
>>     documentation efforts.
>>
>>     Was nice to meet everyone in person.
>>
>>     Regards.
>>     Timo
>>
>>     On Fri, May 29, 2015 at 1:24 PM, johanna curiel curiel
>>     <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>>
>>         Board members
>>
>>         The past Appsec Summit in Amsterdam was a great event where
>>         more than 10 projects had the opportunity to share ideas and
>>         get some work done
>>
>>         I want to thank Martin for the excellent support. Martin is
>>         was an awesome conference :)
>>
>>         We had groups teaming up to work on specific improvements:
>>
>>           * ASVS (Jim/Andrew) Made a complete review together with
>>             some external participants and other project leaders from
>>             companies such as SAP among others on a new ASVS version
>>           * OWTF worked on a new architecture with the help of Python
>>             Security project leader Enrico Branca
>>           * Enrico(Python Security Project) and Achim (EnDe project)
>>             discussed serious issues in SSL certificates. I'm also
>>             helping out with an algorithm to crunch data, awesome
>>             research.
>>           * Security Sheperd worked on major improvements in their
>>             wiki page after a quick project review.Check out their wiki.
>>           * ZAP Simon met for the first time with some major
>>             contributors and worked with external collaborators from
>>             Yahoo to plan upcoming improvements for ZaaS and ZAP
>>             desktop app
>>           * Colin Watson(Appsensor/Cournicopia/Snake & Ladders) did
>>             some serious work, attached in details:
>>               o https://docs.google.com/spreadsheets/d/1Ez7JBp7xEueFgMtOhEvAeVFcKR4jcgil-PxT6Rxieps/edit?usp=sharing
>>           * Project Review team worked with leaders to create videos
>>             and work on documentation for Cournicopia, OWTF also
>>             participated on this
>>           * Hackademics received a major review and tips on how to
>>             work on their project. Their leaders worked on a new plan
>>             for improvements
>>           * KBA project leaders also teamed up with ASVS to
>>             understand better the technical issues sorrowing
>>             Knowledge Based authentication
>>           * Code Review leader(Gary Robinson) also teamed up with
>>             ASVS to see how to make some major improvements for the
>>             final release. Also discussed with the Project review
>>             team issues surrounding the final release
>>           * Top Ten Privacy Risk leader Stephan was also there to
>>             share the latest updates
>>
>>         In general was  great energy among leaders and I'm really
>>         satisfied what we were able to achieve in these couple of days
>>
>>         Some major lessons compared to other summits
>>
>>           * Leaders cannot expect many external contributors coming
>>             but mostly we need to target architects in companies
>>             doing the same and trying to solve the same issues like
>>             SAP and Yahoo
>>           * Team up experts based on their knowledge like OWTF and
>>             Python security projects because they are programming on
>>             the same language
>>           * Team up with leaders working on similar issues and get
>>             some collaboration and exchange sessions
>>           * Other leaders prefer to focus on their project, then is
>>             important to have enough and private space so they can
>>             work on it
>>
>>         My question to the board is: Do we want to organise a similar
>>         summit in APPSEC US? If you approve and I'll put this
>>         together again ;-)
>>
>>         Regards
>>
>>         Johanna
>>
>>
>>
>>
>>         _______________________________________________
>>         Owasp-board mailing list
>>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>> -- 
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150531/35d1500a/attachment.html>


More information about the Owasp-board mailing list