[Owasp-leaders] Other Ideas for Projects

Joshua Perrymon josh at packetfocus.com
Wed Sep 23 11:24:40 EDT 2009

What about detailed "phishing" end user training?  


I'd be glad to put something like this together if it's not already




From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Martin Knobloch
Sent: Wednesday, September 23, 2009 8:52 AM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Other Ideas for Projects




The OWASP End User Education Project should be covered by the OWASP
Education Project. Definitely the End User is a group to focus on! Good one
to put a 'End User Track' in next to the current track's: "

*	OWASP Top Ten
*	OWASP Tooling
*	OWASP Documentation
*	Profession / Interest
*	CLASP roles



This is an ongoing project, delayed to personal problems I went through the
last couple of month.

See the temp wiki which will be replace the current Education Project page: 




I will bring this in at the OWASP Global Education Committee meeting
tomorrow night!





On Wed, Sep 23, 2009 at 3:38 PM, McGovern, James F (HTSC, IT)
<James.McGovern at thehartford.com> wrote:

Hopefully one can propose an idea without having to necessarily lead it :-) 

*	OWASP End User Education Project: I was hanging out with our lawyers
last week (before watching the wonderful membership video) and we got into a
fascinating conversation regarding professional education. Independent
insurance agents, accountants, lawyers, etc are all required to take
continuing education credits whereby they are encouraged to watch videos,
attend seminars, etc. So, with this thought in mind, why can;'t all of us
chapter leaders agree to one fixed day next year where we all present on web
application security from the perspective of an end-user? Likewise, could a
few of us sketch out a skit that we could do for non-security types to watch
and videotape while in DC to load up on YouTube.
*	OWASP Vulnerability Disclosure Project: We know that websites have
privacy policies, but what about vulnerability disclosure policies? Lets say
that I am CISO for a major bank and an OWASP member happens to notice that
the site is subject to cross-site. Should they tell me? How should I react?
How do you think most CISOs would react? The problem is that vulnerability
right now is only thought of in terms of software vendors (think Microsoft,
Oracle, CA, etc) and consumerish websites (think MySpace, Facebook, etc), we
need to figure out some simple text that folks could incorporate into their
*	OWASP Branding Project: I mentioned that I am working with a local
soda company to create a flavor of soda unique to our chapter (Avery's Soda)
and wondered whether this type of branding and logo usage could serve OWASP
in other ways. Yes, we could panic and start worrying about food poisoning
but I think our endorsement avoidance is around tech companies and not other
domains. For example, wouldn't it be cool if we could have our own brand of
cereal (I got some pings out)


This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090923/e12eb140/attachment.html 

More information about the OWASP-Leaders mailing list