[Owasp-leaders] Summit 2011/OWASP Secure Coding Workshop

dinis cruz dinis.cruz at owasp.org
Tue Dec 14 05:54:45 EST 2010


Just renamed the thread so we can continue here

The first pass at this Working Session Summit page is here :
http://www.owasp.org/index.php/Summit_2011/OWASP_Secure_Coding_Workshop (still
lots to do, but it is a good start)

There are also individual WIKI pages for each session which you will need to
update with the session's: Name, Objectives, Deliverables, Owner(s) and
Members/Attendees

   - Applying ESAPI Input Validation
   http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025
   - Defining AppSensor Sensors :
   http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026
   - Managing Sessions:
   http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027
   - Protecting Information Stored Client-Side
   http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028
   - Protecting Against CSRF
   http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029
   - Providing Access to Persisted Data
   http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030
   - The Future of "No Fluff" Secure Coding Workshop
   http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031

All pages above are created using MediaWiki templates (just follow the
instructions on the edit page) and its contents is also used to populate
this page http://www.owasp.org/index.php/Summit_2011#tab=Working_Sessions

<http://www.owasp.org/index.php/Summit_2011/OWASP_Secure_Coding_Workshop>Sarah
Baso is your main point of contract for any issues or requests with this
page (she is a MediaWiki Wizard and is using O2 to edit it :)  )

Please get these mappings done as soon as possible so that we can announce
this track to our community (this is a track that has a lot of potential to
bring developers to the Summit)

Dan, part of the reason why we will only do the final schedule at a later
date, is to be able to accommodate (as much as possible) the participants
need/desire to attend multiple tracks (we will do our best :)  )

Dinis Cruz


On 14 December 2010 04:54, Dan Cornell <dan at denimgroup.com> wrote:

> (added a couple of individuals to this list to hopefully make sure everyone
> from both this email and the similar thread on "Creating OWASP 4.0" gets the
> email)
>
>
> > 5 Protecting against CSRF                 ????????
> >     * Hygiene
> >        * Discuss/show Frames-busting, cross-domain policy,
> >        * Discuss referrer and other red herrings
> >     * Tokens (crafting, scoping, and checking)
> >     * Discussions, techniques on scale
> >     * Discussions, techniques on CAPTCHA, re-auth, etc.
> >
>
>
> I'd be happy to take this one on.  I'll need to make sure my facilitator
> duties would be compatible with other commitments during the Summit, but
> assuming that is the case I'd be happy to referee the discussion and help
> bang out some code.
>
> Thanks,
>
> Dan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101214/afed7cde/attachment.html 


More information about the OWASP-Leaders mailing list