[Owasp-leaders] Summit 2011/OWASP Secure Coding Workshop

dinis cruz dinis.cruz at owasp.org
Tue Dec 14 05:54:45 EST 2010

Just renamed the thread so we can continue here

The first pass at this Working Session Summit page is here :
http://www.owasp.org/index.php/Summit_2011/OWASP_Secure_Coding_Workshop (still
lots to do, but it is a good start)

There are also individual WIKI pages for each session which you will need to
update with the session's: Name, Objectives, Deliverables, Owner(s) and

   - Applying ESAPI Input Validation
   - Defining AppSensor Sensors :
   - Managing Sessions:
   - Protecting Information Stored Client-Side
   - Protecting Against CSRF
   - Providing Access to Persisted Data
   - The Future of "No Fluff" Secure Coding Workshop

All pages above are created using MediaWiki templates (just follow the
instructions on the edit page) and its contents is also used to populate
this page http://www.owasp.org/index.php/Summit_2011#tab=Working_Sessions

Baso is your main point of contract for any issues or requests with this
page (she is a MediaWiki Wizard and is using O2 to edit it :)  )

Please get these mappings done as soon as possible so that we can announce
this track to our community (this is a track that has a lot of potential to
bring developers to the Summit)

Dan, part of the reason why we will only do the final schedule at a later
date, is to be able to accommodate (as much as possible) the participants
need/desire to attend multiple tracks (we will do our best :)  )

Dinis Cruz

On 14 December 2010 04:54, Dan Cornell <dan at denimgroup.com> wrote:

> (added a couple of individuals to this list to hopefully make sure everyone
> from both this email and the similar thread on "Creating OWASP 4.0" gets the
> email)
> > 5 Protecting against CSRF                 ????????
> >     * Hygiene
> >        * Discuss/show Frames-busting, cross-domain policy,
> >        * Discuss referrer and other red herrings
> >     * Tokens (crafting, scoping, and checking)
> >     * Discussions, techniques on scale
> >     * Discussions, techniques on CAPTCHA, re-auth, etc.
> >
> I'd be happy to take this one on.  I'll need to make sure my facilitator
> duties would be compatible with other commitments during the Summit, but
> assuming that is the case I'd be happy to referee the discussion and help
> bang out some code.
> Thanks,
> Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101214/afed7cde/attachment.html 

More information about the OWASP-Leaders mailing list