[Owasp-leaders] Summit 2011/OWASP Secure Coding Workshop

Sarah Baso sarah.baso at owasp.org
Tue Dec 14 10:24:57 EST 2010


Anthony,
If you can make it to the Summit, please add your name to
http://www.owasp.org/index.php/Summit_2011_Attendee. If you will need help
with funding, also let me know ASAP and I will let you know if there is any
further information we need from you.  To apply for OWASP funds, look at the
process we have set up on our wiki page
http://www.owasp.org/index.php/Summit_2011 under the tab "Applying for
Chapter or Project Sponsorship".  If neither of these avenues will be able
to support you, then we can look into funding you from the general summit
"pot".  Right now, we have very limited funding available, but we are
looking for additional funds and the sooner we know who needs the funds, the
more likely that we will be able to make it work!

In terms of planning the secure coding working session  - is there one on
the list that you would like to do, or did you have something else in mind?
http://www.owasp.org/index.php/Summit_2011_Working_Sessions
http://www.owasp.org/index.php/Summit_2011/OWASP_Secure_Coding_Workshop

Just speak up about what you would like to do --- if it is on the list, I
will add your name to it (or feel free to edit yourself), otherwise, I can
create something for you.

Let me know if you have any questions.

Regards,
Sarah Baso


On Tue, Dec 14, 2010 at 9:19 AM, Anthony Cheuk Tung, LAI, CSSLP, CISSP <
anthonylai at owasp.org> wrote:

> Hi all,
>
> If I would like to plan and attend to secure coding working session, what
> could I need to do?
>
> Regards,
> Anthony Lai
> Hong Kong Chapter
>
> On Tue, Dec 14, 2010 at 6:54 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>
>> Just renamed the thread so we can continue here
>>
>> The first pass at this Working Session Summit page is here :
>> http://www.owasp.org/index.php/Summit_2011/OWASP_Secure_Coding_Workshop (still
>> lots to do, but it is a good start)
>>
>> There are also individual WIKI pages for each session which you will need
>> to update with the session's: Name, Objectives, Deliverables, Owner(s) and
>> Members/Attendees
>>
>>    - Applying ESAPI Input Validation
>>    http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session025
>>    - Defining AppSensor Sensors :
>>    http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026
>>    - Managing Sessions:
>>    http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session027
>>    - Protecting Information Stored Client-Side
>>    http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028
>>    - Protecting Against CSRF
>>    http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029
>>    - Providing Access to Persisted Data
>>    http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030
>>    - The Future of "No Fluff" Secure Coding Workshop
>>    http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031
>>
>> All pages above are created using MediaWiki templates (just follow the
>> instructions on the edit page) and its contents is also used to populate
>> this page http://www.owasp.org/index.php/Summit_2011#tab=Working_Sessions
>>
>> <http://www.owasp.org/index.php/Summit_2011/OWASP_Secure_Coding_Workshop>Sarah
>> Baso is your main point of contract for any issues or requests with this
>> page (she is a MediaWiki Wizard and is using O2 to edit it :)  )
>>
>> Please get these mappings done as soon as possible so that we can announce
>> this track to our community (this is a track that has a lot of potential to
>> bring developers to the Summit)
>>
>> Dan, part of the reason why we will only do the final schedule at a later
>> date, is to be able to accommodate (as much as possible) the participants
>> need/desire to attend multiple tracks (we will do our best :)  )
>>
>> Dinis Cruz
>>
>>
>> On 14 December 2010 04:54, Dan Cornell <dan at denimgroup.com> wrote:
>>
>>> (added a couple of individuals to this list to hopefully make sure
>>> everyone from both this email and the similar thread on "Creating OWASP 4.0"
>>> gets the email)
>>>
>>>
>>> > 5 Protecting against CSRF                 ????????
>>> >     * Hygiene
>>> >        * Discuss/show Frames-busting, cross-domain policy,
>>> >        * Discuss referrer and other red herrings
>>> >     * Tokens (crafting, scoping, and checking)
>>> >     * Discussions, techniques on scale
>>> >     * Discussions, techniques on CAPTCHA, re-auth, etc.
>>> >
>>>
>>>
>>> I'd be happy to take this one on.  I'll need to make sure my facilitator
>>> duties would be compatible with other commitments during the Summit, but
>>> assuming that is the case I'd be happy to referee the discussion and help
>>> bang out some code.
>>>
>>> Thanks,
>>>
>>> Dan
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Regards,
> Anthony LAI
> Founder & Security Researcher
> Valkyrie-X Security Research Group
> "Offensive . Creative . Fun"
>
>      __  _
>       .-.'  `; `-._  __  _
>      (_,         .-:'  `; `-._
>    ,'o"(        (_,           )
>   (__,-'      ,'o"(            )>
>      (       (__,-'            )
>       `-'._.--._(             )
>          |||  |||`-'._.--._.-'
>                     |||  |||
>



-- 
OWASP Global Summit Organizing Committee

Dir: 651-233-6334
skype: sarah.baso
sarah.baso at owasp.org <lorna.alamri at owasp.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101214/b4ced983/attachment.html 


More information about the OWASP-Leaders mailing list