[Owasp-leaders] Creating OWASP 4.0!

Jim Manico jim.manico at owasp.org
Tue Dec 14 15:36:21 EST 2010


John,

I'll be at the summit and can take on any topic. Just let me know, this is a great idea. 

-Jim Manico
http://manico.net

On Dec 14, 2010, at 8:16 AM, John Steven <John.Steven at owasp.org> wrote:

> Eric,
> 
> Excellent. Glad to have you on-board.
> 
> We're going to need a few people to help with each session first
> because this is our maiden voyage and second because we want to make
> sure that we're leading a dynamic discussion and helping everyone get
> hands-on immediately and stay caught up with what advancements are
> made in the session.
> 
> I'm going to orchestrate some planning calls between now and the
> summit, so we can hash out what materials you and Dan will build/bring
> to the session.
> 
> When I train these days, I'm consistently shocked at 1) how commonly
> people gravitate to this vuln. and yet 2) the amount of confusion
> still surrounding its causes and effective mitigation.. So I think
> it's going to be the toughest one to navigate. Hopefully, we can
> dispel some of the nonsense. ;-)
> 
> -jOHN
> 
> On Tue, Dec 14, 2010 at 9:09 AM, Eric Sheridan <eric.sheridan at owasp.org> wrote:
>> Dan,
>> 
>> I'd be happy to assist/lead in the Protecting Against CSRF session. As owner of CSRFGuard, I will be able to provide some useful discussion points including real world integration challenges.
>> 
>> -Eric
>> 
>> On Dec 13, 2010, at 11:54 PM, Dan Cornell <dan at denimgroup.com> wrote:
>> 
>>> (added a couple of individuals to this list to hopefully make sure everyone from both this email and the similar thread on "Creating OWASP 4.0" gets the email)
>>> 
>>> 
>>>> 5 Protecting against CSRF                 ????????
>>>>   * Hygiene
>>>>      * Discuss/show Frames-busting, cross-domain policy,
>>>>      * Discuss referrer and other red herrings
>>>>   * Tokens (crafting, scoping, and checking)
>>>>   * Discussions, techniques on scale
>>>>   * Discussions, techniques on CAPTCHA, re-auth, etc.
>>>> 
>>> 
>>> 
>>> I'd be happy to take this one on.  I'll need to make sure my facilitator duties would be compatible with other commitments during the Summit, but assuming that is the case I'd be happy to referee the discussion and help bang out some code.
>>> 
>>> Thanks,
>>> 
>>> Dan
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list