[Owasp-leaders] Request for an OWASP press event resource

Jim Manico jim.manico at owasp.org
Wed Jan 12 02:13:12 EST 2011


I need a vendor-neutral OWASP resource to conduct a press event for SC
Magazine. This can be done remotely and will require commitments for
both February 24th and 25th, please see below. Preferably, I'd like
someone who has experience conducting keynote-type presentations and has
mastery with both offense and defense around the OWASP Top Ten.

The vendor neutrality is key here.

I have the time to do this, but I wanted to give other leaders within
the OWASP community a chance to do this event. I'll take this on only if
no one else steps up.

If you have the right experience and are interested in this selfless
donation of your time, please drop me a line. We can even have a few
experts do this event, and take turns discussion different threats and

And this is key: let's not just talk about the weaknesses (yawn) let's
talk about the solutions. That's what the world needs most right now.

More information below....

- Jim



I wanted to check in with you, in the meantime, to see if any
vendor-neutral experts from OWASP would be able to keynote an
e-symposium we're organizing for February 24th. Given the various
projects OWASP has undertaken in this area (including the Top 10, which
I assume is bound to be updated quite soon), having someone from the
group to share their knowledge of new threats and the possible ways to
deal with these likely would prove most helpful to our readers who
attend our online happenings.

Typically, for these half-day events, we have a keynote talk that lasts
about 45 minutes. Historically, speakers allocate about 30 minutes to
their presentation and then allow for about 10 or 15 minutes of Q & A.
Usually, those industry leaders who participate in these events with us
have about 10 to 12 slides to illustrate the salient points of their
talks. For these events, we pre-record the keynote and then get on the
phone the day of the live event for the live Q & A. One of my guys or I
will introduce and moderate.

Please find the summary for the event below:


Web application vulnerabilities are so numerous they prove an especially
ripe conduit through which cybercriminals can tunnel to steal lucrative
data. Given the ever-rising frequency of such breaches, one might assume
web apps have been sewn up. This, however, isn't that case. So, why do
these cracks in web apps still linger and what should security teams be
doing better to plug them?

It'd be awesome to have someone from OWASP take this on. Let me know if
you guys are interested when you have a moment.

More information about the OWASP-Leaders mailing list