[Owasp-leaders] Javascript required for OWASP page?

Michael Coates michael.coates at owasp.org
Wed Jan 19 12:35:13 EST 2011

We will be discussing considerations for bug bounty programs / hack competitions during the Enterprise Web Defense Roundtable.  I recommend interested people to attend.

What techniques are effective for scaling web security within a large company?
Strategies for developer education that work?
Automated defenses - what techniques are currently in use? 
Benefits/considerations for using bounty programs
What can OWASP build or develop to assist with enterprise wide application security?


Michael Coates

On Jan 19, 2011, at 8:04 AM, dinis cruz wrote:

> I think we should have a competion to see who can hack the owasp.org
> website :)
> The price would be a fully paid (travel+accomodation) ticket to the
> Summit
> Extra kudos points would be given for gaining root on the owasp.org
> server
> Anybody on this list have the cycles to organize this?
> Dinis Cruz
> On 19 Jan 2011, at 15:59, Vlatko Kosturjak <kost at linux.hr> wrote:
>> On 01/19/2011 04:50 PM, dinis cruz wrote:
>>> It shows that owasp.org is in the same 'shape' as 90% of the websites
>>> out there.
>>> There is a O2 module that shows all the Javascript (files and inline)
>>> code that is loaded by an owasp.org page (it is quite a list)
>>> Maybe a good working session for the summit would be to consolidate
>>> all owasp.org javascripts and add CSP to it
>>> In fact we should have a 'hack owasp.org and mediawiki' competition
>>> at
>>> the Summit ....... :) :) :)
>> Especially to find bugs like this (as mediawiki is in PHP):
>> http://gregorkopf.de/slides_berlinsides_2010.pdf
>> Kost
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110119/7de73380/attachment.html 

More information about the OWASP-Leaders mailing list