[Owasp-leaders] Javascript required for OWASP page?

dinis cruz dinis.cruz at owasp.org
Wed Jan 19 12:40:36 EST 2011


Sweet, so Michael, since you have direct access to a company that is already
doing this, can you help to set this up for owasp? (let's start with the
Summit as a first step)

Note that before we push this live, a owasp board vote will be required

Dinis Cruz

On 19 Jan 2011, at 17:35, Michael Coates <michael.coates at owasp.org> wrote:

We will be discussing considerations for bug bounty programs / hack
competitions during the Enterprise Web Defense Roundtable.  I recommend
interested people to attend.

*Objectives*

   1. What techniques are effective for scaling web security within a large
   company?
   2. Strategies for developer education that work?
   3. Automated defenses - what techniques are currently in use?
   4. *Benefits/considerations for using bounty programs*
   5. What can OWASP build or develop to assist with enterprise wide
   application security?


http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session068




Michael Coates
OWASP



On Jan 19, 2011, at 8:04 AM, dinis cruz wrote:

I think we should have a competion to see who can hack the owasp.org
website :)

The price would be a fully paid (travel+accomodation) ticket to the
Summit

Extra kudos points would be given for gaining root on the owasp.org
server

Anybody on this list have the cycles to organize this?

Dinis Cruz

On 19 Jan 2011, at 15:59, Vlatko Kosturjak <kost at linux.hr> wrote:

On 01/19/2011 04:50 PM, dinis cruz wrote:

It shows that owasp.org is in the same 'shape' as 90% of the websites

out there.


There is a O2 module that shows all the Javascript (files and inline)

code that is loaded by an owasp.org page (it is quite a list)


Maybe a good working session for the summit would be to consolidate

all owasp.org javascripts and add CSP to it


In fact we should have a 'hack owasp.org and mediawiki' competition

at

the Summit ....... :) :) :)


Especially to find bugs like this (as mediawiki is in PHP):

http://gregorkopf.de/slides_berlinsides_2010.pdf


Kost

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders


_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110119/5699f9bb/attachment.html 


More information about the OWASP-Leaders mailing list