[Owasp-leaders] Recap: Charlotte DUG/AppSensor
chris.schmidt at owasp.org
Sat Nov 5 19:20:48 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
This is awesome news! Feel free to forward my contact information on to
the group regarding ESAPI!
Thanks for the update, sounds like it was a great experience for all
On 11/5/2011 5:03 PM, William Stranathan wrote:
> John Melton and I did a presentation at the UNC-Charlotte Cyber
Security Symposium a couple of weeks ago, and one of the sidebars of the
presentation was getting out of the "security echo chamber". We've been
complaining about the most obvious of flaws for 10 years, and developers
(largely) aren't making many fewer mistakes. A large part of the problem
(we estimate) is that the people who go to RSA are mostly cryptologists
and security experts. The people who go to Black Hat and Def Con are
largely security people. The people who go to jQueryCon are jQuery
people. The people who go to EclipseCon are programmers. i.e., not only
do people who are just developers usually not enter our gates, but we're
very bad about entering the gates of programming circles.
> This week, I had the pleasure of presenting OWASP AppSensor to the
Charlotte Drupal User's Group. It was only a handful of people, but they
were VERY interested in taking part of upcoming work on AppSensor.
They're mostly interested in providing a security-haredened (and
harden-able) distribution of Drupal - with AppSensor/ESAPI already wired
in and detection points written and set for the "easy to find" things in
Drupal, and configured so that plugin developers can easily trigger
detection points for more logical type findings.
> Not only are they interested in providing that hardened Drupal package,
but they want to help in writing the code that needs to be done for PHP
ESAPI and AppSensor. This is *really* promising.
> We largely have one local chapter member, Jon Molesa, to thank for
this. He has been part of the Drupal Users Group for some time, was
introduced to OWASP, and personally made all the arrangements for us to
present AppSensor to the Charlotte DUG.
> On an additional note, the Charlotte DUG meetings are held at a great
location (part of Classic Graphics in Charlotte) which might be a great
facility for future meetings. We're not currently looking to move away
from UNC-Charlotte, but the parking there is $6, so for normal meetings
it takes some arranging of schedules so people can ride share.
> More to follow - I have to find a good time for writing some "quick
win" detection points for PHP and Drupal.
> Will Stranathan
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the OWASP-Leaders