[Owasp-leaders] Security 101 Mailing List?

Erwin Geirnaert erwin.geirnaert at zionsecurity.com
Thu Jan 26 08:28:39 UTC 2012


Hi leaders,

An idea that came into my mind after the OWASP BE meeting yesterday. Seba did a survey for OWASP BE members and the results are very interesting: more interaction at OWASP meetings, more solutions for specific frameworks/problems must be discussed, more technical stuff,…

Why not introduce a security 101 presentation at each OWASP BE meeting that will discuss a solution for a specific problem of an OWASP member. For example: "for a project we need to maintain secure session management between different web services, what is the best approach?". This can be discussed on the forum but a live presentation/discussion of the possible solutions will be very interesting during an OWASP meeting and will hopefully attract more developers that are struggling with this situation.

A lot of developers love OWASP but they don't have the time to read all the documentation and browse projects to find a solution. The best way to evangelize application security is to solve the problems people are facing!

Best regards,

Erwin

Van: Benny Ketelslegers <benny.ketelslegers at owasp.org<mailto:benny.ketelslegers at owasp.org>>
Datum: Thu, 26 Jan 2012 17:07:16 +0900
Aan: "owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>" <owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>>
Onderwerp: Re: [Owasp-leaders] Security 101 Mailing List?

I also think a forum would be an interesting idea. I see a very active userbase around the backtrack liveCD (offensive security) and a forum would be more structured and act as knowledgebase compared to a mailinglist!

Best Regards

On Thu, Jan 26, 2012 at 4:55 PM, John Wilander <john.wilander at owasp.org<mailto:john.wilander at owasp.org>> wrote:
Good idea!

My thoughts also touched on a forum where we can avoid multiple answers to the same question and the same question being asked over and over.

If we go with a forum we have to have email notification to a large part of OWASP leaders.

If we go with a mailing list let's keep the name short and to the point -- security101 at owasp.org<mailto:security101 at owasp.org>.

   Regards, John

--
My music http://www.johnwilander.com
Twitter https://twitter.com/johnwilander
CV or Résumé http://johnwilander.se

26 jan 2012 kl. 08:31 skrev psiinon <psiinon at gmail.com<mailto:psiinon at gmail.com>>:


Great idea.
I'd definitely sign up and answer any questions I could.
+1 from me :)

Simon

On 25 Jan 2012 23:27, "Michael Coates" <michael.coates at owasp.org<mailto:michael.coates at owasp.org>> wrote:


I recently gave a security presentation to a group of developers in the health care startup scene.  There was great turnout and they really loved Webgoat (delivered via OWASP BWA).  As I left the presentation I pointed them at a variety of OWASP links - top 10, cheat sheets, secure coding guidelines - but I felt that it was a missed opportunity to really engage the group that had so much to gain from OWASP.

What are people's thoughts about establishing a OWASP-Security-101 mailing list?  The idea would be to have this be a public list where developers would ask basic/intro web security questions.  We (OWASP leaders) would then direct people to available OWASP resources or answer the questions directly.

This idea would create an ecosystem with developers that are not security experts per se (e.g. getting past the echo chamber). In addition, this will quickly identify gaps in OWASP resources ( 5 questions about topic X and we have no OWASP page on that topic).

The goal here isn't to replace something like stack overflow, but instead to create an inviting space within OWASP where we can integrate more developers and publicize/enhance OWASP tools, resources, etc.

One important thing for this new list would be that it's a safe place to ask "dumb" questions.  I think we could really distinguish ourselves here since many people are nervous about jumping into a more technical mailing list and just getting the "Did you google it?" type answer.


Thoughts?  OWASP-Security-101?





Michael Coates
OWASP
michael.coates at owasp.org<mailto:michael.coates at owasp.org>



_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders


_______________________________________________ OWASP-Leaders mailing list OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120126/8f640912/attachment.html>


More information about the OWASP-Leaders mailing list