[Owasp-leaders] AppSec Monthly Themes

Dennis Groves, MSc dennis.groves at owasp.org
Thu Mar 22 08:23:28 UTC 2012


Michael & Jim, (and the rest of the leaders…)

Brilliant Idea, A good friend of mine and productivity expert - JD Meier 
speaks of 30 day improvement sprints. I guess my thought is that it 
would be best to map out a year of these first and prepare materials in 
advance of the controlled release. This way sick days and holidays don't 
interfere with the flow. Another idea would be to alternate builder, 
breaker and defender months - so that we rotate through each of those 
topics 4 times during the year.

In fact, on that note Jim - your very cool "parameterize, don't 
jeopardise" SQL injection maximum causes me to wonder if we couldn't 
distill another 11 of those 'tweet' sides ideas and create the 'OWASP 
laws of application security.'

Dennis

On 22 Mar 2012, at 5:18, Jim Manico wrote:

> Awesome idea.
>
> How about we focus specifically on a SQL Injection awareness campaign
> for the first month? We could be even more specific and bring
> awareness to the coding technique of query parameterization.
>
> "Parameterize, don't jeopardize" ;)
>
> --
> Jim Manico
> (808) 652-3805
>
> On Mar 22, 2012, at 7:08 AM, Michael Coates <michael.coates at owasp.org> 
> wrote:
>
>> Leaders,
>>
>> I've been toying with the idea of a centralized security theme for 
>> each month.  The idea is to flood the airwaves (or is it the pipes?) 
>> with a large amount of information on a particular application 
>> security topic.
>>
>> For example, April could be "Injection Flaws" and anyone interested 
>> could blog about this topic.  I'm hoping to see articles from the 
>> perspective of builders, breakers and defenders. Also articles that 
>> dive into code examples, frameworks, lifecycle considerations, tools 
>> and more.  We can have have a push for video examples, podcasts, and 
>> project updates (if relevant to the monthly theme) and more.
>>
>> This "coordinated" assault on the issue is then magnified by retweets 
>> from the OWASP twitter account and syndication on the OWASP news 
>> feed.  At the end of the month we then have an OWASP blog post that 
>> captures the definitive list to all articles, posts, tools, etc that 
>> were created during that month.  We could also award the top 
>> contributions and feature them in the newsletter.
>>
>> Anyone interested in this idea?  I'm thinking we work through a few 
>> of the OWASP top 10, then maybe jump around with a month for mobile 
>> security, cloud security, lifecylce, risk analysis, etc.
>>
>>
>>
>> April the month of Injection Flaws?
>>
>>
>>
>> -------
>> Michael Coates | OWASP
>> michael.coates at owasp.org | @_mwc
>> OWASP Board
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[dennis.groves at gmail.com](mailto:dennis.groves at gmail.com)

*"What is the use of living, if it be not to strive for noble causes and 
make this muddled world a better place for those who will live in it 
after we have gone."* -- Winston Churchill, October 10th, 1908


More information about the OWASP-Leaders mailing list