[Owasp-leaders] AppSec Monthly Themes

Jim Manico jim.manico at owasp.org
Thu Mar 22 16:09:01 UTC 2012


I think a hacker-vs-defender card game specific to WebAppSec would be a
great way to spread awareness. Microsoft built a similar security card game
with great success. I can help. Pull in Dave Wichers as well - he is a
MagicTheGathering powerhouse and could help us design the game.

Cool. :)

Aloha,

--
Jim Manico
(808) 652-3805

On Mar 22, 2012, at 5:01 PM, Sarah Baso <sarah.baso at owasp.org> wrote:

I love the playing card idea.. I can help get them printed and distributed
if others work on the content!

On Thu, Mar 22, 2012 at 10:40 AM, Colin Watson <colin.watson at owasp.org>wrote:

> :-)
>
> I had been trying to think about an AppSensor (defense vs attacks)
> version of the card game Trumps, and get them printed on decks of
> playing cards - either as the game itself or as the card "backs". Then
> they could be used for promotional give-aways.
>
> But maybe the idea (52 cards) could be used for 13 themes x 4
> messages, or something like that? Perhaps developers and others would
> prefer a pack of playing cards to a book.
>
> I think we'd have to change "joker" to "hacker" though.
>
> Colin
>
> On 22 March 2012 12:46, Eoin <eoin.keary at owasp.org> wrote:
> > "The owasp ten commandments"
> > project!!
> >
> > Eoin Keary
> > BCC Risk Advisory
> > Owasp Global Board
> > +353 87 977 2988
> >
> >
> > On 22 Mar 2012, at 08:23, "Dennis Groves, MSc" <dennis.groves at owasp.org>
> wrote:
> >
> >> Michael & Jim, (and the rest of the leaders…)
> >>
> >> Brilliant Idea, A good friend of mine and productivity expert - JD
> Meier speaks of 30 day improvement sprints. I guess my thought is that it
> would be best to map out a year of these first and prepare materials in
> advance of the controlled release. This way sick days and holidays don't
> interfere with the flow. Another idea would be to alternate builder,
> breaker and defender months - so that we rotate through each of those
> topics 4 times during the year.
> >>
> >> In fact, on that note Jim - your very cool "parameterize, don't
> jeopardise" SQL injection maximum causes me to wonder if we couldn't
> distill another 11 of those 'tweet' sides ideas and create the 'OWASP laws
> of application security.'
> >>
> >> Dennis
> >>
> >> On 22 Mar 2012, at 5:18, Jim Manico wrote:
> >>
> >>> Awesome idea.
> >>>
> >>> How about we focus specifically on a SQL Injection awareness campaign
> >>> for the first month? We could be even more specific and bring
> >>> awareness to the coding technique of query parameterization.
> >>>
> >>> "Parameterize, don't jeopardize" ;)
> >>>
> >>> --
> >>> Jim Manico
> >>> (808) 652-3805
> >>>
> >>> On Mar 22, 2012, at 7:08 AM, Michael Coates <michael.coates at owasp.org>
> wrote:
> >>>
> >>>> Leaders,
> >>>>
> >>>> I've been toying with the idea of a centralized security theme for
> each month.  The idea is to flood the airwaves (or is it the pipes?) with a
> large amount of information on a particular application security topic.
> >>>>
> >>>> For example, April could be "Injection Flaws" and anyone interested
> could blog about this topic.  I'm hoping to see articles from the
> perspective of builders, breakers and defenders. Also articles that dive
> into code examples, frameworks, lifecycle considerations, tools and more.
>  We can have have a push for video examples, podcasts, and project updates
> (if relevant to the monthly theme) and more.
> >>>>
> >>>> This "coordinated" assault on the issue is then magnified by retweets
> from the OWASP twitter account and syndication on the OWASP news feed.  At
> the end of the month we then have an OWASP blog post that captures the
> definitive list to all articles, posts, tools, etc that were created during
> that month.  We could also award the top contributions and feature them in
> the newsletter.
> >>>>
> >>>> Anyone interested in this idea?  I'm thinking we work through a few
> of the OWASP top 10, then maybe jump around with a month for mobile
> security, cloud security, lifecylce, risk analysis, etc.
> >>>>
> >>>>
> >>>>
> >>>> April the month of Injection Flaws?
> >>>>
> >>>>
> >>>>
> >>>> -------
> >>>> Michael Coates | OWASP
> >>>> michael.coates at owasp.org | @_mwc
> >>>> OWASP Board
> >>>>
> >>>> _______________________________________________
> >>>> OWASP-Leaders mailing list
> >>>> OWASP-Leaders at lists.owasp.org
> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >> --
> >> [Dennis Groves](http://about.me/dennis.groves), MSc
> >> [dennis.groves at gmail.com](mailto:dennis.groves at gmail.com)
> >>
> >> *"What is the use of living, if it be not to strive for noble causes
> and make this muddled world a better place for those who will live in it
> after we have gone."* -- Winston Churchill, October 10th, 1908
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>



-- 
OWASP Operational Support:
Conference Logistics & Community Relations

Dir: 312-869-2779
skype: sarah.baso

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120322/4802559a/attachment.html>


More information about the OWASP-Leaders mailing list