[Owasp-leaders] AppSec Monthly Themes

Sarah Baso sarah.baso at owasp.org
Thu Mar 22 16:11:43 UTC 2012


Looped in Dave:)
This could be something "new" to use at outreach events (as well as
internal ones) this year.

On Thu, Mar 22, 2012 at 11:09 AM, Jim Manico <jim.manico at owasp.org> wrote:

> I think a hacker-vs-defender card game specific to WebAppSec would be a
> great way to spread awareness. Microsoft built a similar security card game
> with great success. I can help. Pull in Dave Wichers as well - he is a
> MagicTheGathering powerhouse and could help us design the game.
>
> Cool. :)
>
> Aloha,
>
>
> --
> Jim Manico
> (808) 652-3805
>
> On Mar 22, 2012, at 5:01 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>
> I love the playing card idea.. I can help get them printed and distributed
> if others work on the content!
>
> On Thu, Mar 22, 2012 at 10:40 AM, Colin Watson <colin.watson at owasp.org>wrote:
>
>> :-)
>>
>> I had been trying to think about an AppSensor (defense vs attacks)
>> version of the card game Trumps, and get them printed on decks of
>> playing cards - either as the game itself or as the card "backs". Then
>> they could be used for promotional give-aways.
>>
>> But maybe the idea (52 cards) could be used for 13 themes x 4
>> messages, or something like that? Perhaps developers and others would
>> prefer a pack of playing cards to a book.
>>
>> I think we'd have to change "joker" to "hacker" though.
>>
>> Colin
>>
>> On 22 March 2012 12:46, Eoin <eoin.keary at owasp.org> wrote:
>> > "The owasp ten commandments"
>> > project!!
>> >
>> > Eoin Keary
>> > BCC Risk Advisory
>> > Owasp Global Board
>> > +353 87 977 2988
>> >
>> >
>> > On 22 Mar 2012, at 08:23, "Dennis Groves, MSc" <dennis.groves at owasp.org>
>> wrote:
>> >
>> >> Michael & Jim, (and the rest of the leaders…)
>> >>
>> >> Brilliant Idea, A good friend of mine and productivity expert - JD
>> Meier speaks of 30 day improvement sprints. I guess my thought is that it
>> would be best to map out a year of these first and prepare materials in
>> advance of the controlled release. This way sick days and holidays don't
>> interfere with the flow. Another idea would be to alternate builder,
>> breaker and defender months - so that we rotate through each of those
>> topics 4 times during the year.
>> >>
>> >> In fact, on that note Jim - your very cool "parameterize, don't
>> jeopardise" SQL injection maximum causes me to wonder if we couldn't
>> distill another 11 of those 'tweet' sides ideas and create the 'OWASP laws
>> of application security.'
>> >>
>> >> Dennis
>> >>
>> >> On 22 Mar 2012, at 5:18, Jim Manico wrote:
>> >>
>> >>> Awesome idea.
>> >>>
>> >>> How about we focus specifically on a SQL Injection awareness campaign
>> >>> for the first month? We could be even more specific and bring
>> >>> awareness to the coding technique of query parameterization.
>> >>>
>> >>> "Parameterize, don't jeopardize" ;)
>> >>>
>> >>> --
>> >>> Jim Manico
>> >>> (808) 652-3805
>> >>>
>> >>> On Mar 22, 2012, at 7:08 AM, Michael Coates <michael.coates at owasp.org>
>> wrote:
>> >>>
>> >>>> Leaders,
>> >>>>
>> >>>> I've been toying with the idea of a centralized security theme for
>> each month.  The idea is to flood the airwaves (or is it the pipes?) with a
>> large amount of information on a particular application security topic.
>> >>>>
>> >>>> For example, April could be "Injection Flaws" and anyone interested
>> could blog about this topic.  I'm hoping to see articles from the
>> perspective of builders, breakers and defenders. Also articles that dive
>> into code examples, frameworks, lifecycle considerations, tools and more.
>>  We can have have a push for video examples, podcasts, and project updates
>> (if relevant to the monthly theme) and more.
>> >>>>
>> >>>> This "coordinated" assault on the issue is then magnified by
>> retweets from the OWASP twitter account and syndication on the OWASP news
>> feed.  At the end of the month we then have an OWASP blog post that
>> captures the definitive list to all articles, posts, tools, etc that were
>> created during that month.  We could also award the top contributions and
>> feature them in the newsletter.
>> >>>>
>> >>>> Anyone interested in this idea?  I'm thinking we work through a few
>> of the OWASP top 10, then maybe jump around with a month for mobile
>> security, cloud security, lifecylce, risk analysis, etc.
>> >>>>
>> >>>>
>> >>>>
>> >>>> April the month of Injection Flaws?
>> >>>>
>> >>>>
>> >>>>
>> >>>> -------
>> >>>> Michael Coates | OWASP
>> >>>> michael.coates at owasp.org | @_mwc
>> >>>> OWASP Board
>> >>>>
>> >>>> _______________________________________________
>> >>>> OWASP-Leaders mailing list
>> >>>> OWASP-Leaders at lists.owasp.org
>> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>> _______________________________________________
>> >>> OWASP-Leaders mailing list
>> >>> OWASP-Leaders at lists.owasp.org
>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >>
>> >>
>> >> --
>> >> [Dennis Groves](http://about.me/dennis.groves), MSc
>> >> [dennis.groves at gmail.com](mailto:dennis.groves at gmail.com)
>> >>
>> >> *"What is the use of living, if it be not to strive for noble causes
>> and make this muddled world a better place for those who will live in it
>> after we have gone."* -- Winston Churchill, October 10th, 1908
>> >> _______________________________________________
>> >> OWASP-Leaders mailing list
>> >> OWASP-Leaders at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
>
> --
> OWASP Operational Support:
> Conference Logistics & Community Relations
>
> Dir: 312-869-2779
> skype: sarah.baso
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
OWASP Operational Support:
Conference Logistics & Community Relations

Dir: 312-869-2779
skype: sarah.baso
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120322/af701889/attachment-0001.html>


More information about the OWASP-Leaders mailing list