[Owasp-leaders] AppSec Monthly Themes

Mat Caughron caughron at gmail.com
Fri Mar 23 03:31:51 UTC 2012


Or say hello to my four of a kind: SQL injection, header injection, shell
injection, multi-encoding injection.


Mat

On Thu, Mar 22, 2012 at 12:45 PM, Eoin <eoin.keary at owasp.org> wrote:

> My ace of xss beats ur queen of CSRF.
>
> Eoin Keary
> BCC Risk Advisory
> Owasp Global Board
> +353 87 977 2988
>
>
> On 22 Mar 2012, at 19:38, "Dennis Groves, MSc" <dennis.groves at owasp.org>
> wrote:
>
> > On 22 Mar 2012, at 15:40, Colin Watson wrote:
> >
> >> :-)
> >>
> >> I had been trying to think about an AppSensor (defense vs attacks)
> >> version of the card game Trumps, and get them printed on decks of
> >> playing cards - either as the game itself or as the card "backs". Then
> >> they could be used for promotional give-aways.
> >>
> >> But maybe the idea (52 cards) could be used for 13 themes x 4
> >> messages, or something like that? Perhaps developers and others would
> >> prefer a pack of playing cards to a book.
> >>
> >> I think we'd have to change "joker" to "hacker" though.
> >>
> >
> > I have always wanted to design a deck of cards. This could be so fun in
> so many, many ways… Let me know if you actually want to execute on this….
> >
> > Maybe we can even have them done in time for the 2013 trip to the
> Casino^H^H^H^H^H^H Summit! :-)
> >
> > Dennis
> >
> >
> >> Colin
> >>
> >> On 22 March 2012 12:46, Eoin <eoin.keary at owasp.org> wrote:
> >>> "The owasp ten commandments"
> >>> project!!
> >>>
> >>> Eoin Keary
> >>> BCC Risk Advisory
> >>> Owasp Global Board
> >>> +353 87 977 2988
> >>>
> >>>
> >>> On 22 Mar 2012, at 08:23, "Dennis Groves, MSc" <
> dennis.groves at owasp.org> wrote:
> >>>
> >>>> Michael & Jim, (and the rest of the leaders…)
> >>>>
> >>>> Brilliant Idea, A good friend of mine and productivity expert - JD
> Meier speaks of 30 day improvement sprints. I guess my thought is that it
> would be best to map out a year of these first and prepare materials in
> advance of the controlled release. This way sick days and holidays don't
> interfere with the flow. Another idea would be to alternate builder,
> breaker and defender months - so that we rotate through each of those
> topics 4 times during the year.
> >>>>
> >>>> In fact, on that note Jim - your very cool "parameterize, don't
> jeopardise" SQL injection maximum causes me to wonder if we couldn't
> distill another 11 of those 'tweet' sides ideas and create the 'OWASP laws
> of application security.'
> >>>>
> >>>> Dennis
> >>>>
> >>>> On 22 Mar 2012, at 5:18, Jim Manico wrote:
> >>>>
> >>>>> Awesome idea.
> >>>>>
> >>>>> How about we focus specifically on a SQL Injection awareness campaign
> >>>>> for the first month? We could be even more specific and bring
> >>>>> awareness to the coding technique of query parameterization.
> >>>>>
> >>>>> "Parameterize, don't jeopardize" ;)
> >>>>>
> >>>>> --
> >>>>> Jim Manico
> >>>>> (808) 652-3805
> >>>>>
> >>>>> On Mar 22, 2012, at 7:08 AM, Michael Coates <
> michael.coates at owasp.org> wrote:
> >>>>>
> >>>>>> Leaders,
> >>>>>>
> >>>>>> I've been toying with the idea of a centralized security theme for
> each month.  The idea is to flood the airwaves (or is it the pipes?) with a
> large amount of information on a particular application security topic.
> >>>>>>
> >>>>>> For example, April could be "Injection Flaws" and anyone interested
> could blog about this topic.  I'm hoping to see articles from the
> perspective of builders, breakers and defenders. Also articles that dive
> into code examples, frameworks, lifecycle considerations, tools and more.
>  We can have have a push for video examples, podcasts, and project updates
> (if relevant to the monthly theme) and more.
> >>>>>>
> >>>>>> This "coordinated" assault on the issue is then magnified by
> retweets from the OWASP twitter account and syndication on the OWASP news
> feed.  At the end of the month we then have an OWASP blog post that
> captures the definitive list to all articles, posts, tools, etc that were
> created during that month.  We could also award the top contributions and
> feature them in the newsletter.
> >>>>>>
> >>>>>> Anyone interested in this idea?  I'm thinking we work through a few
> of the OWASP top 10, then maybe jump around with a month for mobile
> security, cloud security, lifecylce, risk analysis, etc.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> April the month of Injection Flaws?
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> -------
> >>>>>> Michael Coates | OWASP
> >>>>>> michael.coates at owasp.org | @_mwc
> >>>>>> OWASP Board
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> OWASP-Leaders mailing list
> >>>>>> OWASP-Leaders at lists.owasp.org
> >>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>>> _______________________________________________
> >>>>> OWASP-Leaders mailing list
> >>>>> OWASP-Leaders at lists.owasp.org
> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>>>
> >>>>
> >>>> --
> >>>> [Dennis Groves](http://about.me/dennis.groves), MSc
> >>>> [dennis.groves at gmail.com](mailto:dennis.groves at gmail.com)
> >>>>
> >>>> *"What is the use of living, if it be not to strive for noble causes
> and make this muddled world a better place for those who will live in it
> after we have gone."* -- Winston Churchill, October 10th, 1908
> >>>> _______________________________________________
> >>>> OWASP-Leaders mailing list
> >>>> OWASP-Leaders at lists.owasp.org
> >>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> > Dennis
> >
> > --
> > [Dennis Groves](http://www.owasp.org/index.php/User:Dennis_Groves), MSc
> > [dennis.groves at owasp.org](dennis.groves at owasp.org)
> >
> > *This work is licensed under the Creative Commons
> > Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy
> of
> > this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
> > send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain
> > View, California, 94041, USA.*
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120322/83f6f41b/attachment-0001.html>


More information about the OWASP-Leaders mailing list