[Owasp-leaders] Which OWASP Projects to highlight and talk more about?

Akash Mahajan akash.mahajan at owasp.org
Fri Dec 12 04:26:37 UTC 2014


Just to complete the loop, here is what we are planning to do.

1. Talk on Security Architecture and introduction about Break It and Fix it
by Satish
2. Demo + Hands-on on getting started with OWASP BWA by Akash

Sadly a lot of newer members in our chapter aren't very comfortable with
Virtual Machines etc. and a lot of them have heard of DVWA, Mutllidae but
not of Broken Web Apps. So our plan is to get more people attacking the
practice applications quickly.


On 12 December 2014 at 09:50, Akash Mahajan <akash.mahajan at owasp.org> wrote:

> Hi Tobias,
>
> Thank you for the extensive list of things we can take up.
>
> Out of these, I wasn't aware of Cornucopia before. Could you please tell
> me more how we can use it in a meet? (I was reading about it and it seems
> like a card game)
>
> On 10 December 2014 at 20:52, Tobias <tobias.gondrom at owasp.org> wrote:
>
>>  Hello Akash,
>>
>> interesting theme idea Break it & Fix it.
>> The following is just some of my personal favourites at the moment within
>> your theme context:
>> - Top-10 & Top-10 proactive controls
>> - Mobile Top-10 & Mobile proactive controls
>> - Personally, I also find worthwhile for "fix it" to look at Secure
>> Coding best Practices Quick Reference Guide (Oh boy, we really need to come
>> up with a shorter name for this...)
>> - And potentially openSAMM as a measure to ramp up your SDLC - again "fix
>> it".
>> - and Cornucopia to spice up the threat assessment / requirements process
>> part...
>>
>> Just my 2cents.
>>
>> Best, Tobias
>>
>>
>>
>>
>> On 09/12/14 13:35, Akash Mahajan wrote:
>>
>>      Hello Folks,
>>
>> We at OWASP Bangalore are planning on starting new series of sessions
>> called Break It and Fix It.
>>
>> The idea for now is to take up Top 10, cover the a vulnerable sample
>> application show the attack and then talk about ways to fix the code. If
>> everything goes well we shall start on the 20th of this month.
>>
>> As part of the recommendations and references at this point what
>> resources should we be highlighting?
>>
>> The reason to ask the question is that some of the guides are in the
>> process of being re-written and there was a discussion about flagship
>> proects etc.
>>
>>  We have already done extensive coverage of
>>
>>  1. OWASP ZAP
>>  2. OWASP Top 10 2010 and 2013
>>  3. OWASP BWA
>>  4. OWASP OWTF - Being covered in our meet on the 13th Dec
>>
>>  We would like to do more with
>>  - The new Dev guide
>>  - ASVS Document
>>
>>
>>  Also, this sort of email is better for the chapters list or the leaders
>> list? I always get confused about that.
>>
>>  Thank you.
>>
>> --
>> Warm regards,
>> Akash Mahajan
>>
>> *That Web Application Security Guy* | +91 99 805 271 82
>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>
>
> --
> Warm regards,
> Akash Mahajan
>
> *That Web Application Security Guy* | +91 99 805 271 82
> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
> *OWASP Bangalore Chapter Lead | null Community Manager*
>



-- 
Warm regards,
Akash Mahajan

*That Web Application Security Guy* | +91 99 805 271 82
akashm.com | *@makash* on twitter | linkd.in/webappsecguy
*OWASP Bangalore Chapter Lead | null Community Manager*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141212/ef561624/attachment.html>


More information about the OWASP-Leaders mailing list