[Owasp-leaders] Which OWASP Projects to highlight and talk more about?

Tobias tobias.gondrom at owasp.org
Wed Dec 17 09:08:14 UTC 2014


Cornucopia is a threat modeling card game.
The project page is on our wiki.
You can also get the card deck as merchandise from our global team.
We played a round of Cornucopia last year in London and I find it 
interesting and a potentially good way to improve threat modelling 
sessions that otherwise can be quite an uphill battle against 
disinterested developers... ;-)

For further questions, maybe check with Colin. (I cc'ed him on the email).

Best, Tobias


On 12/12/14 13:20, Akash Mahajan wrote:
> Hi Tobias,
>
> Thank you for the extensive list of things we can take up.
>
> Out of these, I wasn't aware of Cornucopia before. Could you please 
> tell me more how we can use it in a meet? (I was reading about it and 
> it seems like a card game)
>
> On 10 December 2014 at 20:52, Tobias <tobias.gondrom at owasp.org 
> <mailto:tobias.gondrom at owasp.org>> wrote:
>
>     Hello Akash,
>
>     interesting theme idea Break it & Fix it.
>     The following is just some of my personal favourites at the moment
>     within your theme context:
>     - Top-10 & Top-10 proactive controls
>     - Mobile Top-10 & Mobile proactive controls
>     - Personally, I also find worthwhile for "fix it" to look at
>     Secure Coding best Practices Quick Reference Guide (Oh boy, we
>     really need to come up with a shorter name for this...)
>     - And potentially openSAMM as a measure to ramp up your SDLC -
>     again "fix it".
>     - and Cornucopia to spice up the threat assessment / requirements
>     process part...
>
>     Just my 2cents.
>
>     Best, Tobias
>
>
>
>
>     On 09/12/14 13:35, Akash Mahajan wrote:
>>     Hello Folks,
>>
>>     We at OWASP Bangalore are planning on starting new series of
>>     sessions called Break It and Fix It.
>>
>>     The idea for now is to take up Top 10, cover the a vulnerable
>>     sample application show the attack and then talk about ways to
>>     fix the code. If everything goes well we shall start on the 20th
>>     of this month.
>>
>>     As part of the recommendations and references at this point what
>>     resources should we be highlighting?
>>
>>     The reason to ask the question is that some of the guides are in
>>     the process of being re-written and there was a discussion about
>>     flagship proects etc.
>>
>>     We have already done extensive coverage of
>>
>>     1. OWASP ZAP
>>     2. OWASP Top 10 2010 and 2013
>>     3. OWASP BWA
>>     4. OWASP OWTF - Being covered in our meet on the 13th Dec
>>
>>     We would like to do more with
>>     - The new Dev guide
>>     - ASVS Document
>>
>>
>>     Also, this sort of email is better for the chapters list or the
>>     leaders list? I always get confused about that.
>>
>>     Thank you.
>>
>>     -- 
>>     Warm regards,
>>     Akash Mahajan
>>
>>     /That Web Application Security Guy/ | +91 99 805 271 82
>>     akashm.com <http://akashm.com> | /@makash/ on twitter |
>>     linkd.in/webappsecguy <http://linkd.in/webappsecguy>
>>     /OWASP Bangalore Chapter Lead | null Community Manager/
>>
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org  <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> -- 
> Warm regards,
> Akash Mahajan
>
> /That Web Application Security Guy/ | +91 99 805 271 82
> akashm.com <http://akashm.com> | /@makash/ on twitter | 
> linkd.in/webappsecguy <http://linkd.in/webappsecguy>
> /OWASP Bangalore Chapter Lead | null Community Manager/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141217/078c04eb/attachment.html>


More information about the OWASP-Leaders mailing list