[Owasp-leaders] Which OWASP Projects to highlight and talk more about?

Colin Watson colin.watson at owasp.org
Fri Dec 19 13:00:48 UTC 2014


Akash

The Cornucopia project mailing list is the best place to ask questions
and share experiences:

   https://lists.owasp.org/mailman/listinfo/owasp_cornucopia

The latest document on the wiki page has some more recent FAQs in it.

Regards

Colin
OWASP Cornucopia project leader
https://www.owasp.org/index.php/OWASP_Cornucopia



On 17 December 2014 at 09:08, Tobias <tobias.gondrom at owasp.org> wrote:
> Cornucopia is a threat modeling card game.
> The project page is on our wiki.
> You can also get the card deck as merchandise from our global team.
> We played a round of Cornucopia last year in London and I find it
> interesting and a potentially good way to improve threat modelling sessions
> that otherwise can be quite an uphill battle against disinterested
> developers... ;-)
>
> For further questions, maybe check with Colin. (I cc'ed him on the email).
>
> Best, Tobias
>
>
> On 12/12/14 13:20, Akash Mahajan wrote:
>
> Hi Tobias,
>
> Thank you for the extensive list of things we can take up.
>
> Out of these, I wasn't aware of Cornucopia before. Could you please tell me
> more how we can use it in a meet? (I was reading about it and it seems like
> a card game)
>
> On 10 December 2014 at 20:52, Tobias <tobias.gondrom at owasp.org> wrote:
>>
>> Hello Akash,
>>
>> interesting theme idea Break it & Fix it.
>> The following is just some of my personal favourites at the moment within
>> your theme context:
>> - Top-10 & Top-10 proactive controls
>> - Mobile Top-10 & Mobile proactive controls
>> - Personally, I also find worthwhile for "fix it" to look at Secure Coding
>> best Practices Quick Reference Guide (Oh boy, we really need to come up with
>> a shorter name for this...)
>> - And potentially openSAMM as a measure to ramp up your SDLC - again "fix
>> it".
>> - and Cornucopia to spice up the threat assessment / requirements process
>> part...
>>
>> Just my 2cents.
>>
>> Best, Tobias
>>
>>
>>
>>
>> On 09/12/14 13:35, Akash Mahajan wrote:
>>
>> Hello Folks,
>>
>> We at OWASP Bangalore are planning on starting new series of sessions
>> called Break It and Fix It.
>>
>> The idea for now is to take up Top 10, cover the a vulnerable sample
>> application show the attack and then talk about ways to fix the code. If
>> everything goes well we shall start on the 20th of this month.
>>
>> As part of the recommendations and references at this point what resources
>> should we be highlighting?
>>
>> The reason to ask the question is that some of the guides are in the
>> process of being re-written and there was a discussion about flagship
>> proects etc.
>>
>> We have already done extensive coverage of
>>
>> 1. OWASP ZAP
>> 2. OWASP Top 10 2010 and 2013
>> 3. OWASP BWA
>> 4. OWASP OWTF - Being covered in our meet on the 13th Dec
>>
>> We would like to do more with
>> - The new Dev guide
>> - ASVS Document
>>
>>
>> Also, this sort of email is better for the chapters list or the leaders
>> list? I always get confused about that.
>>
>> Thank you.
>>
>> --
>> Warm regards,
>> Akash Mahajan
>>
>> That Web Application Security Guy | +91 99 805 271 82
>> akashm.com | @makash on twitter | linkd.in/webappsecguy
>> OWASP Bangalore Chapter Lead | null Community Manager
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
>
> --
> Warm regards,
> Akash Mahajan
>
> That Web Application Security Guy | +91 99 805 271 82
> akashm.com | @makash on twitter | linkd.in/webappsecguy
> OWASP Bangalore Chapter Lead | null Community Manager
>
>


More information about the OWASP-Leaders mailing list