[Owasp-leaders] Secure Code Warrior Ltd

Munir Njiru munir.njiru at owasp.org
Wed Jul 13 12:01:52 UTC 2016


:D true OWASP has the market ready people they just need to create an
appetite to these people :D

Munir Njenga,
OWASP Chapter Leader (Kenya) || Information Security Consultant || Developer
Mob   (KE) +254 (0) 734960670

=============================
Chapter Page: www.owasp.org/index.php/Kenya
Project Site:
http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/
Email: munir.njiru at owasp.org
Facebook: https://www.facebook.com/OWASP.Kenya
Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya


On Wed, Jul 13, 2016 at 1:31 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> >>I did not find any vendor pitch, and they just used the tool to have a
> small CTF type competition.
>
> This is what I call smart marketing ;-).
>
> They don't need tell me 'buy it', but having the opportunity to showcase
> it is good enough as a marketing strategy
>
> Now a training in Appsec is a funding activity. In this case OWASP gets
> 60% of the trainer 40%.
>
>
>
> On Wed, Jul 13, 2016 at 2:09 AM, Vaibhav Gupta <vaibhav.gupta at owasp.org>
> wrote:
>
>> My two cents:
>>
>> I attended 'Securing MEAN stack' training by SCW folks at OWASP AppSec
>> EU. IMHO, I did not find any vendor pitch, and they just used the tool to
>> have a small CTF type competition.
>>
>> The trainer explicitly mentioned that attendees might use dummy emails to
>> register if they do not like to share their info with SCW.
>>
>> As a caution, we need to make sure that these events do not have any
>> vendor related pitch, and we are just using the tool (like any other tool:
>> Burp, AppScan, etc) to supplement the intended idea of the session.
>>
>> Thanks
>> Vaibhav
>>
>> twitter.com/VaibhavGupta_1
>>
>> On Wed, Jul 13, 2016 at 11:23 AM, Munir Njiru <munir.njiru at owasp.org>
>> wrote:
>>
>>> I would like to conquer with Johanna on this, look at it this way .
>>> OWASP is meant to serve the purpose of ensuring security the people already
>>> subscribed are a lucrative niche for a vendor like Secure Code Warrior,
>>> them offering you a "freebie" is technically them getting "free marketing"
>>> think about how much they save on marketing cost. A boost to the chapter
>>> for the numbers gathered should be in order at a small fee and a portion of
>>> that can go to OWASP.
>>> Another way to look at it is package it as a membership option that the
>>> vendor needs to be a premium member at an annual fee and part of the perks
>>> would be "present x number of times such items as their product" in
>>> chapters local to them.
>>>
>>> Kind Regards,
>>>
>>> Munir Njenga,
>>> OWASP Chapter Leader (Kenya) || Information Security Consultant ||
>>> Developer
>>> Mob   (KE) +254 (0) 734960670
>>>
>>> =============================
>>> Chapter Page: www.owasp.org/index.php/Kenya
>>> Project Site:
>>> http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/
>>> Email: munir.njiru at owasp.org
>>> Facebook: https://www.facebook.com/OWASP.Kenya
>>> Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
>>>
>>>
>>> On Wed, Jul 13, 2016 at 6:37 AM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> I think that we should also implement new policies such as if a vendor
>>>> wants to give a demo during a Chapter presentation, we should then charge a
>>>> fee that goes to the chapter .
>>>>
>>>> Example, Code Warrior wants to demo their product? That could be
>>>> accepted under another policy where they pay for the presentation (just a
>>>> there are booths selling products at the appsec conferences)
>>>>
>>>> Then it's clear to all coming to the talk that this is a vendor talk to
>>>> show case their product during the talk.
>>>>
>>>> I have actually no problem with that as long:
>>>> -Vendor pays a fee for presenting (they earn money and we are a
>>>> foundation that needs funds)
>>>> -It is clear to everyone coming that is a demo of their products
>>>> -They get potential leads from the Talk/Pitch
>>>>
>>>> If people find this OK we could submit this to a vote to adapt the
>>>> 'vendor neutrality' policies
>>>>
>>>> On Tue, Jul 12, 2016 at 11:27 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>
>>>>> Serge
>>>>>
>>>>> I might look strictly to the policy, but a vendor should not use OWASP
>>>>> chapters as a platform to sell their products by explaining 'how you can
>>>>> code secure using Code Warrior platform' . BTW not cheap (USD55/month for
>>>>> one developer)
>>>>>
>>>>> I get it, the platform aligns very good with our goals (such as how to
>>>>> code secure) but if the talk is about how you can use Code Warrior to learn
>>>>> code securely... well sorry that is a vendor pitch in my opinion.
>>>>>
>>>>> Now if the talk focuses to explain the methodologies used to code
>>>>> secure (without going into their platform) then I can see how that aligns
>>>>> without issues to our 'vendor neutrality' principles.
>>>>>
>>>>> Cheers
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Jul 12, 2016 at 10:29 PM, Serg B. <sergicles at gmail.com> wrote:
>>>>>
>>>>>> Johanna, why? By the way, I don't know them and have no opinion about
>>>>>> them in any way, so I am interested... If it's a good tool and has no
>>>>>> equivalent, why wouldn't we expose people to it, if the chapter leaders
>>>>>> find it acceptable for our individual chapters. We give away books that are
>>>>>> otherwise sold for money, how is this  different?
>>>>>>
>>>>>>
>>>>>> Cheers
>>>>>>     Serge
>>>>>>
>>>>>> On 13 Jul 2016 2:33 AM, "johanna curiel curiel" <
>>>>>> johanna.curiel at owasp.org> wrote:
>>>>>>
>>>>>>> >>Is there anything specific that we should take care before
>>>>>>> engaging with them?
>>>>>>>
>>>>>>> Their presentation should focused about coding secure but they
>>>>>>> should exclude using their platform in the presentation.
>>>>>>>
>>>>>>> On Tue, Jul 12, 2016 at 12:23 PM, Akash Mahajan <
>>>>>>> akash.mahajan at owasp.org> wrote:
>>>>>>>
>>>>>>>> Hi Folks,
>>>>>>>>
>>>>>>>> We have been in touch with them as well at Bangalore. It looks like
>>>>>>>> a good fit for the kind of audience we get in our meets.
>>>>>>>> Is there anything specific that we should take care before engaging
>>>>>>>> with them?
>>>>>>>>
>>>>>>>> Thank you.
>>>>>>>>
>>>>>>>> On 12 July 2016 at 21:16, Sandeep Singh <sandeep.singh at owasp.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Mike,
>>>>>>>>>
>>>>>>>>> We were recently approached by pieter danhieux from Secure Code
>>>>>>>>> Warriors and he has offered to do a 3 hour secure coding workshop for OWASP
>>>>>>>>> Delhi on 30th July when he will be here in Delhi
>>>>>>>>>
>>>>>>>>> Here is the abstract of the session he has sent to us.
>>>>>>>>>
>>>>>>>>> Do you think you can code securely? During this 3 hour workshop,
>>>>>>>>> the Secure Code Warrior team is going to brief you about the most common
>>>>>>>>> Web App weaknesses before letting you go nuts on the Secure Code Warrior
>>>>>>>>> platform. Whether you are a junior developer in JAVA Spring or C#
>>>>>>>>> MVC/WebForms, application security professional, RoR or Python geek, senior
>>>>>>>>> software engineer or penetration tester ... this platform will challenge
>>>>>>>>> your skills and provide you with an overview of your strengths and
>>>>>>>>> weaknesses in secure coding.
>>>>>>>>>
>>>>>>>>> As per our understanding it seems SCW is just a platform that they
>>>>>>>>> will be using for hosting the challenges and scoring purposes.
>>>>>>>>>
>>>>>>>>> thanks
>>>>>>>>> Sandeep
>>>>>>>>> @OWASPDelhi
>>>>>>>>>
>>>>>>>>> On Tue, Jul 12, 2016 at 9:05 PM, Serg B. <serg at owasp.org> wrote:
>>>>>>>>>
>>>>>>>>>> Mike, we haven't done any OWASP sessions with them specifically,
>>>>>>>>>> yet. I am actually catching up with them in professional capacity soon and
>>>>>>>>>> the other chapter co-lead (Julian) already has.
>>>>>>>>>>
>>>>>>>>>> We had couple vendors present. As far as I see it, nothing wrong
>>>>>>>>>> with that - as long as it is indeed a useful presentation and not a pitch,
>>>>>>>>>> I say go for it. As long as it's about technology or a product if it's
>>>>>>>>>> something really interesting, I don't see any issues with that, because
>>>>>>>>>> sometimes it's actually really hard to get exposure to some tools unless
>>>>>>>>>> you are in a well funded company. I think Codewarrior qualifies here, looks
>>>>>>>>>> very interesting and useful from what I hear (direct feedback from unbiased
>>>>>>>>>> user). We do however request full presentation deck well before the meeting
>>>>>>>>>> to make sure it is on topic and doesn't turn into a marketing pitch.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> cheers
>>>>>>>>>>    Serge
>>>>>>>>>>
>>>>>>>>>> On Wed, Jul 13, 2016 at 1:24 AM, Mike Goodwin <
>>>>>>>>>> mike.goodwin at owasp.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello Chapter Leaders,
>>>>>>>>>>>
>>>>>>>>>>> I was approached by Secure Code Warrior Ltd who were offering to
>>>>>>>>>>> do a secure coding demo/challenge at our chapter meeting.
>>>>>>>>>>>
>>>>>>>>>>> Their website is:
>>>>>>>>>>>
>>>>>>>>>>> https://www.securecodewarrior.com/
>>>>>>>>>>>
>>>>>>>>>>> It sounded very interesting, but I was a bit concerned that it
>>>>>>>>>>> would not conform to our vendor neutrality, given their companies offering.
>>>>>>>>>>>
>>>>>>>>>>> They mentioned that they have already done sessions in Australia
>>>>>>>>>>> and India.
>>>>>>>>>>>
>>>>>>>>>>> @Aussie/Indian leaders: Have you have this company at your
>>>>>>>>>>> meetings? Was it OK from a vendor neutrality point of view?
>>>>>>>>>>>
>>>>>>>>>>> Best regards,
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Mike Goodwin*
>>>>>>>>>>> OWASP Newcastle UK Chapter Leader
>>>>>>>>>>> <https://www.owasp.org/index.php/Newcastle>
>>>>>>>>>>> OWASP Threat Dragon Project Leader
>>>>>>>>>>> <https://github.com/mike-goodwin/owasp-threat-dragon>
>>>>>>>>>>> @theblacklabguy
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Serg
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP-Leaders mailing list
>>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Warm regards,
>>>>>>>> Akash Mahajan
>>>>>>>>
>>>>>>>> *That Web Application Security Guy* | +91 99 805 271 82
>>>>>>>> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
>>>>>>>> *OWASP Bangalore Chapter Lead | null Community Manager*
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> OWASP-Leaders mailing list
>>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Johanna Curiel
>>>>>>> OWASP Volunteer
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OWASP-Leaders mailing list
>>>>>>> OWASP-Leaders at lists.owasp.org
>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Johanna Curiel
>>>>> OWASP Volunteer
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160713/65a924f3/attachment-0001.html>


More information about the OWASP-Leaders mailing list