[Owasp-leaders] Top 10 countdown with 3 Ws

Takaharu Ogasa - OWASP Sendai takaharu.ogasa at owasp.org
Mon Mar 13 03:24:00 UTC 2017


Alper,

That sounds like something we have done during the last 12month in Sendai 
Chapter and just about to finish A10 this week (We have started from A1).

What I have done is...
- Explain the each vulnerabilities one by one on monthly meeting.
- If applicable, show them demo using exploit tools and method, attacking 
self coded simple web app.
- Added attackers view, realistic attack scenarios combining other 
vulnerabilities.

Adding attackers view and demo was especially good and got better attention 
and more questions as it seems like bringing reality.

Next move...

Building a simple web server using Raspberry Pi and install same web app 
used in the workshops with closed wifi network (does not cost much). Leave 
them free to try and exploit at the co-working place where our chapter 
meeting are held while giving them a hands on lab starting next month.

Thanks,

--
Taka Ogasa, GWAPT
OWASP Sendai Chapter Leader
WEB: https://www.owasp.org/index.php/Sendai
Facebook: https://www.facebook.com/owaspsendai/
Twitter: @OWASP_Sendai




-----Original Message----- 
From: Tiffany Long
Sent: Saturday, March 11, 2017 8:51 AM
To: Kim Carter
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Top 10 countdown with 3 Ws


Aleper, I love this idea! Would you let me know when you prepare it?  And 
perhaps afterwards you would write a blog post with your materials?

Yours,

Tiffany Long
Community Manager


On Thu, Mar 9, 2017 at 2:24 AM, Kim Carter <kim.carter at owasp.org> wrote:

My second book covers these in the Web Applications chapter, along with way 
more: 
https://leanpub.com/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications 
, could these be of use to other leaders perhaps? The book is both free and 
paid for. I've been working on the series for about 2 years now, so the 
content is getting up there.






Kim Carter

OWASP New Zealand Chapter Leader (Christchurch)

Author of Holistic Info-Sec for Web Developers

c: +64 274 622 607











On Thu, Mar 9, 2017 at 3:04 AM, Alper Basararn <alper.basaran at owasp.org> 
wrote:
Thank you Tanya.
Of course we'll be happy to translate and share our content.

We could also hold an English version of the webinars if you want. With the 
time difference, I believe it could be manageable.

Best regards,
Alper

On Wednesday, March 8, 2017, Tanya Janca <tanya.janca at owasp.org> wrote:
What a fantastic idea Alper!  Our Chapter (Ottawa, Canada) is planning to do 
lightning talks on the Top Ten, if we can find participants.  Would you be 
open to sharing your content when you are done so we could get volunteers to 
present it at our chapter?

Nice work, and great idea!

> On Mar 8, 2017, at 7:35 AM, Alper Basararn <alper.basaran at owasp.org> 
> wrote:
>
> Hello OWASP Leaders,
>
> OWASP Ankara is launching a series of 10 workshops for the OWASP Top 10. 
> We'll start at 10 with "Unvalidated Redirects and Forwards" and end in 
> December with Injection.
> For each vulnerability we've planned to do a workshop, a webinar and a 
> whitepaper.
>
> Did anyone have a similar experience/project?  Any ideas beside the 
> workshops, webinars and whitepapers are always welcome.
>
> Best regards,
> Alper Basaran
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders




_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders










_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders 



More information about the OWASP-Leaders mailing list