OWASP - User contributions [en]

Summit 2011 Working Sessions/Session067

2011-02-09T09:57:01Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Steven van der Baan
| summit_session_attendee_email2 = steven.van.der.baan@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Wojciech Dworakowski
| summit_session_attendee_email3 = wojciech.dworakowski@securing.pl
| summit_session_attendee_username3 = Wojciech Dworakowski
| summit_session_attendee_company3= SecuRing
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= ASVS extensions. Requirements mapping to CWE, Top10 and other OWASP projects. ASVS requirements and risk impact. Level1 - tools availability.

| summit_session_attendee_name4 = Jim Manico
| summit_session_attendee_email4 = jim.manico@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4= Independent Consultant
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Love for ASVS

| summit_session_attendee_name5 = Vishal Garg
| summit_session_attendee_email5 = vishalgrg@gmail.com
| summit_session_attendee_username5 =
| summit_session_attendee_company5= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= ASVS adoption within and outside OWASP. One example - OWASP Development Guide.

| summit_session_attendee_name6 = Abraham Kang
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Keith Turpin
| summit_session_attendee_email7 = keith.turpin@owasp.org
| summit_session_attendee_username7 = Keith_Turpin
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Alexandre Miguel Aniceto
| summit_session_attendee_email8 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username8 = Alexandre Miguel Aniceto
| summit_session_attendee_company8= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = ASVS Project
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067

|-

| short_working_session_description=Discussion on the Application Security Verification Standard (expierences, ideas for improvements)

|-

| related_project_name1 = Application Security Verification Standard (ASVS)
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss expierences with using ASVS

| summit_session_objective_name2 = Discuss specific requirements and ideas for improvement

| summit_session_objective_name3 = Create a white paper with ideas for revisions to the ASVS

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A short white paper with ideas for revisions to the ASVS, ready for evaluation by the community at large. Actual suggested revisions to the document are helpful, but not required if time does not allow.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Matthias Rohr
| summit_session_leader_email1 = mail@matthiasrohr.de

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session067
| session_home_page =  Summit_2011_Working_Sessions/Session067
}}

Summit 2011 Working Sessions/Session067

2011-02-09T09:56:23Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Steven van der Baan
| summit_session_attendee_email2 = steven.van.der.baan@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Wojciech Dworakowski
| summit_session_attendee_email3 = wojciech.dworakowski@securing.pl
| summit_session_attendee_username3 = Wojciech Dworakowski
| summit_session_attendee_company3= SecuRing
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= ASVS extensions. Requirements mapping to CWE, Top10 and other OWASP projects. ASVS requirements and risk impact. Level1 - tools availability.

| summit_session_attendee_name4 = Jim Manico
| summit_session_attendee_email4 = jim.manico@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4= Independent Consultant
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Love for ASVS

| summit_session_attendee_name5 = Vishal Garg
| summit_session_attendee_email5 = vishalgrg@gmail.com
| summit_session_attendee_username5 =
| summit_session_attendee_company5= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= ASVS adoption within and outside OWASP. One example - OWASP Development Guide.

| summit_session_attendee_name6 = Abraham Kang
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Keith Turpin
| summit_session_attendee_email7 = keith.turpin@owasp.org
| summit_session_attendee_username7 = Keith_Turpin
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Alexandre Miguel Aniceto
| summit_session_attendee_email8 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username8 = Alxandre Miguel Aniceto
| summit_session_attendee_company8= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = ASVS Project
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067

|-

| short_working_session_description=Discussion on the Application Security Verification Standard (expierences, ideas for improvements)

|-

| related_project_name1 = Application Security Verification Standard (ASVS)
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss expierences with using ASVS

| summit_session_objective_name2 = Discuss specific requirements and ideas for improvement

| summit_session_objective_name3 = Create a white paper with ideas for revisions to the ASVS

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A short white paper with ideas for revisions to the ASVS, ready for evaluation by the community at large. Actual suggested revisions to the document are helpful, but not required if time does not allow.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Matthias Rohr
| summit_session_leader_email1 = mail@matthiasrohr.de

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session067
| session_home_page =  Summit_2011_Working_Sessions/Session067
}}

Summit 2011 Working Sessions/Session069

2011-02-09T09:55:47Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Cecil Su
| summit_session_attendee_email2 = cecil.su@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2= GT
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Jason Taylor
| summit_session_attendee_email3 = jtaylor@securityinnovation.com
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Achim Hoffmann
| summit_session_attendee_email4 = achim@owasp.org
| summit_session_attendee_username4 = Achim
| summit_session_attendee_company4= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Carlos Serrão
| summit_session_attendee_email5 = carlos.serrao@iscte.pt
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Konstantinos Papapanagiotou
| summit_session_attendee_email6 = Konstantinos@owasp.org
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Vishal Garg
| summit_session_attendee_email7 = vishalgrg@gmail.com
| summit_session_attendee_username7 =
| summit_session_attendee_company7= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Mateo Martinez
| summit_session_attendee_email8 = mateo.martinez@owasp.org
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Daniel Brzozowski
| summit_session_attendee_email9 = daniel@brzozowski.biz
| summit_session_attendee_username9 = Daniel Brzozowski
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Tony UcedaVelez
| summit_session_attendee_email10 = tonyuv@owasp.org
| summit_session_attendee_username10 = Tony UcedaVelez
| summit_session_attendee_company10= VerSprite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Ralph Durkee
| summit_session_attendee_email11 = Ralph.Durkee@owasp.org
| summit_session_attendee_username11 =
| summit_session_attendee_company11= Durkee Consulting, Inc.
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 = Ricardo Melo
| summit_session_attendee_email12 = ricardo.melo@dri.pt
| summit_session_attendee_username12 = Ricardo Melo
| summit_session_attendee_company12= DRI
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Martin Knobloch
| summit_session_attendee_email13 = martin.knobloch@owasp.org
| summit_session_attendee_username13 = knoblochmartin
| summit_session_attendee_company13= PervaSec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 = Juan Jose Rider Jimenez
| summit_session_attendee_email14 = jjrider@wul4.es
| summit_session_attendee_username14 = Juan_Jose_Rider_Jimenez
| summit_session_attendee_company14= WUL4
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 = Alexandre Miguel Aniceto
| summit_session_attendee_email15 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username15 = Alexandre Miguel Aniceto
| summit_session_attendee_company15= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = OWASP TOP 10 online training in Hacking-Lab
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069
| mailing_list =

|-

| short_working_session_description= We would like to open an OWASP TOP 10 online training in Hacking-Lab. This training will likely have the following pre-conditions:
* OWASP top 10 training (all cases are covered)
* Trainer feature for some well-known, trustworthy OWASP members
* Access to the solution videos of the OWASP TOP 10 issues
* Branding the OWASP Hacking-Lab Event in an OWASP-style
* OWASP Certificate for those receiving full points to all lab cases

|-

| related_project_name1 = Hacking Lab
| related_project_url_1 = http://www.hacking-lab.com

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= To learn more about the OWASP TOP 10 cases in Hacking-Lab - Vulnerable Apps in HL

| summit_session_objective_name2 = Experience the users's view of a training - lab descriptions, exercises, send-solution, ranking, global ranking, my profile

| summit_session_objective_name3 = Experience the teacher's view of a training - solution movies, accpet or reject solutions from users, solution movie

| summit_session_objective_name4 = Experience the Hacking-Lab LiveCD (accessing the lab), teaming, levels in HL, avatar, rankings

| summit_session_objective_name5 = Talk about a potential collaboration between OWASP and Hacking-Lab for the future. Free OWASP TOP 10 training.

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = Proposed agenda: 

We will talk about Hacking-Lab, it's core services and digg into the users and teachers view of the portal page. You will experience the full features of the Hacking-Lab training infrastructure for being prepared, if Hacking-Lab could be a valuable service for a free OWASP TOP 10 training in the future.

a) introduction hacking-lab 
b) user view 
c) teacher view 
d) hands-on training with the livecd 

This way - everybody fully understands the available *service* in
question and we can then further negotiate the collaboration if this is
something OWASP want to digg into.

|-

|summit_session_deliverable_name1 = A plan to create free awesome OWASP T10 awareness training using HL and others. Integrate the various environments and create a prototype if possible.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Ivan Buetler
| summit_session_leader_email1 = ivan.buetler@csnc.ch

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session069
| session_home_page =  Summit_2011_Working_Sessions/Session069
}}

Summit 2011 Working Sessions/Session090

2011-02-08T00:00:05Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Abraham Kang
| summit_session_attendee_email1 = abraham.kang@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Alexandre Miguel Aniceto
| summit_session_attendee_email2 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username2 = Alexandre Miguel Aniceto
| summit_session_attendee_company2= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
|-
| summit_track_logo =
| summit_ws_logo =
| summit_session_name = OWASP Licensing
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session090

|-

| short_working_session_description= Go over the OWASP Licenses related to OWASP documentation to discuss if the is a way to make the license more amiable to corporate users thereby spurring sales of corporate sponsorships.

|-

| related_project_name1 = OWASP Guide
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project

| related_project_name2 = ESAPI
| related_project_url_2 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

| related_project_name3 = ASVS
| related_project_url_3 = http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Discuss the goals of the OWASP Licensing model for OWASP documents and informative materials.

| summit_session_objective_name2 = Understand better the corporate use cases for OWASP documentation and artifacts.

| summit_session_objective_name3 = Identify possible options for licensing changes to spur growth in corporate sponsorships.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = Corporations face similar problems related to educating, creating, and implementing security policies and measures. Corporations require update-to-date security material to supplement their policies. OWASP has this information but licensing constraints may be limiting use of OWASP material in enterprises.
|-

|summit_session_deliverable_name1 = Licensing Requirements for OWASP documentation

|summit_session_deliverable_name2 = List is existing Licenses used by OWASP projects.

|summit_session_deliverable_name3 = Problem corporations face with adopting and utilizing OWASP materials and code

|summit_session_deliverable_name4 = Recommendations for changes in the OWASP License

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Abraham Kang
| summit_session_leader_email1 = abraham.kang@owasp.org
| summit_session_leader_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = Abraham Kang
| operational_leader_email1 = abraham.kang@owasp.org
| operational_leader_username1 = Abraham Kang

|-

| meeting_notes =

|-
| session_name_mask =  Session090
| session_home_page =  Summit_2011_Working_Sessions/Session090
}}

Summit 2011 Working Sessions/Session002

2011-02-07T23:59:23Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_username1 = John.wilander
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = Michael.Coates@owasp.org
| summit_session_attendee_username2 = MichaelCoates
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Tony UcedaVelez
| summit_session_attendee_email3 = tonyuv@owasp.org
| summit_session_attendee_username3 = Tony UcedaVelez
| summit_session_attendee_company3= VerSprite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 = ceng@veracode.com
| summit_session_attendee_username6=
| summit_session_attendee_company6= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Nishi Kumar
| summit_session_attendee_email7 = nishi.kumar@owasp.org
| summit_session_attendee_username7=
| summit_session_attendee_company7= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Elke Roth-Mandutz
| summit_session_attendee_email8 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_username8=
| summit_session_attendee_company8=GSO-University of Applied Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Giorgio Fedon
| summit_session_attendee_email9 =
| summit_session_attendee_username9= gfedon
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Paolo Perego
| summit_session_attendee_email10 = thesp0nge@owasp.org
| summit_session_attendee_username10= thesp0nge
| summit_session_attendee_company10= Armoredcode.com
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Eduardo Vela
| summit_session_attendee_email11 = evn@google.com
| summit_session_attendee_username11= EduardoVela
| summit_session_attendee_company11= Google
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 = Abraham Kang
| summit_session_attendee_email12 = abraham.kang@owasp.org
| summit_session_attendee_username12= Abraham Kang
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Nuno Loureiro
| summit_session_attendee_email13 = nuno@sig9.net
| summit_session_attendee_username13 =
| summit_session_attendee_company13= SAPO
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 = Alexandre Miguel Aniceto
| summit_session_attendee_email14 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username14= Alexandre Miguel Aniceto
| summit_session_attendee_company14= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = HTML5 Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description=
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Handle autofocus in a unified and secure way'''.<noinclude> Make sure SOP applies for autofocus usage in frame/iframe'd websites. Re-discuss necessity for (future) attributes like this.</noinclude>

| summit_session_objective_name2 = '''Discuss necessity and capability for the HTML5 form controls'''.<noinclude> Do we need a non-SOP formaction attribute and why? </noinclude>

| summit_session_objective_name3 = <noinclude>'''Goal I''':</noinclude> Initiate and create documentation and references for developers that address security issues. <noinclude>Html5sec.org is a start but impossible to continue or extend large scale without vendor help</noinclude>

| summit_session_objective_name4 = <noinclude>'''Goal II''':</noinclude>Discuss and heavily restrict SVG capabilities - especially when deployed in CSS backgrounds and <img> tags. <noinclude>Mainly Opera and Mozilla are addressed here.</noinclude>

| summit_session_objective_name5 = '''Long Term Goal(s)''': Provide a working and easy to use as well as vendor supported HTML5 compliant filter software such as HTMLPurifier. <noinclude>Browser vendors should participate in creating security software and filters - not undermine them as we could experience in the last decade.</noinclude>
|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 

[[Image:Html5_mario_hackvertor.jpg‎‎]]

===Co-chair Mario Heiderich===
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the [http://html5sec.org/ HTML5 security cheat-sheet] and maintains the [http://php-ids.org/ PHPIDS filter rules]. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Browser Security Priority Report
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|summit_session_deliverable_name6 =
|summit_session_deliverable_url_6 =

|summit_session_deliverable_name7 =
|summit_session_deliverable_url_7 =

|summit_session_deliverable_name8 =
|summit_session_deliverable_url_8 =

|-

| summit_session_leader_name1 = Mario Heiderich
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org
| operational_leader_username1 = John.wilander

|-
| meeting_notes =
|-
| session_name_mask =  Session002
| session_home_page =  Summit_2011_Working_Sessions/Session002
}}
</includeonly>

Summit 2011 Working Sessions/Session039

2011-02-07T23:59:02Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Dinis Cruz
| summit_session_attendee_email1 = dinis.cruz@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Matthew Chalmers
| summit_session_attendee_email2 = matthew.chalmers@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mateo Martinez
| summit_session_attendee_email3 = mateo.martinez@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Jeremy Long
| summit_session_attendee_email4 = jeremy.long@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Matteo Meucci
| summit_session_attendee_email5 = matteo.meucci@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Minded Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Seba Deleersnyder
| summit_session_attendee_email6 = seba@owasp.org
| summit_session_attendee_username6 =
| summit_session_attendee_company6= SAIT Zenitel
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Daniel Brzozowski
| summit_session_attendee_email7 = daniel@brzozowski.biz
| summit_session_attendee_username7 = Daniel Brzozowski
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Paolo Perego
| summit_session_attendee_email8 = thesp0nge@owasp.org
| summit_session_attendee_username8 = thesp0nge
| summit_session_attendee_company8= Armoredcode.com
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Edward Bonver
| summit_session_attendee_email9 = edward@owasp.org
| summit_session_attendee_username9 = Edward Bonver
| summit_session_attendee_company9= Symantec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Ralph Durkee
| summit_session_attendee_email10 = Ralph.Durkee@owasp.org
| summit_session_attendee_username10 =
| summit_session_attendee_company10= Durkee Consulting, Inc.
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Nuno Loureiro
| summit_session_attendee_email11 = nuno@sig9.net
| summit_session_attendee_username11 =
| summit_session_attendee_company11= SAPO
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 = Ricardo Melo
| summit_session_attendee_email12 = ricardo.melo@dri.pt
| summit_session_attendee_username12 = Ricardo Melo
| summit_session_attendee_company12= DRI
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Martin Knobloch
| summit_session_attendee_email13 = martin.knobloch@owasp.org
| summit_session_attendee_username13 = knoblochmartin
| summit_session_attendee_company13= PervaSec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 = Alexandre Miguel Aniceto
| summit_session_attendee_email14 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username14 = Alexandre Miguel Aniceto
| summit_session_attendee_company14= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = OWASP Certification
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session039
| mailing_list =

|-

| short_working_session_description= This session aims to establish the model by which an certification/exam based on OWASP materials could be created. The topics of discussion will include:
* What is a workable/acceptable certification model for OWASP's Community?
* What types of certification should there be?
* What would a CC-licensed certification exam look like (as executed by others)?
* Since OWASP is not interested or able to administer certifications itself who could run/administer such CC certifications/exams?
* What should OWASP's official position be on entities that provide OWASP based certifications?

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Determine whether certification would have value for OWASP's Community

| summit_session_objective_name2 = Determine a model by which certification based on OWASP materials could succeed

| summit_session_objective_name3 = Determine a model for creation and distribution of a CC-licensed certification exam based on OWASP materials

| summit_session_objective_name4 = (if agreed) Determine a model for supporting the administration of certification based on OWASP Materials

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A business plan for evaluation by the community at large.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 =
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-
| meeting_notes =

|-
| session_name_mask =  Session039
| session_home_page =  Summit_2011_Working_Sessions/Session039
}}

Summit 2011 Working Sessions/Session001

2011-02-07T23:52:57Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Email John Wilander if you are unable to edit the Wiki and would like to sign up!
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Eduardo Vela
| summit_session_attendee_email3 = evn@google.com
| summit_session_attendee_username3 = EduardoVela
| summit_session_attendee_company3= Google
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 = ceng@veracode.com
| summit_session_attendee_username6 =
| summit_session_attendee_company6= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Alexandre Miguel Aniceto
| summit_session_attendee_email7 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username7 = Alexandre Miguel Aniceto
| summit_session_attendee_company7= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = DOM Sandboxing
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description= '''Virtualization and Sandboxing for Secure Multi-Domain Web Apps'''
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Attenuated versions of existing apis to sandboxed code'''. <noinclude>How should browsers introduce new apis into the sandbox or allow the sandbox to provide attenuated versions of existing apis to sandboxed code? For example, lets say the sandbox wants to provide an attenuated "alert" function to sandboxed code which does something slightly different than the real "alert". What kind of apis could the browser provide to safely allow such extensions/apis? Do these need to be standardized such that different sandbox vendors can interoperate.</noinclude>

| summit_session_objective_name2 = '''Client side sandboxed apps maintaining state and authentication'''.<noinclude> For example if a user is created in a sandboxed app how is it determined what that user can do?</noinclude>

| summit_session_objective_name3 = '''Create a standard for modifying a sandboxed environment'''

| summit_session_objective_name4 = '''Deprecate and discourage standards''' which ambiently or undeniably pass credentials.

| summit_session_objective_name5 = '''Create a standard for authentication within a sandboxed environment''' (maybe interfacing with existing auth without passing creds like 0Auth works)

|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 
[[Image:JS_DOM_Box_Jasvir_Gaz.jpg]]

===Co-chair Dr Jasvir Nagra===
Jasvir Nagra is a researcher and software engineer at Google. He is the designer of [http://code.google.com/p/google-caja/ Caja] - a secure subset of HTML, CSS and JavaScript; co-author of [http://www.amazon.com/Surreptitious-Software-Obfuscation-Watermarking-Tamperproofing/dp/0321549252 Surreptitious Software] - a book on obfuscation, software watermarking and tamper-proofing, contributer to [http://shindig.apache.org/ Shindig] - the reference implementation of OpenSocial.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report

|summit_session_deliverable_name2 = Browser Security Priority List

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Dr. Jasvir Nagra
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org

|-
| meeting_notes =
|-
| session_name_mask =  Session001
| session_home_page =  Summit_2011_Working_Sessions/Session001
}}
</includeonly>

Summit 2011 Working Sessions/Session094

2011-02-07T23:52:30Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Tony UcedaVelez
| summit_session_attendee_email1 = tonyuv@owasp.org
| summit_session_attendee_username1 = Tony UcedaVelez
| summit_session_attendee_company1= VerSprite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = John Menerick
| summit_session_attendee_email2 = jmenerick@netsuite.com
| summit_session_attendee_username2 = John Menerick
| summit_session_attendee_company2= NetSuite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= (remote)

| summit_session_attendee_name3 = Daniel Brzozowski
| summit_session_attendee_email3 = daniel@brzozowski.biz
| summit_session_attendee_username3 = Daniel Brzozowski
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Alexandre Miguel Aniceto
| summit_session_attendee_email4 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username4 = Alexandre Miguel Aniceto
| summit_session_attendee_company4= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
|-
| summit_track_logo = [[Image:T._mitigation.jpg]]
| summit_ws_logo = [[Image:WS._mitigation.jpg]]
| summit_session_name = Microsoft's SDL in 16 steps (and lessons learned)
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session094
| mailing_list =

|-

| short_working_session_description= This OWASP Working Session will explore the Simplified SDL and its 16 security practices implementation guidance (see reference materials below). The Simplified SDL is a platform-agnostic process for implementing proven application security practices in any size organization.
This working group will discuss the feasibility of creating one or more practical, platform-specific resource libraries for each of the security practices in the 16 steps of the Simplified SDL. Further, we will discuss prioritization of the 16 Practices for organizations implementing security in an incremental fashion.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Discuss additional reference materials and identifying publicly-available tools targeting a variety of platforms (web, OSX, Unix, mobile platforms, etc) in an effort to provide practical, platform-specific implementation guidance for each of the security practices in the 16 Steps of the Simplified SDL.

| summit_session_objective_name2 = Define the practical “crawl/walk/run” steps for adopting the 16 Practices of the Simplified SDL for development organizations of any size.

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =
Reference materials: [http://go.microsoft.com/?linkid=9708425 Simplified SDL paper] & [http://blogs.msdn.com/b/sdl/archive/2011/01/26/only-16-security-practices-implementation-guidance-included.aspx 16 Steps blog post].

|-

|summit_session_deliverable_name1 = Identify 1-2 target platforms and potential locations for a library of platform-specific guidance and tools associated with each of the 16 practices of the Simplified SDL.

|summit_session_deliverable_name2 = Identify OWASP contributors who are willing to help build the content for #1.

|summit_session_deliverable_name3 = Define the practical “crawl/walk/run” steps for adopting the 16 Practices of the Simplified SDL for development organizations of any size.

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Jeremy Dallman
| summit_session_leader_email1 = jdallman@exchange.microsoft.com
| summit_session_leader_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session094
| session_home_page =  Summit_2011_Working_Sessions/Session094
}}

Summit 2011 Working Sessions/Session005

2011-02-07T23:52:06Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = michael.coates@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Eduardo Vela
| summit_session_attendee_email3 = evn@google.com
| summit_session_attendee_username3 = EduardoVela
| summit_session_attendee_company3= Google
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Tobias Gondrom
| summit_session_attendee_email5 = tobias.gondrom@gondrom.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5= IETF
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Alexandre Miguel Aniceto
| summit_session_attendee_email6 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username6 = Alexandre Miguel Aniceto
| summit_session_attendee_company6= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = Site Security Policy
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session005
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description= Are new opt-in HTTP headers the right way to add security features? For example:
* [http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02 HTTP Strict Transport Security] for enforced HTTPS (supported in Chrome 4, Firefox+NoScript, Firefox 4 and up)
* [http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx X-Frame-Options] for non-framing (supported in IE8, FF3.6, Safari 4, Opera 10.5, Chrome 4 and up)
* [https://developer.mozilla.org/en/Introducing_Content_Security_Policy Content Security Policy] for whitelisting of script and media sources (supported in Firefox 4 and up)

|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =
|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 

===Co-chair John Wilander===
[http://www.owasp.org/index.php/User:John.wilander John Wilander] is chapter co-leader in Sweden and ran the AppSec conference in Stockholm 2010. He is still [http://www.ida.liu.se/~johwi/research_publications/ pursuing his PhD in software security] and works as an appsec consultant in media/banking/healthcare.

===Co-chair Michael Coates===
[http://www.owasp.org/index.php/User:MichaelCoates Michael Coates] is a long-time OWASP contributor and leader, as well as a Mozilla employee. He leads the [http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project AppSensor] and the [http://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet TLS Cheat Sheet] project.
|-

|summit_session_deliverable_name1 = Browser Security Report

|summit_session_deliverable_name2 = Browser Security Priority List

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = John Wilander
| summit_session_leader_email1 = john.wilander@owasp.org
| summit_session_leader_username1 = John.wilander

| summit_session_leader_name2 = Michal Coates
| summit_session_leader_email2 = michael.coates@owasp.org
| summit_session_leader_username2 = MichaelCoates

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org

|-
| meeting_notes =
|-
| session_name_mask =  Session005
| session_home_page =  Summit_2011_Working_Sessions/Session005
}}
</includeonly>

Summit 2011 Working Sessions/Session030

2011-02-07T23:51:45Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Chris Schmidt
| summit_session_attendee_email2 = chris.schmidt@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=Aspect Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Justin Clarke
| summit_session_attendee_email3 = justin.clarke@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Dan Cornell
| summit_session_attendee_email4 = dan@denimgroup.com
| summit_session_attendee_username4 =
| summit_session_attendee_company4=Denim Group
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = John Steven
| summit_session_attendee_email5 = john.steven@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Cigital.com
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Ralph Durkee
| summit_session_attendee_email6 = Ralph.Durkee@owasp.org
| summit_session_attendee_username6 =
| summit_session_attendee_company6= Durkee Consulting, Inc.
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Alexandre Miguel Aniceto
| summit_session_attendee_email7 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username7 = Alexandre Miguel Aniceto
| summit_session_attendee_company7= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._secure_coding.jpg]]
| summit_ws_logo = [[Image:WS._secure_coding.jpg]]
| summit_session_name = Providing Access to Persisted Data
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session030
| mailing_list =
|-

| short_working_session_description=This session will focus on developing patterns for protecting data while at rest and generating example code samples for different frameworks and technologies.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Create design and code examples for protecting access to database tables and rows by role

| summit_session_objective_name2 = Create design and code examples for protecting access to data when 'auto-wiring' and marshalling

| summit_session_objective_name3 = Create design and code examples for protecting sensitive data at rest

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A short reference architecture/coding examples type of guideline that clearly explains positive and negative examples of accessing persisted data.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Dan Cornell
| summit_session_leader_email1 = dan@denimgroup.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session030
| session_home_page =  Summit_2011_Working_Sessions/Session030
}}

Summit 2011 Working Sessions/Session028

2011-02-07T23:51:18Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Elke Roth-Mandutz
| summit_session_attendee_email1 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_username1 =
| summit_session_attendee_company1= GSO-University of Applied Sciences
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Jim Manico
| summit_session_attendee_email2 = jim@manico.net
| summit_session_attendee_username2 =
| summit_session_attendee_company2=Infrared Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Chris Schmidt
| summit_session_attendee_email3 = chris.schmidt@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=Aspect Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Justin Clarke
| summit_session_attendee_email4 = justin.clarke@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Neil Matatall
| summit_session_attendee_email5 = NEIL@OWASP.ORG
| summit_session_attendee_username5 = nmatatal
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Tony UcedaVelez
| summit_session_attendee_email6 = tonyuv@owasp.org
| summit_session_attendee_username6 = Tony UcedaVelez
| summit_session_attendee_company6= VerSprite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Fred Donovan
| summit_session_attendee_email7 = fred.donovan@owasp.org
| summit_session_attendee_username7 =
| summit_session_attendee_company7= Attack Logic
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Alexandre Miguel Aniceto
| summit_session_attendee_email8 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username8 = Alexandre Miguel Aniceto
| summit_session_attendee_company8= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._secure_coding.jpg]]
| summit_ws_logo = [[Image:WS._secure_coding.jpg]]
| summit_session_name = Protecting Information Stored Client-Side
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028
| mailing_list =
|-

| short_working_session_description=This section will focus on providing mechanisms for protecting important or sensitive data applications and services need to store client-side. Contexts this section aims to cover include:

* Personal or user-specific information
* Application-specific information (tokens, secrets)
* Key configuration data, other EIS/service information

For the purpose of the Portugal Summit, the session will focus on development within a "classic" N-tier Java application environment.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Produce an informal threat model for each development scenario

| summit_session_objective_name2 = Impart clear and simple shared understanding of threats associated with each development scenario (and dispel common misunderstandings/idioms)

| summit_session_objective_name3 = Define solution that resists defined attacks

| summit_session_objective_name4 = Deliver solution implementation (snippets) to https://code.google.com/p/secure-coding-workshop/

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = Within the N-tier Java environment, the session will tackle the following development scenarios:

1) - Coat Check
* Removing information from a client
* Server-side storage, memento pattern
* Solving scale issues
2) - Purse
* Storing app-important information (like a purse)
* Resisting attack with augmented plain-text storage!
* Supporting back, reload, etc.
* Patterns & design for anti-tampering protocols
3) - Nuclear Briefcase
* Sensitive, opaque information
* Shuttling information between 3rd parties

Future summits will address the following two contexts as well:

* Phones (ios, Android)
* RIA

However, for the purpose of this coming session, we will only conduct planning and 'homework assignments' for these contexts in the next session (likely Minnesota).

The session will work each of the three above development scenarios within the n-tier environment using the following work stream:

* Define problem
* Conduct Cigital-style Threat Model (TM) exercise
* Co-design solution based on particular threats and attack vectors
* Implement solution within provided sample application-ette
* Discuss testing and verification strategies for solution.

Participants will be taken through the above work stream, an abbreviated 'build security in' process designed to focus on implementation (rather than documentation or assurance), to restructure applications to demonstrate security patterns, integrate existing security functionality, or build security controls as necessary.

|-

|summit_session_deliverable_name1 = (see objectives) Threat Models
|summit_session_deliverable_name2 = (see objectives) Code Snippets

|summit_session_deliverable_name3 = Plan and Extra-summit work-items for exercises in Phone and RIA contexts during next summit

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = John Steven
| summit_session_leader_email1 = John.Steven@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-
| meeting_notes =

|-
| session_name_mask =  Session028
| session_home_page =  Summit_2011_Working_Sessions/Session028
}}

Summit 2011 Working Sessions/Session099

2011-02-07T23:49:44Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Colin Watson
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mateo Martinez
| summit_session_attendee_email3 = mateo.martinez@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Dinis Cruz
| summit_session_attendee_email4 = dinis.cruz@owasp.org
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Jim Manico
| summit_session_attendee_email5 = jim.manico@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Neil Matatall
| summit_session_attendee_email6 = neil@owasp.org
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Christian Martorella
| summit_session_attendee_email7 = laramies@gmail.com
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Steven van der Baan
| summit_session_attendee_email8 = steven.van.der.Baan@owasp.org
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Nishi Kumar
| summit_session_attendee_email9 = nishi787@hotmail.com
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Cecil Su
| summit_session_attendee_email10 = cecil.su@owasp.org
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Antonio Fontes
| summit_session_attendee_email11 = antonio.fontes@owasp.org
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 = Sherif Koussa
| summit_session_attendee_email12 = sherif.koussa@owasp.org
| summit_session_attendee_username12 =
| summit_session_attendee_company12= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Matthias Rohr
| summit_session_attendee_email13 = m.rohr@sec-consult.com
| summit_session_attendee_username13 =
| summit_session_attendee_company13= SEC Consult
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 = Vishal Garg
| summit_session_attendee_email14 = vishalgrg@gmail.com
| summit_session_attendee_username14 =
| summit_session_attendee_company14= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 = Matteo Meucci
| summit_session_attendee_email15 = matteo.meucci@owasp.org
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 = Seba Deleersnyder
| summit_session_attendee_email16 = seba@owasp.org
| summit_session_attendee_username16 =
| summit_session_attendee_company16= SAIT Zenitel
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 = Tony UcedaVelez
| summit_session_attendee_email17 = tonyuv@owasp.org
| summit_session_attendee_username17 = Tony UcedaVelez
| summit_session_attendee_company17= VerSprite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 = L. Gustavo C. Barbato
| summit_session_attendee_email18 = lgbarbato@owasp.org
| summit_session_attendee_username18 = Gustavo Barbato
| summit_session_attendee_company18= Dell
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 = Edward Bonver
| summit_session_attendee_email19 = edward@owasp.org
| summit_session_attendee_username19 = Edward Bonver
| summit_session_attendee_company19= Symantec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 = Ofer Maor
| summit_session_attendee_email20 = ofer.maor@owasp.org
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

| summit_session_attendee_name21 = Wojciech Dworakowski
| summit_session_attendee_email21 = wojciech.dworakowski@securing.pl
| summit_session_attendee_username21 = Wojciech Dworakowski
| summit_session_attendee_company21= SecuRing
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed21=

| summit_session_attendee_name22 = Alexandre Miguel Aniceto
| summit_session_attendee_email22 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username22 = Alexandre Miguel Aniceto
| summit_session_attendee_company22= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed22=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Threat Modeling
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099

|-

| short_working_session_description=Discussion on various components of threat modeling, threat modeling methodologies and their challenges.

|-

| related_project_name1 = Threat Modeling
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Reviewing existing methodologies and their pros and cons

| summit_session_objective_name2 = Assigning business impacts to threats

| summit_session_objective_name3 = Assigning technical impacts to threats

| summit_session_objective_name4 = Threat Rating System.

| summit_session_objective_name5 = Can we bring attack trees into main stream threat modeling methodology?

| summit_session_objective_name6 = Can we use metrics to promote threat modeling?

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A document with a public recommendation on the use of threat modeling
|summit_session_deliverable_name2 = An OWASP standard defining what a threat model is.

|summit_session_deliverable_name3 = An OWASP standard defining a workflow for creating and maintaining a threat model.

|summit_session_deliverable_name4 = A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Anurag Agarwal
| summit_session_leader_email1 = anurag@myappsecurity.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session099
| session_home_page =  Summit_2011_Working_Sessions/Session099
}}

Summit 2011 Working Sessions/Session058

2011-02-07T23:48:28Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Jason Taylor
| summit_session_attendee_email1 = jtaylor@securityinnovation.com
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Sherif Koussa
| summit_session_attendee_email3 = sherif.koussa@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Vishal Garg
| summit_session_attendee_email4 = vishalgrg@gmail.com
| summit_session_attendee_username4 =
| summit_session_attendee_company4= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Matteo Meucci
| summit_session_attendee_email5 = matteo.meucci@owasp.org
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Minded Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Elke Roth-Mandutz
| summit_session_attendee_email6 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_username6 =
| summit_session_attendee_company6= GSO-University of Applied Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Mateo Martinez
| summit_session_attendee_email7 = mateo.martinez@owasp.org
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Doug Wilson
| summit_session_attendee_email8 = dougDOTwilsonATowaspDOTorg
| summit_session_attendee_username8 = Dallendoug
| summit_session_attendee_company8= [http://www.mandiant.com Mandiant]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8= I would like to see a convergence occur, but it strikes me as a holy grail. Suggest considering that no one standard will ever work, so look at transformations and conversions amongst a small group.

| summit_session_attendee_name9 = Ofer Maor
| summit_session_attendee_email9 = ofer.maor@owasp.org
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Wojciech Dworakowski
| summit_session_attendee_email10 = wojciech.dworakowski@securing.pl
| summit_session_attendee_username10 = Wojciech Dworakowski
| summit_session_attendee_company10= SecuRing
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Alexandre Miguel Aniceto
| summit_session_attendee_email11 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username11 = Alexandre Miguel Aniceto
| summit_session_attendee_company11= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058
| mailing_list =
|-
| short_working_session_description = One of the biggest challenges of running an application security program is assembling the vulnerability findings from disparate tools, services, and consultants in a meaningful fashion. There are numerous standards for classifying vulnerabilities but little agreement on severity, exploitability, and/or business impact. One consultant may subjectively rate a vulnerability as critical while another will call it moderate. Some tools will attempt to gauge exploitability levels (which can be a black art in and of itself), others won't. Tools use everything from CWE to the OWASP Top Ten to the WASC TC to CAPEC. Security consultants often disregard vulnerability classification taxonomies in favor of their own "proprietary" systems. Sophisticated organizations may create their own internal system for normalizing output, but others can't afford to undertake such an effort. Until tool vendors and service providers can standardize on one methodology -- or maybe a couple -- for counting and scoring application defects, they are doing their customers a disservice.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss existing methods for counting and scoring defects, by vendors and practitioners willing to share their methodologies.

| summit_session_objective_name2 = Discuss advantages and disadvantages of a standardized approach.

| summit_session_objective_name3 = Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = White paper sketching out a standard for rating risks that accomodates individual minor defects all the way through architectural flaws (that may represent many individual defects)

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com
| summit_session_leader_username1 = Chris Eng

| summit_session_leader_name2 = Chris Wysopal
| summit_session_leader_email2 = cwysopal@Veracode.com
| summit_session_leader_username2 = Chris Wysopal

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

Summit 2011 Working Sessions/Session057

2011-02-07T23:47:54Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Vishal Garg
| summit_session_attendee_email2 = vishalgrg@gmail.com
| summit_session_attendee_username2 =
| summit_session_attendee_company2= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= Consumers should have the visibility into the efforts made by businesses to secure their web portals, before they (consumers) provide their personal and credit card information.

| summit_session_attendee_name3 = Doug Wilson
| summit_session_attendee_email3 = dougDOTwilsonATowaspDOTorg
| summit_session_attendee_username3 = Dallendoug
| summit_session_attendee_company3= [http://www.mandiant.com Mandiant]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= I have had contact with a variety of government organizations who are interested in measuring more than just flaws or vulnerabilities to get a better view of the value of software rather than just cataloging defects.

| summit_session_attendee_name4 = Alexandre Miguel Aniceto
| summit_session_attendee_email4 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username4 = Alexandre Miguel Aniceto
| summit_session_attendee_company4= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Metrics and Labeling
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057
| mailing_list =

| short_working_session_description= Consumers and organizations enlist the services of web-based services with no ability to make an informed decision on its security. This can include enterprise class websites such as payment processing, HR portals, benefits administration, and other corporate services, as well as consumer centric websites such as tax preparation, personal finance, social media, or medical records. While the companies providing these services are unlikely to share detailed information about known vulnerabilities in their systems, it would be beneficial to have a standardized mechanism for describing the security controls and processes in place. In other words, what are they doing right that should give consumers some level of confidence that the provider exercises application security best practices?

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss positive security properties that should be tracked

| summit_session_objective_name2 = Discuss options for consumer-friendly labeling

| summit_session_objective_name3 = Discuss ways to encourage participation in risk labeling

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = White paper sketching out a standard for a software security label and a plan to finalize the standard.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com
| summit_session_leader_username1 = Chris Eng

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session057
| session_home_page =  Summit_2011_Working_Sessions/Session057
}}

Summit 2011 Working Sessions/Session055

2011-02-07T23:46:24Z

Alexandre Miguel Aniceto:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Tony UcedaVelez
| summit_session_attendee_email1 = tonyuv@owasp.org
| summit_session_attendee_username1 = Tony UcedaVelez
| summit_session_attendee_company1= VerSprite
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_username2 = Justin42
| summit_session_attendee_company2= Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name2 = Eoin Keary
| summit_session_attendee_email2 = eoin.keary@owasp.org
| summit_session_attendee_username2 = EoinKeary
| summit_session_attendee_company2= Ernst & Young
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Sherif Koussa
| summit_session_attendee_email3 = sherif.koussa@owasp.org
| summit_session_attendee_username3 = Koussa
| summit_session_attendee_company3= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Konstantinos Papapanagiotou
| summit_session_attendee_email4 = Konstantinos@owasp.org
| summit_session_attendee_username4 = conpap
| summit_session_attendee_company4= Syntax IT Inc
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Vishal Garg
| summit_session_attendee_email5 = vishalgrg@gmail.com
| summit_session_attendee_username5= Vishal_Garg
| summit_session_attendee_company5= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Mateo Martinez
| summit_session_attendee_email6 = mateo.martinez@owasp.org
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Mikko Saario
| summit_session_attendee_email7 = midis@ovi.com
| summit_session_attendee_username7=
| summit_session_attendee_company7= Nokia
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Ofer Maor
| summit_session_attendee_email8 = ofer.maor@owasp.org
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Nuno Loureiro
| summit_session_attendee_email9 = nuno@sig9.net
| summit_session_attendee_username9=
| summit_session_attendee_company9= SAPO
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Wojciech Dworakowski
| summit_session_attendee_email10 = wojciech.dworakowski@securing.pl
| summit_session_attendee_username10= Wojciech Dworakowski
| summit_session_attendee_company10= SecuRing
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Tobias Gondrom
| summit_session_attendee_email11 = tobias.gondrom@gondrom.org
| summit_session_attendee_username11= Tgondrom
| summit_session_attendee_company11= IETF
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 = Juan Jose Rider
| summit_session_attendee_email12 = jjrider@wul4.es
| summit_session_attendee_username12= Juan_Jose_Rider_Jimenez
| summit_session_attendee_company12 = WUL4
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Alexandre Miguel Aniceto
| summit_session_attendee_email13 = alexandre.aniceto@sekirite.org
| summit_session_attendee_username13 = Alexandre Miguel Aniceto
| summit_session_attendee_company13= Willway
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Risk Metrics
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055
| mailing_list =

|-

| short_working_session_description= We all know that you can’t control what you can’t measure and that you need to measure the right things or you won’t be steering towards the right outcome. For this session we will define the right outcome as “low risk to an organization from vulnerabilities in applications.” This session will discuss assigning business risk to applications and it would also be great if this could be translated into monetary risk to determine if an organizations investment in applications is not too much or too little. This is a big unsolved problem so come prepared with ideas and be willing to take part in a discussion.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Quantify business criticality of a deployed application

| summit_session_objective_name2 = Translate technical risks into business risks (speak the language of management)

| summit_session_objective_name3 = Translate technical risk into approximate financial risk

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Paper describing definitions and formula for determining business criticality

|summit_session_deliverable_name2 = Paper translating technical language and risks into business language and monetary risk

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Wysopal
| summit_session_leader_email1 = cwysopal@Veracode.com
| summit_session_leader_username1 = Chris Wysopal

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session055
| session_home_page =  Summit_2011_Working_Sessions/Session055
}}