OWASP - User contributions [en]

Summit 2011/Summit Venue Logistics

2011-01-09T14:43:32Z

Buanzo: /* Birthday Parties */

{{:Summit_2011/Summit_Tasks_Header}}

This page contains information about logistics issues related to the Summit 2011 venue

=Venue=
Main point of contact: TBC

Here is all information related to Summit Venue infrastructure

==Venue Information==
* (put links to venue data here (for example maps))

==Wireless Network(s)==
Main point of contact: Filipe Lacerda

The current plan is to have 3 Wireless networks (with maybe the hotel's used as a backup 4th)

# Attendees Network - this is the general access one, which will be used by all attendees. This is the one that will be hit the most and the one what will be protected and monitored by Trustwave
# Summit Team Network - this is a dedicated private network for the Summit Team. Access should be very limited and should have the maximum/strongest SLA (i.e. if one network cannot go down it is this one)
# CTF (Capture The Flag) Network - This will be a network that would contain all traffic related to CTF and other security research activities (it is an interesting question if this should be connected to the Internet, BUT, we might have authorization to perform 'ethical' security reviews to other Portuguese websites, and if so, all such tests should be executed via this network)

==Summit Team 'Control Centre'==
Main point of contact: TBC

==Working Sessions Rooms==
Main point of contact: TBC
Description: Set-up rooms, create environments for smaller Working sessions

==Printing/Production Station==
Main point of contact: TBC

==Working Areas==
Main point of contact: TBC
Description: A significant number of Attendees will need to perform work while they are at the Summit. A number of per-allocated spaces should be created (think 'Hot desking') so that there is a calm, silent and focused location for them to use.

=Social Events=
Main point of contact: TBC

This is all information about the social events that will be organized at the Summit

==Dinners Logistics==
Main point of contact: TBC

==Happy Hours==
Main point of contact: TBC

==Mountain Hike/Walk==
Main point of contact: TBC
Description: Post main conference (6PMish) walk at the local forest (work with Hotel on this)

==OWASP Band==
Main point of contact: TBC

==Football match==
* '''Main point of contact''': TBC
* '''When''': Wednesday night (projected)
* '''Description''': Game of 6-a-side [http://en.wikipedia.org/wiki/Football Football] match (Soccer for the US crowd)
* '''Ideas''': Depending how many people will want to play football we could organize only one match, or have a mini-tournament with a 'Country vs Country' or 'Brazil vs Rest-of-the-world' or 'Builders vs vs Breakers' , etc...

==Golf Tournament==
Main point of contact: TBC

==Gala Dinner==
* '''Main point of contact''': TBD
* '''When''': Thursday (projected)
* '''Description''': ...

==Birthday Parties==
* '''Main point of contact''': Arturo 'Buanzo' Busleiman
* '''When''': TBD
* '''Description''': Identify which owasp leader (and Summit participant) has its birthday during the Summit (from Mon 7th till Fri 11th) and prepare something special for them.
* '''Who and When''':
** 8th (Tue):
*** Arturo 'Buanzo' Busleiman (participating remotely)
*** Lucas Ferreira
** 11th (Fri)
*** Mateo Martinez

Summit 2011/Summit Venue Logistics

2011-01-09T14:42:55Z

Buanzo: added lucas

{{:Summit_2011/Summit_Tasks_Header}}

This page contains information about logistics issues related to the Summit 2011 venue

=Venue=
Main point of contact: TBC

Here is all information related to Summit Venue infrastructure

==Venue Information==
* (put links to venue data here (for example maps))

==Wireless Network(s)==
Main point of contact: Filipe Lacerda

The current plan is to have 3 Wireless networks (with maybe the hotel's used as a backup 4th)

# Attendees Network - this is the general access one, which will be used by all attendees. This is the one that will be hit the most and the one what will be protected and monitored by Trustwave
# Summit Team Network - this is a dedicated private network for the Summit Team. Access should be very limited and should have the maximum/strongest SLA (i.e. if one network cannot go down it is this one)
# CTF (Capture The Flag) Network - This will be a network that would contain all traffic related to CTF and other security research activities (it is an interesting question if this should be connected to the Internet, BUT, we might have authorization to perform 'ethical' security reviews to other Portuguese websites, and if so, all such tests should be executed via this network)

==Summit Team 'Control Centre'==
Main point of contact: TBC

==Working Sessions Rooms==
Main point of contact: TBC
Description: Set-up rooms, create environments for smaller Working sessions

==Printing/Production Station==
Main point of contact: TBC

==Working Areas==
Main point of contact: TBC
Description: A significant number of Attendees will need to perform work while they are at the Summit. A number of per-allocated spaces should be created (think 'Hot desking') so that there is a calm, silent and focused location for them to use.

=Social Events=
Main point of contact: TBC

This is all information about the social events that will be organized at the Summit

==Dinners Logistics==
Main point of contact: TBC

==Happy Hours==
Main point of contact: TBC

==Mountain Hike/Walk==
Main point of contact: TBC
Description: Post main conference (6PMish) walk at the local forest (work with Hotel on this)

==OWASP Band==
Main point of contact: TBC

==Football match==
* '''Main point of contact''': TBC
* '''When''': Wednesday night (projected)
* '''Description''': Game of 6-a-side [http://en.wikipedia.org/wiki/Football Football] match (Soccer for the US crowd)
* '''Ideas''': Depending how many people will want to play football we could organize only one match, or have a mini-tournament with a 'Country vs Country' or 'Brazil vs Rest-of-the-world' or 'Builders vs vs Breakers' , etc...

==Golf Tournament==
Main point of contact: TBC

==Gala Dinner==
* '''Main point of contact''': TBD
* '''When''': Thursday (projected)
* '''Description''': ...

==Birthday Parties==
* '''Main point of contact''': Arturo 'Buanzo' Busleiman
* '''When''': TDB
* '''Description''': Identify which owasp leader (and Summit participant) has its birthday during the Summit (from Mon 7th till Fri 11th) and prepare something special for them
* '''Who and When''':
** 8th (Tue):
*** Arturo 'Buanzo' Busleiman (participating remotely)
*** Lucas Ferreira
** 11th (Fri)
*** Mateo Martinez

File:IBWAS10-Jify.pdf

2010-12-16T11:41:29Z

Buanzo: OWASP IBWAS Buanzo Jify Conference Talk 2010

OWASP IBWAS Buanzo Jify Conference Talk 2010

File:IBWAS10-Enigform.pdf

2010-12-16T11:37:45Z

Buanzo: OWASP IBWAS Buanzo Enigform training 2010

OWASP IBWAS Buanzo Enigform training 2010

OWASP IBWAS10

2010-12-16T11:17:24Z

Buanzo:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:IBWAS10 logo.gif|621x280px]]
| align="center" |
*[https://docs.google.com/document/pub?id=15GNipvLBz39-8SCbm1TqFfJtK8QUHOwrD4xkIU9Wl54 Press Release]
*[[OWASP IBWAS10/Media Mentions|Media Mentions]]
*[[OWASP IBWAS10/Venue|Venue's Location]]
*[[OWASP IBWAS10/Team|Conference's Team]]
*[[OWASP IBWAS10/Archived|Archived]]
*[[OWASP IBWAS10/Internals|Internals]]
*[[IBWAS09|IBWAS09]]
 [http://www.twitter.com/ibwas10 http://twitter-badges.s3.amazonaws.com/twitter-a.png]
[http://www.facebook.com/#!/group.php?gid=113336378677245 http://www.allofads.com/files/images/facebook-logo.jpg] [http://events.linkedin.com/2nd-Ibero-American-Web-Application/pub/273820 http://static03.linkedin.com/img/logos/logo_linkedin_88x22.png]
|}

==== About ====

{| width="100%" cellspacing="10" cellpadding="1" border="0" align="center"
|-
| align="left" | This event is a joint organization of the [http://www.owasp.org/index.php/Portuguese Portuguese] and [http://www.owasp.org/index.php/Spain Spanish] OWASP chapters.
|-
| align="left" |  Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood still. This training course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
|-
| align="left" |  This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security.
|-
| align="left" |  Conference proceedings will be published by OWASP, and distributed in electronic format.
|}

==== Training ====

{{:IBWAS10 Training}}

==== Conference ====
 
The Conference date is 17 December 2010, Room B2.03 (same as Trainings).
 
{{:OWASP IBWAS10 Conference Line-Up}}

==== Registration ====

{| width="100%" cellspacing="5" cellpadding="0" border="0" align="center"
|-
| valign="middle" bgcolor="#ccccee" align="center" | '''TRAINING'''
| valign="middle" bgcolor="#ccccee" align="center" | '''CONFERENCE'''
|-
| width="50%" valign="middle" align="center" | {{Template:OWASP Training/Price/Free
| Price = Free
| registration_url = http://www.eventbrite.com/event/1073670377?ref=elink
| registration_name = Register Now!
}}
| width="50%" valign="middle" align="center" | {{Template:OWASP Conference/Price/Free
| Price = Free
| Registration_url = http://ibwas10.eventbrite.com/
| Registration_name = Register Now!
}}
|}

==== Sponsors ====

{{:OWASP IBWAS10/Sponsors}} __NOTOC__ <headertabs />

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_IBWAS]] [[Category:OWASP_Training]]

OWASP/Training/Implementation of Enigform for Wordpress

2010-12-16T11:13:23Z

Buanzo:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training Modules</noinclude>
| Module_designation = [[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project]]
| Module_Overview_Goal =
 
Implement Enigform Authentication for Wordpress, from a bare-bones Ubuntu server installation to a working blog. To find problems, solve and document them. Learn, have fun, ask questions, have more fun.

If you can, bring a laptop with a virtualization solution installed with Ubuntu 9.10.

| Content =
 
*Mod_Openpgp Installation: Dependencies, mod_openpgp and EPS
*Server Keypair Creation
*Client Keypair Creation and Import into Server's Keyring
*Running EPS (Enigform Python Server)
*Apache VirtualHost Configuration for EPS and mod_openpgp
*Installing Enigform in your Firefox Browser
*Wordpress Plugin Installation and Configuration
*Wordpress Template Editing

 
| Material =
 
*[http://wiki.buanzo.org/index.php?n=Main.Wp-enigform-authentication Wordpress Plugin for Enigform Authentication - Definitive Guide]
*[http://www.owasp.org/index.php/File:Enigform.pdf Enigform pdf]

}}

[[Category:OWASP_Training|Training]]

IBWAS10

2010-11-11T17:38:53Z

Buanzo: fixed eningform -> enigform

__NOTOC__

= 2nd. OWASP Ibero-American Web Application Security Conference (IBWAS'10) =

held at [http://www.iscte.pt/ ISCTE - Lisbon University Institute] |

[http://ibwas09.netmust.eu IBWAS'09 (last year editon)] - [http://www.owasp.org/index.php/IBWAS09 Internal OWASP site]

'''16 - 17 December 2010''' (NEW DATES - PREVIOUS DATES CANCELLED DUE TO A GENERAL STRIKE IN PORTUGAL)

(a joint organization of the [http://www.owasp.org/index.php/Portuguese Portuguese] and [http://www.owasp.org/index.php/Spain Spanish] OWASP chapters)

 

==== Welcome ====

{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
http://www.allofads.com/files/ibwas10/PromoIBWAS10-700px.jpg

IBWAS'10, the 2nd. OWASP Ibero-American Web Application Security conference will be held in Lisbon (Portugal), on the '''16th and 17th December 2010''' ('''dates have been changed''').

The conference will take place at the [http://www.iscte.pt ISCTE - Lisbon University Institute]. The location details can be found [http://www.owasp.org/index.php/Ibwas10#tab=Venue here].

Conference proceedings will be '''published by OWASP, and distributed in electronic format'''. Last year proceedings were published by Springer ('''this year the proceedings will not be published by Springer due to a low number of submissions''').

{|
|-
|http://ibwas09.netmust.eu/files/ibwas10/CCIS_72.png
|This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

In addition to the technical issues of the conference programme, our website provides you with tourist information on the city of Lisbon, unique for its cultural and historical richness, lovely surroundings and other nice places to visit around the city.
|-
|}

'''Who Should Attend IBWAS'10:'''

*Academics
*Researchers
*Lifelong learning educators
*Technical staff
*Secondary, vocational, or tertiary educators
*Professionals from the private and public sector
*Technologists and Scientifics
*School counsellors, principals and teachers
*Education policy development representatives
*General personnel from vocational sectors
*Student counsellors
*Career/employment officers
*Education advisers
*Student Unions
*Bridging program lecturers & support staff
*Library personnel
*International support and services staff
*Open learning specialists
*Application Developers
*Application Testers and Quality Assurance
*Application Project Management and Staff
*Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
*Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
*Security Managers and Staff
*Executives, Managers, and Staff Responsible for IT Security Governance
*IT Professionals Interesting in Improving IT Security

...and any person interested in Web Application and Services Security and Information Security in general.

We look forward to seeing you in Lisbon!

|}



| valign="top" style="border: 0px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0);" | 
[[File:ibwas10-logo-main.png]] 
[http://www.twitter.com/ibwas10 http://twitter-badges.s3.amazonaws.com/twitter-a.png]
[http://www.facebook.com/#!/group.php?gid=113336378677245 http://www.allofads.com/files/images/facebook-logo.jpg]
[http://events.linkedin.com/2nd-Ibero-American-Web-Application/pub/273820 http://static03.linkedin.com/img/logos/logo_linkedin_88x22.png]

{|
|-
| style="border: 1px solid rgb(204, 204, 204); width: 100%; font-size: 95%; color: rgb(0, 0, 0); background-color: rgb(236, 236, 236);" |
Use the '''[http://search.twitter.com/search?q=%23ibwas10 #ibwas10]''' hashtag for your tweets (What are [http://hashtags.org/ hashtags]?)

'''@ibwas10 Twitter Feed ([http://twitter.com/ibwas10 follow us on Twitter!])'''
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

{|
|-
| align = "right" |
[http://www.iscte.pt http://ibwas09.netmust.eu/files/iscte-iul.png]

[http://www.adetti.pt http://ibwas09.netmust.eu/files/adetti.png]

[http://www.maxdata.pt http://ibwas09.netmust.eu/files/ibwas10/maxdata.png]

[http://www.noesis.pt http://ibwas09.netmust.eu/files/ibwas10/noesis.png]

[http://www.isecauditors.com http://ibwas09.netmust.eu/files/pasted-graphic.jpg]

[http://lasige.di.fc.ul.pt/ http://ibwas09.netmust.eu/files/lasige.png]

'''Media Partners:'''

[http://www.aeiou.pt http://ibwas09.netmust.eu/files/ibwas10/aeiou.png]

[http://www.borrmart.es/redseguridad.php http://ibwas09.netmust.eu/files/redseguridad.jpg]
|}

|}


==== Call for Papers (CLOSED) ====

'''THE IBWAS'10 CALL FOR PAPERS IS NOW CLOSED!!!'''

=== Call for Papers (english version) ===
[[#Call for Papers (portuguese version)]] [[#Call for Papers (spanish version)]]

You can find here a [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP.pdf PDF version] of the Call for Papers. Also in [http://ibwas09.netmust.eu/files/ibwas10/IBWAS10-CfP-PT.pdf Portuguese] (Português)

== Introduction ==

There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.

As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.

This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

== Conference Topics ==

Suggested topics for papers submission include (but are not limited to):
*Secure application development
*Security of service oriented architectures
*Security of development frameworks
*Threat modelling of web applications
*Cloud computing security
*Web applications vulnerabilities and analysis (code review, pen-test, static analysis etc.)
*Metrics for application security
*Countermeasures for web application vulnerabilities
*Secure coding techniques
*Platform or language security features that help secure web applications
*Secure database usage in web applications
*Access control in web applications
*Web services security
*Browser security
*Privacy in web applications
*Standards, certifications and security evaluation criteria for web applications
*Application security awareness and education
*Security for the mobile web
*Attacks and Vulnerability Exploitation

== Paper Submission Instructions ==

Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure ([http://www.easychair.org/conferences/?conf=ibwas10 submission site]). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip in Word Format] and in [ftp://ftp.springer.de/pub/tex/latex/llncs/latex2e/llncs2e.zip LateX format]).

The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.

Each paper should clearly indicate the nature of its technical/scientific contribution, and the problems, domains or environments to which it is applicable.

Papers that are out of the conference scope or contain any form of plagiarism will be rejected without reviews.

Remarks about the on-line submission procedure:

1. A "double-blind" paper evaluation method will be used. To facilitate that, the authors are kindly requested to produce and provide the paper, WITHOUT any reference to any of the authors. This means that is necessary to remove the author’s personal details, the acknowledgements section and any reference that may disclose the authors identity

2. Papers in ODF, PDF, DOC, DOCX or RTF format are accepted

3. The web submission procedure automatically sends an acknowledgement, by e-mail, to the contact author.

= Paper submission types=

'''Regular Paper Submission'''

A regular paper presents a work where the research is completed or almost finished. It does not necessary means that the acceptance is as a full paper. It may be accepted as a "full paper" (30 min. oral presentation), a "short paper" (15 min. oral presentation) or a "poster".

'''Position Paper Submission'''

A position paper presents an arguable opinion about an issue. The goal of a position paper is to convince the audience that your opinion is valid and worth listening to, without the need to present completed research work and/or validated results. It is, nevertheless, important to support your argument with evidence to ensure the validity of your claims. A position paper may be a short report and discussion of ideas, facts, situations, methods, procedures or results of scientific research (bibliographic, experimental, theoretical, or other) focused on one of the conference topic areas. The acceptance of a position paper is restricted to the categories of "short paper" or "poster", i.e. a position paper is not a candidate to acceptance as "full paper".

= Camera-ready =

After the reviewing process is completed, the contact author (the author who submits the paper) of each paper will be notified of the result, by e-mail. The authors are required to follow the reviews in order to improve their paper before the camera-ready submission.

= Publications =

All accepted papers will be published in the conference proceedings, under an ISBN reference. Conference proceedings will be published by OWASP in electronic format ('''Springer proceedings have been canceled due to a low number of paper submissions''').

== Web-site ==

http://www.ibwas.com

== Secretariat ==

E-mail: secretariat@ibwas.com

== Important Dates ==

Submission of papers and all other contributions due: '''31st October 2010'''

Notification of acceptance: '''28th November 2010''' (delayed)

Camera-ready version of accepted contributions: '''5th December 2010'''

Conference: '''16th – 17th December 2010'''

=== Call for Papers (portuguese version) ===

== Introdução ==

Existe uma mudança profunda no paradigma de desenvolvimento de sistemas de informação nos nossos dias. A emergência de tecnologias Web 2.0 levaram a um desenvolvimento e implantação massiva de aplicações e serviços Web, como a forma de desenvolvimento de sistemas de informação flexíveis. Tais sistemas são simples de desenvolver, instalar e manter e demonstram um conjunto de funcionalidades atractivas para os utilizadores, o que as tornam tão apetecíveis.

Como resultado desta mudança paradigmática, os requisitos de segurança também se alteraram. Estes sistemas de informação baseados na Web possuem diferentes requisitos de segurança, quando comparados com sistemas tradicionais. Neste tipo de sistemas é possível encontrar aspectos importantes de segurança e de privacidade que podem afectar a forma como os mesmos operam e comprometer os seus utilizadores. Acresce o facto de que a emergência da Computação na Nuvem, que promete ainda mais flexibilidade, tem ainda um impacto mais forte nestes requisitos de segurança e de privacidade. O ambiente de segurança deve envolver não apenas o ambiente circundante mas igualmente o núcleo aplicacional.

Esta conferência pretende juntar peritos em segurança aplicacional, investigadores, educadores e profissionais da indústria, academia e comunidades internacionais como a OWASP, por forma a discutirem de forma aberta os problemas e as soluções de segurança aplicacional. Neste contexto, investigadores provenientes da academia e da indústria poderão combinar os resultados da sua investigação com a experiência de profissionais e de engenheiros de software.

== Temas da Conferência ==
Os temas sugeridos para submissão de trabalhos incluem os seguintes (mas não se limitam apenas aos listados):
*Desenvolvimento Seguro de Aplicações
*Segurança de Arquitecturas Orientadas por Serviços
*Segurança das Estruturas e Ferramentas de Desenvolvimento
*Modelação de Ameaças a Aplicações Web
*Segurança em Cloud Computing
*Vulnerabilidades e Análise de Aplicações Web (revisão de código, testes de penetração, análise estática, etc)
*Métricas para Segurança Aplicacional
*Contra-medidas para Vulnerabilidades em Aplicações Web
*Técnicas de Desenvolvimento e Codificação em Segurança
*Funcionalidades da Plataforma ou Linguagem de Desenvolvimento para a Segurança de Aplicações Web
*Utilização Segura de Bases de Dados em Aplicações Web
*Controlo de Acesso em Aplicações Web
*Segurança em Serviços Web
*Segurança do Browser Web
*Privacidade em Aplicações Web
*Normas, Certificações e Critérios para Avaliação da Segurança em Aplicações Web
*Sensibilização e Educação para a Segurança Aplicacional
*Segurança para a Web Móvel
*Ataques e Exploração de Vulnerabilidades

== Instruções para a submissão de trabalhos ==

Os autores deve submeter um trabalho original escrito em Inglês, devidamente verificado para evitar incorrecções gramaticais ou sintácticas, usando o procedimento de submissão on-line (http://www.easychair.org/conferences/?conf=ibwas10). Por favor, verifique os formatos aceites para os trabalhos e tenha atenção a dimensão máxima dos mesmos (limite de 12 páginas, de acordo com o modelo fornecido e que pode ser obtido a partir da seguinte URL: ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip).

As indicações para a formatação dos trabalhos fornecidos no site da conferência e no template devem ser estritamente seguidas pelos autores que desejem submeter trabalhos. O formato de submissão é o mesmo do formato final. Por favor, siga as instruções de formatação usadas no template.

Cada trabalho deve indicar com clareza a natureza da sua contribuição técnica/científica e os problemas, domínios ou ambientes para o qual é aplicável.

Todos os artigos que estejam fora do âmbito da conferência ou que sob os quais sejam detectados actos de plágio, serão liminarmente rejeitados.

Alguns detalhes sobre o procedimento de submissão:

1. Será utilizado um procedimento de revisão anónimo, que será repetido por pelo menos dois revisores autónomos. Para facilitar este processo, que se pretende seja rápido, eficiente e justo, é solicitado aos autores que produzam os seu trabalho e que o submetam, SEM qualquer referência a algum dos autores do mesmo. Isto significa que é necessário remover os detalhes pessoais do autor, a secção de agradecimentos e qualquer outra referência que possa revelar a identidade dos autores;

2. Serão aceites os seguintes formatos de ficheiros na submissão: ODF, PDF, DOC, DOCX e RTF;

3. O processo de submissão on-line envia automaticamente uma notificação, através do correio electrónico, do resultado da submissão ao autor correspondente.

= Tipos de submissão de trabalhos =

'''Submissão de trabalhos regulares'''

Um trabalho regular apresenta o trabalho em que a pesquisa está terminada ou muito próximo de estar completa. Não significa que o trabalho seja aceite na categoria de “trabalho completo”. Pode ser aceite como “trabalho completo” (apresentação oral de 30 minutos), “trabalho curto” (apresentação oral de 15 minutos) ou “poster”.

'''Submissão de trabalhos de posição'''

Um trabalho de posição apresenta uma opinião para discussão num determinado assunto. O objectivo de um trabalho deste tipo é o de convencer a audiência de que a sua opinião é válida e vale a pena ser escutada, sem ser necessário apresentar trabalho completo de pesquisa e/ou resultados devidamente validados. É no entanto importante suportar os seus argumentos com provas e assegurar a validade das mesmas. Um trabalho deste tipo pode ser relatório curto e a discussão de ideias, factos, situações, métodos, procedimentos ou resultados de pesquisa científica (bibliográfica, experimental, teórica ou outra) focada num dos temas da conferência. A aceitação de um trabalho de posição está restringido às categorias de “artigo curto” ou “poster”.

= Formato Final =

Depois de concluído o processo de revisão dos trabalhos submetidos, o autor de contacto (que submeteu o trabalho para a conferência) será notificado do resultado da apreciação. Os autores cujos trabalhos forem aceites devem seguir as recomendações dos revisores de melhoria dos seus trabalhos antes de submeterem a versão final dos mesmos.

= Publicações =

Todos os trabalhos aceites serão publicados na acta de conferência, com uma identificação ISBN. A acta da conferência será publicada pela OWASP em formato electrónico ('''a edição pela Springer foi cancelada devido ao número baixo de submissões recebidas''').

== Site de Web ==

http://www.ibwas.com

== Secretariado ==

Endereço de correio electrónico: secretariat@ibwas.com

== Datas importantes ==

Submissão de trabalhos: '''31 de Outubro de 2010'''

Notificação de Aceitação: '''28 de Novembro de 2010'''

Versão final dos trabalhos aceites: '''5 de Dezembro de 2010'''

Conferência: '''16 e 17 de Dezembro de 2010'''

=== Call for Papers (spanish version) ===

== Introducción ==

Existen importantes cambios en el paradigma del desarrollo de los sistemas de información. La aparición de tecnologías Web 2.0 ha permitido el desarrollo e implantación de forma masiva de aplicaciones y servicios web como una manera de desarrollar nuevos y flexibles sistemas de información. Estos sistemas son fáciles de desarrollar, implementar y mantener, además de aportar atractivas características para los usuarios favoreciendo así el uso masivo que encontramos actualmente.

Como resultado de este cambio de paradigma, los requisitos de seguridad también han cambiado. Estos sistemas de información basados en la Web tienen diferentes requisitos de seguridad en comparación con los sistemas tradicionales. Se han identificado los aspectos de seguridad más importantes y la privacidad también es un problema que se ha planteado recientemente. Además, el emergente paradigma Cloud Computing promete una mayor flexibilidad; sin embargo, los problemas de seguridad y privacidad aún necesitan ser revisados. El entorno de seguridad debería implicar no sólo al ambiente circundante, sino también el núcleo de la aplicación.

Esta conferencia pretende reunir a expertos en seguridad de aplicaciones, investigadores, educadores y profesionales de la industria, el sector académico y comunidades internacionales, como OWASP, con el fin de discutir los problemas abiertos y nuevas soluciones en seguridad de aplicaciones. En este contexto, los investigadores académicos serán capaces de combinar resultados interesantes con la experiencia de los profesionales y los ingenieros de software.

== Temas de la Conferencia ==

Los temas sugeridos para el envío de presentaciones incluyen (pero no estan limitados a):

* Desarrollo seguro de aplicaciones
* Seguridad en arquitecturas orientadas a servicios
* Seguridad en frameworks de desarrollo
* Modelado de amenazas en aplicaciones Web
* Seguridad en Cloud Computing
* Vulnerabilidades y Anaĺisis de aplicaciones Web (revisión de código, pruebas de intrusión, análisis estático, etc.)
* Métricas para seguridad en aplicaciones
* Soluciones y recomendaciones para las vulnerabilidades en aplicaciones Web
* Técnicas de codificación segura
* Características de seguridad de la plataforma o lenguaje que ayuda a incrementar el nivel de seguridad en las aplicaciones Web
* Uso seguro de bases de datos en aplicaciones Web
* Control de acceso en aplicaciones Web
* Seguridad en servicios Web
* Seguridad en navegadores Web
* Privacidad en las aplicaciones Web
* Estándares, certificaciones y criterios de evaluación de la seguridad para aplicaciones Web
* Sensibilización y educación sobre seguridad en aplicaciones
* Seguridad para la Web móvil
* Ataques y explotación de vulnerabilidades

== Instrucciones para el envío de presentaciones ==

Los autores deben presentar un documento original en inglés, tras revisar cuidadosamente la gramática y ortografía, utilizando el procedimiento de envío on-line. Por favor, compruebe las características del documento ya que debe ser consciente del límite de páginas aceptadas (12 páginas, de acuerdo a una plantilla que se facilita y que pueden descargar desde aquí [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip en formato Word]).

Las directrices para el formato del documento facilitadas en el sitio web de la conferencia deben ser seguidas estrictamente para todos los trabajos presentados. El formato de presentación es el mismo que el formato final para impresión. Por favor revise y siga cuidadosamente las instrucciones y las plantillas proporcionadas.

Cada trabajo debe indicar claramente la naturaleza de su contribución técnica/científica, y los problemas, dominios o entornos en los que es aplicable.

Los trabajos que estén fuera del alcance de conferencias o puedan contener cualquier forma de plagio serán descartados directamente.

Comentarios sobre el procedimiento de presentación on-line:

1. Se utilizará un método de revisión anónimo, que será repetido al menos por dos revisores. Para facilitar esto, se ruega a los autores que proporcionen el trabajo sin ninguna referencia a los autores. Esto significa que es necesario eliminar los datos personales del autor, la sección de agradecimientos y toda referencia que pueda revelar la identidad de los autores.

2. Se aceptan documentos en formato: ODF, PDF, DOC, DOCX o RTF.

3. El procedimiento de presentación Web automáticamente envía un acuse de recibo, por correo electrónico, al autor de contacto.

= Tipos de envío de presentaciones =

'''Envío de presentaciones normales'''

Una presentación normal presenta un trabajo donde la investigación se ha completado o casi finalizado. Esto no necesariamente significa que la aceptación sea sobre un trabajo completo. Puede ser aceptado como un "trabajo completo" (30 min. de presentación oral), un "trabajo corto" (15 min. de presentación oral) o "poster".

'''Envío de presentaciones de posición'''

Una presentación de posición presenta una opinión discutible sobre un tema. El objetivo de un trabajo de posición es convencer a la audiencia que su opinión es válida y merece la pena ser escuchada, sin la necesidad de presentar un trabajo de investigación finalizado y/o los resultados validados. Es importante, sin embargo, apoyar su argumento con evidencias para asegurar la validez de sus opiniones. Un trabajo de posición puede ser un breve documento y discusión de ideas, hechos, situaciones, métodos, procedimientos o resultados de la investigación científica (bibliográfica, experimental, teórico o de otro tipo) centrado en uno de los temas de la conferencia. La aceptación de una presentación de posición se limita a las categorías de "trabajo corto" o "poster", es decir, una presentación de posición no es candidata para ser aceptada como "trabajo completo".

= Versión Final =

Después de que el proceso de revisión se complete, el autor de contacto (el autor que presenta el documento) de cada trabajo será notificado del resultado, por correo electrónico. Los autores están obligados a seguir las revisiones con el objetivo de mejorar su trabajo antes del envío de la versión final.

= Publicaciones =

Todos los trabajos aceptados serán publicados por OWASP en los materiales de las conferencias, bajo una referencia ISBN.

== Sitio de las Conferencias ==

http://www.ibwas.com

== Secretaría ==

Dirección de correo electrónicio: secretariat@ibwas.com

== Fechas importantes ==

Envío de presentaciones: '''31 de Octubre de 2010'''

Notificación de aceptación: '''28 de Noviembre de 2010'''

Versión final de presentaciones aceptadas: '''5 de Deciembre de 2010'''

Conferencias: '''16 y 17 de Deciembre de 2010'''

==== Organization and Program Committee ====

=== IBWAS'10 Chairs ===

'''Carlos Serrão''', ISCTE-IUL Instituto Universitário de Lisboa, OWASP Portugal, Portugal

'''Vicente Aguilera Díaz''', Internet Security Auditors, OWASP Spain, Spain

=== IBWAS'10 Organization ===
'''Fabio Cerullo''', OWASP Global Education Committee, Ireland

'''Dinis Cruz''', OWASP Board Member, UK

'''Paulo Coimbra''', OWASP Project Manager, UK

'''Miguel Correia''', Universidade de Lisboa, Portugal

'''Paulo Sousa''', Universidade de Lisboa, Portugal

'''Lucas C. Ferreira''', Câmara dos Deputados, Brasil

'''Arturo "Buanzo" Busleiman''', OWASP Argentina, Argentina

'''Martin Tartarelli''', OWASP Argentina, Argentina

'''Paulo Querido''', Portugal

=== IBWAS'10 Program Committee ===

'''André Zúquete''', Universidade De Aveiro, Portugal '''Candelaria Hernández-Goya''', Universidad De La Laguna, Spain '''Carlos Costa''', Universidade De Aveiro, Portugal '''Carlos Ribeiro''', Instituto Superior Técnico, Portugal '''Eduardo Neves''', OWASP Education Committee, OWASP Brazil, Brazil '''Francesc Rovirosa i Raduà''', Universitat Oberta de Catalunya (UOC), Spain '''Gonzalo Álvarez Marañón''', Consejo Superior de Investigaciones Científicas (CSIC), Spain '''Isaac Agudo''', University of Malaga, Spain '''Jaime Delgado''', Universitat Politecnica De Catalunya, Spain '''Javier Hernando''', Universitat Politecnica De Catalunya, Spain '''Javier Rodríguez Saeta''', Herta Security, Spain '''Joaquim Castro Ferreira''', Universidade de Aveiro, Portugal '''Joaquim Marques''', Instituto Politécnico de Castelo Branco, Portugal '''Jorge Dávila Muro''', Universidad Politécnica de Madrid (UPM), Spain '''Jorge E. López de Vergara''', Universidad Autónoma de Madrid, Spain '''José Carlos Metrôlho''', Instituto Politécnico de Castelo Branco, Portugal '''José Luis Oliveira''', Universidade De Aveiro, Portugal '''Kuai Hinojosa''', OWASP Global Education Committee, New York University, United States '''Leonardo Chiariglione''', Cedeo, Italy '''Leonardo Lemes''', Unisinos, Brasil '''Manuel Sequeira''', ISCTE-IUL Instituto Universitário de Lisboa, Portugal '''Marco Vieira''', Universidade de Coimbra, Portugal '''Mariemma I. Yagüe''', University of Málaga, Spain '''Miguel Correia''', Universidade de Lisboa, Portugal '''Miguel Dias''', Microsoft, Portugal '''Nuno Neves''', Universidade de Lisboa, Portugal '''Osvaldo Santos''', Instituto Politécnico de Castelo Branco, Portugal '''Panos Kudumakis''', Queen Mary University of London, United Kingdom '''Paulo Sousa''', Universidade de Lisboa, Portugal '''Rodrigo Roman''', University of Malaga, Spain '''Rui Cruz''', Instituto Superior Técnico, Portugal '''Rui Marinheiro''', ISCTE-IUL Instituto Universitário de Lisboa, Portugal '''Sérgio Lopes''', Universidade do Minho, Portugal '''Tiejun Huang''', Pekin University, China '''Víctor Villagrá''', Universidad Politécnica de Madrid (UPM), Spain '''Vitor Filipe''', Universidade de Trás-os-Montes e Alto Douro, Portugal '''Vitor Santos''', Microsoft, Portugal '''Vitor Torres''', Universitat Pompeu Fabra, Spain '''Wagner Elias''', OWASP Brazil Chapter Leader, Brazil

==== Registration ====

== Important Dates ==

Submission of papers and all other contributions due: '''31st October 2010'''

Notification of acceptance: '''28th November 2010'''

Camera-ready version of accepted contributions: '''5th December 2010'''

Conference: '''16th – 17th December 2010'''

Registration will be available as soon as possible.

==== 16th December ====

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training</noinclude>
| Course_designation = OWASP Projects and Resources you can use TODAY!

| Course_Overview_Goal
= 

*Apart from OWASP's Top 10, most [[:Category:OWASP_Project|OWASP Projects]] are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.

*This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.

*If you are interested in participating in the hands on portion of the course, please bring a laptop.

 
| Date = December 16, 2010
| Venue = [http://www.iscte.pt/ ISCTE - Lisbon University Institute]
| Price = Free
| Course_Registration_url = www.
| Course_Registration_name = To be created
| Modules =

{{Template:Training_Module_Row_View
| Time = 09h00 (30m)
| Module_Name = Guided tour of OWASP Projects
| Module_Link = http://www.owasp.org/index.php/Category:OWASP_Project
| Trainer = [[user:Dinis.cruz|Dinis Cruz (OWASP Board)]]
| Presentation_Name = Tour of OWASP’s projects
| Presentation_Link = http://www.owasp.org/index.php/File:OWASP_India_-_Tour_of_OWASP_projects.ppt
}}

{{Template:Training_Module_Row_View
| Time = 09h30 (60m)
| Module_Name = OWASP Top 10
| Module_Link = http://www.owasp.org/index.php/GPC_Project_Details/OWASP_Top10
| Trainer = [[user:John.wilander|John Wilander (OWASP Sweden Chapter Leader)]]
| Presentation_Name = OWASP Top 10 2010 from a Developer's Perspective
| Presentation_Link = http://www.owasp.org/index.php/OWASP/Training/OWASP_Top_10
}}

{{Template:Training Module Row Break
| Time = 10h30 (15m)
| Break_Reason = Coffee Break
}}

{{Template:Training_Module_Row_View
| Time = 10h45 (60m)
| Module_Name =
| Module_Link =
| Trainer = [[user:Knoblochmartin|Martin Knobloch (OWASP Netherlands Chapter Leader)]]
| Presentation_Name =
| Presentation_Link =
}}

{{Template:Training_Module_Row_View
| Time = 11h45 (75m)
| Module_Name =
| Module_Link =
| Trainer =
| Presentation_Name =
| Presentation_Link =
}}

{{Template:Training Module Row Break
| Time = 13h00 (60m)
| Break_Reason = Lunch
}}

{{Template:Training_Module_Row_View
| Time = 14h00 (150m)
| Module_Name = Implementation of Enigform for Wordpress
| Module_Link = http://www.owasp.org/index.php/Category:OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp
| Trainer = [[user:Buanzo|Arturo 'Buanzo' Busleiman (Project Leader)]]
| Presentation_Name = Wordpress Plugin for Enigform Authentication - Definitive Guide
| Presentation_Link = http://wiki.buanzo.org/index.php?n=Main.Wp-enigform-authentication
}}

{{Template:Training Module Row Break
| Time = 16h30 (15m)
| Break_Reason = Coffee Break
}}

{{Template:Training_Module_Row_View
| Time = 16h45 (30m)
| Module_Name = OWASP O2 Platform
| Module_Link = http://www.owasp.org/index.php/OWASP_O2_Platform
| Trainer = [[user:Dinis.cruz|Dinis Cruz (Project Leader)]]
| Presentation_Name = What is the OWASP O2 Platform
| Presentation_Link = http://www.o2-ounceopen.com/files-binaries-source-and-demo/old-documents-and-presentations/OWASP_O2_Platform_-_AppSec_Ireland_Sep_2009.pdf
}}

}}

==== 17th December ====

This is still a draft agenda!

{| cellspacing="1" cellpading="1" border="0" bgcolor="#dddddd" align="center"
|- valign="middle"
| height="60" align="center" colspan="3" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | '''Dec 17th 2010'''
|- valign="middle"
| width="100" bgcolor="#ffff99" align="center" | 9:00 - 9:30
| bgcolor="#ffff99" align="center" colspan="2" | Registration (Welcome Desk)
|- valign="middle"
| width="100" bgcolor="#ffff99" align="center" | 9:00 - 10:00
| bgcolor="#ffff99" align="center" colspan="2" | Opening Ceremony
|- valign="middle"
| width="100" bgcolor="#ffff99" align="center" | 10:00 - 11:00
| bgcolor="#ffff99" align="center" colspan="2" | Keynote Speech
|- valign="middle"
| width="100" bgcolor="#ffff99" align="center" | 11:00 - 11:15
| bgcolor="#ffff99" align="center" colspan="2" | Coffee Break
|- valign="middle"
| height="120" width="100" bgcolor="#ffcc99" align="center" | 11:15 - 13:00
| width="300" bgcolor="#ffcc99" align="center" | Presentation Session
| width="300" bgcolor="#ffcc99" align="center" | Presentation Session
|- valign="middle"
| height="80" width="100" bgcolor="#ffff99" align="center" | 13:00 - 14:30
| bgcolor="#ffff99" align="center" colspan="2" | Lunch Break
|- valign="middle"
| width="100" bgcolor="#ffff99" align="center" | 14:30 - 15:30
| bgcolor="#ffff99" align="center" colspan="2" | Keynote Speech
|- valign="middle"
| height="120" width="100" bgcolor="#ffcc99" align="center" | 15:30 - 17:00
| width="300" bgcolor="#ffcc99" align="center" | Paper Session (3 papers)
| width="300" bgcolor="#ffcc99" align="center" | Paper Session (3 papers)
|- valign="middle"
| width="100" bgcolor="#ffff99" align="center" | 17:00 - 17:15
| bgcolor="#ffff99" align="center" colspan="2" | Coffee Break
|- valign="middle"
| height="120" width="100" width="100" bgcolor="#ffcc99" align="center" | 17:15 - 19:00
| width="300" bgcolor="#ffcc99" align="center" | Presentation Session
| width="300" bgcolor="#ffcc99" align="center" | Presentation Session
|}
 

== Keynote: ==

'''Professor Carlos Ribeiro'''

[[File:carlosribeiro.jpg]]

[http://www.ist.utl.pt/ Instituto Superior Técnico], [http://www.utl.pt/ Universidade Técnica de Lisboa], Portugal

== Talk: The Thing That Should Not Be (a glimpse into the future of web application security) ==

'''Bruno Morisson'''

[[File:brunomorisson.jpg]]

[http://www.integrity.pt/ Integrity, S.A.], Portugal

Developers are not security practicioners. Security practitioners are not developers. Developers create web applications. Security practitioners want those apps to be secure (sometimes even if security breaks functionality).
Are developers and security practitioners like oil and water ? Are security practitioners taking the right approach to help web developers understand and prevent security issues, or are we simply trying to brute force developers into security gurus ?

== Talk: Developing Secure Applications with OWASP ==

'''Martin Knobloch'''

[[File:martinknobloch.jpg]]

[http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands

After an introduction about OWASP, Martin will higlight the top projects of OWASP. During the presentation Martin does explain how OWASP material can be used to raise awareness about secure appliation development and how OWASP material does fit into a (secure) development lifecycle.

== Talk: Developing compliant applications ==

'''Martin Knobloch'''

[[File:martinknobloch.jpg]]

[http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands

How to develop applications to be compliant to security related laws and regulations?
To be compliant means to follow the regulations, most of the times not known by the developers. To be compliant includes to proof to be compliant.
This presentation is about how to develop compliant (Web) applications that prove to be compliant!

== Talk: Software Security in the Clouds ==

'''Miguel Correia'''

[[File:miguelcorreia.jpg]]

[http://www.ul.pt/ University of Lisboa], [http://www.fc.ul.pt/ Faculty of Sciences], Portugal

Recently an expert wrote rather enfatically that "the current state of security in commercial software is rather distasteful, marked by embarrassing public reports of vulnerabilities and actual attacks". This situation is particularly concerning in times when companies are exporting their applications and data to cloud computing systems. The first part of the talk will be a personal vision of the combination of techniques and tools needed for protecing software. The second part will argue that this combination is still insuficient for critical applications in the cloud and propose solutions based on distributing trust among different clouds.

== Talk: Jiffy - A secure instant messenger ==

'''Arturo 'Buanzo' Busleiman'''

[[File:arturobuanzo.jpg]]

[http://www.owasp.org/index.php/Argentina OWASP Argentina], Argentina

Jiffy - "Just for you" is an instant messaging system baseed
on OWASP's Enigform, SSL and the OpenPGP Web-of-Trust. In this talk,
Buanzo will introduce us to OpenPGP, Enigform and Jiffy.

==== Papers ====
=== Papers ===
Authors should submit an original paper in English, carefully checked for correct grammar and spelling, using the on-line submission procedure ([http://www.easychair.org/conferences/?conf=ibwas10 submission site]). Please check the paper formats so you may be aware of the accepted paper page limits (12 pages, in accordance to a supplied template, that can be downloaded from here: [ftp://ftp.springer.de/pub/tex/latex/llncs/word/LNCS-Office2007.zip in Word Format]).

The guidelines for paper formatting provided at the conference web site must be strictly used for all submitted papers. The submission format is the same as the camera-ready format. Please check and carefully follow the instructions and templates provided.

=== Accepted Papers ===

==== Speakers ====

=== Keynote Speakers ===

{|
|-
|'''Professor Carlos Ribeiro'''

[[File:carlosribeiro.jpg]]

[http://www.ist.utl.pt/ Instituto Superior Técnico], [http://www.utl.pt/ Universidade Técnica de Lisboa], Portugal

|Carlos Ribeiro (Ph.D.) is Professor at the Computer and Information Systems Department at the IST/UTL, where he teaches Network Security, Computer Security, Security Protocols and Operating Systems courses. He has received his PhD degree in Computer Science in 2002 from IST/UTL. Carlos Ribeiro's main research area is Security. He is co-coordenator of the PhD in Information Security, and vice-president of IST computer and network unit. He has been a researcher at Inesc-id since 2002, where he is currently the leader of the Distributed Systems research Group. He has participated in several National and International research projects in computer and network security, and has been an active researcher in the e-voting field since 2002.
|-
|}

=== Panel Speakers ===

{|
|-
|'''Miguel Almeida'''
[[File:miguelalmeida.jpg]]

[http://www.miguelalmeida.pt Independent Security Consultant], Portugal

|Miguel Almeida is an independent computer and network security professional. He has been testing, reviewing and advising on information security for the last ten years. His work has been focused on financial institutions and it has included engagements where, for a broad view of information security, the technical side as well as the organizational and procedural sides have been analyzed.
Before becoming an independent consultant, Miguel was working with Deloitte and KPMG, where he was responsible for the information security practices in these companies. He was Senior Manager at Deloitte and, before, he was a Manager at KPMG.
His academic studies include Computer Engineering at Instituto Superior Técnico and he is a Microsoft Certified Professional [on Windows security].
|-
|}

{|
|-
|'''Bruno Morisson'''
[[File:brunomorisson.jpg]]

[http://www.integrity.pt/ Integrity, S.A.], Portugal

|Bruno Morisson is a Consultant and Partner at INTEGRITY S.A., a
Consulting and Advisory firm focusing on Information Security
Management, Telecom Management and IT Governance, where he provides
consultancy, auditing and advisory services. In a past life he has
held positions as a Senior Information Security Consultant and as
Security Operations Manager, providing information security management
services to customers in the financial, public and energy sectors in
Portugal.

For the last 12 years he's been involved in several areas of
Information Security, from consulting, architecture, engineering,
auditing and penetration testing, as well as integration of OpenSource
security solutions. He's been actively involved with the InfoSec
community in Portugal, being one of the founders of the portuguese
chapter of The Honeynet Project, leading the InfoSec-Pros-PT
mailing-list and currently helping gather the community in a monthly
informal meeting - Confraria Security&IT.
Bruno also holds several certifications in Information Security
(CISSP-ISSMP, CISA, ISO27001LA).
|-
|}

{|
|-
|'''Luís Grangeia'''
[[File:luisgrangeia.jpg]]

[http://www.sysvalue.pt/ Sysvalue, S.A.], Portugal

|Luis Grangeia is Partner at SysValue, S.A., currently leading the company’s Information Systems Auditing practice. SysValue S.A. is a Portuguese Company focused on the reliability of Information Systems with practices in Auditing, Consulting, Integration, Training and Research and Development.

Since 2001 he has been conducting IS audits and penetration tests to major national and foreign companies, such as Portugal Telecom, Banco Espírito Santo, Banco Santander, UNICRE, Direcção-Geral do Tesouro, among others. Luis also contributes occasionally to information security research, with an article of note on the technique of DNS cache snooping.

Luis has attended Computer Science Engineering at Instituto Superior Técnico and currently holds the SANS GSNA, CISSP, CISA and ISO 27001 Lead Auditor certifications.
|-
|}

{|
|-
|'''Francisco Rente'''
[[File:franciscorente.jpg]]

[http://www.uc.pt/fctuc Faculdade de Ciência e Tecnologia], [http://www.uc.pt Universidade de Coimbra], Portugal

|Francisco Nina Rente, is an enthusiast and an evangelist of information security, especially in matters of privacy. He had his BsC and MsC in Computer Science on University of Coimbra. Back in 2006, he founded CERT-IPN, a CSIRT team of IPN Institute, where he did R&D, consultancy and management of InfoSec until June of 2010. Francisco, is currently PhD student in University of Coimbra, where he works in "Malicious Stealth Communications". Since July of 2010, Francisco is CEO of Dognædis, a company based in Portugal, focused in Information Security and Software Assurance.
|-
|}

{|
|'''Martin Knobloch'''
[[File:martinknobloch.jpg]]

[http://www.sogeti.nl/ Sogeti Netherlands], [http://www.owasp.org/index.php/Netherlands OWASP Netherlands], Netherlands

|Martin Knobloch is employed at Sogeti Netherlands as Senior Security Consultant. He is founder and thought leader of the Sogeti task force PaSS, Proactive Security Strategy, with an integral solution of information security within organisation, infrastructure and software.
At OWASP, Martin is board member of the OWASP Netherlands Chapter and member of the Global Education Committee.
|-
|}

{|
|'''Miguel Correia'''
[[File:miguelcorreia.jpg]]

[http://www.ul.pt/ University of Lisboa], [http://www.fc.ul.pt/ Faculty of Sciences], Portugal

|Miguel Correia is Assistant Professor of the [http://www.di.fc.ul.pt/ Department of Informatics], [http://www.ul.pt/ University of Lisboa] [http://www.fc.ul.pt/ Faculty of Sciences], and Adjunct Faculty of the [http://www.cmu.edu/ Carnegie Mellon] [http://www.ini.cmu.edu/ Information Networking Institute]. He is a member of the [http://lasige.di.fc.ul.pt/ LASIGE] research unit and the [http://www.navigators.di.fc.ul.pt/ Navigators] research team. He has been involved in several international and national research projects related to intrusion tolerance and security, including the TCLOUDS, MAFTIA and CRUTIAL EC-IST projects, and the ReSIST NoE. He is currently the coordinator and an instructor of the joint Carnegie Mellon University and University of Lisboa [http://msi.di.fc.ul.pt/ MSc in Information Security]. He has more than 50 publications in international journals, conferences and workshops. He authored with Paulo Sousa a book titled "Segurança no Software" (FCA, 2010). More information about him is available at [http://www.di.fc.ul.pt/~mpc http://www.di.fc.ul.pt/~mpc].
|-
|}

{|
|'''Arturo 'Buanzo' Busleiman'''
[[File:arturobuanzo.jpg]]

[http://www.owasp.org/index.php/Argentina OWASP Argentina], Argentina

|Buanzo is a nerd. Yes, a so-called geek. Why? Simple: he started programming at the age of 8, got into information security by
12 (Oh, the BBS era...!) and now he performs as a Security Consultant
for the Argentinian Computer Emergency Response Team (ArCERT). If you
enjoy programming, Open Source Software, Linux and all things security
and geeky, you might enjoy one of his talks.
|-
|}

==== Venue ====

IBWAS'10 will be taking place at the [http://www.iscte.pt ISCTE - Lisbon University Institute] in Lisbon, Portugal.

== Location ==
Ed. ISCTE Av. das Forças Armadas 1600- Lisboa Portugal 

Find the [http://maps.google.com/maps?q=iscte,+lisboa,+portugal&hl=en&cd=1&ei=JFx0S_ScKYyGONOz1YkB&sig2=FsC9HEg2JrBD00ARc_U3IA&sll=38.724358,-9.148865&sspn=0.077408,0.150719&ie=UTF8&view=map&cid=7285641604236232209&ved=0CBgQpQY&hq=iscte,+lisboa,+portugal&hnear=&ll=38.749766,-9.154122&spn=0.009673,0.01884&t=h&z=16&iwloc=A location on Google Maps].

<googlemap lat="38.749565" lon="-9.15277" zoom="15">
38.748862, -9.152384, ISCTE-IUL
</googlemap>

http://www.allofads.com/files/images/mapa_iscte.jpg

== How to get there? ==
'''Car'''
* Go up the Av.ª das Forças Armadas.
* Turn north at the crossing with Av.ª Prof. Gama Pinto. The crossing is located at the highest point of Av.ª das Forças Armadas.
* Turn to the second street right.
* Turn to the first street right.
* The main entrance of ISCTE is at your left.

'''Train'''
* Leave the train at the Entrecampus station. Look for the exit leading to Av.ª da República.
* Walk north for about 250 m towards the Rotunda de Entrecampus (a circle).
* At the circle, turn left to the Av.ª das Forças Armadas.
* Climb west for about 300 m towards Sete Rios. Use the sidewalk on the right.
* The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.

'''Bus'''
* Get on any [http://www.carris.pt/ Carris] bus with numbers [http://www.carris.pt/horarios/a054_1.pdf 54], [http://www.carris.pt/horarios/a701_1.pdf 701], or [http://www.carris.pt/horarios/a732_2.pdf 732].
* Leave the bus at the "Faculdade de Farmácia" stop, at the top of Av.ª das Forças Armadas, close to an old house with ia battlemented roof.
* Walk down the avenue for about 50 m. The entry leading to ISCTE will be at your left, immediatly before the canteen of the University of Lisbon.

'''Subway'''

''First alternative:''
* Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/ec_aid.pdf Entrecampos] station.
* Exit the station through the north exit, leading to the Rotunda de Entrecampos (a circle), close to Av.ª das Forças Armadas.
* From the circle, go west, up the Av.ª das Forças Armadas, for about 300 m.
* Use the sidewalk on the right.
* The entry leading to ISCTE will be at your right, immediatly after the canteen of the University of Lisbon.

''Second alternative:''
* Leave the train at the [http://www.metrolisboa.pt/portals/0/pdfs/mapasEstacoes/linhaAmarela/cu_aid.pdf Cidade Universitária] station.
* Exit the station through the passage leading to Hospital de Santa Maria.
* Walk south, along the left sidewalk of Av.ª Prof. Gama Pinto, for about 150 m (i.e., walk towards the Av.ª das Forças Armadas).
* After the crossing with the Av.ª Prof. Egas Moniz (at your right), turn into the first street at your left.
* Turn to the first street right.
* The main entrance of ISCTE is at your left.

Here is the representation of the walking on the map.

http://www.allofads.com/files/images/mapa_iscte_1.jpg

'''Links'''

Metro: [http://www.metrolisboa.pt www.metrolisboa.pt] 
Buses [http://www.carris.pt www.carris.pt] 
Trains: [http://www.cp.pt www.cp.pt] 
Taxis: [http://www.antral.pt www.antral.pt]

==== Hotels ====
=== Hotels ===
This page contains information about the recommended hotels for the conference. All of the hotels are near to the conference place at a 5 to 15 minutes walking distance. PLease use the following reference when reserving your hotel: "'''Conferência IBWAS'10'''".

== SANA Metropolitan Hotel **** ==
Rua Soeiro Pereira Gomes, Parcela 2, Entrecampos, 1600-198 Lisboa, Lisboa

[[File:sanametro01.jpg]]
[[File:sanametro02.jpg]]

Location on [http://maps.google.com/maps/ms?ie=UTF8&hl=pt-PT&msa=0&msid=104715835640056575562.00044cb43ee4b9e509aca&ll=38.748762,-9.159701&spn=0.009204,0.011802&z=16&iwloc=00044cb52de8286b65d85&source=embed Google Maps].

Hotel [http://www.sanahotels.com/gca/index.php?hotelId=50&lng=en web-site].

{|cellspacing="1" cellpading="1" border="1"
|-
|bgcolor="#cccccc"|'''Room type'''
|bgcolor="#cccccc"|'''Individual'''
|bgcolor="#cccccc"|'''Double'''
|-
|bgcolor="#eeeeee"|'''Standard'''
|67 euros
|72 euros
|-
|bgcolor="#eeeeee"|'''Extra Bed'''
|30 euros
|
|-
|}

== Vip Executive Villa Rica Hotel **** ==
Av.5 de Outubro Nr. 295, Entrecampos, 1600-035 Lisboa (Lisboa)

http://www.viphotels.com/Images/VIPExecutiveVillaRica/galeria/Exterior/01.jpg

Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/Localizacao.aspx Google Maps].

Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveVillaRica/OHotel.aspx web-site].

== NH Campo Grande **** ==
Campo Grande, 7, 1700-087 Lisboa, Lisboa

http://www.nh-hoteles.pt/nh/hotel-gallery/1101383-t2-z2w.jpg
http://www.nh-hoteles.pt/nh/hotel-gallery/1101375-t2-z2w.jpg

Location on [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html?type=location Google Maps].

Hotel [http://www.nh-hoteles.pt/nh/pt/hotels/portugal/lisbon/nh-campo-grande.html web-site].

{|cellspacing="1" cellpading="1" border="1"
|-
|bgcolor="#cccccc"|'''Room type'''
|bgcolor="#cccccc"|'''Individual'''
|bgcolor="#cccccc"|'''Double'''
|-
|bgcolor="#eeeeee"|'''Standard'''
|83 euros
|90 euros
|-
|}

== Hotel VIP Executive Zurique *** ==
Rua Ivone Silva 18, 1050 Lisboa

http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Exterior/03.jpg

http://www.viphotels.com/Images/VIPExecutiveZurique/galeria/Interior/05.jpg

Location on [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/Localizacao.aspx Google Maps].

Hotel [http://www.viphotels.com/pt/Hoteis/VipExecutive/VipExecutiveZurique/OHotel.aspx web-site].

{|cellspacing="1" cellpading="1" border="1"
|-
|bgcolor="#cccccc"|'''Room type'''
|bgcolor="#cccccc"|'''Individual'''
|bgcolor="#cccccc"|'''Double'''
|-
|bgcolor="#eeeeee"|'''Standard'''
|65 euros
|70 euros
|-
|}

== Hotel Berna *** ==
Avenida António Serpa 13, 1069 Lisboa

http://www.viphotels.com/Images/VIPInnBerna/galeria/Exterior/02.jpg

http://www.viphotels.com/Images/VIPInnBerna/galeria/Interior/05.jpg

Location on [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/Localizacao.aspx Google Maps].

Hotel [http://www.viphotels.com/pt/Hoteis/VipInn/VipInnBerna/OHotel.aspx web-site].

{|cellspacing="1" cellpading="1" border="1"
|-
|bgcolor="#cccccc"|'''Room type'''
|bgcolor="#cccccc"|'''Individual'''
|bgcolor="#cccccc"|'''Double'''
|-
|bgcolor="#eeeeee"|'''Standard'''
|47,30 euros
|53,60 euros
|-
|}

== Holiday Inn Hotel Continental **** ==
Rua Laura Alves 9, 1050 Lisboa‎

[[File:hinn01.jpg]]
[[File:hinn02.jpg]]

Location on [http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=Rua+Laura+Alves,+9++1069-169+Lisboa+Portugal&sll=38.74144,-9.149605&sspn=0.039833,0.073471&ie=UTF8&hq=&hnear=R.+Laura+Alves+9,+Ns.+de+F%C3%A1tima,+1050+Lisbon,+Portugal&ll=38.741666,-9.149873&spn=0.009958,0.018368&t=h&z=16&iwloc=r1 Google Maps].

Hotel [http://www.grupo-continental.com/home/index.php?option=com_content&view=article&id=55&Itemid=77 web-site].

{|cellspacing="1" cellpading="1" border="1"
|-
|bgcolor="#cccccc"|'''Room type'''
|bgcolor="#cccccc"|'''Individual'''
|bgcolor="#cccccc"|'''Double'''
|-
|bgcolor="#eeeeee"|'''Standard'''
|78 euros
|88 euros
|-
|}

== Radisson Blu Lisboa **** ==
Av. Marechal Craveiro Lopes, 390, Entrecampos, Lisboa (Lisboa)

http://www.hoteis.com/13/hotels/1000000/530000/524600/524550/hcom_524550_7_b.jpg
http://static.laterooms.com/hotelphotos/laterooms/179198/gallery/radisson-blu-lisboa-lisboa_250520090848039933.jpg

Location on [http://www.radissonblu.com/hotel-lisbon/location Google Maps].

Hotel [http://www.radissonblu.com/hotel-lisbon web-site].

==== Sponsors ====

== Sponsors ==

We are currently soliciting sponsors for the IBWAS'10 Conference. Please refer to our '''[https://docs.google.com/fileview?id=0B6VV6XaEAb3dNjEzNDIyYTAtOTc3NC00Njg3LWIxNGQtZmEwYmYxNzEwMzRi&hl=en&authkey=CL_NweEF sponsorship opportunities]''' for details.

Slots are going fast so [mailto:secretariat@ibwas.com contact us] to sponsor today!

{| cellspacing="10" border="0" align="center" style="background: none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;"
|-
|

== Sponsors ==

| [http://www.iscte.pt http://ibwas09.netmust.eu/files/iscte-iul.png]
| [http://www.adetti.pt http://ibwas09.netmust.eu/files/adetti.png]
| [http://www.isecauditors.com http://ibwas09.netmust.eu/files/pasted-graphic.jpg]
| [http://lasige.di.fc.ul.pt/ http://ibwas09.netmust.eu/files/lasige.png]
|-
| &nbps;
| [http://www.maxdata.pt http://ibwas09.netmust.eu/files/ibwas10/maxdata.png]
| [http://www.noesis.pt http://ibwas09.netmust.eu/files/ibwas10/noesis.png]
|-
|

== Media Sponsors ==

| [http://www.aeiou.pt http://ibwas09.netmust.eu/files/ibwas10/aeiou.png]
| [http://www.borrmart.es/redseguridad.php http://ibwas09.netmust.eu/files/redseguridad.jpg]
|
|-
|  
|-
|

== Supported by ==

| [[Image:]]
| [[Image:]]
| [[Image:]]
|-
|
| [[Image:]]
| [[Image:]]
| [[Image:]]
|-
|
| [[Image:]]
|
|
|-
|
|}
==== Tourism ====

=== Visit Lisbon ===
For Tourist Information and more: [http://www.visitlisboa.com/home.asp?lng=uk Visit Lisbon] (website of the Lisbon Tourism Office). See also [http://www.atl-turismolisboa.pt/home.asp?lng=uk here]. About Portugal, see [http://www.visitportugal.com/ here].

LISBON is beautiful, historic, modern, sunny & it never stops! It is an enchanting city with delightful cuisine and unforgettable sites. The city holds many pleasant surprises to visitors who wish to enjoy their stay. The capital of Portugal since its conquest from the Moors in 1147, Lisbon is a legendary city with over 20 centuries of History. The Alfama is one of the oldest quarters in Lisbon. It survived the earthquake of 1755 and still retains much of its original layout. In addition to Alfama are the likewise old quarters of Castelo and Mouraria, on the western and northern slopes of the hill that is crowned by St. George's Castle. Radiant skies brighten the monumental city, with its typical tile covered building façades and narrow medieval streets, where one can hear the fado being played and sung at night.

Here's a taste of what you can find here in Lisbon, or nearby.

{|
|-
|'''Torre de Belém'''
|'''Mosteiro dos Jerónimos'''
|'''Ponte 25 de Abril'''
|-
|[[File:torredebelem.jpg]]
|[[File:mosteirojeronimos.jpg]]
|[[File:ponte21abril.jpg]]
|-
|'''Castelo de São Jorge'''
|'''Alfama'''
|'''Parque Eduardo VII'''
|-
|[[File:castelosjorge.jpg]]
|[[File:algfama.jpg]]
|[[File:parqueeduardo7.jpg]]
|-
|'''Aqueduto das Águas Livres'''
|'''Museu dos Coches'''
|'''Casa dos Bicos'''
|-
|[[File:aqueduto.jpg]]
|[[File:coches.jpg]]
|[[File:bicos.jpg]]
|-
|'''Parque das Nações'''
|'''Oceanário'''
|'''Pavilhão Multiusos'''
|-
|[[File:pnacoes.jpg]]
|[[File:oceanario.jpg]]
|[[File:multiusos.jpg]]
|-
|'''Cacilheiros'''
|'''Linha de Cascais - Praias'''
|'''Linha da Caparica - Praias'''
|-
|[[File:cacilheiros.jpg]]
|[[File:cascais.jpg]]
|[[File:caparica.jpg]]
|-
|'''Casino Lisboa'''
|'''Docas - Diversão Nocturna'''
|'''Fado'''
|-
|[[File:casino.jpg]]
|[[File:docas.jpg]]
|[[File:fado.jpg]]
|-
|'''Sintra Vila'''
|'''Sintra - Palácio da Pena'''
|'''Cristo Rei'''
|-
|[[File:sintravila.jpg]]
|[[File:sintrapalacio.jpg]]
|[[File:cristorei.jpg]]
|-
|}

==== In the News ====

List of places where the IBWAS'10 conference has been referenced.

*[http://ibwas09.netmust.eu/files/ibwas10/IBWAS-RedSeguridad.pdf RedSeguridad Magazine], September 2010

==== IBWAS'10 Internals ====

* [https://spreadsheets.google.com/ccc?key=0AqVV6XaEAb3ddDI2ZkNsSjhDdWdQNl9ISW0tc19Sa3c&hl=en&authkey=CKyFt_AO Conference & Training's financials]

<headertabs />

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_IBWAS]]

Global Education Committee - Application 4

2009-11-24T19:47:22Z

Buanzo: buanzo recommendation for nishi kumar

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----

{| border="0" align="center" style="width: 100%;"
|-
! align="center" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" colspan="2" | '''COMMITTEE APPLICATION FORM'''
|-
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Applicant's Name'''
| align="left" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" colspan="1" | Nishi Kumar
|-
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Current and past OWASP Roles'''
| align="left" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" colspan="1" | Contributor to OWASP Live CD and ESAPI.
|-
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Committee Applying for'''
| align="left" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" colspan="1" | OWASP Global Education Committee.
|}

----

 

----

Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. An incomplete application will not be considered for vote.

----

 

----

{| border="0" align="center" style="width: 100%;"
|-
! align="center" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" colspan="8" | '''COMMITTEE RECOMMENDATIONS'''
|-
! align="center" style="background: white none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | 
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | '''Who Recommends/Name'''
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | '''Role in OWASP'''
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | '''Recommendation Content'''
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''1'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Alexander Fry
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Reviewer of OWASP projects in SoC 2008
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Nishi has valuable experience in creating application security computer based training courses. She will be a valuable contributor to the education committee.
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''2'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Brad Causey
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | GPC Member
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Nishi has proven to add much value in her participation in the OWASP Summit over the last few years. She is a great asset to OWASP as an organization and will be as well on the GEC.
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''3'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Arturo Busleiman aka Buanzo
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Project Leader (Enigform), Paid Member
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | I met Nishi in Portugal during EU Summit 2008. We talked a lot and I think it just makes sense for her to take part of the GEC. I recommend her.
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''4'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''5'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |
|}

----

Podcast 45

2009-10-16T12:19:59Z

Buanzo: /* Participants */

'''[[OWASP_Podcast|OWASP Podcast Series]] #45'''

OWASP Interview with Buanzo 
Published October 16, 2009 

[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/itunes.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_45.mp3 mp3]

==Participants==
<ul>
<li>Arturo "Buanzo" Busleiman is a native of Argentina who is most commonly known as Buanzo. He is and old-school gnu+linux user that enjoys programming (mostly C and PHP), writing (technical and literature) and guitar playing. He's had the pleasure of meeting Richard Stallman, Maddog Hall, Roger Dingledine (of the TOR project) and Vinton Cerf (no need to clarify he's the father of the Internet). Buanzo has a lovely wife, Erica, and a 6 year old son, called Damian, who was nicknamed Debian by the Argentinian FLOSS community. He's the Project Leader of the award winning OWASP Enigform project along with many other open source software projects.</li>
[http://www.buanzo.com.ar/pro/eng.html http://www.buanzo.com.ar/pro/eng.html]

Podcast 45

2009-10-16T12:12:13Z

Buanzo:

'''[[OWASP_Podcast|OWASP Podcast Series]] #45'''

OWASP Interview with Buanzo 
Published October 16, 2009 

[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/itunes.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_45.mp3 mp3]

==Participants==
<ul>
<li>Arturo "Buanzo" Busleiman is a native of Argentina who is most commonly known as Buanzo. He is and old-school gnu+linux user that enjoys programming (mostly C and PHP), writing (technical and literature) and guitar playing. He's had the pleasure of meeting Richard Stallman, Maddog Hall, Roger Dingledine (of the TOR project) and Vinton Cerf. Buanzo has a lovely wife and a 3+ year son, called Damian Ezequiel Busleiman Negri, who was nicknamed Debian by the Argentinian FOSS community. He's the Project Leader of the award winning OWASP Enigform project along with many other open source software projects.</li>
[http://www.buanzo.com.ar/pro/eng.html http://www.buanzo.com.ar/pro/eng.html]

Argentina

2009-07-14T13:49:57Z

Buanzo:

{{Chapter Template|chaptername=Argentina|extra=The chapter leader is [mailto:martin.tartarelli@gmail.com Martin Tartarelli]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-argentina|emailarchives=http://lists.owasp.org/pipermail/owasp-argentina}}

<paypal>Argentina</paypal>

== Sponsors ==

Para información sobre el patrocinio de nuestros eventos y del capitulo Argentino por favor [mailto:martin.tartarelli@gmail.com contactese] con nosotros.
 

== Novedades ==

* ''' Jun 2009 - Enigform en Trophees du Libre 2009 '''
<ul>
[http://blogs.buanzo.com.ar/ Arturo 'Buanzo' Busleiman] fue seleccionado como uno de los tres finalistas en la categoria Seguridad de los [http://www.trophees-du-libre.org/content/blogcategory/16/51/ Trophees du Libre 2009] en el que obtuvo el segundo lugar con el proyecto [http://www.owasp.org/index.php/Category:OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp Enigform y mod_openpgp]. Dicha herramienta permite la utilizacion de OpenPGP para construir un sistema de inicio y administración de sesiones web, así como verificacion de integridad de solicitudes y respuestas HTTP.
</ul>

* ''' Jun 2009 - Curso de Seguridad en Aplicaciones Web '''
<ul>
Andrés Riancho de [http://www.bonsai-sec.com/ Bonsai Information Security], estará brindando un [http://www.bonsai-sec.com/es/education/web-security-buenos-aires.php curso de seguridad en aplicaciones Web] en el mes de Julio, en el cual los '''miembros de OWASP tienen un 20% de descuento'''. Para más información sobre el curso haga click [http://www.bonsai-sec.com/es/education/web-security-buenos-aires.php aquí].
</ul>

* ''' Nov 2008 - Primer Reunion de OWASP Argentina!!! '''
<ul>
Cuando? El '''Jueves 27 de noviembre''' a partir de las 19hs. 
Donde? '''1745 Pub, Bartolome Mitre 1745. Capital Federal.''' 
Para? Divertirse, tomar algo y charlar. 
Como anotarse? Enviando un mail a la [http://lists.owasp.org/mailman/listinfo/owasp-argentina lista].
</ul>

* ''' Oct 2008 - OWASP NYC 2008 Videos Disponibles '''
<ul>
Se encuentran disponibles los [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference videos] de la conferencia OWASP NYC 2008. Son aproximadamente 56 videos (unas 40 horas) LIBRES!
</ul>

* ''' Oct 2008 - OWASP_EU_Summit 2008 en Español '''
<ul>
[http://www.google.com/search?hl=en&q=buanzo&btnG=Google+Search Arturo 'Buanzo' Busleiman] Realizo la traducción al español del [https://www.owasp.org/index.php/OWASP_EU_Summit_2008_ES_Spanish OWASP EU Summit 2008] que se realizara en Portugal y Algarve del 4 al 7 de Noviembre.
</ul>

* ''' Oct 2008 - Nuevo líder de capitulo Argentina '''
<ul>
El capitulo local Argentino ha sido renovado con la intención de crear una comunidad activa en el estudio y la investigación de la seguridad en aplicaciones, aportando ideas, conocimientos y experiencias. Están todos invitados a contribuir !!!
</ul>

* ''' Sep 2008 - OWASP NYC AppSec 2008 Conference'''
<ul>
[http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Andres_Riancho Andres Riancho] fue invitado al evento OWASP NYC AppSec para presentar su proyecto [http://w3af.sf.net/ w3af].
</ul>

* ''' Jul 2008 - OWASP Project '''
<ul>
[https://www.owasp.org/index.php/Project_Information:template_Enigform_and_mod_OpenPGP Template Enigform and mod OpenPGP] sponsoreado por [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 OWASP Summer of Code 2008]
</ul>

* ''' Jul 2008 - OWASP Project '''
<ul>
[http://www.owasp.org/index.php/Category:GTK_plus_GUI_for_w3af_Project GTK + GUI for w3af Project] sponsoreado por [http://www.owasp.org/index.php/OWASP_Summer_of_Code_2008 OWASP Summer of Code 2008]
</ul>
 

== Actividades Locales ==

Hay muchas formas de colaborar y contribuir con el capitulo OWASP Argentina. 
<ul>
<li>Participando en cualquiera de los [http://www.owasp.org/index.php/Category:OWASP_Project proyectos] actualmente activos (documentación y herramientas)</li>
<li>Proponiendo nuevos proyectos</li>
<li>Participando y aportando ideas en nuestra [http://lists.owasp.org/mailman/listinfo/owasp-argentina lista] de correo</li>
<li>Asistiendo a las conferencias y reuniones</li>
<li>Promoviendo y dando soporte al proyecto OWASP en general</li>
</ul>
 

== Reuniones ==

Se proponen reuniones trimestrales y grupos de estudio a formarse relacionados en temas de Seguridad Informatica. Se nombran alguno de ellos:
<ul>
<li> Análisis de las nuevas tecnologías de la información y las comunicaciones.</li>
<li>Análisis de productos (Software & Appliances).</li>
<li>Investigación de fallas y vulnerabilidades.</li>
<li>Desarrollo de programas y técnicas de exploit relacionadas.</li>
<li>Documentación de soluciones de seguridad.</li>
<li>Desarrollo de herramientas de seguridad.</li>
<li>Demostraciones. Debates y desarrollo investigativo.</li>
</ul>
 

== Eventos ==

* ''' 16 Mar 2009 - OWASP Argentina en CDP (Club de programadores) '''
<ul>
Martin Tartarelli fue invitado a participar del seminario de "'''Testing de Seguridad en Aplicaciones Web'''" Junto a Andres Riancho ([http://www.bonsai-sec.com Bonsai - Information Security]) para hablar de '''OWASP''', Proyectos, El '''capitulo local''' y deteccion de vulnerabilidades web comunes. La charla se realizo en el [http://www.clubdeprogramadores.com CDP] (Club de programadores), Buenos Aires, CF.
</ul>

* ''' 19 May 2009 - OWASP Argentina en IEEE Argentina (IEEE Computer Society) '''
<ul>
El Capítulo Argentino de la IEEE Computer Society nos invito a presentar la Charla 'Introducción al Testing de Seguridad en Aplicaciones Web' Dictado por Andrés Riancho ([http://www.bonsai-sec.com Bonsai - Information Security]) y Martín Tartarelli el martes 19 de mayo a las 18:30 en la sede de IEEE / CICOMRA en Buenos Aires. La presentación estuvo enfocada en introducir al espectador al mundo de la seguridad en aplicaciones web, OWASP y el capitulo local, vulnerabilidades existentes y las metodologías utilizadas para realizar pruebas funcionales y de seguridad.
</ul>
 

== Herramientas e Investigación ==

* '''w3af - Web Application Attack and Audit Framework'''
<ul>
Andres Riancho publico el nuevo release de [http://w3af.sourceforge.net/ w3af]. [http://w3af.sourceforge.net/ w3af] es un proyecto Open Source que automatiza las tecnicas de auditoria y explotacion de vulnerabilidades web. [http://w3af.sourceforge.net/ w3af] esta escrito en [http://es.wikipedia.org/wiki/Python Python] y se divide en 3 fases principales mediante el uso de plugins: '''Discovery''', '''Audit''' and '''Attack'''. Las fases se unen entre sí para detectar y explotar la mayor cantidad de vulnerabilidades posibles.
</ul>

* ''' Enigform '''
<ul>
[http://enigform.mozdev.org/ Enigform] es una extension firefox que extiende HTTP agregando capacidades de firma digital para solicitudes GET, POST y AJAX, brindando proteccion contra distintos tipos ataques. [http://enigform.mozdev.org/ Enigform] fue desarrollado por [http://www.buanzo.com.ar/ Arturo Busleiman] (alias Buanzo) y logro el patrocinio por [http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Buanzo_-_Enigform:_Firefox_Addon_for_OpenPGP_signing_of_HTTP_requests OWASP Spring Of Code 2007]
</ul>

Global Projects and Tools Committee - Application 2

2009-05-05T00:56:03Z

Buanzo:

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----
{| style="width:100%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white"|'''COMMITTEE APPLICATION FORM'''
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Brad Causey
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|OWASP OpenPGP Extensions for HTTP Reviewer
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Global Projects and Tools Committee
|}
----

----
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''.
An incomplete application will not be considered for vote.
----

----
{| style="width:100%" border="0" align="center"
! colspan="8" align="center" style="background:#4058A0; color:white"|'''COMMITTEE RECOMMENDATIONS'''
|-
! align="center" style="background:white; color:white"|
! align="center" style="background:#7B8ABD; color:white"|'''Who Recommends/Name'''
! align="center" style="background:#7B8ABD; color:white"|'''Role in OWASP'''
! align="center" style="background:#7B8ABD; color:white"|'''Recommendation Content'''
|-
| style="width:3%; background:#cccccc" align="center"|'''1'''
| style="width:20%; background:#cccccc" align="center"|Arturo Busleiman (a.k.a Buanzo)
| style="width:20%; background:#cccccc" align="center"|Project Leader
| style="width:57%; background:#cccccc" align="center"|Brad is an exceptional individual, a through professional. OWASP would only get better with him in the Projects and Tools Committee. I met him during OWASP EU Summit 2008 in Portugal. Matt Tesauro, himself and I worked together to give a presentation on security at the Algarve University with < 12 hours to spare. Brad is great at getting feedback, combining ideas. A must.
|-
| style="width:3%; background:#cccccc" align="center"|'''2'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|-
| style="width:3%; background:#cccccc" align="center"|'''3'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|-
| style="width:3%; background:#cccccc" align="center"|'''4'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|-
| style="width:3%; background:#cccccc" align="center"|'''5'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|}
----

Global Projects and Tools Committee - Application 2

2009-05-05T00:51:40Z

Buanzo:

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----
{| style="width:100%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white"|'''COMMITTEE APPLICATION FORM'''
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Applicant's Name'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Brad Causey
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Current and past OWASP Roles'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|OWASP OpenPGP Extensions for HTTP Reviewer
|-
| style="width:25%; background:#7B8ABD" align="center"| '''Committee Applying for'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|Global Projects and Tools Committee
|}
----

----
Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''.
An incomplete application will not be considered for vote.
----

----
{| style="width:100%" border="0" align="center"
! colspan="8" align="center" style="background:#4058A0; color:white"|'''COMMITTEE RECOMMENDATIONS'''
|-
! align="center" style="background:white; color:white"|
! align="center" style="background:#7B8ABD; color:white"|'''Who Recommends/Name'''
! align="center" style="background:#7B8ABD; color:white"|'''Role in OWASP'''
! align="center" style="background:#7B8ABD; color:white"|'''Recommendation Content'''
|-
| style="width:3%; background:#cccccc" align="center"|'''1'''
| style="width:20%; background:#cccccc" align="center"|Arturo Busleiman (a.k.a Buanzo)
| style="width:20%; background:#cccccc" align="center"|Project Leader
| style="width:57%; background:#cccccc" align="center"|Brad is an exceptional individual, a through professional. OWASP would only get better with him in the Projects and Tools Committee. I met him during OWASP EU Summit 2008 in Portugal. Matt Tesauro, himself and I worked together to give a presentation on security at the Algarve University with < 12 hours to spare. Brad is great at getting feedback, combining ideas. A must.
| style="width:3%; background:#cccccc" align="center"|'''2'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|-
| style="width:3%; background:#cccccc" align="center"|'''3'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|-
| style="width:3%; background:#cccccc" align="center"|'''4'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|-
| style="width:3%; background:#cccccc" align="center"|'''5'''
| style="width:20%; background:#cccccc" align="center"|
| style="width:20%; background:#cccccc" align="center"|
| style="width:57%; background:#cccccc" align="center"|
|}
----

User:Buanzo

2009-04-07T14:08:35Z

Buanzo:

* Arturo 'Buanzo' Busleiman's [mailto:buanzo@buanzo.com.ar Email Contact], [http://www.linkedin.com/in/buanzo Profile] and [[:Special:Contributions/Buanzo|Wiki Contributions]]. You can also visit his [http://www.buanzo.com.ar/pro/eng.html Professional Services] page at his website.

User:Buanzo

2009-04-07T14:05:59Z

Buanzo:

OWASP Ireland AppSec 2009 Conference

2009-04-07T14:01:49Z

Buanzo: Added Arturo Alberto Busleiman (a.k.a Buanzo) to Slot 16:10-17:00 track 1.

Welcome to the Irish OWASP Application Security Conference! 
After successful OWASP Conferences in the United States, Europe and Aisa, its Ireland's turn on September 10 2009!

'''September 10th 2009''': OWASP will hold its first Irish Application Security conference in historic Dublin University, Trinity College, Dublin, Ireland.
The conference consists of an intensive day of talks/presentations and discussion with 2 different tracks focusing on the causes and trends in web application insecurity.

For more details please contact: Eoin.Keary 'at' owasp.org

==Conference Location==
[[Image:AppSecIreland09 Dublin.JPG|www.tcd.ie]]

'''Registration via the OWASP Conference Cvent site: [http://guest.cvent.com/i.aspx?4W,M3,3fab8a14-3803-47f9-b8d2-35a67077c878 CLICK HERE TO REGISTER]'''

==Agenda and Presentations - September 10==

The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.

{| style="width:80%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white" | Day 1 - September 10, 2009
|-
| style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1: Room 1
| style="width:40%; background:#BCA57A" | Track 2: Room 2
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee
|-
| style="width:10%; background:#7B8ABD" | 09:00-09:10 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Welcome to OWASP Ireland 2009 Conference
''Eoin Keary & Tom Brennan, OWASP''
|-
| style="width:10%; background:#7B8ABD" | 09:10-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: Title: TBA
'''[[Ian O. Angell]]''', ''Professor of Information Systems. London School of Economics''

|-
| style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP State of the Union
''Tom Brennan & Dave Wichers, OWASP Board Members''
|-
| style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo
|-
| style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | Title
'''''Rogan Dawes, Corsaire'''''

| style="width:40%; background:#BCA57A" align="left" | Title
'''''Conor McGovernan, Onformonics Ltd''' ''
|-
| style="width:10%; background:#7B8ABD" | 11:20-12:00 || style="width:40%; background:#BC857A" align="left" | [[SQL Injection - how far does the rabbit hole go?]]
'''''[[Justin Clarke]]''', '''Gotham Digital Science'''''
| style="width:40%; background:#BCA57A" align="left" | '''[[Designing Secure Web Applications With Application Threat Modeling]]'''
'''''[[Marco Morana]]''', '''OWASP Cincinnati chapter lead'''''
|-
| style="width:10%; background:#7B8ABD" | 12:00-12:30 || style="width:40%; background:#BC857A" align="left" | [[Web Application Security Testing with the Burp Suite]]
'''''[[David Rook]]''', Realex Payments''
| style="width:40%; background:#BCA57A" align="left" | Title
''Speaker, Organisation''
|-
| style="width:10%; background:#7B8ABD" | 12:30-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo
|-
| style="width:10%; background:#7B8ABD" | 14:00-14:40 || style="width:40%; background:#BC857A" align="left" | Title
'''''[[User:Wichers|Dave Wichers]], Aspect Security'''''

| style="width:40%; background:#BCA57A" align="left" | '''[[The End of Alchemy. Empirical Software Security Assurance]]'''
'''''[[Brian Chess]], Fortify'''''
|-
| style="width:10%; background:#7B8ABD" | 14:50-15:50 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: Title: TBA
'''[[Danny Allen]]''', ''Director of security research with IBM Rational''
|-
| style="width:10%; background:#7B8ABD" | 15:50-16:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo
|-
| style="width:10%; background:#7B8ABD" | 16:10-17:00 || style="width:40%; background:#BC857A" align="left" | ''[[OpenPGP for HTTP - An Introduction to Enigform]]''
'''''Arturo "[[User:Buanzo|Buanzo]]" Busleiman''', '''Buanzo Consulting'''''
| style="width:40%; background:#BCA57A" align="left" | ''Title''
'''''Name''', '''Organisation'''''
|-
| style="width:10%; background:#7B8ABD" | 17:00-18:00 || colspan="2" style="width:40%; background:#BCA57A" align="left" | Panel: tbd
Moderator: tbd 
Panelists: tbd
|-
| style="width:10%; background:#7B8ABD" | 18:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering: Dinner and Drinks
|-
|}

=Event Sponsorship=
OWASP is providing sponsors exclusive access to its audience in Dublin, Ireland through a limited number of Expo floor slots, providing a focused setting for potential customers. The conference is expected to draw 150 - 200 technologists who will be looking for ways to spend their remaining 2009 budget and planning for 2010. Financial Services, Media, Pharmaceuticals, Government, Healthcare, Technology, and many other verticals will be represented.
 
Sponsorship details are available here: [[Image:Dublin_Sponsorship_Form.pdf|Sponsorship deck]]

=Training=
We intend to hold some application security training on the 9/09/2009 the day prior to the event.

'''Foundations of Web Application Security'''

Abstract

Most developers, IT professionals, and auditors learn what they know about application security on the job, usually by making mistakes. Application security is just not a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their IT security efforts. This powerful one day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

This course includes coverage of the following common vulnerability areas (the OWASP Top 10):

A1 - Cross Site Scripting (XSS)

A2 - Injection Flaws

A3 - Malicious File Execution

A4 - Insecure Direct Object Reference

A5 - Cross Site Request Forgery (CSRF)

A6 - Information Leakage and Improper Error Handling

A7 - Broken Authentication and Session Management

A8 - Insecure Cryptographic Storage

A9 - Insecure Communications

A10 - Failure to Restrict URL Access

Hands on

To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., WebGoat) that has been seeded with common web application vulnerabilities. The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises

Audience

Developers who want to understand the most common web application security flaws, and how to avoid them.

Level

Intermediate

Prerequisite

Basic knowledge of Java.

Bringing your own windows based laptop is recommended so you can participate in the hands on exercises.

Duration

Full day

=Venue=
Trinity College, Dublin 

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=trinity+college+Dublin&sll=37.0625,-95.677068&sspn=33.29802,78.75&ie=UTF8&ll=53.346222,-6.259203&spn=0.012246,0.038452&z=15&iwloc=addr

=Transportation=

===By Air===
 
Fly to Dublin Airport: http://www.dublinairport.com/ 
A taxi or bus can take you into Dublin city. (€30 - Taxi) (€10 - Bus) 

===Public Transport===

=Accommodation=
Please see here if you wish to stay within the grounds of Trinity College: 
https://www.owasp.org/images/2/20/TCD_Tariff_2009.pdf

'''Hotels Surrounding Trinity College:'''

http://maps.google.com/maps?near=Dame+Street,+College+Green,+Dublin+2,+Ireland+(Trinity+College+Campus)&geocode=Cfm6cyTmqt_IFev1LQMdLZCg_yFJu3aKhBD7GA&q=hotels&f=l&dq=Trinity+College+loc:+Dublin+Ireland&sll=53.341482,-6.258302&sspn=0.012043,0.037637&ie=UTF8&ei=U6TMSZSzKpSw2QLG_-CUCA&attrid=1036f063d3d0dafc_&ll=53.343711,-6.254568&spn=0.012042,0.037637&z=15

=Registration=

The fee for this conference is : 
'''Standard''': 150 Euro '''OWASP Members''': 110 Euro '''Students''': 75 Euro '''Application Security Training''': 455 Euro 

'''Note''': To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

'''Registration via the OWASP Conference Cvent site: [http://guest.cvent.com/i.aspx?4W,M3,3fab8a14-3803-47f9-b8d2-35a67077c878 CLICK HERE TO REGISTER]'''

=Conference Committee=
'''OWASP Conferences Chair''': Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org

'''2009 Ireland Planning Committee Chair''': Eoin Keary - Ernst & Young - eoin.keary 'at' owasp.org

=Call for Papers=

The Conference will consist of two tracks covering both technical and risk management topics.

'''We are seeking presentations on any of the following topics:'''
*Web Services and Application Security
*Common Application related Threats and Risks
*Business Risks with Application Security
*Vulnerability Research in Application Security
*Web Application Penetration Testing
*OWASP Tools and Projects
*Secure Coding/Development Practices
*Technology specific presentations on security such as AJAX, XML, etc.
*Anything else relating to OWASP and Application Security.

The call for papers/presentations is out. The official closing date for receiving a synopsis of the presentation is June 10th, 2009.
Announcements on selected candidates will be provided the first week of July 2009. Complete presentations will need to be submitted by the 2nd of August 2009.
All presenters will receive free invitation to the conference, food and refreshments.

'''For some speakers, OWASP will cover some of the travel costs associated with coming to the conference.'''

'''Please submit your presentation topics and an abstract of up to 500 words to Eoin Keary''' <mailto: Eoin.keary@owasp.org>

Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B

2009-03-15T15:07:18Z

Buanzo:

[[Project Information:template Enigform and mod OpenPGP|Clik here to return to the previous page]].

{| style="width:100%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white"|'''FINAL REVIEW'''
|-
| style="width:25%; background:white" align="center"|'''PART I'''
| colspan="2" style="width:75%; background:white" align="left"|
|-
| style="width:25%; background:#7B8ABD" align="center"|
Project Deliveries & Objectives
| colspan="2" style="width:75%; background:#cccccc" align="left"|
[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives]]
|-
| style="width:25%; background:#4058A0" align="center"|'''QUESTIONS'''
| colspan="2" style="width:75%; background:#4058A0" align="left"|'''ANSWERS'''
|-
| style="width:25%; background:#7B8ABD" align="center"|
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
| colspan="2" style="width:75%; background:#cccccc" align="left"|I was able to implement a Wordpress plugin that enables Enigform-based login to Wordpress's admin/user area. The plugin is currently offered by wordpress.org. This plugin was also implemented in my own wordpress blog, becoming the Demo Site. As a demonstration of keyring-sharing and mod_openpgp multi-virtualhost integration, the Testing Site maotest.buanzo.org shares this same keyring. I've written the Definitive Enigform Guide and published it at wiki.buanzo.org. It contains detailed instructions for implementing the wordpress plugin, INCLUDING Enigform client and server setup, troubleshooting, and links to other useful resources. An unplanned feature was added: Server Signature Verification in Secure Login. Enigform Plugin 0.8.2.8 is now available in addons.mozilla.org. Mod_openpgp 0.5.0 was announced in freshmeat.net. A Debian package for mod_openpgp is in the works, but I consider the Guide to be the best procedure to follow.
|-
| style="width:25%; background:#7B8ABD" align="center"|
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please quantify in terms of percentage.
| colspan="2" style="width:75%; background:#cccccc" align="left"|100%
|-
| style="width:25%; background:#7B8ABD" align="center"|
3. What kind of help is required either from the Reviewers or from the OWASP Community?
| colspan="2" style="width:75%; background:#cccccc" align="left"|Mark mentioned a Session Hijacking test suite should be used. I'd like to do that in the next 15 days if possible.
|-
| style="width:25%; background:white" align="center"|'''PART II'''
| colspan="2" style="width:75%; background:white" align="left"|
|-
| style="width:25%; background:#7B8ABD" align="center"|
Assessment Criteria
| colspan="2" style="width:75%; background:#cccccc" align="left"|
[[:Category:OWASP Project Assessment|OWASP Project Assessment Criteria]]
|-
| style="width:25%; background:#4058A0" align="center"|'''QUESTIONS'''
| colspan="2" style="width:75%; background:#4058A0" align="left"|'''ANSWERS'''
|-
| style="width:25%; background:#7B8ABD" align="center"|
1. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Alpha Quality''' status?
| colspan="2" style="width:75%; background:#cccccc" align="left"|I don't use sourceforge nor googlecode. I use mozdev.org, wordpress.org and svn.buanzo.org.
|-
| style="width:25%; background:#7B8ABD" align="center"|
2. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Beta Quality''' status?
| colspan="2" style="width:75%; background:#cccccc" align="left"|The easy-to-use installer might not be quite possible. I discussed this in owasp-leaders, but the CLIENT side is quite simple (create pgp keyring [lots of GUI tools for this], then install enigform as a common firefox addon). The wordpress plugin is compliant with wordpress.org's best practices. Mod_openpgp is difficult, but easier than, say, OpenSSL.
|-
| style="width:25%; background:#7B8ABD" align="center"|
3. Having into consideration the [[:Category:OWASP Project Assessment|OWASP Project Assessment Methodology]] which criteria, if any, haven’t been fulfilled in terms of '''Release Quality''' status?
| colspan="2" style="width:75%; background:#cccccc" align="left"|not applicable
|-
| style="width:25%; background:#7B8ABD" align="center"|
4. What kind of help is required either from the Reviewers or from the OWASP Community?
| colspan="2" style="width:75%; background:#cccccc" align="left"|I'm pleased with the current help and support from the Reviewers and OWASP Community. THANKS.
|}

OWASP OpenPGP Extensions for HTTP Project - Assessment Frame

2009-03-15T14:50:09Z

Buanzo:

[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|Click here to return to project's main page]].
{| style="width:100%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="1" style="width:85%; background:#cccccc" align="left"|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp Project'''
|}
{| style="width:100%" border="0" align="center"
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS - OWASP Summer of Code 2008
|-
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| style="width:22%; background:#b3b3b3" align="center"|'''Author's Self Evaluation''' [[User:Buanzo|'''Arturo 'Buanzo' Busleiman''']]
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer''' [[User:Mroxberr|'''Mark Roxberry''']]
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer''' [[User:Dinis.cruz|'''Dinis Cruz''']] [[User:Bradcausey|Brad Causey]]
| style="width:21%; background:#b3b3b3" align="center"|'''OWASP Board Member''' (not applicable)
|-
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|Self-Evaluation (A)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|First Reviewer (C)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|Second Reviewer (E)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- Which status has been reached? '''Beta Quality''' --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|Self-Evaluation (B)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Alpha Quality''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|First Reviewer (D)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Alpha Quality''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|Second Reviewer (F)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|}

OWASP Latin America AppSec 2009 Conference

2008-11-20T13:37:41Z

Buanzo: buenos aires

= Organization Team =

'''Argentina'''
* [mailto:buanzo@buanzo.com.ar Arturo "Buanzo" Busleiman]

'''Brasil'''
* [mailto:assad@cesar.org.br Rodrigo Assad]
* [mailto:clebeer@gmail.com Cleber]
* [mailto:daniel.oliveira.rodrigues@gmail.com Daniel Rodrigues]
* [mailto:deigratia33@gmail.com Marcos Aurélio Rodrigues]
* [mailto:eduardo.neves@owasp.org.br Eduardo Vianna de Camargo Neves]
* [mailto:alberto@computer.org Alberto Fabiano]
* [mailto:eduardoalves19@gmail.com Eduardo Alves]
* [mailto:leonardocavallari@gmail.com Leonardo Cavallari Militelli]
* [mailto:pedro.forum@gmail.com Pedro Arthur]
* [mailto:thiagoalz@gmail.com Thiago Alvarenga Lechuga]
* [mailto:uss.thebug@gmail.com Ulisses Castro]
* [mailto:welias@conviso.com.br Wagner Elias]

'''USA'''
* [mailto:kuai.hinojosa@owasp.org Kuai Hinojosa]

= Venue =

Where this event should be hosted? Think not only about location but also logistics, travel costs, security and other aspects that can affect the participants.

== Ideas ==

'''Brasil'''

* Curitiba
* Recife

'''Argentina'''

* Buenos Aires City

Argentina has a nice DOLLAR-PESO Exchange, lots of potential venues and a nice local security community. However, there seems to be a bigger owasp work-force in Brasil than Argentina (see above!).

OWASP Working Session - OWASP Intra Governmental Affairs

2008-11-01T11:52:05Z

Buanzo:

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#b3b3b3; color:white"|'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP Intra Governmental Affairs'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|Effectively Integrating OWASP into Gov't
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
If any, add a link.
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
| style="width:25%; background:#cccccc" align="center"|'''Chair''' David Campbell
| style="width:25%; background:#cccccc" align="center"|'''Secretary''' [mailto:puneet.mehta@owasp.org '''Puneet Mehta'''] , [mailto:dhruv.soi@owasp.org '''Dhruv Soi''']
| style="width:25%; background:#cccccc" align="center"|'''Mailing list''' [https://lists.owasp.org/mailman/listinfo/owasp-intra-governmental-affairs '''Subscription Page''']
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION SPECIFICS'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
* Identify top reasons and driving factors to work with Government of different countries,
* Identify potential areas where OWASP and Government can work together,
* Discuss Measurable benefits,
* Identify possible ways on how to approach this initiative.
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
| style="width:25%; background:#cccccc" align="center"|'''Venue''' [[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
| style="width:25%; background:#cccccc" align="center"|'''Date&Time''' November 5 & 7, 2008 Time TBD
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model''' "Everybody is a Participant"
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}

{|style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OPERATIONAL RESOURCES'''
|-
| style="width:100%; background:#cccccc" align="center"|Projector, also wireless connection for conferencing in remote participants.
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION ADDITIONAL DETAILS'''
|-
| style="width:100%; background:#cccccc" align="left"|
[https://www.owasp.org/images/9/9a/OWASP_EU_Summit_2008_Intra_govt_affairs_DC.ppt Presentation] prepared by Puneet to seed discussion. Feel free to expand and update with additional info.
|}
{| style="width:100%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES'''
|-
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group'''
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Mission or goal statement.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Prioritized list of potential areas where OWASP can work with Government.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Roadmap / Model to approach this initiative.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Identify Team / committee to lead this initiative.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|}
== Working Session Participants ==
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION PARTICIPANTS'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:15%; background:#cccccc" align="center"|'''Name'''
| style="width:15%; background:#cccccc" align="center"|'''Company'''
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''
|-
| style="width:7%; background:#7B8ABD" align="center"|1
| style="width:15%; background:#cccccc" align="center"|David Campbell
| style="width:15%; background:#cccccc" align="center"|OWASP Denver
| style="width:63%; background:#cccccc" align="center"|Experience w/ US Govt. agencies
|-
| style="width:7%; background:#7B8ABD" align="center"|2
| style="width:15%; background:#cccccc" align="center"|Puneet Mehta
| style="width:15%; background:#cccccc" align="center"|OWASP Delhi
| style="width:63%; background:#cccccc" align="center"|Experience w/ India Govt. Agencies
|-
| style="width:7%; background:#7B8ABD" align="center"|3
| style="width:15%; background:#cccccc" align="center"|Sion Camilleri
| style="width:15%; background:#cccccc" align="center"|OWASP Belgium
| style="width:63%; background:#cccccc" align="center"|Experience w/ Australian, UK, NATO, and other International/EU Commission Government Agencies
|-
| style="width:7%; background:#7B8ABD" align="center"|4
| style="width:15%; background:#cccccc" align="center"|Colin Watson
| style="width:15%; background:#cccccc" align="center"|Watson Hall
| style="width:63%; background:#cccccc" align="center"|Raising awareness of OWASP in government agencies
|-
| style="width:7%; background:#7B8ABD" align="center"|5
| style="width:15%; background:#cccccc" align="center"|Rex Booth
| style="width:15%; background:#cccccc" align="center"|Grant Thornton LLP
| style="width:63%; background:#cccccc" align="center"|Experience with US gov. agencies
|-
| style="width:7%; background:#7B8ABD" align="center"|6
| style="width:15%; background:#cccccc" align="center"|Lucas C. Ferreira
| style="width:15%; background:#cccccc" align="center"|Brazilian Parliament
| style="width:63%; background:#cccccc" align="center"|Work for Brazilian government
|-
| style="width:7%; background:#7B8ABD" align="center"|7
| style="width:15%; background:#cccccc" align="center"|Arturo 'Buanzo' Busleiman
| style="width:15%; background:#cccccc" align="center"|Independent
| style="width:63%; background:#cccccc" align="center"|I have certain vinculations with the Argentinian government.
|-
| style="width:7%; background:#7B8ABD" align="center"|8
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|9
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|10
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|}
If needed add here more lines.

[[Category:OWASP_Working_Session]]

OWASP Working Session - Code Review Guide

2008-11-01T11:51:28Z

Buanzo:

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#b3b3b3; color:white"|'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''Code Review Guide'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|TBD
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
[[:Category:OWASP Code Review Project|OWASP Code Review Project]]
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
| style="width:25%; background:#cccccc" align="center"|'''Chair''' [mailto:eoin.keary(at)owasp.org '''Eoin Keary''']
| style="width:25%; background:#cccccc" align="center"|'''Secretary''' [mailto:name(at)name '''TBD''']
| style="width:25%; background:#cccccc" align="center"|'''Mailing list''' [https://lists.owasp.org/mailman/listinfo/owasp-codereview '''Subscription Page''']
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION SPECIFICS'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
* Discuss next version of code review guide.
* Discuss industry requirements for code review.
* Discuss academic versus practical ramifications of guide.
* Brainstorm: Ideas for integration with other projects and tools.
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
| style="width:25%; background:#cccccc" align="center"|'''Venue''' [[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
| style="width:25%; background:#cccccc" align="center"|'''Date&Time''' November 5 & 6, 2008 Time TBD
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model''' "Everybody is a Participant"
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}

{|style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OPERATIONAL RESOURCES'''
|-
| style="width:100%; background:#cccccc" align="center"|Whteboard and Pens, Projector, Coffee :)
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION ADDITIONAL DETAILS'''
|-
| style="width:100%; background:#cccccc" align="left"|
Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.
|}
{| style="width:100%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES'''
|-
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group'''
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Develop a roadmap for the code review guide: Technologies, approaches.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|}
== Working Session Participants ==
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION PARTICIPANTS'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:15%; background:#cccccc" align="center"|'''Name'''
| style="width:15%; background:#cccccc" align="center"|'''Company'''
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''
|-
| style="width:7%; background:#7B8ABD" align="center"|1
| style="width:15%; background:#cccccc" align="center"|Paolo Perego (aka thesp0nge)
| style="width:15%; background:#cccccc" align="center"|Spike Reply
| style="width:63%; background:#cccccc" align="center"|Owasp Orizon - Project Leader
|-
| style="width:7%; background:#7B8ABD" align="center"|2
| style="width:15%; background:#cccccc" align="center"|David Rook
| style="width:15%; background:#cccccc" align="center"|Realex Payments
| style="width:63%; background:#cccccc" align="center"|Contributor to Code Review Guide
|-
| style="width:7%; background:#7B8ABD" align="center"|3
| style="width:15%; background:#cccccc" align="center"|Giorgio Fedon
| style="width:15%; background:#cccccc" align="center"|Minded Security
| style="width:63%; background:#cccccc" align="center"|Very interested in the topic
|-
| style="width:7%; background:#7B8ABD" align="center"|4
| style="width:15%; background:#cccccc" align="center"| Matteo Meucci
| style="width:15%; background:#cccccc" align="center"| Minded Security
| style="width:63%; background:#cccccc" align="center"| Interested in integrating OWASP big 4: Dev, Code Review, Testing, ADSR
|-
| style="width:7%; background:#7B8ABD" align="center"|5
| style="width:15%; background:#cccccc" align="center"|Kuai Hinojosa
| style="width:15%; background:#cccccc" align="center"|OWASP (MSP) Chapter Leader
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|6
| style="width:15%; background:#cccccc" align="center"|James Walden
| style="width:15%; background:#cccccc" align="center"|NKU
| style="width:63%; background:#cccccc" align="center"|OWASP Source Code Analysis Project
|-
| style="width:7%; background:#7B8ABD" align="center"|7
| style="width:15%; background:#cccccc" align="center"|Wagner Elias
| style="width:15%; background:#cccccc" align="center"|Conviso IT Security
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|8
| style="width:15%; background:#cccccc" align="center"|Arturo 'Buanzo' Busleiman
| style="width:15%; background:#cccccc" align="center"|Independent
| style="width:63%; background:#cccccc" align="center"|Eoin looks passionate about the subject. I want to be near! :)
|-
| style="width:7%; background:#7B8ABD" align="center"|9
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|10
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|}
If needed add here more lines.

[[Category:OWASP_Working_Session]]

OWASP Working Session Top 10 2009

2008-11-01T11:49:18Z

Buanzo:

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#b3b3b3; color:white"|'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP Top 10 2009'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|Aims to provide a key awareness document for web application security.
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|[[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
| style="width:25%; background:#cccccc" align="center"|'''Chair''' [mailto:dave.wichers(at)owasp.org '''Dave Wichers''']
| style="width:25%; background:#cccccc" align="center"|'''Secretary''' [mailto:jeff.williams(at)owasp.org '''Jeff Williams''']
| style="width:25%; background:#cccccc" align="center"|'''Mailing list''' [https://lists.owasp.org/mailman/listinfo/owasp-topten '''Subscription Page''']
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION SPECIFICS'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
* Discuss current Top10 structure and objectives,
* Identify which information sources will be considered for analysis, Eg:
** MITRE
** Compromise DB's (Attrition, WASC etc) and bias due to reporting
** Anonomised penetration test results and the difficulty in obtaining
* Define methodology to collect attacks statistics,
* Define prioritisation approach
** Agree weighting between current or emerging threats
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
| style="width:25%; background:#cccccc" align="center"|'''Venue''' [[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
| style="width:25%; background:#cccccc" align="center"|'''Date&Time''' November 5 & 7, 2008 Time TBD
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model''' "Participants + Attendees"
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}

{|style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OPERATIONAL RESOURCES'''
|-
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION ADDITIONAL DETAILS'''
|-
| style="width:100%; background:#cccccc" align="left"|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.

Potential Resources:

* [http://cve.mitre.org/cve/ MITRE's Common Vulnerability Enumeration (CVE) Database]

* The [http://www.webappsec.org/projects/whid/whid.shtml WASC Web Hacking Incidents Database]

* The [http://www.webappsec.org/projects/statistics/ 2007 WASC Web Application Security Statistics Report]
|}
{| style="width:100%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES'''
|-
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group'''
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|The sources of input for the 2009 Top 10 will be identified.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|The ordering scheme for the Top 10 will be determined.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Discussion of whether the existing document structure should be maintained or adjusted.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|}
''''''Bold text''''''== Working Session Participants ==
(Add your name by editing this table. On the right, just above this frame, you have the option to edit)
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION PARTICIPANTS'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:15%; background:#cccccc" align="center"|'''Name'''
| style="width:15%; background:#cccccc" align="center"|'''Company'''
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''
|-
| style="width:7%; background:#7B8ABD" align="center"|1
| style="width:15%; background:#cccccc" align="center"|Paolo Perego
| style="width:15%; background:#cccccc" align="center"|Spike Reply
| style="width:63%; background:#cccccc" align="center"|As penetration tester it woud be great to me to participating in writing the new Top 10. As code reviewer and Orizon project leader it would be very interesting in scouting dynamic threats in order to add some dynamic feature to my tool.
|-
| style="width:7%; background:#7B8ABD" align="center"|2
| style="width:15%; background:#cccccc" align="center"|David Campbell
| style="width:15%; background:#cccccc" align="center"|OWASP Denver
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|3
| style="width:15%; background:#cccccc" align="center"|Robert Mann
| style="width:15%; background:#cccccc" align="center"|RBS / ABN AMRO
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|4
| style="width:15%; background:#cccccc" align="center"|Troy Leach
| style="width:15%; background:#cccccc" align="center"|[https://www.pcisecuritystandards.org/ PCI Security Standards Council]
| style="width:63%; background:#cccccc" align="center"|Technical Director
|-
| style="width:7%; background:#7B8ABD" align="center"|5
| style="width:15%; background:#cccccc" align="center"|Eoin Keary
| style="width:15%; background:#cccccc" align="center"|Ernst & Young. Long time OWASP member (Code and Testing guides)
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|6
| style="width:15%; background:#cccccc" align="center"| Matteo Meucci
| style="width:15%; background:#cccccc" align="center"| Minded Security
| style="width:63%; background:#cccccc" align="center"| I'd like to discuss about a new way to create the Top10 from the OWASP Community
|-
| style="width:7%; background:#7B8ABD" align="center"|7
| style="width:15%; background:#cccccc" align="center"|Giorgio Fedon
| style="width:15%; background:#cccccc" align="center"|Minded Security
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|8
| style="width:15%; background:#cccccc" align="center"|Andrea Cogliati
| style="width:15%; background:#cccccc" align="center"|OWASP Rochester, NY
| style="width:63%; background:#cccccc" align="center"|I volunteered as a technical writer
|-
| style="width:7%; background:#7B8ABD" align="center"|9
| style="width:15%; background:#cccccc" align="center"|Christian Martorella
| style="width:15%; background:#cccccc" align="center"|S21sec
| style="width:63%; background:#cccccc" align="center"|Interested in participating on the creating the Top 10, share some ideas.
|-
| style="width:7%; background:#7B8ABD" align="center"|10
| style="width:15%; background:#cccccc" align="center"|Nishi Kumar
| style="width:15%; background:#cccccc" align="center"|Systems Architect (FIS) Global Web Development Group
| style="width:63%; background:#cccccc" align="center"|Interested in participating and sharing ideas

|-
| style="width:7%; background:#7B8ABD" align="center"|11
| style="width:15%; background:#cccccc" align="center"| Tom Brennan
| style="width:15%; background:#cccccc" align="center"| OWASP/WhiteHat Security
| style="width:63%; background:#cccccc" align="center"| Want to discuss some of the stats we can share with OWASP

|-
| style="width:7%; background:#7B8ABD" align="center"|12
| style="width:15%; background:#cccccc" align="center"| Georg Hess
| style="width:15%; background:#cccccc" align="center"| OWASP Germany
| style="width:63%; background:#cccccc" align="center"| mainly to get some insight into the process
|

|-
| style="width:7%; background:#7B8ABD" align="center"|12
| style="width:15%; background:#cccccc" align="center"| Arturo 'Buanzo' Busleiman
| style="width:15%; background:#cccccc" align="center"| Independent
| style="width:63%; background:#cccccc" align="center"| Expert Contributor for SANS TOP20 since 2005. want to contribute here.
|}

If needed add here more lines.

[[Category:OWASP_Working_Session]]

Working Session Winter of Code 2009

2008-11-01T11:46:30Z

Buanzo:

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#b3b3b3; color:white"|'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP Winter of Code 2009'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|Aims to define the next OWASP Season of Code frame.
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
*[[:OWASP Summer of Code 2008|OWASP Summer of Code 2008]],
*[[:OWASP Spring Of Code 2007|OWASP Spring Of Code 2007]],
*[[:OWASP Autumn Of Code 2006|OWASP Autumn Of Code 2006]].
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
| style="width:25%; background:#cccccc" align="center"|'''Chair''' [mailto:dinis.cruz(at)owasp.org '''Dinis Cruz'''], [mailto:seba(at)owasp.org '''Sebastien Deleersnyder''']
| style="width:25%; background:#cccccc" align="center"|'''Secretary''' [mailto:paulo.coimbra(at)owasp.org '''Paulo Coimbra''']
| style="width:25%; background:#cccccc" align="center"|'''Mailing list''' [https://lists.owasp.org/mailman/listinfo/owasp-winter-of-code-2009 '''Subscription Page''']
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION SPECIFICS'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
* Define the operation model for the next OWASP Season of Code (the Winter of Code 08),
* Identify which areas should receive priority selection,
* Create 'virtual teams' from the attendees and allocate them to key projects,
* Discuss sponsoring models.
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
| style="width:25%; background:#cccccc" align="center"|'''Venue''' [[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
| style="width:25%; background:#cccccc" align="center"|'''Date&Time''' November 4 & 7, 2008 Time TBD
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model''' "Everybody is a Participant"
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}

{|style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OPERATIONAL RESOURCES'''
|-
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION ADDITIONAL DETAILS'''
|-
| style="width:100%; background:#cccccc" align="center"|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution
|}
{| style="width:100%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES'''
|-
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group'''
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''
|-
| style="width:7%; background:#7B8ABD" align="center"|Initiative
| style="width:46%; background:#C2C2C2" align="center"|OWASP Winter of Code 08 plan.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|Decision
| style="width:46%; background:#C2C2C2" align="center"|Set of projects for immediate approval (assuming the proposal is ready).
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|}
== Working Session Participants ==
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION PARTICIPANTS'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:15%; background:#cccccc" align="center"|'''Name'''
| style="width:15%; background:#cccccc" align="center"|'''Company'''
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''
|-
| style="width:7%; background:#7B8ABD" align="center"|1
| style="width:15%; background:#cccccc" align="center"| Eduardo Vianna de Camargo Neves
| style="width:15%; background:#cccccc" align="center"| Conviso IT Security
| style="width:63%; background:#cccccc" align="center"| Understand how we can help the initiative and participate to continue the Positive Security project.
|-
| style="width:7%; background:#7B8ABD" align="center"|2
| style="width:15%; background:#cccccc" align="center"|Leonardo Cavallari Militelli
| style="width:15%; background:#cccccc" align="center"|E-VAL Tecnologia
| style="width:63%; background:#cccccc" align="center"|Share feelings from other 2 season of code, discuss improvements for WoC and continue ASDR development.
|-
| style="width:7%; background:#7B8ABD" align="center"|3
| style="width:15%; background:#cccccc" align="center"|Matt Tesauro
| style="width:15%; background:#cccccc" align="center"|OWASP Live CD 2008 Project Lead
| style="width:63%; background:#cccccc" align="center"|Discuss what worked and didn't work with the SoC. Give some input on how to spread the word about OWASP's XoC's
|-
| style="width:7%; background:#7B8ABD" align="center"|4
| style="width:15%; background:#cccccc" align="center"| Matteo Meucci
| style="width:15%; background:#cccccc" align="center"| Minded Security, OWASP Testing Guide
| style="width:63%; background:#cccccc" align="center"| Discuss new ideas about projects. Should OWASP says which projects develop?
|-
| style="width:7%; background:#7B8ABD" align="center"|5
| style="width:15%; background:#cccccc" align="center"| Carlo Pelliccioni
| style="width:15%; background:#cccccc" align="center"| Symantec, OWASP Backend Security Project
| style="width:63%; background:#cccccc" align="center"| Discuss about the next OWASP sponsorship to share new ideas.
|-
| style="width:7%; background:#7B8ABD" align="center"|6
| style="width:15%; background:#cccccc" align="center"|Christian Martorella
| style="width:15%; background:#cccccc" align="center"|Edge-Security, WebSlayer Project
| style="width:63%; background:#cccccc" align="center"|Interested in the topic
|-
| style="width:7%; background:#7B8ABD" align="center"|7
| style="width:15%; background:#cccccc" align="center"|Eoin Keary
| style="width:15%; background:#cccccc" align="center"|Code review guide lead
| style="width:63%; background:#cccccc" align="center"|What next for the sponsored prjoects?
|-
| style="width:7%; background:#7B8ABD" align="center"|8
| style="width:15%; background:#cccccc" align="center"|Arturo 'Buanzo' Busleiman
| style="width:15%; background:#cccccc" align="center"|Independent
| style="width:63%; background:#cccccc" align="center"|Project Leader in 07 and 08, past experience.
|-
| style="width:7%; background:#7B8ABD" align="center"|9
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|10
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|}
If needed add here more lines.

[[Category:OWASP_Working_Session]]

OWASP Working Session - OWASP Tools Projects

2008-11-01T11:45:03Z

Buanzo:

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#b3b3b3; color:white"|'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP Tools Projects'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The working session for OWASP Tools will address standards for Tool development at OWASP. This is will include standards for documentation, supporting tools via Books, How-Tos, Webcasts, Podcasts. We will also dive deep into the OWASP Project Assessment.
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
[[:Category:OWASP Project|OWASP Tools Projects]]
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
| style="width:25%; background:#cccccc" align="center"|'''Chair''' [mailto:mark.roxberry(at)owasp.org '''Mark Roxberry''']
| style="width:25%; background:#cccccc" align="center"|'''Secretary''' [mailto:mtesauro(at)gmail.com '''Matt Tesauro''']
| style="width:25%; background:#cccccc" align="center"|'''Mailing list''' [https://lists.owasp.org/mailman/listinfo/owasp-tools-projects '''Subscription Page''']
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION SPECIFICS'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|
* Discuss documentation procedures.
* Book creation procedure.
* Review OWASP Project Assessment.
|-
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
| style="width:25%; background:#cccccc" align="center"|'''Venue''' [[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
| style="width:25%; background:#cccccc" align="center"|'''Date&Time''' November 4 & 7, 2008 Time TBD
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model''' "Participants + Attendees"
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}

{|style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OPERATIONAL RESOURCES'''
|-
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:white; color:white"|
|}
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION ADDITIONAL DETAILS'''
|-
| style="width:100%; background:#cccccc" align="left"|
Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.
|}
{| style="width:100%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES'''
|-
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group'''
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
|}
== Working Session Participants ==
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION PARTICIPANTS'''
|-
| style="width:7%; background:#7B8ABD" align="center"|
| style="width:15%; background:#cccccc" align="center"|'''Name'''
| style="width:15%; background:#cccccc" align="center"|'''Company'''
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''
|-
| style="width:7%; background:#7B8ABD" align="center"|1
| style="width:15%; background:#cccccc" align="center"|Paulo Coimbra
| style="width:15%; background:#cccccc" align="center"|OWASP
| style="width:63%; background:#cccccc" align="center"|Has contributed to the current OWASP Assessment Criteria.
|-
| style="width:7%; background:#7B8ABD" align="center"|2
| style="width:15%; background:#cccccc" align="center"|Rogan Dawes
| style="width:15%; background:#cccccc" align="center"|Corsaire
| style="width:63%; background:#cccccc" align="center"|WebScarab lead
|-
| style="width:7%; background:#7B8ABD" align="center"|3
| style="width:15%; background:#cccccc" align="center"|Andrew Petukhov
| style="width:15%; background:#cccccc" align="center"|Moscow State University
| style="width:63%; background:#cccccc" align="center"|Access Control Rules Tester lead
|-
| style="width:7%; background:#7B8ABD" align="center"|4
| style="width:15%; background:#cccccc" align="center"|Christian Martorella
| style="width:15%; background:#cccccc" align="center"|Edge-Security
| style="width:63%; background:#cccccc" align="center"|WebSlayer lead
|-
| style="width:7%; background:#7B8ABD" align="center"|5
| style="width:15%; background:#cccccc" align="center"|Arturo 'Buanzo' Busleiman
| style="width:15%; background:#cccccc" align="center"|Independent
| style="width:63%; background:#cccccc" align="center"|Enigform & mod_openpgp SOC07/08
|-
| style="width:7%; background:#7B8ABD" align="center"|6
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|7
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|8
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|9
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|10
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|-
| style="width:7%; background:#7B8ABD" align="center"|11
| style="width:15%; background:#cccccc" align="center"|
| style="width:15%; background:#cccccc" align="center"|
| style="width:63%; background:#cccccc" align="center"|
|}
If needed add here more lines.

[[Category:OWASP_Working_Session]]

OWASP EU Summit 2008 ES Spanish

2008-10-13T16:46:32Z

Buanzo:

'''translation work in progress'''

== Translation of the official press release to Spanish ==

'''Cumbre Europea de OWASP en Portugal''' 
''Portugal y Algarve - 4 al 7 de Noviembre de 2008''

Organizando la Agenda 2009 de la Seguridad en Aplicaciones Web: OWASP los invita a participar de nuestra Cumbre en Portugal
http://www.owasp.org/index.php/OWASP_EU_Summit_2008_ES_Spanish

Bajo el lema 'Organizando la Agenda 2009 de la Seguridad en Aplicaciones Web', la Cumbre OWASP será un encuentro mundial de líderes de OWASP y participantes clave de la industria que presentarán y discutirán las últimas herramientas OWASP, proyectos de documentación y tendencias en seguridad de aplicaciones web. Unase a nosotros en Portugal dentro de pocas semanas! Este evento contiene una vasta selección de cursos de entrenamiento, y charlas técnicas y de negocios, lo que lo convierte en EL evento donde aprender sobre seguridad en aplicaciones web, y sobre los recursos que OWASP tiene disponibles para utilizarse hoy.

OWASP es una organización sin fines de lucro con el propósito de dar soporte a la comunidad de la Seguridad en Aplicaciones Web, y ha otorgado $250.000 dólares para investigación en dicha área. Más allá de las 40 presentaciones de los Líderes OWASP y beneficiarios de los fondos de investigación, la Cumbre OWASP será el anfitrión de múltiples Sesiones de Trabajo diseñadas para mejorar la colaboración, obtener objetivos específicos e identificar los próximos pasos para los proyectos, capítulos y comunidad OWASP.

Para lograr este evento, OWASP invierte $150.000 dólares que serán utilizados para cubrir los gastos de alojamiento y viajes de los líderes OWASP, contribuidores activos, y líderes de la industria seleccionados quienes con su confirmada presencia (vea la lísta aquí: http://spreadsheets.google.com/pub?key=pAX6n7m2zaTVLrPtR07riBA) la Cumbre OWASP proveerá un cómodo pero profesional entorno donde encontrarse, discutir, influenciar y contribuir a los proyectos OWASP.

La Cumbre OWASP será también el anfitrión de una gran y diversa selección de cursos de entrenamiento, los cuales cubrirán múltiples tématicas específicas a OWASP y a la Seguridad en Aplicaciones Web.

El notable impacto de la OWASP es posible sólo por la colaboración de muchas personas dedicadas y organizaciones de todo el mundo. En el espíritu de la colaboración, OWASP invita a todos sus miembros y a todos los interesados, individuos y empresas por igual, a participar de este impactante evento. Por favor, únase y ayude a organizar la Agenda de Seguridad en Aplicaciones Web 2009!

En cuanto a las cuestiones de Patrocinio, aún hay algunas oportunidades disponibles (vea: http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Sponsors) – no pierda la oportunidad de asociar su marca a este notable evento de alcance mundial!

Siga leyendo para obtener detalles adicionales sobre la Cumbre OWASP, o visite el sitio web de la mísma: http://www.owasp.org/index.php/OWASP_EU_Summit_2008.

'''Proyectos'''

Los proyectos OWASP seleccionados para ser presentados en la Cumbre incluyen nueva documentación e innovadores herramientas para ayudar a los desarrolladores, arquitectos y especialistas a asegurarse que las aplicaciones son seguras:

* Estándar de Verificación de Seguridad de Aplicación,
* Guía de Revisión de Código, v1.1,
* Guía de Seguridad Ruby on Rails v2,
* Securizando WebGoat utilizando ModSecurity,
* Guía de Testeo v3,
* Interfaz gráfica GTK+ para el proyecto w3af,
* Testeo de Reglas de Control de Acceso,
* AntiSamy .NET,
* Proyectos Live CD & DVD,
* Extensiones OpenPGP para HTTP,
* Proyecto Orizon,
* Análisis Estático en Python,
* WebScarab-NG,
* ... y muchos, muchos más!

'''Sesiones de Trabajo'''

Junto con la presencia de diversos líderes de la industria de la seguridad de aplicaciones, las sesiones de trabajo cubrirán un gran rango de temáticas, a saber:

* OWASP Top 10 2009,
* Seguridad de Navegadores,
* Seguridad de Frameworks para Aplicaciones Web,
* Proyecto API de Seguridad Corporativa,
* Prácticas Recomendadas para Líderes de Capítulos OWASP,
* Proyectos OWASP de Documentación,
* Proyectos OWASP de Herramientas,
* Proyecto OWASP Educativo,
* Planeamiento Estratégico OWASP 2009,
* Certificación OWASP,
* OWASP Invierno de Código 2009
* Internacionalización de Contenido OWASP en ambos sentidos.
* ... y muchos más.

'''Entrenamiento'''

Estos cursos de 2, 1 o medio día cubren un amplio rango de temas vinculados a OWASP y a la Seguridad en Aplicaciones Web:

* OWASP Top 10 - Lo que los desarrolladores deberían saber sobre la Seguridad en Aplicaciones Web
* Descubriendo los Tesoros Ocultos de WebScarab
* Securizando WebGoat con ModSecurity
* Programación Segura en Java
* Testeo Avanzado de Seguridad en Aplicaciones Web
* Creando Aplicaciones Web 2.0 Seguras
* Creando Servicios Web Seguros
* Creando Aplicaciones Web Seguras utilizando la API OWASP de Seguridad Corporativa (ESAPI)
* Seguridad clásica para ASP utilizando herramientas OWASP
* Evaluando Aplicaciones Web
* Hackeando el proyecto OWASP Orizon v1.0
* Seguridad en AJAX
* Penetration Testing Práctico: Piense como un atacante para detener ataques.
* Explotación de Software en Linux
* Securización de servicios y servidores Web utilizando SELinux

Contacto Principal:

Kate Hartmann 
OWASP Operations Director 
9175 Guilford Road, Suite 300 
Columbia, MD 21046, USA 
Teléfono: +1-301-575-0189 
Fax: +1-301-604-8033 
Email: kate.hartmann@owasp.org

OWASP EU Summit 2008 ES Spanish

2008-10-13T16:32:08Z

Buanzo:

'''translation work in progress'''

== Translation of the official press release to Spanish ==

'''Cumbre Europea de OWASP en Portugal''' 
''Portugal y Algarve - 4 al 7 de Noviembre de 2008''

Organizando la Agenda 2009 de la Seguridad en Aplicaciones Web: OWASP los invita a participar de nuestra Cumbre en Portugal
http://www.owasp.org/index.php/OWASP_EU_Summit_2008_ES_Spanish

Bajo el lema 'Organizando la Agenda 2009 de la Seguridad en Aplicaciones Web', la Cumbre OWASP será un encuentro mundial de líderes de OWASP y participantes clave de la industria que presentarán y discutirán las últimas herramientas OWASP, proyectos de documentación y tendencias en seguridad de aplicaciones web. Unase a nosotros en Portugal dentro de pocas semanas! Este evento contiene una vasta selección de cursos de entrenamiento, y charlas técnicas y de negocios, lo que lo convierte en EL evento donde aprender sobre seguridad en aplicaciones web, y sobre los recursos que OWASP tiene disponibles para utilizarse hoy.

OWASP es una organización sin fines de lucro con el propósito de dar soporte a la comunidad de la Seguridad en Aplicaciones Web, y ha otorgado $250.000 dólares para investigación en dicha área. Más allá de las 40 presentaciones de los Líderes OWASP y beneficiarios de los fondos de investigación, la Cumbre OWASP será el anfitrión de múltiples Sesiones de Trabajo diseñadas para mejorar la colaboración, obtener objetivos específicos e identificar los próximos pasos para los proyectos, capítulos y comunidad OWASP.

Para lograr este evento, OWASP invierte $150.000 dólares que serán utilizados para cubrir los gastos de alojamiento y viajes de los líderes OWASP, contribuidores activos, y líderes de la industria seleccionados quienes con su confirmada presencia (vea la lísta aquí: http://spreadsheets.google.com/pub?key=pAX6n7m2zaTVLrPtR07riBA) la Cumbre OWASP proveerá un cómodo pero profesional entorno donde encontrarse, discutir, influenciar y contribuir a los proyectos OWASP.

La Cumbre OWASP será también el anfitrión de una gran y diversa selección de cursos de entrenamiento, los cuales cubrirán múltiples tématicas específicas a OWASP y a la Seguridad en Aplicaciones Web.

El notable impacto de la OWASP es posible sólo por la colaboración de muchas personas dedicadas y organizaciones de todo el mundo. En el espíritu de la colaboración, OWASP invita a todos sus miembros y a todos los interesados, individuos y empresas por igual, a participar de este impactante evento. Por favor, únase y ayude a organizar la Agenda de Seguridad en Aplicaciones Web 2009!

En cuanto a las cuestiones de Patrocinio, aún hay algunas oportunidades disponibles (vea: http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Sponsors) – no pierda la oportunidad de asociar su marca a este notable evento de alcance mundial!

Siga leyendo para obtener detalles adicionales sobre la Cumbre OWASP, o visite el sitio web de la mísma: http://www.owasp.org/index.php/OWASP_EU_Summit_2008.

'''Proyectos'''

OWASP projects selected for Summit presentation include new documentation and innovative tools to help developers, architects, and security specialists ensure that applications are secure:

* Application Security Verification Standard,
* Code review guide, V1.1,
* Ruby on Rails Security Guide v2,
* Securing WebGoat using ModSecurity,
* Testing Guide v3,
* GTK+ GUI for w3af project,
* Access Control Rules Tester,
* AntiSamy .NET,
* Live CD & DVD Project,
* OpenPGP Extensions for HTTP,
* Orizon Project,
* Python Static Analysis,
* WebScarab-NG,
* And many, many others.

'''Working Sessions'''

Expecting the presence of the application security industry key players, the Working Sessions will cover a wide range of issues such as:

* OWASP Top 10 2009,
* Browser Security,
* Web Application Framework Security,
* Enterprise Security API Project,
* Best Practices for OWASP Chapter Leaders,
* OWASP Documentation Projects,
* OWASP Tools Projects,
* OWASP Education Project,
* OWASP Strategic Planning for 2009,
* OWASP Certification,
* OWASP Winter of Code 2009
* Two-way Internationalization of OWASP Content
* And many more.

'''Training'''

These 2-day, 1-day or 1/2-day training courses cover a wide range of OWASP specific and Web Application Security Topics:

* OWASP Top 10 - What Developers Should Know on Web Application Security
* Uncovering WebScarab's Secret Treasures
* Securing WebGoat with ModSecurity
* Secure Programming with Java
* Advanced Web Application Security Testing
* Building Secure Web 2.0 Applications
* Building Secure Web Services
* Building Secure Web Applications with OWASP's Enterprise Security API (ESAPI)
* Classic ASP Security using OWASP tools
* Web Application Assessments
* Hacking Owasp Orizon Project v1.0
* Ajax Security
* Practical Penetration Testing: Think Like an Attacker to Stop Attacks
* Linux Software Exploitation
* Web server/services hardening using SELinux

Main Contact:

Kate Hartmann 
OWASP Operations Director 
9175 Guilford Road, Suite 300 
Columbia, MD 21046, USA 
Phone: +1-301-575-0189 
Facsimile: +1-301-604-8033 
Email: kate.hartmann@owasp.org

OWASP EU Summit 2008 ES Spanish

2008-10-13T16:26:37Z

Buanzo:

'''translation work in progress'''

== Translation of the official press release to Spanish ==

'''Cumbre Europea de OWASP en Portugal''' 
''Portugal y Algarve - 4 al 7 de Noviembre de 2008''

Organizando la Agenda 2009 de la Seguridad en Aplicaciones Web: OWASP los invita a participar de nuestra Cumbre en Portugal
http://www.owasp.org/index.php/OWASP_EU_Summit_2008_ES_Spanish

Bajo el lema 'Organizando la Agenda 2009 de la Seguridad en Aplicaciones Web', la Cumbre OWASP será un encuentro mundial de líderes de OWASP y participantes clave de la industria que presentarán y discutirán las últimas herramientas OWASP, proyectos de documentación y tendencias en seguridad de aplicaciones web. Unase a nosotros en Portugal dentro de pocas semanas! Este evento contiene una vasta selección de cursos de entrenamiento, y charlas técnicas y de negocios, lo que lo convierte en EL evento donde aprender sobre seguridad en aplicaciones web, y sobre los recursos que OWASP tiene disponibles para utilizarse hoy.

OWASP es una organización sin fines de lucro con el propósito de dar soporte a la comunidad de la Seguridad en Aplicaciones Web, y ha otorgado $250.000 dólares para investigación en dicha área. Más allá de las 40 presentaciones de los Líderes OWASP y beneficiarios de los fondos de investigación, la Cumbre OWASP será el anfitrión de múltiples Sesiones de Trabajo diseñadas para mejorar la colaboración, obtener objetivos específicos e identificar los próximos pasos para los proyectos, capítulos y comunidad OWASP.

Para lograr este evento, OWASP invierte $150.000 dólares que serán utilizados para cubrir los gastos de alojamiento y viajes de los líderes OWASP, contribuidores activos, y líderes de la industria seleccionados quienes con su confirmada presencia (vea la lísta aquí: http://spreadsheets.google.com/pub?key=pAX6n7m2zaTVLrPtR07riBA) la Cumbre OWASP proveerá un cómodo pero profesional entorno donde encontrarse, discutir, influenciar y contribuir a los proyectos OWASP.

The OWASP Summit will also host a large and diverse selection of training courses, covering multiple OWASP specific and Web Application Security Topics.

The remarkable impact of OWASP is made possible only by the collaboration of many dedicated people and organizations worldwide. In that spirit of cooperation, OWASP invites all its members and interested individuals and companies to attend this thrilling event. Please join us and help to set the Web Application Security Agenda for 2009!

Regarding the event sponsorship matters, there are still a few opportunities available (see here http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Sponsors) – do not miss the opportunity to associate your brand with this gripping and worldwide event!

Please see below for additional details about the OWASP Summit or visit the OWASP Summit website: http://www.owasp.org/index.php/OWASP_EU_Summit_2008.

'''Projects'''

OWASP projects selected for Summit presentation include new documentation and innovative tools to help developers, architects, and security specialists ensure that applications are secure:

* Application Security Verification Standard,
* Code review guide, V1.1,
* Ruby on Rails Security Guide v2,
* Securing WebGoat using ModSecurity,
* Testing Guide v3,
* GTK+ GUI for w3af project,
* Access Control Rules Tester,
* AntiSamy .NET,
* Live CD & DVD Project,
* OpenPGP Extensions for HTTP,
* Orizon Project,
* Python Static Analysis,
* WebScarab-NG,
* And many, many others.

'''Working Sessions'''

Expecting the presence of the application security industry key players, the Working Sessions will cover a wide range of issues such as:

* OWASP Top 10 2009,
* Browser Security,
* Web Application Framework Security,
* Enterprise Security API Project,
* Best Practices for OWASP Chapter Leaders,
* OWASP Documentation Projects,
* OWASP Tools Projects,
* OWASP Education Project,
* OWASP Strategic Planning for 2009,
* OWASP Certification,
* OWASP Winter of Code 2009
* Two-way Internationalization of OWASP Content
* And many more.

'''Training'''

These 2-day, 1-day or 1/2-day training courses cover a wide range of OWASP specific and Web Application Security Topics:

* OWASP Top 10 - What Developers Should Know on Web Application Security
* Uncovering WebScarab's Secret Treasures
* Securing WebGoat with ModSecurity
* Secure Programming with Java
* Advanced Web Application Security Testing
* Building Secure Web 2.0 Applications
* Building Secure Web Services
* Building Secure Web Applications with OWASP's Enterprise Security API (ESAPI)
* Classic ASP Security using OWASP tools
* Web Application Assessments
* Hacking Owasp Orizon Project v1.0
* Ajax Security
* Practical Penetration Testing: Think Like an Attacker to Stop Attacks
* Linux Software Exploitation
* Web server/services hardening using SELinux

Main Contact:

Kate Hartmann 
OWASP Operations Director 
9175 Guilford Road, Suite 300 
Columbia, MD 21046, USA 
Phone: +1-301-575-0189 
Facsimile: +1-301-604-8033 
Email: kate.hartmann@owasp.org

OWASP EU Summit 2008 ES Spanish

2008-10-13T16:18:01Z

Buanzo: work in progress

'''translation work in progress'''

== Translation of the official press release to Spanish ==

'''Cumbre Europea de OWASP en Portugal''' 
''Portugal y Algarve - 4 al 7 de Noviembre de 2008''

Organizando la Agenda 2009 de la Seguridad en Aplicaciones Web: OWASP los invita a participar de nuestra Cumbre en Portugal
http://www.owasp.org/index.php/OWASP_EU_Summit_2008_ES_Spanish

Bajo el lema 'Organizando la Agenda 2009 de la Seguridad en Aplicaciones Web', la Cumbre OWASP será un encuentro mundial de líderes de OWASP y participantes clave de la industria que presentarán y discutirán las últimas herramientas OWASP, proyectos de documentación y tendencias en seguridad de aplicaciones web. Unase a nosotros en Portugal dentro de pocas semanas! Este evento contiene una vasta selección de cursos de entrenamiento, y charlas técnicas y de negocios, lo que lo convierte en EL evento donde aprender sobre seguridad en aplicaciones web, y sobre los recursos que OWASP tiene disponibles para utilizarse hoy.

OWASP is a not-for-profit organization with the purpose of supporting the Web Application Security community around the world, and has granted $250,000 USD for web application security research. In addition to over 40 presentations from the OWASP Leaders and grant recipients, the OWASP Summit will host multiple Working Sessions designed to improve collaboration, achieve specific objectives and identify roadmaps for OWASP projects, chapters, and the OWASP community itself.

To facilitate this event, OWASP is investing $150,000 USD which will be used to cover air travel and accommodation expenses for OWASP leaders, active contributors, and select key industry leaders. With their confirmed presence (see list here: http://spreadsheets.google.com/pub?key=pAX6n7m2zaTVLrPtR07riBA), the OWASP Summit will provide a relaxed but professional environment to meet, discuss, influence and contribute to OWASP projects.

The OWASP Summit will also host a large and diverse selection of training courses, covering multiple OWASP specific and Web Application Security Topics.

The remarkable impact of OWASP is made possible only by the collaboration of many dedicated people and organizations worldwide. In that spirit of cooperation, OWASP invites all its members and interested individuals and companies to attend this thrilling event. Please join us and help to set the Web Application Security Agenda for 2009!

Regarding the event sponsorship matters, there are still a few opportunities available (see here http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Sponsors) – do not miss the opportunity to associate your brand with this gripping and worldwide event!

Please see below for additional details about the OWASP Summit or visit the OWASP Summit website: http://www.owasp.org/index.php/OWASP_EU_Summit_2008.

'''Projects'''

OWASP projects selected for Summit presentation include new documentation and innovative tools to help developers, architects, and security specialists ensure that applications are secure:

* Application Security Verification Standard,
* Code review guide, V1.1,
* Ruby on Rails Security Guide v2,
* Securing WebGoat using ModSecurity,
* Testing Guide v3,
* GTK+ GUI for w3af project,
* Access Control Rules Tester,
* AntiSamy .NET,
* Live CD & DVD Project,
* OpenPGP Extensions for HTTP,
* Orizon Project,
* Python Static Analysis,
* WebScarab-NG,
* And many, many others.

'''Working Sessions'''

Expecting the presence of the application security industry key players, the Working Sessions will cover a wide range of issues such as:

* OWASP Top 10 2009,
* Browser Security,
* Web Application Framework Security,
* Enterprise Security API Project,
* Best Practices for OWASP Chapter Leaders,
* OWASP Documentation Projects,
* OWASP Tools Projects,
* OWASP Education Project,
* OWASP Strategic Planning for 2009,
* OWASP Certification,
* OWASP Winter of Code 2009
* Two-way Internationalization of OWASP Content
* And many more.

'''Training'''

These 2-day, 1-day or 1/2-day training courses cover a wide range of OWASP specific and Web Application Security Topics:

* OWASP Top 10 - What Developers Should Know on Web Application Security
* Uncovering WebScarab's Secret Treasures
* Securing WebGoat with ModSecurity
* Secure Programming with Java
* Advanced Web Application Security Testing
* Building Secure Web 2.0 Applications
* Building Secure Web Services
* Building Secure Web Applications with OWASP's Enterprise Security API (ESAPI)
* Classic ASP Security using OWASP tools
* Web Application Assessments
* Hacking Owasp Orizon Project v1.0
* Ajax Security
* Practical Penetration Testing: Think Like an Attacker to Stop Attacks
* Linux Software Exploitation
* Web server/services hardening using SELinux

Main Contact:

Kate Hartmann 
OWASP Operations Director 
9175 Guilford Road, Suite 300 
Columbia, MD 21046, USA 
Phone: +1-301-575-0189 
Facsimile: +1-301-604-8033 
Email: kate.hartmann@owasp.org

OWASP EU Summit 2008 ES Spanish

2008-10-13T16:08:04Z

Buanzo: New page: '''translation work in progress'''

'''translation work in progress'''

OWASP EU Summit 2008--PRESS

2008-10-13T16:06:11Z

Buanzo: added spanish link

[[:OWASP EU Summit 2008|'''Please click here to return to the OWASP EU Summit Portugal 2008 main page''']].

Press registration is open to any member of the broadcast, print and Internet media who can prove they work for an organization or publication that covers computer security on a regular basis. At the conference we will provide a press room with Internet access and electrical outlets for laptop computers. If you need a separate room for filming interviews, please request it in advance in the comments section. Let us know if there are any other special needs such as speakers you want to interview when you arrive or other items such as computer access to file stories or a fax machine.

We welcome anyone to apply for press credentials but reserve the right to deny you a pass. As such, please be prepared to show us copies of your articles either at your publication's Web site or on the publication's masthead should we request it.

At the show, please be able to present a business card, and government issued picture id, article on your organization's masthead and contact information for your assignment editor should we need it to validate your credentials before issuing you a pass.

Press registration may be granted for the conference and working sessions seminars only. There are no press passes available for Training.

Please make a point to pre-register. Should you attempt to attain credentials on-site, we cannot guarantee you will qualify and must bring all information in the above paragraph.

To register please ask [mailto:kate.hartmann(at)owasp.org Kate Hartmann] for a password and use: [http://guest.cvent.com/i.aspx?4W,M3,35818773-e14b-4d8e-8db8-5e14a6285a3d http://www.owasp.org/images/7/7f/Register.gif]

== Confirmed Media presence at the Summit ==

== Media Resources for Working Sessions ==
The following text is being provided by the chairs from each of the [[OWASP EU Summit 2008#WORKING_SESSIONS_-_November_4th_.26_5th_.28Tue.2C_Wed.29]]. It explains why the working session is important, why it matters to the industry and what might be the beneficial outcomes. We hope to have public/industry information from all the working sessions here in due course for advanced publicity purposes.

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Documentation Projects
|-
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" | The working session on OWASP Documentation Projects is a great chance to understand how the set of OWASP related documents can be used as a toolset to promote security on software development and management. The outcomes from PCI DSS v.1.2 and other standards that will come form the market, shows how important is to understand the importance of protection measures on coding and how these actions will come back in high quality products that can reach the market in a more adequate fashion.

The outcomes will promote OWASP documents in the market and to be part of it will make the difference for your company, your career and your personal contribution for the security community.
|-
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_-_OWASP_Documentation_Projects]]
|-
|}

{| style="width:80%" border="0" align="center"
! colspan="2" align="center" style="background:#4058A0; color:white" | OWASP Education Project
|-
| style="width:15%; background:#7B8ABD" valign="top" | Briefing Text || style="background:#F2F2F2" |
There is plenty of knowledge available inside the OWASP community, spread via the wiki, Conferences, chapter meetings and not to forget the books.

Another important way to distribute the available knowledge is though education!

The Summit Working Session on Education will cover important aspects such as:
* How to improve knowledge transfer from OWASP projects towards the community,
* How to create training material (lessons, classes, courses) from OWASP project material?
* How to set up an OWASP education baseline,
* How to setup an OWASP Boot Camp,
* How to connect to organisation to promote OWASP education content: e.g. universities, other non-profit (or profit?) education organisations,
* How to organize the OWASP / Conference trainings to make them the best in the world?
* Can we integrate this into OWASP certification projects?
* How to setup an OWASP Boot Camp?

This working session is the ideal opportunity to build further on the shoulders of giants and spread OWASP's solutions through the education project!
|-
| style="width:15%; background:#7B8ABD" valign="top" | Session Page || style="background:#C2C2C2" | [[OWASP_Working_Session_Education_Project]]
|-
|}

== PRESS RELEASES ==

=== OWASP European Summit/October 13th, 2008 ===

'''OWASP European Summit - Portugal''' 
''Portugal/Algarve - 4th - 7th November 2008''

Setting the Web Application Security Agenda for 2009: OWASP Invites You to Join Our Summit in Portugal
http://www.owasp.org/index.php/OWASP_EU_Summit_2008

With the theme 'Setting the AppSec agenda for 2009', the OWASP Summit will be a worldwide gathering of OWASP leaders and key industry players to present and discuss the latest OWASP tools, documentation projects, and web application security trends. Join us in Portugal in just a few short weeks! This venue hosts a diverse selection of training courses along with technical and business tracks, making it THE place to learn about web application security and the resources OWASP has available for use today.

OWASP is a not-for-profit organization with the purpose of supporting the Web Application Security community around the world, and has granted $250,000 USD for web application security research. In addition to over 40 presentations from the OWASP Leaders and grant recipients, the OWASP Summit will host multiple Working Sessions designed to improve collaboration, achieve specific objectives and identify roadmaps for OWASP projects, chapters, and the OWASP community itself.

To facilitate this event, OWASP is investing $150,000 USD which will be used to cover air travel and accommodation expenses for OWASP leaders, active contributors, and select key industry leaders. With their confirmed presence (see list here: http://spreadsheets.google.com/pub?key=pAX6n7m2zaTVLrPtR07riBA), the OWASP Summit will provide a relaxed but professional environment to meet, discuss, influence and contribute to OWASP projects.

The OWASP Summit will also host a large and diverse selection of training courses, covering multiple OWASP specific and Web Application Security Topics.

The remarkable impact of OWASP is made possible only by the collaboration of many dedicated people and organizations worldwide. In that spirit of cooperation, OWASP invites all its members and interested individuals and companies to attend this thrilling event. Please join us and help to set the Web Application Security Agenda for 2009!

Regarding the event sponsorship matters, there are still a few opportunities available (see here http://www.owasp.org/index.php/OWASP_EU_Summit_2008_Sponsors) – do not miss the opportunity to associate your brand with this gripping and worldwide event!

Please see below for additional details about the OWASP Summit or visit the OWASP Summit website: http://www.owasp.org/index.php/OWASP_EU_Summit_2008.

'''Projects'''

OWASP projects selected for Summit presentation include new documentation and innovative tools to help developers, architects, and security specialists ensure that applications are secure:

* Application Security Verification Standard,
* Code review guide, V1.1,
* Ruby on Rails Security Guide v2,
* Securing WebGoat using ModSecurity,
* Testing Guide v3,
* GTK+ GUI for w3af project,
* Access Control Rules Tester,
* AntiSamy .NET,
* Live CD & DVD Project,
* OpenPGP Extensions for HTTP,
* Orizon Project,
* Python Static Analysis,
* WebScarab-NG,
* And many, many others.

'''Working Sessions'''

Expecting the presence of the application security industry key players, the Working Sessions will cover a wide range of issues such as:

* OWASP Top 10 2009,
* Browser Security,
* Web Application Framework Security,
* Enterprise Security API Project,
* Best Practices for OWASP Chapter Leaders,
* OWASP Documentation Projects,
* OWASP Tools Projects,
* OWASP Education Project,
* OWASP Strategic Planning for 2009,
* OWASP Certification,
* OWASP Winter of Code 2009
* Two-way Internationalization of OWASP Content
* And many more.

'''Training'''

These 2-day, 1-day or 1/2-day training courses cover a wide range of OWASP specific and Web Application Security Topics:

* OWASP Top 10 - What Developers Should Know on Web Application Security
* Uncovering WebScarab's Secret Treasures
* Securing WebGoat with ModSecurity
* Secure Programming with Java
* Advanced Web Application Security Testing
* Building Secure Web 2.0 Applications
* Building Secure Web Services
* Building Secure Web Applications with OWASP's Enterprise Security API (ESAPI)
* Classic ASP Security using OWASP tools
* Web Application Assessments
* Hacking Owasp Orizon Project v1.0
* Ajax Security
* Practical Penetration Testing: Think Like an Attacker to Stop Attacks
* Linux Software Exploitation
* Web server/services hardening using SELinux

Main Contact:

Kate Hartmann 
OWASP Operations Director 
9175 Guilford Road, Suite 300 
Columbia, MD 21046, USA 
Phone: +1-301-575-0189 
Facsimile: +1-301-604-8033 
Email: kate.hartmann@owasp.org 

==== Portuguese Version ====

Please click [http://www.box.net/shared/a8bol7salv here] to see.
'''Bold text'''

==== Brazilian Version ====

Please click [http://convisosec.com/PublicDocuments/OWASP/owaspeusummitpressreleasebr.pdf here] to see.

==== French Version ====

Please click [[OWASP EU Summit 2008 PR French|here]] to see.

==== Spanish Version ====

Please click [[OWASP EU Summit 2008 ES Spanish|here]] to see.

Project Information:template Enigform and mod OpenPGP

2008-07-07T14:19:50Z

Buanzo:

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The goal of this project is to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
| style="width:14%; background:#cccccc" align="center"|Project Leader [mailto:buanzo(at)buanzo.com.ar '''Arturo 'Buanzo' Busleiman'''] [http://www.linkedin.com/in/buanzo Profile]
| style="width:14%; background:#cccccc" align="center"|Project Contributors (if applicable) [mailto:to(at)change '''Name&Email''']
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-enigform-and-mod-openpgp '''Mailing List/Subscribe'''] [mailto:Owasp-Enigform-and-mod-OpenPGP@lists.owasp.org '''Mailing List/Use''']
| style="width:14%; background:#cccccc" align="center"|First Reviewer [mailto:mark.roxberry(at)owasp.org '''Mark Roxberry'''] [http://www.linkedin.com/in/roxberry Profile]
| style="width:14%; background:#cccccc" align="center"|Second Reviewer [mailto:dinis.cruz(at)owasp.org '''Dinis Cruz''']
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member Not applicable
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''PROJECT MAIN LINKS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[http://digg.com/security/Feedback_Request_Ideas_for_an_Enigform_mod_openpgp_website '''Feedback Request - Click here for more details''']
* http://wiki.buanzo.org - Main mod_openpgp and Enigform documentation (Wiki)
* http://maotest.buanzo.org - Main Enigform / mod_openpgp test site.
* http://enigform.mozdev.org - Main Enigform Development site
* http://foros.buanzo.com.ar/viewforum.php?f=35 - Enigform / mod_openpgp Support Forum
* svn://svn.buanzo.org/mod_openpgp - mod_openpgp and test-site / tools subversion repository.
* http://www.freesoftwaremagazine.com/blogs/interview_with_arturo_busleiman - An Interview with Buanzo.
* http://freshmeat.net/articles/view/2599 - An early Enigform article.
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''RELATED PROJECTS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Enigform: Firefox Addon for OpenPGP signing of HTTP requests Project]]
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''SPONSORS & GUIDELINES'''
|-
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''Sponsored Project/Guidelines/Roadmap''']]
|}
{| style="width:100%" border="0" align="center"
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
|-
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer''' (applicable for Beta Quality & further)
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member''' (applicable just for Release Quality)
|-
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|Click to read 50% Review/Self-Evaluation (A)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|Click to read 50% Review/1st Reviewer (C)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
|}

Project Information:template Enigform and mod OpenPGP

2008-07-07T14:17:49Z

Buanzo:

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The goal of this project is to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
| style="width:14%; background:#cccccc" align="center"|Project Leader [mailto:buanzo(at)buanzo.com.ar '''Arturo 'Buanzo' Busleiman'''] [http://www.linkedin.com/in/buanzo Profile]
| style="width:14%; background:#cccccc" align="center"|Project Contributors (if applicable) [mailto:to(at)change '''Name&Email''']
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-enigform-and-mod-openpgp '''Mailing List/Subscribe'''] [mailto:Owasp-Enigform-and-mod-OpenPGP@lists.owasp.org '''Mailing List/Use''']
| style="width:14%; background:#cccccc" align="center"|First Reviewer [mailto:mark.roxberry(at)owasp.org '''Mark Roxberry'''] [http://www.linkedin.com/in/roxberry Profile]
| style="width:14%; background:#cccccc" align="center"|Second Reviewer [mailto:dinis.cruz(at)owasp.org '''Dinis Cruz''']
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member Not applicable
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''PROJECT MAIN LINKS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[http://digg.com/security/Feedback_Request_Ideas_for_an_Enigform_mod_openpgp_website '''Feedback Request - Click here for more''']
* http://wiki.buanzo.org - Main mod_openpgp and Enigform documentation (Wiki)
* http://maotest.buanzo.org - Main Enigform / mod_openpgp test site.
* http://enigform.mozdev.org - Main Enigform Development site
* http://foros.buanzo.com.ar/viewforum.php?f=35 - Enigform / mod_openpgp Support Forum
* svn://svn.buanzo.org/mod_openpgp - mod_openpgp and test-site / tools subversion repository.
* http://www.freesoftwaremagazine.com/blogs/interview_with_arturo_busleiman - An Interview with Buanzo.
* http://freshmeat.net/articles/view/2599 - An early Enigform article.
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''RELATED PROJECTS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Enigform: Firefox Addon for OpenPGP signing of HTTP requests Project]]
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''SPONSORS & GUIDELINES'''
|-
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''Sponsored Project/Guidelines/Roadmap''']]
|}
{| style="width:100%" border="0" align="center"
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
|-
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer''' (applicable for Beta Quality & further)
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member''' (applicable just for Release Quality)
|-
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|Click to read 50% Review/Self-Evaluation (A)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|Click to read 50% Review/1st Reviewer (C)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
|}

Project Information:template Enigform and mod OpenPGP

2008-07-03T11:03:24Z

Buanzo:

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The goal of this project is to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
| style="width:14%; background:#cccccc" align="center"|Project Leader [mailto:buanzo(at)buanzo.com.ar '''Arturo 'Buanzo' Busleiman'''] [http://www.linkedin.com/in/buanzo Profile]
| style="width:14%; background:#cccccc" align="center"|Project Contributors (if applicable) [mailto:to(at)change '''Name&Email''']
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-enigform-and-mod-openpgp '''Mailing List/Subscribe'''] [mailto:Owasp-Enigform-and-mod-OpenPGP@lists.owasp.org '''Mailing List/Use''']
| style="width:14%; background:#cccccc" align="center"|First Reviewer [mailto:mark.roxberry(at)owasp.org '''Mark Roxberry'''] [http://www.linkedin.com/in/roxberry Profile]
| style="width:14%; background:#cccccc" align="center"|Second Reviewer [mailto:dinis.cruz(at)owasp.org '''Dinis Cruz''']
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member Not applicable
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''PROJECT MAIN LINKS'''
|-
| style="width:100%; background:#cccccc" align="center"|
* http://wiki.buanzo.org - Main mod_openpgp and Enigform documentation (Wiki)
* http://maotest.buanzo.org - Main Enigform / mod_openpgp test site.
* http://enigform.mozdev.org - Main Enigform Development site
* http://foros.buanzo.com.ar/viewforum.php?f=35 - Enigform / mod_openpgp Support Forum
* svn://svn.buanzo.org/mod_openpgp - mod_openpgp and test-site / tools subversion repository.
* http://www.freesoftwaremagazine.com/blogs/interview_with_arturo_busleiman - An Interview with Buanzo.
* http://freshmeat.net/articles/view/2599 - An early Enigform article.
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''RELATED PROJECTS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Enigform: Firefox Addon for OpenPGP signing of HTTP requests Project]]
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''SPONSORS & GUIDELINES'''
|-
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''Sponsored Project/Guidelines/Roadmap''']]
|}
{| style="width:100%" border="0" align="center"
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
|-
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer''' (applicable for Beta Quality & further)
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member''' (applicable just for Release Quality)
|-
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|Click to read 50% Review/Self-Evaluation (A)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|Click to read 50% Review/1st Reviewer (C)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
|}

Project Information:template Enigform and mod OpenPGP

2008-07-03T11:02:03Z

Buanzo: set "Objectives & Deliveries reached -> Yes" for Author and 1st reviewer, according to reviews.

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The goal of this project is to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
| style="width:14%; background:#cccccc" align="center"|Project Leader [mailto:buanzo(at)buanzo.com.ar '''Arturo 'Buanzo' Busleiman'''] [http://www.linkedin.com/in/buanzo Profile]
| style="width:14%; background:#cccccc" align="center"|Project Contributors (if applicable) [mailto:to(at)change '''Name&Email''']
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-enigform-and-mod-openpgp '''Mailing List/Subscribe'''] [mailto:Owasp-Enigform-and-mod-OpenPGP@lists.owasp.org '''Mailing List/Use''']
| style="width:14%; background:#cccccc" align="center"|First Reviewer [mailto:mark.roxberry(at)owasp.org '''Mark Roxberry'''] [http://www.linkedin.com/in/roxberry Profile]
| style="width:14%; background:#cccccc" align="center"|Second Reviewer [mailto:dinis.cruz(at)owasp.org '''Dinis Cruz''']
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member Not applicable
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''PROJECT MAIN LINKS'''
|-
| style="width:100%; background:#cccccc" align="center"|
* http://wiki.buanzo.org - Main mod_openpgp and Enigform documentation (Wiki)
* http://maotest.buanzo.org - Main Enigform / mod_openpgp test site.
* http://enigform.mozdev.org - Main Enigform Development site
* http://foros.buanzo.com.ar/viewforum.php?f=35 - Enigform / mod_openpgp Support Forum
* svn://svn.buanzo.org/mod_openpgp - mod_openpgp and test-site / tools subversion repository.
* http://www.freesoftwaremagazine.com/blogs/interview_with_arturo_busleiman - An Interview with Buanzo.
* http://freshmeat.net/articles/view/2599 - An early Enigform article.
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''RELATED PROJECTS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Enigform: Firefox Addon for OpenPGP signing of HTTP requests Project]]
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''SPONSORS & GUIDELINES'''
|-
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''Sponsored Project/Guidelines/Roadmap''']]
|}
{| style="width:100%" border="0" align="center"
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
|-
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer''' (applicable for Beta Quality & further)
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member''' (applicable just for Release Quality)
|-
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes''' --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
|}

Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A

2008-07-02T15:21:53Z

Buanzo:

[[Project Information:template Enigform and mod OpenPGP|Click here to return to the previous page]].

{| style="width:100%" border="0" align="center"
! colspan="3" align="center" style="background:#4058A0; color:white"|'''50% REVIEW PROCESS'''
|-
| style="width:25%; background:#7B8ABD" align="center"|
Project Deliveries & Objectives
| colspan="2" style="width:75%; background:#cccccc" align="left"|
[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives]]
|-
| style="width:25x%; background:#4058A0" align="center"|'''QUESTIONS'''
| colspan="2" style="width:75%; background:#4058A0" align="left"|'''ANSWERS'''
|-
| style="width:25%; background:#7B8ABD" align="center"|
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please exemplify writing down those of them that haven't been realised.
| colspan="2" style="width:75%; background:#cccccc" align="left"|I'm working on more replay-attacks countermeasures, and we are deciding on the "Demo Site" issue. I still have to do research on WebGoat, but I also thought about creating an Enigform Auth plugin for Wordpress, phpBB, etc. I'd like to point out that the maotest.buanzo.org website is a TESTING site, and not an actual Demo site. Still to implement: * Automatic Sessions Termination on Firefox Exit/Crash, * Better error-handling (Client side), * More documentation (current one suffices to implement a mod_openpgp enabled Apache server, but lacks better client-side FAQs and HOWTOs).
|-
| style="width:25%; background:#7B8ABD" align="center"|

2. At what extent have the project deliveries & objectives been accomplished? Having in consideration [[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''the assumed ones''']], please quantify in terms of percentage.
| colspan="2" style="width:75%; background:#cccccc" align="left"|I agree with Mark Roxberry's 60% completeness. The other 40% will mainly be Documentation, bugfixes and minor improvements, but a big % regarding the Demo site / Auth Plugin idea.
|-
|-
| style="width:25%; background:#7B8ABD" align="center"|
3. What kind of help is required either from the Reviewers or from the OWASP Community?
| colspan="2" style="width:75%; background:#cccccc" align="left"|Mark has been a GREAT help. He was not only a reviewer but a devoted beta tester. I'm glad to be working with him.
|}

Project Information:template Enigform and mod OpenPGP

2008-07-02T14:27:03Z

Buanzo: added Buanzo's linkedin profile link

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The goal of this project is to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
| style="width:14%; background:#cccccc" align="center"|Project Leader [mailto:buanzo(at)buanzo.com.ar '''Arturo 'Buanzo' Busleiman'''] [http://www.linkedin.com/in/buanzo Profile]
| style="width:14%; background:#cccccc" align="center"|Project Contributors (if applicable) [mailto:to(at)change '''Name&Email''']
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-enigform-and-mod-openpgp '''Mailing List/Subscribe'''] [mailto:Owasp-Enigform-and-mod-OpenPGP@lists.owasp.org '''Mailing List/Use''']
| style="width:14%; background:#cccccc" align="center"|First Reviewer [mailto:mark.roxberry(at)owasp.org '''Mark Roxberry'''] [http://www.linkedin.com/in/roxberry Profile]
| style="width:14%; background:#cccccc" align="center"|Second Reviewer [mailto:name@name '''Name''']
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member [mailto:dinis.cruz(at)owasp.org '''Dinis Cruz''']
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''PROJECT MAIN LINKS'''
|-
| style="width:100%; background:#cccccc" align="center"|
* http://wiki.buanzo.org - Main mod_openpgp and Enigform documentation (Wiki)
* http://maotest.buanzo.org - Main Enigform / mod_openpgp test site.
* http://enigform.mozdev.org - Main Enigform Development site
* http://foros.buanzo.com.ar/viewforum.php?f=35 - Enigform / mod_openpgp Support Forum
* svn://svn.buanzo.org/mod_openpgp - mod_openpgp and test-site / tools subversion repository.
* http://www.freesoftwaremagazine.com/blogs/interview_with_arturo_busleiman - An Interview with Buanzo.
* http://freshmeat.net/articles/view/2599 - An early Enigform article.
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''RELATED PROJECTS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Enigform: Firefox Addon for OpenPGP signing of HTTP requests Project]]
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''SPONSORS & GUIDELINES'''
|-
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''Sponsored Project/Guidelines/Roadmap''']]
|}
{| style="width:100%" border="0" align="center"
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
|-
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer''' (applicable for Beta Quality & further)
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member''' (applicable just for Release Quality)
|-
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
| style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
|-
|}

OWASP EU Summit 2008

2008-07-02T11:47:46Z

Buanzo: Added Arturo Alberto Busleiman (a.k.a Buanzo) to SoC08

(WORK IN PROGRESS /UNDER DISCUSSION)
== UPDATES ==
*[[OWASP EU Summit 2008 - updates|'''OWASP EU Summit 2008 - updates''']]

== What: OWASP Summit, a conference about OWASP and for OWASP's community ==
=== When: 4 to 7 Nov 2008 (4 & 5: Meetings and Training, 6 & 7: Conference) ===
=== Where: Portugal ===
Faro or Lisbon
=== Organization===
Paulo Coimbra and Dinis Cruz
== Agenda ==
Theme: Present OWASP's projects, community and activities ..... '....Connecting the dots.... "

'''Day 1 & 2'''
*Training sessions (similar to what happens at the moment at the other OWASP conferences)
*OWASP Working Group sessions (1/2 day each) on:
** OWASP Governance, "What is OWASP's position on ...." & Action Plan for 2009
** ESAPI
** Browser Security
** OWASP Top 10 2009

'''Day 3 & 4 Agenda:'''
* Presentations from AoC, SpoC and SoC Participants
* Presentations from 'Release' Quality OWASP projects (not included in the list above) or Key OWASP projects (like ESAPI)
* Presentations about OWASP : How it works, Financial reports, OotM (OWASP on the Move), new project management guidelines, local chapter finances, OWASP governance
* Presentation from Chapter leaders on the activities developed on their project
* Discussion on next steps for OWASP and focus of next OWASP financial investment plans

Other ideas:

* vote on 6th OWASP board member (Candidates to Apply)

== other details==

'''Projected Attendees:450 '''
* 200 with some (or all) expenses covered by OWASP
** 33 SoC participants
** 70 SoC reviewers
** 10 SoC Collaborators
** 15 AoC & SpoC participants
** 15 Chapter Leaders
** 8 OWASP Board & Employees
** 49 OWASP non-individual members (2x per 9k Corporate? 1x for the others?)

=== Financial details ===
'''Expenses'''
* Accommodation & meals: 80,000 USD = 400 USD per person (200x) for 3 nights accommodation and 5 meals (3 dinners and 2 lunches)
* Flights & Trains : 70,000 USD

'''Revenue sources'''
* Tickets (for the 250 non 'OWASP invited' attendees)
* Training Sessions
* Conference sponsors

== Participants ==
=== OWASP Board members & employees ===
* Jeff Williams
* Dave Wichers
* Dinis Cruz
* Tom Brennan
* Sebastien Deleersnyder
* Paulo Coimbra
* Kate Hartmann (to be confirmed)
* Alison McNamee (to be confirmed)
* Larry Casey (to be confirmed)

=== Summer of Code 08 Participants & Reviewers ===
* (please add your name in the following format)
* OWASP Classic ASP Security Project Reviewer Esteban Ribicic Argentina -living in Croatia/Wien-
* OWASP Internationalization Guidelines Reviewer Project Esteban Ribicic
* OWASP Spanish Project Reviewer Esteban Ribicic
* OWASP Ruby on Rails Security Project Leader Heiko Webers from Germany
* OWASP Code Review Guide Lead - Eoin Keary - Ireland
* OWASP Enigform and mod_Openpgp - Arturo Alberto Busleiman (a.k.a Buanzo) - Argentina

=== Winter of Code 07 Participants (Completed Projects) ===
* (please add your name)
* {Project} {Name} {Origin Country}

=== Autumn of Code 06 Participants ===
* (please add your name)
* {Project} {Name} {Origin Country}

* OWASP Pantera, Simon Roses Femerling, Spain

=== Active Chapter Leaders ===
* (please add your name in the following format)
* {Chapter} {Role} {Name} {Origin Country}

=== Active Project Leaders (not currently participating on SoC 08)===
* (please add your name in the following format)
* {Project} {Role} {Name} {Origin Country}

=== Significant Past OWASP contributor (that is not already covered by one of the above categories) ===
* (please add your name in the following format)
* {Project/Chapter} {Role} {Name} {Origin Country}

=== Logistic and Support team ===
* Summit Graphic Design + Summit organization + on-site logistics support, Sarah Cruz, UK (London)

OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers

2008-06-26T15:39:50Z

Buanzo: /* TOOLS PROJECTS */

This page contains Projects, Authors, Status Target and Reviewers of the sponsored programme [[OWASP Summer of Code 2008]].
== DOCUMENTATION PROJECTS ==
{| class="wikitable" style="text-align:center"
! width="600" height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | Application
! width="220" align="CENTER" | '''Author'''
! width="60" align="CENTER" | [[:Category:OWASP Project Assessment|'''Status Target''']]
! width="108" align="CENTER" | '''1st Reviewer'''
! width="108" align="CENTER" | '''2nd Reviewer '''
! width="108" align="CENTER" | '''OWASP Board Reviewer
'''
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Application Security Verification Standard Project|OWASP Application Security Verification Standard]]'''
| align="CENTER" | Mike Boberski
| align="CENTER" | Beta
| align="CENTER" | [mailto:jeff.williams(at)owasp.org Jeff Williams] (Confirmed)
| align="CENTER" | [mailto:pierre.parrend(at)insa-lyon.fr Pierre Parrend] [http://www.rzo.free.fr Curriculum] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP AppSensor Project|OWASP AppSensor - Detect and Respond to Attacks from Within the Application]]'''
| align="CENTER" | [mailto:michael.coates(at)aspectsecurity.com Michael Coates]
| align="CENTER" | Beta
| align="CENTER" | [mailto:eric.sheridan(at)aspectsecurity.com Eric Sheridan] (Confirmed)
| align="CENTER" | [mailto:thrynn404(at)gmail.com Randy Janinda] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Backend Security Project|OWASP Backend Security Project]]'''
| align="CENTER" | Carlo Pelliccioni
| align="CENTER" | Beta
| align="CENTER" |
| align="CENTER" |
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Classic ASP Security Project|OWASP Classic ASP Security Project]]'''
| align="CENTER" | Juan Carlos Calderon
| align="CENTER" | Beta
| align="CENTER" | [mailto:kisero(at)gmail.com Esteban Ribičić] [http://docs.google.com/Doc?id=df9vbj96_120fzfj4kfk Curriculum] (Confirmed)
| align="CENTER" | [mailto:rodrigo@rmarcos.com Rodrigo Marcos] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Code Review Project|OWASP Code review guide, V1.1]]'''
| align="CENTER" | Eoin Keary
| align="CENTER" | Quality
| align="CENTER" |
| align="CENTER" | [mailto:psatishkumar(at)gmail.com P.Satish Kumar]
| align="CENTER" | Jeff Williams
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:OWASP Corporate Application Security Rating Guide|OWASP Corporate Application Security Rating Guide]]'''
| align="CENTER" | Parvathy Iyer
| align="CENTER" | Quality
| align="CENTER" | Neal Kirschner Email address? (Confirmed)
| align="CENTER" | [mailto:Omar.Sherin(at)infosec2.com Omar Sherin] TBC
| align="CENTER" |
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Education Project|OWASP Education Project]]'''
| align="CENTER" | Martin Knobloch
| align="CENTER" | Quality
| align="CENTER" | [mailto:sebastien.gioria@owasp.fr Sebastien Gioria] (Confirmed)
| align="CENTER" | [mailto:namn(at)bluemoon.com.vn Nam Nguyen] [[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Nguyen Curriculum|Curriculum]] (Confirmed)
| align="CENTER" |
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:OWASP Internationalization|OWASP Internationalization Guidelines Project]]'''
| align="CENTER" | Juan Carlos Calderon
| align="CENTER" | Beta
| align="CENTER" | [mailto:fabio.e.cerullo(at)aib.ie Fabio Cerullo] (Confirmed)
| align="CENTER" | [mailto:kisero(at)gmail.com Esteban Ribičić] [http://docs.google.com/Doc?id=df9vbj96_120fzfj4kfk Curriculum] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP .NET Project#OWASP .NET Project Leader|OWASP .NET Project Leader]]'''
| align="CENTER" | Mark Roxberry
| align="CENTER" | Quality
| align="CENTER" | [mailto:eoinkeary(at)gmail.com Eoin Keary] (Confirmed)
| align="CENTER" | [mailto:dennis.hurst(at)hp.com Dennis Hurst] TBC
| align="CENTER" | Dinis Cruz
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Positive Security Project|OWASP Positive Security Project]]'''
| align="CENTER" | Eduardo Vianna de Camargo Neves
| align="CENTER" | Beta
| align="CENTER" | [mailto:welias(at)conviso.com.br Wagner Elias] (Confirmed)
| align="CENTER" | [mailto:ken(at)krvw.com Kenneth Wyk] TBC
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Ruby on Rails Security Guide V2|OWASP Ruby on Rails Security Guide v2]]'''
| align="CENTER" | Heiko Webers
| align="CENTER" | Quality
| align="CENTER" | [mailto:steve.jones(at)unf.edu Steve Jones] (Confirmed)
| align="CENTER" | [mailto:jeff.cabaniss(at)gmail.com Jeff Cabaniss] (Confirmed)
| align="CENTER" |
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Securing WebGoat using ModSecurity Project|OWASP Securing WebGoat using ModSecurity]]'''
| align="CENTER" | Stephen Evans
| align="CENTER" | Beta
| align="CENTER" | [mailto:ivan.ristic(at)breach.com Ivan Ristic] & Breach Group (Confirmed)
| align="CENTER" | [mailto:christian.folini(at)netnea.com Christian Folini] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE"|'''[[:Category:OWASP Source Code Review OWASP Projects Project|OWASP Source Code Review OWASP Projects]]'''
| align="CENTER" | James Walden
| align="CENTER" | Quality
| align="CENTER" | [mailto:afry(at)strongcrypto.biz Alexander Fry] [http://www.linkedin.com/in/alexanderfry Profile] (Confirmed)
| align="CENTER" | [mailto:marco.m.morana(at)gmail.com Marco M. Morana] (TBC)
| align="CENTER" |
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:OWASP Spanish|OWASP Spanish Project]]'''
| align="CENTER" | Juan Carlos Calderon
| align="CENTER" | Beta
| align="CENTER" | [mailto:fabio.e.cerullo(at)aib.ie Fabio Cerullo] (Confirmed)
| align="CENTER" | [mailto:kisero(at)gmail.com Esteban Ribičić] [http://docs.google.com/Doc?id=df9vbj96_120fzfj4kfk Curriculum] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Testing Project|OWASP Testing Guide v3]]'''
| align="CENTER" | Matteo Meucci
| align="CENTER" | Quality
| align="CENTER" |
| align="CENTER" |
| align="CENTER" |
|}

{| class="wikitable" style="text-align:center"
! width="400" height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | Application
! width="120" align="CENTER" | '''Author'''
! width="60" align="CENTER" | [[:Category:OWASP Project Assessment|'''Status Target''']]
! width="108" align="CENTER" | '''1st Reviewer'''
! width="108" align="CENTER" | '''2nd Reviewer '''
! width="108" align="CENTER" | '''3rd Reviewer '''
! width="108" align="CENTER" | '''4th Reviewer '''
! width="108" align="CENTER" | '''OWASP Board Reviewer
'''
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP ASDR Project|OWASP Application Security Desk Reference (ASDR)]]'''
| align="CENTER" | Leonardo Cavallari Militelli
| align="CENTER" | Quality
| align="CENTER" | [mailto:williamtsmith(at)gmail.com William Smith] [[OWASP SoC 2008 ASDR Reviewers#William Smith | Bio]] (Confirmed)
| align="CENTER" | [mailto:ken(at)krvw.com Kenneth Wyk] [[OWASP SoC 2008 ASDR Reviewers#Kenneth R. van Wyk| Bio]] (Confirmed)
| align="CENTER" | [mailto:kcfredman(at)gmail.com Frederick Donovan] [[OWASP SoC 2008 ASDR Reviewers#Frederick Donovan | Bio]] (Confirmed)
| align="CENTER" |
| align="CENTER" | Jeff Williams (Confirmed)
|}

== TOOLS PROJECTS ==
{| class="wikitable" style="text-align:center"
! width="600" height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | Application
! width="220" align="CENTER" | '''Author'''
! width="60" align="CENTER" | [[:Category:OWASP Project Assessment|'''Status Target''']]
! width="108" align="CENTER" | '''1st Reviewer'''
! width="108" align="CENTER" | '''2nd Reviewer '''
! width="108" align="CENTER" | '''OWASP Board Reviewer
'''
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:GTK plus GUI for w3af Project|GTK+ GUI for w3af project]]'''
| align="CENTER" | Facundo Batista
| align="CENTER" | Beta
| align="CENTER" | [mailto:andres.riancho(at)gmail.com Andres Riancho] (Confirmed)
| align="CENTER" | [mailto:ah@securenet.de Achim Hoffmann] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Access Control Rules Tester Project|OWASP Access Control Rules Tester]]'''
| align="CENTER" | Andrew Petukhov
| align="CENTER" | Beta
| align="CENTER" | [mailto:caughron(at)gmail.com Mat Caughron] [http://www.linkedin.com/pub/1/A84/998 Profile] (Confirmed)
| align="CENTER" | [mailto:mg_chen(at)yahoo.com Min Chen] [http://www.linkedin.com/in/mgchen Profile] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP AntiSamy Project .NET| OWASP AntiSamy .NET]]'''
| align="CENTER" | Arshan Dabirsiaghi
| align="CENTER" | Quality
| align="CENTER" | [mailto:dallasspohn(at)sbcglobal.net Dallas Spohn] TBC
| align="CENTER" |
| align="CENTER" | Jeff Williams
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|OWASP Application Security Tool Benchmarking Environment and Site Generator refresh]]'''
| align="CENTER" | Dmitry Kozlov
| align="CENTER" | Quality
| align="CENTER" | [mailto:mark.roxberry(at)owasp.org Mark Roxberry] (Confirmed)
| align="CENTER" | [mailto:medelibero(at)gmail.com Mike de Libero] (Confirmed)
| align="CENTER" | Dinis Cruz
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Code Crawler|OWASP Code Crawler ]]'''
| align="CENTER" | Alessio Marziali
| align="CENTER" | Beta
| align="CENTER" | [mailto:eoinkeary@gmail.com Eoin Keary] (Confirmed)
| align="CENTER" | [mailto:dinis.cruz(at)owasp.org Dinis Cruz] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Interceptor Project|OWASP Interceptor Project - 2008 Update]]'''
| align="CENTER" | Justin Derry
| align="CENTER" | Quality
| align="CENTER" | [mailto:dallasspohn(at)sbcglobal.net Dallas Spohn] TBC
| align="CENTER" |
| align="CENTER" |
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP JSP Testing Tool Project|OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool)]]'''
| align="CENTER" | Jason Li
| align="CENTER" | Beta
| align="CENTER" | [mailto:markkerzner(at)gmail.com Mark Kerzner] (Confirmed)
| align="CENTER" | [mailto:fabricio.fujikawa(at)infoglobo.com.br Fabrício Fujikawa] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Live CD 2008 Project|OWASP Live CD 2008 Project]]'''
| align="CENTER" | Matt Tesauro
| align="CENTER" | Quality
| align="CENTER" | [mailto:admin@wirefall.com Dustin Dykes] [http://www.linkedin.com/pub/1/607/6b1 Curriculum] (Confirmed)
| align="CENTER" | [mailto:jkpoots(at)rogers.com Kent Poots] [http://www.linkedin.com/pub/5/25B/114 Curriculum] (Confirmed)
| align="CENTER" |
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP OpenSign Server Project|OWASP Online code signing and integrity verification service for open source community (OpenSign Server)]]'''
| align="CENTER" | Phil Potisk and Richard Conway
| align="CENTER" | Beta
| align="CENTER" | [mailto:pierre.parrend@insa-lyon.fr Pierre Parrend] [http://www.rzo.free.fr Curriculum] (Confirmed)
| align="CENTER" | [mailto:a_campani@yahoo.fr Antonio Campanile] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp]]'''
| align="CENTER" | Arturo 'Buanzo' Busleiman
| align="CENTER" | Beta
| align="CENTER" | [mailto:mark.roxberry(at)owasp.org Mark Roxberry] (Confirmed)
| align="CENTER" | (need one)
| align="CENTER" | [mailto:dinis.cruz(at)owasp.org Dinis Cruz]
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Orizon Project|OWASP Orizon Project]]'''
| align="CENTER" | Paolo Perego
| align="CENTER" | Quality
| align="CENTER" | [mailto:eoinkeary@gmail.com Eoin Keary] (Confirmed)
| align="CENTER" | [mailto:seba@deleersnyder.eu Sebastien Deleersnyder] (Confirmed)
| align="CENTER" | [mailto:dinis.cruz@owasp.org Dinis Cruz] (Confirmed)
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Python Static Analysis Project|OWASP Python Static Analysis]]'''
| align="CENTER" | Georgy Klimov
| align="CENTER" | Beta
| align="CENTER" | [mailto:namn@bluemoon.com.vn Nam Nguyen] [[OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Nguyen Curriculum|Curriculum]] (Confirmed)
| align="CENTER" | [mailto:diepvien00thayh@gmail.com P.Q.Huy] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Skavenger Project|OWASP Skavenger]]'''
| align="CENTER" | [mailto:mro(at)securenet.de Matthias Rohr]
| align="CENTER" | Beta
| align="CENTER" | Rogan Dawes Email address? (Confirmed)
| align="CENTER" | [mailto:ah@securenet.de Achim Hoffmann] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Sqlibench Project|OWASP SQL Injector Benchmarking Project (SQLiBENCH)]]'''
| align="CENTER" | [mailto:urgunb@hotmail.com Bedirhan Urgun] [mailto:mesut@h-labs.org Mesut Timur]
| align="CENTER" | Beta
| align="CENTER" | [mailto:ferruh@mavituna.com Ferruh Mavituna] [[Project Information:Sqlibench:Ferruh|background info]] (Confirmed)
| align="CENTER" | [mailto:kfuller@dmv.ca.gov Kevin Fuller] [[Project Information:Sqlibench:Kevin|background info]] (Confirmed)
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Teachable Static Analysis Workbench Project|OWASP Teachable Static Analysis Workbench]]'''
| align="CENTER" | [mailto:ddk(at)cs.msu.su Dmitry Kozlov] Igor Konnov
| align="CENTER" | Beta
| align="CENTER" | [mailto:afry(at)strongcrypto.biz Alex Fry] TBC
| align="CENTER" |
| align="CENTER" | Not applicable
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]'''
| align="CENTER" | [mailto:bunyamin@owasp.org Bunyamin Demir]
| align="CENTER" | Beta
| align="CENTER" | [mailto:afry(at)strongcrypto.biz Alexander Fry] [http://www.linkedin.com/in/alexanderfry Profile] (Confirmed)
| align="CENTER" |
| align="CENTER" |
|}

== DESIGN/CORPORATE PROJECTS ==
{| class="wikitable" style="text-align:center"
! width="600" height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | Application
! width="220" align="CENTER" | '''Author'''
! width="60" align="CENTER" | [[:Category:OWASP Project Assessment|'''Status Target''']]
! width="108" align="CENTER" | '''1st Reviewer'''
! width="108" align="CENTER" | '''2nd Reviewer '''
! width="108" align="CENTER" | '''OWASP Board Reviewer
'''
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Book Cover & Sleeve Design|OWASP Book Cover & Sleeve Design]]'''
| align="CENTER" | LXstudios, [mailto:deb@lxstudios.com Deb Brewer]
| align="CENTER" | Quality
| align="CENTER" | [mailto:yiannis@owasp.org Yiannis Pavlosoglou] (Confirmed)
| align="CENTER" | [mailto:eoinkeary@gmail.com Eoin Keary] (Confirmed)
| align="CENTER" | Dinis Cruz
|-
| height="18" bgcolor="#FFFFFF" align="CENTER" valign="MIDDLE" | '''[[:Category:OWASP Individual and Corporate Member Packs plus Conference Attendee Packs Brief|OWASP Individual & Corporate Member Packs, Conference Attendee Packs Brief]]'''
| align="CENTER" | LXstudios, [mailto:deb@lxstudios.com Deb Brewer]
| align="CENTER" | Quality
| align="CENTER" | [mailto:eoinkeary@gmail.com Eoin Keary] (Confirmed)
| align="CENTER" | [mailto:yiannis@owasp.org Yiannis Pavlosoglou] (Confirmed)
| align="CENTER" | Dinis Cruz
|-

Project Information:template Enigform and mod OpenPGP

2008-06-23T14:30:16Z

Buanzo: added wiki

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The goal of this project is to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
| style="width:14%; background:#cccccc" align="center"|Project Leader [mailto:buanzo(at)buanzo.com.ar '''Arturo 'Buanzo' Busleiman''']
| style="width:14%; background:#cccccc" align="center"|Project Contributors (if applicable) [mailto:to(at)change '''Name&Email''']
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-enigform-and-mod-openpgp '''Mailing List/Subscribe'''] [mailto:Owasp-Enigform-and-mod-OpenPGP@lists.owasp.org '''Mailing List/Use''']
| style="width:14%; background:#cccccc" align="center"|First Reviewer [mailto:mark.roxberry(at)owasp.org '''Mark Roxberry''']
| style="width:14%; background:#cccccc" align="center"|Second Reviewer [mailto:name@name '''Name''']
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member [mailto:dinis.cruz(at)owasp.org '''Dinis Cruz''']
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''PROJECT MAIN LINKS'''
|-
| style="width:100%; background:#cccccc" align="center"|
* http://wiki.buanzo.org - Main mod_openpgp and Enigform documentation (Wiki)
* http://maotest.buanzo.org - Main Enigform / mod_openpgp test site.
* http://enigform.mozdev.org - Main Enigform Development site
* http://foros.buanzo.com.ar/viewforum.php?f=35 - Enigform / mod_openpgp Support Forum
* svn://svn.buanzo.org/mod_openpgp - mod_openpgp and test-site / tools subversion repository.
* http://www.freesoftwaremagazine.com/blogs/interview_with_arturo_busleiman - An Interview with Buanzo.
* http://freshmeat.net/articles/view/2599 - An early Enigform article.
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''RELATED PROJECTS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Enigform: Firefox Addon for OpenPGP signing of HTTP requests Project]]
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''SPONSORS & GUIDELINES'''
|-
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''Sponsored Project/Guidelines/Roadmap''']]
|}
{| style="width:100%" border="0" align="center"
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
|-
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer''' (applicable for Beta Quality & further)
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member''' (applicable just for Release Quality)
|-
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
| style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
|-
|}

Project Information:template Enigform and mod OpenPGP

2008-06-20T13:04:40Z

Buanzo: added related links

{| style="width:100%" border="0" align="center"
! colspan="7" align="center" style="background:#4058A0; color:white"|'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="6" style="width:85%; background:#cccccc" align="left"|The goal of this project is to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
| style="width:14%; background:#cccccc" align="center"|Project Leader [mailto:buanzo(at)buanzo.com.ar '''Arturo 'Buanzo' Busleiman''']
| style="width:14%; background:#cccccc" align="center"|Project Contributors (if applicable) [mailto:to(at)change '''Name&Email''']
| style="width:14%; background:#cccccc" align="center"|[mailto:Owasp-Enigform-and-mod-OpenPGP@lists.owasp.org '''Project Mailing List''']
| style="width:14%; background:#cccccc" align="center"|First Reviewer [mailto:mark.roxberry(at)owasp.org '''Mark Roxberry''']
| style="width:14%; background:#cccccc" align="center"|Second Reviewer [mailto:name@name '''Name''']
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member [mailto:dinis.cruz(at)owasp.org '''Dinis Cruz''']
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''PROJECT MAIN LINKS'''
|-
| style="width:100%; background:#cccccc" align="center"|
* http://maotest.buanzo.org - Main Enigform / mod_openpgp test site.
* http://enigform.mozdev.org - Main Enigform Development site
* http://foros.buanzo.com.ar/viewforum.php?f=35 - Enigform / mod_openpgp Support Forum
* svn://svn.buanzo.org/mod_openpgp - mod_openpgp and test-site / tools subversion repository.
* http://www.freesoftwaremagazine.com/blogs/interview_with_arturo_busleiman - An Interview with Buanzo.
* http://freshmeat.net/articles/view/2599 - An early Enigform article.
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''RELATED PROJECTS'''
|-
| style="width:100%; background:#cccccc" align="center"|
[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Enigform: Firefox Addon for OpenPGP signing of HTTP requests Project]]
|}
{| style="width:100%" border="0" align="center"
! colspan="6" align="center" style="background:#4058A0; color:white"|'''SPONSORS & GUIDELINES'''
|-
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#OpenPGP Extensions for HTTP - Enigform and mod_openpgp|'''Sponsored Project/Guidelines/Roadmap''']]
|}
{| style="width:100%" border="0" align="center"
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
|-
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer''' (applicable for Alpha Quality & further)
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer''' (applicable for Beta Quality & further)
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member''' (applicable just for Release Quality)
|-
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- [[Project Information:template Enigform and mod OpenPGP 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
| style="width:22%; background:#C2C2C2" align="center"|X
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
| style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached? '''Yes/No''' (To update) --------- Which status has been reached? '''Season of Code''' - (To update) --------- [[Project Information:template Enigform and mod OpenPGP - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
|-
|}

OWASP Summer of Code 2008 Applications

2008-03-24T18:28:18Z

Buanzo: /* OpenPGP Extensions for HTTP - Enigform and mod_openpgp */

'''This page contains project Applications to the [[OWASP_Summer_of_Code_2008|OWASP Summer Of Code 2008]]'''

= A few notes =
*'''If you want to apply for a SoC 2008 sponsorship you HAVE TO USE THIS PAGE for your application.'''
** See [[OWASP Summer of Code 2008#How To Participate (To Developers)|How To Participate]] for what to do once you completed your Application.
** Please remember that projects will be selected and funded based on how well they meet the [[OWASP Summer of Code 2008#Jury and Selection Criteria| Selection Criteria]].
** Please see [[OWASP Autumn of Code 2006 - Applications|AoC 06]] and [[OWASP Spring Of Code 2007 Applications|SpoC 07]] for examples of Applications.
* '''You can propose your project in any form you wish, but the best proposals will be well thought out, clear and concise, and reflective of your passion for the topic. We strongly suggest that you include [[OWASP Summer of Code 2008 Applications - Proposal Type|this information in your proposal]].
'''
= Applications - {Fill in below} =

== The Application Security Desk Reference - ASDR ==
* Leonardo Cavallari Militelli
* Proposal: Make [[OWASP ASDR Project|OWASP ASDR Project]] a release quality document.

The ASDR is a reference volume that contains basic information about all the foundational topics in application security. It intends to replace and refresh [[OWASP Honeycomb Project|Honeycomb Project]] with a new structure for articles and relationship between categories, thus making it a release quality doc.

This idea raised when finished the [[Attack|Attack Reference Guide]] for [[OWASP Spring Of Code 2007|OWASP Spring Of Code 2007]], where it was identified that OWASP reference articles need some special attention. Jeff Williams is totally supporting this project.

We already have defined which type of article we should include on Desk Reference, as follows:
* [[:Category:Principle|Principles]]
* [[:Category:Threat_Agent|Threat Agents]]
* [[:Category:Attack|Attacks]]
* [[:Category:Vulnerability|Vulnerabilities]]
* [[:Category:Countermeasure|Countermeasures]]
* [[:Category:Technical Impact|Technical Impacts]]
* [[:Category:Business Impact|Business Impacts]]

*Road Map: A complete project roadmap can be found on '''[[ASDR Table of Contents|ASDR Table of Contents]]'''. Basically, the following activities should be performed, some of them already started:
** Define articles templates for each reference type
** Define subcategories for articles classification
** Compile first DRAFT version of ASDR Book
** Articles development & Call for Volunteers
** Articles revision
** First version of OWASP ASDR book

== OWASP Code review guide, V1.1 ==
* Eoin Keary,
'''Code Review Guide Proposal''':

'''Introduction:'''The code review guide is currently at version RC 2.0 and the second best selling OWASP book.
I have received many positive comments regarding this initial version and believe it’s a key enabler for the OWASP fight against software insecurity.

It has even inspired individuals to build tools based on its information and I have convinced such people (Alessio Marziali) to open source their tool and make it an OWASP project.

The combination of a book on secure code review and a tool to support such an activity is very powerful as it gives the developer community a place to start regarding secure application development.

'''Proposal:'''
I am proposing that I improve the code review guide from a number of aspects. This should place the guide as a de facto secure code review guide in the application security industry.

'''Additional and expanded Chapters:''' 

'''Transactional analysis''' 
Expand chapter. 
Examples via diagrams. 

'''Threat Modeling and Analysis''' 
The approach to examining an application to be reviewed. 
Focusing on areas of interest. 

'''Example reports and how to write one''' 
How to determine the risk level of a finding. 

'''Automated code review''' 
Code crawler documentation and usage. 

'''Rich Internet Applications''' 
Expanded chapters on Flash, Ajax. 

'''The OWASP ESAPI (Enterprise Security API)''' 
What it is, Why use it. What to review. 

'''Code review Metrics:''' 
How to compile, use and analyse metrics. 
Rolling out metrics in the Enterprise. 

'''Integrating Code review with an existing SDLC'''
Integration of Secure Code review with an existing SDLC. 
Secure Code review roadmap definition. 
Documentation requirements. 
Scope definition. 
SDLC steering comittee establishment. 
Performace criteria, benchmarks and metrics. 
Integration of SDLC results into key IT governance areas. 
Critical success factors. 

== The OWASP Testing Guide v3 ==
* Matteo Meucci
* The OWASP Testing Guide v2 was a great success, with thousand downloads and many many Companies that have adopted it as standard for a Web Application Penetration Testing.
Now it's time to begin a new project that is based on v2 but improve it and complete it.

In the OWASP Testing Guide v2 we have split the set of tests in 8 sub-categories:

* Information Gathering
* Business logic testing
* Authentication Testing
* Session Management Testing
* Data Validation Testing
* Denial of Service Testing
* Web Services Testing
* AJAX Testing

The following are my thoughts about the new OWASP Testing Guide v3:

1) Authorization testing missing. As Jeff and Dave said many time before it's important to create a new category.
2) Information gathering is not a set of vulnerabilities --> not in report --> new category: Passive mode analysis
3) Infrastructural test --> new category
4) Web Services section needs improvement
5) AJAX Testing section needs improvement
6) New category: Client side Testing. AJAX and Flash Testing

* This [http://www.owasp.org/index.php/Image:Planning_OTGv3.doc document] analyze the OWASP Testing Guide v2 vulnerabilities and a plan for create the new v3.

== Code Crawler ==
* Alessio Marziali (aka nTze) 

'''Description''' 
This tool is aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code.
The aim of the tool is to accompany the OWASP Code review Guide and to implement a total code review solution for "everyone"; Where "everyone" means "more" companies performing secure software activities. 
Key areas of improvement: 
'''Reporting''' 
- PDF
- Microsoft Office Compatible Word Document
- HTML

'''Scanning''' 
- Multiple File scanned at the same time 
-- Open Microsoft Visual Studio's Solutions 

'''Bigger Database''' 
Which will provide more information about the threats such vulnerability type (XSS,SQL Injection, Remote File Inclusion etc). 
'''Security Software Life Cycle''' 
A feature that will let you save the threats for each project/document, so the reviewer can check how the development is going from a “security prospective” during the entire software lifecycle. 

Improvement of the code scan system. 

== The Owasp Orizon Project ==
* Paolo Perego (aka thesp0nge),
* The Owasp Orizon Project,

'''Introduction'''

The [http://www.owasp.org/index.php/Category:OWASP_Orizon_Project Owasp Orizon Project] born in 2006 in order to provide a framework to all Owasp projects developing code review services.

The project is in a quite stable stage and it is usable for Java static code review and some dynamic tests against XSS.
Owasp Orizon includes also APIs for code crawling, usable for code crawling tools.

[http://milk.sf.net Milk] project is a java code review tool I'm writing using Orizon as background engine. Its goal is to show engine capabilities.

'''Objectives and deliverables'''

* plugin architecture for static code review library: this planned feature will be announced (hopefully, if my CFP will be accepted) to next Owasp European App conf.
* starting C# support
* upgrade from Alpha quality project to Beta quality project in accord to [http://www.owasp.org/index.php/Category:OWASP_Project_Assessment Owasp Project Assessment criteria]

'''Why I should be sponsored for the project'''

Owasp Orizon is the first Owasp project I'm involved in. I'm also contributor of Owasp Italian chapter managed by Matteo Meucci and I'm talking at various speeches about application security and safe coding best practices.

I'm a security consultant working in ethical hacking and we're approaching code review and safe topics right now. I'm a developer too so I understand also the "dark side" of the problem developing code with security in mind.

I work using the "release early release often" paradigm so to be concrete and let other people having something usable to work with.

In the last year Owasp Orizon evolved a lot with a good static code review engine and a lot of code was written to give Owasp guys the best framework as possible to be used for writing code review tools. I hope to pursuit my goals again with SoC 2008.

== Skavenger ==
* Matthias Rohr

'''Introduction'''

Skavenger is a web application security assessment toolkit which arised from many years of professional experience in the web application assessment field and is the result of nearly one your of work.

It passively analyzes traffic logged by various MITM proxies (such as WebScarab and Burp) as well as other sources (like Firefox's LiveHTTPHeader plugin) and helps to identify various kinds of possible vulnerabilities (such as XSS, CRLF injection, an insecure session management and several kinds of information disclosure). Skavenger's modular design allows the integration of custom scanning modules without any knowledge about the tool at all.

Skavenger is completely written in Perl and can be downloaded from:
https://sourceforge.net/projects/skavenger/

'''Objectives and deliverables'''

Here are some ideas:
* A GUI to monitor and analyze scanning results
* More sophisticated scanner modules (e.g. for better backend identification and more platform specific tests)
* Database integration
* API's to integrate modules in other languages (such as Python or Java).
* Better source integration with custom Firefox, Burp or (of course) WebScarab plugins

== OWASP .NET Project Leader ==
* Mark Roxberry

'''Project Proposal'''

Assume the lead of the OWASP .NET Project. Ensure that information, materials and software are relevant to building secure .NET web applications and services. Provide deep content for all roles related to .NET web applications and services including:

* Architectural guidance
* Developer tools, information and checklists
* IT professional content (for those that deploy and maintain .NET websites)
* Penetration testing resources
* Incident response resources

The OWASP .NET Project Leader will actively recruit .NET contributors, including personnel from Microsoft, but others throughout the .NET ecosystem. Including experts from communities from large companies to ISVs, from enterprise architects to ALT.NET developers will be important for the overall reach of the OWASP .NET project. Other communities to consider include developers who use Mono (.NET for Linux), including Moonlight (Silverlight for Linux).

The OWASP .NET Project Leader will actively contribute to the OWASP projects that require .NET resources, by recruiting resources or contributing to the project.

I propose to have the project active in 1-3 months, with continuous recruitment efforts for contributors for the life of the project. Metrics for success can include number of contributors, number of articles, search engine ranks for pages and site visit counts. For the application however, I will submit that within 3 months I can provide a baseline to set site goals for each metric.

'''Why I should be sponsored for the project'''

I have previously contributed to the OWASP Test Guide v2 project, providing content and reviewed content. I care about the OWASP mission. In fact, I have used the OWASP Top 10 to teach developers about vulnerabilities in web applications.

I have 15 years of technical leadership experience using Microsoft technologies. I have lead small and large teams as a technical lead, lead developer and architect on small and large projects. I am a Certified Information Systems Security Professional (CISSP) and a Certified Ethical Hacker. I am on top of current trends and required to be informed regarding .NET web development and security, including, for example ASP.NET MVC, Silverlight, Unity, Entity Framework. I am personally interested in providing security resources to .NET developers globally, specific and applicable to their projects.

== OWASP Backend Security Project ==
* Full name: Carlo Pelliccioni
* Project: OWASP Backend Security Project
* Project description:
:OWASP Backend Security Project is a new project created to improve and to collect the existant information about the backend security.
:The project is composed by three sections (security development, security hardening and security testing).
:The aim is to define the guidelines for the companies and IT professionals working in the security field into processes development and back-end components management/testing in the enterprise architecture.

* Objectives:

'''Overview'''
Create a section with an introduction about the project (high-level description) explaining the main
goals.

'''Development'''
Include the writings already existant in OWASP wiki concerning PHP,
JAVA and ASP.NET and extend the projects' sections with new contents.

'''Hardening'''
Create new guidelines about the dbms hardening

'''Testing'''
Include the writings already existant in OWASP wiki about security testing.
Create new articles about security testing.

== OWASP Classic ASP Security Project ==
* Juan Carlos Calderon
'''Executive Summary''' 
I am interested in making P018 - OWASP Classic ASP Security Project happen, Classic ASP 2.0 and 3.0 applications are still largely used as this technology is more than 10 years old and was largely used. there are thousands of sites on the wild that need guidance on the security arena. This is where OWASP can come up and provide help for “making the Web a better place” and continue spreading the word on security. I have always be a passionate of the technology (regardless of its inconveniences such as being old and DLL-hell prone) and I am really exited on the idea of sharing my knowledge of this area to the world and what best that though OWASP.

'''Objectives and Deliverables''' 
Create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. More specifically:
* Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide .
* Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks.
* Addition of expression for Code Review Tool to support Classic ASP applications.
* Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.
* This same module will compliment the OWASP Validation Documentation Project.

'''Why should I be sponsored for the project?''' 
I have 10 years of experience on Web technologies. During 8 years I have performed and leaded hundreds of Security Source Code Reviews and Black box testing on Web Applications. On my current job I lead 30 people in diverse locations all of them working on the Application Security arena, so I am accustomed to execute and deliver.

Also I’ve had close contact with OWASP since 2005
[https://lists.owasp.org/pipermail/owasp-spanish/2005-March/000069.html] by making possible the translation of OWASP Top 10 2004 [http://www.owasp.org/index.php/Top_10_2004] and OWASP Testing Guide V1.17 [http://www.owasp.org/docroot/owasp/misc/testing_spanish.pdf] to Spanish.

== Internationalization Guidelines and OWASP-Spanish Project ==
* Juan Carlos Calderon
'''Executive Summary''' 
The main goal of OWASP is to spread the word about security (“Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.”) and OWASP has done great work so far :). And now it’s time for a next big step.

The number of native and secondary speakers in the world for Chinese, Spanish, French, Russian, Arabic and Indi languages are estimated in similar number to English speaking or even more (Some References at [http://en.wikipedia.org/wiki/Ethnologue_list_of_most_spoken_languages Ethnologue], [http://encarta.msn.com/media_701500404/Languages_Spoken_by_More_Than_10_Million_People.html Encarta], [http://en.wikipedia.org/wiki/List_of_languages_by_number_of_native_speakers Wikipedia]). I think is a good time for OWASP to reach those that do not speak English to have full access to all the OWASP materials, not just a couple of documents.

OWASP, while open to translations, do not have clear guidelines on how to translate OWASP contents and (AFAIK) there is no multi-language support in OWASP.org site. This is understandable as there is no formal project for internationalization so far.

'''Oportunity and Effort''' 
This is great opportunity to make Spanish the first language on which the OWASP site and documentation is fully translated and at the same time share the experience with other people interested in the same objective, Bring OWASP to the world. And this is something I’ve being pushing for some time ago and that could be possible “at once” via SoC 2008.

I understand this is significant effort so to have it done I will count with the help of 6 people (friend of mine, all of them Security auditors with excellent English level) plus a few well known contributors from OWASP-Spanish effort, so the founding will be divided among the people involved in the same proportion of the work they do for the completion of this effort. This, to encourage delivery.

'''Objectives and Deliverables''' 
* Team up with Larry Casey to implement Multilanguage support in OWASP.org Mediawiki.
* General Guidelines on minimum/recommended requirements to start a new language translation for OWASP Document and Site Pages
* General Guidelines on minimum/recommended requirements to implement internationalization and localization ([http://www.w3.org/International/ i18n]) on OWASP Software
* Full translation to Spanish of all the release-level document projects. Those are:
** Top 10 2007
** Guide 2 (Already translated)
** Testing Guide (Already Translated)
** Legal
** FAQ
* Full Translation of major sections of OWASP Site
** Project Main Pages (Release, Beta and Alpha levels for both documents and tools projects)
** Principles
** References Section
** Conferences
** News (Those currently displayed in OWASP site)
** About OWASP
* Evaluation of Spanish translation approach for WebGoat and WebScarab and delivery of this document to Bruce and Rogan for possible implementation in near future.
* Leverage for deploy of es.owasp.org, the domain already exists but is not redirecting correctly.
* Create a Communication strategy to help and keep track on new pages or changes in significant pages so all the translations are in sync.

'''Out of Scope''' 
Translation of the following sections are NOT in Scope
* Local Chapters Pages
* Presentations
* Conferences
* Videos
* Blogs
* All the projects deliverables in Alpha and Beta Stages
* All the documentation “on development” like Guide Version 3.0
* Translation of Pages, documentation or tools to other language other than Spanish according to the stated in above section.

'''Why should I be sponsored for the project?''' 
I’ve being part of contributions to OWASP documents on the translation arena since 2005 [https://lists.owasp.org/pipermail/owasp-spanish/2005-March/000069.html], a few of them by making possible the translation of OWASP Top 10 2004 [http://www.owasp.org/index.php/Top_10_2004] and OWASP Testing Guide V1.17 [http://www.owasp.org/docroot/owasp/misc/testing_spanish.pdf] to Spanish. It is time to make the full job done :).

I have 10 years of experience on Web technologies. During 8 years I have performed and leaded hundreds of Security Source Code Reviews and Black box testing on Web Applications. On my current job I lead 30 people in diverse locations all of them working on the Application Security arena, so I am accustomed to execute and deliver.

== The Ruby on Rails Security Guide v2 ==
Heiko Webers

The last security guide for Rails [http://www.owasp.org/index.php/Category:OWASP_Web_Application_Security_Put_Into_Practice] was a great success, with a lot of more secure web applications and continued awareness in the community of security issues. The Ruby on Rails Security Project [http://www.rorsecurity.info/] is the one and only source of information about Rails security topics, and I keep the community up-to-date with blog posts and conference talks in Europe. The Guide and the Project has been mentioned in several Rails books and web-sites.

Version 1 of the Ruby on Rails Security Guide was sponsored by the SpoC 07, set the standard for OWASP programming language specific guides in terms of the topic outline and has been published as a book [http://www.lulu.com/content/1412042]. Nevertheless I'm convinced that a more compact design and a "question-and-answer" style of writing will reach an even larger audience. Of course the new Guide will still include answers to the OWASP Top Ten security vulnerabilities.

A lot has changed since the publishing of the first Guide. Some new security holes have been found, there are new advises and most importantly Rails version 2.0 has been released. The new Ruby on Rails Security Guide aims at providing an up-to-date coding and configuration guide for the Rails community.

In the new Rails Security Guide I'd like to
* update the entire book to match Rails 2.0
* cover new topics, including, but not limited to:
** Intranet and administration interface security,
** phishing,
** real-world attack situations,
** short excursus on server monitoring,
** the new CookieStore session management,
** vulnerabilities in popular plug-ins,
** denial-of-service attacks
* cover all OWASP Top Ten security vulnerabilities
* a more compact writing style, more examples and "questions-and-answers"
* introduce the OWASP and Rails security to a greater audience

== OWASP Application Security Verification Standard ==

*Mike

'''OWASP Application Security Verification Standard Proposal'''

'''Educational and professional background'''

The applicant is a hands-on senior professional services manager with a trademark of
developing creative solutions to complex application security-related technical problems.

'''Application security experience and accomplishments'''

The applicant has a background in trusted product evaluation:

*CC evaluation
*CC evidence development, including operating system test code development
*CC project management
*TCSEC evaluation
*TCSEC project management
*TEF management
*CCTL management

The applicant also has a background in security-related software development and integration:

*PKI toolkit development
*PK-E application integration
*Secure web portal application development
*Secure web portal integration
*Secure instant messaging application development, including three patents

The applicant also has a background in cryptomodule testing:

*FIPS 140 evaluation
*FIPS 140 evidence development

'''Participation and leadership in open communities'''

The applicant does not have experience in contributing to open communities.

'''The opportunity, challenges, issues or need your proposal addresses'''

OWASP is looking for a commercially-workable open standard for performing application security verification efforts. The problem is that there is a huge range in the coverage and level of rigor available in the market, and consumers have no way to tell the difference between someone just running a grep tool, and someone doing painstaking code review and manual testing. So, a standard is needed.

'''Objectives or ways in which you will meet the goal(s)'''

The applicant’s proposal will address the above challenges as follows:

*The applicant will define an evaluation framework that may be used to conduct OWASP Application Security Verification Standard certifications.
*The applicant will define an OWASP Application Security Verification Standard which defines levels that applications may be certified against.

'''Specific activities and who will carry out these activities'''

The applicant will carry out these activities. Please see below for a proposed list of specific deliverables.

'''Specific deliverables and a rough project schedule so we can track progress'''

The applicant proposes the following deliverables:

*'''Scheme Overview document.''' This will define the overall framework with roles, responsibilities, and processes.
*'''Evaluation and Certification document.''' This will describe the evaluation and certification process.
*'''Conditions for the Use of Trademarks.''' This will describe OWASP’s name, logo, and certificate may be used and referenced.
*'''Evaluation Report Content Requirements.''' This will describe the content requirements of evaluation reports.
*'''OWASP Application Security Verification Standard.''' This will define the levels that applications may be certified against.
*'''OWASP Application Security Verification Standard Appendix A.''' This will define the required content of the OWASP Application Security Verification Standard Security Policy.
*'''Policy Letter #1. Acceptance of Security Policies into OWASP Evaluation''' This will define the requirements to be listed as in evaluation on the OWASP web site.

The applicant proposes the following rough project schedule:

*2nd April. Project kickoff.
*15th June. Alpha Quality drafts of Scheme Overview document and of OWASP Application Security Verification Standard document completed.
*31st August. Project completion. Beta Quality drafts of all documents completed.

'''Long-term vision for the project'''

The long-term vision for the project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification.

'''Any other reasons why you and your project should be selected.'''

The applicant has a uniquely-qualified perspective given his experience with TCSEC, TTAP, CC, FIPS 140-1, and FIPS 140-2 evaluation programs, and his real-world perspective as a developer and integrator of security-related applications.

== GTK+ GUI for w3af project ==

''Facundo Batista''

'''Your educational and professional background'''

I'm Electronic Engineer with a Master in Engineer Innovation in
Bologna University, Italy. I live in Buenos Aires, Argentina, and love
reading books, playing tennis, and programming Python.

I worked in a mobile company for six years, in the Network Management
department, then I was Chief Developer of a Mobile Content Provider,
and now I'm Solution Architect in Multimedia & Systems Integration in
Ericsson. Also I was professor in several universities, high schools
and other institutions.

'''Application security experience and accomplishments'''

None, more than working in w3af. However, my proposal here is not
related to the security part of the product, but to its graphical
interface and usability.

'''Participation and leadership in open communities'''

I'm very involved in the free software and open source community. I'm
a Python Core Developer and member of the Python Software Foundation
by merit. I have a long history of talks given in several
international (PyCon, EuroPython) and national (a lot!) conferences. I
also teach Python in educational institutions, enterprises and as a
private instructor. I founded Python Argentina, the national users
groups, and I'm a very active member of it.

I also lead other open source projects (SMPPy, SiGeFi, etc.) and
particpate in others (Docutils, w3af itself, etc.).

'''The opportunity, challenges, issues or need your proposal addresses'''

My main objective is to minimize the effort and learning curve of
using w3af, providing a very usable graphical interface.

Note that as the interface is cross platform, being usable also in the
win32 environment, it will help to popularize the w3af project.

This will allow users without information security knowledge to verify
that their web applications are correctly programmed and configured.

'''Specific activities and who will carry out these activities'''

I will carry the following activities, detailed later in smaller steps:

- Design and code new windows and interfaces to increase the functionality of the project.

- Tuning of the process workflow, allowing a more intuitive way of working.

- Visual polishing for a more pleasant and intuitive tool.

- Usability tests and improvements.

'''Specific deliverables and a rough project schedule so we can track progress'''

''New features implemented in the pyGTK user interface:''

- Local proxy to trap and modify requests and responses sent from a browser.

- Manually send a request and analyze the response.

- Manually create a fuzzed requests based on tokens, so user can construct easily differents HTTP request with a regex-like semantics.

- Wizard to perform a vulnerability assessment.

- Graphical display of site map and vulnerabilities.

- Reload a plugin after its edited from within the pyGTK user interface.

- Embebed tool to encode/decode URL/Base64 and to hash sha1/md5.

- HTTP response side by side content compare.

''Usability improvements in the pyGTK user interface:''

- Meetings with a usability expert that the w3af team leader has already contacted and worked with.

- Kill all pending bugs and make a stable release.

''Documentation:''

- Users guide for the pyGTK user interface.

- Help system for the GUI itself

'''Long-term vision for the project'''

To provide the web application security community with a stable and fully
featured framework to perform all the tasks included in a penetration test
from within the project.

'''Any other reasons why you and your project should be selected'''

w3af is one of the most active web application security projects;
the community that supports it is growing and we need the support of
already established organizations like OWASP to keep working at the
rate that we want to.

== P006 OWASP Corporate Application Security Rating Guide and P025 OWASP Positive Security Project ==

by Eduardo Vianna de Camargo Neves

'''Executive Summary'''

A common approach on most companies is to increase the protection of their assets after the occurrence of a considerable impact. However some companies learned that a positive approach on IT Security is most effective and can reduce the financial costs on responses to security incidents. Benchmarking the application security practices on the corporate world will allow us to understand what steps are required to keep the IT environment protected, using this knowledge to create a public Security Rating Guide that can be used to support the establishment of a security baseline within the community.

Moreover the information from this analysis can be used to support the development of a campaign to spread a positive security posture in the market. The liaison with companies that maintain good security practices will help to start this initiative from a higher degree and involve several actors on the security stage for the same direction to a market were security is understood as a business value.

'''Approach'''

Assessing public materials from the Top 50 Companies and Top 50 Software Companies, a rating guide will be produced showing tangible metrics that are achieved by those companies and allow them to be considered secure enough on a comparison to a baseline of good practices. As a result the Corporate Application Security Rating Guide will be produced and published for the community and the deliverables used to support the development of the Positive Security Project with facts from a real analysis.

'''Benefits'''

The whole community will be benefited from these initiatives. With the adequate support from OWASP to maintain the projects active and liaise with big players on the market, we can expect the following:

• The community will receive a Security Rating Guide that will allow them to compare their own security practices within the market. As this will be a public document, suppliers and buyers worldwide will share the same information allowing them to adequate the expectations on the usage of security services and tools.

• The Security Rating Guide can be used as a marketing tool by the companies, allowing them to sell security as a business value and avoiding the old-fashion and inadequate FUD approach.

• The knowledge and relationship developed during the production of the Security Rating Guide will allow us to produce the deliverables on Positive Security Project with real information, increasing the credibility of the initiative for the market.

• The Security Rating Guide and the Positive Security Project can be walk in parallel, merging their information to support a concise and continuous marketing campaign to encourage a positive approach on the market.

• As an open community free from commercial pressures, OWASP can use both projects to support the evaluation of security products for the market, allowing the organization to receive profits from these services and support current and future projects.

'''Summarized Work Breakdown Structure (WBS)'''

All the activities will be leaded by Eduardo V. C. Neves, which will be responsible as a single point of contact with the sponsors and to manage a team of compromised volunteers from OWASP community and participants from security communities and associations (i.e. ISSA, SANS and ISC2).

The activities will be carried on WBS summarized bellow. Dates presented should be considered as deadlines for the activities:

• Criteria establishment and definition of the Top 50 Companies and Top 50 Software Companies (April 11)

• Assessment of public materials to support the ranking establishment (April 18)

• Establishment of the Corporate Application Security Rating Guide (April 25)

• Publishing of the Corporate Application Security Rating Guide on OWASP web site and promotion over adequate channels (i.e. publications, blogs and associations) (May 09) (1)

• Criteria establishment and approval of marketing templates for Positive Security Project (May 16) (2)

• Development of the Positive Security Project material (i.e. blog and marketing sheets) (May 30)

• Liaison with the OWASP Members, Top 50 Companies and Top 50 Software Companies to present the project and negotiate their participation as supporters, sponsors or contributors. (June 27)

• Update on Corporate Application Security Rating Guide, including their score on Positive Security approach (July 4)

• Presentation of the Positive Security Project approach and Corporate Application Security Rating Guide on the market (July 31) (3)

• Conference calls with team members to evaluate the results of the initiatives in all countries and produce project´s documents (i.e. lessons learned, update on marketing material and evaluation of alternative approaches for the future steps). (August 15)

• Prepare project documentation and present to the OWASP community on the web site (August 31)

''(1) Support from OWASP Foundation is required to liaise with companies and associations worldwide

''(2) Support from OWASP Foundation and community are required to evaluate adequate marketing templates and translate original documents for their own languages''

''(3) Support from OWASP community is required to spread the word on all countries were OWASP members are located.''
'''''

'''Project Control'''

The project will be managed following PRINCE2 Process Model and all control documents published for the OWASP community. The following mandatory project control documents are planned:

• Project Initiation Document: To document project´s background, definition, objectives, approach, etc.

• Communication Plan: To assure that OWASP Community are being continuous communicated about project status and deliverables achievement.

• Highlight Report: To provide the OWASP Community with a summary of the project status, progress and potential problems or areas where help may be required.

• End Project Report: To present project achievements. Should be considered the final project report.

More documents may be included during project development to support the control and assure a high quality level (i.e. issue log, project approach).

'''Long Range Plan'''

Both projects should walk in parallel and be used as tools to support efforts to encourage and make the positive approach a reality on the IT Security field. These initiatives shall be supported by OWASP as long term plans and grow to a continuous world-wide campaign in this direction that must achieve big players on the market and be recognized by the community as a tool that must be used to evaluate security enabled companies and products.

'''Why me?'''

Can be me, you or anyone that carries these projects in a professional fashion and assure that all deliverables are being achieved. The most important parts is to make it happen, talk and get the support from reputable associations and large companies (OWASP Members are a good start) and lead it as a long range responsibility.

I am running to win this project because I believe in all of this. I see both as very valuable initiatives that can help companies to make more business; people to get more jobs and the whole community to win in a scenario where our contributions on the security market are recognized as business tools.

'''About me'''

Information Security professional and enthusiastic with 15 years dedicated to achieve expressive results in the areas of IT, Information Security, Compliance and Project Management. A CISSP in good stand and Officer at the ISSA Brazilian Chapter, my professional career gave me extensive knowledge in several fields of Information Security with accumulated experience at consulting firms, as CSO at a world player company on consumer goods market and now as an entrepreneur at Latin American market.

''Application security experience and accomplishments''

My work experience is on Security Management, Risk Assessment, Business Continuity and Disaster Recovery, Security Awareness and other managed-related fields on our industry. I don’t have hands-on experience on application security and this is the main reason why I am running to be qualified on the project described bellow, where I believe that my skills can be used to achieve an excellent result for the community.

''Participation and leadership in open communities''

• Member of OWASP Brazil where I made some small contributions in a recent past.

• Member of ABNT/CB-21/SC02 committee, Brazilian ISO representative for 27001 and 17799 standards

• Officer of ISSA Brazil Chapter where I am responsible for the South Region and as the editor of Antebellum, the ISSA Brazil Journal

• Founder and member of GISI-PR, an open community focused on discuss and promote Information Security initiatives within Paraná State, Brazil

== P017 - OWASP AppSensor - Detect and Respond to Attacks from Within the Application ==
'''Name'''

Michael Coates

'''Project'''

P017 - OWASP AppSensor - Detect and Respond to Attacks from Within the Application

'''The opportunity, challenges, issues or need your proposal addresses, '''

As critical applications continue to become more accessible and inter-connected, it is paramount that the information be protected. We must also realize that our defenses may not be perfect. Given enough time, attackers can identify security flaws in the design or implementation of an application. In addition to implementing layers of defense within an application, it is critical that we identify malicious individuals before they are able to identify any gaps in our defenses. The best place to identify malicious activity against the application is within the application itself.
Network based intrusion detection systems are not appropriate to handle the custom and intricate workings of an enterprise application and are ill-suited to detect attacks focusing on application logic such as authentication, access control, etc. The application itself is the best place to identify and respond to malicious activity.
This project will create the framework which can be used to build a robust system of attack detection, analysis, and response within an enterprise application

'''Objectives or ways in which you will meet the goal(s), '''

I plan to use a methodical approach throughout the creation of this resource. I will reference my own professional experience, OWASP resources, ESAPI, and academic materials to identify a robust set of potential attacks and identification methods. Thresholds will be recommended for each of the detected attacks. Each recommended threshold value and response recommendation will be accompanied with additional information to describe the purpose of the threshold and recommendation. This additional information will allow the reader to determine if the threshold is appropriate for their implementation.

'''Specific activities and who will carry out these activities, '''

I will complete the following activities:
1. Identify and define attack patterns against applications
2. Document points of detection within the application for the attack patterns & identify key information to log
3. Create thresholds for generating security alerts
4. Define recommended response actions for the security alerts

'''Specific deliverables and a rough project schedule so we can track progress, '''

April 2, 2008 - Project Begins

April 2, 2008-April 12, 2008 - High level planning & design

April 12, 2008-May 1, 2008 - Identify and define attack patterns against applications

May 1, 2008-June 1, 2008 - Document points of detection within the application for the attack patterns & identify key information to log

June 1, 2008-June 13, 2008 - Pier Review & Revisions

June 15, 2008 - Status Report

June 16, 2008-Aug 15, 2008 - Create thresholds for generating security alerts

June 16, 2008-Aug 15, 2008 - Define recommended response actions for the security alerts

Aug 16, 2008-Aug 30, 2008 - Pier Review & Revisions

Aug 31, 2008 - Project Complete

'''Long-term vision for the project, '''

1. I’d like to include a tiered type approach of thresholds and responses. This is would be similar to the approach used by FISMA of defining different controls for High, Medium, and Low systems.

2. Building on item #1, I want to eventually include a system which lets the user provide information about their system. This information could include rating or prioritizing different security concerns. a customized set of monitoring points, thresholds and response actions can be recommended for the application based on the provided data.

'''About Me'''

'''Education & Professional Background'''

Masters of Science in Computer, Information and Network Security – DePaul University
(Expected Graduation 2009)
Bachelor of Science in Computer Science – University of Illinois
Extensive experience in conducting black and white box security reviews of complex applications and networks for major financial organizations and international telecoms. I also have experience working as the primary investigator of attacks against a multi-national organization with IDS sensors in networks throughout the world. In addition, I have experience working with several regulatory controls and security standards (FISMA, NIST, GLBA etc). My experience as an ethical hacker and incident responder puts me in an excellent position to tackle this project.

'''Application security experience and accomplishments'''

I am a Senior Computer Security Engineer with Aspect Security where I perform security code reviews and application security testing against a variety of platforms. Prior to working with Aspect Security, I was heavily involved in the discovery and exploitation of application vulnerabilities during black box ethical hacking assessments for numerous clients.

'''Participation and leadership in open communities'''

I am a member of OWASP and attend Chicago OWASP chapter meetings. I also attend ChiSec, an informal meet-up of security professionals in the Chicago area. In addition, I interact with the community through my security blog. http://michaelcoates.wordpress.com.

'''Any other reasons why you and your project should be selected. '''

I created a similar framework while working within a Security Operation Center. I created attack scenarios, identified relevant IDS events, defined thresholds and appropriate response action for the Security analysts.

'''Requested Reviewer - Eric Sheridan, Application Security Consultant at Aspect Security, Inc.'''

Eric Sheridan is an Application Security Consultant at Aspect Security, a consulting services company specializing in application security. At Aspect Security, Eric specializes in execution of security verification assessments and the establishment of security activities throughout the development lifecycle. In addition, Eric is an instructor in Aspect’s portfolio of Application Security Courses. Eric is also an active participant in OWASP whose contributions include work with projects such as WebGoat, Stinger, CSRFGuard, CSRFTester, and the SASAP project from OWASP SPoC 2007. Eric was also a featured speaker at the 2007 OWASP/WASC San Jose conference.

Contact Information: eric dot sheridan 'at' owasp dot org

== OWASP Interceptor Project - 2008 Update ==

by Justin Derry

http://www.owasp.org/index.php/Category:OWASP_Interceptor_Project

'''Executive Summary'''

The OWASP Interceptor project was originally written by myself and donated to the OWASP project. Since it has been online numerous people have downloaded the tools and used the code/toolkit. Currently the industry has very limited “XML” or SOAP client testing tools that are designed specifically to perform XML interception and manipulation. The Objective of the Interceptor project is to provide a strong tool for performing XML penetration tests against Web Service (or XML/SOAP) endpoints. The tool should not replace other proxy interception tools such as Charles, Web Scarab and so on, but be purely focused on handling and reading XML structures from clients.

The Interceptor tool includes a “swiss-army” knife of features that will help with decoding/hash generation and interpretation of XML code. The key objective is to make a tool that can assist with the collection, inspection and attack replay of XML requests against service endpoints. This year it’s time for an update. The tool doesn’t run on Vista and needs a number of back-end features addressed as well as some help files etc. (Help to get the tool out of BETA status).

'''Objectives this year'''

This year I see the following objectives in the application code base.
• Get the Interface to run on all Window Platforms (.NET) Win2000, XP and Vista;

• Update the TCP handle libraries to be faster

• Update the XML Parser engine to support the latest structures

• Provide a “default” attack database of known XML attack methods (this is a big one)

• Write a number of help files on how to use the tool

• Update the toolkit BASE64 Decoder, XML Generators etc with further tools

• Write a better “reporting” engine to show the result of simulated attack responses

• Better HTTP support for Manipulation, Authentication and Header Injection etc

• Better support for interception and handling AJAX XML requests

These are the core features I would like to introduce, with also further to probably come as a part of the project.

'''Why should I be sponsored for the project?'''

The current development cycle stopped due to limited time and the need to purchase the IDE tools to develop the interface in .NET. As a Summer of Code 2008 sponsored project we can get the IDE interface tools to implement “Vista” features that will see the tool run on all .NET platforms (Win2000, XP and Vista). Recent changes in my job will allow me to spend more time on developing the toolkit.

Over a number of years I have been involved with OWASP, whilst most recently getting involved with running the OWASP Australia Security Conference for 2008, as well as the Brisbane Chapter. I am also working in the Asia Pacific RIM to further increase the awareness of OWASP and Application Security. My Conference duties for the year have finished up (till planning starts again in a couple of months) so my time can be invested in updating the toolkit.

I believe during the previous years, i have shown OWASP that i am willing and able to produce a quality outcome and i am prepared to put the effort into OWASP to acheive the goals set out for this project.

Some of the Sponsorship money for the project would go to purchasing a specific toolkit for the UI. (The UI is important simply because we want the application to be user friendly). Xceed Components provide a Smart UI as well as some of the decoding and compression features the tool needs. This would require us to approach them upfront for a “free” licence or use some of the Sponsorship money to buy the toolkit. But we can tackle that problem when we come to it.

== SQL Injector Benchmarking Project (SQLiBENCH) ==

by Mesut Timur & Bedirhan Urgun

'''Prelude'''

There're a lot of and great open source tools (takeover/dumpers/hybrid) for taking advantage of an sql injection vulnerability both used by web application security specialists and attackers.
Techniques used, databases supported, algorithms employed and abilities implemented by these "sql injectors" greatly varies. Standardization is one of the abstract goals of OWASP and we think it's important to standardize general vulnerability techniques exists in web applications and one of the biggest one is sql manipulation.
In our effort, we aim to produce a standardization of techniques used in exploiting sql injection by automatic tools.

'''Proposal'''

The goal of the project is to create a detailed set of benchmarking criterias for automatic sql injection tools and applying these to a set of open source sql injectors, producing analysis/benchmarking reports.
Additionaly, in a semi-academic manner, algorithms used by several sql injectors will be analyzed both implementation and complexity vise.

'''Deliverables And Project Schedule Milestones'''

Two set of documents will be produced. One of them will include the benchmarking criterias and the other will comprise of analysis of selected sql injectors against the benchmarking criterias.
Moreover, an interactive visual data flow diagram, giving hints to testers about which tool should be used under which circumstances, will be implemented with web-based technologies such as jquery library.

April 03 Project Kickoff

April 03-30 Determination of the benchmarking criterias

May 01-15 Producing a test environment image with 5-6 rdbms (MSSQL Express, Oracle Express, DB2 Express, MySQL, PgSQL, etc.) and a vulnerable application (which will support different sql injection types, databases and include logging capabilities)

May 15-31 Selecting and installing automatic sql injectors onto the test system and starting to use them on vulnerable application

June 01-30 Analysing tools and applying benchmarking criterias, contacting the authors as we proceed

July 01-31 Producing reports for benchmarking criterias and tool analysis

'''About Us'''

We're part of OWASP-Turkey. [http://www.h-labs.org Mesut Timur] is a junior in the Computer Engineering Dept. of [http://www.gyte.edu.tr University of GYTE] and [http://www.webguvenligi.org Bedirhan Urgun] is a web/application security specialist in [http://www.uekae.tubitak.gov.tr TUBITAK-UEKAE].

== OWASP-WeBekci Project ==

by Bunyamin Demir

http://www.owasp.org/index.php/Category:OWASP_WeBekci_Project

'''Executive Summary'''

Web application firewalls (WAF) are gaining importance among the information security technologies designed to protect web sites from attack. WAF solutions prevent attacks that network firewalls and intrusion detection systems can't and they require no modification of application source code. ModSecurity [http://www.modsecurity.org/] is an open source web application firewall that runs as an Apache module. It is an embeddable web application firewall and it provides protection from a range of attacks against web applications. It is an open source project available to everyone; it however does not come with an admin panel.

I decided to provide this essential tool with a control panel which I believe will ease and thus encourage its usage.

ModSecurity allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure. My main goal is to analyze attacks and generate rules to change the configuration of the ModSecurity accordingly.

ModSecurity has a feature called “flexible rule engine” as its heart of Attack Prevention capability . It uses ModSecurity’s “Rule Language,” (a programming language designed to work with HTTP transaction data). It is easy to use and flexible; yet the system administrators need to learn its own rules to create what is called “Certified ModSecurity Rules” to be implemented. My control panel will automate the major code-generation in Rule Language.

'''Objectives and Deliverables'''

* '''Configuration''' : Most of the configuration parameters will be managed through the web interface
* '''Rule Generator''' : Basic rules will be generated using the web interface
* '''Core Rule Integration''': Core rules will be added to the database for use
* '''Logging and Reporting''': Apache error log and modsec_audit log will be parsed and presented to the user thru the web interface
* '''DB Support''' : MySQL

'''Why I should be sponsored for the project'''
Being a SpoC2007 project, it couldn't be implemented mainly due to a job change and therefore lack of time. With the help of Bedirhan Urgun we'll be able to produce a quality web admin panel GUI for a same host modsec installation infrastructure. We are both part of OWASP Turkey [http://www.owasp.org/index.php/Turkey] and tried to produce a great deal of awareness both about web security and OWASP with both documents/chapter meetings/email list and mini-conferences.

== Teachable Static Analysis Workbench ==

By Dmitry Kozlov, Igor Konnov

'''Introduction:'''

This application covers two OWASP Project proposals: P002 Teachable Static Analysis Workbench and P023 Code Review Tree. These project proposals look complementary and the key idea was to create ONE tool for code review instead of number non-integrated tools.
Note: this project is very close to P024 Attack Surface Metric too – based on web application entry points and used backends it is easy to compute such a metric.

'''Project objectives and deliverables:'''

Project is intended two deliverables: research technical report (publication ready article) and a workbench prototype.

The research will be intended to answer the following questions:
* Can we integrate existing open source static analysis tools (OWASP and third-party) to work altogether? We plan analysis to cover the following tools: LAPSE, Orizon, ESAPI, FindBugs.
* How static analysis workbench can be taught by security analyst?
* How static analysis workbench can support web-applications built using MVC frameworks?

Workbench prototype will be Java-based Eclipse plug-in which aim is to help security analyst/code reviewer validation of web application. At prototype step we suggest to analyze J2EE Web tier applications build on Java Servlets, JSP (without business logic in it) and one MVC framework (Apache Struts). We plan workbench prototype to have the following functionality:
* Input validation vulnerabilities analysis: identification of web application entry points (aka attack surface in P024), call graph for each entry point (see “Packages -> Classes -> Methods -> callsites” in P023), identification of data validation routines, teachable taint analysis.
* Authentification and access control analysis: identification of code related to access control and it’s analysis.
* Pattern-based code analysis.
* Teachability: analyst indicates security-related code (sources of tainted data, sensitive sinks, input validation and sanitizing functions, access control code, etc.) and workbench automatically recomputes possible vulnerabilities list. The second idea is to spread knowledge gathered from analyst to other web applications.

Project budget: $10K (note: this project combines two OWAPS Project Proposals)

'''Future development:'''

Further, workbench can be extended to support various Java web application frameworks and to support Python web applications (it seems to us that teachable tool is much more valuable for Python and other languages where the notion of web application is not so formal as in J2EE).

'''Background: '''

Dmitry Kozlov is a postdoc researcher at Moscow State
University. Since 2003 he leads a group performing research in the area of web
application security. In 2007 this group took part in OWASP Spring of
Code on project "Python Dynamic Analysis". This project was implemented
mostly by Dmitry’s PhD student Andrew Petukhov. Also in 2007 this group created static analysis tool for Python language, based on Pixy PHP analyser (publication is upcoming).

Igor Konnov is PhD student at Moscow State University he has strong background in program analysis and verification.

== OpenPGP Extensions for HTTP - Enigform and mod_openpgp ==
By Arturo 'Buanzo' Busleiman

=== Introduction to the project ===
My name is Arturo Busleiman, a.k.a Buanzo. Last year I worked with OWASP to take Enigform (The OpenPGP Firefox Extension) and mod_openpgp (The Apache counterpart) to an usable level. This year, I want to focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP.

For that to happen, OWASP support is essential. I'm very happy to submit my application for Summer of Code 2008.

=== About Buanzo ===

I am a 26 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of information systems security since 1994. Linux and Security are my life.

A quick search for buanzo on google [http://www.google.com/search?hl=en&q=buanzo&btnG=Google+Search] will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile.[http://www.rentacoder.com/RentACoder/SoftwareCoders/showBioInfo.asp?lngAuthorId=735204] or my "Customer Comments" page at [http://www.buanzo.com.ar/pro/].

I've contributed scripts, fixes and translations to the Nmap project. I've also acted as Expert Contributor for SANS TOP-20 2004, 2005, 2006 and 2007. I've developed
tools and written documentation that can be found in Freshmeat, mozdev.org and addons.mozilla.org. Also I've written
the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v1.0 [http://www.oissg.org/content/view/71/71/].

In my free time, I "run" the 2600 Argentina meetings, write articles, give talks and play the guitar.

I'm an active member of the FLOSS community since 1996, having written articles in magazines http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt, made TV, radio and newspaper appearances [http://codigoabierto.bitacoras.com/archivos/2005/04/01/buanzo-hacks] and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs, answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina [http://counter.li.org/reports/place.php?place=AR].

=== About Enigform ===

The project has draw attention from the IETF OpenPGP Working Group, and even Vinton Cerf (The Father of the Internet) said that Enigform and mod_openpgp "[this] strikes me as a really interesting idea and I hope you (Buanzo) will pursue it with the W3C." (February 18, 2008). [http://en.wikipedia.org/wiki/Enigform]

OWASP Summer of Code 2008 Applications

2008-03-24T18:24:57Z

Buanzo: Added Enigform project, user Buanzo / Arturo Busleiman.

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page

2008-01-16T19:45:51Z

Buanzo:

=== Current Status ===

* 16th January, 2008

As of 16th January, The OpenPGP Secure Session Manager is fully functional. A new release of mod_openpgp and Enigform will happen before the end of January. OWASP made this possible. Thanks to Dinis Cruz and Paulo Coimbra for their support and interest in this project. And thanks to all the Internet community that has sent me feedback and kudos! :) -- Buanzo

== Older Status Reports ==

* 7th November, 2007

As of 7th November, 2007, mod_openpgp, the Server-side Enigform component for Apache, supports OpenPGP-Encrypted HTTP Request Decryption. This means an HTTP client can send an encrypted HTTP request, using the Server's public key, and it will be decrypted and correctly served by the server.

This is a HUGE feature bump, of roughly 1200 lines of C code.

It's much more of what I expected to implement for the OWASP SPOC duration, so I'll be applying for the 2nd half of my funding now.

Also, I've implemented most of the Secure Session Initiation Protocol, but problems with some Apache DB APIs are slowing this much more than I expected. I hope to work out all the issues, or I'll have to release a simplified version. I just hope the Decryption support is enough to apply for the 2nd half of funding.

* 9th July, 2007

As of 9th July, 2007, Enigform has been enhanced with remote site OpenPGP discovery, Public Key Import. Kyle Huff has joined the development team, and the Session Protocol has been proposed. Regarding Encryption, mod_openpgp supports encrypted http requests, but Enigform support for this is in research stage.Microsoft support will be last stage, once Enigform 1.0 and mod_openpgp 1.0 are released.

== Project Links ==
* [http://enigform.mozdev.org Enigform Development Site]
* [https://addons.mozilla.org/en-US/firefox/addon/4531 Addons.Mozilla.Org - Stable Releases Installation Page]
* [http://freshmeat.net/projects/enigform Enigform Freshmeat Page]
* [http://foros.buanzo.com.ar/viewforum.php?f=35 Official Enigform Forum]

[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Back to Project page]]

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page

2007-11-07T14:20:08Z

Buanzo: /* Current Status */

=== Current Status ===

As of 7th November, 2007, mod_openpgp, the Server-side Enigform component for Apache, supports OpenPGP-Encrypted HTTP Request Decryption. This means an HTTP client can send an encrypted HTTP request, using the Server's public key, and it will be decrypted and correctly served by the server.

This is a HUGE feature bump, of roughly 1200 lines of C code.

It's much more of what I expected to implement for the OWASP SPOC duration, so I'll be applying for the 2nd half of my funding now.

Also, I've implemented most of the Secure Session Initiation Protocol, but problems with some Apache DB APIs are slowing this much more than I expected. I hope to work out all the issues, or I'll have to release a simplified version. I just hope the Decryption support is enough to apply for the 2nd half of funding.

== Older Status Reports ==
As of 9th July, 2007, Enigform has been enhanced with remote site OpenPGP discovery, Public Key Import. Kyle Huff has joined the development team, and the Session Protocol has been proposed. Regarding Encryption, mod_openpgp supports encrypted http requests, but Enigform support for this is in research stage.Microsoft support will be last stage, once Enigform 1.0 and mod_openpgp 1.0 are released.

== Project Links ==
* [http://enigform.mozdev.org Enigform Development Site]
* [https://addons.mozilla.org/en-US/firefox/addon/4531 Addons.Mozilla.Org - Stable Releases Installation Page]
* [http://freshmeat.net/projects/enigform Enigform Freshmeat Page]
* [http://foros.buanzo.com.ar/viewforum.php?f=35 Official Enigform Forum]

[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Back to Project page]]

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page

2007-11-07T14:06:10Z

Buanzo: /* Current Status */

=== Current Status ===

As of 7th November, 2007, mod_openpgp, the Server-side Enigform component for Apache, supports OpenPGP-Encrypted HTTP Request Decryption. This means an HTTP client can send an encrypted HTTP request, using the Server's public key, and it will be decrypted and correctly served by the server.

This is a HUGE feature bump, of roughly 1200 lines of C code.

It's much more of what I expected to implement for the OWASP SPOC duration, so I'll be applying for the 2nd half of my funding now.

== Older Status Reports ==
As of 9th July, 2007, Enigform has been enhanced with remote site OpenPGP discovery, Public Key Import. Kyle Huff has joined the development team, and the Session Protocol has been proposed. Regarding Encryption, mod_openpgp supports encrypted http requests, but Enigform support for this is in research stage.Microsoft support will be last stage, once Enigform 1.0 and mod_openpgp 1.0 are released.

== Project Links ==
* [http://enigform.mozdev.org Enigform Development Site]
* [https://addons.mozilla.org/en-US/firefox/addon/4531 Addons.Mozilla.Org - Stable Releases Installation Page]
* [http://freshmeat.net/projects/enigform Enigform Freshmeat Page]
* [http://foros.buanzo.com.ar/viewforum.php?f=35 Official Enigform Forum]

[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Back to Project page]]

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page

2007-07-24T17:49:36Z

Buanzo:

=== Current Status ===

As of 9th July, 2007, Enigform has been enhanced with remote site OpenPGP discovery, Public Key Import. Kyle Huff has joined the development team, and the Session Protocol has been proposed. Regarding Encryption, mod_openpgp supports encrypted http requests, but Enigform support for this is in research stage.Microsoft support will be last stage, once Enigform 1.0 and mod_openpgp 1.0 are released.

== Project Links ==
* [http://enigform.mozdev.org Enigform Development Site]
* [https://addons.mozilla.org/en-US/firefox/addon/4531 Addons.Mozilla.Org - Stable Releases Installation Page]
* [http://freshmeat.net/projects/enigform Enigform Freshmeat Page]
* [http://foros.buanzo.com.ar/viewforum.php?f=35 Official Enigform Forum]

[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Back to Project page]]

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page

2007-07-24T17:48:54Z

Buanzo: /* Project Links */

=== Current Status ===

As of 9th July, 2007, Enigform has been enhanced with remote site OpenPGP discovery, Public Key Import. Kyle Huff has joined the development team, and the Session Protocol has been proposed. Regarding Encryption, mod_openpgp supports encrypted http requests, but Enigform support for this is in research stage.Microsoft support will be last stage, once Enigform 1.0 and mod_openpgp 1.0 are released.

== Project Links ==
[http://enigform.mozdev.org Enigform Development Site]
[https://addons.mozilla.org/en-US/firefox/addon/4531 Addons.Mozilla.Org - Stable Releases Installation Page]
[http://freshmeat.net/projects/enigform Enigform Freshmeat Page]
[http://foros.buanzo.com.ar/viewforum.php?f=35 Official Enigform Forum]

[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Back to Project page]]

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page

2007-07-24T17:48:00Z

Buanzo:

=== Current Status ===

As of 9th July, 2007, Enigform has been enhanced with remote site OpenPGP discovery, Public Key Import. Kyle Huff has joined the development team, and the Session Protocol has been proposed. Regarding Encryption, mod_openpgp supports encrypted http requests, but Enigform support for this is in research stage.Microsoft support will be last stage, once Enigform 1.0 and mod_openpgp 1.0 are released.

= Project Links =
[http://enigform.mozdev.org Enigform Development Site]
[https://addons.mozilla.org/en-US/firefox/addon/4531 Addons.Mozilla.Org - Stable Releases Installation Page]
[http://freshmeat.net/projects/enigform Enigform Freshmeat Page]
[http://foros.buanzo.com.ar/viewforum.php?f=35 Official Enigform Forum]

[[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests|Back to Project page]]

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests

2007-07-10T12:55:41Z

Buanzo:

'''[http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Selection Back to SpoC 007 Selection page]'''

'''AoC Candidate''': Arturo Busleiman (a.k.a Buanzo)

'''Project coordinator''': Dinis Cruz

'''Project Progress''': 70% Complete, [[SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page|Progress Page]]

== Buanzo -Firefox Addon (Enigform) and Apache Module (mod_openpgp) to extend HTTP with OpenPGP capabilities ==

=== Arturo "Buanzo" Busleiman ===
I am a 25 year old Independent security consultant from Buenos Aires, Argentina, that has contributed to the world of information systems security since 1994, when BBSes and Linux still lived together.

A quick search for buanzo on google [http://www.google.com/search?hl=en&q=buanzo&btnG=Google+Search] will provide all necessary details about my professional and community background. For comprobable experience, you could also check my Rent a Coder profile.[http://www.rentacoder.com/RentACoder/SoftwareCoders/showBioInfo.asp?lngAuthorId=735204].

In my free time I like playing with my Punk-Pop band [http://www.jamendo.com/es/artist/futurabanda/], Futurabanda. [http://www.futurabanda.com.ar], and maintaining my Restaurants, Wines and Recipes site. [http://www.vivamoslavida.com.ar]. I have to admit that my first priorities are my beloved son [http://www.fotolog.com/buanzo] and my wonderful wife [http://www.fotolog.com/buanzo].

=== Accomplishments ===

I've contributed scripts, fixes and translations to the Nmap project. I've also acted as Expert Contributor for SANS TOP-20 2004, 2005 and 2006. I've developed
tools that can be found in Freshmeat, like mprl (a getty enhancement to allow remote logins from the login: prompt of the console). I've also written
the Unix chapter of the OISSG's Information Systems Security Assessment Framework, v0.1 [http://www.oissg.org/content/view/71/71/]. I'm currently writing
an Internet Draft to be proposed for RFC named "OpenPGP Extensions to HTTP".

=== Community ===

I "run" the 2600 meetings site for Argentina [http://www.2600.com/meetings/pages.html], I've been proposed, but I refused, for President of the Argentinian Free Software group called SOLAR [www.solar.org.ar]. I'm an active member of the FLOSS community since 1996, having written articles in magazines http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt, made TV, radio and newspaper appearances [http://codigoabierto.bitacoras.com/archivos/2005/04/01/buanzo-hacks] and led different security research groups of Spain, Mexico and Argentina. Currently I contribute time thorugh my sites, forums and blogs, answering questions in mailing lists and helping coordinate some local LUGs. I do also manager the Linux Counter for Argentina [http://counter.li.org/reports/place.php?place=AR].

=== My Project ===

Enigform [http://enigform.mozdev.org] is a Firefox extension that enhances HTTP with OpenPGP functionality. It digitally signs and/or encrypts outgoing HTTP requests so that a web server can authenticate the identity and data of the incoming request. It is a Web Security tool because it can, if correctly implemented as any OpenPGP based technology, render man in the middle attacks useless. I think OpenPGP already speaks for itself regarding eMail. Imagine the same benefits for http and web applications. I think Enigform can fit into the OWASP Validation Project [http://www.owasp.org/index.php/Category:OWASP_Validation_Project].

Enigform is the reference implementation of the Internet Draft I'm working on, in discussion with members of the IETF's OpenPGP Working Group.

Some simple PHP code is enough to make a web application Enigform-aware [http://enigformtest.buanzo.com.ar]. The Smutty PHP MVC Framework already supports Enigform [http://smutty.pu-gh.com/demo/enigform], but the best approach is to use the Apache module I'm writing, called mod_auth_openpgp (which will be renamed to mod_openpgp as it evolves).

=== Long Term ===

Have the Draft be proposed as a Standards Track RFC document, have Enigform support directly in MS IIS, and port Enigform to other browsers
and/or programming languages, and also provide OpenPGP De/Encryption support.

=== Why should I be selected ===

I have the experience, security awareness and means to make this project THE web security project of the decade. I am a respected member of the
international security community, and I firmly believe Enigform is my greatest idea so far.

'''[http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Selection Back to SpoC 007 Selection page]'''

SpoC 007 - Enigform: Firefox Addon for OpenPGP signing of HTTP requests - Progress Page

2007-07-10T12:55:37Z

Buanzo: