OWASP - User contributions [en]

Summit 2011 Working Sessions/Session092

2011-01-30T07:07:36Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Lucas C. Ferreira
| summit_session_attendee_email1 = lucas.ferreira@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Achim Hoffmann
| summit_session_attendee_email2 = achim@owasp.org
| summit_session_attendee_company2= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Steven van der Baan
| summit_session_attendee_email3 = steven.van.der.baan@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Cecil Su
| summit_session_attendee_email4 = cecil.su@owasp.org
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Sherif Koussa
| summit_session_attendee_email5 = sherif.koussa@owasp.org
| summit_session_attendee_company5= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Matthias Rohr
| summit_session_attendee_email6 = m.rohr@sec-consult.com
| summit_session_attendee_company6= SEC Consult
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Vishal Garg
| summit_session_attendee_email7 = vishalgrg@gmail.com
| summit_session_attendee_company7= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Chris Eng
| summit_session_attendee_email8 = ceng@veracode.com
| summit_session_attendee_company8= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
|-
| summit_track_logo = [[Image:T._mitigation.jpg]]
| summit_ws_logo = [[Image:WS._mitigation.jpg]]
| summit_session_name = Scaling Web Application Security Testing
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092
| mailing_list =

|-

| short_working_session_description= One of the challenge that large companies have is how to scale web application security testing when hundreds if not thousands of applications need to be retested regularly. The objective of this Working Sessions is for the security teams that are trying to do this today (including Tools and Host based solutions) to exchange ideas, expose current problems and share solutions

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A white paper describing strategies for scaling application security verification programs beyond a single application at a time. Should address achieving coverage of expected controls, depth of assurance, both automated and manual approaches, custom rules, rule management, rule deployment.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Arian Evans
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Dinis Cruz
| summit_session_leader_email2 = dinis.cruz@owasp.org
| summit_session_leader_username2 = Dinis.cruz

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session092
| session_home_page =  Summit_2011_Working_Sessions/Session092
}}

Summit 2011 Working Sessions/Session002

2011-01-30T07:04:17Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_username1 = John.wilander
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = Michael.Coates@owasp.org
| summit_session_attendee_username2 = MichaelCoates
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Colin Watson
| summit_session_attendee_email3 = colin.watson@owasp.org
| summit_session_attendee_username3 = Clerkendweller
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 = ceng@veracode.com
| summit_session_attendee_username6=
| summit_session_attendee_company6= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = HTML5 Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description=
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Handle autofocus in a unified and secure way'''.<noinclude> Make sure SOP applies for autofocus usage in frame/iframe'd websites. Re-discuss necessity for (future) attributes like this.</noinclude>

| summit_session_objective_name2 = '''Discuss necessity and capability for the HTML5 form controls'''.<noinclude> Do we need a non-SOP formaction attribute and why? </noinclude>

| summit_session_objective_name3 = <noinclude>'''Goal I''':</noinclude> Initiate and create documentation and references for developers that address security issues. <noinclude>Html5sec.org is a start but impossible to continue or extend large scale without vendor help</noinclude>

| summit_session_objective_name4 = <noinclude>'''Goal II''':</noinclude>Discuss and heavily restrict SVG capabilities - especially when deployed in CSS backgrounds and <img> tags. <noinclude>Mainly Opera and Mozilla are addressed here.</noinclude>

| summit_session_objective_name5 = '''Long Term Goal(s)''': Provide a working and easy to use as well as vendor supported HTML5 compliant filter software such as HTMLPurifier. <noinclude>Browser vendors should participate in creating security software and filters - not undermine them as we could experience in the last decade.</noinclude>
|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 

[[Image:Html5_mario_hackvertor.jpg‎‎]]

===Co-chair Mario Heiderich===
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the [http://html5sec.org/ HTML5 security cheat-sheet] and maintains the [http://php-ids.org/ PHPIDS filter rules]. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Browser Security Priority Report
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|summit_session_deliverable_name6 =
|summit_session_deliverable_url_6 =

|summit_session_deliverable_name7 =
|summit_session_deliverable_url_7 =

|summit_session_deliverable_name8 =
|summit_session_deliverable_url_8 =

|-

| summit_session_leader_name1 = Mario Heiderich
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org
| operational_leader_username1 = John.wilander

|-
| meeting_notes =
|-
| session_name_mask =  Session002
| session_home_page =  Summit_2011_Working_Sessions/Session002
}}
</includeonly>

Summit 2011 Working Sessions/Session001

2011-01-30T07:04:01Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Email John Wilander if you are unable to edit the Wiki and would like to sign up!
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Colin Watson
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 = ceng@veracode.com
| summit_session_attendee_company6= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = DOM Sandboxing
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description= '''Virtualization and Sandboxing for Secure Multi-Domain Web Apps'''
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Attenuated versions of existing apis to sandboxed code'''. <noinclude>How should browsers introduce new apis into the sandbox or allow the sandbox to provide attenuated versions of existing apis to sandboxed code? For example, lets say the sandbox wants to provide an attenuated "alert" function to sandboxed code which does something slightly different than the real "alert". What kind of apis could the browser provide to safely allow such extensions/apis? Do these need to be standardized such that different sandbox vendors can interoperate.</noinclude>

| summit_session_objective_name2 = '''Client side sandboxed apps maintaining state and authentication'''.<noinclude> For example if a user is created in a sandboxed app how is it determined what that user can do?</noinclude>

| summit_session_objective_name3 = '''Create a standard for modifying a sandboxed environment'''

| summit_session_objective_name4 = '''Deprecate and discourage standards''' which ambiently or undeniably pass credentials.

| summit_session_objective_name5 = '''Create a standard for authentication within a sandboxed environment''' (maybe interfacing with existing auth without passing creds like 0Auth works)

|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 
[[Image:JS_DOM_Box_Jasvir_Gaz.jpg]]

===Co-chair Dr Jasvir Nagra===
Jasvir Nagra is a researcher and software engineer at Google. He is the designer of [http://code.google.com/p/google-caja/ Caja] - a secure subset of HTML, CSS and JavaScript; co-author of [http://www.amazon.com/Surreptitious-Software-Obfuscation-Watermarking-Tamperproofing/dp/0321549252 Surreptitious Software] - a book on obfuscation, software watermarking and tamper-proofing, contributer to [http://shindig.apache.org/ Shindig] - the reference implementation of OpenSocial.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report

|summit_session_deliverable_name2 = Browser Security Priority List

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Dr. Jasvir Nagra
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org

|-
| meeting_notes =
|-
| session_name_mask =  Session001
| session_home_page =  Summit_2011_Working_Sessions/Session001
}}
</includeonly>

Summit 2011 Working Sessions/Session065

2011-01-30T06:57:51Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Tom Neaves
| summit_session_attendee_email2 = tom.neaves@verizonbusiness.com
| summit_session_attendee_company2= Verizon Business
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mateo Martinez
| summit_session_attendee_email3 = mateo.martinez@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Justin Clarke
| summit_session_attendee_email4 = justin.clarke@owasp.org
| summit_session_attendee_company4=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Sherif Koussa
| summit_session_attendee_email5 = sherif.koussa@owasp.org
| summit_session_attendee_company5= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Vishal Garg
| summit_session_attendee_email6 = vishalgrg@gmail.com
| summit_session_attendee_company6= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Dan Cornell
| summit_session_attendee_email7 = dan@denimgroup.com
| summit_session_attendee_company7=Denim Group
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Chris Eng
| summit_session_attendee_email8 = ceng@veracode.com
| summit_session_attendee_company8= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Mobile Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065
| mailing_list =

|-

| short_working_session_description=

|-

| related_project_name1 = Project wiki page
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Mobile_Security_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-
| summit_session_objective_name1 = '''Primary: Create core knowledge base on project wiki site'''
| summit_session_objective_name2 = Recruit volunteers to contribute to project
| summit_session_objective_name3 = Establish relationships with key players (i.e. Apple/Google/etc)

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Project wiki page

|summit_session_deliverable_name2 = A project home page, roadmap, and action plan. Look at the OWASP Ecosystem concept to see what all you should have in place.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Mike Zusman
| summit_session_leader_email1 = mike.zusman@intrepidusgroup.com

| summit_session_leader_name2 = David Campbell
| summit_session_leader_email2 = dcampbell@owasp.org

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-

| session_name_mask =  Session065
| session_home_page =  Summit_2011_Working_Sessions/Session065
}}

Summit 2011 Working Sessions/Session001

2011-01-30T06:55:38Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Email John Wilander if you are unable to edit the Wiki and would like to sign up!
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Colin Watson
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 =
| summit_session_attendee_company6= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = DOM Sandboxing
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session001
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description= '''Virtualization and Sandboxing for Secure Multi-Domain Web Apps'''
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Attenuated versions of existing apis to sandboxed code'''. <noinclude>How should browsers introduce new apis into the sandbox or allow the sandbox to provide attenuated versions of existing apis to sandboxed code? For example, lets say the sandbox wants to provide an attenuated "alert" function to sandboxed code which does something slightly different than the real "alert". What kind of apis could the browser provide to safely allow such extensions/apis? Do these need to be standardized such that different sandbox vendors can interoperate.</noinclude>

| summit_session_objective_name2 = '''Client side sandboxed apps maintaining state and authentication'''.<noinclude> For example if a user is created in a sandboxed app how is it determined what that user can do?</noinclude>

| summit_session_objective_name3 = '''Create a standard for modifying a sandboxed environment'''

| summit_session_objective_name4 = '''Deprecate and discourage standards''' which ambiently or undeniably pass credentials.

| summit_session_objective_name5 = '''Create a standard for authentication within a sandboxed environment''' (maybe interfacing with existing auth without passing creds like 0Auth works)

|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 
[[Image:JS_DOM_Box_Jasvir_Gaz.jpg]]

===Co-chair Dr Jasvir Nagra===
Jasvir Nagra is a researcher and software engineer at Google. He is the designer of [http://code.google.com/p/google-caja/ Caja] - a secure subset of HTML, CSS and JavaScript; co-author of [http://www.amazon.com/Surreptitious-Software-Obfuscation-Watermarking-Tamperproofing/dp/0321549252 Surreptitious Software] - a book on obfuscation, software watermarking and tamper-proofing, contributer to [http://shindig.apache.org/ Shindig] - the reference implementation of OpenSocial.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report

|summit_session_deliverable_name2 = Browser Security Priority List

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Dr. Jasvir Nagra
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org

|-
| meeting_notes =
|-
| session_name_mask =  Session001
| session_home_page =  Summit_2011_Working_Sessions/Session001
}}
</includeonly>

Summit 2011 Working Sessions/Session002

2011-01-30T06:54:58Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_username1 = John.wilander
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = Michael.Coates@owasp.org
| summit_session_attendee_username2 = MichaelCoates
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Colin Watson
| summit_session_attendee_email3 = colin.watson@owasp.org
| summit_session_attendee_username3 = Clerkendweller
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = HTML5 Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description=
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Handle autofocus in a unified and secure way'''.<noinclude> Make sure SOP applies for autofocus usage in frame/iframe'd websites. Re-discuss necessity for (future) attributes like this.</noinclude>

| summit_session_objective_name2 = '''Discuss necessity and capability for the HTML5 form controls'''.<noinclude> Do we need a non-SOP formaction attribute and why? </noinclude>

| summit_session_objective_name3 = <noinclude>'''Goal I''':</noinclude> Initiate and create documentation and references for developers that address security issues. <noinclude>Html5sec.org is a start but impossible to continue or extend large scale without vendor help</noinclude>

| summit_session_objective_name4 = <noinclude>'''Goal II''':</noinclude>Discuss and heavily restrict SVG capabilities - especially when deployed in CSS backgrounds and <img> tags. <noinclude>Mainly Opera and Mozilla are addressed here.</noinclude>

| summit_session_objective_name5 = '''Long Term Goal(s)''': Provide a working and easy to use as well as vendor supported HTML5 compliant filter software such as HTMLPurifier. <noinclude>Browser vendors should participate in creating security software and filters - not undermine them as we could experience in the last decade.</noinclude>
|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 

[[Image:Html5_mario_hackvertor.jpg‎‎]]

===Co-chair Mario Heiderich===
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the [http://html5sec.org/ HTML5 security cheat-sheet] and maintains the [http://php-ids.org/ PHPIDS filter rules]. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Browser Security Priority Report
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|summit_session_deliverable_name6 =
|summit_session_deliverable_url_6 =

|summit_session_deliverable_name7 =
|summit_session_deliverable_url_7 =

|summit_session_deliverable_name8 =
|summit_session_deliverable_url_8 =

|-

| summit_session_leader_name1 = Mario Heiderich
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org
| operational_leader_username1 = John.wilander

|-
| meeting_notes =
|-
| session_name_mask =  Session002
| session_home_page =  Summit_2011_Working_Sessions/Session002
}}
</includeonly>

Summit 2011 Working Sessions/Session002

2011-01-30T06:54:41Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_username1 = John.wilander
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = Michael.Coates@owasp.org
| summit_session_attendee_username2 = MichaelCoates
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Colin Watson
| summit_session_attendee_email3 = colin.watson@owasp.org
| summit_session_attendee_username3 = Clerkendweller
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 =
| summit_session_attendee_username6= Veracode
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = HTML5 Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description=
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Handle autofocus in a unified and secure way'''.<noinclude> Make sure SOP applies for autofocus usage in frame/iframe'd websites. Re-discuss necessity for (future) attributes like this.</noinclude>

| summit_session_objective_name2 = '''Discuss necessity and capability for the HTML5 form controls'''.<noinclude> Do we need a non-SOP formaction attribute and why? </noinclude>

| summit_session_objective_name3 = <noinclude>'''Goal I''':</noinclude> Initiate and create documentation and references for developers that address security issues. <noinclude>Html5sec.org is a start but impossible to continue or extend large scale without vendor help</noinclude>

| summit_session_objective_name4 = <noinclude>'''Goal II''':</noinclude>Discuss and heavily restrict SVG capabilities - especially when deployed in CSS backgrounds and <img> tags. <noinclude>Mainly Opera and Mozilla are addressed here.</noinclude>

| summit_session_objective_name5 = '''Long Term Goal(s)''': Provide a working and easy to use as well as vendor supported HTML5 compliant filter software such as HTMLPurifier. <noinclude>Browser vendors should participate in creating security software and filters - not undermine them as we could experience in the last decade.</noinclude>
|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 

[[Image:Html5_mario_hackvertor.jpg‎‎]]

===Co-chair Mario Heiderich===
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the [http://html5sec.org/ HTML5 security cheat-sheet] and maintains the [http://php-ids.org/ PHPIDS filter rules]. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Browser Security Priority Report
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|summit_session_deliverable_name6 =
|summit_session_deliverable_url_6 =

|summit_session_deliverable_name7 =
|summit_session_deliverable_url_7 =

|summit_session_deliverable_name8 =
|summit_session_deliverable_url_8 =

|-

| summit_session_leader_name1 = Mario Heiderich
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org
| operational_leader_username1 = John.wilander

|-
| meeting_notes =
|-
| session_name_mask =  Session002
| session_home_page =  Summit_2011_Working_Sessions/Session002
}}
</includeonly>

Summit 2011 Working Sessions/Session010

2011-01-22T20:42:36Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Chris Eng
| summit_session_attendee_email1 = ceng@veracode.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._cross_site.jpg]]
| summit_ws_logo = [[Image:WS._cross_site.jpg]]
| summit_session_name = XSS - Awareness, Resources, and Partnerships
| summit_session_url = http://www.owasp.org/index.php/Working_Sessions_XSS_AwarnessResourcesPartnerships
|-

| short_working_session_description= Let's make 2011 the OWASP year of XSS... eradication. As part of that effort, we need to get the word out as we never have before. To achieve this we are going to have to spread the word and knowledge through more than just OWASP - who can we partner with (commercial and non-commercial)? What freely available resources can we reference? How can we reach developers and get them what they need in order to be more effective with regards to XSS? 

|-

| related_project_name1 = XSS and the Frameworks
| related_project_url_1 = http://www.owasp.org/index.php/Working_Sessions_XSS_Frameworks
| mailing_list =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Work on what partners we can reach, and what resources they can provide us access to

| summit_session_objective_name2 = Work on who we can work with to reach a maximum amount of developers writing web applications

| summit_session_objective_name3 = Plan engagement with identified organizations

| summit_session_objective_name4 = Plan a call to action for OWASP chapters for identified XSS resources

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = *'''Related resources:''' [[OWASP Working Session - Browser Security Letters]] *'''Partners to invite:''' HP, Veracode, IBM (others?)

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Justin Clarke
| summit_session_leader_email1 = justin.clarke@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session010
| session_home_page =  Summit_2011_Working_Sessions/Session010
}}

Summit 2011 Working Sessions/Session009

2011-01-22T20:42:10Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Chris Eng
| summit_session_attendee_email1 = ceng@veracode.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._cross_site.jpg]]
| summit_ws_logo = [[Image:WS._cross_site.jpg]]
| summit_session_name = XSS and the Frameworks
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session009
| mailing_list =

|-

| short_working_session_description= Can we work with the common web frameworks to prevent XSS at the framework level? If the framework a developer uses handles the most common cases of XSS occurring, the overall prevalence of XSS will be reduced significantly.

|-

| related_project_name1 = ESAPI
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Work on how OWASP can engage with the major web frameworks to move towards a "secure by default" stance

| summit_session_objective_name2 = Work on OWASP resources to provide patches/design approaches in conjunction with the frameworks

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = *'''Related resources:''' [[OWASP Working Session - Browser Security Letters]] *'''Frameworks to invite:''' .NET, Struts, Spring, Ruby on Rails
|-

|summit_session_deliverable_name1 = OWASP statement/Press release to publicly ask the frameworks to build security in
|summit_session_deliverable_url_1 = http://www.owasp.org/index.php/Summit_2011_Letter_Frameworks_XSS

|summit_session_deliverable_name2 = Engagement plan on how we'd work with (if at all) a framework to get ESAPI or similar functionality integrated
|summit_session_deliverable_url_2 = http://www.owasp.org/index.php/Summit_2011_XSS_Frameworks_Engagement_Plan

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Justin Clarke
| summit_session_leader_email1 = justin.clarke@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session009
| session_home_page =  Summit_2011_Working_Sessions/Session009
}}

Summit 2011 Working Sessions/Session058

2011-01-22T20:37:29Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Jason Taylor
| summit_session_attendee_email1 = jtaylor@securityinnovation.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_company2=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058
| mailing_list =
|-
| short_working_session_description = One of the biggest challenges of running an application security program is assembling the vulnerability findings from disparate tools, services, and consultants in a meaningful fashion. There are numerous standards for classifying vulnerabilities but little agreement on severity, exploitability, and/or business impact. One consultant may subjectively rate a vulnerability as critical while another will call it moderate. Some tools will attempt to gauge exploitability levels (which can be a black art in and of itself), others won't. Tools use everything from CWE to the OWASP Top Ten to the WASC TC to CAPEC. Security consultants often disregard vulnerability classification taxonomies in favor of their own "proprietary" systems. Sophisticated organizations may create their own internal system for normalizing output, but others can't afford to undertake such an effort. Until tool vendors and service providers can standardize on one methodology -- or maybe a couple -- for counting and scoring application defects, they are doing their customers a disservice.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss existing methods for counting and scoring defects, by vendors and practitioners willing to share their methodologies.

| summit_session_objective_name2 = Discuss advantages and disadvantages of a standardized approach.

| summit_session_objective_name3 = Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Cooperation between tool vendors and service providers.
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Determine potential OWASP involvement.
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com

| summit_session_leader_name2 = Chris Wysopal
| summit_session_leader_email2 = cwysopal@Veracode.com

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

Summit 2011 Working Sessions/Session058

2011-01-22T20:37:15Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Jason Taylor
| summit_session_attendee_email1 = jtaylor@securityinnovation.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_company2=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058
| mailing_list =
|-
| short_working_session_description = One of the biggest challenges of running an application security program is assembling the vulnerability findings from disparate tools, services, and consultants in a meaningful fashion. There are numerous standards for classifying vulnerabilities but little agreement on severity, exploitability, and/or business impact. One consultant may subjectively rate a vulnerability as critical while another will call it moderate. Some tools will attempt to gauge exploitability levels (which can be a black art in and of itself), others won't. Tools use everything from CWE to the OWASP Top Ten to the WASC TC to CAPEC. Security consultants often disregard vulnerability classification taxonomies in favor of their own "proprietary" systems. Sophisticated organizations may create their own internal system for normalizing output, but others can't afford to undertake such an effort. Until tool vendors and service providers can standardize on one methodology -- or maybe a couple -- for counting and scoring application defects, they are doing their customers a disservice.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss existing methods for counting and scoring defects, by vendors and practitioners who volunteer to share their methodologies.

| summit_session_objective_name2 = Discuss advantages and disadvantages of a standardized approach.

| summit_session_objective_name3 = Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Cooperation between tool vendors and service providers.
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Determine potential OWASP involvement.
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com

| summit_session_leader_name2 = Chris Wysopal
| summit_session_leader_email2 = cwysopal@Veracode.com

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

Summit 2011 Working Sessions/Session058

2011-01-22T20:36:41Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Jason Taylor
| summit_session_attendee_email1 = jtaylor@securityinnovation.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_company2=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058
| mailing_list =
|-
| short_working_session_description = One of the biggest challenges of running an application security program is assembling the vulnerability findings from disparate tools, services, and consultants in a meaningful fashion. There are numerous standards for classifying vulnerabilities but little agreement on severity, exploitability, and/or business impact. One consultant may subjectively rate a vulnerability as critical while another will call it moderate. Some tools will attempt to gauge exploitability levels (which can be a black art in and of itself), others won't. Tools use everything from CWE to the OWASP Top Ten to the WASC TC to CAPEC. Security consultants often disregard vulnerability classification taxonomies in favor of their own "proprietary" systems. Sophisticated organizations may create their own internal system for normalizing output, but others can't afford to undertake such an effort. Until tool vendors and service providers can standardize on one methodology -- or maybe a couple -- for counting and scoring application defects, they are doing their customers a disservice.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss existing methods for counting and scoring defects, by vendors who volunteer to share their methodologies.

| summit_session_objective_name2 = Discuss advantages and disadvantages of a standardized approach.

| summit_session_objective_name3 = Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Cooperation between tool vendors and service providers.
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Determine potential OWASP involvement.
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com

| summit_session_leader_name2 = Chris Wysopal
| summit_session_leader_email2 = cwysopal@Veracode.com

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

Summit 2011 Working Sessions/Session057

2011-01-22T20:36:14Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= Consider user concerns too - not just from the business viewpoint / Depends who the "consumers" are too

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Metrics and Labelling
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057
| mailing_list =

| short_working_session_description= Consumers and organizations enlist the services of web-based services with no ability to make an informed decision on its security. This can include enterprise class websites such as payment processing, HR portals, benefits administration, and other corporate services, as well as consumer centric websites such as tax preparation, personal finance, social media, or medical records. While the companies providing these services are unlikely to share detailed information about known vulnerabilities in their systems, it would be beneficial to have a standardized mechanism for describing the security controls and processes in place. In other words, what are they doing right that should give consumers some level of confidence that the provider exercises application security best practices?

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss positive security properties that should be tracked

| summit_session_objective_name2 = Discuss options for consumer-friendly labeling

| summit_session_objective_name3 = Discuss ways to encourage participation in risk labeling

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Cooperation between tool vendors and service providers.
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Determine potential OWASP involvement.
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session057
| session_home_page =  Summit_2011_Working_Sessions/Session057
}}

Summit 2011 Working Sessions/Session058

2011-01-22T20:34:30Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Jason Taylor
| summit_session_attendee_email1 = jtaylor@securityinnovation.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_company2=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058
| mailing_list =
|-
| short_working_session_description = One of the biggest challenges of running an application security program is assembling the vulnerability findings from disparate tools, services, and consultants in a meaningful fashion. There are numerous standards for classifying vulnerabilities but little agreement on severity, exploitability, and/or business impact. One consultant may subjectively rate a vulnerability as critical while another will call it moderate. Some tools will attempt to gauge exploitability levels (which can be a black art in and of itself), others won't. Tools use everything from CWE to the OWASP Top Ten to the WASC TC to CAPEC. Security consultants often disregard vulnerability classification taxonomies in favor of their own "proprietary" systems. Sophisticated organizations may create their own internal system for normalizing output, but others can't afford to undertake such an effort. Until tool vendors and service providers can standardize on one methodology -- or maybe a couple -- for counting and scoring application defects, they are doing their customers a disservice.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss existing methods for counting and scoring defects, by vendors who volunteer to share their methodologies.

| summit_session_objective_name2 = Discuss advantages and disadvantages of a standardized approach.

| summit_session_objective_name3 = Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com

| summit_session_leader_name2 = Chris Wysopal
| summit_session_leader_email2 = cwysopal@Veracode.com

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

Summit 2011 Working Sessions/Session055

2011-01-20T23:27:40Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= There is a financial impact on users, mis-users, partners, and society too

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_company2= Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Risk Metrics
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055
| mailing_list =

|-

| short_working_session_description= We all know that you can’t control what you can’t measure and that you need to measure the right things or you won’t be steering towards the right outcome. For this session we will define the right outcome as “low risk to an organization from vulnerabilities in applications.” What are the right things to measure? How can we measure them? How can we use these application security metrics to drive towards low application risk. It would also be great if this could be translated into monetary risk to determine if an organizations investment in applications is not too much or too little. Some of the concepts discussed will be to take a portfolio view of application risk, assigning business risk to applications, counting defects, and measuring SDLC process performance. This is a big unsolved problem so come prepared with ideas and be willing to take part in a discussion.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Wysopal
| summit_session_leader_email1 = cwysopal@Veracode.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session055
| session_home_page =  Summit_2011_Working_Sessions/Session055
}}

Summit 2011 Working Sessions/Session057

2011-01-20T23:26:35Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= Consider user concerns too - not just from the business viewpoint / Depends who the "consumers" are too

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Metrics and Labelling
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057
| mailing_list =

| short_working_session_description= Consumers and organizations enlist the services of web-based services with no ability to make an informed decision on its security. This can include enterprise class websites such as payment processing, HR portals, benefits administration, and other corporate services, as well as consumer centric websites such as tax preparation, personal finance, social media, or medical records. While the companies providing these services are unlikely to share detailed information about known vulnerabilities in their systems, it would be beneficial to have a standardized mechanism for describing the security controls and processes in place. In other words, what are they doing right that should give consumers some level of confidence that the provider exercises application security best practices?

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss positive security properties that should be tracked

| summit_session_objective_name2 = Discuss options for consumer-friendly labeling

| summit_session_objective_name3 = Discuss ways to encourage participation in risk labeling

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session057
| session_home_page =  Summit_2011_Working_Sessions/Session057
}}

Summit 2011 Working Sessions/Session059

2010-12-20T17:31:39Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_name = Measuring SDLC process performance
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059

| short_working_session_description=

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Wysopal
| summit_session_leader_email1 = cwysopal@Veracode.com
| summit_session_leader_wiki_username1 =

| summit_session_leader_name2 = Chris Eng
| summit_session_leader_email2 = ceng@Veracode.com
| summit_session_leader_wiki_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_wiki_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_wiki_username1 =

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_wiki_username1 =

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_wiki_username2 =

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_wiki_username3 =

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_wiki_username4 =

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_wiki_username5 =

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_wiki_username6 =

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_wiki_username7 =

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_wiki_username8 =

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_wiki_username9 =

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_wiki_username10 =

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_wiki_username11 =

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_wiki_username12 =

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_wiki_username13 =

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_wiki_username14 =

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_wiki_username15 =

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_wiki_username16 =

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_wiki_username17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_wiki_username18 =

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_wiki_username19 =

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_wiki_username20 =

|-

| meeting_notes =

|-
| session_name_mask =  Session059
| session_home_page =  Summit_2011_Working_Sessions/Session059
}}

Summit 2011 Working Sessions/Session058

2010-12-20T17:31:31Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058

| short_working_session_description= We all know that you can’t control what you can’t measure and that you need to measure the right things or you won’t be steering towards the right outcome. For this session we will define the right outcome as “low risk to an organization from vulnerabilities in applications.” What are the right things to measure? How can we measure them? How can we use these application security metrics to drive towards low application risk. It would also be great if this could be translated into monetary risk to determine if an organizations investment in applications is not too much or too little. Some of the concepts discussed will be to take a portfolio view of application risk, assigning business risk to applications, counting defects, and measuring SDLC process performance. This is a big unsolved problem so come prepared with ideas and be willing to take part in a discussion. Includes discussion of CWSS 0.1.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Wysopal
| summit_session_leader_email1 = cwysopal@Veracode.com
| summit_session_leader_wiki_username1 =

| summit_session_leader_name2 = Chris Eng
| summit_session_leader_email2 = ceng@Veracode.com
| summit_session_leader_wiki_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_wiki_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_wiki_username1 =

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_wiki_username1 =

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_wiki_username2 =

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_wiki_username3 =

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_wiki_username4 =

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_wiki_username5 =

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_wiki_username6 =

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_wiki_username7 =

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_wiki_username8 =

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_wiki_username9 =

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_wiki_username10 =

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_wiki_username11 =

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_wiki_username12 =

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_wiki_username13 =

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_wiki_username14 =

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_wiki_username15 =

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_wiki_username16 =

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_wiki_username17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_wiki_username18 =

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_wiki_username19 =

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_wiki_username20 =

|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

User:Chris Eng

2010-12-20T17:31:15Z

Chris Eng:

Hi, I am the Sr. Director of Research at Veracode. I'll put more stuff here eventually.

Summit 2011 Working Sessions/Session057

2010-12-20T17:30:31Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_name = Metrics for positive security properties
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057

| short_working_session_description=We all know that you can’t control what you can’t measure and that you need to measure the right things or you won’t be steering towards the right outcome. For this session we will define the right outcome as “low risk to an organization from vulnerabilities in applications.” What are the right things to measure? How can we measure them? How can we use these application security metrics to drive towards low application risk. It would also be great if this could be translated into monetary risk to determine if an organizations investment in applications is not too much or too little. Some of the concepts discussed will be to take a portfolio view of application risk, assigning business risk to applications, counting defects, and measuring SDLC process performance. This is a big unsolved problem so come prepared with ideas and be willing to take part in a discussion.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Wysopal
| summit_session_leader_email1 = cwysopal@Veracode.com
| summit_session_leader_wiki_username1 =

| summit_session_leader_name2 = Chris Eng
| summit_session_leader_email2 = ceng@Veracode.com
| summit_session_leader_wiki_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_wiki_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_wiki_username1 =

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_wiki_username1 =

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_wiki_username2 =

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_wiki_username3 =

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_wiki_username4 =

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_wiki_username5 =

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_wiki_username6 =

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_wiki_username7 =

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_wiki_username8 =

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_wiki_username9 =

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_wiki_username10 =

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_wiki_username11 =

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_wiki_username12 =

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_wiki_username13 =

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_wiki_username14 =

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_wiki_username15 =

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_wiki_username16 =

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_wiki_username17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_wiki_username18 =

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_wiki_username19 =

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_wiki_username20 =

|-

| meeting_notes =

|-
| session_name_mask =  Session057
| session_home_page =  Summit_2011_Working_Sessions/Session057
}}

Summit 2011 Working Sessions/Session055

2010-12-20T17:30:02Z

Chris Eng:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-
| summit_session_name = Assigning Business Risk to Applications
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055

|-

| short_working_session_description= We all know that you can’t control what you can’t measure and that you need to measure the right things or you won’t be steering towards the right outcome. For this session we will define the right outcome as “low risk to an organization from vulnerabilities in applications.” What are the right things to measure? How can we measure them? How can we use these application security metrics to drive towards low application risk. It would also be great if this could be translated into monetary risk to determine if an organizations investment in applications is not too much or too little. Some of the concepts discussed will be to take a portfolio view of application risk, assigning business risk to applications, counting defects, and measuring SDLC process performance. This is a big unsolved problem so come prepared with ideas and be willing to take part in a discussion.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Chris Wysopal
| summit_session_leader_email1 = cwysopal@Veracode.com
| summit_session_leader_wiki_username1 =

| summit_session_leader_name2 = Chris Eng
| summit_session_leader_email2 = ceng@Veracode.com
| summit_session_leader_wiki_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_wiki_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_wiki_username1 =

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_wiki_username1 =

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_wiki_username2 =

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_wiki_username3 =

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_wiki_username4 =

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_wiki_username5 =

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_wiki_username6 =

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_wiki_username7 =

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_wiki_username8 =

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_wiki_username9 =

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_wiki_username10 =

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_wiki_username11 =

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_wiki_username12 =

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_wiki_username13 =

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_wiki_username14 =

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_wiki_username15 =

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_wiki_username16 =

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_wiki_username17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_wiki_username18 =

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_wiki_username19 =

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_wiki_username20 =

|-

| meeting_notes =

|-
| session_name_mask =  Session055
| session_home_page =  Summit_2011_Working_Sessions/Session055
}}

OWASP AppSec DC 2010 Schedule

2010-11-13T18:09:51Z

Chris Eng:

__NOTOC__
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]

[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 
 
[[OWASP AppSec DC 2010|Main Conference Page]] | [[:Category:AppSec DC 2010 Presentations|Presentations Page]] | [[:Category:AppSec DC 2010 Training|Training Page]]

====Training 11/08====
{| cellspacing="0" border="2"
|- valign="middle"
| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | '''Training Day 1 - Nov 8th 2010'''
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" |  
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''149A'''
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''149B'''
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''154A'''
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''155'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''154B'''
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1: [[Assessing and Exploiting Web Applications with Samurai-WTF]] Justin Searle, InGuardians
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1: [[Leading an AppSec Initiative ]] Jeff Williams, Aspect Security
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1: [[Remote Testing for Common Web Application Security Threats]] David Rhoades, Maven Security
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Art of Exploiting SQL Injections]] Sumit Siddharth, 7Safe Limited
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[WebAppSec.php: Developing Secure Web Applications]] Robert Zakon
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="7" | Lunch
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1: [[Assessing and Exploiting Web Applications with Samurai-WTF]] Justin Searle, InGuardians
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1: [[Leading an AppSec Initiative ]] Jeff Williams, Aspect Security
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1: [[Remote Testing for Common Web Application Security Threats]] David Rhoades, Maven Security
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Art of Exploiting SQL Injections]] Sumit Siddharth, 7Safe Limited
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[WebAppSec.php: Developing Secure Web Applications]] Robert Zakon

|}
====Training 11/09====
{| cellspacing="0" border="2"
|- valign="middle"
| height="60" align="center" colspan="8" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | '''Training Day 2 - Nov 9th 2010'''
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" |  
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''149A'''
| width="150" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''149B'''
| width="150" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''154A'''
| width="150" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''155'''
| width="150" valign="middle" height="40" bgcolor="#BCA57A" align="center" | '''154B'''
| width="150" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''159B'''
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-12:00
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1: [[Assessing and Exploiting Web Applications with Samurai-WTF]] Justin Searle, InGuardians
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1: [[Leading an AppSec Initiative ]] Jeff Williams, Aspect Security
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1: [[Remote Testing for Common Web Application Security Threats]] David Rhoades, Maven Security
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Java Security Overview ]] Zoltán Hornák, SEARCH-LAB
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]] Dan Cornell, Denim Group
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]] Rohit Sethi & Oliver Ng, Security Compass
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:00-13:00
| valign="middle" height="40" bgcolor="#909090" align="center" colspan="7" | Lunch
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 13:00-17:00
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | Day 1: [[Assessing and Exploiting Web Applications with Samurai-WTF]] Justin Searle, InGuardians
| width="150" valign="middle" height="120" bgcolor="#ffdf80" align="center" | Day 1: [[Leading an AppSec Initiative ]] Jeff Williams, Aspect Security
| width="150" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | Day 1: [[Remote Testing for Common Web Application Security Threats]] David Rhoades, Maven Security
| width="150" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Java Security Overview ]] Zoltán Hornák, SEARCH-LAB
| width="150" valign="middle" height="120" bgcolor="#BCA57A" align="center" | [[Software Security Remediation: How to Fix Application Vulnerabilities ]] Dan Cornell, Denim Group
| width="150" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Threat Modeling Express]] Rohit Sethi & Oliver Ng, Security Compass

|}
====Plenary Day 1 - 11/10====
{| cellspacing="0" border="2"
|- valign="middle"
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | '''Plenary Day 1 - Nov 10th 2010'''
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" |  
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (147B)'''
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''Defense (147A)'''
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''Metrics (145B)'''
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Government (145A)'''
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:50
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 08:50-09:00
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Welcome and Opening Remarks
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Neal Ziring|Keynote: Neal Ziring]] National Security Agency Video | [[Media: OWASP-appsec2010-app_assurance-nziring-20101110.ppt | Slides]]
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:30
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | OWASP Status Update [[OWASP:About#Global_Board_Members| OWASP Board]] Video | [http://www.owasp.org/images/0/0f/OWASPDC2010-v1.pdf Slides]
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 10:30-10:45
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Redspin30x120.png|link=http://www.redspin.com]]
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 10:45-11:30
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Python Basics for Web App Pentesters]] Justin Searle Video | [[Media: Python_Basics_for_Web_App_Pentesters.zip|Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Drive By Downloads: How To Avoid Getting A Cap Popped In Your App]] Neil Daswani Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Secure Code Review: Enterprise Metrics]] Richard Tychansky Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Cyber-Assurance Ecosystem - Automation Activities for Securing the Enterprise]] Joe Jarzombek & Tom Millar Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:30-11:35
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 11:35-12:20
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[White and Black box testing of Lotus Domino Applications]] Ari Elias-bachrach and Casey Pike Video | [[Media: Domino_testing_presentation.ppt‎ | Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Protecting Federal Government from Web 2.0 Application Security Risks]] Sarbari Gupta Video | [[Media: Protecting_Federal_Government_from_Web_2.0_Application_Security_Risks_-_Sarbari_Gupta_FINAL.ppt | Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Measuring Security: 5 KPIs for Successful Web App Security Programs]] Rafal Los Video | [[Media: OWASP_AppSecDC_2010_Into_the_Rabbithole.pptx | Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Security Risk and the Software Supply Chain]] Karen Goertzel Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:20-1:20
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:20-2:05
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Pen Testing with Iron]] Andrew Wilson Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Providing application-level assurance through DNSSEC]] Suresh Krishnaswamy, Wes Hardaker and Russ Mundy Video | [[Media: Providing-Application-level-Assurance-through-DNSSEC-final.ppt | Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[H.....t.....t....p.......p....o....s....t]] Onn Chee & Tom Brennan Video | [http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf Slides]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Understanding How They Attack Your Weaknesses: CAPEC]] Sean Barnum Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:05-2:10
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="2" | Break
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="1" | Break
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:10-2:55
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking Oracle From Web Apps]] Sumit Siddharth Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[GuardRails: A Nearly Painless Solution to Insecure Web Applications|GuardRails: A (Nearly) Painless Solution to Insecure Web Applications]] Jonathan Burket, Patrick Mutchler, Michael Weaver and Muzzammil Zaveri Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Framed! Security-patching Common Web Development Frameworks]] - Panel Video | Slides
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 2:55-3:10
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:SecureIdeas_30X65.png|link=http://www.secureideas.net]]
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 3:10-3:55
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[wXf: Web Exploitation Framework]] Ken Johnson and Chris Gates Video | [[Media: WXf_ASDC_Presentation.odp.zip | Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[The Strengths of Combining Code Review with Application Penetration Testing]] Dave Wichers Video | [[Media: 2010-DC_The_Power_of_Code_Review.pptx|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Dealing with Web Application Security, Regulation Style]] Andrew Weidenhamer Video | [[Media: Andrew_Weidenhamer_AppSecDC_Presentation.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Ensuring Software Assurance Process Maturity]] Edmund Wotring Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 3:55-4:00
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:00-4:45
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" rowspan="5" | [[Pen-Test Panel]] Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Botnet Resistant Coding: Protecting Your Users from Script Kiddies]] Fabian Rothschild and Peter Greko Video | Slides
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" rowspan="1" | [[OWASP Broken Web Applications Project Update]] Chuck Willis Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[People, Process, and Technology: OWASP Impact on the SwA Processes and Practices Working Group]] Michele Moss Video | [[Media: OWASP_DC_2010_Moss_fin.pptx|Slides]]
|- valign="bottom"
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation]] Joshua Windsor and Joshua Pauli Video | [[Media: Smashing_WebGoat_-_AppSecDC_Presentation.odp.zip|Slides]]
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:45-4:50
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="2"| 4:50-5:35
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" rowspan="2" | [[Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners]] David Shelly, Randy Marchany & Joseph Tront Video | Slides
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[Using Misuse Cases to Articulate Vulnerabilities to Stakeholders]] Scott Mendenhall Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="2" | [[Federal Perspectives on Application Security]] - Panel Video | Slides
|- valign="bottom"
| width="200" valign="middle" height="90" bgcolor="#a0c0e0" align="center" | [[The Web Hacking Incident Database (WHID) Report]] Ryan Barnett Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:30-7:30
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Cocktails sponsored by [[Image:Trustwave50x250.png|link=https://www.trustwave.com/‎‎]]

|}
====Plenary Day 2 - 11/11====
{| cellspacing="0" border="2"
|- valign="middle"
| height="60" align="center" colspan="5" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | '''Plenary Day 2 - Nov 11th 2010'''
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" |  
| width="200" valign="middle" height="40" bgcolor="#c0a0a0" align="center" | '''Offense (147B)'''
| width="200" valign="middle" height="40" bgcolor="#ffdf80" align="center" | '''New Frontiers (147A)'''
| width="200" valign="middle" height="40" bgcolor="#a0c0e0" align="center" | '''OWASP (145B)'''
| width="200" valign="middle" height="40" bgcolor="#b3ff99" align="center" | '''Process (145A)'''
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 07:30-08:55
| valign="middle" bgcolor="#e0e0e0" align="center" colspan="4" | Registration
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 08:55-09:00
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Day 2 Opening Remarks
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 09:00-10:00
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | [[AppSec DC 2010 Keynote Ron Ross|Keynote: Ron Ross]] National Institute of Standards and Technology Video | [[Media: OWASP-11-11-2010-Ross.pptx|Slides]]
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 10:00-10:15
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:Trustwave30x150.png|link=https://www.trustwave.com/‎‎]]
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 10:15-11:00
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking SAP BusinessObjects]] Joshua Abraham and Will Vandevanter Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Cloudy with a chance of hack!]] Lars Ewe Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Don't Judge a Website by its Icon - Read the Label!|Don’t Judge a Website by its Icon – Read the Label!]] Jeff Williams Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers]] Dan Cornell Video | [[Media: ApplicationPortfolioRiskRanking_BanishingFUDWithStructureAndNumbers_Content.pdf|Slides]]
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:00-11:05
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 11:05-11:50
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Deconstructing ColdFusion ]] Chris Eng and Brandon Creighton Video | [[Media: OWASP_AppSec_DC_2010_-_Deconstructing_ColdFusion.pdf|Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Declarative Web Security]] Brandon Sterne Video | [[Media: Mozilla_OWASP_AppSec_2010_DC.pdf‎|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[The Secure Coding Practices Quick Reference Guide]] Keith Turpin Video | [[Media: Secure_Coding_Practices_Quick_Ref_4.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Code Reviewing Strategies]] Andrew Wilson and John Hoopes Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 11:50-11:55
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 11:55-12:40
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Friendly Traitor 2 Features are hot but giving up our secrets is not!]] Kevin Johnson and Mike Poor Video | [[Media: Friendly_Traitor_2.pdf|Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Exploiting the media for fun and profit. Analysis of a new type of web application attacks through media files]] Aleksandr Yampolskiy Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Open Source Web Entry Firewall]] Ivan Buetler Video | [[Media: AppSecDC_Open_Source_Web_Entry_Server_V2.2.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Microsoft's Security Development Lifecycle for Agile Development]] Nick Coblentz Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="40" bgcolor="#7b8abd" | 12:40-1:40
| valign="middle" height="40" bgcolor="#e0e0e0" align="center" colspan="4" | Lunch
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 1:40-2:25
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Hacking .NET Applications at Runtime: A Dynamic Attack]] Jon McCoy Video | [[Media: AppSecDC_-_Attacking_.NET_Applications_at_Runtime.ppt|Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Life in the Clouds: a Service Provider's View]] Michael Smith Video | [[Media: Life_In_the_Clouds.Smith.AppSecDC2010.pdf|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Solving Real World Problems with ESAPI]] Chris Schmidt Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" rowspan="3"| [[Financial Services Panel]] Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 2:25-2:30
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="3" | Break
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" rowspan="1"| 2:30-3:15
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[JavaSnoop: How to hack anything written in Java]] Arshan Dabirsiaghi Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Social Zombies Gone Wild: Totally Exposed and Uncensored]] Kevin Johnson and Tom Eston Video | Slides
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[Attack Detection and Prevention with OWASP AppSensor]] Colin Watson Video | [[Media:AppSecDC-colin-watson-appsensor.ppt|Slides]]
|- valign="bottom"
| width="72" valign="middle" bgcolor="#7b8abd" | 3:15-3:30
| valign="middle" height="30" bgcolor="#e0e0e0" align="center" colspan="4" | Coffee Break sponsored by [[Image:AppSecDC-2010-Syngress75x30.gif‎‎|link=http://www.syngress.com/]]
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 3:30-4:15
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Unlocking the Toolkit: Attacking Google Web Toolkit]] Ron Gutierrez Video | [[Media: Attacking_Google_Web_Toolkit.ppt | Slides]]
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Smart Phones with Dumb Apps: Threat Modeling for Mobile Applications]] Dan Cornell Video | [[Media: SmartPhonesDumbApps_OWASPDC_20101111_Content.pdf|Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ModSecurity Core Rule Set]] Ryan Barnett Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[Implementing a Secure Software Development Program]] Darren Death Video | Slides
|- valign="bottom"
| width="72" valign="middle" height="5" bgcolor="#7b8abd" rowspan="1"| 4:15-4:20
| valign="middle" height="5" bgcolor="#e0e0e0" align="center" colspan="4" | Break
|- valign="bottom"
| width="72" valign="middle" height="120" bgcolor="#7b8abd" | 4:20-5:05
| width="200" valign="middle" height="120" bgcolor="#c0a0a0" align="center" | [[Constricting the Web: Offensive Python for Web Hackers]] Marcin Wielgoszewski and Nathan Hamiel Video | Slides
| width="200" valign="middle" height="120" bgcolor="#ffdf80" align="center" | [[Threats from Economical Improvement]] Eduardo Neves Video | [[Media: Threats_from_Economical_Improvement_OWASP_AppSec_2010_LR.key.zip | Slides]]
| width="200" valign="middle" height="120" bgcolor="#a0c0e0" align="center" | [[OWASP ESAPI SwingSet]] Fabio Cerullo Video | Slides
| width="200" valign="middle" height="120" bgcolor="#b3ff99" align="center" | [[The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform]] Benjamin Tomhave Video | [[Media: Carrot-stick-consequences-AppSecDC-2010.key.zip|Slides]]
|- valign="bottom"
| width="72" valign="middle" height="60" bgcolor="#7b8abd" | 5:05-5:30
| valign="middle" height="60" bgcolor="#e0e0e0" align="center" colspan="4" | Closing Remarks/Prizes The OWASP AppSec DC Team
|}
<headertabs />

[[OWASP AppSec DC 2010|Main Conference Page]] | [[:Category:AppSec DC 2010 Presentations|Presentations Page]] | [[:Category:AppSec DC 2010 Training|Training Page]]

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_AppSec_DC_2010]]

File:OWASP AppSec DC 2010 - Deconstructing ColdFusion.pdf

2010-11-13T18:08:19Z

Chris Eng: