OWASP - User contributions [en]

Talk:Summit 2011 Working Sessions/Session023

2011-06-15T20:00:07Z

Elke Roth-Mandutz:

'''Use this page to capture discussion about the OWASP website leading up to the working session.'''

My goal is to have a proposal documenting stages of change for OWASP website put together ''before'' Summit so we can present and go over it as a group for discussion - [[User:Jason Li]]

= Subdomain Proposal =
Propose subdomain migration:
* Move away from Wiki
** owasp.org/index.php** redirects to -> wiki.owasp.org
** wiki continues to be available as incubator for more mature content
* Main OWASP page
** www.owasp.org is a CMS controlled page with editor approved content
** not necessarily a Wiki
** (professionally) designed to be geared towards public consumption
* Projects Home
** projects.owasp.org -> new home for all OWASP projects
** ideally leverages Google Project Hosting combined with Google Code Review
** provides centralized repository for downloading all projects
** provides consistent look and feel to all projects
* Forums
** forums.owasp.org -> message boards
** supersedes mailing lists
** must be backwards compatible and transparent with current mailing list infrastructure
* Conferences Page
** conf.owasp.org -> home for central conferences
** need the ability to add subdomains or at least root dirs for conferences to allow for easier linking <- [[User: mark.bristow]]
* Community Page
** community.owasp.org?
** community home page to encourage ecosystem
** can hold chapter home pages
** base for OPoints?
[[User:Jason Li]]

Perhaps we also need to discuss (and not discuss):
* Search
** Main site(s)
** Content elsewhere?
* Implementation
** Hosting
** Security aspects
* (avoid talking about the logo!)
[[User:Clerkendweller]]

= On Designs, Layout and Standards =

[[User:Clerkendweller]] To document some of my own thoughts, suggestions, and existing aspects of the current site we don't want to lose track of. These are based on re-reading the 2008 documents, trawling through the leaders' email list for this topic and my own views. All done in pencil, so they can be altered easily.

What URL? SSL? Maintain existing URLs (even if 301 redirects)

[[File:Summit2011-website-cw-00.jpg]]

New page header for the whole / all site(s)?

[[File:Summit2011-website-cw-01.jpg]]

Hang a pure CSS menu off the tabs, so that we can highlight many more pages/resources from every page, but without cluttering up the header. The "Resources for..." is aimed at new visitors, and is probably all new content pages (a lot of work to put these together)... the number suggested is too many, but I didn't want to lose any ideas:

[[File:Summit2011-website-cw-02.jpg]]

Introduce breadcrumb trails:

[[File:Summit2011-website-cw-03.jpg]]

My thoughts were to keep as much as possible in the wiki, and just significantly re-skin the existing/new "introductory" pages. The number of pages styled in the new way can grow as effort permits:

[[File:Summit2011-website-cw-04.jpg]]

The home page and other "introductory" pages will be fully multilingual and have no evidence of being wiki pages (even if they are):

[[File:Summit2011-website-cw-21.jpg]]

and all the other wiki pages get the new header/footer, with most of the wiki management tools moved to a right column, along with cross-links:

[[File:Summit2011-website-cw-22.jpg]]

Standard footer across the whole site:

[[File:Summit2011-website-cw-30.jpg]]

We try to make sure the status bar doesn't display any warnings to "normal" or "appsec" users:

[[File:Summit2011-website-cw-31.jpg]]

We might want to specify some standards/options to include with changes:

[[File:Summit2011-website-cw-40.jpg]]

And keep a centred design which expands, but doesn't stretch too wide:

[[File:Summit2011-website-cw-41.jpg]]

Some of the above might ultimately contribute to a specification.

= Emphasise "S" of OWASP =
[[User:Achim]]
(following items without any preference, order, ... simply unsorted)

* owasp.org
** <nowiki>https://owasp.org/</nowiki> fully controlled by OWASP
** <nowiki>https://owasp.org/</nowiki> with trustworthy certificates<br>[[File:HTTPS-owasp.org.png]] [[File:HTTPS-owasp.org-mixed.png]]
** all content needs to be visible without enabling client-side scripting<br>this is not only a security but also a requirement for handicapped accessibility
** selfcontained owasp.org, means that 3'rd party includes (i.e. YUI) must be local
** verified usage of 3'rd party sources (i.e. YUI)
** think about (discuss): "what is a trustworthy root CA"
** OWASP is de facto the reference for web application security. Why not setup owasp.org as root CA? Note that some major browser vendors are next door at the summit ...

* general
** all processes with private and/or confidential data like registration, billing, etc. need to be done via <nowiki>https://owasp.org/</nowiki>
** keep people's privacy; i.e. who controls (personal) data at google, and many more<br>(see Jason's mail about ".. need to have gmail account to participate")

* Subdomains (see [[#Subdomain Proposal]] above also)
** ((chapter)).owasp.org
** blog.owasp.org
** forum.owasp.org

[[User:Elke Roth-Mandutz]]
User's Privacy should be taken into account on the OWASP websites

* Cookies
** Restriction for any OWASP page to first party 'session" cookies
** Don't accept third party cookies, any flash cookies or web bugs
** OWASP cookies should expire with session, long lasting cookies should not be used, if not absoltely required

* Third party content
** Double-check whose content is put on OWASP sites, and what those third party content puts on on the page
** Double-check on third party conent privacy policy e.g. completeness, data storage,...

* Privacy Policy
** Check on OWASP privacy policy completeness
** Is any data retreived? What kind of data? How long is the data stored?
** Add information about any client side storage (e.g. cookies)
** Make it P3P (see W3C) compliant

= Content orgnaization =
* would like to re-iterate the proposal for forums over mailing lists
* Subdomains (see [[#Subdomain Proposal]] above also)
** Need a robust and managable way to add subdomains/root dirs so we can leverage this for conferences
[[User: mark.bristow]]

= OWASP Website becomes Portal? =
* Example: http://sourceforge.net/adobe/

Talk:Summit 2011 Working Sessions/Session073

2011-03-03T10:11:33Z

Elke Roth-Mandutz:

Thank you for attending! This page is for the session participants to add their ideas and comments.

Please also take a look at the draft FTC response http://www.owasp.org/index.php/Industry:FTC_Protecting_Consumer_Privacy#Draft_Text_version_2 - your input would be very welcome!

Thank you

colin.watson(at)owasp.org

== Accomplishments ==

I was asked to provide the top 3 accomplishments from our session to the summit team. I have suggested:

1) A recognition that OWASP MUST (not should) be active in this space

2) Direct input into OWASP's response to the FTC staff report on consumer privacy

3) A consensus to try to document the drivers, issues, resources and relevant technical approaches

== Ideas... ==

Some suggested headings, but please feel free to add more:

=== Government legislation & policies ===

Legislation:

* EU:
** EU Directives
*** [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:NOT Directive 95/46/EC (Data protection)] ([http://europa.eu/legislation_summaries/information_society/l14012_en.htm amendments])
***
** Germany
*** [http://bundesrecht.juris.de/bdsg_1990/index.html Bundesdatenschutzgesetz]
*** [http://www.datenschutz.de/recht/gesetze/ Landesdatenschutzgesetze]
** Netherlands [http://www.dutchdpa.nl/Pages/en_ind_wetten_wbp_wbp.aspx Wet bescherming persoonsgegevens (Wbp)]
** UK
*** [http://www.legislation.gov.uk/ukpga/1998/29/contents Data Protection Act 1998]
**** [http://www.ico.gov.uk/for_organisations/data_protection.aspx Guidance for organisations on the DPA]
*** [http://www.legislation.gov.uk/uksi/2003/2426/contents/made Privacy and Electronic Communications (EC Directive) Regulations 2003]
**** [http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications.aspx Guidance for organisations on PEC]
** Italy
***[http://www.parlamento.it/parlam/leggi/deleghe/03196dl.htm Dlgs 196/03]
***[http://www.garanteprivacy.it/garante/navig/jsp/index.jsp Garante Privacy]
** Spain
***[http://www.boe.es/aeboe/consultas/bases_datos/doc.php?coleccion=iberlex&id=1999/23750 LeyOrganica 15/99]
***[http://www.boe.es/aeboe/consultas/bases_datos/doc.php?coleccion=iberlex&id=2008/00979 Real Decreto 1720/2007]
** France
***[http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=LEGITEXT000006068624&dateTexte=vig Loi n°78-17 du 6 janvier 1978]
***[http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=LEGITEXT000005821923&dateTexte=20110217 Loi n°2004-801 du 6 août 2004]
*
* US:
*

Primary data protection authorities:

* US:
** FTC
** ???

* EU:
** EU authority
*** [http://www.edps.europa.eu/EDPSWEB/ European Data Protection Supervisor]
** UK
*** [http://www.ico.gov.uk/ Information Commissioner's Office]
** Germany
*** [http://www.bfdi.bund.de/cln_134/DE/Home/homepage_node.html Budesbeauftragter fuer Datenschutz und Informationsfreiheit]
** Italy
***[http://www.garanteprivacy.it Garante Privacy]
** Spain
***[https://www.agpd.es/portalwebAGPD/index-ides-idphp.php Agencia Española de Protección de datos]
** France
***[http://www.cnil.fr/ Commission nationale de l'informatique et des libertés]
=== Issues ===

* Fair processing
* Acceptable use/specified purpose
* Avoid collecting excessive information
* Data accuracy
* Data retention period enforcement (& disposal)
* Protection of data
* Transfers (inter department, company, country)
* Tracking consent and withdrawal of consent
* Provision of consent
* Collection and storage of PII (personally identifiable information)
* User tracking
* User profiling
*

=== Privacy vulnerabilities ===

* Build up user profiles used e.g. for retargetted / behavioral advertising
* Identify users based on e.g. IP address, browser type and version, add-ons,... based on fingerprinting
**
*
*

=== Technical approaches ===

* Privacy vulnerability detection on server side
**

* Privacy vulnerability detection on client side
** Client side patterns implying privacy vulnerability e.g.
*** 3rd party links (typically trackers)
*** 3rd party cookies
*** invisible images / web bugs
*** behavioral tracking patterns

=== Tools, Add-ons, Projects to Detect & Protect Privacy ===

Data privacy is not only a client-side issue, but may also be a server-side issue. For example storing data in cloud services, where the data needs to be protected somehow. So we destinguish protection and detection tools in four areas for now:
# client-side
# server-side
# protocol
# services

==== 1. Client-side Tools ====
On the client we have three categories of tools:
* Add-ons in the browser
* Proxies
* Standalone tools based on the underlaying OS
===== Add-ons in the browser =====
{{TBD: table needs to be sorted according browser, functionality, etc.}}

{|class="wikitable" style="text-align: top;" border="1" cellpadding="2"
|+ Browser Add-ons
!width="5%" |
!width="35%" |Name
!width="50%" |Description
! Link
|-
|colspan="4" style="background:lightgray" |'''Chrome'''
|-
|
|Click&Clean
|
|
|-
|
|Ghostery
| (see below)
|
|-
|colspan="4" style="background:lightgray" |'''Firefox'''
|-
|
|colspan="3" |{{list needs attributes for: usablity, funtionality, active/passive protection, ...}}
|-
|
|AddBan
|
|
|-
|
|AddBlock Plus
|
|
|-
|
|AddBlock Plus popup
|
|
|-
|
|BetterPrivacy
|
|
|-
|
|Browser Protect
|
|
|-
|
|Click&Clean
|
|
|-
|
|Cookie Whitelist With Buttons
|
|
|-
|
|Dashboard
| (see below)
|
|-
|
|FireStorage
|
|
|-
|
|Greasemonkey
|
|
|-
|
|Ghostery
| (see below)
|
|-
|
|Header Tool
|
|
|-
|
|Maximum AddBlock
|
|
|-
|
|PageTweak
|
|
|-
|
|Privarcy Protector
|
|
|-
|
|TACO - Targeted Advertisong Cookie Opt-Out
|
|
|-
|
|ThinkAhead
|
|
|-
|
|TrackerBlock
|
|
|-
|colspan="4" style="background:lightgray" |IE
|-
|
|Ghostery
| (see below)
|
|-
|colspan="4" style="background:lightgray" |'''Opera'''
|-
|colspan="4" style="background:lightgray" |'''Safari'''
|-
|colspan="4" style="background:lightgray" |'''WebKit'''
|-
|
|-valign="top"
|}

;Ghostery plug-in
:Available for Firefox, Chrome, Safari, Internet Explorer<brCScans the page for scripts, pixels, and other elements and notifies the user of the companies whose code is present on the page. These page elements aren't otherwise visible to the user, and often not detailed in the page source code. Ghostery allows users to learn more about these companies and their practices, and block the page elements from loading if the user chooses.<br><br>Download: http://www.ghostery.com/download<br><br>Ghostery is owned by Evidon (formerly "Better Advertising": http://www.evidon.com/solutions/overview.php <br><br>"Selected by the Digital Advertising Alliance (DAA) to power its online behavioral advertising Self-Regulatory Program"

; Dashboard Firefox extension
:Developed by the research project !PrimeLife funded by the European Commission’s 7th Framework Programme.<br>
:Download: http://www.primelife.eu/results/opensource/76-dashboard
:Alpha release: tracks what information is collected by the visited websites. Allows to set preferences on a site by site basis. <br>
:Note: Currently maintained by W3.org, full description expected by March 2011.<br><br>
:Description:
:* observe HTTP Requests ans Responses while loading the web page
:* log collected HTTP traffic in a SQLite database"dashboard.sqlite" in the browser's profile folder
:* access additional databases maintained by the browser and the folders containing the LSOs
:* cancel HTTP requests e.g. for third party content based on user's preference for a given web site
:* user settable site preferences, e.g. to block 3rd party cookies or content, to disable scripting,... <br><br>
:Detected privacy patterns e.g.<br>
:* internal third party content
:* external third party content
:* invisible images (based on the image dimension / hidden by CSS)<br><br>
:User Interface <br>
:* adds smiley icon to the browser's navigation toolbar to reflect a measure of the privacy friendliness of the current web page
:* click on the face to view privacy details<br><br>

===== Proxies =====
A proxy can either be one on a intermediate server such as a company gateway, or a proxy installed on the client system itself.
In both cases the browser needs to be configured to use that proxy. As it is no difference from the browser's view, we do not destingush these proxy types.

{|class="wikitable" style="text-align: top;" border="1" cellpadding="2"
|+ Proxies
!width="5%" |
!width="35%" |Name
!width="50%" |Description
!Link
|-
|colspan="4" style="background:lightgray" |'''any OS'''
|-
|
!JAP
|
|[http://anon.inf.tu-dresden.de/]
|-
|
!Polipo
|
|[http://www.pps.jussieu.fr/~jch/software/polipo/]
|-
|
!privoxy
|
|[http://www.privoxy.org/]
|-
|
!squid
|
|[http://www.squid-cache.org/]
|-
|
!tinyproxy
|
|[https://banu.com/tinyproxy/]
|-
|
!WWWOFFLE
|
|[http://www.gedanken.demon.co.uk/wwwoffle/]
|-
|colspan="4" style="background:lightgray" |'''Windows'''
|-
|
!Proxomitron
|
|[http://www.buerschgens.de/Prox/]
|}

;Note
:The drawback when using a proxy is that SSL/TLS (https) is either not supported (i.e. privoxy, 2011), or the trust chain is broken and the browser indicates that with a proper message and a broken "lock" icon.

===== Standalone Tools =====
{{:TBD}}

==== 2. Server-side Tools ====
* appexchange2 [http://navajosystems.com]

==== 3. Protocol ====

;Mozilla Firefox 4 Beta: "Do Not Track" Option - Privacy Feature
:You can check a “Do Not Track” box in the “Advanced” screen of Firefox’s Options. When this option is selected, a header will be sent signaling to websites that you wish to opt-out of online behavioral tracking. You will not notice any difference in your browsing experience until sites and advertisers start responding to the header.<br><br>See: http://blog.mozilla.com/blog/2011/02/08/mozilla-firefox-4-beta-now-including-do-not-track-capabilities/ <br><br>Note: Also available for Google Chrome: http://google-chrome-browser.com/tags/do-not-track

=== Micro survey ===

CW created a micro survey on paper called ''A Few Questions'', to try to gather a few [10] views from other quarters in OWASP [2 participants from the working session, and 8 other leaders], as to the relevance of "personal data protection" within OWASP's mission. The questions (and anonymous answers) were:

'''Q1: Can OWASP contribute to PCI-DSS compliance initiatives?'''

A1:

Yes.

Yes of course - we already have by reference to the Top 10.

Yes, we have done so, but to my knowledge we have allowed our relationship with PCI to languish.

Yes.

Unsure, as I'm not fully used to PCI-DSS, but guess 'yes'.

Yes.

Yes.

Yes.

Don't know.

Yes in terms of providing knowledge, training and resources to QSAs. We [OWASP] could also provide info focused on companies who are going to be assessed.

'''Q2: Can OWASP contribute to fraud detection and prevention?'''

A2:

Yes.

Yes it would be included in our mission/purpose.

Yes, ***, *** and I were discussing some potential solutions to this.

Yes.

Yes.

Yes, it should at least 'list' possible threats.

Yes.

Yes.

Don't know.

AppSensor seems to be quite useful here.

'''Q3: Are there application vulnerabilities that can contribute to successful fraud?'''

A3:

Yes.

Yes of course.

At the risk of being glib, most successful exploitations of vulnerabilities lead to some sort of fraud.

Yes.

Maybe.

Yes.

Yes.

Yes.

-

Injection flaws, possibly XSS if client credentials can be compromised, session weaknesses, SSL issues.

'''Q4: Can OWASP contribute to the protection of personal data?'''

A4: (if 'no', skip Q5 and Q6 to end)

Yes.

Certainly.

Yes, anytime our efforts close a vulnerability, we contribute.

Yes.

No.

Yes.

Yes.

Yes.

Yes.

If OWASP wants to start talking at that issue, yes.

'''Q5: Are there application security vulnerabilities that can contribute to attacks against personal data?'''

A5: (if 'no', skip to end)

Yes.

Certainly, yes!

Yes, I'm hard pressed to think of one that doesn't have the potential.

Yes.

-

Yes (for example inclusion of 3rd party code/scripts).

Yes.

Yes.

-

Injection, XSS, session flows, SSL issues.

'''Q6: Are there vulnerabilities in the realms of personal data protection - consent, accuracy, fair use & retention (ie not just protection of data in use/at rest) - that OWASP can help with?'''

A6:

Yes, at least OWASP should in the future.

Possibly to a lesser degree - seems more like the legal realm than technical.

Certainly, but I'm not in a position to identify any that aren't already a focus of the organization [OWASP].

Yes.

-

Yes.

Yes.

I am not so sure - what is a vulnerability? If a poor audit trail or no audit trail is a vulnerability, then maybe. If lack of privacy policy is a vulnerability, then maybe.

-

Accuracy and use seem to be in the relam of privacy. If OWASP works in this area, we could rewach end users much more significantly.

'''End: Please supply any other comments here, or overleaf'''

-

-

-

[For] all questions, I answered yes, but it would need details how to achieve it.

-

-

-

-

I am working to enable ASVS as a government recommendation to verify the implementation of adequate protection of PII.

-

== External Links ==
* Informations about proxy servers: [http://en.wikipedia.org/wiki/Proxy_server wiki:Proxy Server]
* [http://privacy.org/ privacy.org]
* [http://www.privacyrights.org/ privacyrights.org]

Talk:Summit 2011 Working Sessions/Session073

2011-02-17T12:49:34Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-17T12:06:10Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-17T11:43:04Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-11T11:50:42Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-11T11:48:45Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-11T11:46:16Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-11T11:45:22Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-11T01:02:57Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-10T23:50:11Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-10T23:47:37Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-10T23:42:11Z

Elke Roth-Mandutz:

Talk:Summit 2011 Working Sessions/Session073

2011-02-10T19:46:06Z

Elke Roth-Mandutz:

Summit 2011 Attendee Bios

2011-02-08T19:32:30Z

Elke Roth-Mandutz:

{{CompactTOC}}



[[Summit_2011_Attendee | '''Back to Attendee List''']] | [[Summit_2011 | '''Back to main Summit 2011 page''']]

''Add'' a bio using the ''page'' edit link; ''change'' a bio using the ''section'' edit link.

== Adamski, Lucas ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Adamski,_Lucas.png|150px]]</div><div style=“text-align:justify”>Lucas Adamski heads up the product security team at Mozilla, works on security architecture and features, and generally tries to make the Internet a happier and safer place. Previously, Lucas was a Security Architect at Adobe focused on Flash Player and AIR. He also worked at @stake and developed security managed services software at Breakwater Security.
</div><br clear="all">

== Agarwal, Anurag ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Agarwal,_Anurag.png|150px]]</div><div style=“text-align:justify”>Anurag Agarwal, the founder of MyAppSecurity, has proven record in providing customers with solutions related to security risk management. Anurag is a former Director of Education Services at WhiteHat Security and has over 15 years of experience designing, developing, managing and securing web applications with companies like Citigroup, Cisco, HSBC Bank, and GE Medical Systems to name a few. He is an active contributor to the web application security field and has written several articles on secure design and coding for online magazines. A frequent speaker on web application security at various conferences, Anurag is actively involved with organizations such as the WASC (Web Application Security Consortium) and OWASP (Open Web Application Security Project). He started the project on Web Application Security Scanner Evaluation Criteria and is currently a project leader for OWASP developer’s guide and OWASP Common Vulnerability List.
</div><br clear="all">

== Aguilera, Vicente ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Aguilera,_Vicente.png|150px]]</div><div style=“text-align:justify”>Born in Badalona (Spain), Vicente is the OWASP Spain Chapter Leader, co-founder of Internet Security Auditors and member of the Technical Advisory Board in the RedSeguridad magazine. He is an enthusiastic of the application security, a regular speaker at industry conferences and has published several articles and vulnerabilities in specialized media.
</div><br clear="all">

== Agustini, Alexandre ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>I am senior lecturer and currently academic coordinator
of Informatics Faculty at the Catholic University of Rio Grande do Sul (PUCRS). I have a Ph.D. in Computer Science from Universidade Nova de Lisboa (2006) and my primary research interest is in Natural Language Processing, acting on the following topics: text mining, machine learning, syntactic and semantic analysis of natural language.

</div><br clear="all">

== Akhmad, Zaki ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Born in Jakarta, Indonesia, 1982, Zaki holds a master degree from
Bandung Institute of Technology, Indonesia, with major Electrical
Engineering. Currently he works at indocisc, a small consultant
company focus on information security, as a Junior Security Analyst.
On professional certification, he had passed the CISA exam which he took on June 2010. He has lead the OWASP Indonesia Chapter since December 2008. The first translation project completed by OWASP Indonesia Chapter team is the Top 10 OWASP 2010. He enjoys very much working on information security industry. On the leisure time, Zaki loves reading, writing, listening to music and for some time taking photos. He also enjoy sports, especially running and swimming. He can be contact at za at owasp dot org.

</div><br clear="all">

== Alamri, Lorna ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Lorna is a consultant at a large financial institution and resides in Minneapolis, Minnesota, USA. She is Vice President of the Minneapolis OWASP Chapter, a member of the Global Industry Committee, Editor of the OWASP Newsletter, and a member of the Summit Planning Committee.
</div><br clear="all">

== AlBasha, Talal ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Application Development Management, Application Security Consultation (GWAPT Certified)
Alremh company at ICT Incubator
Product Manager at Innovaive Solutions

Riyadh,Saudi Arabia
OWASP Involvement: Syria Chapter Leader
Past
• Presenter for Internet Security at ITDigest
• Senior Developer at King Faisal Specialist Hospital
• Senior Developer at KFSHRC
Education
• Damascus University
• SANS
Summary
Portal Development with J2EE technology
IBM Websphere portal server, application server (with clustering)
Bea Weblogic
SMS, MMS and Mobile Banking projects
Application Security (SANS GIAC standards, OWASP standards, (ISC)2 CSSLP standards)
GWAPT Certified

Specialties:
J2EE, Websphere clustering, Weblogic, JBoss, Struts, JSF
SMS, MMS, Mobile Banking
SMS Gateway
Application Security

</div><br clear="all">

== Angal, Rajeev ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Rajeev currently works as an Architect at Oracle (Sun Microsystems) and lives in the San Francisco Bay Area, California, USA.
Past
• Founder & VP Engineering at Intellifabric Inc
• Director of Technology at Infospace Inc
• Architect, Portal Server at SUN Microsystems
Education
• University of California, Santa Cruz
• IIT Delhi
• Delhi Public School - R. K. Puram

</div><br clear="all">

== Aniceto, Alexandre ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Information Security Consultant, CISSP, CISM, CISA, ISO27001/LA
Partner at Willway, S.A.; Lisbon Area, Portugal
Past
Senior Security Consultant at Glintt
Security Advisor at Archeocelis, Lda
Security & Systems Engineer at Nokia Siemens Networks
Education
Royal Holloway, U. of London ,
(ISC)² , ISACA - Information Systems Audit and Control Association
Specialties:
Information Security Management
Security Architecture Design & Implementation
Auditing and Regulatory Compliance

</div><br clear="all">

== Aryavalli, Gandhi ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Having Honors in Engineering (CS & Mech. Engg.) enriched by MBA (finance), have been working in Information Security space for the last 10+ years in the fields of Application Security, State Assessment, Data cum Network Security, Security Governance and Compliance areas. Currently part of McAfee family for the last 5+ years, providing technical expertise and support in the performance of architecture and application risk assessments for IT developed applications and third party solutions, review of applications for security vulnerabilities, perform penetration tests and enforcing Secure QA cum Coding practices. Key achievements include providing technical support to Department of Defence to install a Common Criteria lab in India for the first time, and established Vulnerability Accessment Center as per SSE-CMM Guidelines. Providing organisation wide trainings and conducting secure code reviews, as a Secure Core Team member of McAfee. Has played a key role in Application security in various CMM companies like Microsoft (v-id), Mahindra BT..etc.
</div><br clear="all">

== Barbato, L. Gustavo C. ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Gustavo is Ph.D. (application security) and M.Sc. (intrusion detection) in Information System Security as well as Bachelor in Computer Science. He has worked in security projects for the Brazilian Government for many years involving software programming, network and systems administration, computer and network security, application and network penetration testing, software security assessments, code review, malware analysis, intrusion detection, forensics analysis and others activities. During that time, he has also worked as security professor at college and postgraduate by teaching subjects about network and information security. In the beginning, he used to work as software developer and system administrator. However, the last years were dedicated to security consulting on areas aforesaid. Nowadays, he is the Technical Application Security Lead at Dell and Secure Programming Professor at UNISINOS University. As voluntary work, he is the Porto Alegre (Brazil) OWASP Chapter Founder/Leader and member of OWASP Global Chapter Committee.
</div><br clear="all">

== Barnett, Ryan ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Ryan Barnett is a Senior Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security where he focuses on web application defensive research and serves as the ModSecurity web application firewall project lead. In addition to his work at Trustwave, Ryan is also a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. He is also a Web Application Security Consortium (WASC) Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Web Honeypots Projects, as well as, the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache and is a frequent speaker at industry conferences such as Blackhat and OWASP.
</div><br clear="all">

==Baso, Sarah==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Sarah is a licensed attorney living in Minneapolis, Minnesota, USA. She currently works as a teacher for at risk youth (grades 5-8) at an after school and summer kids program, in addition to volunteering at an ESL school that provides English, computer, math, and citizenship classes to immigrants and refugees. Most recently, Sarah has been involved with OWASP, providing logistical support, travel planning and wiki foo for the Global Summit and serving as the secretary for the Global Industry Committee.
</div><br clear="all">

==Batista, Marco==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Marco is a 26 year old from Portugal with a Network and Communications Engineer degree. He has worked for 2 years in Carrier Sales Support / Customer Premises Equipment (CPE) Broadband Access (xDSL, FTTH), and is currently taking a MSc in Information Security.
</div><br clear="all">

==Bergling, Mattias==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Mattias Bergling works as a Senior Security Consultant at 2Secure in Stockholm, Sweden. Mattias has been working with IT security for 12 years and has been focusing on security testing for the last 8 years. Mattias is the co-leader for the Swedish OWASP chapter and was on the Organizing Committee for AppSec EU 2010.
</div><br clear="all">

==Bernik, Joe==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Mr. Bernik is the Chief Information Security Officer for Fifth Third Bank, responsible for protecting Fifth Third Bank and its clients’ information systems from risks. He is also responsible for defining and implementing Enterprise-wide information security strategies for the Bank.
Mr. Bernik has more than 16 years of experience as a risk professional. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations.
Prior to his role at Fifth Third Bank, Mr. Bernik served in roles including Director of Operational Risk at the Royal Bank of Scotland and Chief Information Security Officer of ABN AMRO, and its subsidiary, LaSalle Bank.
Mr. Bernik received his bachelor’s degree from the University of Mary Washington in Fredericksburg, Virginia, and completed graduate work in business administration at the City University of New York.
Mr. Bernik currently serves as an advisor to the Federal Reserve on matters of information security and is on the steering committee of the Financial Services Sharing and Analysis Center (FS-ISAC).

</div><br clear="all">

==Biagiotti, Massimo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Project Manager and Business Developer of consulting activities for network and application security analyses concerning Ethical Hacking, Secure Software Development Lyfecycle, Security Processes, Risk Analyses and Business Impact Analyses. Since 2009 is also responsible of the Internship Program of Business-e.
</div><br clear="all">

==Bonver, Edward==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Edward Bonver is a principal software engineer on the product security team under the Office of the CTO at Symantec Corporation. In this capacity, Edward is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company’s software security practices through the adoption of methodologies, procedures and tools for secure coding and security testing. Within Symantec, Edward teaches secure coding and security testing classes for Symantec engineers, and also leads the company’s QA Security Task Force, which he founded. Prior to joining Symantec, Edward held software engineering and QA roles at Digital Equipment Corporation, Nbase and Zuma Networks. Edward is a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP). He holds a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. Edward is a Ph.D. student at NOVA Southeastern University.
</div><br clear="all">

==Booth, Rex==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Rex is a Senior Manager in Grant Thornton’s Public Sector practice and leads their Cybersecurity Solution group. He has over ten years of experience providing application development, risk management and information security services to government agencies, private industry, and financial institutions.

Since joining Grant Thornton, Rex has led various information security and risk management engagements including FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity management and system certification and accreditation efforts. During his tenure at previous employers, Rex designed and developed complex distributed web-based applications. As a member of a managed security services team performing research and development, he co-architected and implemented a scalable information detection and prevention information aggregation solution for use in a real-time 24/7 information security monitoring system, correlating and reporting on thousands of devices. He has presented on the topic of information security and assessment methodologies to various institutions and is currently a global committee member for the Open Web Application Security Project (OWASP).

</div><br clear="all">

==Brennan, Tom==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Brennan started with technology in 1986 when 8-bit and CP/M was cool <grin>. After a career ending injury with United States Marines Corps., during Gulf War I Era he has dedicated his life to information security. Was elected and served with the FBI Infragard program 2002-2004 and then founded the OWASP New Jersey Chapter that today includes NYC Metro. In 2007 Brennan was appointed by his application security peers to the OWASP Global Board of Directors. Tom was the managing partner of Proactive Risk that routinely assessed technology, people and process used in finance, e-commerce, oil/gas, power generation/transmission, water, and global enterprise networks before joining Trustwave Spiderlabs in 2011. A father of 4 great kids and is a frequent and entertaining speaker at information security conferences and bars around the world ;)
</div><br clear="all">

==Brewer, Deb==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>LXstudios Inc., Owner/Director
Deb has provided branding, corporate identity and collateral design solutions to institutional and retail clients for over twenty years. On a Fine Arts Scholarship, she obtained a bachelor of Fine Arts in Graphic Design with a Minor in Professional Writing from Carnegie Mellon University in Pittsburgh, PA. She began her career as a Senior Designer in the Creative Services department at Thomson Financial in Boston, MA. After Thomson, Deb became a partner at Patric Ward Design in Boston, managing accounts such as Janus Institutional, Reebok, Standard & Poor’s, and Thomson Financial. In 1999, Deb opened LXstudios, providing branding, corporate identity, print collateral, advertising, web and event support to financial services, medical, technology, management consulting, mortgage/banking and retail clients.

</div><br clear="all">

==Bristow, Mark==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Mark Bristow works as an Industrial Control Systems (ICS/SCADA) Security consultant with Securicon LLC for a US Government client. Before getting involved with ICS, Mark was heavily involved in web application vulnerability research, penetration testing and building application security programs as a consultant with SRA International. Mark is an active member of the Open Web Application Security Project (OWASP) as Global Conferences Committee Chair, AppSec DC Organizer, and Co-Chair of the OWASP DC chapter.
</div><br clear="all">

==Brzozowski, Daniel==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Daniel is a web security enthusiast with broad knowledge in web applications development and web security. He has been working in banking and financial industry for the last few years. He is doing his Masters Degree in Artificial Intelligence at Warsaw University of Technology. He is currently working on his final master’s thesis, whose title is “Web Application Penetration Tests”. Right now he is based in London, UK and works for a worldwide financial company. His interests covers all aspects of web security, web development and public speaking. In his free time he enjoys practicing Krav Maga, listening to music and following Web Security news.
</div><br clear="all">

==Buetler, Ivan==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Founder and CEO, Compass Security AG (since 1999)
Founder of Swiss Cyber Storm Security Conference (since 2007)
Founder of Hacking-Lab community site / Alias E1 (since 2006)
Founder and board member of Cyber Tycoons foundation (since 2010)
Board member Information Security Society Swizerland ISSS (since 2010)
Member /ch/open foundation. After completing his degree in Electrical Engineering at the Technical College of Rapperswil focusing on computer science, control technology, electronics, energy engineering, and motion technology, Ivan Buetler worked for 2 years in St.Gallen at AGI Service, a company which provides services for banks. He provided plans for high-availability Unix and NT server systems including, among other things, a platform for the stock market and foreign exchange dealers based on Reuters, Bloomberg and FIMS (Telekurs). Afterwards, while working for 3r security engineering ag/Entrust Technologies, Ivan supported security consultants in technical matters, analysed clients' technical problems, local network and computer systems throughout Europe. This security work included penetration tests, security reviews, the development of secure architectures, Internet and Intranet security, as well as security solutions for e-Commerce. In particular, he was involved in the cross-certification of the Canadian Entrust PKI with Europe. During these activities he completed post-graduate studies at the Management School of St.Gallen/Zurich in Business Management.

</div><br clear="all">

==Calderon, Juan Carlos==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Juan currently works as Application Security Research Leader/Sr Auditor at Softtek and lives in the Aguascalientes Area, Mexico. Prior to this he was a Project Leader at Softtek, as well as a Sr Application Security Auditor and Sr Web Developer at Soft tek. Juan also worked as a Web Application Security Specialist and Web Developmer at GE DDEMESIS and as the IT Manager at Gabatti. Juan received his education from the Instituto Tecnológico y de Estudios Superiores de Monterrey and the Instituto Tecnológico de Zacatecas. Juan Specializes in: Application Security, Security Source Code Review, Vulnerability assessments, security trends analysis, Penetration Testing, Secure SDLC, App
Sec consultancy.

</div><br clear="all">

==Campbell, David==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Founder and Principal Consultant, Electric Alchemy
DC has been immersed in technology since elementary school. Early experiences with Microsoft Flight Simulator on an 4.77MHz 8086 IBM got him interested in computers as well as aviation. Campbell went on to become a well respected figure in the information security community as well as a FAA certificated pilot.
DC joined Andersen Consulting after graduating from University and his aptitude for hacking quickly led him to the forefront of the Firm's then nascent information security practice. At Andersen, Campbell worked as a security architect for a series of high profile projects while simultaneously providing penetration testing expertise on short engagements all over the world.
Since founding EA Campbell has embraced application security and mobile security and continues to be involved in the community. DC leads the Denver chapter of the Open Web Application Security Project and organizes the successful annual FROC application security conferences.

</div><br clear="all">

==Casey, Larry==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Director of IT, OWASP.
</div><br clear="all">

==Causey, Brad==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Brad Causey is an active member of the security and forensics community
worldwide. Brad tends to focus his time on Web Application security as
it applies to global and enterprise arenas. He is currently employed at
a major international financial institution as a security analyst. Brad
is the President of the OWASP Alabama chapter, a member of the OWASP Global Projects Committee and a contributor to the OWASP Live CD. He is
also the President of the International Information Systems Forensics
Association chapter in Alabama. Brad is an avid author and writer with hundreds of publications and several books. Brad currently holds certifications in the following arenas: MCSA, MCDBA, MCSE, MCT, MCP, GBLC, GGSC100, C|EH, CIFI, CCNA,IT Project Management+, Security+, A+, Network+, CISSP, CGSP.

</div><br clear="all">

==Chalmers, Matthew==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Matthew Chalmers has been doing information security and related work his entire professional career, since earning his bachelor's degree from MST. Matt has worked for large organizations in the defense, financial and manufacturing industries including the US Navy, the National Security Agency, JPMorgan Chase and, presently, Rockwell Automation. Matt currently performs risk, threat, control and vulnerability assessments; regulatory & policy/standard compliance audits; process improvement audits; and general & application control audits. Matt holds the CISA, GSNA, GCFA, CEH and CHS certifications and is ITIL v3 Foundation certified. Matt has been involved with OWASP since about 2002 and can be reached at matthew dot chalmers at owasp dot org.
</div><br clear="all">

==Chandra, Pravir==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> Pravir Chandra is Director of Strategic Services at Fortify where he leads software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. Creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project, Pravir also works extensively with OWASP and on other open projects to promote effective application security practices. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.
</div><br clear="all">

==Cheng, Steven==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Steven Cheng is currently the product manager for CodeSecure at Armorize Technologies, Inc. He has been with the company for more than five years spanning early from the development phase to current product management role. His job primarily involves requirement gathering and specification design. Recently the focus also shifted into development process in order to have better control of release schedule.

In the past year Steven had led the CodeSecure team to undergo a major product transformation in terms of distribution method from appliance to pure software based, and complete UI redesign. The beta version is now available for download and final release date is scheduled
on 4th March.

</div><br clear="all">

==Clarke, Justin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Justin is a Director and Co-Founder of Gotham Digital Science, based in London. Justin has extensive international risk management, security and secure development consulting and testing experience in the United Kingdom, United States and New Zealand. He is the lead author/technical editor of "SQL Injection Attacks and Defenses" (Syngress), co-author of "Network Security Tools" (O'Reilly), and a contributor to "Network Security Assessment, 2nd Edition" (O’Reilly), as well as a speaker at various security conferences and events such as Black Hat, EuSecWest, ISACA, BruCON, OWASP, OSCON, RSA and SANS. Currently Chapter leader of the OWASP London chapter, and a member of the OWASP Connections Committee, he has a Bachelors degree in Computer Science from the University of Canterbury in New Zealand. He’s also a CISSP, CISM, CISA, CEH, and still has his MCSE if you have a Windows NT 4.0/Exchange 5.5 network.
</div><br clear="all">

==Coates, Michael==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Michael Coates has extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers worldwide. Michael holds a master's degree in Computer Security from DePaul University and a bachelor's degree in Computer Science from the University of Illinois.
Michael is the creator and leader of the AppSensor project and a contributor to the 2010 OWASP Top 10. He is a frequent speaker at OWASP security conferences in the US and Europe and has also spoken at the Chicago Thotcon conference and provided security training at BlackHat.
As the web security lead at Mozilla, Michael protects web applications used by millions of users each day.

</div><br clear="all">

==Coimbra, Paulo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> Paulo has begun working for OWASP in July 2007 assuming the Spring of Code closing process. In the beginning of 2008, he has become OWASP part-time employee assuming the role of Project Manager. After completing his IELTS course, his status has changed again when in July 2008 he moved into a full-time position. He answers directly to the OWASP Board and has been working closely with the OWASP Global Projects Committee since it has been institutionalized in November 2008.
A few of his OWASP’s heterogeneous contributions are as follows:
• OWASP Spring of Code 2007,
• OWASP Summer of Code 2008,
• OWASP EU Summit 2008,
• OWASP Assessment Criteria 1.0 & 2.0,
• OWASP 'Project About' Templates,
• OWASP Projects Dashboard,
• OWASP Project Reviewers Database,
• OWASP Training.
Paulo Coimbra has a M.S. in Management (Technical University of Lisbon), a Post-Graduation in Political Science (University of Lisbon), and a B.S. in Management and Social Development (Portuguese Catholic University).
He has worked in management since 1992. He has performed different roles, from Economist (IAPMEI/Portuguese Ministry of Economy) to Teacher of Finances, Accountancy and M&A (Polytechnic Institutes of Setúbal and Santarém), to Marketing Director and Teacher of Project Finance, Corporate Communication and Political Science (Piaget Institute).

</div><br clear="all">

==Cornell, Dan==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway and OWASP EU Summit in Portugal.
</div><br clear="all">

==Corry, Bil==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Information Security Engineer at PayPal
I have extensive experience in information security, information technology and web application development. I bring integrity and accountability to all of my projects. Beyond my technical skills, I also have experience managing people and resources, budgeting, metrics, legal issues, strategic planning, and public speaking.

Information Security: access controls, disaster recovery, network security, web application security, HIPAA, PCI, application lifecycle, penetration testing, auditing, security research and more.
Information Technology: server administration, hardware/software installation/configuration, help desk/technical support, product evaluation, and more.
Web Application Development: entire development cycle, from design to implementation to quality assurance to deployment.
Specialties: Contributor to HTML5 (http://www.whatwg.org/specs/web-apps/current-work/multipage/acknowledgements.html#acknowledgements)
Contributor to WASC Threat Classification v2 (http://projects.webappsec.org/Threat-Classification-Authors)

</div><br clear="all">

==Cruz, Dinis==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the OWASP O2 Platform which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers). Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (acquired by IBM) performing Web Application security assessments on a large number of languages/technologies/frameworks and being a very active participant and enabler at OWASP.

</div><br clear="all">

==Cruz, Sarah==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Dawson, Isaac==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==De Win, Bart==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Deleersnyder, Seba==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==DiPaola, Stefano==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Donovan, Fred==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Durkee, Ralph==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Dworakowski, Wojciech==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Elias, Wagner==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Eng,Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Evans, Arian==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Falkenberg, Andreas==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fazli Azran, Mohd==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fedon, Giorgio==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Ferraz, Felipe==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Ferreira, Lucas C.==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fette, Ian==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fitzgerald, Alexis==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fitzhugh, Justin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Flores, Mauro==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fontes, Antonio==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fort, Julio Cesar==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fortuna, Pedro==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Frosch,Tilman==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Galvao, Pedro==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Gao, Helen==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Garrancho, Bruno==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Garg, Vishal==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Gomes, Leandro Resende==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Gondrom,Tobias==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Greene,Collin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hansen, Robert==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hartmann, Kate==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Heiderich, Mario==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Heyes, Gareth==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hinojosa, Kuai==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hodges, Jeff==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hoff, Jerry==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hoffman, Achim==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hofmann, Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hogben, Giles==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Ichnowski, Jeff==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Jimenez, Juan Jose Rider ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Jorge, Eduardo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Kang, Abraham==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Keary, Eoin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Knobloch, Martin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Kosturjak, Vlatko==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Koussa, Sherif==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Kuivenhoven, Marinus==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Kumar, Nishi==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Li, Jason==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Lindsay, David==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Long, Jeremy==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Loureiro, Nuno ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Luptak, Pavol==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Lyon, Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Manico, Jim ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Maor, Ofer==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Mancini, Lucilla==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Martinez, Mateo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Martorella, Christian==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Matatall, Neil==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==McGeehan, Ryan==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Melo, Ricardo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Mendo, Tiago==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Meucci, Matteo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Nagra, Jasvir==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Neaves, Tom==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Paiva, Sandra==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Pegorelli, Marta==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Perego, Paolo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Potjes, Linda==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Reinhart, Ralf==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Richler, Heiko==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Rohr, Mathias==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Ross, David==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Roth-Mandutz, Elke==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>
I am working as research assistant at the Georg-Simon-Ohm University of Applied Sciences in Nuremberg, Germany.
The research project started in September 2010 with the objection to detect and evaluate the privacy
impact of web-sites based on client-side analysis. The privacy impact should be made user visible.

Prior to the research project, I worked for many years in the mobile communication sector, mostly as system engineer for GSM and UMTS infrastructure.
</div><br clear="all">

==Saario, Mikko==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Samuel, Michael==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Schmidt, Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Schuh, Justin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Schwartz, Stephen==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Searle, Justin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Secker, Tanya==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Serrao, Carlos==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Stasinopoulos, Anastasios==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Sterne, Brandon==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Steven, John==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Su, Cecil==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Tasar, Vehbi==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Taylor, Jason==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Tesauro, Matt==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Thomas, Mark==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Tomhave, Benjamin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Turpin, Keith==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Tusha, Ervis==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==UcedaVelez, Tony==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Uhley, Peleus==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==van der Baan, Steven==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Vasilopoulos, Kyprianos==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Vela, Eduardo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Vilares Da Silva, Luis==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Vlachos, Vasileios==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Watson, Colin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Weston, David==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Wichers, Dave==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Wilander, John==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Williams, Jeff==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Wilson, Doug==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Wysopal, Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Yeo, John==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Zusman, Mike==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

Summit 2011 Attendee Bios

2011-02-08T19:21:00Z

Elke Roth-Mandutz: Add Elkes (my) bio

{{CompactTOC}}



[[Summit_2011_Attendee | '''Back to Attendee List''']] | [[Summit_2011 | '''Back to main Summit 2011 page''']]

''Add'' a bio using the ''page'' edit link; ''change'' a bio using the ''section'' edit link.

== Adamski, Lucas ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Adamski,_Lucas.png|150px]]</div><div style=“text-align:justify”>Lucas Adamski heads up the product security team at Mozilla, works on security architecture and features, and generally tries to make the Internet a happier and safer place. Previously, Lucas was a Security Architect at Adobe focused on Flash Player and AIR. He also worked at @stake and developed security managed services software at Breakwater Security.
</div><br clear="all">

== Agarwal, Anurag ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Agarwal,_Anurag.png|150px]]</div><div style=“text-align:justify”>Anurag Agarwal, the founder of MyAppSecurity, has proven record in providing customers with solutions related to security risk management. Anurag is a former Director of Education Services at WhiteHat Security and has over 15 years of experience designing, developing, managing and securing web applications with companies like Citigroup, Cisco, HSBC Bank, and GE Medical Systems to name a few. He is an active contributor to the web application security field and has written several articles on secure design and coding for online magazines. A frequent speaker on web application security at various conferences, Anurag is actively involved with organizations such as the WASC (Web Application Security Consortium) and OWASP (Open Web Application Security Project). He started the project on Web Application Security Scanner Evaluation Criteria and is currently a project leader for OWASP developer’s guide and OWASP Common Vulnerability List.
</div><br clear="all">

== Aguilera, Vicente ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:Aguilera,_Vicente.png|150px]]</div><div style=“text-align:justify”>Born in Badalona (Spain), Vicente is the OWASP Spain Chapter Leader, co-founder of Internet Security Auditors and member of the Technical Advisory Board in the RedSeguridad magazine. He is an enthusiastic of the application security, a regular speaker at industry conferences and has published several articles and vulnerabilities in specialized media.
</div><br clear="all">

== Agustini, Alexandre ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>I am senior lecturer and currently academic coordinator
of Informatics Faculty at the Catholic University of Rio Grande do Sul (PUCRS). I have a Ph.D. in Computer Science from Universidade Nova de Lisboa (2006) and my primary research interest is in Natural Language Processing, acting on the following topics: text mining, machine learning, syntactic and semantic analysis of natural language.

</div><br clear="all">

== Akhmad, Zaki ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Born in Jakarta, Indonesia, 1982, Zaki holds a master degree from
Bandung Institute of Technology, Indonesia, with major Electrical
Engineering. Currently he works at indocisc, a small consultant
company focus on information security, as a Junior Security Analyst.
On professional certification, he had passed the CISA exam which he took on June 2010. He has lead the OWASP Indonesia Chapter since December 2008. The first translation project completed by OWASP Indonesia Chapter team is the Top 10 OWASP 2010. He enjoys very much working on information security industry. On the leisure time, Zaki loves reading, writing, listening to music and for some time taking photos. He also enjoy sports, especially running and swimming. He can be contact at za at owasp dot org.

</div><br clear="all">

== Alamri, Lorna ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Lorna is a consultant at a large financial institution and resides in Minneapolis, Minnesota, USA. She is Vice President of the Minneapolis OWASP Chapter, a member of the Global Industry Committee, Editor of the OWASP Newsletter, and a member of the Summit Planning Committee.
</div><br clear="all">

== AlBasha, Talal ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Application Development Management, Application Security Consultation (GWAPT Certified)
Alremh company at ICT Incubator
Product Manager at Innovaive Solutions

Riyadh,Saudi Arabia
OWASP Involvement: Syria Chapter Leader
Past
• Presenter for Internet Security at ITDigest
• Senior Developer at King Faisal Specialist Hospital
• Senior Developer at KFSHRC
Education
• Damascus University
• SANS
Summary
Portal Development with J2EE technology
IBM Websphere portal server, application server (with clustering)
Bea Weblogic
SMS, MMS and Mobile Banking projects
Application Security (SANS GIAC standards, OWASP standards, (ISC)2 CSSLP standards)
GWAPT Certified

Specialties:
J2EE, Websphere clustering, Weblogic, JBoss, Struts, JSF
SMS, MMS, Mobile Banking
SMS Gateway
Application Security

</div><br clear="all">

== Angal, Rajeev ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Rajeev currently works as an Architect at Oracle (Sun Microsystems) and lives in the San Francisco Bay Area, California, USA.
Past
• Founder & VP Engineering at Intellifabric Inc
• Director of Technology at Infospace Inc
• Architect, Portal Server at SUN Microsystems
Education
• University of California, Santa Cruz
• IIT Delhi
• Delhi Public School - R. K. Puram

</div><br clear="all">

== Aniceto, Alexandre ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Information Security Consultant, CISSP, CISM, CISA, ISO27001/LA
Partner at Willway, S.A.; Lisbon Area, Portugal
Past
Senior Security Consultant at Glintt
Security Advisor at Archeocelis, Lda
Security & Systems Engineer at Nokia Siemens Networks
Education
Royal Holloway, U. of London ,
(ISC)² , ISACA - Information Systems Audit and Control Association
Specialties:
Information Security Management
Security Architecture Design & Implementation
Auditing and Regulatory Compliance

</div><br clear="all">

== Aryavalli, Gandhi ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Having Honors in Engineering (CS & Mech. Engg.) enriched by MBA (finance), have been working in Information Security space for the last 10+ years in the fields of Application Security, State Assessment, Data cum Network Security, Security Governance and Compliance areas. Currently part of McAfee family for the last 5+ years, providing technical expertise and support in the performance of architecture and application risk assessments for IT developed applications and third party solutions, review of applications for security vulnerabilities, perform penetration tests and enforcing Secure QA cum Coding practices. Key achievements include providing technical support to Department of Defence to install a Common Criteria lab in India for the first time, and established Vulnerability Accessment Center as per SSE-CMM Guidelines. Providing organisation wide trainings and conducting secure code reviews, as a Secure Core Team member of McAfee. Has played a key role in Application security in various CMM companies like Microsoft (v-id), Mahindra BT..etc.
</div><br clear="all">

== Barbato, L. Gustavo C. ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Gustavo is Ph.D. (application security) and M.Sc. (intrusion detection) in Information System Security as well as Bachelor in Computer Science. He has worked in security projects for the Brazilian Government for many years involving software programming, network and systems administration, computer and network security, application and network penetration testing, software security assessments, code review, malware analysis, intrusion detection, forensics analysis and others activities. During that time, he has also worked as security professor at college and postgraduate by teaching subjects about network and information security. In the beginning, he used to work as software developer and system administrator. However, the last years were dedicated to security consulting on areas aforesaid. Nowadays, he is the Technical Application Security Lead at Dell and Secure Programming Professor at UNISINOS University. As voluntary work, he is the Porto Alegre (Brazil) OWASP Chapter Founder/Leader and member of OWASP Global Chapter Committee.
</div><br clear="all">

== Barnett, Ryan ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Ryan Barnett is a Senior Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security where he focuses on web application defensive research and serves as the ModSecurity web application firewall project lead. In addition to his work at Trustwave, Ryan is also a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. He is also a Web Application Security Consortium (WASC) Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Web Honeypots Projects, as well as, the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache and is a frequent speaker at industry conferences such as Blackhat and OWASP.
</div><br clear="all">

==Baso, Sarah==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Sarah is a licensed attorney living in Minneapolis, Minnesota, USA. She currently works as a teacher for at risk youth (grades 5-8) at an after school and summer kids program, in addition to volunteering at an ESL school that provides English, computer, math, and citizenship classes to immigrants and refugees. Most recently, Sarah has been involved with OWASP, providing logistical support, travel planning and wiki foo for the Global Summit and serving as the secretary for the Global Industry Committee.
</div><br clear="all">

==Batista, Marco==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Marco is a 26 year old from Portugal with a Network and Communications Engineer degree. He has worked for 2 years in Carrier Sales Support / Customer Premises Equipment (CPE) Broadband Access (xDSL, FTTH), and is currently taking a MSc in Information Security.
</div><br clear="all">

==Bergling, Mattias==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Mattias Bergling works as a Senior Security Consultant at 2Secure in Stockholm, Sweden. Mattias has been working with IT security for 12 years and has been focusing on security testing for the last 8 years. Mattias is the co-leader for the Swedish OWASP chapter and was on the Organizing Committee for AppSec EU 2010.
</div><br clear="all">

==Bernik, Joe==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Mr. Bernik is the Chief Information Security Officer for Fifth Third Bank, responsible for protecting Fifth Third Bank and its clients’ information systems from risks. He is also responsible for defining and implementing Enterprise-wide information security strategies for the Bank.
Mr. Bernik has more than 16 years of experience as a risk professional. He has developed risk management practices, procedures and standards for several Fortune 100 companies including several global banking organizations.
Prior to his role at Fifth Third Bank, Mr. Bernik served in roles including Director of Operational Risk at the Royal Bank of Scotland and Chief Information Security Officer of ABN AMRO, and its subsidiary, LaSalle Bank.
Mr. Bernik received his bachelor’s degree from the University of Mary Washington in Fredericksburg, Virginia, and completed graduate work in business administration at the City University of New York.
Mr. Bernik currently serves as an advisor to the Federal Reserve on matters of information security and is on the steering committee of the Financial Services Sharing and Analysis Center (FS-ISAC).

</div><br clear="all">

==Biagiotti, Massimo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Project Manager and Business Developer of consulting activities for network and application security analyses concerning Ethical Hacking, Secure Software Development Lyfecycle, Security Processes, Risk Analyses and Business Impact Analyses. Since 2009 is also responsible of the Internship Program of Business-e.
</div><br clear="all">

==Bonver, Edward==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Edward Bonver is a principal software engineer on the product security team under the Office of the CTO at Symantec Corporation. In this capacity, Edward is responsible for working with software developers and quality assurance (QA) professionals across Symantec to continuously enhance the company’s software security practices through the adoption of methodologies, procedures and tools for secure coding and security testing. Within Symantec, Edward teaches secure coding and security testing classes for Symantec engineers, and also leads the company’s QA Security Task Force, which he founded. Prior to joining Symantec, Edward held software engineering and QA roles at Digital Equipment Corporation, Nbase and Zuma Networks. Edward is a Certified Information Systems Security Professional (CISSP) and a Certified Secure Software Lifecycle Professional (CSSLP). He holds a master’s degree in computer science from California State University, Northridge, and a bachelor’s degree in computer science from Rochester Institute of Technology. Edward is a Ph.D. student at NOVA Southeastern University.
</div><br clear="all">

==Booth, Rex==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Rex is a Senior Manager in Grant Thornton’s Public Sector practice and leads their Cybersecurity Solution group. He has over ten years of experience providing application development, risk management and information security services to government agencies, private industry, and financial institutions.

Since joining Grant Thornton, Rex has led various information security and risk management engagements including FISMA, IV&V, SOX, and OMB A-123 engagements as well as identity management and system certification and accreditation efforts. During his tenure at previous employers, Rex designed and developed complex distributed web-based applications. As a member of a managed security services team performing research and development, he co-architected and implemented a scalable information detection and prevention information aggregation solution for use in a real-time 24/7 information security monitoring system, correlating and reporting on thousands of devices. He has presented on the topic of information security and assessment methodologies to various institutions and is currently a global committee member for the Open Web Application Security Project (OWASP).

</div><br clear="all">

==Brennan, Tom==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Brennan started with technology in 1986 when 8-bit and CP/M was cool <grin>. After a career ending injury with United States Marines Corps., during Gulf War I Era he has dedicated his life to information security. Was elected and served with the FBI Infragard program 2002-2004 and then founded the OWASP New Jersey Chapter that today includes NYC Metro. In 2007 Brennan was appointed by his application security peers to the OWASP Global Board of Directors. Tom was the managing partner of Proactive Risk that routinely assessed technology, people and process used in finance, e-commerce, oil/gas, power generation/transmission, water, and global enterprise networks before joining Trustwave Spiderlabs in 2011. A father of 4 great kids and is a frequent and entertaining speaker at information security conferences and bars around the world ;)
</div><br clear="all">

==Brewer, Deb==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>LXstudios Inc., Owner/Director
Deb has provided branding, corporate identity and collateral design solutions to institutional and retail clients for over twenty years. On a Fine Arts Scholarship, she obtained a bachelor of Fine Arts in Graphic Design with a Minor in Professional Writing from Carnegie Mellon University in Pittsburgh, PA. She began her career as a Senior Designer in the Creative Services department at Thomson Financial in Boston, MA. After Thomson, Deb became a partner at Patric Ward Design in Boston, managing accounts such as Janus Institutional, Reebok, Standard & Poor’s, and Thomson Financial. In 1999, Deb opened LXstudios, providing branding, corporate identity, print collateral, advertising, web and event support to financial services, medical, technology, management consulting, mortgage/banking and retail clients.

</div><br clear="all">

==Bristow, Mark==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Mark Bristow works as an Industrial Control Systems (ICS/SCADA) Security consultant with Securicon LLC for a US Government client. Before getting involved with ICS, Mark was heavily involved in web application vulnerability research, penetration testing and building application security programs as a consultant with SRA International. Mark is an active member of the Open Web Application Security Project (OWASP) as Global Conferences Committee Chair, AppSec DC Organizer, and Co-Chair of the OWASP DC chapter.
</div><br clear="all">

==Brzozowski, Daniel==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Daniel is a web security enthusiast with broad knowledge in web applications development and web security. He has been working in banking and financial industry for the last few years. He is doing his Masters Degree in Artificial Intelligence at Warsaw University of Technology. He is currently working on his final master’s thesis, whose title is “Web Application Penetration Tests”. Right now he is based in London, UK and works for a worldwide financial company. His interests covers all aspects of web security, web development and public speaking. In his free time he enjoys practicing Krav Maga, listening to music and following Web Security news.
</div><br clear="all">

==Buetler, Ivan==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Founder and CEO, Compass Security AG (since 1999)
Founder of Swiss Cyber Storm Security Conference (since 2007)
Founder of Hacking-Lab community site / Alias E1 (since 2006)
Founder and board member of Cyber Tycoons foundation (since 2010)
Board member Information Security Society Swizerland ISSS (since 2010)
Member /ch/open foundation. After completing his degree in Electrical Engineering at the Technical College of Rapperswil focusing on computer science, control technology, electronics, energy engineering, and motion technology, Ivan Buetler worked for 2 years in St.Gallen at AGI Service, a company which provides services for banks. He provided plans for high-availability Unix and NT server systems including, among other things, a platform for the stock market and foreign exchange dealers based on Reuters, Bloomberg and FIMS (Telekurs). Afterwards, while working for 3r security engineering ag/Entrust Technologies, Ivan supported security consultants in technical matters, analysed clients' technical problems, local network and computer systems throughout Europe. This security work included penetration tests, security reviews, the development of secure architectures, Internet and Intranet security, as well as security solutions for e-Commerce. In particular, he was involved in the cross-certification of the Canadian Entrust PKI with Europe. During these activities he completed post-graduate studies at the Management School of St.Gallen/Zurich in Business Management.

</div><br clear="all">

==Calderon, Juan Carlos==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Juan currently works as Application Security Research Leader/Sr Auditor at Softtek and lives in the Aguascalientes Area, Mexico. Prior to this he was a Project Leader at Softtek, as well as a Sr Application Security Auditor and Sr Web Developer at Soft tek. Juan also worked as a Web Application Security Specialist and Web Developmer at GE DDEMESIS and as the IT Manager at Gabatti. Juan received his education from the Instituto Tecnológico y de Estudios Superiores de Monterrey and the Instituto Tecnológico de Zacatecas. Juan Specializes in: Application Security, Security Source Code Review, Vulnerability assessments, security trends analysis, Penetration Testing, Secure SDLC, App
Sec consultancy.

</div><br clear="all">

==Campbell, David==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Founder and Principal Consultant, Electric Alchemy
DC has been immersed in technology since elementary school. Early experiences with Microsoft Flight Simulator on an 4.77MHz 8086 IBM got him interested in computers as well as aviation. Campbell went on to become a well respected figure in the information security community as well as a FAA certificated pilot.
DC joined Andersen Consulting after graduating from University and his aptitude for hacking quickly led him to the forefront of the Firm's then nascent information security practice. At Andersen, Campbell worked as a security architect for a series of high profile projects while simultaneously providing penetration testing expertise on short engagements all over the world.
Since founding EA Campbell has embraced application security and mobile security and continues to be involved in the community. DC leads the Denver chapter of the Open Web Application Security Project and organizes the successful annual FROC application security conferences.

</div><br clear="all">

==Casey, Larry==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Director of IT, OWASP.
</div><br clear="all">

==Causey, Brad==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Brad Causey is an active member of the security and forensics community
worldwide. Brad tends to focus his time on Web Application security as
it applies to global and enterprise arenas. He is currently employed at
a major international financial institution as a security analyst. Brad
is the President of the OWASP Alabama chapter, a member of the OWASP Global Projects Committee and a contributor to the OWASP Live CD. He is
also the President of the International Information Systems Forensics
Association chapter in Alabama. Brad is an avid author and writer with hundreds of publications and several books. Brad currently holds certifications in the following arenas: MCSA, MCDBA, MCSE, MCT, MCP, GBLC, GGSC100, C|EH, CIFI, CCNA,IT Project Management+, Security+, A+, Network+, CISSP, CGSP.

</div><br clear="all">

==Chalmers, Matthew==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Matthew Chalmers has been doing information security and related work his entire professional career, since earning his bachelor's degree from MST. Matt has worked for large organizations in the defense, financial and manufacturing industries including the US Navy, the National Security Agency, JPMorgan Chase and, presently, Rockwell Automation. Matt currently performs risk, threat, control and vulnerability assessments; regulatory & policy/standard compliance audits; process improvement audits; and general & application control audits. Matt holds the CISA, GSNA, GCFA, CEH and CHS certifications and is ITIL v3 Foundation certified. Matt has been involved with OWASP since about 2002 and can be reached at matthew dot chalmers at owasp dot org.
</div><br clear="all">

==Chandra, Pravir==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> Pravir Chandra is Director of Strategic Services at Fortify where he leads software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. Creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project, Pravir also works extensively with OWASP and on other open projects to promote effective application security practices. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.
</div><br clear="all">

==Cheng, Steven==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Steven Cheng is currently the product manager for CodeSecure at Armorize Technologies, Inc. He has been with the company for more than five years spanning early from the development phase to current product management role. His job primarily involves requirement gathering and specification design. Recently the focus also shifted into development process in order to have better control of release schedule.

In the past year Steven had led the CodeSecure team to undergo a major product transformation in terms of distribution method from appliance to pure software based, and complete UI redesign. The beta version is now available for download and final release date is scheduled
on 4th March.

</div><br clear="all">

==Clarke, Justin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Justin is a Director and Co-Founder of Gotham Digital Science, based in London. Justin has extensive international risk management, security and secure development consulting and testing experience in the United Kingdom, United States and New Zealand. He is the lead author/technical editor of "SQL Injection Attacks and Defenses" (Syngress), co-author of "Network Security Tools" (O'Reilly), and a contributor to "Network Security Assessment, 2nd Edition" (O’Reilly), as well as a speaker at various security conferences and events such as Black Hat, EuSecWest, ISACA, BruCON, OWASP, OSCON, RSA and SANS. Currently Chapter leader of the OWASP London chapter, and a member of the OWASP Connections Committee, he has a Bachelors degree in Computer Science from the University of Canterbury in New Zealand. He’s also a CISSP, CISM, CISA, CEH, and still has his MCSE if you have a Windows NT 4.0/Exchange 5.5 network.
</div><br clear="all">

==Coates, Michael==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Michael Coates has extensive experience in application security, security code review and penetration assessments. He has conducted numerous security assessments for financial, enterprise and cellular customers worldwide. Michael holds a master's degree in Computer Security from DePaul University and a bachelor's degree in Computer Science from the University of Illinois.
Michael is the creator and leader of the AppSensor project and a contributor to the 2010 OWASP Top 10. He is a frequent speaker at OWASP security conferences in the US and Europe and has also spoken at the Chicago Thotcon conference and provided security training at BlackHat.
As the web security lead at Mozilla, Michael protects web applications used by millions of users each day.

</div><br clear="all">

==Coimbra, Paulo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”> Paulo has begun working for OWASP in July 2007 assuming the Spring of Code closing process. In the beginning of 2008, he has become OWASP part-time employee assuming the role of Project Manager. After completing his IELTS course, his status has changed again when in July 2008 he moved into a full-time position. He answers directly to the OWASP Board and has been working closely with the OWASP Global Projects Committee since it has been institutionalized in November 2008.
A few of his OWASP’s heterogeneous contributions are as follows:
• OWASP Spring of Code 2007,
• OWASP Summer of Code 2008,
• OWASP EU Summit 2008,
• OWASP Assessment Criteria 1.0 & 2.0,
• OWASP 'Project About' Templates,
• OWASP Projects Dashboard,
• OWASP Project Reviewers Database,
• OWASP Training.
Paulo Coimbra has a M.S. in Management (Technical University of Lisbon), a Post-Graduation in Political Science (University of Lisbon), and a B.S. in Management and Social Development (Portuguese Catholic University).
He has worked in management since 1992. He has performed different roles, from Economist (IAPMEI/Portuguese Ministry of Economy) to Teacher of Finances, Accountancy and M&A (Polytechnic Institutes of Setúbal and Santarém), to Marketing Director and Teacher of Project Finance, Corporate Communication and Political Science (Piaget Institute).

</div><br clear="all">

==Cornell, Dan==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Dan Cornell has over twelve years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader, member of the OWASP Global Membership Committee and co-lead of the OWASP Open Review Project. Dan has spoken at such international conferences as ROOTs in Norway and OWASP EU Summit in Portugal.
</div><br clear="all">

==Corry, Bil==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Information Security Engineer at PayPal
I have extensive experience in information security, information technology and web application development. I bring integrity and accountability to all of my projects. Beyond my technical skills, I also have experience managing people and resources, budgeting, metrics, legal issues, strategic planning, and public speaking.

Information Security: access controls, disaster recovery, network security, web application security, HIPAA, PCI, application lifecycle, penetration testing, auditing, security research and more.
Information Technology: server administration, hardware/software installation/configuration, help desk/technical support, product evaluation, and more.
Web Application Development: entire development cycle, from design to implementation to quality assurance to deployment.
Specialties: Contributor to HTML5 (http://www.whatwg.org/specs/web-apps/current-work/multipage/acknowledgements.html#acknowledgements)
Contributor to WASC Threat Classification v2 (http://projects.webappsec.org/Threat-Classification-Authors)

</div><br clear="all">

==Cruz, Dinis==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the OWASP O2 Platform which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers). Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (acquired by IBM) performing Web Application security assessments on a large number of languages/technologies/frameworks and being a very active participant and enabler at OWASP.

</div><br clear="all">

==Cruz, Sarah==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Dawson, Isaac==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==De Win, Bart==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Deleersnyder, Seba==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==DiPaola, Stefano==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Donovan, Fred==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Durkee, Ralph==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Dworakowski, Wojciech==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Elias, Wagner==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Eng,Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Evans, Arian==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Falkenberg, Andreas==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fazli Azran, Mohd==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fedon, Giorgio==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Ferraz, Felipe==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Ferreira, Lucas C.==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fette, Ian==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fitzgerald, Alexis==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fitzhugh, Justin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Flores, Mauro==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fontes, Antonio==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fort, Julio Cesar==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Fortuna, Pedro==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Frosch,Tilman==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Galvao, Pedro==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Gao, Helen==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Garrancho, Bruno==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Garg, Vishal==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Gomes, Leandro Resende==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Gondrom,Tobias==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Greene,Collin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hansen, Robert==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hartmann, Kate==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Heiderich, Mario==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Heyes, Gareth==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hinojosa, Kuai==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hodges, Jeff==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hoff, Jerry==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hoffman, Achim==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hofmann, Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Hogben, Giles==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Ichnowski, Jeff==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Jimenez, Juan Jose Rider ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Jorge, Eduardo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Kang, Abraham==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Keary, Eoin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Knobloch, Martin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Kosturjak, Vlatko==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Koussa, Sherif==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Kuivenhoven, Marinus==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Kumar, Nishi==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Li, Jason==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Lindsay, David==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Long, Jeremy==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Loureiro, Nuno ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Luptak, Pavol==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Lyon, Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Manico, Jim ==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Maor, Ofer==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Mancini, Lucilla==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Martinez, Mateo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Martorella, Christian==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Matatall, Neil==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==McGeehan, Ryan==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Melo, Ricardo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Mendo, Tiago==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Meucci, Matteo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Nagra, Jasvir==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Neaves, Tom==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Paiva, Sandra==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Pegorelli, Marta==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Perego, Paolo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Potjes, Linda==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Reinhart, Ralf==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Richler, Heiko==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Rohr, Mathias==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">
I am working as a member of the research staff at the Georg-Simon-Ohm
University of Applied Sciences in Nuremberg, Germany. The research project
started in September 2010 and targets at the detection of web-site privacy
impact based on client-side analysis. The evaluated impact is planned to be
user visible.
Prior to the research project, I worked for many years in the mobile
communication sector, mostly as systems engineer for GSM and UMTS
infrastructure.

==Ross, David==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Roth-Mandutz, Elke==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>
I am working as research assistant at the Georg-Simon-Ohm University of Applied Sciences in Nuremberg, Germany.
The research project started in September 2010 with the objection to detect and evaluate the privacy
impact of web-sites based on client-side analysis. The privacy impact should be made user visible.

Prior to the research project, I worked for many years in the mobile communication sector, mostly as system engineer for GSM and UMTS infrastructure.
</div><br clear="all">

==Saario, Mikko==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Samuel, Michael==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Schmidt, Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Schuh, Justin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Schwartz, Stephen==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Searle, Justin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Secker, Tanya==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Serrao, Carlos==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Stasinopoulos, Anastasios==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Sterne, Brandon==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Steven, John==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Su, Cecil==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Tasar, Vehbi==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Taylor, Jason==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Tesauro, Matt==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Thomas, Mark==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Tomhave, Benjamin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Turpin, Keith==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Tusha, Ervis==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==UcedaVelez, Tony==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Uhley, Peleus==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==van der Baan, Steven==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Vasilopoulos, Kyprianos==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Vela, Eduardo==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Vilares Da Silva, Luis==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Vlachos, Vasileios==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Watson, Colin==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Weston, David==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Wichers, Dave==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Wilander, John==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Williams, Jeff==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Wilson, Doug==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Wysopal, Chris==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Yeo, John==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

==Zusman, Mike==

<div align="left" style="float: left; margin: 0 4px 0 0; padding: 4px; border: 1px solid #aaa;">[[File:PicComingSoon.jpg|150px]]</div><div style=“text-align:justify”>Enter bio here.
</div><br clear="all">

Summit 2011 Working Sessions/Session040

2011-01-31T13:29:46Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Martin Knobloch
| summit_session_attendee_email1 = martin.knobloch@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Paulo Coimbra
| summit_session_attendee_email2 = paulo.coimbra@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Dinis Cruz
| summit_session_attendee_email3 = dinis.cruz@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Nishi Kumar
| summit_session_attendee_email4 = nishi.kumar@owasp.org
| summit_session_attendee_company4= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Cecil Su
| summit_session_attendee_email5 = cecil.su@owasp.org
| summit_session_attendee_company5= GT
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Heiko Richler
| summit_session_attendee_email6 = heiko.richler@owasp.org
| summit_session_attendee_company6= GSO-University of Applied Sciences
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Lucas C. Ferreira
| summit_session_attendee_email7 = lucas.ferreira@owasp.org
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Jason Taylor
| summit_session_attendee_email8 = jtaylor@securityinnovation.com
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Mateo Martinez
| summit_session_attendee_email9 = mateo.martinez@owasp.org
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Konstantinos Papapanagiotou
| summit_session_attendee_email10 = konstantinos@owasp.org
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10= Present the "Hackademic" challenges and our experience from Greece

| summit_session_attendee_name11 = Carlos Serrão
| summit_session_attendee_email11 = carlos.serrao@iscte.pt
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 = Matteo Meucci
| summit_session_attendee_email12 = matteo.meucci@owasp.org
| summit_session_attendee_company12= Minded Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Elke Roth-Mandutz
| summit_session_attendee_email13 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_company13= GSO-University of Applied Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = OWASP Academies
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session040
| mailing_list = [https://lists.owasp.org/mailman/listinfo/owasp-academies OWASP Academies mailing list]

|-

| short_working_session_description=This session aims to discuss and establish the model under which the OWASP Academies will be implemented and developed, i.e., a frame under which work will be done with Universities, Polytechnic Institutes, IT Schools and other Academic institutions with a view to establish solid relationships and develop with these organisms ways to collaborate and participate in the design of courses focused on web application security.<br> Part of what will be discussed in this working session will be the continuation of the first meeting being organised for January, in Lisbon, where the vision, the materials and the action plan for the Academies, among other related issues, will be debated.

|-

| related_project_name1 = OWASP Academy Portal Project
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Academy_Portal_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-
| summit_session_objective_name1 = Identification of goals;
| summit_session_objective_name2 = Definition of methodology;
| summit_session_objective_name3 = Analysis of legal aspects and relationship with Universities, other Academic institutions and Governmental initiatives;
| summit_session_objective_name4 = Identification of Trainers and their involvement;
| summit_session_objective_name5 = Certification of Contents and materials.
|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = Please see the '''[[Talk:Summit 2011 Working Sessions/Session040|Discussion]]''' page.

|-

|summit_session_deliverable_name1 = Deliver the above as a fundable business plan complete with financial and resource requirements, timelines, metrics, etc…

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Sandra Paiva
| summit_session_leader_email1 = sandra.paiva@owasp.org
| summit_session_leader_username1 = Sandra Paiva

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session040
| session_home_page =  Summit_2011_Working_Sessions/Session040
}}

Summit 2011 Working Sessions/Session058

2011-01-31T13:26:28Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Jason Taylor
| summit_session_attendee_email1 = jtaylor@securityinnovation.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_company2=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Sherif Koussa
| summit_session_attendee_email3 = sherif.koussa@owasp.org
| summit_session_attendee_company3= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Vishal Garg
| summit_session_attendee_email4 = vishalgrg@gmail.com
| summit_session_attendee_company4= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Matteo Meucci
| summit_session_attendee_email5 = matteo.meucci@owasp.org
| summit_session_attendee_company5= Minded Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Elke Roth-Mandutz
| summit_session_attendee_email6 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_company6= GSO-University of Applied Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058
| mailing_list =
|-
| short_working_session_description = One of the biggest challenges of running an application security program is assembling the vulnerability findings from disparate tools, services, and consultants in a meaningful fashion. There are numerous standards for classifying vulnerabilities but little agreement on severity, exploitability, and/or business impact. One consultant may subjectively rate a vulnerability as critical while another will call it moderate. Some tools will attempt to gauge exploitability levels (which can be a black art in and of itself), others won't. Tools use everything from CWE to the OWASP Top Ten to the WASC TC to CAPEC. Security consultants often disregard vulnerability classification taxonomies in favor of their own "proprietary" systems. Sophisticated organizations may create their own internal system for normalizing output, but others can't afford to undertake such an effort. Until tool vendors and service providers can standardize on one methodology -- or maybe a couple -- for counting and scoring application defects, they are doing their customers a disservice.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss existing methods for counting and scoring defects, by vendors and practitioners willing to share their methodologies.

| summit_session_objective_name2 = Discuss advantages and disadvantages of a standardized approach.

| summit_session_objective_name3 = Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = White paper sketching out a standard for rating risks that accomodates individual minor defects all the way through architectural flaws (that may represent many individual defects)

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com
| summit_session_leader_username1 = Chris Eng

| summit_session_leader_name2 = Chris Wysopal
| summit_session_leader_email2 = cwysopal@Veracode.com
| summit_session_leader_username2 = Chris Wysopal

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

Summit 2011 Working Sessions/Session002

2011-01-31T13:25:16Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_username1 = John.wilander
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = Michael.Coates@owasp.org
| summit_session_attendee_username2 = MichaelCoates
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 = ceng@veracode.com
| summit_session_attendee_username6=
| summit_session_attendee_company6= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Nishi Kumar
| summit_session_attendee_email7 = nishi.kumar@owasp.org
| summit_session_attendee_username7=
| summit_session_attendee_company7= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Elke Roth-Mandutz
| summit_session_attendee_email8 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_username8=
| summit_session_attendee_company8=GSO-University of Applied Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = HTML5 Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description=
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Handle autofocus in a unified and secure way'''.<noinclude> Make sure SOP applies for autofocus usage in frame/iframe'd websites. Re-discuss necessity for (future) attributes like this.</noinclude>

| summit_session_objective_name2 = '''Discuss necessity and capability for the HTML5 form controls'''.<noinclude> Do we need a non-SOP formaction attribute and why? </noinclude>

| summit_session_objective_name3 = <noinclude>'''Goal I''':</noinclude> Initiate and create documentation and references for developers that address security issues. <noinclude>Html5sec.org is a start but impossible to continue or extend large scale without vendor help</noinclude>

| summit_session_objective_name4 = <noinclude>'''Goal II''':</noinclude>Discuss and heavily restrict SVG capabilities - especially when deployed in CSS backgrounds and <img> tags. <noinclude>Mainly Opera and Mozilla are addressed here.</noinclude>

| summit_session_objective_name5 = '''Long Term Goal(s)''': Provide a working and easy to use as well as vendor supported HTML5 compliant filter software such as HTMLPurifier. <noinclude>Browser vendors should participate in creating security software and filters - not undermine them as we could experience in the last decade.</noinclude>
|-

| working_session_date_and_time = Tuesday, 09 February <br> Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = <br>

[[Image:Html5_mario_hackvertor.jpg‎‎]]

===Co-chair Mario Heiderich===
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the [http://html5sec.org/ HTML5 security cheat-sheet] and maintains the [http://php-ids.org/ PHPIDS filter rules]. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Browser Security Priority Report
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|summit_session_deliverable_name6 =
|summit_session_deliverable_url_6 =

|summit_session_deliverable_name7 =
|summit_session_deliverable_url_7 =

|summit_session_deliverable_name8 =
|summit_session_deliverable_url_8 =

|-

| summit_session_leader_name1 = Mario Heiderich
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org
| operational_leader_username1 = John.wilander

|-
| meeting_notes =
|-
| session_name_mask =  Session002
| session_home_page =  Summit_2011_Working_Sessions/Session002
}}
</includeonly>

Summit 2011 Working Sessions/Session002

2011-01-31T13:22:52Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_username1 = John.wilander
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = Michael.Coates@owasp.org
| summit_session_attendee_username2 = MichaelCoates
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Stefano Di Paola
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Isaac Dawson
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Chris Eng
| summit_session_attendee_email6 = ceng@veracode.com
| summit_session_attendee_username6=
| summit_session_attendee_company6= Veracode
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Nishi Kumar
| summit_session_attendee_email7 = nishi.kumar@owasp.org
| summit_session_attendee_username7=
| summit_session_attendee_company7= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Elke Roth-Mandutz
| summit_session_attendee_email8 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_username8=
| summit_session_attendee_company8=GSO University of Applied Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = HTML5 Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session002
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description=
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= '''Handle autofocus in a unified and secure way'''.<noinclude> Make sure SOP applies for autofocus usage in frame/iframe'd websites. Re-discuss necessity for (future) attributes like this.</noinclude>

| summit_session_objective_name2 = '''Discuss necessity and capability for the HTML5 form controls'''.<noinclude> Do we need a non-SOP formaction attribute and why? </noinclude>

| summit_session_objective_name3 = <noinclude>'''Goal I''':</noinclude> Initiate and create documentation and references for developers that address security issues. <noinclude>Html5sec.org is a start but impossible to continue or extend large scale without vendor help</noinclude>

| summit_session_objective_name4 = <noinclude>'''Goal II''':</noinclude>Discuss and heavily restrict SVG capabilities - especially when deployed in CSS backgrounds and <img> tags. <noinclude>Mainly Opera and Mozilla are addressed here.</noinclude>

| summit_session_objective_name5 = '''Long Term Goal(s)''': Provide a working and easy to use as well as vendor supported HTML5 compliant filter software such as HTMLPurifier. <noinclude>Browser vendors should participate in creating security software and filters - not undermine them as we could experience in the last decade.</noinclude>
|-

| working_session_date_and_time = Tuesday, 09 February <br> Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = <br>

[[Image:Html5_mario_hackvertor.jpg‎‎]]

===Co-chair Mario Heiderich===
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft. Mario invoked the [http://html5sec.org/ HTML5 security cheat-sheet] and maintains the [http://php-ids.org/ PHPIDS filter rules]. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

===Co-chair Gareth Heyes===
Gareth "Gaz" Heyes calls himself Chief Conspiracy theorist and is affiliated with Microsoft. He is the designer and developer behind [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=JSReg JSReg] – a Javascript sandbox which converts code using regular expressions; [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=HTMLReg HTMLReg] & [http://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes#tab=CSSReg CSSReg] – converters of malicious HTML/CSS into a safe form of HTML. He is also one of the co-authors of [http://www.amazon.com/Web-Application-Obfuscation-WAFs-Evasion-Filters-alert/dp/1597496049 Web Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-'] – a book on how an attacker would bypass different types of security controls including IDS/IPS.

|-

|summit_session_deliverable_name1 = Browser Security Report
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 = Browser Security Priority Report
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|summit_session_deliverable_name6 =
|summit_session_deliverable_url_6 =

|summit_session_deliverable_name7 =
|summit_session_deliverable_url_7 =

|summit_session_deliverable_name8 =
|summit_session_deliverable_url_8 =

|-

| summit_session_leader_name1 = Mario Heiderich
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Gareth Heyes
| summit_session_leader_email2 = gazheyes@gmail.com
| summit_session_leader_username2 = Gareth Heyes

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org
| operational_leader_username1 = John.wilander

|-
| meeting_notes =
|-
| session_name_mask =  Session002
| session_home_page =  Summit_2011_Working_Sessions/Session002
}}
</includeonly>

Summit 2011 Working Sessions/Session058

2011-01-31T13:19:48Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Jason Taylor
| summit_session_attendee_email1 = jtaylor@securityinnovation.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_company2=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Sherif Koussa
| summit_session_attendee_email3 = sherif.koussa@owasp.org
| summit_session_attendee_company3= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Vishal Garg
| summit_session_attendee_email4 = vishalgrg@gmail.com
| summit_session_attendee_company4= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Matteo Meucci
| summit_session_attendee_email5 = matteo.meucci@owasp.org
| summit_session_attendee_company5= Minded Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Elke Roth-Mandutz
| summit_session_attendee_email6 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_company6= GSO University of Applied Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058
| mailing_list =
|-
| short_working_session_description = One of the biggest challenges of running an application security program is assembling the vulnerability findings from disparate tools, services, and consultants in a meaningful fashion. There are numerous standards for classifying vulnerabilities but little agreement on severity, exploitability, and/or business impact. One consultant may subjectively rate a vulnerability as critical while another will call it moderate. Some tools will attempt to gauge exploitability levels (which can be a black art in and of itself), others won't. Tools use everything from CWE to the OWASP Top Ten to the WASC TC to CAPEC. Security consultants often disregard vulnerability classification taxonomies in favor of their own "proprietary" systems. Sophisticated organizations may create their own internal system for normalizing output, but others can't afford to undertake such an effort. Until tool vendors and service providers can standardize on one methodology -- or maybe a couple -- for counting and scoring application defects, they are doing their customers a disservice.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss existing methods for counting and scoring defects, by vendors and practitioners willing to share their methodologies.

| summit_session_objective_name2 = Discuss advantages and disadvantages of a standardized approach.

| summit_session_objective_name3 = Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = White paper sketching out a standard for rating risks that accomodates individual minor defects all the way through architectural flaws (that may represent many individual defects)

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com
| summit_session_leader_username1 = Chris Eng

| summit_session_leader_name2 = Chris Wysopal
| summit_session_leader_email2 = cwysopal@Veracode.com
| summit_session_leader_username2 = Chris Wysopal

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

Summit 2011 Working Sessions/Session028

2011-01-12T15:49:10Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Elke Roth-Mandutz
| summit_session_attendee_email1 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_company1= GSO-University of Applied Sciences
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._secure_coding.jpg]]
| summit_ws_logo = [[Image:WS._secure_coding.jpg]]
| summit_session_name = Protecting Information Stored Client-Side
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session028
|-

| short_working_session_description=

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 =
| summit_session_leader_email1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-
| meeting_notes =

|-
| session_name_mask =  Session028
| session_home_page =  Summit_2011_Working_Sessions/Session028
}}

Summit 2011 Working Sessions/Session012

2011-01-11T18:12:13Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Cecil Su
| summit_session_attendee_email2 = cecil.su@owasp.org
| summit_session_attendee_company2= Grant Thornton
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Elke Roth-Mandutz
| summit_session_attendee_email3 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_company3= GSO-University of Applied Sciences
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = University Outreach
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012
|-

| short_working_session_description= During the university outreach working session, we hope to bring OWASP educational supporters together and address questions such as:

● What security education programs currently exist in university settings around the world?

● How can OWASP participate and influence the curricula of these educational programs?

● How can we foster relationships between OWASP and universities?

● How can the relationship between OWASP and universities be standardized?

● What can OWASP offer universities and what can they, in turn, expect from each other?
|-

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=
Estimation of Security prorams currently exist in university settings around the world
| summit_session_objective_name2 =
How can OWASP participate and influence the curricula of these educational programs?
| summit_session_objective_name3 =
How can we foster relationships between OWASP and universities?
| summit_session_objective_name4 =
How can the relationship between OWASP and universities be standardized?
| summit_session_objective_name5 =
What can OWASP offer universities and what can they, in turn, expect from each other?
|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Martin Knobloch
| summit_session_leader_email1 = martin.knobloch@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session012
| session_home_page =  Summit_2011_Working_Sessions/Session012
}}

Summit 2011 Working Sessions/Session073

2011-01-11T18:10:50Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 =
| summit_session_attendee_company1= Watson Hall
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Lorna Alamri
| summit_session_attendee_email2 = lorna.alamri@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Achim Hoffmann
| summit_session_attendee_email3 = achim@owasp.org
| summit_session_attendee_company3= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= see items at [[Talk:Summit_2011_Working_Sessions/Session023#Emphasise_.22S.22_of_OWASP | Overhauling OWASP website]] session

| summit_session_attendee_name4 = Elke Roth-Mandutz
| summit_session_attendee_email4 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_company4= GSO-University of Applied Sciences
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= web privacy research project

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._owasp.jpg]]
| summit_ws_logo = [[Image:WS._owasp.jpg]]
| summit_session_name = Privacy - Personal Data/PII, Legislation and OWASP
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073

|-

| short_working_session_description=

[[File:Banner-privacypush-1.png]]

Privacy is a growing area of concern in the US, and might have greater awareness & understanding in the EU than security. Should OWASP say more about protecting personal data? Security is just one aspect of data protection, but many data breaches have been the result of application vulnerabilities.

This session will be useful for project leaders, as well as anyone in sectors collecting, processing or storing personal data (e.g. of consumers, citizens and employees).

|-

| related_project_name1 = Application Security Verification Standard - V9 Data Protection
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

| related_project_name2 = Application Security Desk Reference (ASDR) - Vulnerabilities - Privacy Violation
| related_project_url_2 = http://www.owasp.org/index.php/Privacy_Violation

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Discuss whether OWASP needs to be more proactive about privacy

| summit_session_objective_name2 = Define how we build privacy matters into existing tools and resources

| summit_session_objective_name3 = Identify gaps

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = The protection of personal data has been an important concern of organisations, especuially in Europe where European legislation has driven continent-wide adoption. In North America, the US HIPAA and Canadian Privacy Act have driven privacy initiatives. With the adoption of principles and processes such as "privacy by design", "privacy impact assessments" and "building privacy in", backed with strong regulation, organizations are having to make privacy a central part of their business practices. Growing public concern about use of their personal data, mis-use by organizations and personal data breaches are leading to increased, rather than decreased government intervention in this area. Privacy issues are nothing new, but some more recent examples are:

* [http://www.ftc.gov/opa/2010/12/privacyreport.shtm US Federal Trade Commission (FTC) Preliminary Staff Report on Privacy], 12 December 2010
* [http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2010-0484+0+DOC+XML+V0//EN&language=EN European Parliament Asks the European Commission to Protect Online Users from Advertising], 15 December 2010
* [http://news.cnet.com/8301-31921_3-20025950-281.html?part=rss&subj=news&tag=2547-1_3-0-20 Members Appointed to US Privacy and Civil Liberties Oversight Board], 16 December 2010
* [http://www.commerce.gov/news/press-releases/2010/12/16/commerce-department-unveils-policy-framework-protecting-consumer-privUS Department of Commerce Publishes Green Paper Recommending Creation of a Privacy 'Bill of Rights' for Internet Users], 16 December 2010

Can we map projects (tools and sections in resources) to business drivers such as "privacy"?

Privacy aspects are referred to through the wiki (including projects):

[[File:Owasp-org-privacy-counts.png]]

But there is not any central guide, and perhaps what there is, does not have enough depth. ASVS includes a whole verification topic about data protection and the ASDR has a page on privacy as a "vulnerability". The OWASP Top ten 2010 mentions personal data in the context of insecure cryptographic storage, but privacy protection is of course much wider than encrypting data. It is of course much wider than application security:

[[File:Privacy-context.png]]

But is OWASP offering the correct guidance in this area? Should OWASP be doing more?

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Colin Watson
| summit_session_leader_email1 = colin.watson(at)owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session073
| session_home_page =  Summit_2011_Working_Sessions/Session073
}}

Summit 2011 Working Sessions/Session012

2011-01-11T16:21:16Z

Elke Roth-Mandutz:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Cecil Su
| summit_session_attendee_email2 = cecil.su@owasp.org
| summit_session_attendee_company2= Grant Thornton
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Elke Roth-Mandutz
| summit_session_attendee_email3 = elke.roth-mandutz@ohm-hochschule.de
| summit_session_attendee_company3= Ohm Hochschule
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = University Outreach
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session012
|-

| short_working_session_description= During the university outreach working session, we hope to bring OWASP educational supporters together and address questions such as:

● What security education programs currently exist in university settings around the world?

● How can OWASP participate and influence the curricula of these educational programs?

● How can we foster relationships between OWASP and universities?

● How can the relationship between OWASP and universities be standardized?

● What can OWASP offer universities and what can they, in turn, expect from each other?
|-

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=
Estimation of Security prorams currently exist in university settings around the world
| summit_session_objective_name2 =
How can OWASP participate and influence the curricula of these educational programs?
| summit_session_objective_name3 =
How can we foster relationships between OWASP and universities?
| summit_session_objective_name4 =
How can the relationship between OWASP and universities be standardized?
| summit_session_objective_name5 =
What can OWASP offer universities and what can they, in turn, expect from each other?
|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Martin Knobloch
| summit_session_leader_email1 = martin.knobloch@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session012
| session_home_page =  Summit_2011_Working_Sessions/Session012
}}