OWASP - User contributions [en]

Category:OWASP Application Security Assessment Standards Project

2011-03-21T19:50:27Z

Matteo Michelini: added project roadmap

==== Main ====

The Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed and what level of assessment is appropriate based on business requirement.

== Project Roadmap ==

{{:OWASP Application Security Assessment Standards Project/Roadmap | Project Roadmap}}

== Project Contributors ==

The Application Security Assessment Standards project leader is [[:User:Matteo_Michelini|Matteo Michelini]] of Lutech SpA.

==== Project About ====

{{:Projects/OWASP Application Security Assessment Standards Project | Project About}}

==== OLD_PAGE ====

Currently there is a lack of standardization over what constitutes an application security assessment. With no single set of criteria being referenced, it is suggested that OWASP establish a set of standards defining and establishing a baseline approach to conducting differing types/levels of application security assessment. The standards should be flexible in design to accommodate a range of security assurance levels. The standards should not be viewed as placing requirements on any party. Rather, the standards should make recommendations about what should be done to be consistent with what the OWASP community believes is best practice. Adhering to the standards should help increase end user organization confidence that assessments meet an industry agreed-upon approach.

== Objective ==

The Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed, who should be involved and what level of assessment is appropriate based on business requirements. The following are seen as key tasks in order to meet this objective:

* Where practical, attempt to “standardize” nomenclature and definitions for common business application types.

* Where practical, attempt to “standardize” nomenclature and definitions of the differing security assessment types.

* Define standard application assessment process in SWIM flow chart.

* Define standard assessment scope per application type.

* Define standard testing boundaries for application assessments.

* Define what is needed on business end to prepare for application assessment.

* Establish where in SDLC should assessment steps be defined/conducted.

* Where practical, attempt to “standardize” skills nomenclature and establish baseline assessor qualifications and evaluation criteria.

* Establish a common set of application assessment levels:

** Define degree of assessment depth per level
** Define testing components required per level
** Establish level of tool usage/type vs. hands on assessment per level
** Establish linkages between level results and security metrics derived
** Establish linkages between levels and Security Maturity Models

* Establish guidance parameters to allow organizations to determine appropriate assessment level based on business application to be assessed.

* Document integration/linkages to other OWASP projects.

This project will not define how to technically to conduct an assessment (refer to OWASP Testing Project); it is instead meant to tie business operations and information management practices to application security in order to establish a common, consistent set of standards which provide guidance in conducting such assessments.

== Current Project Status: ==
'''OWASP Organization Backing'''

* Minimal feedback - Need Leadership Backing.

'''Phase I – Project Approach:'''

* Minimal feedback obtained. Contributors jumped in.

'''Phase II - Definitions:'''

* Define Common Business Application Types – '''Need Input.'''
* Define Security Assessment Types – '''Need Input.'''

'''Phase III – Assessment Context:'''

* Define Standard Application Assessment Process – '''Stub Started - Need Input.'''
* Define Standard Assessment Scope Per Application Type – Need Stub
* Define Standard Testing Boundaries For Application Assessments – Need Stub
* Define Business End Preparation For Application Assessment – Need Stub
* Establish Where In SDLC Should Assessment Steps Be Defined/Conducted – Need Stub
* Establish Baseline Assessor Qualifications And Evaluation Criteria – '''Stub Started - Need Input.'''

'''Phase IV – Assessment Levels:'''

''[ Suggest Establishment of Definitions and Context prior to commencement ]''

* Establish assessment level system common terminology and decision criteria - Included is analysis of potentially corresponding security measurements (i.e. common security metrics, security assurance/maturity models, related legislation, other standards, etc.).
* Create assessment levels based on previous Phase II and III objectives. Define assessment depth, testing components required, and level of tool usage/type (not product names) of tools used per level.
* Document corresponding linkages between assessment levels and common security metrics, security assurance/maturity models, related legislation, other documented national standards defined as component of first Phase III objective.
* Establish guidance parameters to allow organizations to determine appropriate assessment level based on business application to be assessed.

Also refer to project Roadmap.

== Feedback and Participation ==

We hope you find the OWASP Application Security Assessment Standards Project useful. Please contribute back to the project by sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Assessment Standards mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-appsec-standards subscription page.]

== Project Contributers ==

The Assessment Standards project lead is Cliff Barlow of KoreLogic Security. He can be reached at cbarlow@korelogic.com.

Key contributors:

* Bob Austin, KoreLogic Security

* Jeff Williams, Aspect Security

* Vinay Bansal, Cisco Systems

* Imre Kertesz, KoreLogic Security

__NOTOC__ <headertabs />

[[Category:OWASP Project|Application Security Assessment Standards Project]]
[[Category:OWASP_Document]]
[[Category:OWASP_Alpha_Quality_Document]]

Category:OWASP Application Security Assessment Standards Project

2011-03-21T19:47:09Z

Matteo Michelini: added main

==== Main ====

The Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed and what level of assessment is appropriate based on business requirement.

== Project Contributors ==

The Application Security Assessment Standards project leader is [[:User:Matteo_Michelini|Matteo Michelini]] of Lutech SpA.

==== Project About ====

{{:Projects/OWASP Application Security Assessment Standards Project | Project About}}

==== OLD_PAGE ====

Currently there is a lack of standardization over what constitutes an application security assessment. With no single set of criteria being referenced, it is suggested that OWASP establish a set of standards defining and establishing a baseline approach to conducting differing types/levels of application security assessment. The standards should be flexible in design to accommodate a range of security assurance levels. The standards should not be viewed as placing requirements on any party. Rather, the standards should make recommendations about what should be done to be consistent with what the OWASP community believes is best practice. Adhering to the standards should help increase end user organization confidence that assessments meet an industry agreed-upon approach.

== Objective ==

The Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed, who should be involved and what level of assessment is appropriate based on business requirements. The following are seen as key tasks in order to meet this objective:

* Where practical, attempt to “standardize” nomenclature and definitions for common business application types.

* Where practical, attempt to “standardize” nomenclature and definitions of the differing security assessment types.

* Define standard application assessment process in SWIM flow chart.

* Define standard assessment scope per application type.

* Define standard testing boundaries for application assessments.

* Define what is needed on business end to prepare for application assessment.

* Establish where in SDLC should assessment steps be defined/conducted.

* Where practical, attempt to “standardize” skills nomenclature and establish baseline assessor qualifications and evaluation criteria.

* Establish a common set of application assessment levels:

** Define degree of assessment depth per level
** Define testing components required per level
** Establish level of tool usage/type vs. hands on assessment per level
** Establish linkages between level results and security metrics derived
** Establish linkages between levels and Security Maturity Models

* Establish guidance parameters to allow organizations to determine appropriate assessment level based on business application to be assessed.

* Document integration/linkages to other OWASP projects.

This project will not define how to technically to conduct an assessment (refer to OWASP Testing Project); it is instead meant to tie business operations and information management practices to application security in order to establish a common, consistent set of standards which provide guidance in conducting such assessments.

== Current Project Status: ==
'''OWASP Organization Backing'''

* Minimal feedback - Need Leadership Backing.

'''Phase I – Project Approach:'''

* Minimal feedback obtained. Contributors jumped in.

'''Phase II - Definitions:'''

* Define Common Business Application Types – '''Need Input.'''
* Define Security Assessment Types – '''Need Input.'''

'''Phase III – Assessment Context:'''

* Define Standard Application Assessment Process – '''Stub Started - Need Input.'''
* Define Standard Assessment Scope Per Application Type – Need Stub
* Define Standard Testing Boundaries For Application Assessments – Need Stub
* Define Business End Preparation For Application Assessment – Need Stub
* Establish Where In SDLC Should Assessment Steps Be Defined/Conducted – Need Stub
* Establish Baseline Assessor Qualifications And Evaluation Criteria – '''Stub Started - Need Input.'''

'''Phase IV – Assessment Levels:'''

''[ Suggest Establishment of Definitions and Context prior to commencement ]''

* Establish assessment level system common terminology and decision criteria - Included is analysis of potentially corresponding security measurements (i.e. common security metrics, security assurance/maturity models, related legislation, other standards, etc.).
* Create assessment levels based on previous Phase II and III objectives. Define assessment depth, testing components required, and level of tool usage/type (not product names) of tools used per level.
* Document corresponding linkages between assessment levels and common security metrics, security assurance/maturity models, related legislation, other documented national standards defined as component of first Phase III objective.
* Establish guidance parameters to allow organizations to determine appropriate assessment level based on business application to be assessed.

Also refer to project Roadmap.

== Feedback and Participation ==

We hope you find the OWASP Application Security Assessment Standards Project useful. Please contribute back to the project by sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Assessment Standards mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-appsec-standards subscription page.]

== Project Contributers ==

The Assessment Standards project lead is Cliff Barlow of KoreLogic Security. He can be reached at cbarlow@korelogic.com.

Key contributors:

* Bob Austin, KoreLogic Security

* Jeff Williams, Aspect Security

* Vinay Bansal, Cisco Systems

* Imre Kertesz, KoreLogic Security

__NOTOC__ <headertabs />

[[Category:OWASP Project|Application Security Assessment Standards Project]]
[[Category:OWASP_Document]]
[[Category:OWASP_Alpha_Quality_Document]]

Category:OWASP Application Security Assessment Standards Project

2011-03-21T19:40:25Z

Matteo Michelini: added OLD_PAGE tab and some minor updates

==== Main ====

== Project Contributers ==

The Assessment Standards project leader is Matteo Michelini of Lutech SpA. He can be reached at matteo.michelini@owasp.org

==== Project About ====

{{:Projects/OWASP Application Security Assessment Standards Project | Project About}}

==== OLD_PAGE ====

Currently there is a lack of standardization over what constitutes an application security assessment. With no single set of criteria being referenced, it is suggested that OWASP establish a set of standards defining and establishing a baseline approach to conducting differing types/levels of application security assessment. The standards should be flexible in design to accommodate a range of security assurance levels. The standards should not be viewed as placing requirements on any party. Rather, the standards should make recommendations about what should be done to be consistent with what the OWASP community believes is best practice. Adhering to the standards should help increase end user organization confidence that assessments meet an industry agreed-upon approach.

== Objective ==

The Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed, who should be involved and what level of assessment is appropriate based on business requirements. The following are seen as key tasks in order to meet this objective:

* Where practical, attempt to “standardize” nomenclature and definitions for common business application types.

* Where practical, attempt to “standardize” nomenclature and definitions of the differing security assessment types.

* Define standard application assessment process in SWIM flow chart.

* Define standard assessment scope per application type.

* Define standard testing boundaries for application assessments.

* Define what is needed on business end to prepare for application assessment.

* Establish where in SDLC should assessment steps be defined/conducted.

* Where practical, attempt to “standardize” skills nomenclature and establish baseline assessor qualifications and evaluation criteria.

* Establish a common set of application assessment levels:

** Define degree of assessment depth per level
** Define testing components required per level
** Establish level of tool usage/type vs. hands on assessment per level
** Establish linkages between level results and security metrics derived
** Establish linkages between levels and Security Maturity Models

* Establish guidance parameters to allow organizations to determine appropriate assessment level based on business application to be assessed.

* Document integration/linkages to other OWASP projects.

This project will not define how to technically to conduct an assessment (refer to OWASP Testing Project); it is instead meant to tie business operations and information management practices to application security in order to establish a common, consistent set of standards which provide guidance in conducting such assessments.

== Current Project Status: ==
'''OWASP Organization Backing'''

* Minimal feedback - Need Leadership Backing.

'''Phase I – Project Approach:'''

* Minimal feedback obtained. Contributors jumped in.

'''Phase II - Definitions:'''

* Define Common Business Application Types – '''Need Input.'''
* Define Security Assessment Types – '''Need Input.'''

'''Phase III – Assessment Context:'''

* Define Standard Application Assessment Process – '''Stub Started - Need Input.'''
* Define Standard Assessment Scope Per Application Type – Need Stub
* Define Standard Testing Boundaries For Application Assessments – Need Stub
* Define Business End Preparation For Application Assessment – Need Stub
* Establish Where In SDLC Should Assessment Steps Be Defined/Conducted – Need Stub
* Establish Baseline Assessor Qualifications And Evaluation Criteria – '''Stub Started - Need Input.'''

'''Phase IV – Assessment Levels:'''

''[ Suggest Establishment of Definitions and Context prior to commencement ]''

* Establish assessment level system common terminology and decision criteria - Included is analysis of potentially corresponding security measurements (i.e. common security metrics, security assurance/maturity models, related legislation, other standards, etc.).
* Create assessment levels based on previous Phase II and III objectives. Define assessment depth, testing components required, and level of tool usage/type (not product names) of tools used per level.
* Document corresponding linkages between assessment levels and common security metrics, security assurance/maturity models, related legislation, other documented national standards defined as component of first Phase III objective.
* Establish guidance parameters to allow organizations to determine appropriate assessment level based on business application to be assessed.

Also refer to project Roadmap.

== Feedback and Participation ==

We hope you find the OWASP Application Security Assessment Standards Project useful. Please contribute back to the project by sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Assessment Standards mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-appsec-standards subscription page.]

== Project Contributers ==

The Assessment Standards project lead is Cliff Barlow of KoreLogic Security. He can be reached at cbarlow@korelogic.com.

Key contributors:

* Bob Austin, KoreLogic Security

* Jeff Williams, Aspect Security

* Vinay Bansal, Cisco Systems

* Imre Kertesz, KoreLogic Security

__NOTOC__ <headertabs />

[[Category:OWASP Project|Application Security Assessment Standards Project]]
[[Category:OWASP_Document]]
[[Category:OWASP_Alpha_Quality_Document]]

User:Matteo Michelini

2011-03-21T19:13:18Z

Matteo Michelini:

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.].

His work is focused on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and ''two PGCert'' one in ''IT Governance'' and the other in ''Computer Forensics and Digital Investigations'' both from University of Milan. At present he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

OWASP contributions:

* [http://www.owasp.org/index.php/Special:Contributions/Matteo_Michelini OWASP wiki contributions].
* Project Leader of [[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]].

Contacts:

* [mailto:matteo.michelini(at)owasp.org Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

Category:OWASP Orphaned Projects

2011-03-18T22:52:51Z

Matteo Michelini:

= This page contains OWASP Projects that have been identified as orphaned ones =
* If you find interest in leading any one of them, please contact the [[:Category:Global Projects Committee|Global Projects Committee]] or the [mailto:paulo.coimbra@owasp.org OWASP project manager].<br>
* '''Note:''' Before setting up this list of orphaned projects, the GPC has tried to contact individually each project leader and, in a few cases, that turned up impossible to do. Being so, if you find the project you still want to lead being here mistakenly referred please inform us using the contacts above.

#[[:Category:OWASP AJAX Security Project|OWASP AJAX Security Project]] - Adopted/New leader: [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]
#[[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]] - Adopted/New Leader: [[:User:Matteo_Michelini|Matteo Michelini]]
#[[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]] - Adopted/New leader: [mailto:jeffrey.barto@ubs.com Jeff Barto]
#[[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]] - Adopted/New leader: [mailto:pete@techumen.com Pete Niner]
#[[:Category:OWASP Career Development Project|OWASP Career Development Project]]
#[[:Category:OWASP Certification Criteria Project|OWASP Certification Criteria Project]]
#[[:Category:OWASP Communications Project|OWASP Communications Project]]
#[[:Category:OWASP Encoding Project|OWASP Encoding Project]]
#[[:Category:OWASP Flash Security Project|OWASP Flash Security Project]] - Adopted/New leader: [[:User:Puhley|Peleus Uhley]]
#[[:Category:OWASP Fuzzing Code Database|OWASP Fuzzing Code Database]] - Adopted/New Leader: [[:User:Wagner.elias|Wagner Elias]]
#[[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]] - In process of adoption: [[User:Knoblochmartin|Martin Knobloch]]
#[[:OWASP Internationalization|OWASP Internationalization Project]]
#[[:Category:OWASP LAPSE Project|OWASP LAPSE Project]] - Adopted/New Leader - Pablo Martín Pérez
#[[:Category:OWASP Logging Project|OWASP Logging Project]] - Adopted/New Leader: [mailto:mchisinevski@yahoo.com Marc Chisinevski]
#[[:Category:OWASP_Oracle_Project|OWASP Oracle Project]]
#[[:Category:OWASP_Pantera_Web_Assessment_Studio_Project|OWASP Pantera Web Assessment Studio Project]]
#[[:Category:OWASP_PHP_AntiXSS_Library_Project|OWASP PHP AntiXSS Library Project]]
#[[:ORG (OWASP Report Generator)|OWASP Report Generator]] - Adopted/New leader: [[:User:Mroxberr|Mark Roxberry]]
#[[:Category:OWASP_SASAP_Project|OWASP Scholastic Application Security Assessment Project]]
#[https://www.owasp.org/index.php/Owasp_SiteGenerator OWASP SiteGenerator Project]
#[[:Category:OWASP_SQLiX_Project|OWASP SQLiX Project]]
#[[:Category:OWASP_SWAAT_Project|OWASP SWAAT Project]] - In process of adoption: [mailto:Suresh.Ranganathan@tatacommunications.com Suresh Ranganathan]
#[[:OWASP_Tiger|OWASP Tiger]]
#[[:Category:OWASP_Tools_Project|OWASP Tools Project]] - Adopted/New Leader: [mailto:vishalgrg@gmail.com Vishal Garg]
#[[:Category:OWASP_Validation_Project|OWASP Validation Project]]
#[[:Category:OWASP_Web_2.0_Project|OWASP Web 2.0 Project]] - In process of adoption: [mailto:Chris_E_Bush@KeyBank.com Chris Bush]
#[[:Category:OWASP_Web_Services_Security_Project|OWASP Web Services Security Project]] - Adopted/New Leader: [mailto:subu@securitycompass.com Subu Ramanathan]
#[[:Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project|OWASP XML Security Gateway Evaluation Criteria Project]]

User:Matteo Michelini

2011-03-17T10:59:41Z

Matteo Michelini:

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.].

His work is focused on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and ''two PGCert'' one in ''IT Governance'' and the other in ''Computer Forensics and Digital Investigations'' both from University of Milan. At present he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

OWASP contributions:

* [http://www.owasp.org/index.php/Special:Contributions/Matteo_Michelini OWASP wiki contributions].
* Project Leader of [[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]].

Contacts:

* [mailto:matteo.michelini(at)gmail.com Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

User:Matteo Michelini

2011-03-16T13:05:37Z

Matteo Michelini: Project Leader of OWASP ASAS

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.].

His work is focused on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and ''two PGCert'' one in ''IT Governance'' and the other one in ''Computer Forensics and Digital Investigations'' both from University of Milan. At present he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

OWASP contributions:

* [http://www.owasp.org/index.php/Special:Contributions/Matteo_Michelini OWASP wiki contributions].
* Project Leader of [[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]].

Contacts:

* [mailto:matteo.michelini(at)gmail.com Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

User:Matteo Michelini

2011-03-11T09:50:45Z

Matteo Michelini:

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.].

His work is focused on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and ''two PGCert'' one in ''IT Governance'' and the other one in ''Computer Forensics and Digital Investigations'' both from University of Milan. At present he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

OWASP contributions:

* [http://www.owasp.org/index.php/Special:Contributions/Matteo_Michelini OWASP wiki contributions].

Contacts:

* [mailto:matteo.michelini(at)gmail.com Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

User:Matteo Michelini

2011-03-11T09:17:30Z

Matteo Michelini:

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.].

His work is focused on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and ''two PGCert'' one in ''IT Governance'' and the other one in ''Computer Forensics and Digital Investigations'' both from University of Milan. Actually he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

OWASP contributions:

* [http://www.owasp.org/index.php/Special:Contributions/Matteo_Michelini OWASP wiki contributions].

Contacts:

* [mailto:matteo.michelini(at)gmail.com Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

User:Matteo Michelini

2011-03-10T22:29:21Z

Matteo Michelini:

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.] with a focus on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and ''two PGCert'' one in ''IT Governance'' and the other one in ''Computer Forensics and Digital Investigations'' both from University of Milan. Actually he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

OWASP contributions:

* [http://www.owasp.org/index.php/Special:Contributions/Matteo_Michelini OWASP wiki contributions].

Contacts:

* [mailto:matteo.michelini(at)gmail.com Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

User:Matteo Michelini

2011-03-10T22:26:11Z

Matteo Michelini:

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.] with a focus on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and ''two PGCert'' one in ''IT Governance'' and the other one in ''Computer Forensics and Digital Investigations'' both from University of Milan. Actually he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

OWASP contributions:

* [http://www.owasp.org/index.php/Special:Contributions/Matteo_Michelini OWASP wiki contributions].

Contacts:

* [mailto:matteo.michelini@gmail.com Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

User:Matteo Michelini

2011-03-10T21:53:12Z

Matteo Michelini:

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.] with a focus on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and ''two PGCert'' one in ''IT Governance'' and the other one in ''Computer Forensics and Digital Investigations'' both from University of Milan. Actually he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

Contacts:

* [mailto:matteo.michelini@gmail.com Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

User:Matteo Michelini

2011-03-10T21:51:43Z

Matteo Michelini:

'''Matteo Michelini''' is a ''Security Consultant'' at [http://www.lutech.it Lutech S.p.A.] with a focus on incident handling procedures, vulnerability management and intrusion detection. He is also involved with [http://www.sans.org SANS Institute] as a ''GIAC Question Writer'' and as a ''Mentor'' providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.

His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a ''B.Eng. in Computer Engineering'' from Politecnico di Milano and two PGCert one in ''IT Governance'' and the other one in ''Computer Forensics and Digital Investigations'' both from University of Milan. Actually he is a ''M.Sc. candidate in Information Security'' with a concentration in Systems Security at University of Milan.

Contacts:

* [mailto:matteo.michelini@gmail.com Email Address].
* [http://linkedin.com/in/matteomichelini LinkedIn Profile].

User:Matteo Michelini

2011-03-10T21:44:00Z

Matteo Michelini:

'''Matteo''' is a Security Consultant with a focus on incident handling procedures, vulnerability management and intrusion detection. He is also involved with SANS Institute as a GIAC Question Writer and as a Mentor providing local Security training for the course SEC504: Hacker Techniques, Exploits and Incident Handling.His current interests include computer forensics, penetration testing and application security. In the past he was a Security Researcher involved in the development of kernel level auditing systems for cutting-edge IDS technologies.

He currently holds the GCIH from SANS Institute, the CCNA and the CCNA Security certifications. He is also an IDS/IPS Certified Specialist from both IBM and CISCO Systems.

Matteo has a B.Eng. in Computer Engineering from Politecnico di Milano and two PGCert one in "IT Governance" and the other one in "Computer Forensics and Digital Investigations" both from University of Milan. Actually he is a M.Sc. candidate in Information Security with a concentration in Systems Security at University of Milan.

Contacts

* [mailto:matteo.michelini@gmail.com Email]
* [http://linkedin.com/in/matteomichelini Linkedin Profile]

Category:OWASP Orphaned Projects

2011-03-10T21:38:56Z

Matteo Michelini:

= This page contains OWASP Projects that have been identified as orphaned ones =
* If you find interest in leading any one of them, please contact the [[:Category:Global Projects Committee|Global Projects Committee]] or the [mailto:paulo.coimbra@owasp.org OWASP project manager].<br>
* '''Note:''' Before setting up this list of orphaned projects, the GPC has tried to contact individually each project leader and, in a few cases, that turned up impossible to do. Being so, if you find the project you still want to lead being here mistakenly referred please inform us using the contacts above.

#[[:Category:OWASP AJAX Security Project|OWASP AJAX Security Project]] - Adopted/New leader: [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]
#[[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]] - In process of adoption by Bithika & [[:User:Matteo_Michelini|Matteo Michelini]]
#[[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]] - Adopted/New leader: [mailto:jeffrey.barto@ubs.com Jeff Barto]
#[[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]] - Adopted/New leader: [mailto:pete@techumen.com Pete Niner]
#[[:Category:OWASP Career Development Project|OWASP Career Development Project]]
#[[:Category:OWASP Certification Criteria Project|OWASP Certification Criteria Project]]
#[[:Category:OWASP Communications Project|OWASP Communications Project]]
#[[:Category:OWASP Encoding Project|OWASP Encoding Project]]
#[[:Category:OWASP Flash Security Project|OWASP Flash Security Project]] - Adopted/New leader: [[:User:Puhley|Peleus Uhley]]
#[[:Category:OWASP Fuzzing Code Database|OWASP Fuzzing Code Database]] - Adopted/New Leader: [[:User:Wagner.elias|Wagner Elias]]
#[[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]] - In process of adoption: [[User:Knoblochmartin|Martin Knobloch]]
#[[:OWASP Internationalization|OWASP Internationalization Project]]
#[[:Category:OWASP LAPSE Project|OWASP LAPSE Project]] - Adopted/New Leader - Pablo Martín Pérez
#[[:Category:OWASP Logging Project|OWASP Logging Project]] - Adopted/New Leader: [mailto:mchisinevski@yahoo.com Marc Chisinevski]
#[[:Category:OWASP_Oracle_Project|OWASP Oracle Project]]
#[[:Category:OWASP_Pantera_Web_Assessment_Studio_Project|OWASP Pantera Web Assessment Studio Project]]
#[[:Category:OWASP_PHP_AntiXSS_Library_Project|OWASP PHP AntiXSS Library Project]]
#[[:ORG (OWASP Report Generator)|OWASP Report Generator]] - Adopted/New leader: [[:User:Mroxberr|Mark Roxberry]]
#[[:Category:OWASP_SASAP_Project|OWASP Scholastic Application Security Assessment Project]]
#[https://www.owasp.org/index.php/Owasp_SiteGenerator OWASP SiteGenerator Project]
#[[:Category:OWASP_SQLiX_Project|OWASP SQLiX Project]]
#[[:Category:OWASP_SWAAT_Project|OWASP SWAAT Project]] - In process of adoption: [mailto:Suresh.Ranganathan@tatacommunications.com Suresh Ranganathan]
#[[:OWASP_Tiger|OWASP Tiger]]
#[[:Category:OWASP_Tools_Project|OWASP Tools Project]] - Adopted/New Leader: [mailto:vishalgrg@gmail.com Vishal Garg]
#[[:Category:OWASP_Validation_Project|OWASP Validation Project]]
#[[:Category:OWASP_Web_2.0_Project|OWASP Web 2.0 Project]] - In process of adoption: [mailto:Chris_E_Bush@KeyBank.com Chris Bush]
#[[:Category:OWASP_Web_Services_Security_Project|OWASP Web Services Security Project]] - Adopted/New Leader: [mailto:subu@securitycompass.com Subu Ramanathan]
#[[:Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project|OWASP XML Security Gateway Evaluation Criteria Project]]