OWASP - User contributions [en]

OWASP Top 10 Threats and Mitigations Exam - Multiple Select

2011-08-04T18:05:25Z

Sandra Paiva:

Last updated 4 Aug 11

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Multiple Select'''</center>

1) Which of the following consequences are most likely to occur due to an injection attack? (Choose two.)

# Spoofing
# Data loss '''Correct'''
# Denial of service '''Correct'''
# Insecure direct object references

3) Which of the following scenarios are most likely to cause an injection attack? (Choose two.)

# Unvalidated input is embedded in an instruction stream. '''Correct'''
# Unvalidated input cannot be distinguished from valid instructions. '''Correct'''
# A Web application does not validate a client’s access to a resource.
# A Web action performs an operation on behalf of the user without checking a shared secret.

5) Which of the following are the best ways to protect against injection attacks? (Choose three.)

# Block list '''Correct'''
# Allow list '''Correct'''
# Escaping '''Correct'''
# Memory size checks
# Validate integer values before referencing arrays

6) Which of the following are most vulnerable to injection attacks? (Choose two.)

# Session IDs
# Registry keys
# Regular expressions '''Correct'''
# SQL queries based on user input '''Correct'''

8) Which mitigation techniques when used in combination can help you strictly define valid input? (Choose two.)

# Allow list '''Correct'''
# Block list '''Correct'''
# Table indirection
# Escaping

9) Which of the following architecture-level techniques are the best approaches to prevent attacks based on malicious input? (Choose two.)

# Allow list
# Table indirection '''Correct'''
# Escaping
# Object class for user input '''Correct'''

14) Which of the following languages are the primary targets of cross-site scripting? (Choose two.)

# HTML '''Correct'''
# SQL
# XSLT
# JavaScript '''Correct'''

18) Which of the following are the best ways to prevent malicious input exploiting your application? (Choose three.)

# Using allow List '''Correct'''
# Using block list '''Correct'''
# Using escaping '''Correct'''
# Using encryption
# Using table indirection

22) Which of the following input sources can be directly controlled by a malicious user? (Choose two.)

# Window.location '''Correct'''
# GET/POST parameters '''Correct'''
# Server configuration files
# Ports and network resources

23) Which of the following scenarios are most likely to result in broken authentication and session management vulnerabilities? (Choose two.)

# Poorly implemented custom code is used. '''Correct'''
# Misconfigured off-the-shelf code is used. '''Correct'''
# Unused and unnecessary services, code, and DLLs are disabled.
# The HttpOnly flag is set in cookies.

24) Which of the following actions should you take before implementing a custom authentication and session management system? (Choose two.)

# Find out if a suitable framework component already exists. '''Correct'''
# Find out if you can use a small extension to an existing component to implement the system. '''Correct'''
# Find out if form variables are available to store data.
# Find out if you need to use session-based indirection.

26) Which of the following functionalities should you include in an authentication and session management system? (Choose two.)

# Logout functionality '''Correct'''
# Inactivity timeout functionality '''Correct'''
# Escaping functionality
# Forwarding system functionality

31) Which of the following are authentication system mandatory requirements? (Choose three.)

# Strong passwords are required. '''Correct'''
# Use a GOTCHA to prevent automated attacks.
# User logout and session inactivity are required. '''Correct'''
# Session IDs are only accepted from cookies and parameter variables.
# Credentials are always protected with encryption or cryptographic salting and hashing. '''Correct'''

32) A session-based system authenticates a user to a Web site to provide access to restricted resources. To increase security in this scenario, an authentication token should meet which of the following requirements? (Choose two.)

# It should identify returning users to the site.
# It should be used as a replacement for a user's credentials. '''Correct'''
# It should always use a persistent cookie.
# It should always use a non-persistent cookie. '''Correct'''

34) Which of the following tasks are performed by a session-based system? (Choose two.)

# Identifying returning users '''Correct'''
# Providing access to restricted resources '''Correct'''
# Using the HTTP protocol
# Sending successful logins to a well-known location

36) Which of the following objects are most susceptible to an insecure direct object reference attack? (Choose two.)

# Files '''Correct'''
# Registry keys '''Correct'''
# Conditional constructs
# GET/POST parameters

37) Which of the following vulnerabilities are most likely to occur due to an insecure direct object reference attack? (Choose two.)

# Executing commands on the server.
# Impersonating any user on the system.
# Modifying SQL data pointed to by the query.
# Modifying data without authorization. '''Correct'''
# Accessing a resource without authorization. '''Correct'''

38) Which of the following are the best ways to mitigate the threat of an insecure direct object reference attack? (Choose two.)

# Use session-based indirection. '''Correct'''
# Use POST parameters instead of GET parameters.
# Perform an access check each time a resource identifier arrives as input. '''Correct'''
# Send successful logins to a well-known location instead of automatic redirection.

41) Which of the following threats are most likely to be caused by poor input validation? (Choose three.)

# Injection '''Correct'''
# Cross-site scripting '''Correct'''
# Insecure direct object reference '''Correct'''
# Insecure cryptographic storage
# Insufficient transport layer protection

43) Which of the following are the most common results of a cross-site request forgery? (Choose three.)

# Elevation of privilege '''Correct'''
# Denial of service '''Correct'''
# Spoofing and tampering '''Correct'''
# Enabling of IPSec
# Misconfigured or disabled security features

49) Which of the following are most often associated with a security misconfiguration threat? (Choose two.)

# Unused services '''Correct'''
# Default accounts '''Correct'''
# Bad cryptography
# Unsafe key storage

51) Which of the following are the best ways to reevaluate your environment and address new threats? (Choose two.)

# Add or remove network segments. '''Correct'''
# Apply the latest service packs, patches, hotfixes, and updates. '''Correct'''
# Use custom cryptographic algorithms.
# Use your browser to forge unauthorized requests.

52) Which of the following procedures are involved in the hardening process? (Choose two.)

# Disable unnecessary features. '''Correct'''
# Review all settings/configurations. '''Correct'''
# Repeat the process at random intervals.
# Update the environment with changes only when needed.

53) Which of the following consequences are most likely to result if your production environment does not match your development, testing, and staging environments? (Choose two.)

# Your application may not work as expected. '''Correct'''
# Your application may not authenticate users as expected. '''Correct'''
# Your application may be expensive to administer.
# Your application may have too many configuration files.

54) Which of the following can result in insecure cryptography? (Choose two.)

# Unsalted hash '''Correct'''
# Unused services
# Default accounts
# Failure to rotate keys '''Correct'''

55) Which of the following are most likely to result in insecure cryptography? (Choose two.)

# Custom cryptographic algorithms '''Correct'''
# Unsalted hash '''Correct'''
# New products
# Missing patches

56) Which of the following may result in cryptographic weakness? (Choose three.)

# Poor/weak algorithm choice '''Correct'''
# Custom cryptographic algorithms '''Correct'''
# Insufficient cryptographic protocols '''Correct'''
# Missing patches
# Unnecessary/unused services or features

57) Which of the following protocols are network layer encryption protocols? (Choose two.)

# SSL '''Correct'''
# EFS
# IPSec '''Correct'''
# Kerberos

58) Which of the following factors help you secure keys? (Choose three.)

# Complexity '''Correct'''
# Rotation '''Correct'''
# Randomness '''Correct'''
# Encryption

60) Which of the following depict the typical impact of failure to restrict URL access? (Choose two.)

# Attackers access other users’ accounts and data. '''Correct'''
# Attackers impersonate any user on the system.
# Attackers invoke functions and services they have no authorization for. '''Correct'''
# Attackers perform all actions that the victims themselves have permission to perform.

61) Which of the following actions should you take to verify the implementation of your Web application? (Choose two.)

# Use policy mechanisms.
# Use a simple and positive model at every layer.
# Verify that each URL in your application is appropriately protected. '''Correct'''
# Use your browser to forge unauthorized requests. '''Correct'''

62) Which of the following should you use to protect the connections between the physical tiers of your application? (Choose two.)

# EFS
# SSL '''Correct'''
# IPSec '''Correct'''
# Kerberos

63) Which of the following are the best ways to implement transport layer protection? (Choose two.)

# Install IDS
# Enable SSL '''Correct'''
# Set the HttpOnly flag on session ID cookies
# Enable IPSec '''Correct'''

65) Which of the following are the best ways to protect a Web application from unvalidated redirects and forwards? (Choose two.)

# Validate the referrer header '''Correct'''
# Use extended validation certificates
# Validate all input from the client '''Correct'''
# Disallow requests to unauthorized file types

69) In which of the following scenarios should you use the escaping technique? (Choose two.)

# When user input is echoed back to the user in HTML '''Correct'''
# When you need to validate any input as valid input
# When you are trying to protect against regular expression injection
# When you need to tell the interpreter that input is data and not code '''Correct'''

70) Which of the following are the best ways to prevent unvalidated redirect and forwards vulnerabilities? (Choose two.)

# Use an allow list, such as table indirection. '''Correct'''
# Use client-side validation.
# Allow only relative redirects. '''Correct'''
# Use session-based indirection.

OWASP Top 10 Threats and Mitigations Exam - Single Select

2011-08-04T17:49:49Z

Sandra Paiva:

Last updated 4 Aug 11

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Single Select'''</center>

1) Which of the following consequences is most likely to occur due to an injection attack?

# Spoofing
# Cross-site request forgery
# Denial of service '''Correct'''
# Insecure direct object references

2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application?

# Injection '''Correct'''
# Insecure direct object references
# Failure to restrict URL access
# Insufficient transport layer protection

3) Which of the following scenarios is most likely to cause an injection attack?

# Unvalidated input is embedded in an instruction stream. '''Correct'''
# Unvalidated input can be distinguished from valid instructions.
# A Web application does not validate a client’s access to a resource.
# A Web action performs an operation on behalf of the user without checking a shared secret.

4) A user is able to pass malicious input that invokes control codes in your Web application. Which vulnerability is most likely to occur in your Web application?

# Injection '''Correct'''
# Insecure direct object references
# Failure to restrict URL access
# Insufficient transport layer protection

5) Which of the following is the best way to protect against injection attacks?

# SQL queries based on user input
# Input validation using an allow list '''Correct'''
# Memory size checks
# Validate integer values before referencing arrays

6) Which of the following is most vulnerable to injection attacks?

# Session IDs
# Registry keys
# Regular expressions '''Correct'''
# Server configuration files

7) Which character is most likely to be used for an SQL injection attack?

# Single quote (') '''Correct'''
# Null (\0) byte
# Less than sign(<)
# Greater than sign(>)

8) Which mitigation technique can help you strictly define valid input?

# Allow list '''Correct'''
# Memory size checks
# Table indirection
# Escaping

9) Which of the following architecture-level techniques are the best approaches to prevent attacks based on malicious input?

# Allow list
# Table indirection '''Correct'''
# Escaping
# Memory size checks

10) Which mitigation technique helps you tell the parser that a specific character is a literal and not a control character?

# Table indirection
# Allow list
# Escaping '''Correct'''
# Block list

11) State whether the following statement is True or False.
You should use a blacklist wherever possible; use whitelists only as a secondary defense.

# True
# False '''Correct'''

12) Which of the following is the best way to define disallowed inputs?

# Allow list
# Block list '''Correct'''
# Table indirection
# Escaping

13) Which of the following are injection attacks?

# Cross-site scripting '''Correct'''
# Cross-site request forgery
# Insecure direct object references
# Broken authentication and session management

14) Which of the following languages are the primary targets of cross-site scripting?

# HTML '''Correct'''
# SQL
# XSLT
# XPath

15) Which of the following attacks occurs when a malicious user convinces a victim to send a request to a server with malicious input and the server echoes the input back to client?

# Reflected XSS '''Correct'''
# Persistent XSS
# Insecure direct object references
# Failure to restrict URL access

16) Which of the following is the best way to prevent a DOM-based XSS attack?

# Set the HttpOnly flag in cookies
# Ensure that session IDs are not exposed in a URL
# Ensure that a different nonce is created for each request
# Validate any input that comes from another Web site '''Correct'''

17) How does malicious input flow in a DOM-based XSS?

# From server to client
# From client to itself '''Correct'''
# From attacker to server
# From victim to server

18) Which of the following is the best way to prevent malicious input exploiting your application?

# Input validation using an allow List '''Correct'''
# Using encryption
# Using table indirection
# Using GET/POST parameters

19) You should set the HttpOnly flag in a cookie to ensure that:

# The cookie is not available to client scripts. '''Correct'''
# The cookie is deleted when the user closes the browser.
# The cookie is sent over an encrypted channel.
# The cookie is a persistent cookie.

20) You should set a secure flag in a cookie to ensure that:

# The cookie is a persistent cookie.
# The cookie is not available to client script.
# The cookie is sent over an encrypted channel. '''Correct'''
# The cookie is deleted when the user closes the browser.

21) An attacker submits data to the server and the data is stored on the server. Which type of vulnerability is most likely to occur in your application?

# DOM-based XSS
# Reflected XSS
# Persistent XSS '''Correct'''
# Cross-site request forgery

22) Which of the following input sources can be directly controlled by a malicious user?

# GET/POST parameters '''Correct'''
# Server configuration files
# Ports
# Server code

23) Which of the following scenarios is most likely to result in broken authentication and session management vulnerabilities?

# Poorly implemented custom code is used. '''Correct'''
# Session-based indirection is used.
# Unused and unnecessary services, code, and DLLs are disabled.
# The HttpOnly flag is set in cookies.

24) Which of the following actions should you take before implementing a custom authentication and session management system?

# Find out if the HttpOnly flag is set in cookies.
# Find out if you can use a small extension to an existing component to implement the system. '''Correct'''
# Find out if form variables are available to store data.
# Find out if you need to use session-based indirection.

25) State whether the following statement is True or False.
When implementing an authentication or session system, you should ensure that new session IDs are not created at login.

# True
# False '''Correct'''

26) Which of the following functionalities should you include in an authentication and session management system?

# Logout functionality '''Correct'''
# Regular expressions
# Escaping functionality
# Forwarding system functionality

27) Why should you use CAPTCHA?

# To create cryptographically random session IDs
# To protect credentials by using encryption or cryptographic salt and hash
# To protect authentication systems from automated or brute-force attacks '''Correct'''
# To ensure that authentication systems implement inactivity timeout functionality

28) What should you do before passing credentials over the network?

# Replace the credentials with a cryptographic salt and hash. '''Correct'''
# Accept session IDs from URLs.
# Share the credentials with the client.
# Use persistent cookies to manage session IDs.

29) Which location should you ideally use to store a session ID?

# URLs
# Form variables
# Persistent cookies
# Non-persistent cookies '''Correct'''

30) Which of the following is the best way to ensure that JavaScript cannot be used to access a cookie?

# Set the secure flag in the cookie
# Set the HttpOnly flag in the cookie '''Correct'''
# Use the CAPTCHA system
# Use non-persistent cookies

31) Which of the following is an authentication system mandatory requirement?

# Form variables are used for managing session IDs.
# Use a GOTCHA to prevent automated attacks.
# User logout and session inactivity controls. '''Correct'''
# Session IDs are only accepted from cookies and parameter variables.

32) A session-based system authenticates a user to a Web site to provide access to restricted resources. To increase security in this scenario, an authentication token should meet which of the following requirements?

# It should identify returning users to the site.
# It should be public information.
# It should always use a persistent cookie.
# It should always use a non-persistent cookie. '''Correct'''

33) State whether the following statement is True or False.
An identification token is a replacement for a user’s credentials and should allow access to restricted resources of a Web site.

# True
# False '''Correct'''

34) Which of the following tasks is performed by a session-based system?

# Identifying returning users '''Correct'''
# Using form variables for managing session IDs
# Using the HTTP protocol
# Sending successful logins to a well-known location

35) Which threat is most likely to occur when a Web application fails to validate a client's access to a resource?

# Injection
# Cross-site scripting
# Insecure direct object reference '''Correct'''
# Cross-site request forgery

36) Which of the following objects is most susceptible to an insecure direct object reference attack?

# Nonpersistent cookies
# Registry keys '''Correct'''
# Conditional constructs
# GET/POST parameters

37) Which of the following vulnerabilities is most likely to occur due to an insecure direct object reference attack?

# Executing commands on the server.
# Impersonating any user on the system.
# Modifying SQL data pointed to by the query.
# Accessing a resource without authorization. '''Correct'''

38) Which of the following is the best way to mitigate the threat of an insecure direct object reference attack?

# Use session-based indirection. '''Correct'''
# Use POST parameters instead of GET parameters.
# Use a regular expression.
# Send successful logins to a well-known location instead of automatic redirection.

39) State whether the following statement is True or False.
Time of Check Time of Use (TOCTOU) occurs if the authorization check is performed on one page of a Web site and the resource is used on a different page.

# True '''Correct'''
# False

40) Your Web application stores information about many accounts. Which threat is your Web application susceptible to if you can manipulate the URL of an account page to access all accounts?

# Cross-site request forgery
# Insecure direct object reference '''Correct'''
# Cross-site scripting
# Injection

41) Which of the following threats is most likely to be caused by poor input validation?

# Enabling of IPSec
# Insecure direct object reference '''Correct'''
# Insecure cryptographic storage
# Insufficient transport layer protection

42) Which threat is most likely to occur when a POST parameter performs an operation on behalf of a user without checking a shared secret?

# Cross-site request forgery '''Correct'''
# Insecure direct object reference
# Cross-site scripting
# Injection

43) Which of the following is the most common result of a cross-site request forgery?

# Elevation of privilege '''Correct'''
# Disabled security features
# Enabling of IPSec
# Misconfigured security features

44) An attacker lures a victim to malicious content on a Web site. A request is automatically sent to the vulnerable site which includes victim’s credentials. Which attack is most likely to occur in this scenario?

# Injection
# Cross-site scripting
# Insecure direct object reference
# Cross-site request forgery '''Correct'''

45) State whether the following statement is True or False.
The downside of a nonce is that it needs to be stored on the client.

# True
# False '''Correct'''

46) What should you add to an HMAC to ensure that the secret value is unique for each request?

# Salt
# Nonce
# Session ID
# Timestamp '''Correct'''

47) Which of the following practices should you observe in order to implement defense-in-depth techniques against CSRF attacks?

# Use GET parameters
# Use automatic redirection.
# Don’t include secrets in the URL. '''Correct'''
# Resubmit POST parameters during redirection.

48) State whether the following statement is True or False.
HTTP GET parameters limit the types of manipulation a malicious user can perform on the victim to forge a request.

# True
# False '''Correct'''

49) Which of the following mistakes is most often associated with a security misconfiguration threat?

# Cross-site request forgery
# Failure to disable default accounts '''Correct'''
# Bad cryptography
# Unsafe key storage

50) You have not yet applied some recent service packs and updates to your Web application. Which of the following threats is your Web server susceptible to?

# Injection
# Security misconfiguration '''Correct'''
# Insecure cryptographic storage
# Cross-site request forgery

51) Which of the following is the best way to reevaluate your environment and address new threats?

# Add or remove network segments. '''Correct'''
# Use the white-list validation of allowed input technique.
# Use custom cryptographic algorithms.
# Use your browser to forge unauthorized requests.

52) Which of the following procedures are involved in the hardening process?

# Disable unnecessary features. '''Correct'''
# Resubmit POST parameters during redirection.
# Repeat the process at random intervals.
# Update the environment with changes only when needed.

53) Which of the following consequence is most likely to result if your production environment does not match your development, testing, and staging environments?

# Your application may not work as expected. '''Correct'''
# Testing your application may take a long time.
# Your application may be expensive to administer.
# Your application may have too many configuration files.

54) Which of the following can result in insecure cryptography?

# Unsalted hash '''Correct'''
# Unused services
# Default accounts
# Rotating keys frequently

55) Which of the following is most likely to result in insecure cryptography?

# Unused services
# Unsalted hash '''Correct'''
# New products
# Missing patches

56) Which of the following may result in cryptographic weakness?

# Failure to restrict URL access
# Insufficient cryptographic protocols '''Correct'''
# Missing patches
# Unnecessary/unused services or features

57) Which of the following protocols is a network layer encryption protocol?

# HTTP
# EFS
# IPSec '''Correct'''
# Kerberos

58) Which of the following factors helps you secure keys?

# Complexity '''Correct'''
# Session-based indirection
# Escaping
# Encryption

59) Which of the following combines public-key cryptography with a cryptographic hash?

# Nonce
# Digital signature '''Correct'''
# SSL
# Salt

60) hich of the following depicts the typical impact of failure to restrict URL access?

# Attackers perform man-in-the-middle attacks.
# Attackers impersonate any user on the system.
# Attackers invoke functions and services they have no authorization for. '''Correct'''
# Attackers perform all actions that the victims themselves have permission to perform.

61) Which of the following actions should you take to test the security of your Web application?

# Use policy mechanisms.
# Use a simple and positive model at every layer.
# Set the secure flag on session ID cookies.
# Use your browser to forge unauthorized requests. '''Correct'''

62) Which of the following should you use to protect the connections between the physical tiers of your application?

# EFS
# SSL '''Correct'''
# HTTP
# Kerberos

63) Which of the following is the best way to implement transport layer protection?

# Install IDS
# Enable SSL '''Correct'''
# Set the HttpOnly flag on session ID cookies
# Perform client-side validation.

64) Which of the following is most likely to result from unvalidated redirects and forwards?

# Brute force attack
# Network sniffing
# Man-in-the-middle attack
# Bypassed authorization checks '''Correct'''

65) Which of the following is the best way to protect a Web application from unvalidated redirects and forwards?

# Validate the referrer header. '''Correct'''
# Use extended validation certificates.
# Use the escaping technique.
# Disallow requests to unauthorized file types.

66) Which of the following is the best way to detect unvalidated redirects and forwards?

# Use internal transfers without authorizing the user for target URL
# Use your browser to forge unauthorized requests
# Use weblogs to identify redirects and forwards '''Correct'''
# Use policy mechanisms

67) State whether the following statement is True or False.
Most security issues are related to input and a user’s ability to interact with and control input.

# True '''Correct'''
# False

68) State whether the following statement is True or False.
If user input can be confused for instructions in the language or the way the language is applied, then the language is vulnerable to an injection attack.

# True '''Correct'''
# False

69) In which of the following scenarios should you use the escaping technique?

# When user input is echoed back to the user in HTML '''Correct'''
# When you need to validate any input as valid input
# When you are trying to protect against regular expression injection
# When you need to tell the interpreter that input is code

70) Which of the following is the best way to prevent unvalidated redirect and forwards vulnerabilities?

# Use an allow list, such as table indirection. '''Correct'''
# Use client-side validation.
# Allow only absolute redirects.
# Use session-based indirection.

OWASP Top 10 Threats and Mitigations Exam - Single Select

2011-08-04T17:33:22Z

Sandra Paiva:

Last updated 4 Aug 11

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Single Select'''</center>

1) Which of the following consequences is most likely to occur due to an injection attack?

# Spoofing
# Cross-site request forgery
# Denial of service '''Correct'''
# Insecure direct object references

2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application?

# Injection '''Correct'''
# Insecure direct object references
# Failure to restrict URL access
# Insufficient transport layer protection

3) Which of the following scenarios is most likely to cause an injection attack?

# Unvalidated input is embedded in an instruction stream. '''Correct'''
# Unvalidated input can be distinguished from valid instructions.
# A Web application does not validate a client’s access to a resource.
# A Web action performs an operation on behalf of the user without checking a shared secret.

4) A user is able to pass malicious input that invokes control codes in your Web application. Which vulnerability is most likely to occur in your Web application?

# Injection '''Correct'''
# Insecure direct object references
# Failure to restrict URL access
# Insufficient transport layer protection

5) Which of the following is the best way to protect against injection attacks?

# SQL queries based on user input
# Input validation using an allow list '''Correct'''
# Memory size checks
# Validate integer values before referencing arrays

6) Which of the following is most vulnerable to injection attacks?

# Session IDs
# Registry keys
# Regular expressions '''Correct'''
# Server configuration files

7) Which character is most likely to be used for an SQL injection attack?

# Single quote (') '''Correct'''
# Null (\0) byte
# Less than sign(<)
# Greater than sign(>)

8) Which mitigation technique can help you strictly define valid input?

# Allow list '''Correct'''
# Memory size checks
# Table indirection
# Escaping

9) Which of the following architecture-level techniques are the best approaches to prevent attacks based on malicious input?

# Allow list
# Table indirection '''Correct'''
# Escaping
# Memory size checks

10) Which mitigation technique helps you tell the parser that a specific character is a literal and not a control character?

# Table indirection
# Allow list
# Escaping '''Correct'''
# Block list

11) State whether the following statement is True or False.
You should use a blacklist wherever possible; use whitelists only as a secondary defense.

# True
# False '''Correct'''

12) Which of the following is the best way to define disallowed inputs?

# Allow list
# Block list '''Correct'''
# Table indirection
# Escaping

13) Which of the following are injection attacks?

# Cross-site scripting '''Correct'''
# Cross-site request forgery
# Insecure direct object references
# Broken authentication and session management

Which of the following languages are the primary targets of cross-site scripting?

# HTML '''Correct'''
# SQL
# XSLT
# XPath

Which of the following attacks occurs when a malicious user convinces a victim to send a request to a server with malicious input and the server echoes the input back to client?

# Reflected XSS '''Correct'''
# Persistent XSS
# Insecure direct object references
# Failure to restrict URL access

Which of the following is the best way to prevent a DOM-based XSS attack?

# Set the HttpOnly flag in cookies
# Ensure that session IDs are not exposed in a URL
# Ensure that a different nonce is created for each request
# Validate any input that comes from another Web site '''Correct'''

How does malicious input flow in a DOM-based XSS?

# From server to client
# From client to itself '''Correct'''
# From attacker to server
# From victim to server

Which of the following is the best way to prevent malicious input exploiting your application?

# Input validation using an allow List '''Correct'''
# Using encryption
# Using table indirection
# Using GET/POST parameters

You should set the HttpOnly flag in a cookie to ensure that:

# The cookie is not available to client scripts. '''Correct'''
# The cookie is deleted when the user closes the browser.
# The cookie is sent over an encrypted channel.
# The cookie is a persistent cookie.

You should set a secure flag in a cookie to ensure that:

# The cookie is a persistent cookie.
# The cookie is not available to client script.
# The cookie is sent over an encrypted channel. '''Correct'''
# The cookie is deleted when the user closes the browser.

An attacker submits data to the server and the data is stored on the server. Which type of vulnerability is most likely to occur in your application?

# DOM-based XSS
# Reflected XSS
# Persistent XSS '''Correct'''
# Cross-site request forgery

Which of the following input sources can be directly controlled by a malicious user?

# GET/POST parameters '''Correct'''
# Server configuration files
# Ports
# Server code

Which of the following scenarios is most likely to result in broken authentication and session management vulnerabilities?

# Poorly implemented custom code is used. '''Correct'''
# Session-based indirection is used.
# Unused and unnecessary services, code, and DLLs are disabled.
# The HttpOnly flag is set in cookies.

Which of the following actions should you take before implementing a custom authentication and session management system?

# Find out if the HttpOnly flag is set in cookies.
# Find out if you can use a small extension to an existing component to implement the system. '''Correct'''
# Find out if form variables are available to store data.
# Find out if you need to use session-based indirection.

State whether the following statement is True or False.
When implementing an authentication or session system, you should ensure that new session IDs are not created at login.

# True
# False '''Correct'''

Which of the following functionalities should you include in an authentication and session management system?

# Logout functionality '''Correct'''
# Regular expressions
# Escaping functionality
# Forwarding system functionality

Why should you use CAPTCHA?

# To create cryptographically random session IDs
# To protect credentials by using encryption or cryptographic salt and hash
# To protect authentication systems from automated or brute-force attacks '''Correct'''
# To ensure that authentication systems implement inactivity timeout functionality

What should you do before passing credentials over the network?

# Replace the credentials with a cryptographic salt and hash. '''Correct'''
# Accept session IDs from URLs.
# Share the credentials with the client.
# Use persistent cookies to manage session IDs.

Which location should you ideally use to store a session ID?

# URLs
# Form variables
# Persistent cookies
# Non-persistent cookies '''Correct'''

Which of the following is the best way to ensure that JavaScript cannot be used to access a cookie?

# Set the secure flag in the cookie
# Set the HttpOnly flag in the cookie '''Correct'''
# Use the CAPTCHA system
# Use non-persistent cookies

Which of the following is an authentication system mandatory requirement?

# Form variables are used for managing session IDs.
# Use a GOTCHA to prevent automated attacks.
# User logout and session inactivity controls. '''Correct'''
# Session IDs are only accepted from cookies and parameter variables.

A session-based system authenticates a user to a Web site to provide access to restricted resources. To increase security in this scenario, an authentication token should meet which of the following requirements?

# It should identify returning users to the site.
# It should be public information.
# It should always use a persistent cookie.
# It should always use a non-persistent cookie. '''Correct'''

State whether the following statement is True or False.
An identification token is a replacement for a user’s credentials and should allow access to restricted resources of a Web site.

# True
# False '''Correct'''

Which of the following tasks is performed by a session-based system?

# Identifying returning users '''Correct'''
# Using form variables for managing session IDs
# Using the HTTP protocol
# Sending successful logins to a well-known location

Which threat is most likely to occur when a Web application fails to validate a client's access to a resource?

# Injection
# Cross-site scripting
# Insecure direct object reference '''Correct'''
# Cross-site request forgery

Which of the following objects is most susceptible to an insecure direct object reference attack?

# Nonpersistent cookies
# Registry keys '''Correct'''
# Conditional constructs
# GET/POST parameters

Which of the following vulnerabilities is most likely to occur due to an insecure direct object reference attack?

# Executing commands on the server.
# Impersonating any user on the system.
# Modifying SQL data pointed to by the query.
# Accessing a resource without authorization. '''Correct'''

Which of the following is the best way to mitigate the threat of an insecure direct object reference attack?

# Use session-based indirection. '''Correct'''
# Use POST parameters instead of GET parameters.
# Use a regular expression.
# Send successful logins to a well-known location instead of automatic redirection.

State whether the following statement is True or False.
Time of Check Time of Use (TOCTOU) occurs if the authorization check is performed on one page of a Web site and the resource is used on a different page.

# True '''Correct'''
# False

Your Web application stores information about many accounts. Which threat is your Web application susceptible to if you can manipulate the URL of an account page to access all accounts?

# Cross-site request forgery
# Insecure direct object reference '''Correct'''
# Cross-site scripting
# Injection

Which of the following threats is most likely to be caused by poor input validation?

# Enabling of IPSec
# Insecure direct object reference '''Correct'''
# Insecure cryptographic storage
# Insufficient transport layer protection

Which threat is most likely to occur when a POST parameter performs an operation on behalf of a user without checking a shared secret?

# Cross-site request forgery '''Correct'''
# Insecure direct object reference
# Cross-site scripting
# Injection

Which of the following is the most common result of a cross-site request forgery?

# Elevation of privilege '''Correct'''
# Disabled security features
# Enabling of IPSec
# Misconfigured security features

An attacker lures a victim to malicious content on a Web site. A request is automatically sent to the vulnerable site which includes victim’s credentials. Which attack is most likely to occur in this scenario?

# Injection
# Cross-site scripting
# Insecure direct object reference
# Cross-site request forgery '''Correct'''

State whether the following statement is True or False.
The downside of a nonce is that it needs to be stored on the client.

# True
# False '''Correct'''

What should you add to an HMAC to ensure that the secret value is unique for each request?

# Salt
# Nonce
# Session ID
# Timestamp '''Correct'''

Which of the following practices should you observe in order to implement defense-in-depth techniques against CSRF attacks?

# Use GET parameters
# Use automatic redirection.
# Don’t include secrets in the URL. '''Correct'''
# Resubmit POST parameters during redirection.

State whether the following statement is True or False.
HTTP GET parameters limit the types of manipulation a malicious user can perform on the victim to forge a request.

# True
# False '''Correct'''

Which of the following mistakes is most often associated with a security misconfiguration threat?

# Cross-site request forgery
# Failure to disable default accounts '''Correct'''
# Bad cryptography
# Unsafe key storage

You have not yet applied some recent service packs and updates to your Web application. Which of the following threats is your Web server susceptible to?

# Injection
# Security misconfiguration '''Correct'''
# Insecure cryptographic storage
# Cross-site request forgery

Which of the following is the best way to reevaluate your environment and address new threats?

# Add or remove network segments. '''Correct'''
# Use the white-list validation of allowed input technique.
# Use custom cryptographic algorithms.
# Use your browser to forge unauthorized requests.

Which of the following procedures are involved in the hardening process?

# Disable unnecessary features. '''Correct'''
# Resubmit POST parameters during redirection.
# Repeat the process at random intervals.
# Update the environment with changes only when needed.

Which of the following consequence is most likely to result if your production environment does not match your development, testing, and staging environments?

# Your application may not work as expected. '''Correct'''
# Testing your application may take a long time.
# Your application may be expensive to administer.
# Your application may have too many configuration files.

Which of the following can result in insecure cryptography?

# Unsalted hash '''Correct'''
# Unused services
# Default accounts
# Rotating keys frequently

Which of the following is most likely to result in insecure cryptography?

# Unused services
# Unsalted hash '''Correct'''
# New products
# Missing patches

Which of the following may result in cryptographic weakness?

# Failure to restrict URL access
# Insufficient cryptographic protocols '''Correct'''
# Missing patches
# Unnecessary/unused services or features

Which of the following protocols is a network layer encryption protocol?

# HTTP
# EFS
# IPSec '''Correct'''
# Kerberos

Which of the following factors helps you secure keys?

# Complexity '''Correct'''
# Session-based indirection
# Escaping
# Encryption

Which of the following combines public-key cryptography with a cryptographic hash?

# Nonce
# Digital signature '''Correct'''
# SSL
# Salt

Which of the following depicts the typical impact of failure to restrict URL access?

# Attackers perform man-in-the-middle attacks.
# Attackers impersonate any user on the system.
# Attackers invoke functions and services they have no authorization for. '''Correct'''
# Attackers perform all actions that the victims themselves have permission to perform.

Which of the following actions should you take to test the security of your Web application?

# Use policy mechanisms.
# Use a simple and positive model at every layer.
# Set the secure flag on session ID cookies.
# Use your browser to forge unauthorized requests. '''Correct'''

Which of the following should you use to protect the connections between the physical tiers of your application?

# EFS
# SSL '''Correct'''
# HTTP
# Kerberos

Which of the following is the best way to implement transport layer protection?

# Install IDS
# Enable SSL '''Correct'''
# Set the HttpOnly flag on session ID cookies
# Perform client-side validation.

Which of the following is most likely to result from unvalidated redirects and forwards?

# Brute force attack
# Network sniffing
# Man-in-the-middle attack
# Bypassed authorization checks '''Correct'''

Which of the following is the best way to protect a Web application from unvalidated redirects and forwards?

# Validate the referrer header. '''Correct'''
# Use extended validation certificates.
# Use the escaping technique.
# Disallow requests to unauthorized file types.

Which of the following is the best way to detect unvalidated redirects and forwards?

# Use internal transfers without authorizing the user for target URL
# Use your browser to forge unauthorized requests
# Use weblogs to identify redirects and forwards '''Correct'''
# Use policy mechanisms

State whether the following statement is True or False.
Most security issues are related to input and a user’s ability to interact with and control input.

# True '''Correct'''
# False

State whether the following statement is True or False.
If user input can be confused for instructions in the language or the way the language is applied, then the language is vulnerable to an injection attack.

# True '''Correct'''
# False

In which of the following scenarios should you use the escaping technique?

# When user input is echoed back to the user in HTML '''Correct'''
# When you need to validate any input as valid input
# When you are trying to protect against regular expression injection
# When you need to tell the interpreter that input is code

Which of the following is the best way to prevent unvalidated redirect and forwards vulnerabilities?

# Use an allow list, such as table indirection. '''Correct'''
# Use client-side validation.
# Allow only absolute redirects.
# Use session-based indirection.

OWASP Top 10 Threats and Mitigations Exam - Multiple Select

2011-08-04T16:56:39Z

Sandra Paiva:

Last updated 4 Aug 11

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Multiple Select'''</center>

Which of the following consequences are most likely to occur due to an injection attack? (Choose two.)

# Spoofing
# Data loss '''Correct'''
# Denial of service '''Correct'''
# Insecure direct object references

Which of the following scenarios are most likely to cause an injection attack? (Choose two.)

# Unvalidated input is embedded in an instruction stream. '''Correct'''
# Unvalidated input cannot be distinguished from valid instructions. '''Correct'''
# A Web application does not validate a client’s access to a resource.
# A Web action performs an operation on behalf of the user without checking a shared secret.

Which of the following are the best ways to protect against injection attacks? (Choose three.)

# Block list '''Correct'''
# Allow list '''Correct'''
# Escaping '''Correct'''
# Memory size checks
# Validate integer values before referencing arrays

Which of the following are most vulnerable to injection attacks? (Choose two.)

# Session IDs
# Registry keys
# Regular expressions '''Correct'''
# SQL queries based on user input '''Correct'''

Which mitigation techniques when used in combination can help you strictly define valid input? (Choose two.)

# Allow list '''Correct'''
# Block list '''Correct'''
# Table indirection
# Escaping

Which of the following architecture-level techniques are the best approaches to prevent attacks based on malicious input? (Choose two.)

# Allow list
# Table indirection '''Correct'''
# Escaping
# Object class for user input '''Correct'''

Which of the following languages are the primary targets of cross-site scripting? (Choose two.)

# HTML '''Correct'''
# SQL
# XSLT
# JavaScript '''Correct'''

Which of the following are the best ways to prevent malicious input exploiting your application? (Choose three.)

# Using allow List '''Correct'''
# Using block list '''Correct'''
# Using escaping '''Correct'''
# Using encryption
# Using table indirection

Which of the following input sources can be directly controlled by a malicious user? (Choose two.)

# Window.location '''Correct'''
# GET/POST parameters '''Correct'''
# Server configuration files
# Ports and network resources

Which of the following scenarios are most likely to result in broken authentication and session management vulnerabilities? (Choose two.)

# Poorly implemented custom code is used. '''Correct'''
# Misconfigured off-the-shelf code is used. '''Correct'''
# Unused and unnecessary services, code, and DLLs are disabled.
# The HttpOnly flag is set in cookies.

Which of the following actions should you take before implementing a custom authentication and session management system? (Choose two.)

# Find out if a suitable framework component already exists. '''Correct'''
# Find out if you can use a small extension to an existing component to implement the system. '''Correct'''
# Find out if form variables are available to store data.
# Find out if you need to use session-based indirection.

Which of the following functionalities should you include in an authentication and session management system? (Choose two.)

# Logout functionality '''Correct'''
# Inactivity timeout functionality '''Correct'''
# Escaping functionality
# Forwarding system functionality

Which of the following are authentication system mandatory requirements? (Choose three.)

# Strong passwords are required. '''Correct'''
# Use a GOTCHA to prevent automated attacks.
# User logout and session inactivity are required. '''Correct'''
# Session IDs are only accepted from cookies and parameter variables.
# Credentials are always protected with encryption or cryptographic salting and hashing. '''Correct'''

A session-based system authenticates a user to a Web site to provide access to restricted resources. To increase security in this scenario, an authentication token should meet which of the following requirements? (Choose two.)

# It should identify returning users to the site.
# It should be used as a replacement for a user's credentials. '''Correct'''
# It should always use a persistent cookie.
# It should always use a non-persistent cookie. '''Correct'''

Which of the following tasks are performed by a session-based system? (Choose two.)

# Identifying returning users '''Correct'''
# Providing access to restricted resources '''Correct'''
# Using the HTTP protocol
# Sending successful logins to a well-known location

Which of the following objects are most susceptible to an insecure direct object reference attack? (Choose two.)

# Files '''Correct'''
# Registry keys '''Correct'''
# Conditional constructs
# GET/POST parameters

Which of the following vulnerabilities are most likely to occur due to an insecure direct object reference attack? (Choose two.)

# Executing commands on the server.
# Impersonating any user on the system.
# Modifying SQL data pointed to by the query.
# Modifying data without authorization. '''Correct'''
# Accessing a resource without authorization. '''Correct'''

Which of the following are the best ways to mitigate the threat of an insecure direct object reference attack? (Choose two.)

# Use session-based indirection. '''Correct'''
# Use POST parameters instead of GET parameters.
# Perform an access check each time a resource identifier arrives as input. '''Correct'''
# Send successful logins to a well-known location instead of automatic redirection.

Which of the following threats are most likely to be caused by poor input validation? (Choose three.)

# Injection '''Correct'''
# Cross-site scripting '''Correct'''
# Insecure direct object reference '''Correct'''
# Insecure cryptographic storage
# Insufficient transport layer protection

Which of the following are the most common results of a cross-site request forgery? (Choose three.)

# Elevation of privilege '''Correct'''
# Denial of service '''Correct'''
# Spoofing and tampering '''Correct'''
# Enabling of IPSec
# Misconfigured or disabled security features

Which of the following are most often associated with a security misconfiguration threat? (Choose two.)

# Unused services '''Correct'''
# Default accounts '''Correct'''
# Bad cryptography
# Unsafe key storage

Which of the following are the best ways to reevaluate your environment and address new threats? (Choose two.)

# Add or remove network segments. '''Correct'''
# Apply the latest service packs, patches, hotfixes, and updates. '''Correct'''
# Use custom cryptographic algorithms.
# Use your browser to forge unauthorized requests.

Which of the following procedures are involved in the hardening process? (Choose two.)

# Disable unnecessary features. '''Correct'''
# Review all settings/configurations. '''Correct'''
# Repeat the process at random intervals.
# Update the environment with changes only when needed.

Which of the following consequences are most likely to result if your production environment does not match your development, testing, and staging environments? (Choose two.)

# Your application may not work as expected. '''Correct'''
# Your application may not authenticate users as expected. '''Correct'''
# Your application may be expensive to administer.
# Your application may have too many configuration files.

Which of the following can result in insecure cryptography? (Choose two.)

# Unsalted hash '''Correct'''
# Unused services
# Default accounts
# Failure to rotate keys '''Correct'''

Which of the following are most likely to result in insecure cryptography? (Choose two.)

# Custom cryptographic algorithms '''Correct'''
# Unsalted hash '''Correct'''
# New products
# Missing patches

Which of the following may result in cryptographic weakness? (Choose three.)

# Poor/weak algorithm choice '''Correct'''
# Custom cryptographic algorithms '''Correct'''
# Insufficient cryptographic protocols '''Correct'''
# Missing patches
# Unnecessary/unused services or features

Which of the following protocols are network layer encryption protocols? (Choose two.)

# SSL '''Correct'''
# EFS
# IPSec '''Correct'''
# Kerberos

Which of the following factors help you secure keys? (Choose three.)

# Complexity '''Correct'''
# Rotation '''Correct'''
# Randomness '''Correct'''
# Encryption

Which of the following depict the typical impact of failure to restrict URL access? (Choose two.)

# Attackers access other users’ accounts and data. '''Correct'''
# Attackers impersonate any user on the system.
# Attackers invoke functions and services they have no authorization for. '''Correct'''
# Attackers perform all actions that the victims themselves have permission to perform.

Which of the following actions should you take to verify the implementation of your Web application? (Choose two.)

# Use policy mechanisms.
# Use a simple and positive model at every layer.
# Verify that each URL in your application is appropriately protected. '''Correct'''
# Use your browser to forge unauthorized requests. '''Correct'''

Which of the following should you use to protect the connections between the physical tiers of your application? (Choose two.)

# EFS
# SSL '''Correct'''
# IPSec '''Correct'''
# Kerberos

Which of the following are the best ways to implement transport layer protection? (Choose two.)

# Install IDS
# Enable SSL '''Correct'''
# Set the HttpOnly flag on session ID cookies
# Enable IPSec '''Correct'''

Which of the following are the best ways to protect a Web application from unvalidated redirects and forwards? (Choose two.)

# Validate the referrer header '''Correct'''
# Use extended validation certificates
# Validate all input from the client '''Correct'''
# Disallow requests to unauthorized file types

In which of the following scenarios should you use the escaping technique? (Choose two.)

# When user input is echoed back to the user in HTML '''Correct'''
# When you need to validate any input as valid input
# When you are trying to protect against regular expression injection
# When you need to tell the interpreter that input is data and not code '''Correct'''

Which of the following are the best ways to prevent unvalidated redirect and forwards vulnerabilities? (Choose two.)

# Use an allow list, such as table indirection. '''Correct'''
# Use client-side validation.
# Allow only relative redirects. '''Correct'''
# Use session-based indirection.

OWASP Top 10 Threats and Mitigations Exam - Single Select

2011-08-04T16:56:09Z

Sandra Paiva:

Last updated 4 Aug 11

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Single Select'''</center>

Which of the following consequences is most likely to occur due to an injection attack?

# Spoofing
# Cross-site request forgery
# Denial of service '''Correct'''
# Insecure direct object references

Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application?

# Injection '''Correct'''
# Insecure direct object references
# Failure to restrict URL access
# Insufficient transport layer protection

Which of the following scenarios is most likely to cause an injection attack?

# Unvalidated input is embedded in an instruction stream. '''Correct'''
# Unvalidated input can be distinguished from valid instructions.
# A Web application does not validate a client’s access to a resource.
# A Web action performs an operation on behalf of the user without checking a shared secret.

A user is able to pass malicious input that invokes control codes in your Web application. Which vulnerability is most likely to occur in your Web application?

# Injection '''Correct'''
# Insecure direct object references
# Failure to restrict URL access
# Insufficient transport layer protection

Which of the following is the best way to protect against injection attacks?

# SQL queries based on user input
# Input validation using an allow list '''Correct'''
# Memory size checks
# Validate integer values before referencing arrays

Which of the following is most vulnerable to injection attacks?

# Session IDs
# Registry keys
# Regular expressions '''Correct'''
# Server configuration files

Which character is most likely to be used for an SQL injection attack?

# Single quote (') '''Correct'''
# Null (\0) byte
# Less than sign(<)
# Greater than sign(>)

Which mitigation technique can help you strictly define valid input?

# Allow list '''Correct'''
# Memory size checks
# Table indirection
# Escaping

Which of the following architecture-level techniques are the best approaches to prevent attacks based on malicious input?

# Allow list
# Table indirection '''Correct'''
# Escaping
# Memory size checks

Which mitigation technique helps you tell the parser that a specific character is a literal and not a control character?

# Table indirection
# Allow list
# Escaping '''Correct'''
# Block list

State whether the following statement is True or False.
You should use a blacklist wherever possible; use whitelists only as a secondary defense.

# True
# False '''Correct'''

Which of the following is the best way to define disallowed inputs?

# Allow list
# Block list '''Correct'''
# Table indirection
# Escaping

Which of the following are injection attacks?

# Cross-site scripting '''Correct'''
# Cross-site request forgery
# Insecure direct object references
# Broken authentication and session management

Which of the following languages are the primary targets of cross-site scripting?

# HTML '''Correct'''
# SQL
# XSLT
# XPath

Which of the following attacks occurs when a malicious user convinces a victim to send a request to a server with malicious input and the server echoes the input back to client?

# Reflected XSS '''Correct'''
# Persistent XSS
# Insecure direct object references
# Failure to restrict URL access

Which of the following is the best way to prevent a DOM-based XSS attack?

# Set the HttpOnly flag in cookies
# Ensure that session IDs are not exposed in a URL
# Ensure that a different nonce is created for each request
# Validate any input that comes from another Web site '''Correct'''

How does malicious input flow in a DOM-based XSS?

# From server to client
# From client to itself '''Correct'''
# From attacker to server
# From victim to server

Which of the following is the best way to prevent malicious input exploiting your application?

# Input validation using an allow List '''Correct'''
# Using encryption
# Using table indirection
# Using GET/POST parameters

You should set the HttpOnly flag in a cookie to ensure that:

# The cookie is not available to client scripts. '''Correct'''
# The cookie is deleted when the user closes the browser.
# The cookie is sent over an encrypted channel.
# The cookie is a persistent cookie.

You should set a secure flag in a cookie to ensure that:

# The cookie is a persistent cookie.
# The cookie is not available to client script.
# The cookie is sent over an encrypted channel. '''Correct'''
# The cookie is deleted when the user closes the browser.

An attacker submits data to the server and the data is stored on the server. Which type of vulnerability is most likely to occur in your application?

# DOM-based XSS
# Reflected XSS
# Persistent XSS '''Correct'''
# Cross-site request forgery

Which of the following input sources can be directly controlled by a malicious user?

# GET/POST parameters '''Correct'''
# Server configuration files
# Ports
# Server code

Which of the following scenarios is most likely to result in broken authentication and session management vulnerabilities?

# Poorly implemented custom code is used. '''Correct'''
# Session-based indirection is used.
# Unused and unnecessary services, code, and DLLs are disabled.
# The HttpOnly flag is set in cookies.

Which of the following actions should you take before implementing a custom authentication and session management system?

# Find out if the HttpOnly flag is set in cookies.
# Find out if you can use a small extension to an existing component to implement the system. '''Correct'''
# Find out if form variables are available to store data.
# Find out if you need to use session-based indirection.

State whether the following statement is True or False.
When implementing an authentication or session system, you should ensure that new session IDs are not created at login.

# True
# False '''Correct'''

Which of the following functionalities should you include in an authentication and session management system?

# Logout functionality '''Correct'''
# Regular expressions
# Escaping functionality
# Forwarding system functionality

Why should you use CAPTCHA?

# To create cryptographically random session IDs
# To protect credentials by using encryption or cryptographic salt and hash
# To protect authentication systems from automated or brute-force attacks '''Correct'''
# To ensure that authentication systems implement inactivity timeout functionality

What should you do before passing credentials over the network?

# Replace the credentials with a cryptographic salt and hash. '''Correct'''
# Accept session IDs from URLs.
# Share the credentials with the client.
# Use persistent cookies to manage session IDs.

Which location should you ideally use to store a session ID?

# URLs
# Form variables
# Persistent cookies
# Non-persistent cookies '''Correct'''

Which of the following is the best way to ensure that JavaScript cannot be used to access a cookie?

# Set the secure flag in the cookie
# Set the HttpOnly flag in the cookie '''Correct'''
# Use the CAPTCHA system
# Use non-persistent cookies

Which of the following is an authentication system mandatory requirement?

# Form variables are used for managing session IDs.
# Use a GOTCHA to prevent automated attacks.
# User logout and session inactivity controls. '''Correct'''
# Session IDs are only accepted from cookies and parameter variables.

A session-based system authenticates a user to a Web site to provide access to restricted resources. To increase security in this scenario, an authentication token should meet which of the following requirements?

# It should identify returning users to the site.
# It should be public information.
# It should always use a persistent cookie.
# It should always use a non-persistent cookie. '''Correct'''

State whether the following statement is True or False.
An identification token is a replacement for a user’s credentials and should allow access to restricted resources of a Web site.

# True
# False '''Correct'''

Which of the following tasks is performed by a session-based system?

# Identifying returning users '''Correct'''
# Using form variables for managing session IDs
# Using the HTTP protocol
# Sending successful logins to a well-known location

Which threat is most likely to occur when a Web application fails to validate a client's access to a resource?

# Injection
# Cross-site scripting
# Insecure direct object reference '''Correct'''
# Cross-site request forgery

Which of the following objects is most susceptible to an insecure direct object reference attack?

# Nonpersistent cookies
# Registry keys '''Correct'''
# Conditional constructs
# GET/POST parameters

Which of the following vulnerabilities is most likely to occur due to an insecure direct object reference attack?

# Executing commands on the server.
# Impersonating any user on the system.
# Modifying SQL data pointed to by the query.
# Accessing a resource without authorization. '''Correct'''

Which of the following is the best way to mitigate the threat of an insecure direct object reference attack?

# Use session-based indirection. '''Correct'''
# Use POST parameters instead of GET parameters.
# Use a regular expression.
# Send successful logins to a well-known location instead of automatic redirection.

State whether the following statement is True or False.
Time of Check Time of Use (TOCTOU) occurs if the authorization check is performed on one page of a Web site and the resource is used on a different page.

# True '''Correct'''
# False

Your Web application stores information about many accounts. Which threat is your Web application susceptible to if you can manipulate the URL of an account page to access all accounts?

# Cross-site request forgery
# Insecure direct object reference '''Correct'''
# Cross-site scripting
# Injection

Which of the following threats is most likely to be caused by poor input validation?

# Enabling of IPSec
# Insecure direct object reference '''Correct'''
# Insecure cryptographic storage
# Insufficient transport layer protection

Which threat is most likely to occur when a POST parameter performs an operation on behalf of a user without checking a shared secret?

# Cross-site request forgery '''Correct'''
# Insecure direct object reference
# Cross-site scripting
# Injection

Which of the following is the most common result of a cross-site request forgery?

# Elevation of privilege '''Correct'''
# Disabled security features
# Enabling of IPSec
# Misconfigured security features

An attacker lures a victim to malicious content on a Web site. A request is automatically sent to the vulnerable site which includes victim’s credentials. Which attack is most likely to occur in this scenario?

# Injection
# Cross-site scripting
# Insecure direct object reference
# Cross-site request forgery '''Correct'''

State whether the following statement is True or False.
The downside of a nonce is that it needs to be stored on the client.

# True
# False '''Correct'''

What should you add to an HMAC to ensure that the secret value is unique for each request?

# Salt
# Nonce
# Session ID
# Timestamp '''Correct'''

Which of the following practices should you observe in order to implement defense-in-depth techniques against CSRF attacks?

# Use GET parameters
# Use automatic redirection.
# Don’t include secrets in the URL. '''Correct'''
# Resubmit POST parameters during redirection.

State whether the following statement is True or False.
HTTP GET parameters limit the types of manipulation a malicious user can perform on the victim to forge a request.

# True
# False '''Correct'''

Which of the following mistakes is most often associated with a security misconfiguration threat?

# Cross-site request forgery
# Failure to disable default accounts '''Correct'''
# Bad cryptography
# Unsafe key storage

You have not yet applied some recent service packs and updates to your Web application. Which of the following threats is your Web server susceptible to?

# Injection
# Security misconfiguration '''Correct'''
# Insecure cryptographic storage
# Cross-site request forgery

Which of the following is the best way to reevaluate your environment and address new threats?

# Add or remove network segments. '''Correct'''
# Use the white-list validation of allowed input technique.
# Use custom cryptographic algorithms.
# Use your browser to forge unauthorized requests.

Which of the following procedures are involved in the hardening process?

# Disable unnecessary features. '''Correct'''
# Resubmit POST parameters during redirection.
# Repeat the process at random intervals.
# Update the environment with changes only when needed.

Which of the following consequence is most likely to result if your production environment does not match your development, testing, and staging environments?

# Your application may not work as expected. '''Correct'''
# Testing your application may take a long time.
# Your application may be expensive to administer.
# Your application may have too many configuration files.

Which of the following can result in insecure cryptography?

# Unsalted hash '''Correct'''
# Unused services
# Default accounts
# Rotating keys frequently

Which of the following is most likely to result in insecure cryptography?

# Unused services
# Unsalted hash '''Correct'''
# New products
# Missing patches

Which of the following may result in cryptographic weakness?

# Failure to restrict URL access
# Insufficient cryptographic protocols '''Correct'''
# Missing patches
# Unnecessary/unused services or features

Which of the following protocols is a network layer encryption protocol?

# HTTP
# EFS
# IPSec '''Correct'''
# Kerberos

Which of the following factors helps you secure keys?

# Complexity '''Correct'''
# Session-based indirection
# Escaping
# Encryption

Which of the following combines public-key cryptography with a cryptographic hash?

# Nonce
# Digital signature '''Correct'''
# SSL
# Salt

Which of the following depicts the typical impact of failure to restrict URL access?

# Attackers perform man-in-the-middle attacks.
# Attackers impersonate any user on the system.
# Attackers invoke functions and services they have no authorization for. '''Correct'''
# Attackers perform all actions that the victims themselves have permission to perform.

Which of the following actions should you take to test the security of your Web application?

# Use policy mechanisms.
# Use a simple and positive model at every layer.
# Set the secure flag on session ID cookies.
# Use your browser to forge unauthorized requests. '''Correct'''

Which of the following should you use to protect the connections between the physical tiers of your application?

# EFS
# SSL '''Correct'''
# HTTP
# Kerberos

Which of the following is the best way to implement transport layer protection?

# Install IDS
# Enable SSL '''Correct'''
# Set the HttpOnly flag on session ID cookies
# Perform client-side validation.

Which of the following is most likely to result from unvalidated redirects and forwards?

# Brute force attack
# Network sniffing
# Man-in-the-middle attack
# Bypassed authorization checks '''Correct'''

Which of the following is the best way to protect a Web application from unvalidated redirects and forwards?

# Validate the referrer header. '''Correct'''
# Use extended validation certificates.
# Use the escaping technique.
# Disallow requests to unauthorized file types.

Which of the following is the best way to detect unvalidated redirects and forwards?

# Use internal transfers without authorizing the user for target URL
# Use your browser to forge unauthorized requests
# Use weblogs to identify redirects and forwards '''Correct'''
# Use policy mechanisms

State whether the following statement is True or False.
Most security issues are related to input and a user’s ability to interact with and control input.

# True '''Correct'''
# False

State whether the following statement is True or False.
If user input can be confused for instructions in the language or the way the language is applied, then the language is vulnerable to an injection attack.

# True '''Correct'''
# False

In which of the following scenarios should you use the escaping technique?

# When user input is echoed back to the user in HTML '''Correct'''
# When you need to validate any input as valid input
# When you are trying to protect against regular expression injection
# When you need to tell the interpreter that input is code

Which of the following is the best way to prevent unvalidated redirect and forwards vulnerabilities?

# Use an allow list, such as table indirection. '''Correct'''
# Use client-side validation.
# Allow only absolute redirects.
# Use session-based indirection.

OWASP Exams Project

2011-08-04T16:54:50Z

Sandra Paiva:

==== Main ====

==Description==

The OWASP Exams project will establish the model by which the OWASP community can create and distribute CC-licensed exams for use by educators. The purpose of the exams is to improve the effectiveness of OWASP training through the use of exams as a means of measurement and student progress tracking. The project will include creation of a set of CC-licensed exams, a model for exam usage, and a roadmap for future exam creation.
The exams will be distributed in this project site as well as in Moodle (an open source LMS) format so that they can be re-purposed for use in any system or an educator can use them directly in Moodle to administer exams to students. Ideally the exams will be tied to OWASP Academies learning blocks so that there is good learning and training content that can be used to motivate the usage of the exams. This project will also include study aids for use in learning material covered by the exams.

==Components==

===Exams===
As exams are ready we will add them to this page for those who want a version of the exam outside of the Moodle LMS.

The exams that are available in this project are:
* [[OWASP Top 10 Threats and Mitigations Exam - Single Select]]
* [[OWASP Top 10 Threats and Mitigations Exam - Multiple Select|Corresponding Multiple Select questions]]

===Moodle Learning Management System===
You can find the OWASP Academies Moodle learning management system (LMS) here - [http://www.owaspa.org/moodle http://www.owaspa.org/moodle]

The Moodle learning management system will contain eLearning courses to teach OWASP related application security content related to the exams in this project. The LMS will also host exams from this project so that students can log into the system, take an exam and get a grade. Independent students can use this system and educators can also administer an exam for a class or multiple classes of students.

The first deliverables of this project on the LMS are:
* [http://www.owaspa.org/moodle/ OWASP Top 10 Threats and Mitigations] eLearning [http://en.wikipedia.org/wiki/Sharable_Content_Object_Reference_Model SCORM] course.
* [http://www.owaspa.org/moodle/ OWASP Top 10 Threats and Mitigations] eLearning [http://en.wikipedia.org/wiki/Sharable_Content_Object_Reference_Model SCORM] exam.

===TeamMentor Security Knowledge Base===
The TeamMentor security knowledge base is a collection of articles that students can use to learn application security concepts before or after taking an exam. This information can be used to brush up on concepts pre-exam or can be used as part of continuous education and during the application of application security concepts on the job.

The TeamMentor knowledge base consists of the following components (click on the links for access to each):
* [http://owasp.securityinnovation.com TeamMentor OWASP Edition]. This is a web application that contains a browseable, searchable collection of free application security articles focused on OWASP concepts.
* [https://github.com/SecurityInnovation/OWASP-TeamMentor-Library TeamMentor OWASP Library Source]. This is a GitHub repository that contains all of the XML files that make up the OWASP library. You can download the library and make changes to it in order to meet your particular needs. If you make changes to the files in the library itself, be sure to retain library integrity by using the Guidance Explorer authoring tool and testing your library before checking any files into the source repository. We will periodically update the TeamMentor OWASP Edition instance with changes made by the community to the GitHub library.
* [http://guidanceexplorer.codeplex.com/ Guidance Explorer Authoring Tool]. This is a .NET application that you can use to edit library files or create new library articles. Please use this tool when making changes to the library so that you preserve library integrity.

==== Project About ====
{{:Projects/OWASP Exams Project | Project About}}

==== Sponsor ====
[[Image:SILogoHoriz-300x49.jpg]]

__NOTOC__ <headertabs />

[[Category:OWASP_Project|Exams Project]] [[Category:OWASP_Document]][[Category:OWASP_Alpha_Quality_Document|OWASP Alpha Quality Document]]

OWASP Top 10 Threats and Mitigations Exam - Multiple Select

2011-08-04T16:49:57Z

Sandra Paiva:

'''Under Construction'''

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Multiple Select'''</center>

Which of the following consequences are most likely to occur due to an injection attack? (Choose two.)

# Spoofing
# Data loss '''Correct'''
# Denial of service '''Correct'''
# Insecure direct object references

Which of the following scenarios are most likely to cause an injection attack? (Choose two.)

# Unvalidated input is embedded in an instruction stream. '''Correct'''
# Unvalidated input cannot be distinguished from valid instructions. '''Correct'''
# A Web application does not validate a client’s access to a resource.
# A Web action performs an operation on behalf of the user without checking a shared secret.

Which of the following are the best ways to protect against injection attacks? (Choose three.)

# Block list '''Correct'''
# Allow list '''Correct'''
# Escaping '''Correct'''
# Memory size checks
# Validate integer values before referencing arrays

Which of the following are most vulnerable to injection attacks? (Choose two.)

# Session IDs
# Registry keys
# Regular expressions '''Correct'''
# SQL queries based on user input '''Correct'''

Which mitigation techniques when used in combination can help you strictly define valid input? (Choose two.)

# Allow list '''Correct'''
# Block list '''Correct'''
# Table indirection
# Escaping

Which of the following architecture-level techniques are the best approaches to prevent attacks based on malicious input? (Choose two.)

# Allow list
# Table indirection '''Correct'''
# Escaping
# Object class for user input '''Correct'''

Which of the following languages are the primary targets of cross-site scripting? (Choose two.)

# HTML '''Correct'''
# SQL
# XSLT
# JavaScript '''Correct'''

Which of the following are the best ways to prevent malicious input exploiting your application? (Choose three.)

# Using allow List '''Correct'''
# Using block list '''Correct'''
# Using escaping '''Correct'''
# Using encryption
# Using table indirection

Which of the following input sources can be directly controlled by a malicious user? (Choose two.)

# Window.location '''Correct'''
# GET/POST parameters '''Correct'''
# Server configuration files
# Ports and network resources

Which of the following scenarios are most likely to result in broken authentication and session management vulnerabilities? (Choose two.)

# Poorly implemented custom code is used. '''Correct'''
# Misconfigured off-the-shelf code is used. '''Correct'''
# Unused and unnecessary services, code, and DLLs are disabled.
# The HttpOnly flag is set in cookies.

Which of the following actions should you take before implementing a custom authentication and session management system? (Choose two.)

# Find out if a suitable framework component already exists. '''Correct'''
# Find out if you can use a small extension to an existing component to implement the system. '''Correct'''
# Find out if form variables are available to store data.
# Find out if you need to use session-based indirection.

Which of the following functionalities should you include in an authentication and session management system? (Choose two.)

# Logout functionality '''Correct'''
# Inactivity timeout functionality '''Correct'''
# Escaping functionality
# Forwarding system functionality

Which of the following are authentication system mandatory requirements? (Choose three.)

# Strong passwords are required. '''Correct'''
# Use a GOTCHA to prevent automated attacks.
# User logout and session inactivity are required. '''Correct'''
# Session IDs are only accepted from cookies and parameter variables.
# Credentials are always protected with encryption or cryptographic salting and hashing. '''Correct'''

A session-based system authenticates a user to a Web site to provide access to restricted resources. To increase security in this scenario, an authentication token should meet which of the following requirements? (Choose two.)

# It should identify returning users to the site.
# It should be used as a replacement for a user's credentials. '''Correct'''
# It should always use a persistent cookie.
# It should always use a non-persistent cookie. '''Correct'''

Which of the following tasks are performed by a session-based system? (Choose two.)

# Identifying returning users '''Correct'''
# Providing access to restricted resources '''Correct'''
# Using the HTTP protocol
# Sending successful logins to a well-known location

Which of the following objects are most susceptible to an insecure direct object reference attack? (Choose two.)

# Files '''Correct'''
# Registry keys '''Correct'''
# Conditional constructs
# GET/POST parameters

Which of the following vulnerabilities are most likely to occur due to an insecure direct object reference attack? (Choose two.)

# Executing commands on the server.
# Impersonating any user on the system.
# Modifying SQL data pointed to by the query.
# Modifying data without authorization. '''Correct'''
# Accessing a resource without authorization. '''Correct'''

Which of the following are the best ways to mitigate the threat of an insecure direct object reference attack? (Choose two.)

# Use session-based indirection. '''Correct'''
# Use POST parameters instead of GET parameters.
# Perform an access check each time a resource identifier arrives as input. '''Correct'''
# Send successful logins to a well-known location instead of automatic redirection.

Which of the following threats are most likely to be caused by poor input validation? (Choose three.)

# Injection '''Correct'''
# Cross-site scripting '''Correct'''
# Insecure direct object reference '''Correct'''
# Insecure cryptographic storage
# Insufficient transport layer protection

Which of the following are the most common results of a cross-site request forgery? (Choose three.)

# Elevation of privilege '''Correct'''
# Denial of service '''Correct'''
# Spoofing and tampering '''Correct'''
# Enabling of IPSec
# Misconfigured or disabled security features

Which of the following are most often associated with a security misconfiguration threat? (Choose two.)

# Unused services '''Correct'''
# Default accounts '''Correct'''
# Bad cryptography
# Unsafe key storage

Which of the following are the best ways to reevaluate your environment and address new threats? (Choose two.)

# Add or remove network segments. '''Correct'''
# Apply the latest service packs, patches, hotfixes, and updates. '''Correct'''
# Use custom cryptographic algorithms.
# Use your browser to forge unauthorized requests.

Which of the following procedures are involved in the hardening process? (Choose two.)

# Disable unnecessary features. '''Correct'''
# Review all settings/configurations. '''Correct'''
# Repeat the process at random intervals.
# Update the environment with changes only when needed.

Which of the following consequences are most likely to result if your production environment does not match your development, testing, and staging environments? (Choose two.)

# Your application may not work as expected. '''Correct'''
# Your application may not authenticate users as expected. '''Correct'''
# Your application may be expensive to administer.
# Your application may have too many configuration files.

Which of the following can result in insecure cryptography? (Choose two.)

# Unsalted hash '''Correct'''
# Unused services
# Default accounts
# Failure to rotate keys '''Correct'''

Which of the following are most likely to result in insecure cryptography? (Choose two.)

# Custom cryptographic algorithms '''Correct'''
# Unsalted hash '''Correct'''
# New products
# Missing patches

Which of the following may result in cryptographic weakness? (Choose three.)

# Poor/weak algorithm choice '''Correct'''
# Custom cryptographic algorithms '''Correct'''
# Insufficient cryptographic protocols '''Correct'''
# Missing patches
# Unnecessary/unused services or features

Which of the following protocols are network layer encryption protocols? (Choose two.)

# SSL '''Correct'''
# EFS
# IPSec '''Correct'''
# Kerberos

Which of the following factors help you secure keys? (Choose three.)

# Complexity '''Correct'''
# Rotation '''Correct'''
# Randomness '''Correct'''
# Encryption

Which of the following depict the typical impact of failure to restrict URL access? (Choose two.)

# Attackers access other users’ accounts and data. '''Correct'''
# Attackers impersonate any user on the system.
# Attackers invoke functions and services they have no authorization for. '''Correct'''
# Attackers perform all actions that the victims themselves have permission to perform.

Which of the following actions should you take to verify the implementation of your Web application? (Choose two.)

# Use policy mechanisms.
# Use a simple and positive model at every layer.
# Verify that each URL in your application is appropriately protected. '''Correct'''
# Use your browser to forge unauthorized requests. '''Correct'''

Which of the following should you use to protect the connections between the physical tiers of your application? (Choose two.)

# EFS
# SSL '''Correct'''
# IPSec '''Correct'''
# Kerberos

Which of the following are the best ways to implement transport layer protection? (Choose two.)

# Install IDS
# Enable SSL '''Correct'''
# Set the HttpOnly flag on session ID cookies
# Enable IPSec '''Correct'''

Which of the following are the best ways to protect a Web application from unvalidated redirects and forwards? (Choose two.)

# Validate the referrer header '''Correct'''
# Use extended validation certificates
# Validate all input from the client '''Correct'''
# Disallow requests to unauthorized file types

In which of the following scenarios should you use the escaping technique? (Choose two.)

# When user input is echoed back to the user in HTML '''Correct'''
# When you need to validate any input as valid input
# When you are trying to protect against regular expression injection
# When you need to tell the interpreter that input is data and not code '''Correct'''

Which of the following are the best ways to prevent unvalidated redirect and forwards vulnerabilities? (Choose two.)

# Use an allow list, such as table indirection. '''Correct'''
# Use client-side validation.
# Allow only relative redirects. '''Correct'''
# Use session-based indirection.

OWASP Top 10 Threats and Mitigations Exam - Single Select

2011-08-04T16:25:24Z

Sandra Paiva:

'''Under Construction'''

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Single Select'''</center>

Which of the following consequences is most likely to occur due to an injection attack?

# Spoofing
# Cross-site request forgery
# Denial of service '''Correct'''
# Insecure direct object references

Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application?

# Injection '''Correct'''
# Insecure direct object references
# Failure to restrict URL access
# Insufficient transport layer protection

Which of the following scenarios is most likely to cause an injection attack?

# Unvalidated input is embedded in an instruction stream. '''Correct'''
# Unvalidated input can be distinguished from valid instructions.
# A Web application does not validate a client’s access to a resource.
# A Web action performs an operation on behalf of the user without checking a shared secret.

A user is able to pass malicious input that invokes control codes in your Web application. Which vulnerability is most likely to occur in your Web application?

# Injection '''Correct'''
# Insecure direct object references
# Failure to restrict URL access
# Insufficient transport layer protection

Which of the following is the best way to protect against injection attacks?

# SQL queries based on user input
# Input validation using an allow list '''Correct'''
# Memory size checks
# Validate integer values before referencing arrays

Which of the following is most vulnerable to injection attacks?

# Session IDs
# Registry keys
# Regular expressions '''Correct'''
# Server configuration files

Which character is most likely to be used for an SQL injection attack?

# Single quote (') '''Correct'''
# Null (\0) byte
# Less than sign(<)
# Greater than sign(>)

Which mitigation technique can help you strictly define valid input?

# Allow list '''Correct'''
# Memory size checks
# Table indirection
# Escaping

Which of the following architecture-level techniques are the best approaches to prevent attacks based on malicious input?

# Allow list
# Table indirection '''Correct'''
# Escaping
# Memory size checks

Which mitigation technique helps you tell the parser that a specific character is a literal and not a control character?

# Table indirection
# Allow list
# Escaping '''Correct'''
# Block list

State whether the following statement is True or False.
You should use a blacklist wherever possible; use whitelists only as a secondary defense.

# True
# False '''Correct'''

Which of the following is the best way to define disallowed inputs?

# Allow list
# Block list '''Correct'''
# Table indirection
# Escaping

Which of the following are injection attacks?

# Cross-site scripting '''Correct'''
# Cross-site request forgery
# Insecure direct object references
# Broken authentication and session management

Which of the following languages are the primary targets of cross-site scripting?

# HTML '''Correct'''
# SQL
# XSLT
# XPath

Which of the following attacks occurs when a malicious user convinces a victim to send a request to a server with malicious input and the server echoes the input back to client?

# Reflected XSS '''Correct'''
# Persistent XSS
# Insecure direct object references
# Failure to restrict URL access

Which of the following is the best way to prevent a DOM-based XSS attack?

# Set the HttpOnly flag in cookies
# Ensure that session IDs are not exposed in a URL
# Ensure that a different nonce is created for each request
# Validate any input that comes from another Web site '''Correct'''

How does malicious input flow in a DOM-based XSS?

# From server to client
# From client to itself '''Correct'''
# From attacker to server
# From victim to server

Which of the following is the best way to prevent malicious input exploiting your application?

# Input validation using an allow List '''Correct'''
# Using encryption
# Using table indirection
# Using GET/POST parameters

You should set the HttpOnly flag in a cookie to ensure that:

# The cookie is not available to client scripts. '''Correct'''
# The cookie is deleted when the user closes the browser.
# The cookie is sent over an encrypted channel.
# The cookie is a persistent cookie.

You should set a secure flag in a cookie to ensure that:

# The cookie is a persistent cookie.
# The cookie is not available to client script.
# The cookie is sent over an encrypted channel. '''Correct'''
# The cookie is deleted when the user closes the browser.

An attacker submits data to the server and the data is stored on the server. Which type of vulnerability is most likely to occur in your application?

# DOM-based XSS
# Reflected XSS
# Persistent XSS '''Correct'''
# Cross-site request forgery

Which of the following input sources can be directly controlled by a malicious user?

# GET/POST parameters '''Correct'''
# Server configuration files
# Ports
# Server code

Which of the following scenarios is most likely to result in broken authentication and session management vulnerabilities?

# Poorly implemented custom code is used. '''Correct'''
# Session-based indirection is used.
# Unused and unnecessary services, code, and DLLs are disabled.
# The HttpOnly flag is set in cookies.

Which of the following actions should you take before implementing a custom authentication and session management system?

# Find out if the HttpOnly flag is set in cookies.
# Find out if you can use a small extension to an existing component to implement the system. '''Correct'''
# Find out if form variables are available to store data.
# Find out if you need to use session-based indirection.

State whether the following statement is True or False.
When implementing an authentication or session system, you should ensure that new session IDs are not created at login.

# True
# False '''Correct'''

Which of the following functionalities should you include in an authentication and session management system?

# Logout functionality '''Correct'''
# Regular expressions
# Escaping functionality
# Forwarding system functionality

Why should you use CAPTCHA?

# To create cryptographically random session IDs
# To protect credentials by using encryption or cryptographic salt and hash
# To protect authentication systems from automated or brute-force attacks '''Correct'''
# To ensure that authentication systems implement inactivity timeout functionality

What should you do before passing credentials over the network?

# Replace the credentials with a cryptographic salt and hash. '''Correct'''
# Accept session IDs from URLs.
# Share the credentials with the client.
# Use persistent cookies to manage session IDs.

Which location should you ideally use to store a session ID?

# URLs
# Form variables
# Persistent cookies
# Non-persistent cookies '''Correct'''

Which of the following is the best way to ensure that JavaScript cannot be used to access a cookie?

# Set the secure flag in the cookie
# Set the HttpOnly flag in the cookie '''Correct'''
# Use the CAPTCHA system
# Use non-persistent cookies

Which of the following is an authentication system mandatory requirement?

# Form variables are used for managing session IDs.
# Use a GOTCHA to prevent automated attacks.
# User logout and session inactivity controls. '''Correct'''
# Session IDs are only accepted from cookies and parameter variables.

A session-based system authenticates a user to a Web site to provide access to restricted resources. To increase security in this scenario, an authentication token should meet which of the following requirements?

# It should identify returning users to the site.
# It should be public information.
# It should always use a persistent cookie.
# It should always use a non-persistent cookie. '''Correct'''

State whether the following statement is True or False.
An identification token is a replacement for a user’s credentials and should allow access to restricted resources of a Web site.

# True
# False '''Correct'''

Which of the following tasks is performed by a session-based system?

# Identifying returning users '''Correct'''
# Using form variables for managing session IDs
# Using the HTTP protocol
# Sending successful logins to a well-known location

Which threat is most likely to occur when a Web application fails to validate a client's access to a resource?

# Injection
# Cross-site scripting
# Insecure direct object reference '''Correct'''
# Cross-site request forgery

Which of the following objects is most susceptible to an insecure direct object reference attack?

# Nonpersistent cookies
# Registry keys '''Correct'''
# Conditional constructs
# GET/POST parameters

Which of the following vulnerabilities is most likely to occur due to an insecure direct object reference attack?

# Executing commands on the server.
# Impersonating any user on the system.
# Modifying SQL data pointed to by the query.
# Accessing a resource without authorization. '''Correct'''

Which of the following is the best way to mitigate the threat of an insecure direct object reference attack?

# Use session-based indirection. '''Correct'''
# Use POST parameters instead of GET parameters.
# Use a regular expression.
# Send successful logins to a well-known location instead of automatic redirection.

State whether the following statement is True or False.
Time of Check Time of Use (TOCTOU) occurs if the authorization check is performed on one page of a Web site and the resource is used on a different page.

# True '''Correct'''
# False

Your Web application stores information about many accounts. Which threat is your Web application susceptible to if you can manipulate the URL of an account page to access all accounts?

# Cross-site request forgery
# Insecure direct object reference '''Correct'''
# Cross-site scripting
# Injection

Which of the following threats is most likely to be caused by poor input validation?

# Enabling of IPSec
# Insecure direct object reference '''Correct'''
# Insecure cryptographic storage
# Insufficient transport layer protection

Which threat is most likely to occur when a POST parameter performs an operation on behalf of a user without checking a shared secret?

# Cross-site request forgery '''Correct'''
# Insecure direct object reference
# Cross-site scripting
# Injection

Which of the following is the most common result of a cross-site request forgery?

# Elevation of privilege '''Correct'''
# Disabled security features
# Enabling of IPSec
# Misconfigured security features

An attacker lures a victim to malicious content on a Web site. A request is automatically sent to the vulnerable site which includes victim’s credentials. Which attack is most likely to occur in this scenario?

# Injection
# Cross-site scripting
# Insecure direct object reference
# Cross-site request forgery '''Correct'''

State whether the following statement is True or False.
The downside of a nonce is that it needs to be stored on the client.

# True
# False '''Correct'''

What should you add to an HMAC to ensure that the secret value is unique for each request?

# Salt
# Nonce
# Session ID
# Timestamp '''Correct'''

Which of the following practices should you observe in order to implement defense-in-depth techniques against CSRF attacks?

# Use GET parameters
# Use automatic redirection.
# Don’t include secrets in the URL. '''Correct'''
# Resubmit POST parameters during redirection.

State whether the following statement is True or False.
HTTP GET parameters limit the types of manipulation a malicious user can perform on the victim to forge a request.

# True
# False '''Correct'''

Which of the following mistakes is most often associated with a security misconfiguration threat?

# Cross-site request forgery
# Failure to disable default accounts '''Correct'''
# Bad cryptography
# Unsafe key storage

You have not yet applied some recent service packs and updates to your Web application. Which of the following threats is your Web server susceptible to?

# Injection
# Security misconfiguration '''Correct'''
# Insecure cryptographic storage
# Cross-site request forgery

Which of the following is the best way to reevaluate your environment and address new threats?

# Add or remove network segments. '''Correct'''
# Use the white-list validation of allowed input technique.
# Use custom cryptographic algorithms.
# Use your browser to forge unauthorized requests.

Which of the following procedures are involved in the hardening process?

# Disable unnecessary features. '''Correct'''
# Resubmit POST parameters during redirection.
# Repeat the process at random intervals.
# Update the environment with changes only when needed.

Which of the following consequence is most likely to result if your production environment does not match your development, testing, and staging environments?

# Your application may not work as expected. '''Correct'''
# Testing your application may take a long time.
# Your application may be expensive to administer.
# Your application may have too many configuration files.

Which of the following can result in insecure cryptography?

# Unsalted hash '''Correct'''
# Unused services
# Default accounts
# Rotating keys frequently

Which of the following is most likely to result in insecure cryptography?

# Unused services
# Unsalted hash '''Correct'''
# New products
# Missing patches

Which of the following may result in cryptographic weakness?

# Failure to restrict URL access
# Insufficient cryptographic protocols '''Correct'''
# Missing patches
# Unnecessary/unused services or features

Which of the following protocols is a network layer encryption protocol?

# HTTP
# EFS
# IPSec '''Correct'''
# Kerberos

Which of the following factors helps you secure keys?

# Complexity '''Correct'''
# Session-based indirection
# Escaping
# Encryption

Which of the following combines public-key cryptography with a cryptographic hash?

# Nonce
# Digital signature '''Correct'''
# SSL
# Salt

Which of the following depicts the typical impact of failure to restrict URL access?

# Attackers perform man-in-the-middle attacks.
# Attackers impersonate any user on the system.
# Attackers invoke functions and services they have no authorization for. '''Correct'''
# Attackers perform all actions that the victims themselves have permission to perform.

Which of the following actions should you take to test the security of your Web application?

# Use policy mechanisms.
# Use a simple and positive model at every layer.
# Set the secure flag on session ID cookies.
# Use your browser to forge unauthorized requests. '''Correct'''

Which of the following should you use to protect the connections between the physical tiers of your application?

# EFS
# SSL '''Correct'''
# HTTP
# Kerberos

Which of the following is the best way to implement transport layer protection?

# Install IDS
# Enable SSL '''Correct'''
# Set the HttpOnly flag on session ID cookies
# Perform client-side validation.

Which of the following is most likely to result from unvalidated redirects and forwards?

# Brute force attack
# Network sniffing
# Man-in-the-middle attack
# Bypassed authorization checks '''Correct'''

Which of the following is the best way to protect a Web application from unvalidated redirects and forwards?

# Validate the referrer header. '''Correct'''
# Use extended validation certificates.
# Use the escaping technique.
# Disallow requests to unauthorized file types.

Which of the following is the best way to detect unvalidated redirects and forwards?

# Use internal transfers without authorizing the user for target URL
# Use your browser to forge unauthorized requests
# Use weblogs to identify redirects and forwards '''Correct'''
# Use policy mechanisms

State whether the following statement is True or False.
Most security issues are related to input and a user’s ability to interact with and control input.

# True '''Correct'''
# False

State whether the following statement is True or False.
If user input can be confused for instructions in the language or the way the language is applied, then the language is vulnerable to an injection attack.

# True '''Correct'''
# False

In which of the following scenarios should you use the escaping technique?

# When user input is echoed back to the user in HTML '''Correct'''
# When you need to validate any input as valid input
# When you are trying to protect against regular expression injection
# When you need to tell the interpreter that input is code

Which of the following is the best way to prevent unvalidated redirect and forwards vulnerabilities?

# Use an allow list, such as table indirection. '''Correct'''
# Use client-side validation.
# Allow only absolute redirects.
# Use session-based indirection.

OWASP Top 10 Threats and Mitigations Exam - Multiple Select

2011-08-02T14:26:44Z

Sandra Paiva:

'''Under Construction'''

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Multiple Select'''</center>

OWASP Top 10 Threats and Mitigations Exam - Single Select

2011-08-02T14:26:24Z

Sandra Paiva:

'''Under Construction'''

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions - Single Select'''</center>

OWASP Top 10 Threats and Mitigations Exam - Multiple Select

2011-08-02T14:25:40Z

Sandra Paiva: Created page with "'''Under Construction''' <center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center> <center></center> <center>'''Exam Questions'''</center>"

'''Under Construction'''

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions'''</center>

OWASP Top 10 Threats and Mitigations Exam - Single Select

2011-08-02T14:24:13Z

Sandra Paiva:

'''Under Construction'''

<center>'''Course Title: OWASP Top 10 Threats and Mitigation'''</center>

<center></center>

<center>'''Exam Questions'''</center>

OWASP Top 10 Threats and Mitigations Exam - Single Select

2011-08-02T14:21:54Z

Sandra Paiva: Created page with "'''Under Construction'''"

'''Under Construction'''

OWASP Training

2011-02-22T14:09:24Z

Sandra Paiva:

__NOTOC__

==== About ====

{| cellspacing="0" cellpadding="15" border="0" class="FCK__ShowTableBorders"
|-
| width="200" | [[Image:Banner OWASP Training page.gif|border|center|362x247px]]
|
=== OWASP Training - OWASP Projects and Resources you can use TODAY! ===

The main goal of '''OWASP Training''' is to support Local Chapters' training activities in a way that allows us to use a model that, despite specific and punctual adjustments, can be easily replicated and become the main frame for all Chapter-led training events.

Furthermore, we will use the concept “'''OWASP projects and resources you can use TODAY!'''”

In a nutshell, we are proposing a '''Chapter’s driven model with Local Chapter organization''' in which:

* The courses are '''free for OWASP members''' - being that by the time of the training event anyone may become a member if they desire to do so;
* The contents are '''OWASP projects focused''' – to promote the awareness of our Projects and the understanding of how they fit into an Enterprise's security ecosystem or in its Web Application Development Life-cycle;
* The '''costs''' are '''supported by a mix of funding''' - local chapter budget, external sponsorship, trainers sponsorship (i.e. trip and/or accommodation paid by themselves) and local chapter members’ sponsorship (i.e. taking trainers in as guests).

|-
| valign="top" colspan="2" |
'''If you would like to organize a training event of this sort''', please contact me after gathering the following information which will be our starting point:
* Date of the event;
* Venue and directions;
* Course’s details - with regard to the contents, we would suggest that the focus falls into the OWASP Projects with the most quality and Projects being developed by members of your local Chapter.

'''The role of the Local Chapters in reinforcing visibility of OWASP Projects within the local corporate communities and, by that, in encouraging the use and understanding of our tools and documentation is absolutely invaluable – do get involved!'''

If you are interested in '''being part of OWASP's pool of Trainers''', check our '''[http://www.owasp.org/index.php/OWASP_Training#tab=Trainers_Database_-_Call_for_Trainers.21 CALL FOR TRAINERS tab]''' and add your name!
|}

==== Initiatives ====

{| cellspacing="0" cellpadding="15" border="0" class="FCK__ShowTableBorders"
|-
| width="200" | [[Image:Banner OWASP Training page.gif|border|center|362x247px]]
| valign="top" |
*[http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_you_can_use_TODAY#tab=Training_-_April.2C_16th.2C_2010_.28Closed.29 London Training Day], April, 16th, 2010, London, UK

*[http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_you_can_use_TODAY#tab=Training_-_May.2C_28th.2C_2010 London Training Day], May, 28th, 2010, London, UK

*[[Benelux Training|BeNeLux Training Day]], December, 1st, 2010, Leuven, Belgium | Part of the [[BeNeLux OWASP Day 2010|BeNeLux OWASP Day 2010]]

*[[IBWAS10 Training|IBWAS'10 Training Day]], December, 16th, 2010, Lisbon, Portugal | Part of the [[IBWAS10|2nd OWASP Ibero-American Web Application Security Conference (IBWAS'10)]]

== ==

*[http://www.owasp.org/index.php/Ireland/Training/OWASP_projects_and_resources_you_can_use_TODAY Ireland Training Day], March, 11, 2011, Dublin, Ireland

*[http://www.owasp.org/index.php/France/OWASP_projects_and_resources_you_can_use_TODAY France Training Day], 26th April 2011, Paris, France

*[[NYNJ Training/OWASP Projects and Resources you can use TODAY!|NYNJ Training Day]], 1st Semester 2011 (date tbc), NY, US

|-
| valign="top" colspan="2" |
|}

==== '''Trainers Database - Call for Trainers!''' ====

{| cellspacing="0" cellpadding="15" border="0" class="FCK__ShowTableBorders"
|-
| width="200" | [[Image:Banner OWASP Training page.gif|border|center|362x247px]]
| valign="top" |
=== '''CALL FOR TRAINERS - Trainers drive's goal''' ===

'''OWASP is looking for trainers''' to deliver training under the flag “OWASP projects and resources you can use today”. This is a model of training which is '''free for OWASP members''', '''delivered by OWASP Leaders''' (with only travel expenses paid) and '''covering OWASP modules and/or projects'''.

'''If you are an OWASP Leader and would like to be included in OWASP's pool of trainers, this is your chance - add your name and info to the OWASP Trainers / Volunteers Table and be counted!'''

The role of the Local Chapters in reinforcing visibility of OWASP Projects within the local corporate communities and, by that, in encouraging the use and understanding of our tools and documentation is absolutely invaluable. In this context, the OWASP Training appears as an excellent vehicle to spread the knowledge and the word and that is why this is one of the areas we want to strongly focus on.

'''Click [[OWASP Trainers Database Conditions|here]] for rules and conditions.'''

|}

=== OWASP Trainers Database ===
{{Template:OWASP_Trainers_Volunteers/Columns}}
{{:OWASP_Trainers/Volunteer_1 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_2 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_3 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_4 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_5 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_6 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_7 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_8 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_9 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_10 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_11 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_12 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_14 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_15 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_16 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_17 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_18 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_19 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_20 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_21 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_22 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_23 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_24 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_25 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_26 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_27 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_28 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_29 | OWASP_Trainers_Volunteers/Row}}
{{:OWASP_Trainers/Volunteer_30 | OWASP_Trainers_Volunteers/Row}}
|}

==== Videos & Pictures ====

=== IBWAS'10 Training Day, 16 Dec 2010 ===

{{:IBWAS10 Videos and Pictures}}

==== Modules and Materials ====

{| cellspacing="0" cellpadding="15" border="0" class="FCK__ShowTableBorders"
|-
| width="200" | [[Image:Banner OWASP Training page.gif|border|center|362x247px]]
| valign="top" |
=== Training Modules ===

* [[OWASP/Training/OWASP AppSensor Project|OWASP AppSensor Project]]

* [[OWASP/Training/OWASP Code Crawler Project|OWASP Code Crawler Project]]

* [[OWASP/Training/OWASP Code Review Project|OWASP Code Review Project]]

* [[OWASP/Training/OWASP DirBuster Project|OWASP DirBuster Project]]

* [[OWASP/Training/OWASP ESAPI|OWASP ESAPI]]

* [[OWASP/Training/Guided tour of OWASP Projects|Guided tour of OWASP Projects]]

* [[OWASP/Training/OWASP O2 Platform|OWASP O2 Platform]]

* [[OWASP/Training/OWASP Secure Coding Practices - Quick Reference Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

* [[OWASP/Training/OWASP Software Assurance Maturity Model|OWASP Software Assurance Maturity Model (SAMM)]]

* [[OWASP/Training/OWASP Testing Guide|OWASP Testing Guide]]

* [[OWASP/Training/Threat Risk Modeling|OWASP Threat Risk Modeling]]

* [[OWASP/Training/OWASP Top 10|OWASP Top 10]]

* [[OWASP/Training/OWASP WebGoat Project|OWASP WebGoat Project]]

* [[OWASP/Training/OWASP WebScarab Project|OWASP WebScarab Project]]

* [[OWASP/Training/OWASP Webslayer Project|OWASP Webslayer Project]]

* [[OWASP/Training/Implementation of Enigform for Wordpress|OWASP Enigform (and Jify)]]

|-

| valign="top" colspan="2" |
=== OWASP Appsec Tutorial Series, by [[user:Jerryhoff|Jerry Hoff]] ===

* [http://www.youtube.com/watch?v=CDbWvEwBBxo Episode 1: Appsec Basics]
*[http://www.youtube.com/watch?v=pypTYPaU7mM Episode 2: Injection Attacks]

=== Other Training Materials ===

* [http://code.google.com/p/owasp-training/downloads/detail?name=OWASP%20Default%20Training.zip&can=2&q= OWASP Default Training]

* [http://code.google.com/p/owasp-training/downloads/detail?name=London%20Training%20May%2028th%202010.zip&can=2&q= London Training May 28th 2010]

* [http://code.google.com/p/owasp-training/downloads/detail?name=London%20Training%20April%2016th%202010.zip&can=2&q= London Training April 16th 2010]

* [http://www.owasp.org/index.php/File:Developing_Compliant_Applications.pdf Developing Compliant Applications (pdf)]

* [http://www.owasp.org/index.php/File:Developing_Secure_Applications_with_OWASP.pdf Developing Secure Applications with OWASP (pdf)]

=== Videos ===

'''IBWAS'10 Training Day sessions, 16th Dec 2010, Lisbon'''

{{:IBWAS10 Training Day Sessions}}

|}

==== Library of Links ====

{| cellspacing="0" cellpadding="15" border="0" class="FCK__ShowTableBorders"
|-
| width="200" | [[Image:Banner OWASP Training page.gif|border|center|362x247px]]
|
* Access to the collection of all pages associated to the [[:Category:OWASP Training|'''OWASP Training''']].
|}

==== Training Templates ====

{| cellspacing="0" cellpadding="15" border="0" class="FCK__ShowTableBorders"
|-
| width="200" | [[Image:Banner OWASP Training page.gif|border|center|362x247px]]
|
* If you want to organize an OWASP Free Training event, please check out the [[:Category:OWASP Free Training Templates|'''Training Templates''']].
|}

==== Training Logos ====

{{Template:OWASP Training Pictures }}

{{Template:OWASP_Training_Pictures_View
| Media_File1 = '''PROPOSAL 1A'''[[Image:Logo 1A.JPG]]
| Media_File2 = '''PROPOSAL 1B - Approved Version'''[[Image:Logo 1B.JPG]]
}}

{{Template:OWASP_Training_Pictures_View
| Media_File1 = '''PROPOSAL 2'''[[Image:Logo 2.JPG]]
| Media_File2 = '''PROPOSAL 3'''[[Image:Logo 3.JPG]]
}}

{{Template:OWASP_Training_Pictures_View
| Media_File1 = '''PROPOSAL 4'''[[Image:Logo 4.JPG]]
| Media_File2 =

}}

|}

<headertabs />

[[Category:OWASP_Training|Training]]

OWASP Training

2011-02-22T14:09:01Z

Sandra Paiva:

Summit 2011 Schedule Fixed

2011-02-10T18:10:08Z

Sandra Paiva:

Summit 2011 Schedule Dynamic

2011-02-10T18:06:34Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 957
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE =
| VillaE_Number =
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room [[Summit_2011_Working_Sessions/Session264|'''Planning South America/Central America AppSec''']] - Game Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE = 009
| VillaE_Number = 945
}}

|}

==== Friday, Feb 11 ====
The Friday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Friday, please add the name of the session, time and location to the Schedule that is posted on the Information wall in the Operations Room. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 12h00 - 13h30
| EventName = '''Closing Session''' Campo Real I Room
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch
}}

|}

__NOTOC__ <headertabs />

Summit 2011 Schedule Dynamic

2011-02-10T18:03:29Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 957
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE =
| VillaE_Number =
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room [[Summit_2011_Working_Sessions/Session264|'''Planning South America/Central America AppSec''']] - Game Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE = 009
| VillaE_Number = 945
}}

|}

==== Friday, Feb 11 ====
The Friday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Friday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Thursday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 12h00 - 13h30
| EventName = '''Closing Session''' Campo Real I Room
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch
}}

|}

__NOTOC__ <headertabs />

File:Summit Funding session.pptx

2011-02-10T17:22:23Z

Sandra Paiva: uploaded a new version of "File:Summit Funding session.pptx"

Summit 2011 Working Sessions/Session252

2011-02-10T17:19:45Z

Sandra Paiva:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._secure_coding.jpg]]
| summit_ws_logo = [[Image:WS._secure_coding.jpg]]
| summit_session_name = ESAPI framework integration
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session252
| mailing_list =

|-

| short_working_session_description =

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Schmidt
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session252
| session_home_page =  Summit_2011_Working_Sessions/Session252
}}

Summit 2011 Schedule Dynamic

2011-02-10T14:39:57Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 957
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE =
| VillaE_Number =
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room [[Summit_2011_Working_Sessions/Session264|'''Planning South America/Central America AppSec''']] - Game Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE = 009
| VillaE_Number = 945
}}

|}

==== Friday, Feb 11 ====
The Friday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Friday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Thursday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 14h00 - 15h00
| EventName = '''Closing Session''' Campo Real I Room
}}

|}

__NOTOC__ <headertabs />

Summit 2011 Schedule Dynamic

2011-02-10T14:19:24Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 957
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room [[Summit_2011_Working_Sessions/Session264|'''Planning South America/Central America AppSec''']] - Game Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE =
| VillaE_Number =
}}

|}

==== Friday, Feb 11 ====
The Friday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Friday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Thursday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 14h00 - 15h00
| EventName = '''Closing Session''' Campo Real I Room
}}

|}

__NOTOC__ <headertabs />

Summit 2011 Working Sessions/Session019

2011-02-10T12:47:41Z

Sandra Paiva:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Cecil Su
| summit_session_attendee_email2 = cecil.su@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2= GT
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Jason Taylor
| summit_session_attendee_email3 = jtaylor@securityinnovation.com
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._global_committees.jpg]]
| summit_ws_logo = [[Image:WS._global_commitee.jpg‎]]
| summit_session_name = Education
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019
| mailing_list =
|-

| short_working_session_description= Define goals for the up coming year

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=
Estimate how the past achievements do support the current educational developments
| summit_session_objective_name2 =
Evaluate how we can get the projects involved in developing (or at least reviewing) training material
| summit_session_objective_name3 =
Define new goals for the upcoming period
| summit_session_objective_name4 =
Define success factors for the upcoming period
| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = The OWASP 2011 Education Plan – describing the specific plans for education in 2011 with schedule, targets, action plans, etc…

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Martin Knobloch
| summit_session_leader_email1 = martin.knobloch@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-

| session_name_mask =  Session019
| session_home_page =  Summit_2011_Working_Sessions/Session019
}}

Summit 2011/Media

2011-02-10T12:31:19Z

Sandra Paiva:

=== Press Releases ===
* January, 28, 2011 - [http://www.owasp.org/images/d/db/Comunicado_OWASP_280110.pdf Portuguese] and [http://www.owasp.org/images/9/97/Pressrelease_OWASP_280110.pdf English] Versions.

=== Media Mentions ===

'''Mensagem de Jeff Williams, Membro da Board da Fundação OWASP''' (Portuguese)

"Na sequência da notícia “Especialistas alertam para falhas na segurança de sites portugueses”, publicada a 7 de Fevereiro pela Agência Lusa, a OWASP esclarece que a actual situação de Portugal não é diferente da de outros países da União Europeia. Aliás, é de enaltecer o envolvimento de Portugal com a OWASP no sentido de iniciar o processo de abordagem à segurança aplicacional e acreditamos que Portugal tem a oportunidade e a capacidade para liderar esta área critica das Tecnologias da Informação.
Queremos, com este email, salientar que as declarações feitas pelos elementos da OWASP, no âmbito da realização do referido artigo, tinham um objectivo de sensibilização e não o de causar nenhum tipo de equívoco ou dúvida relativamente à situação portuguesa.
Neste contexto, e se considerarem relevante, agradecemos à Agência Lusa o favor de divulgar este esclarecimento.
Cumprimentos,

Jeff Williams
OWASP Board Member"

'''Message of Jeff Williams, OWASP Board Member''' (English)

"OWASP requests a clarification on the article, “Especialistas alertam para falhas na segurança de sites portugueses” published on the 7th of February. We wish to make it absolutely clear that the application security situation in Portugal is no better or worse than other countries in the EU and the rest of the world. We commend Portugal for engaging with OWASP to start the process of engaging with these issues, and believe that Portugal has a very strong opportunity to be a leader in this critical area of IT. We apologize for any difficulty that the article may have caused.

Jeff Williams
OWASP Board Member"

*[http://www.sic.aeiou.pt/online/noticias/vida/Especialistas+alertam+para+falhas+na+seguranca+de+aplicacoes+dos+sites+portugueses.htm SIC Online]
*[http://www.tvi24.iol.pt/tecnologia/internet-sites-hackers-tvi24/1231818-4069.html TVI Online]
*[http://sol.sapo.pt/inicio/Tecnologia/Interior.aspx?content_id=11262 Semanário SOL]
*[http://economico.sapo.pt/noticias/hackers-profissionais-alertam-para-falhas-na-seguranca-dos-sites-portugueses_110708.html Diário Económico]
*[http://www.ionline.pt/conteudo/103526-hackers-profissionais-alertam-falhas-na-seguranca-nos-sites-portugueses I Online]
*[http://noticias.sapo.pt/tecnologia/ Tecnologia Sapo]
*[http://www.jn.pt/PaginaInicial/Tecnologia/Interior.aspx?content_id=1779281 Jornal de Notícias]
*[http://diario.iol.pt/noticia.html?id=1231816&div_id=4058 Diário IOL]
*[http://www.correiodominho.com/noticias.php?id=42900 Correio do Minho]
*[http://net.invirtus.net/?p=4763 Net Invirtus]
*[http://www.websegura.net/2011/02/hackers-profissionais-alertam-para-falhas-na-seguranca-dos-sites-portugueses/ Websegura]
*[http://www.dnoticias.pt/actualidade/mundo/249085-hackers-profissionais-alertam-para-vulnerabilidade-dos-sites-portugueses D Notícias]

*[http://search.twitter.com/search?q=OWASP+Summit Twitter]
*[http://www.linkedin.com/osview/canvas?_ch_page_id=1&_ch_panel_id=1&_ch_app_id=7083120&_applicationId=2000&_ownerId=0&appParams={%22go_to%22:%22events/511663%22,%22referrer%22:%22public%22} Linkedin]
*[http://www.portable-digital-video-recorder.com/owasp-world-summit-2011/ www.portable-digital-video-recorder.com]
*[http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6636.msg35608/topicseen,1/ www.ethicalhacker.net]
*[http://tek.sapo.pt/opiniao/muitos_sistemas_das_empresas_sao_colocados_e_1127314.html Tek Sapo]
*[http://www.fibra.pt/index.php?option=com_content&view=article&id=807:especialistas-mundiais-discutem-em-portugal-seguranca-na-internet&catid=35:internet&Itemid=59 Fibra]
*[http://www.bit.pt/ Bit]
*[http://noticias.comunidade.com.pt/noticia.asp?id=113236&t=OWASP-Summit-2011 Comunidade]
*[http://tek.sapo.pt/extras/site_do_dia/seguranca_em_primeiro_lugar_1126147.html Tek Sapo]
*[http://www.securityvibes.com/community/en/blog/2011/02/03/owasp-draws-up-xss-battle-plan Security Vibes]
*[http://blog.carlosserrao.net/owasp-summit-2011-here-i-go Carlos Serrão's Blog]
*[http://owasp.blogspot.com/2011/01/owasp-summit-js-challenge.html OWASP Summit JS Challenge]
*[http://www.malwarecity.com/community/index.php?app=blog&module=display&section=blog&blogid=23&showentry=3984 www.malwarecity.com]
*[http://diniscruz.blogspot.com/2011/02/participate-remotely-on-owasp-summit.html Dinis Cruz's Blog]
*[http://www.clerkendweller.com Clerkendweller Blog]: [http://www.clerkendweller.com/2010/12/24/Smartphone-Security here], [http://www.clerkendweller.com/2011/1/11/Zero-Harm-from-Applications here] and [http://www.clerkendweller.com/2011/2/7/OWASP-Application-Security-Summit-2011 here]

Summit 2011 Schedule Dynamic

2011-02-10T12:29:03Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 967
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room [[Summit_2011_Working_Sessions/Session264|'''Planning South America/Central America AppSec''']] - Game Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE =
| VillaE_Number =
}}

|}

==== Friday, Feb 11 ====
The Friday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Friday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Thursday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 14h00 - 15h00
| EventName = '''Closing Session''' Campo Real I Room
}}

|}

__NOTOC__ <headertabs />

Summit 2011 Schedule Dynamic

2011-02-10T12:13:23Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 967
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room [[Summit_2011_Working_Sessions/Session264|'''Planning South America/Central America AppSec''']] - Game Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE = 264
| VillaE_Number = 958
}}

|}

==== Friday, Feb 11 ====
The Friday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Friday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Thursday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 14h00 - 15h00
| EventName = '''Closing Session''' Campo Real I Room
}}

|}

__NOTOC__ <headertabs />

Summit 2011 Working Sessions/Session252

2011-02-10T12:10:32Z

Sandra Paiva:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._secure_coding.jpg]]
| summit_ws_logo = [[Image:WS._secure_coding.jpg]]
| summit_session_name = ESAPI framework integration
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session252
| mailing_list =

|-

| short_working_session_description =

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Jeff Williams
| summit_session_leader_email1 = jeff.williams@owasp.org
| summit_session_leader_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session252
| session_home_page =  Summit_2011_Working_Sessions/Session252
}}

Summit 2011 Schedule Dynamic

2011-02-10T12:08:57Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 967
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE = 264
| VillaE_Number = 958
}}

|}

==== Friday, Feb 11 ====
The Friday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Friday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Thursday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 =
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 14h00 - 15h00
| EventName = '''Closing Session''' Campo Real I Room
}}

|}

__NOTOC__ <headertabs />

Summit 2011/Media

2011-02-10T12:00:06Z

Sandra Paiva:

=== Press Releases ===
* January, 28, 2011 - [http://www.owasp.org/images/d/db/Comunicado_OWASP_280110.pdf Portuguese] and [http://www.owasp.org/images/9/97/Pressrelease_OWASP_280110.pdf English] Versions.

=== Media Mentions ===
*[http://search.twitter.com/search?q=OWASP+Summit Twitter]
*[http://www.linkedin.com/osview/canvas?_ch_page_id=1&_ch_panel_id=1&_ch_app_id=7083120&_applicationId=2000&_ownerId=0&appParams={%22go_to%22:%22events/511663%22,%22referrer%22:%22public%22} Linkedin]
*[http://www.portable-digital-video-recorder.com/owasp-world-summit-2011/ www.portable-digital-video-recorder.com]
*[http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6636.msg35608/topicseen,1/ www.ethicalhacker.net]
*[http://tek.sapo.pt/opiniao/muitos_sistemas_das_empresas_sao_colocados_e_1127314.html Tek Sapo]
*[http://www.fibra.pt/index.php?option=com_content&view=article&id=807:especialistas-mundiais-discutem-em-portugal-seguranca-na-internet&catid=35:internet&Itemid=59 Fibra]
*[http://www.bit.pt/ Bit]
*[http://noticias.comunidade.com.pt/noticia.asp?id=113236&t=OWASP-Summit-2011 Comunidade]
*[http://tek.sapo.pt/extras/site_do_dia/seguranca_em_primeiro_lugar_1126147.html Tek Sapo]
*[http://www.securityvibes.com/community/en/blog/2011/02/03/owasp-draws-up-xss-battle-plan Security Vibes]
*[http://blog.carlosserrao.net/owasp-summit-2011-here-i-go Carlos Serrão's Blog]
*[http://owasp.blogspot.com/2011/01/owasp-summit-js-challenge.html OWASP Summit JS Challenge]
*[http://www.malwarecity.com/community/index.php?app=blog&module=display&section=blog&blogid=23&showentry=3984 www.malwarecity.com]
*[http://diniscruz.blogspot.com/2011/02/participate-remotely-on-owasp-summit.html Dinis Cruz's Blog]
*[http://www.clerkendweller.com Clerkendweller Blog]: [http://www.clerkendweller.com/2010/12/24/Smartphone-Security here], [http://www.clerkendweller.com/2011/1/11/Zero-Harm-from-Applications here] and [http://www.clerkendweller.com/2011/2/7/OWASP-Application-Security-Summit-2011 here]

'''Mensagem de Jeff Williams, Membro da Board da Fundação OWASP''' (Portuguese)

"Na sequência da notícia “Especialistas alertam para falhas na segurança de sites portugueses”, publicada a 7 de Fevereiro pela Agência Lusa, a OWASP esclarece que a actual situação de Portugal não é diferente da de outros países da União Europeia. Aliás, é de enaltecer o envolvimento de Portugal com a OWASP no sentido de iniciar o processo de abordagem à segurança aplicacional e acreditamos que Portugal tem a oportunidade e a capacidade para liderar esta área critica das Tecnologias da Informação.
Queremos, com este email, salientar que as declarações feitas pelos elementos da OWASP, no âmbito da realização do referido artigo, tinham um objectivo de sensibilização e não o de causar nenhum tipo de equívoco ou dúvida relativamente à situação portuguesa.
Neste contexto, e se considerarem relevante, agradecemos à Agência Lusa o favor de divulgar este esclarecimento.
Cumprimentos,

Jeff Williams
OWASP Board Member"

'''Message of Jeff Williams, OWASP Board Member''' (English)

"OWASP requests a clarification on the article, “Especialistas alertam para falhas na segurança de sites portugueses” published on the 7th of February. We wish to make it absolutely clear that the application security situation in Portugal is no better or worse than other countries in the EU and the rest of the world. We commend Portugal for engaging with OWASP to start the process of engaging with these issues, and believe that Portugal has a very strong opportunity to be a leader in this critical area of IT. We apologize for any difficulty that the article may have caused.

Jeff Williams
OWASP Board Member"

*[http://www.sic.aeiou.pt/online/noticias/vida/Especialistas+alertam+para+falhas+na+seguranca+de+aplicacoes+dos+sites+portugueses.htm SIC Online]
*[http://www.tvi24.iol.pt/tecnologia/internet-sites-hackers-tvi24/1231818-4069.html TVI Online]
*[http://sol.sapo.pt/inicio/Tecnologia/Interior.aspx?content_id=11262 Semanário SOL]
*[http://economico.sapo.pt/noticias/hackers-profissionais-alertam-para-falhas-na-seguranca-dos-sites-portugueses_110708.html Diário Económico]
*[http://www.ionline.pt/conteudo/103526-hackers-profissionais-alertam-falhas-na-seguranca-nos-sites-portugueses I Online]
*[http://noticias.sapo.pt/tecnologia/ Tecnologia Sapo]
*[http://www.jn.pt/PaginaInicial/Tecnologia/Interior.aspx?content_id=1779281 Jornal de Notícias]
*[http://diario.iol.pt/noticia.html?id=1231816&div_id=4058 Diário IOL]
*[http://www.correiodominho.com/noticias.php?id=42900 Correio do Minho]
*[http://net.invirtus.net/?p=4763 Net Invirtus]
*[http://www.websegura.net/2011/02/hackers-profissionais-alertam-para-falhas-na-seguranca-dos-sites-portugueses/ Websegura]
*[http://www.dnoticias.pt/actualidade/mundo/249085-hackers-profissionais-alertam-para-vulnerabilidade-dos-sites-portugueses D Notícias]

Summit 2011/Media

2011-02-10T11:59:09Z

Sandra Paiva:

=== Press Releases ===
* January, 28, 2011 - [http://www.owasp.org/images/d/db/Comunicado_OWASP_280110.pdf Portuguese] and [http://www.owasp.org/images/9/97/Pressrelease_OWASP_280110.pdf English] Versions.

=== Media Mentions ===
*[http://search.twitter.com/search?q=OWASP+Summit Twitter]
*[http://www.linkedin.com/osview/canvas?_ch_page_id=1&_ch_panel_id=1&_ch_app_id=7083120&_applicationId=2000&_ownerId=0&appParams={%22go_to%22:%22events/511663%22,%22referrer%22:%22public%22} Linkedin]
*[http://www.portable-digital-video-recorder.com/owasp-world-summit-2011/ www.portable-digital-video-recorder.com]
*[http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6636.msg35608/topicseen,1/ www.ethicalhacker.net]
*[http://tek.sapo.pt/opiniao/muitos_sistemas_das_empresas_sao_colocados_e_1127314.html Tek Sapo]
*[http://www.fibra.pt/index.php?option=com_content&view=article&id=807:especialistas-mundiais-discutem-em-portugal-seguranca-na-internet&catid=35:internet&Itemid=59 Fibra]
*[http://www.bit.pt/ Bit]
*[http://noticias.comunidade.com.pt/noticia.asp?id=113236&t=OWASP-Summit-2011 Comunidade]
*[http://tek.sapo.pt/extras/site_do_dia/seguranca_em_primeiro_lugar_1126147.html Tek Sapo]
*[http://www.securityvibes.com/community/en/blog/2011/02/03/owasp-draws-up-xss-battle-plan Security Vibes]
*[http://blog.carlosserrao.net/owasp-summit-2011-here-i-go Carlos Serrão's Blog]
*[http://owasp.blogspot.com/2011/01/owasp-summit-js-challenge.html OWASP Summit JS Challenge]
*[http://www.malwarecity.com/community/index.php?app=blog&module=display&section=blog&blogid=23&showentry=3984 www.malwarecity.com]
*[http://diniscruz.blogspot.com/2011/02/participate-remotely-on-owasp-summit.html Dinis Cruz's Blog]
*[http://www.clerkendweller.com Clerkendweller Blog]: [http://www.clerkendweller.com/2010/12/24/Smartphone-Security here], [http://www.clerkendweller.com/2011/1/11/Zero-Harm-from-Applications here] and [http://www.clerkendweller.com/2011/2/7/OWASP-Application-Security-Summit-2011 here]

'''Mensagem de Jeff Williams, Membro da Board da Fundação OWASP''' (Portuguese)

"Na sequência da notícia “Especialistas alertam para falhas na segurança de sites portugueses”, publicada a 7 de Fevereiro pela Agência Lusa, a OWASP esclarece que a actual situação de Portugal não é diferente da de outros países da União Europeia. Aliás, é de enaltecer o envolvimento de Portugal com a OWASP no sentido de iniciar o processo de abordagem à segurança aplicacional e acreditamos que Portugal tem a oportunidade e a capacidade para liderar esta área critica das Tecnologias da Informação.
Queremos, com este email, salientar que as declarações feitas pelos elementos da OWASP, no âmbito da realização do referido artigo, tinham um objectivo de sensibilização e não o de causar nenhum tipo de equívoco ou dúvida relativamente à situação portuguesa.
Neste contexto, e se considerarem relevante, agradecemos à Agência Lusa o favor de divulgar este esclarecimento.
Cumprimentos,

Jeff Williams
OWASP Board Member"

'''Message of Jeff Williams, OWASP Board Member''' (English)

"OWASP requests a clarification on the article, “Especialistas alertam para falhas na segurança de sites portugueses” published on the 7th of February. We wish to make it absolutely clear that the application security situation in Portugal is no better or worse than other countries in the EU and the rest of the world. We commend Portugal for engaging with OWASP to start the process of engaging with these issues, and believe that Portugal has a very strong opportunity to be a leader in this critical area of IT. We apologize for any difficulty that the article may have caused.

Jeff Williams
OWASP Board Member"

*[http://www.sic.aeiou.pt/online/noticias/vida/Especialistas+alertam+para+falhas+na+seguranca+de+aplicacoes+dos+sites+portugueses.htm SIC Online]
*[http://www.tvi24.iol.pt/tecnologia/internet-sites-hackers-tvi24/1231818-4069.html TVI Online]
*[http://sol.sapo.pt/inicio/Tecnologia/Interior.aspx?content_id=11262 Semanário SOL]
*[http://economico.sapo.pt/noticias/hackers-profissionais-alertam-para-falhas-na-seguranca-dos-sites-portugueses_110708.html Diário Económico]
*[http://www.ionline.pt/conteudo/103526-hackers-profissionais-alertam-falhas-na-seguranca-nos-sites-portugueses I Online]
*[http://noticias.sapo.pt/tecnologia/ Tecnologia Sapo]
*[http://www.jn.pt/PaginaInicial/Tecnologia/Interior.aspx?content_id=1779281 Jornal de Notícias]
*[http://diario.iol.pt/noticia.html?id=1231816&div_id=4058 Diário IOL]
*[http://www.correiodominho.com/noticias.php?id=42900 Correio do Minho]
*[http://net.invirtus.net/?p=4763 Net Invirtus]
*[http://www.websegura.net/2011/02/hackers-profissionais-alertam-para-falhas-na-seguranca-dos-sites-portugueses/ Websegura]
*[http://www.dnoticias.pt/actualidade/mundo/249085-hackers-profissionais-alertam-para-vulnerabilidade-dos-sites-portugueses D Notícias]

Summit 2011 Working Sessions/Session077

2011-02-10T11:28:15Z

Sandra Paiva:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Dinis Cruz
| summit_session_attendee_email2 = dinis.cruz@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mark Bristow
| summit_session_attendee_email3 = mark.bristow@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3= Securicon LLC
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Doug Wilson
| summit_session_attendee_email4 = dougDOTwilsonATowaspDOTorg
| summit_session_attendee_username4 = Dallendoug
| summit_session_attendee_company4= [http://www.mandiant.com Mandiant]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Concern about balancing growth of OWASP with evolutionary requirements. Most organizations fail to manage their growth, would like to see OWASP not go the same way.

| summit_session_attendee_name5 = Martin Knobloch
| summit_session_attendee_email5 = martin.knobloch@owasp.org
| summit_session_attendee_username5 = knoblochmartin
| summit_session_attendee_company5= PervaSec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._owasp.jpg]]
| summit_ws_logo = [[Image:WS._owasp.jpg]]
| summit_session_name = OWASP funding and CEO discussion
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077
| mailing_list =
|-

| short_working_session_description= The Summit has been a great opportunity for establishing contacts and relationships with representatives of the corporate world. This session aims to review the current OWASP funding model and start discussing ways of creating synergies with companies and originate new opportunities of funding for OWASP.
 
This session will also serve as a lead in to additional discussions around the organizational model and set a baseline for the topic of what professional roles should ixist inside the OWASP organization, including the proposal for the role of a CEO.

See the [[Talk:Summit_2011_Working_Sessions/Session077|'''Discussion''']] page for Arguments for and against OWASP Hiring a CEO

PowerPoint presentation [http://www.owasp.org/index.php/File:Summit_Funding_session.pptx '''HERE''']

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = For information related to the CEO discussion please see the '''[[Talk:Summit 2011 Working Sessions/Session077|Discussion]]''' page.

|-

|summit_session_deliverable_name1 = A process for gathering and addressing suggestions for new OWASP funding opportunities.

|summit_session_deliverable_name2 = A recommendation on whether or not the investment in a CEO would be cost-effective.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Keith Turpin
| summit_session_leader_email1 = keith.turpin@owasp.org
| summit_session_leader_username1 = Keith_Turpin

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session077
| session_home_page =  Summit_2011_Working_Sessions/Session077
}}

Summit 2011 Working Sessions/Session077

2011-02-10T11:26:56Z

Sandra Paiva:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Dinis Cruz
| summit_session_attendee_email2 = dinis.cruz@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mark Bristow
| summit_session_attendee_email3 = mark.bristow@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3= Securicon LLC
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Doug Wilson
| summit_session_attendee_email4 = dougDOTwilsonATowaspDOTorg
| summit_session_attendee_username4 = Dallendoug
| summit_session_attendee_company4= [http://www.mandiant.com Mandiant]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Concern about balancing growth of OWASP with evolutionary requirements. Most organizations fail to manage their growth, would like to see OWASP not go the same way.

| summit_session_attendee_name5 = Martin Knobloch
| summit_session_attendee_email5 = martin.knobloch@owasp.org
| summit_session_attendee_username5 = knoblochmartin
| summit_session_attendee_company5= PervaSec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._owasp.jpg]]
| summit_ws_logo = [[Image:WS._owasp.jpg]]
| summit_session_name = OWASP funding and CEO discussion
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077
| mailing_list =
|-

| short_working_session_description= The Summit has been a great opportunity for establishing contacts and relationships with representatives of the corporate world. This session aims to review the current OWASP funding model and start discussing ways of creating synergies with companies and originate new opportunities of funding for OWASP.
 
This session will also serve as a lead in to additional discussions around the organizational model and set a baseline for the topic of what professional roles should ixist inside the OWASP organization, including the proposal for the role of a CEO.

See the [[Talk:Summit_2011_Working_Sessions/Session077|'''Discussion''']] page for Arguments for and against OWASP Hiring a CEO

PowerPoint presentation [[File:Summit Funding session.pptx|'''HERE''']]

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = For information related to the CEO discussion please see the '''[[Talk:Summit 2011 Working Sessions/Session077|Discussion]]''' page.

|-

|summit_session_deliverable_name1 = A process for gathering and addressing suggestions for new OWASP funding opportunities.

|summit_session_deliverable_name2 = A recommendation on whether or not the investment in a CEO would be cost-effective.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Keith Turpin
| summit_session_leader_email1 = keith.turpin@owasp.org
| summit_session_leader_username1 = Keith_Turpin

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session077
| session_home_page =  Summit_2011_Working_Sessions/Session077
}}

File:Summit Funding session.pptx

2011-02-10T11:25:19Z

Sandra Paiva:

Summit 2011/Media

2011-02-10T11:23:05Z

Sandra Paiva:

=== Press Releases ===
* January, 28, 2011 - [http://www.owasp.org/images/d/db/Comunicado_OWASP_280110.pdf Portuguese] and [http://www.owasp.org/images/9/97/Pressrelease_OWASP_280110.pdf English] Versions.

=== Media Mentions ===
*[http://search.twitter.com/search?q=OWASP+Summit Twitter]
*[http://www.linkedin.com/osview/canvas?_ch_page_id=1&_ch_panel_id=1&_ch_app_id=7083120&_applicationId=2000&_ownerId=0&appParams={%22go_to%22:%22events/511663%22,%22referrer%22:%22public%22} Linkedin]
*[http://www.portable-digital-video-recorder.com/owasp-world-summit-2011/ www.portable-digital-video-recorder.com]
*[http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6636.msg35608/topicseen,1/ www.ethicalhacker.net]
*[http://tek.sapo.pt/opiniao/muitos_sistemas_das_empresas_sao_colocados_e_1127314.html Tek Sapo]
*[http://www.fibra.pt/index.php?option=com_content&view=article&id=807:especialistas-mundiais-discutem-em-portugal-seguranca-na-internet&catid=35:internet&Itemid=59 Fibra]
*[http://www.bit.pt/ Bit]
*[http://noticias.comunidade.com.pt/noticia.asp?id=113236&t=OWASP-Summit-2011 Comunidade]
*[http://tek.sapo.pt/extras/site_do_dia/seguranca_em_primeiro_lugar_1126147.html Tek Sapo]
*[http://www.securityvibes.com/community/en/blog/2011/02/03/owasp-draws-up-xss-battle-plan Security Vibes]
*[http://blog.carlosserrao.net/owasp-summit-2011-here-i-go Carlos Serrão's Blog]
*[http://owasp.blogspot.com/2011/01/owasp-summit-js-challenge.html OWASP Summit JS Challenge]
*[http://www.malwarecity.com/community/index.php?app=blog&module=display&section=blog&blogid=23&showentry=3984 www.malwarecity.com]
*[http://diniscruz.blogspot.com/2011/02/participate-remotely-on-owasp-summit.html Dinis Cruz's Blog]
*[http://www.clerkendweller.com Clerkendweller Blog]: [http://www.clerkendweller.com/2010/12/24/Smartphone-Security here], [http://www.clerkendweller.com/2011/1/11/Zero-Harm-from-Applications here] and [http://www.clerkendweller.com/2011/2/7/OWASP-Application-Security-Summit-2011 here]

*[http://www.sic.aeiou.pt/online/noticias/vida/Especialistas+alertam+para+falhas+na+seguranca+de+aplicacoes+dos+sites+portugueses.htm SIC Online]
*[http://www.tvi24.iol.pt/tecnologia/internet-sites-hackers-tvi24/1231818-4069.html TVI Online]
*[http://sol.sapo.pt/inicio/Tecnologia/Interior.aspx?content_id=11262 Semanário SOL]
*[http://economico.sapo.pt/noticias/hackers-profissionais-alertam-para-falhas-na-seguranca-dos-sites-portugueses_110708.html Diário Económico]
*[http://www.ionline.pt/conteudo/103526-hackers-profissionais-alertam-falhas-na-seguranca-nos-sites-portugueses I Online]
*[http://noticias.sapo.pt/tecnologia/ Tecnologia Sapo]
*[http://www.jn.pt/PaginaInicial/Tecnologia/Interior.aspx?content_id=1779281 Jornal de Notícias]
*[http://diario.iol.pt/noticia.html?id=1231816&div_id=4058 Diário IOL]
*[http://www.correiodominho.com/noticias.php?id=42900 Correio do Minho]
*[http://net.invirtus.net/?p=4763 Net Invirtus]
*[http://www.websegura.net/2011/02/hackers-profissionais-alertam-para-falhas-na-seguranca-dos-sites-portugueses/ Websegura]
*[http://www.dnoticias.pt/actualidade/mundo/249085-hackers-profissionais-alertam-para-vulnerabilidade-dos-sites-portugueses D Notícias]

Summit 2011/Media

2011-02-10T11:13:48Z

Sandra Paiva:

=== Press Releases ===
* January, 28, 2011 - [http://www.owasp.org/images/d/db/Comunicado_OWASP_280110.pdf Portuguese] and [http://www.owasp.org/images/9/97/Pressrelease_OWASP_280110.pdf English] Versions.

=== Media Mentions ===
*[http://search.twitter.com/search?q=OWASP+Summit Twitter]
*[http://www.linkedin.com/osview/canvas?_ch_page_id=1&_ch_panel_id=1&_ch_app_id=7083120&_applicationId=2000&_ownerId=0&appParams={%22go_to%22:%22events/511663%22,%22referrer%22:%22public%22} Linkedin]
*[http://www.portable-digital-video-recorder.com/owasp-world-summit-2011/ www.portable-digital-video-recorder.com]
*[http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6636.msg35608/topicseen,1/ www.ethicalhacker.net]
*[http://tek.sapo.pt/opiniao/muitos_sistemas_das_empresas_sao_colocados_e_1127314.html Tek Sapo]
*[http://www.fibra.pt/index.php?option=com_content&view=article&id=807:especialistas-mundiais-discutem-em-portugal-seguranca-na-internet&catid=35:internet&Itemid=59 Fibra]
*[http://www.bit.pt/ Bit]
*[http://noticias.comunidade.com.pt/noticia.asp?id=113236&t=OWASP-Summit-2011 Comunidade]
*[http://tek.sapo.pt/extras/site_do_dia/seguranca_em_primeiro_lugar_1126147.html Tek Sapo]
*[http://www.securityvibes.com/community/en/blog/2011/02/03/owasp-draws-up-xss-battle-plan Security Vibes]
*[http://blog.carlosserrao.net/owasp-summit-2011-here-i-go Carlos Serrão's Blog]
*[http://owasp.blogspot.com/2011/01/owasp-summit-js-challenge.html OWASP Summit JS Challenge]
*[http://www.malwarecity.com/community/index.php?app=blog&module=display&section=blog&blogid=23&showentry=3984 www.malwarecity.com]
*[http://diniscruz.blogspot.com/2011/02/participate-remotely-on-owasp-summit.html Dinis Cruz's Blog]
*[http://www.clerkendweller.com Clerkendweller Blog]: [http://www.clerkendweller.com/2010/12/24/Smartphone-Security here], [http://www.clerkendweller.com/2011/1/11/Zero-Harm-from-Applications here] and [http://www.clerkendweller.com/2011/2/7/OWASP-Application-Security-Summit-2011 here]

*[http://www.sic.aeiou.pt/online/noticias/vida/Especialistas+alertam+para+falhas+na+seguranca+de+aplicacoes+dos+sites+portugueses.htm SIC Online(Television)]

Summit 2011 Schedule Dynamic

2011-02-10T10:53:29Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 967
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE = 264
| VillaE_Number = 958
}}

|}
__NOTOC__ <headertabs />

Summit 2011 Working Sessions/Session264

2011-02-10T10:52:26Z

Sandra Paiva: Created page with "{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude> |- | summit_session_attendee_name1 = | summit_session_attendee_email1..."

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._owasp.jpg]]
| summit_ws_logo = [[Image:WS._owasp.jpg‎]]
| summit_session_name = Planning South America/Central America AppSec
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session264
| mailing_list =

|-

| short_working_session_description =

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Mateo Martinez
| summit_session_leader_email1 = mateo.martinez@owasp.org
| summit_session_leader_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session264
| session_home_page =  Summit_2011_Working_Sessions/Session264
}}

Category:Summit 2011 Tracks

2011-02-10T10:50:15Z

Sandra Paiva:

<noinclude>[[Summit_2011 | '''Back to main Summit 2011 page''']]
</noinclude>
=Introduction=
Click on the working session name to see the home page for that particular session. During the Summit those working session home pages will be used to document discussions and outcomes.

If you're interested in adding a Working Session for the 2011 Summit, there still is time to start a session! Please review the [[Working Sessions Methodology|Working Session methodology]] for Working Session rules.

=[[Image:T._metrics.jpg|link=:Category:Summit_2011_Metrics_Track]] [[:Category:Summit_2011_Metrics_Track|Category: Summit 2011 Metrics Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session055 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session056 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session057 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session058 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session059 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session085 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session086 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session256 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Metrics | See Track Details]]</includeonly>

=[[Image:T._browser_security.jpg|link=:Category:Summit_2011_Browser_Security_Track]] [[:Category:Summit_2011_Browser_Security_Track|Category: Summit 2011 Browser Security Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session001 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session002 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session003 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session004 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session005 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session006 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session007 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session008 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session046 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session087 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session0207 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session254 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track:_Browser_Security | See Track Details]]</includeonly>

=[[Image:T._cross_site.jpg|link=Category:Summit_2011_XSS_Eradication_Track]] [[:Category:Summit_2011_XSS_Eradication_Track|Category: Summit 2011 XSS Eradication Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session009 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session010 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session043 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session044 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session045 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session049 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session038 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Cross-Site Scripting Eradication | See Track Details]]</includeonly>

=[[Image:T._mitigation.jpg|link=:Category:Summit_2011_Mitigation_Track]] [[:Category:Summit_2011_Mitigation_Track|Category: Summit 2011 Mitigation Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session091 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session092 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session093 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session094 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session095 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session096 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session097 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Mitigation | See Track Details]]</includeonly>

=[[Image:T._university.jpg|link=:Category:Summit_2011_University_Education_Training_Track]] [[:Category:Summit_2011_University_Education_Training_Track|Category: Summit 2011 University Education Training Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session012 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session024 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session040 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session041 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session042 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session069 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session088 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session089 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session039 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session204 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session250 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session255 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session259 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session261 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: University Outreach, Education, and Training | See Track Details]]</includeonly>

=[[Image:T._secure_coding.jpg|link=:Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track]] [[:Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track|Category: Summit 2011 OWASP Secure Coding Workshop Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session025 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session026 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session027 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session028 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session029 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session030 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session031 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session033 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session034 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session047 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session252 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP Secure Coding Workshop | See Track Details]]</includeonly>

=[[Image:T._individual_projects.jpg|link=:Category:Summit_2011_Individual_OWASP_Projects_Track]] [[:Category:Summit_2011_Individual_OWASP_Projects_Track |Category: Summit 2011 Individual OWASP Projects Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session063 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session065 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session066 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session067 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session068 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session052 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session053 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session048 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session099 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session200 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session201 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session202 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session203 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session205 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session253 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session257 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session260 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Individual OWASP Projects | See Track Details]]</includeonly>

=[[Image:T._global_committees.jpg|link=:Category:Summit_2011_OWASP_Governance_Track]] [[:Category:Summit_2011_OWASP_Governance_Track|Category: Summit 2011 OWASP Governance Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session013 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session014 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session015 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session016 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session017 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session018 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session019 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session020 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session071 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session076 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session035 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session037 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session054 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session251 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session262 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session263 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP Governance | See Track Details]]</includeonly>

=[[Image:T._owasp.jpg|link=:Category:Summit_2011_OWASP_Track]] [[:Category:Summit_2011_OWASP_Track|Category: Summit 2011 OWASP Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session021 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session022 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session023 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session070 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session072 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session073 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session074 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session075 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session060 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session061 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session077 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session078 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session079 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session080 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session082 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session084 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session090 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session036 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session098 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session100 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session101 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session102 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session103 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session104 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session105 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session264 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP | See Track Details]]</includeonly><noinclude>[[Category:Summit_2011]]</noinclude>

Summit 2011 Schedule Dynamic

2011-02-10T10:31:03Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 967
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time [[Summit_2011_Working_Sessions/Session077|'''Global Conferences Committee Monthly Meeting''']] - Lusitano Room 
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE =
| VillaE_Number =
}}

|}
__NOTOC__ <headertabs />

Category:Summit 2011 Tracks

2011-02-10T10:28:45Z

Sandra Paiva:

<noinclude>[[Summit_2011 | '''Back to main Summit 2011 page''']]
</noinclude>
=Introduction=
Click on the working session name to see the home page for that particular session. During the Summit those working session home pages will be used to document discussions and outcomes.

If you're interested in adding a Working Session for the 2011 Summit, there still is time to start a session! Please review the [[Working Sessions Methodology|Working Session methodology]] for Working Session rules.

=[[Image:T._metrics.jpg|link=:Category:Summit_2011_Metrics_Track]] [[:Category:Summit_2011_Metrics_Track|Category: Summit 2011 Metrics Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session055 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session056 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session057 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session058 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session059 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session085 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session086 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session256 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Metrics | See Track Details]]</includeonly>

=[[Image:T._browser_security.jpg|link=:Category:Summit_2011_Browser_Security_Track]] [[:Category:Summit_2011_Browser_Security_Track|Category: Summit 2011 Browser Security Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session001 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session002 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session003 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session004 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session005 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session006 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session007 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session008 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session046 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session087 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session0207 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session254 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track:_Browser_Security | See Track Details]]</includeonly>

=[[Image:T._cross_site.jpg|link=Category:Summit_2011_XSS_Eradication_Track]] [[:Category:Summit_2011_XSS_Eradication_Track|Category: Summit 2011 XSS Eradication Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session009 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session010 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session043 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session044 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session045 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session049 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session038 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Cross-Site Scripting Eradication | See Track Details]]</includeonly>

=[[Image:T._mitigation.jpg|link=:Category:Summit_2011_Mitigation_Track]] [[:Category:Summit_2011_Mitigation_Track|Category: Summit 2011 Mitigation Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session091 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session092 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session093 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session094 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session095 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session096 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session097 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Mitigation | See Track Details]]</includeonly>

=[[Image:T._university.jpg|link=:Category:Summit_2011_University_Education_Training_Track]] [[:Category:Summit_2011_University_Education_Training_Track|Category: Summit 2011 University Education Training Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session012 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session024 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session040 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session041 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session042 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session069 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session088 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session089 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session039 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session204 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session250 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session255 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session259 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session261 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: University Outreach, Education, and Training | See Track Details]]</includeonly>

=[[Image:T._secure_coding.jpg|link=:Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track]] [[:Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track|Category: Summit 2011 OWASP Secure Coding Workshop Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session025 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session026 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session027 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session028 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session029 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session030 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session031 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session033 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session034 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session047 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session252 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP Secure Coding Workshop | See Track Details]]</includeonly>

=[[Image:T._individual_projects.jpg|link=:Category:Summit_2011_Individual_OWASP_Projects_Track]] [[:Category:Summit_2011_Individual_OWASP_Projects_Track |Category: Summit 2011 Individual OWASP Projects Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session063 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session065 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session066 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session067 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session068 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session052 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session053 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session048 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session099 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session200 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session201 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session202 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session203 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session205 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session253 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session257 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session260 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Individual OWASP Projects | See Track Details]]</includeonly>

=[[Image:T._global_committees.jpg|link=:Category:Summit_2011_OWASP_Governance_Track]] [[:Category:Summit_2011_OWASP_Governance_Track|Category: Summit 2011 OWASP Governance Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session013 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session014 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session015 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session016 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session017 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session018 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session019 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session020 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session071 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session076 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session035 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session037 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session054 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session251 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session262 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session263 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP Governance | See Track Details]]</includeonly>

=[[Image:T._owasp.jpg|link=:Category:Summit_2011_OWASP_Track]] [[:Category:Summit_2011_OWASP_Track|Category: Summit 2011 OWASP Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session021 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session022 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session023 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session070 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session072 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session073 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session074 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session075 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session060 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session061 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session077 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session078 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session079 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session080 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session082 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session084 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session090 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session036 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session098 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session100 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session101 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session102 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session103 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session104 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session105 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP | See Track Details]]</includeonly><noinclude>[[Category:Summit_2011]]</noinclude>

Summit 2011 Working Sessions/Session077/Deliverable 2

2011-02-10T10:27:05Z

Sandra Paiva: Created page with "== Deliverable 2 == '''A recommendation on whether or not the investment in a CEO would be cost-effective.''' To be filled in."

== Deliverable 2 ==

'''A recommendation on whether or not the investment in a CEO would be cost-effective.'''

To be filled in.

Summit 2011 Working Sessions/Session077

2011-02-10T10:26:29Z

Sandra Paiva:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Dinis Cruz
| summit_session_attendee_email2 = dinis.cruz@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mark Bristow
| summit_session_attendee_email3 = mark.bristow@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3= Securicon LLC
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Doug Wilson
| summit_session_attendee_email4 = dougDOTwilsonATowaspDOTorg
| summit_session_attendee_username4 = Dallendoug
| summit_session_attendee_company4= [http://www.mandiant.com Mandiant]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Concern about balancing growth of OWASP with evolutionary requirements. Most organizations fail to manage their growth, would like to see OWASP not go the same way.

| summit_session_attendee_name5 = Martin Knobloch
| summit_session_attendee_email5 = martin.knobloch@owasp.org
| summit_session_attendee_username5 = knoblochmartin
| summit_session_attendee_company5= PervaSec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._owasp.jpg]]
| summit_ws_logo = [[Image:WS._owasp.jpg]]
| summit_session_name = OWASP funding and CEO discussion
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077
| mailing_list =
|-

| short_working_session_description= The Summit has been a great opportunity for establishing contacts and relationships with representatives of the corporate world. This session aims to review the current OWASP funding model and start discussing ways of creating synergies with companies and originate new opportunities of funding for OWASP.
 
This session will also serve as a lead in to additional discussions around the organizational model and set a baseline for the topic of what professional roles should ixist inside the OWASP organization, including the proposal for the role of a CEO.

See the [[Talk:Summit_2011_Working_Sessions/Session077|'''Discussion''']] page for Arguments for and against OWASP Hiring a CEO

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = For information related to the CEO discussion please see the '''[[Talk:Summit 2011 Working Sessions/Session077|Discussion]]''' page.

|-

|summit_session_deliverable_name1 = A process for gathering and addressing suggestions for new OWASP funding opportunities.

|summit_session_deliverable_name2 = A recommendation on whether or not the investment in a CEO would be cost-effective.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Keith Turpin
| summit_session_leader_email1 = keith.turpin@owasp.org
| summit_session_leader_username1 = Keith_Turpin

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session077
| session_home_page =  Summit_2011_Working_Sessions/Session077
}}

Summit 2011 Working Sessions/Session077

2011-02-09T19:34:02Z

Sandra Paiva:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
| summit_session_attendee_username1 =
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Dinis Cruz
| summit_session_attendee_email2 = dinis.cruz@owasp.org
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mark Bristow
| summit_session_attendee_email3 = mark.bristow@owasp.org
| summit_session_attendee_username3 =
| summit_session_attendee_company3= Securicon LLC
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Doug Wilson
| summit_session_attendee_email4 = dougDOTwilsonATowaspDOTorg
| summit_session_attendee_username4 = Dallendoug
| summit_session_attendee_company4= [http://www.mandiant.com Mandiant]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Concern about balancing growth of OWASP with evolutionary requirements. Most organizations fail to manage their growth, would like to see OWASP not go the same way.

| summit_session_attendee_name5 = Martin Knobloch
| summit_session_attendee_email5 = martin.knobloch@owasp.org
| summit_session_attendee_username5 = knoblochmartin
| summit_session_attendee_company5= PervaSec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._owasp.jpg]]
| summit_ws_logo = [[Image:WS._owasp.jpg]]
| summit_session_name = OWASP funding and CEO discussion
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077
| mailing_list =
|-

| short_working_session_description= As OWASP grows, a number of critical decisions needs to be made in terms of where OWASP allocates its limited financial resources. For example should OWASP hire a CEO or should it hire other type of staff? This working session will cover both sides of the question and hopefully reach a conclusion and proposal for OWASP Board vote

See the [[Talk:Summit_2011_Working_Sessions/Session077]] page for Arguments for and against OWASP Hiring a CEO

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = Please see the '''[[Talk:Summit 2011 Working Sessions/Session077|Discussion]]''' page.

|-

|summit_session_deliverable_name1 = A white paper analyzing the governance structure of OWASP and recommending whether or not the investment in a CEO would be cost-effective.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Keith Turpin
| summit_session_leader_email1 = keith.turpin@owasp.org
| summit_session_leader_username1 = Keith_Turpin

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session077
| session_home_page =  Summit_2011_Working_Sessions/Session077
}}

Summit 2011 Schedule Dynamic

2011-02-09T17:44:49Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 967
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room [[Summit_2011_Working_Sessions/Session072|'''Developer Outreach''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE =
| VillaE_Number =
}}

|}
__NOTOC__ <headertabs />

Summit 2011 Schedule Dynamic

2011-02-09T17:42:12Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 967
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session263|'''Industry - Banking/Finance''']] - Game Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE =
| VillaE_Number =
}}

|}
__NOTOC__ <headertabs />

Summit 2011 Working Sessions/Session263

2011-02-09T17:39:42Z

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._global_committees.jpg]]
| summit_ws_logo = [[Image:WS._global_commitee.jpg‎]]
| summit_session_name = Industry - Banking/Finance
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session263
| mailing_list = https://lists.owasp.org/mailman/listinfo/global_industry_committee

|-

| short_working_session_description =

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Eoin Keary
| summit_session_leader_email1 = eoin.keary@owasp.org
| summit_session_leader_username1 = EoinKeary

| summit_session_leader_name2 = Colin Watson
| summit_session_leader_email2 = colin.watson@owasp.org
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session263
| session_home_page =  Summit_2011_Working_Sessions/Session263
}}

Category:Summit 2011 Tracks

2011-02-09T17:35:57Z

Sandra Paiva:

<noinclude>[[Summit_2011 | '''Back to main Summit 2011 page''']]
</noinclude>
=Introduction=
Click on the working session name to see the home page for that particular session. During the Summit those working session home pages will be used to document discussions and outcomes.

If you're interested in adding a Working Session for the 2011 Summit, there still is time to start a session! Please review the [[Working Sessions Methodology|Working Session methodology]] for Working Session rules.

=[[Image:T._metrics.jpg|link=:Category:Summit_2011_Metrics_Track]] [[:Category:Summit_2011_Metrics_Track|Category: Summit 2011 Metrics Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session055 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session056 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session057 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session058 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session059 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session085 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session086 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session256 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Metrics | See Track Details]]</includeonly>

=[[Image:T._browser_security.jpg|link=:Category:Summit_2011_Browser_Security_Track]] [[:Category:Summit_2011_Browser_Security_Track|Category: Summit 2011 Browser Security Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session001 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session002 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session003 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session004 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session005 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session006 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session007 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session008 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session046 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session087 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session0207 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session254 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track:_Browser_Security | See Track Details]]</includeonly>

=[[Image:T._cross_site.jpg|link=Category:Summit_2011_XSS_Eradication_Track]] [[:Category:Summit_2011_XSS_Eradication_Track|Category: Summit 2011 XSS Eradication Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session009 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session010 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session043 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session044 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session045 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session049 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session038 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Cross-Site Scripting Eradication | See Track Details]]</includeonly>

=[[Image:T._mitigation.jpg|link=:Category:Summit_2011_Mitigation_Track]] [[:Category:Summit_2011_Mitigation_Track|Category: Summit 2011 Mitigation Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session091 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session092 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session093 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session094 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session095 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session096 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session097 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Mitigation | See Track Details]]</includeonly>

=[[Image:T._university.jpg|link=:Category:Summit_2011_University_Education_Training_Track]] [[:Category:Summit_2011_University_Education_Training_Track|Category: Summit 2011 University Education Training Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session012 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session024 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session040 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session041 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session042 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session069 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session088 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session089 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session039 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session204 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session250 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session255 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session259 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session261 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: University Outreach, Education, and Training | See Track Details]]</includeonly>

=[[Image:T._secure_coding.jpg|link=:Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track]] [[:Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track|Category: Summit 2011 OWASP Secure Coding Workshop Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session025 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session026 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session027 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session028 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session029 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session030 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session031 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session033 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session034 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session047 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session252 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP Secure Coding Workshop | See Track Details]]</includeonly>

=[[Image:T._individual_projects.jpg|link=:Category:Summit_2011_Individual_OWASP_Projects_Track]] [[:Category:Summit_2011_Individual_OWASP_Projects_Track |Category: Summit 2011 Individual OWASP Projects Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session063 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session065 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session066 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session067 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session068 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session052 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session053 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session048 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session099 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session200 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session201 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session202 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session203 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session205 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session253 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session257 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session260 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Individual OWASP Projects | See Track Details]]</includeonly>

=[[Image:T._global_committees.jpg|link=:Category:Summit_2011_OWASP_Governance_Track]] [[:Category:Summit_2011_OWASP_Governance_Track|Category: Summit 2011 OWASP Governance Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session013 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session014 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session015 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session016 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session017 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session018 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session019 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session020 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session071 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session076 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session035 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session037 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session054 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session251 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session258 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session262 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session263 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP Governance | See Track Details]]</includeonly>

=[[Image:T._owasp.jpg|link=:Category:Summit_2011_OWASP_Track]] [[:Category:Summit_2011_OWASP_Track|Category: Summit 2011 OWASP Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session021 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session022 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session023 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session070 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session072 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session073 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session074 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session075 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session060 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session061 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session077 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session078 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session079 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session080 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session082 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session084 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session090 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session036 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session098 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session100 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session101 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session102 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session103 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session104 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session105 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP | See Track Details]]</includeonly><noinclude>[[Category:Summit_2011]]</noinclude>

Summit 2011 Schedule Dynamic

2011-02-09T17:31:32Z

Sandra Paiva:

{|
|-
! width="700" align="center" |
! width="500" align="center" |
|-
| align="center" | [[Image:Final summit quarter half.jpg|link=http://www.owasp.org/index.php/Summit_2011_Logo_Explained]] 
| align="left" |
[http://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png] 
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]] 
[[Image:REGISTER NOW SUMMIT 2011.jpg|link=http://www.regonline.com/owasp_global_summit_2011]]
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
<paypal>Summit</paypal>
|}

[[Summit 2011|Click to return to Summit 2011's main page]]

==== Work Model ====

'''The Dynamic Working Sessions Model'''

Welcome to the Dynamic Working Sessions world! These will be fluid, informal, exciting and vibrant Working Sessions that will happen throughout the day in different locations and at different times – you can have them as nice discussions over breakfast, round table presentations or heated debates after dinner around a couple of beers!

 '''How will this Model work?'''

You have here

*[http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Working_Sessions_List The list of Dynamic sessions]
*The list of Dynamic time slots and locations for [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Tuesday.2C_Feb_8 Tuesday], [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Wednesday.2C_Feb_9 Wednesday] and [http://www.owasp.org/index.php/Summit_2011_Schedule_Dynamic#tab=Thursday.2C_Feb_10 Thursday]
*[http://www.owasp.org/index.php/Summit_2011_Attendee The list of Attendees]

 '''To organize your Dynamic WS you just have to:'''

*Check the list of available time slots and available locations;
*Check the list of Attendees and identify the ones you would like to have on your session;

Having into account the availability of both time slots and locations and the schedules of your potential attendees, you can make a decision as to when and where your WS will happen.

Once you have that decision, you just have to email [mailto:owaspsummit_schedule@owasp.org Schedule Team] and they will put your WS and respective information online. '''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

Please note that this is a very dynamic process – if, on one hand, we need to make it easy for you to organize WS in a very fluid way, we also need some time to make sure that you will have all the equipment needed.

That is to say that the Dynamic WS will be organized according to this flow:

{| width="312" height="131" cellspacing="0" cellpadding="0" border="1" style=""
|-
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | WS happening on
! bgcolor="#cccccc" scope="col" bordercolor="#cccccc" | Info must be sent until
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday afternoon
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 10h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Tuesday, 18h
|-
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Thursday
| valign="middle" bgcolor="#cccccc" align="center" bordercolor="#cccccc" | Wednesday, 18h
|}


 

==== Working Sessions List ====

*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session018 Chapters: The OWASP 2011 Chapter Plan]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 O2 Platform]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066 Development Guide]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067 ASVS Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session053 OWASP Java Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session006 Securing Plugins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004 Enduser Warnings]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session035 Building the OWASP Brazilian Leaders Group]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session205 OWASP .NET Project]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session202 OWASP Projects Infrastructure]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session203 OWASP Projects Security Bulletins]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session093 How to report known security vulnerabilities (for websites)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069 OWASP TOP 10 online training in Hacking-Lab]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042 Developer's Security Training Package]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session204 OWASP Appsec Tutorial Series]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session017 Connections]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session024 Computer Crime Laws]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session020 Conferences - Improving Conference Planner Support]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session019 Education]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session016 Membership]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session072 Developer Outreach]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session082 How can OWASP reach/talk/engage with auditors]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092 Scaling Web Application Security Testing]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session031 The Future of the OWASP Secure Coding Workshop]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session088 How to present worldwide David Rice's Pollution keynote]
*[http://www.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session037 Global Conferences Committee Monthly Meeting]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session086 Creating a unified "finding"]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session075 S is for Safety (as well as Security)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session073 Privacy - Personal Data/PII, Legislation and OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session074 Replicating Samy's EU Tour across OWASP]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session060 OWASP Quotes]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session070 Managing the OWASP Brand]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session026 Defining AppSensor Detection Points]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029 Protecting Against CSRF]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session084 Creating an Application Security Career - For the Average IT/Network Security Practitioner]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session080 Should OWASP work directly with PCI-DSS?]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session079 Investment justification for Web Application Security]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session078 Less preaching to the choir, engage more with the outsiders]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session061 Did OWASP Failed to achieve its full potential? (and lessons learned)]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session021 OWASP Around the World]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059 Measuring SDLC process performance]
*[http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session0207 Demo JavaScript Sandboxing + How do we roll out Site Security Policy?]

==== Tuesday, Feb 8 ====
The Tuesday Dynamic Sessions start at 14h15. 
If you want to schedule a session for Tuesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 10h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h15 - 15h30
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 098
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 035
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 085
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 013
| VillaA_Number = 967
| VillaB = 009
| VillaB_Number = 964
| VillaC = 250
| VillaC_Number = 965
| VillaD =
| VillaD_Number =
| VillaE = 254
| VillaE_Number = 968
}}

|}

==== Wednesday, Feb 9 ====
The Wednesday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Wednesday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Tuesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA =
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 256
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 069
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 =
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch [[Summit_2011_Working_Sessions/Session026|'''Defining AppSensor Detection Points''']] - Alentejo Room
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 251
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 066
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 255
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 048
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 067
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 257
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 073
| VillaA_Number = 933
| VillaB = 065
| VillaB_Number = 968
| VillaC = 080
| VillaC_Number = 956
| VillaD = 253
| VillaD_Number = 957
| VillaE = 099
| VillaE_Number = 945
}}

|}

==== Thursday, Feb 10 ====
The Thursday Dynamic Sessions start at 08h30. 
If you want to schedule a session for Thursday, just email [mailto:summit2011schedule@owasp.org Schedule Team] by 18h00 Wednesday, and they will put your WS and respective information online. 
'''Please make sure to include all the following information on the email:'''

*'''Working Session name'''
*'''Day & Time slot & Location'''

{{:Template:Summit 2011 Schedule Dynamic/Tables/Columns}}

{{Summit 2011 Schedule Dynamic/Tables/Rows
| Time = 08h30 - 09h30
| TableA = 082
| TableB =
| TableC =
| TableD =
| TableE =
}}

|}

{{:Template:Summit 2011 Schedule Dynamic/Room C and D/Columns}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 10h00 - 11h20
| RoomC1 = 259
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 053
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 11h20 - 11h30
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 11h30 - 13h00
| RoomC1 = 089
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 262
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 13h00 - 14h00
| EventName = Lunch
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 14h00 - 15h30
| RoomC1 = 092
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 260
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 15h30 - 16h50
| RoomC1 = 258
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 020
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 16h50 - 17h00
| EventName = Coffee Break
}}

{{Summit 2011 Schedule Dynamic/Room C and D/Rows
| Time = 17h00 - 18h30
| RoomC1 = 261
| RoomC2 =
| RoomC3 =
| RoomC4 =
| RoomC5 =
| RoomD1 = 005
| RoomD2 =
| RoomD3 =
| RoomD4 =
| RoomD5 =
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 18h30 - 19h50
| EventName = Leisure Time
}}

{{:Template:Summit_2011_Schedule/Row_Event
| EventTime = 20h00
| EventName = Dinner
}}

|}

 {{:Template:Summit 2011 Schedule Dynamic/Villas/Columns}}

{{Summit 2011 Schedule Dynamic/Villas/Rows
| Time = 21h00 - 23h00
| VillaA = 018
| VillaA_Number = 967
| VillaB = 063
| VillaB_Number = 964
| VillaC = 252
| VillaC_Number = 968
| VillaD = 019
| VillaD_Number = 516
| VillaE =
| VillaE_Number =
}}

|}
__NOTOC__ <headertabs />

Summit 2011 Working Sessions/Session262

2011-02-09T17:30:52Z

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_username1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._global_committees.jpg]]
| summit_ws_logo = [[Image:WS._global_commitee.jpg‎]]
| summit_session_name = Industry Healthcare
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session262
| mailing_list = https://lists.owasp.org/mailman/listinfo/global_industry_committee

|-

| short_working_session_description =

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Eoin Keary
| summit_session_leader_email1 = eoin.keary@owasp.org
| summit_session_leader_username1 = EoinKeary

| summit_session_leader_name2 = Colin Watson
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session262
| session_home_page =  Summit_2011_Working_Sessions/Session262
}}

Category:Summit 2011 Tracks

2011-02-09T17:27:16Z

Sandra Paiva:

<noinclude>[[Summit_2011 | '''Back to main Summit 2011 page''']]
</noinclude>
=Introduction=
Click on the working session name to see the home page for that particular session. During the Summit those working session home pages will be used to document discussions and outcomes.

If you're interested in adding a Working Session for the 2011 Summit, there still is time to start a session! Please review the [[Working Sessions Methodology|Working Session methodology]] for Working Session rules.

=[[Image:T._metrics.jpg|link=:Category:Summit_2011_Metrics_Track]] [[:Category:Summit_2011_Metrics_Track|Category: Summit 2011 Metrics Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session055 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session056 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session057 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session058 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session059 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session085 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session086 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session256 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Metrics | See Track Details]]</includeonly>

=[[Image:T._browser_security.jpg|link=:Category:Summit_2011_Browser_Security_Track]] [[:Category:Summit_2011_Browser_Security_Track|Category: Summit 2011 Browser Security Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session001 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session002 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session003 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session004 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session005 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session006 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session007 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session008 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session046 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session087 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session0207 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session254 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track:_Browser_Security | See Track Details]]</includeonly>

=[[Image:T._cross_site.jpg|link=Category:Summit_2011_XSS_Eradication_Track]] [[:Category:Summit_2011_XSS_Eradication_Track|Category: Summit 2011 XSS Eradication Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session009 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session010 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session043 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session044 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session045 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session049 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session038 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Cross-Site Scripting Eradication | See Track Details]]</includeonly>

=[[Image:T._mitigation.jpg|link=:Category:Summit_2011_Mitigation_Track]] [[:Category:Summit_2011_Mitigation_Track|Category: Summit 2011 Mitigation Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session091 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session092 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session093 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session094 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session095 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session096 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session097 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Mitigation | See Track Details]]</includeonly>

=[[Image:T._university.jpg|link=:Category:Summit_2011_University_Education_Training_Track]] [[:Category:Summit_2011_University_Education_Training_Track|Category: Summit 2011 University Education Training Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session012 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session024 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session040 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session041 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session042 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session069 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session088 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session089 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session039 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session204 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session250 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session255 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session259 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session261 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: University Outreach, Education, and Training | See Track Details]]</includeonly>

=[[Image:T._secure_coding.jpg|link=:Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track]] [[:Category:Summit_2011_OWASP_Secure_Coding_Workshop_Track|Category: Summit 2011 OWASP Secure Coding Workshop Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session025 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session026 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session027 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session028 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session029 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session030 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session031 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session033 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session034 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session047 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session252 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP Secure Coding Workshop | See Track Details]]</includeonly>

=[[Image:T._individual_projects.jpg|link=:Category:Summit_2011_Individual_OWASP_Projects_Track]] [[:Category:Summit_2011_Individual_OWASP_Projects_Track |Category: Summit 2011 Individual OWASP Projects Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session063 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session065 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session066 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session067 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session068 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session052 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session053 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session048 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session099 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session200 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session201 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session202 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session203 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session205 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session253 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session257 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session260 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: Individual OWASP Projects | See Track Details]]</includeonly>

=[[Image:T._global_committees.jpg|link=:Category:Summit_2011_OWASP_Governance_Track]] [[:Category:Summit_2011_OWASP_Governance_Track|Category: Summit 2011 OWASP Governance Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session013 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session014 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session015 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session016 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session017 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session018 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session019 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session020 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session071 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session076 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session035 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session037 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session054 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session251 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session258 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session262 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP Governance | See Track Details]]</includeonly>

=[[Image:T._owasp.jpg|link=:Category:Summit_2011_OWASP_Track]] [[:Category:Summit_2011_OWASP_Track|Category: Summit 2011 OWASP Track]]=
<noinclude>{{:Template:Summit_2011_Working_Sessions/Columns}}
{{:Summit_2011_Working_Sessions/Session021 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session022 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session023 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session070 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session072 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session073 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session074 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session075 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session060 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session061 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session077 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session078 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session079 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session080 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session082 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session084 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session090 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session036 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session098 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session100 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session101 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session102 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session103 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session104 | Summit_2011_Working_Sessions/Rows}}
{{:Summit_2011_Working_Sessions/Session105 | Summit_2011_Working_Sessions/Rows}}
|}</noinclude><includeonly>[[Summit_2011_Working_Sessions#Track: OWASP | See Track Details]]</includeonly><noinclude>[[Category:Summit_2011]]</noinclude>