OWASP - User contributions [en]

GPC Project Details/OWASP Tools Project

2013-03-13T13:06:24Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
| project_name = OWASP Tools Project
| project_description = This project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities.
| project_license =
| leader_name =
| leader_email =
| leader_username =
| past_leaders_special_contributions =
| maintainer_name =
| maintainer_email =
| maintainer_username =
| contributor_name1 =
| contributor_email1 =
| contributor_username1 =
| contributor_name2 =
| contributor_email2 =
| contributor_username2 =
| contributor_name3 =
| contributor_email3 =
| contributor_username3 =
| contributor_name4 =
| contributor_email4 =
| contributor_username4 =
| contributor_name5 =
| contributor_email5 =
| contributor_username5 =
| contributor_name6 =
| contributor_email6 =
| contributor_username6 =
| contributor_name7 =
| contributor_email7 =
| contributor_username7 =
| contributor_name8 =
| contributor_email8 =
| contributor_username8 =
| contributor_name9 =
| contributor_email9 =
| contributor_username9 =
| contributor_name10 =
| contributor_email10 =
| contributor_username10 =
| pamphlet_link =
| presentation_link =
| mailing_list_name =
| links_url1 =
| links_name1 =
| links_url2 =
| links_name2 =
| links_url3 =
| links_name3 =
| links_url4 =
| links_name4 =
| links_url5 =
| links_name5 =
| links_url6 =
| links_name6 =
| links_url7 =
| links_name7 =
| links_url8 =
| links_name8 =
| links_url9 =
| links_name9 =
| links_url10 =
| links_name10 =
| project_road_map = :Category:OWASP XXXXXX Project - Roadmap
| project_health_status =
| current_release_name = First Release
| current_release_date =
| current_release_download_link =
| current_release_rating =
| current_release_leader_name =
| current_release_leader_email =
| current_release_leader_username =
| current_release_details = :Category:OWASP XXXXX Project - First Release
| last_reviewed_release_name =
| last_reviewed_release_date =
| last_reviewed_release_download_link =
| last_reviewed_release_rating =
| last_reviewed_release_leader_name =
| last_reviewed_release_leader_email =
| last_reviewed_release_leader_username =
| last_reviewed_release_details =
| old_release_name1 =
| old_release_date1 =
| old_release_download_link1 =
| old_release_name2 =
| old_release_date2 =
| old_release_download_link2 =
| old_release_name3 =
| old_release_date3 =
| old_release_download_link3 =
| old_release_name4 =
| old_release_date4 =
| old_release_download_link4 =
| old_release_name5 =
| old_release_date5 =
| old_release_download_link5 =
| last_GPC_update = 2/10/2009
| GPC_Notes = Empty template
| project_home_page = Category:OWASP_Tools_Project
| project_details_wiki_page = GPC_Project_Details/OWASP_Tools_Project
}}

Category:OWASP AJAX Security Project

2013-03-13T13:02:22Z

Vishal Garg:

[[Category:OWASP Project|AJAX Security Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Alpha Quality Tool]]

==== Main ====

==Introduction==
The goal of the OWASP AJAX Security project is to identify and document security issues encountered by AJAX applications and document ways to secure these applications. The OWASP AJAX Security project is being lead by Anurag Agarwal.

==Project Roadmap==

1. Gather existing presentations and pull ideas into OWASP 
2. Review AJAX frameworks and identify security issues handled by these frameworks 
3. Review AJAX related literature (books, articles, ...) 
4. Document ways to secure AJAX applications 

==Volunteers Needed==
We are actively seeking contributors to add new sections . If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line mailto:abraham_kang[at]yahoo.com Also if you have an idea for new sub-projects then email us.

== Current Project Status ==
We are currently working on reviewing Ajax frameworks/tools. The intent of the review is to provide an overview of the framework and the security issues handled by the framework.

The framework we are currently reviewing is the '''Google Web Toolkit'''[[https://www.owasp.org/index.php/Google_Web_Toolkit]]. If you have experience using GWT and/or are interested in participating in this review please contact us either though the mailing list or emailing anurag.agarwal[at]yahoo.com

== Updates ==
Jeff Williams 2/18/2008 article "Reduce your exposure to AJAX threats" can be viewed here[http://www.regdeveloper.co.uk/2008/02/18/simple_ajax_security/print.html]

The SPI Dynamics presentation from BlackHat 2007 can be viewed here [https://www.blackhat.com/presentations/bh-usa-07/Sullivan_and_Hoffman/Whitepaper/bh-usa-07-sullivan_and_hoffman-WP.pdf ]

==== Project Identification ====
{{:GPC Project Details/OWASP AJAX Security Project | OWASP Project Identification Tab}}

__NOTOC__ <headertabs />

== Mailing List ==

[http://lists.owasp.org/mailman/listinfo/owasp-ajax Click here] to subscribe to the OWASP Ajax Security Project mailing list.

Category:OWASP Orphaned Projects

2013-03-13T13:01:14Z

Vishal Garg:

= This page contains OWASP Projects that have been identified as orphaned ones =
* If you find interest in leading any one of them, please contact the [[:Category:Global Projects Committee|Global Projects Committee]] or the [mailto:paulo.coimbra@owasp.org OWASP project manager]. 
* '''Note:''' Before setting up this list of orphaned projects, the GPC has tried to contact individually each project leader and, in a few cases, that turned up impossible to do. Being so, if you find the project you still want to lead being here mistakenly referred please inform us using the contacts above.

#[[:Category:OWASP AJAX Security Project|OWASP AJAX Security Project]] - Adopted/New leader: [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]
#[[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]] - Adopted/New Leader: [[:User:Matteo_Michelini|Matteo Michelini]]
#[[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]] - Adopted/New leader: [mailto:jeffrey.barto@ubs.com Jeff Barto]
#[[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]] - Adopted/New leader: [mailto:pete@techumen.com Pete Niner]
#[[:Category:OWASP Career Development Project|OWASP Career Development Project]]
#[[:Category:OWASP Certification Criteria Project|OWASP Certification Criteria Project]]
#[[:Category:OWASP Communications Project|OWASP Communications Project]]
#[[:Category:OWASP Encoding Project|OWASP Encoding Project]]
#[[:Category:OWASP Flash Security Project|OWASP Flash Security Project]] - Adopted/New leader: [[:User:Puhley|Peleus Uhley]]
#[[:Category:OWASP Fuzzing Code Database|OWASP Fuzzing Code Database]] - Adopted/New Leader: [[:User:Wagner.elias|Wagner Elias]]
#[[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]] - In process of adoption: [[User:Knoblochmartin|Martin Knobloch]]
#[[:OWASP Internationalization|OWASP Internationalization Project]]
#[[:Category:OWASP LAPSE Project|OWASP LAPSE Project]] - Adopted/New Leader - Pablo Martín Pérez
#[[:Category:OWASP Logging Project|OWASP Logging Project]] - Adopted/New Leader: [mailto:mchisinevski@yahoo.com Marc Chisinevski]
#[[:Category:OWASP_Oracle_Project|OWASP Oracle Project]]
#[[:Category:OWASP_Pantera_Web_Assessment_Studio_Project|OWASP Pantera Web Assessment Studio Project]]
#[[:Category:OWASP_PHP_AntiXSS_Library_Project|OWASP PHP AntiXSS Library Project]]
#[[:ORG (OWASP Report Generator)|OWASP Report Generator]] - Adopted/New leader: [[:User:Mroxberr|Mark Roxberry]]
#[[:Category:OWASP_SASAP_Project|OWASP Scholastic Application Security Assessment Project]]
#[https://www.owasp.org/index.php/Owasp_SiteGenerator OWASP SiteGenerator Project]
#[[:Category:OWASP_SQLiX_Project|OWASP SQLiX Project]]
#[[:Category:OWASP_SWAAT_Project|OWASP SWAAT Project]] - In process of adoption: [mailto:Suresh.Ranganathan@tatacommunications.com Suresh Ranganathan]
#[[:OWASP_Tiger|OWASP Tiger]] - In process of adoption: [mailto:klynn@usouthal.edu Keith Lynn]
#[[:Category:OWASP_Tools_Project|OWASP Tools Project]] - Adopted/New Leader:
#[[:Category:OWASP_Validation_Project|OWASP Validation Project]]
#[[:Category:OWASP_Web_2.0_Project|OWASP Web 2.0 Project]] - In process of adoption: [mailto:Chris_E_Bush@KeyBank.com Chris Bush]
#[[:Category:OWASP_Web_Services_Security_Project|OWASP Web Services Security Project]] - Adopted/New Leader: [mailto:subu@securitycompass.com Subu Ramanathan]
#[[:Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project|OWASP XML Security Gateway Evaluation Criteria Project]]

Category:OWASP Tools Project

2013-03-13T12:58:01Z

Vishal Garg:

[[Category:OWASP Project|Tools Project]]
[[Category:OWASP Document]]
[[Category:OWASP Beta Quality Document]]

==== Main ====

== Vision ==

Our vision is to provide access to application security tools, resources and eductional material to everyone interested to learn and work in application security. We aim to achieve this by creating a repository of all the available resoruces at one place.

== Overview ==

New open source and commercial web application security tools are released almost every day. These tools are used either to detect vulnerabilities within web applications or to protect web applications from exploitation of potential vulnerabilties that may be present in these applications. With so many tools at hand, it may sometimes be difficult to make a decision about the selection of a tool that best meets your requirements.

The OWASP Tools Project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities. The goal of this project is to identify any available tools, categorise them and rate them according to a predefind criteria to assess their efficiency and performance.

== Project Roadmap ==

* Defining categories for tools
* Identification of tools within these categories
* Define rating criteria and the test procedure for identified tools
* Testing the tools against test applications to see how effectively the tool meets the rating criteria
* Provide rating to the tools based on their efficiency and performance

== Feedback and Participation ==

We hope you find the OWASP Tools Project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the mailing list [mailto:owasp-tools-project@lists.owasp.org here].

==== Project Identification ====

{{Template:OWASP Project Identification Tab
| project_name = OWASP Tools Project
| project_description = The OWASP Tools Project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities. The goal of this project is to identify any available tools, categorise them and rate them according to a predefind criteria to assess their effectiveness.
| project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution ShareAlike 3.0''']
| leader_name =
| leader_email =
| leader_username =
| maintainer_name =
| maintainer_email =
| maintainer_username =
| contributor_name1 = Dave van Stein
| contributor_email1 =
| contributor_username1 =
| contributor_name2 = [[User:D0ubl3_h3lix|Aung Khant]]
| contributor_email2 =
| contributor_username2 =
| contributor_name3 =
| contributor_email3 =
| contributor_username3 =
| contributor_name4 =
| contributor_email4 =
| contributor_username4 =
| contributor_name5 =
| contributor_email5 =
| contributor_username5 =
| contributor_name6 =
| contributor_email6 =
| contributor_username6 =
| contributor_name7 =
| contributor_email7 =
| contributor_username7 =
| contributor_name8 =
| contributor_email8 =
| contributor_username8 =
| contributor_name9 =
| contributor_email9 =
| contributor_username9 =
| contributor_name10 =
| contributor_email10 =
| contributor_username10 =
| pamphlet_link =
| presentation_link =
| mailing_list_name = owasp-tools-project
| links_url1 =
| links_name1 =
| links_url2 =
| links_name2 =
| links_url3 =
| links_name3 =
| links_url4 =
| links_name4 =
| links_url5 =
| links_name5 =
| links_url6 =
| links_name6 =
| links_url7 =
| links_name7 =
| links_url8 =
| links_name8 =
| links_url9 =
| links_name9 =
| links_url10 =
| links_name10 =
| project_road_map = :Category:OWASP_Tools_Project#Project_Roadmap
| project_health_status =
| current_release_name = First Release
| current_release_date =
| current_release_download_link =
| current_release_rating =
| current_release_leader_name =
| current_release_leader_email =
| current_release_leader_username =
| current_release_details =
| last_reviewed_release_name =
| last_reviewed_release_date =
| last_reviewed_release_download_link =
| last_reviewed_release_rating =
| last_reviewed_release_leader_name =
| last_reviewed_release_leader_email =
| last_reviewed_release_leader_username =
| old_release_name1 =
| old_release_date1 =
| old_release_download_link1 =
| old_release_name2 =
| old_release_date2 =
| old_release_download_link2 =
| old_release_name3 =
| old_release_date3 =
| old_release_download_link3 =
| old_release_name4 =
| old_release_date4 =
| old_release_download_link4 =
| old_release_name5 =
| old_release_date5 =
| old_release_download_link5 =
}}
__NOTOC__ <headertabs />

Projects/OWASP Development Guide

2013-03-13T12:54:51Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
| project_name = OWASP Development Guide
| project_home_page = :Category:OWASP_Guide_Project
| project_description =
The Development Guide provides practical guidance and includes J2EE, ASP.NET, and PHP code samples. The Development Guide covers an extensive array of application-level security issues, from SQL injection through modern concerns such as phishing, credit card handling, session fixation, cross-site request forgeries, compliance, and privacy issues.
| project_license = [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution ShareAlike 3.0]
| leader_name1 =
| leader_email1 =
| leader_username1 =
| contributor_name1 = Andrew van der Stock
| contributor_email1 = vanderaj@owasp.org
| contributor_username1 = Vanderaj
| contributor_name2 = Ken Owen
| contributor_email2 = kenowen@eowen.com
| contributor_username2 =
| pamphlet_link =
| presentation_link =
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-guide
| project_road_map = http://www.owasp.org/index.php/OWASP_Guide_Project/Roadmap

| links_url1 = https://spreadsheets.google.com/ccc?key=0An4Puwz7EA41dHM2MFhHTXlnYXlYcDhSTDl0UE43cEE&hl=en&authkey=COSkqvsK
| links_name1 = Development Guide's (Version 3.0) Approved Budget

| links_url2 = http://www.owasp.org/index.php/GPC_Project_Details/OWASP_Guide_Project
| links_name2 = Former 'Project Details' tab

| links_url3 = http://www.owasp.org/index.php/Category:OWASP_Guide_Project#tab=Downloads
| links_name3 = Development Guide downloads

| links_url4 = http://code.google.com/p/owasp-development-guide/
| links_name4 = Google Code companion site (work on the next Guide is done here)

| links_url5 = http://owasp-development-guide.googlecode.com/files/development-guide-contributing.pdf
| links_name5 = Contributor onboarding instructions

| links_url6 =
| links_name6 =

| release_1 = Guide 2.0

| release_2 = New Release - Under Development

| release_3 =

| release_4 =

| project_about_page = Projects/OWASP_Development_Guide
}}

User:Vishal Garg

2011-12-04T16:24:17Z

Vishal Garg: Blanked the page

Projects/OWASP Development Guide

2011-02-15T17:21:03Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
| project_name = OWASP Development Guide
| project_home_page = :Category:OWASP Guide Project
| project_description =
The Development Guide provides practical guidance and includes J2EE, ASP.NET, and PHP code samples. The Development Guide covers an extensive array of application-level security issues, from SQL injection through modern concerns such as phishing, credit card handling, session fixation, cross-site request forgeries, compliance, and privacy issues.
| project_license = [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution ShareAlike 3.0]
| leader_name1 = Vishal Garg
| leader_email1 = vishalgrg@gmail.com
| leader_username1 = Vishal_Garg
| contributor_name1 = Andrew van der Stock
| contributor_email1 = vanderaj@owasp.org
| contributor_username1 = Vanderaj
| contributor_name2 = Ken Owen
| contributor_email2 = kenowen@eowen.com
| contributor_username2 =
| pamphlet_link =
| presentation_link =
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-guide
| project_road_map = http://www.owasp.org/index.php/OWASP_Guide_Project/Roadmap

| links_url1 = https://spreadsheets.google.com/ccc?key=0An4Puwz7EA41dHM2MFhHTXlnYXlYcDhSTDl0UE43cEE&hl=en&authkey=COSkqvsK
| links_name1 = Development Guide's (Version 3.0) Approved Budget

| links_url2 = http://www.owasp.org/index.php/GPC_Project_Details/OWASP_Guide_Project
| links_name2 = Former 'Project Details' tab

| links_url3 = http://www.owasp.org/index.php/Category:OWASP_Guide_Project#tab=Downloads
| links_name3 = Development Guide downloads

| links_url4 = http://code.google.com/p/owasp-development-guide/
| links_name4 = Google Code companion site (work on the next Guide is done here)

| links_url5 = http://owasp-development-guide.googlecode.com/files/development-guide-contributing.pdf
| links_name5 = Contributor onboarding instructions

| links_url6 =
| links_name6 =

| release_1 = Guide 2.0

| release_2 = New Release - Under Development

| release_3 =

| release_4 =
}}

Summit 2011 Working Sessions/Session201

2011-02-02T00:44:14Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Vishal Garg
| summit_session_attendee_email1 = vishalgrg@gmail.com
| summit_session_attendee_username1 = Vishal_Garg
| summit_session_attendee_company1= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_username2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_username3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_username4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_username5=
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = OWASP Common vulnerability list
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session201
| mailing_list =

|-

| short_working_session_description =

There are many OWASP projects like OWASP Testing Guide, OWASP Code Review Guide, OWASP Developers Guide, etc which discuss on how to look for and remediate various vulnerabilities in a web application. For e.g., people using OWASP Testing Guide to test for vulnerabilities in their application can go through a list of vulnerabilities and test for it but there is no easy way for them to cross reference to dev guide to jump to a specific section and be able to access the relevant information quickly. These vulnerabilities are discussed as individual list in all the guides and there is no easy way to cross-reference all of them.

OWASP Common Vulnerability List will be a lightweight list, which will contain only the vulnerability ID, category, vulnerability name and a brief description. The main objective of this list is to provide a common platform for other guides and tools to provide a link to each other.

|-

| related_project_name1 = OWASP Common Vulnerability List
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Common_Vulnerability_List

| related_project_name2 = OWASP Testing Project
| related_project_url_2 = http://www.owasp.org/index.php/Category:OWASP_Testing_Project

| related_project_name3 = OWASP Code Review Guide
| related_project_url_3 = http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project

| related_project_name4 = OWASP Building Guide
| related_project_url_4 = http://www.owasp.org/index.php/OWASP_Guide_Project

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Build the first version of the OWASP Common vulnerability list

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources =

|-

| working_session_additional_details = The goals of OWASP common vulnerability list are: 
1. Serve as a common list to all other OWASP initiatives (Dev Guide, Testing Guide, CR Guide, etc) which has any reference to web application vulnerabilities (just like OWASP common numbering scheme). 
2. Can be referenced by various open source and commercial tools as the list of vulnerabilities being identified or for any other purpose. 
3. Provides a clear requirement for PCI and other compliance laws

|-

|summit_session_deliverable_name1 = Debating the vulnerability list and deliver the first version of the project.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Matteo Meucci
| summit_session_leader_email1 = matteo.meucci@owasp.org
| summit_session_leader_username1 = Mmeucci

| summit_session_leader_name2 = Eoin Keary
| summit_session_leader_email2 = eoin.keary@owasp.org
| summit_session_leader_username2 = EoinKeary

| summit_session_leader_name3 = Anurag Agarwal
| summit_session_leader_email3 = Anurag.Agarwal@owasp.org
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session201
| session_home_page =  Summit_2011_Working_Sessions/Session201
}}

Summit 2011 Working Sessions/Session066

2011-01-30T23:08:53Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthias Rohr
| summit_session_attendee_email1 = m.rohr@sec-consult.com
| summit_session_attendee_company1= SEC Consult
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Eoin Keary
| summit_session_attendee_email2 = eoin.keary@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Steven van der Baan
| summit_session_attendee_email3 = steven.van.der.Baan@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Development Guide
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| mailing_list =

|-

| short_working_session_description= If done from the earliest stages, secure applications cost about the same to develop as insecure applications, but are far more cost effective in the long run. The primary aim of the OWASP Development Guide is to help businesses, developers, designers and solution architects to build secure web applications from the outset. The next version of the guide is an extension from the existing version with further enhancements to make it more usable for all stake holders. The aim of the working session is to have a discussion on the shortcomings of the existing guide and to make it a basis for further enhancements, alignment of the guide to ASVS Standard and OWASP common numbering scheme, potential for alignment of all three OWASP guides (DG, CRG and TG) and the ways to improve the usefulness of the guide to all the stake holders.

|-

| related_project_name1 = Project Wiki Page
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discussion on major enhancements to the next version of the development guide

| summit_session_objective_name2 = Discussion on aligning the guide to ASVS standard and OWASP common numbering scheme

| summit_session_objective_name3 = Discussion on improving the usefulness of the guide to all stakeholders

| summit_session_objective_name4 = Collaboration with other OWASP guides - Top 10, ASDR, CRG and TG

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = An updated outline for the development guide that is tied into the OWASP common numbering scheme

|summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Development Guide for evaluation and discussion by the community at large.

|summit_session_deliverable_name3 = A committed project manager who can reach out to experts to get the document completed.

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Vishal Garg
| summit_session_leader_email1 = vishalgrg@gmail.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session066
| session_home_page =  Summit_2011_Working_Sessions/Session066
}}

Summit 2011 Working Sessions/Session066

2011-01-29T01:22:08Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthias Rohr
| summit_session_attendee_email1 = m.rohr@sec-consult.com
| summit_session_attendee_company1= SEC Consult
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Eoin Keary
| summit_session_attendee_email2 = eoin.keary@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Development Guide
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| mailing_list =

|-

| short_working_session_description= If done from the earliest stages, secure applications cost about the same to develop as insecure applications, but are far more cost effective in the long run. The primary aim of the OWASP Development Guide is to help businesses, developers, designers and solution architects to build secure web applications from the outset. The next version of the guide is an extension from the existing version with further enhancements to make it more usable for all stake holders. The aim of the working session is to have a discussion on the shortcomings of the existing guide and to make it a basis for further enhancements, alignment of the guide to ASVS Standard and OWASP common numbering scheme, potential for alignment of all three OWASP guides (DG, CRG and TG) and the ways to improve the usefulness of the guide to all the stake holders.

|-

| related_project_name1 = Project Wiki Page
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discussion on major enhancements to the next version of the development guide

| summit_session_objective_name2 = Discussion on aligning the guide to ASVS standard and OWASP common numbering scheme

| summit_session_objective_name3 = Discussion on improving the usefulness of the guide to all stakeholders

| summit_session_objective_name4 = Collaboration with other OWASP guides - Top 10, ASDR, CRG and TG

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = An updated outline for the development guide that is tied into the OWASP common numbering scheme

|summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Development Guide for evaluation and discussion by the community at large.

|summit_session_deliverable_name3 = A committed project manager who can reach out to experts to get the document completed.

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Vishal Garg
| summit_session_leader_email1 = vishalgrg@gmail.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session066
| session_home_page =  Summit_2011_Working_Sessions/Session066
}}

Summit 2011 Working Sessions/Session066

2011-01-28T23:47:04Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthias Rohr
| summit_session_attendee_email1 = m.rohr@sec-consult.com
| summit_session_attendee_company1= SEC Consult
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Development Guide
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| mailing_list =

|-

| short_working_session_description= If done from the earliest stages, secure applications cost about the same to develop as insecure applications, but are far more cost effective in the long run. The primary aim of the OWASP Development Guide is to help businesses, developers, designers and solution architects to build secure web applications from the outset. The next version of the guide is an extension from the existing version with further enhancements to make it more usable for all stake holders. The aim of the working session is to have a discussion on the shortcomings of the existing guide and to make it a basis for further enhancements, alignment of the guide to ASVS Standard and OWASP common numbering scheme, potential for alignment of all three OWASP guides (DG, CRG and TG) and the ways to improve the usefulness of the guide to all the stake holders.

|-

| related_project_name1 = Project Wiki Page
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discussion on major enhancements to the next version of the development guide

| summit_session_objective_name2 = Discussion on aligning the guide to ASVS standard and OWASP common numbering scheme

| summit_session_objective_name3 = Discussion on improving the usefulness of the guide to all stakeholders

| summit_session_objective_name4 = Collaboration with other OWASP guides - Top 10, ASDR, CRG and TG

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = An updated outline for the development guide that is tied into the OWASP common numbering scheme

|summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Development Guide for evaluation and discussion by the community at large.

|summit_session_deliverable_name3 = A committed project manager who can reach out to experts to get the document completed.

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Vishal Garg
| summit_session_leader_email1 = vishalgrg@gmail.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session066
| session_home_page =  Summit_2011_Working_Sessions/Session066
}}

Summit 2011 Working Sessions/Session099

2011-01-27T23:41:50Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Matthew Chalmers
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
| summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Colin Watson
| summit_session_attendee_email2 = colin.watson@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mateo Martinez
| summit_session_attendee_email3 = mateo.martinez@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Dinis Cruz
| summit_session_attendee_email4 = dinis.cruz@owasp.org
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Jim Manico
| summit_session_attendee_email5 = jim.manico@owasp.org
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Neil Matatall
| summit_session_attendee_email6 = neil@owasp.org
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Christian Martorella
| summit_session_attendee_email7 = laramies@gmail.com
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Steven van der Baan
| summit_session_attendee_email8 = steven.van.der.Baan@owasp.org
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Nishi Kumar
| summit_session_attendee_email9 = nishi787@hotmail.com
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Cecil Su
| summit_session_attendee_email10 = cecil.su@owasp.org
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 = Antonio Fontes
| summit_session_attendee_email11 = antonio.fontes@owasp.org
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 = Sherif Koussa
| summit_session_attendee_email12 = sherif.koussa@owasp.org
| summit_session_attendee_company12= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Matthias Rohr
| summit_session_attendee_email13 = m.rohr@sec-consult.com
| summit_session_attendee_company13= SEC Consult
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 = Vishal Garg
| summit_session_attendee_email14 = vishalgrg@gmail.com
| summit_session_attendee_company14= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Threat Modeling
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session099

|-

| short_working_session_description=Discussion on various components of threat modeling, threat modeling methodologies and their challenges.

|-

| related_project_name1 = Threat Modeling
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Reviewing existing methodologies and their pros and cons

| summit_session_objective_name2 = Assigning business impacts to threats

| summit_session_objective_name3 = Assigning technical impacts to threats

| summit_session_objective_name4 = Threat Rating System.

| summit_session_objective_name5 = Can we bring attack trees into main stream threat modeling methodology?

| summit_session_objective_name6 = Can we use metrics to promote threat modeling?

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A document with a public recommendation on the use of threat modeling
|summit_session_deliverable_name2 = An OWASP standard defining what a threat model is.

|summit_session_deliverable_name3 = An OWASP standard defining a workflow for creating and maintaining a threat model.

|summit_session_deliverable_name4 = A white paper providing recommendations on how organizations can use threat modeling to achieve better security earlier in the process. Including a business-case rationale for threat modeling would be excellent.

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Anurag Agarwal
| summit_session_leader_email1 = anurag@myappsecurity.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session099
| session_home_page =  Summit_2011_Working_Sessions/Session099
}}

Summit 2011 Working Sessions/Session052

2011-01-27T23:40:33Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Cecil Su
| summit_session_attendee_email2 = cecil.su@owasp.org
| summit_session_attendee_company2= GT
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Lucas C. Ferreira
| summit_session_attendee_email3 = lucas.ferreira@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Colin Watson
| summit_session_attendee_email4 = colin.watson@owasp.org
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Achim Hoffmann
| summit_session_attendee_email5 = achim@owasp.org
| summit_session_attendee_company5= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Tom Neaves
| summit_session_attendee_email6 = tom.neaves@verizonbusiness.com
| summit_session_attendee_company6= Verizon Business
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Vishal Garg
| summit_session_attendee_email7 = vishalgrg@gmail.com
| summit_session_attendee_company7= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = OWASP Testing Guide
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052
| mailing_list =
|-
| short_working_session_description=

|-

| related_project_name1 = OWASP Testing Project
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Testing_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = An updated outline for the testing guide that is tied into the OWASP common numbering scheme

|summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Testing Guide for evaluation and discussion by the community at large.

|summit_session_deliverable_name3 = A committed project manager who can reach out to experts to get the document completed.

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Matteo Meucci
| summit_session_leader_email1 = matteo.meucci@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session052
| session_home_page =  Summit_2011_Working_Sessions/Session052
}}

Summit 2011 Working Sessions/Session067

2011-01-27T23:39:16Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Steven van der Baan
| summit_session_attendee_email2 = steven.van.der.baan@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Wojciech Dworakowski
| summit_session_attendee_email3 = wojciech.dworakowski@securing.pl
| summit_session_attendee_company3= SecuRing
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= ASVS extensions. Requirements mapping to CWE, Top10 and other OWASP projects. ASVS requirements and risk impact. Level1 - tools availability.

| summit_session_attendee_name4 = Jim Manico
| summit_session_attendee_email4 = jim.manico@owasp.org
| summit_session_attendee_company4= Independent Consultant
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Love for ASVS

| summit_session_attendee_name5 = Vishal Garg
| summit_session_attendee_email5 = vishalgrg@gmail.com
| summit_session_attendee_company5= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= ASVS adoption within and outside OWASP. One example - OWASP Development Guide.

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = ASVS Project
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067

|-

| short_working_session_description=

|-

| related_project_name1 = Application Security Verification Standard (ASVS)
| related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A short white paper with ideas for revisions to the ASVS, ready for evaluation by the community at large. Actual suggested revisions to the document are helpful, but not required if time does not allow.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Matthias Rohr
| summit_session_leader_email1 = mail@matthiasrohr.de

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session067
| session_home_page =  Summit_2011_Working_Sessions/Session067
}}

Summit 2011 Working Sessions/Session065

2011-01-27T23:35:26Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Tom Neaves
| summit_session_attendee_email2 = tom.neaves@verizonbusiness.com
| summit_session_attendee_company2= Verizon Business
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Mateo Martinez
| summit_session_attendee_email3 = mateo.martinez@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Justin Clarke
| summit_session_attendee_email4 = justin.clarke@owasp.org
| summit_session_attendee_company4=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Sherif Koussa
| summit_session_attendee_email5 = sherif.koussa@owasp.org
| summit_session_attendee_company5= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Vishal Garg
| summit_session_attendee_email6 = vishalgrg@gmail.com
| summit_session_attendee_company6= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Mobile Security
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session065
| mailing_list =

|-

| short_working_session_description=

|-

| related_project_name1 = Project wiki page
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Mobile_Security_Project

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-
| summit_session_objective_name1 = '''Primary: Create core knowledge base on project wiki site'''
| summit_session_objective_name2 = Recruit volunteers to contribute to project
| summit_session_objective_name3 = Establish relationships with key players (i.e. Apple/Google/etc)

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = Project wiki page

|summit_session_deliverable_name2 = A project home page, roadmap, and action plan. Look at the OWASP Ecosystem concept to see what all you should have in place.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Mike Zusman
| summit_session_leader_email1 = mike.zusman@intrepidusgroup.com

| summit_session_leader_name2 = David Campbell
| summit_session_leader_email2 = dcampbell@owasp.org

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-

| session_name_mask =  Session065
| session_home_page =  Summit_2011_Working_Sessions/Session065
}}

Summit 2011 Working Sessions/Session029

2011-01-27T23:33:29Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Chris Schmidt
| summit_session_attendee_email1 = chris.schmidt@owasp.org
| summit_session_attendee_company1=Aspect Security
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Achim Hoffmann
| summit_session_attendee_email2 = achim@owasp.org
| summit_session_attendee_company2= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=capabilities of WAFs to protect against CSRF

| summit_session_attendee_name3 = Ryan Barnett
| summit_session_attendee_email3 = Ryan.Barnett@owasp.org
| summit_session_attendee_company3=Trustwave's SpiderLabs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=discuss how WAFs (ModSecurity) can help mitigate CSRF. Also want to discuss/test new CSRFGuard v3 JS code

| summit_session_attendee_name4 = Colin Watson
| summit_session_attendee_email4 = colin.watson@owasp.org
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Vishal Garg
| summit_session_attendee_email5 = vishalgrg@gmail.com
| summit_session_attendee_company5= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= WAFs vs. Frameworks to protect against CSRF

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._secure_coding.jpg]]
| summit_ws_logo = [[Image:WS._secure_coding.jpg]]
| summit_session_name = Protecting Against CSRF
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session029
| mailing_list =
|-

| short_working_session_description = Examining different ways to build CSRF protection into web applications and web frameworks.

|-

| related_project_name1 = ESAPI Java CSRF protection in DefaultHTTPUtilities.java
| related_project_url_1 = https://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java

| related_project_name2 = CSRFGuard
| related_project_url_2 = http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project

| related_project_name3 = Preventing CSRF with mod_security
| related_project_url_3 = http://knol.google.com/k/preventing-cross-site-request-forgeries-csrf-using-modsecurity#

| related_project_name4 = Prevent CSRF with ModSecurity v2 (Request Validation Tokens via Content Injection)
| related_project_url_4 = http://blog.spiderlabs.com/2011/01/detecting-malice-with-modsecurity-csrf-attacks.html

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A practical guideline for protecting against CSRF in the real world.

|summit_session_deliverable_name2 = A concise, clear standard for determining whether an application is vulnerable to CSRF.

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Eric Sheridan
| summit_session_leader_email1 = eric.sheridan@aspectsecurity.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session029
| session_home_page =  Summit_2011_Working_Sessions/Session029
}}

Summit 2011 Working Sessions/Session069

2011-01-27T23:27:24Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Nishi Kumar
| summit_session_attendee_email1 = nishi.kumar@owasp.org
| summit_session_attendee_company1= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Cecil Su
| summit_session_attendee_email2 = cecil.su@owasp.org
| summit_session_attendee_company2= GT
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Jason Taylor
| summit_session_attendee_email3 = jtaylor@securityinnovation.com
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Achim Hoffmann
| summit_session_attendee_email4 = achim@owasp.org
| summit_session_attendee_company4= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Carlos Serrão
| summit_session_attendee_email5 = carlos.serrao@iscte.pt
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Konstantinos Papapanagiotou
| summit_session_attendee_email6 = Konstantinos@owasp.org
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Vishal Garg
| summit_session_attendee_email7 = vishalgrg@gmail.com
| summit_session_attendee_company7= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = OWASP TOP 10 online training in Hacking-Lab
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session069
| mailing_list =

|-

| short_working_session_description= We would like to open an OWASP TOP 10 online training in Hacking-Lab. This training will likely have the following pre-conditions:
* OWASP top 10 training (all cases are covered)
* Trainer feature for some well-known, trustworthy OWASP members
* Access to the solution videos of the OWASP TOP 10 issues
* Branding the OWASP Hacking-Lab Event in an OWASP-style
* OWASP Certificate for those receiving full points to all lab cases

|-

| related_project_name1 = Hacking Lab
| related_project_url_1 = http://www.hacking-lab.com

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= To learn more about the OWASP TOP 10 cases in Hacking-Lab - Vulnerable Apps in HL

| summit_session_objective_name2 = Experience the users's view of a training - lab descriptions, exercises, send-solution, ranking, global ranking, my profile

| summit_session_objective_name3 = Experience the teacher's view of a training - solution movies, accpet or reject solutions from users, solution movie

| summit_session_objective_name4 = Experience the Hacking-Lab LiveCD (accessing the lab), teaming, levels in HL, avatar, rankings

| summit_session_objective_name5 = Talk about a potential collaboration between OWASP and Hacking-Lab for the future. Free OWASP TOP 10 training.

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = Proposed agenda: 

We will talk about Hacking-Lab, it's core services and digg into the users and teachers view of the portal page. You will experience the full features of the Hacking-Lab training infrastructure for being prepared, if Hacking-Lab could be a valuable service for a free OWASP TOP 10 training in the future.

a) introduction hacking-lab 
b) user view 
c) teacher view 
d) hands-on training with the livecd 

This way - everybody fully understands the available *service* in
question and we can then further negotiate the collaboration if this is
something OWASP want to digg into.

|-

|summit_session_deliverable_name1 = A plan to create free awesome OWASP T10 awareness training using HL and others. Integrate the various environments and create a prototype if possible.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Ivan Buetler
| summit_session_leader_email1 = ivan.buetler@csnc.ch

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session069
| session_home_page =  Summit_2011_Working_Sessions/Session069
}}

Summit 2011 Working Sessions/Session041

2011-01-27T23:25:18Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Martin Knobloch
| summit_session_attendee_email1 = martin.knobloch@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Paulo Coimbra
| summit_session_attendee_email2 = paulo.coimbra@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Dinis Cruz
| summit_session_attendee_email3 = dinis.cruz@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Nishi Kumar
| summit_session_attendee_email4 = nishi.kumar@owasp.org
| summit_session_attendee_company4= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Cecil Su
| summit_session_attendee_email5 = cecil.su@owasp.org
| summit_session_attendee_company5= GT
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Heiko Richler
| summit_session_attendee_email6 = heiko.richler@owasp.org
| summit_session_attendee_company6=GSO-University of Applied Sciences
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Lucas C. Ferreira
| summit_session_attendee_email7 = lucas.ferreira@owasp.org
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Colin Watson
| summit_session_attendee_email8 = colin.watson@owasp.org
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Jason Taylor
| summit_session_attendee_email9 = jtaylor@securityinnovation.com
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 = Achim Hoffmann
| summit_session_attendee_email10 = achim@owasp.org
| summit_session_attendee_company10= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10= Trainer database and more ...

| summit_session_attendee_name11 = Mark Bristow
| summit_session_attendee_email11 = mark.bristow@owasp.org
| summit_session_attendee_company11= Securicon LLC
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11= Integration of training into conference and event planning.

| summit_session_attendee_name12 = Mateo Martinez
| summit_session_attendee_email12 = mateo.martinez@owasp.org
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 = Carlos Serrão
| summit_session_attendee_email13 = carlos.serrao@iscte.pt
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 = Konstantinos Papapanagiotou
| summit_session_attendee_email14 = Konstantinos@owasp.org
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 = Vishal Garg
| summit_session_attendee_email15 = vishalgrg@gmail.com
| summit_session_attendee_company15= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._university.jpg]]
| summit_ws_logo = [[Image:WS._university.jpg]]
| summit_session_name = OWASP Training
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session041
| mailing_list = [https://lists.owasp.org/mailman/listinfo/owasp-training OWASP Training mailing list]

|-

| short_working_session_description= This session aims to consolidate the OWASP Training model as a base for the Chapter-lead training initiatives with a view of making the Local Chapters and the training initiatives by them organised instrumental in reinforcing visibility of OWASP Projects within the local corporate communities and, by that, in encouraging the use and understanding of our tools and documentation. 

|-

| related_project_name1 = OWASP Training
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Training

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Consolidation of the OWASP Training Model (Paid and Non Paid):
| summit_session_objective_name2 = Methodolgies;
| summit_session_objective_name3 = Contents and materials;
| summit_session_objective_name4 = Trainers Database;
| summit_session_objective_name5 = Training Kit
|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =
'''For more additional details, please check the [[Talk:Summit 2011 Working Sessions/Session041|Discussion]] page.'''

* Consolidation of the OWASP Training model
* Relation with paid/commercial training
* Consolidation of methodologies
* Definition of contents within the OWASP universe of projects
* Production of training materials - training modules, publications, videos, CDs
* Identification of Trainers - Trainers Database
* Consolidation of the OWASP Training wiki page as a Training Kit for any Chapters wanting to organise training initiatives

|-

|summit_session_deliverable_name1 = Deliver the above as a fundable business plan complete with financial and resource requirements, timelines, metrics, etc…

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Sandra Paiva
| summit_session_leader_email1 = sandra.paiva@owasp.org

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session041
| session_home_page =  Summit_2011_Working_Sessions/Session041
}}

Summit 2011 Working Sessions/Session004

2011-01-27T23:20:31Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-
| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = Michael.Coates@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Colin Watson
| summit_session_attendee_email3 = colin.watson@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Vishal Garg
| summit_session_attendee_email4 = vishalgrg@gmail.com
| summit_session_attendee_company4= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = Enduser Warnings
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description=
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Clearly there is a need for warnings that users understand and that conveys the right information. Perhaps we can agree on some guidelines or at least exchange lessons learned.

| summit_session_objective_name2= <noinclude>How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? What to do about 50 % of users clicking through warnings? Mozilla replaces the padlock with a [https://support.mozilla.com/en-US/kb/Site%20Identity%20Button site identity button] i Firefox 4. "Larry" will inform the user of the site's status. Google recently tried out a skull & bones icon for bad certs but moved back to [http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95617 padlocks] again.</noinclude>

| summit_session_objective_name3= <noinclude>How should browsers communicate other kinds of information such as privacy, malware warnings, "not visited before" etc? Forbes had an interesting example of [http://blogs.forbes.com/kashmirhill/2011/01/05/visualizing-better-privacy-policies/?boxes=Homepagechannels how to visualize privacy].</noinclude>

| summit_session_objective_name4 =

| summit_session_objective_name5 =
|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 

[[Image:Three_browsers_user_info.jpg]]

Some additional information, thoughts and discussions on these subjects elsewhere:

* [http://www.freedom-to-tinker.com/blog/sjs/web-browser-security-user-interfaces-hard-get-right-and-increasingly-inconsistent Web Browser Security User Interfaces: Hard to Get Right and Increasingly Inconsistent], Freedom to Tinker, 18 Jan 2011
* [http://intrepidusgroup.com/insight/2010/04/security-dialogs-and-graphics/ Security Dialogs and Graphics], Insight, 27 Apr 2010
* [http://www.w3.org/TR/wsc-ui/ Web Security Context: User Interface Guidelines], W3C, 12 Aug 2010
* [http://www.clerkendweller.com/2009/7/28/Colour-Overload-with-IE8-Tab-Grouping Colour Overload with IE8 Tab Grouping], Clerkendweller, 28 Jul 2009
* [http://www.usablesecurity.org/emperor/ The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies], IEEE Symposium on Security and Privacy, May 2007
|-

|summit_session_deliverable_name1 = Browser Security Report

|summit_session_deliverable_name2 = Browser Security Priority List

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = John Wilander
| summit_session_leader_email1 = john.wilander@owasp.org
| summit_session_leader_username1 = John.wilander

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org

|-
| meeting_notes =
|-
| session_name_mask =  Session004
| session_home_page =  Summit_2011_Working_Sessions/Session004
}}
</includeonly>

Summit 2011 Working Sessions/Session092

2011-01-27T23:20:05Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Lucas C. Ferreira
| summit_session_attendee_email1 = lucas.ferreira@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Achim Hoffmann
| summit_session_attendee_email2 = achim@owasp.org
| summit_session_attendee_company2= sic[!]sec
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Steven van der Baan
| summit_session_attendee_email3 = steven.van.der.baan@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Cecil Su
| summit_session_attendee_email4 = cecil.su@owasp.org
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Sherif Koussa
| summit_session_attendee_email5 = sherif.koussa@owasp.org
| summit_session_attendee_company5= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Matthias Rohr
| summit_session_attendee_email6 = m.rohr@sec-consult.com
| summit_session_attendee_company6= SEC Consult
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Vishal Garg
| summit_session_attendee_email7 = vishalgrg@gmail.com
| summit_session_attendee_company7= AppSecure Labs
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
|-
| summit_track_logo = [[Image:T._mitigation.jpg]]
| summit_ws_logo = [[Image:WS._mitigation.jpg]]
| summit_session_name = Scaling Web Application Security Testing
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092
| mailing_list =

|-

| short_working_session_description= One of the challenge that large companies have is how to scale web application security testing when hundreds if not thousands of applications need to be retested regularly. The objective of this Working Sessions is for the security teams that are trying to do this today (including Tools and Host based solutions) to exchange ideas, expose current problems and share solutions

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = A white paper describing strategies for scaling application security verification programs beyond a single application at a time. Should address achieving coverage of expected controls, depth of assurance, both automated and manual approaches, custom rules, rule management, rule deployment.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Arian Evans
| summit_session_leader_email1 =
| summit_session_leader_username1 =

| summit_session_leader_name2 = Dinis Cruz
| summit_session_leader_email2 = dinis.cruz@owasp.org
| summit_session_leader_username2 = Dinis.cruz

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session092
| session_home_page =  Summit_2011_Working_Sessions/Session092
}}

Summit 2011 Working Sessions/Session004

2011-01-27T23:16:33Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-
| summit_session_attendee_name1 = John Wilander
| summit_session_attendee_email1 = john.wilander@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Michael Coates
| summit_session_attendee_email2 = Michael.Coates@owasp.org
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Colin Watson
| summit_session_attendee_email3 = colin.watson@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Vishal Garg
| summit_session_attendee_email4 = vishalgrg@gmail.com
| summit_session_attendee_company4= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._browser_security.jpg]]
| summit_ws_logo = [[Image:WS._browser_security.jpg]]
| summit_session_name = Enduser Warnings
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session004
| mailing_list = https://groups.google.com/group/owasp-summit-browsersec
|-

| short_working_session_description=
|-

| related_project_name1 = Browser Security Track - main page
| related_project_url_1 = http://www.owasp.org/index.php/Category:Summit_2011_Browser_Security_Track

| related_project_name2 = Google Group for the Browser Security Track
| related_project_url_2 = https://groups.google.com/group/owasp-summit-browsersec

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Clearly there is a need for warnings that users understand and that conveys the right information. Perhaps we can agree on some guidelines or at least exchange lessons learned.

| summit_session_objective_name2= <noinclude>How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? What to do about 50 % of users clicking through warnings? Mozilla replaces the padlock with a [https://support.mozilla.com/en-US/kb/Site%20Identity%20Button site identity button] i Firefox 4. "Larry" will inform the user of the site's status. Google recently tried out a skull & bones icon for bad certs but moved back to [http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95617 padlocks] again.</noinclude>

| summit_session_objective_name3= <noinclude>How should browsers communicate other kinds of information such as privacy, malware warnings, "not visited before" etc? Forbes had an interesting example of [http://blogs.forbes.com/kashmirhill/2011/01/05/visualizing-better-privacy-policies/?boxes=Homepagechannels how to visualize privacy].</noinclude>

| summit_session_objective_name4 =

| summit_session_objective_name5 =
|-

| working_session_date_and_time = Tuesday, 09 February Time: TBA

|-

| discussion_model = The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details = 

[[Image:Three_browsers_user_info.jpg]]

Some additional information, thoughts and discussions on these subjects elsewhere:

* [http://www.freedom-to-tinker.com/blog/sjs/web-browser-security-user-interfaces-hard-get-right-and-increasingly-inconsistent Web Browser Security User Interfaces: Hard to Get Right and Increasingly Inconsistent], Freedom to Tinker, 18 Jan 2011
* [http://intrepidusgroup.com/insight/2010/04/security-dialogs-and-graphics/ Security Dialogs and Graphics], Insight, 27 Apr 2010
* [http://www.w3.org/TR/wsc-ui/ Web Security Context: User Interface Guidelines], W3C, 12 Aug 2010
* [http://www.clerkendweller.com/2009/7/28/Colour-Overload-with-IE8-Tab-Grouping Colour Overload with IE8 Tab Grouping], Clerkendweller, 28 Jul 2009
* [http://www.usablesecurity.org/emperor/ The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies], IEEE Symposium on Security and Privacy, May 2007
|-

|summit_session_deliverable_name1 = Browser Security Report

|summit_session_deliverable_name2 = Browser Security Priority List

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = John Wilander
| summit_session_leader_email1 = john.wilander@owasp.org
| summit_session_leader_username1 = John.wilander

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 = John Wilander
| operational_leader_email1 = john.wilander@owasp.org

|-
| meeting_notes =
|-
| session_name_mask =  Session004
| session_home_page =  Summit_2011_Working_Sessions/Session004
}}
</includeonly>

Summit 2011 Working Sessions/Session059

2011-01-27T23:13:09Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Justin Clarke
| summit_session_attendee_email1 = justin@gdssecurity.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Nishi Kumar
| summit_session_attendee_email2 = nishi.kumar@owasp.org
| summit_session_attendee_company2= FIS
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Colin Watson
| summit_session_attendee_email3 = colin.watson@owasp.org
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Jason Taylor
| summit_session_attendee_email4 = jtaylor@securityinnovation.com
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Matthew Chalmers
| summit_session_attendee_email5 = matthew.chalmers@owasp.org
| summit_session_attendee_company5=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 = Justin Clarke
| summit_session_attendee_email6 = justin.clarke@owasp.org
| summit_session_attendee_company6=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 = Seba Deleersnyder
| summit_session_attendee_email7 = seba@owasp.org
| summit_session_attendee_company7= SAIT Zenitel
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 = Sherif Koussa
| summit_session_attendee_email8 = sherif.koussa@owasp.org
| summit_session_attendee_company8= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 = Vishal Garg
| summit_session_attendee_email9 = vishalgrg@gmail.com
| summit_session_attendee_company9= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Measuring SDLC process performance
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session059
| mailing_list =

| short_working_session_description=

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Wysopal
| summit_session_leader_email1 = cwysopal@Veracode.com
| summit_session_leader_username1 = Chris Wysopal

| summit_session_leader_name2 = Chris Eng
| summit_session_leader_email2 = ceng@Veracode.com
| summit_session_leader_username2 = Chris Eng

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session059
| session_home_page =  Summit_2011_Working_Sessions/Session059
}}

Summit 2011 Working Sessions/Session058

2011-01-27T23:11:05Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Jason Taylor
| summit_session_attendee_email1 = jtaylor@securityinnovation.com
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_company2=Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Sherif Koussa
| summit_session_attendee_email3 = sherif.koussa@owasp.org
| summit_session_attendee_company3= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Vishal Garg
| summit_session_attendee_email4 = vishalgrg@gmail.com
| summit_session_attendee_company4= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Counting and scoring application security defects
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session058
| mailing_list =
|-
| short_working_session_description = One of the biggest challenges of running an application security program is assembling the vulnerability findings from disparate tools, services, and consultants in a meaningful fashion. There are numerous standards for classifying vulnerabilities but little agreement on severity, exploitability, and/or business impact. One consultant may subjectively rate a vulnerability as critical while another will call it moderate. Some tools will attempt to gauge exploitability levels (which can be a black art in and of itself), others won't. Tools use everything from CWE to the OWASP Top Ten to the WASC TC to CAPEC. Security consultants often disregard vulnerability classification taxonomies in favor of their own "proprietary" systems. Sophisticated organizations may create their own internal system for normalizing output, but others can't afford to undertake such an effort. Until tool vendors and service providers can standardize on one methodology -- or maybe a couple -- for counting and scoring application defects, they are doing their customers a disservice.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss existing methods for counting and scoring defects, by vendors and practitioners willing to share their methodologies.

| summit_session_objective_name2 = Discuss advantages and disadvantages of a standardized approach.

| summit_session_objective_name3 = Discuss the CWSS 0.1 draft and how it might be incorporated into a standard.

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = White paper sketching out a standard for rating risks that accomodates individual minor defects all the way through architectural flaws (that may represent many individual defects)

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com
| summit_session_leader_username1 = Chris Eng

| summit_session_leader_name2 = Chris Wysopal
| summit_session_leader_email2 = cwysopal@Veracode.com
| summit_session_leader_username2 = Chris Wysopal

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session058
| session_home_page =  Summit_2011_Working_Sessions/Session058
}}

Summit 2011 Working Sessions/Session057

2011-01-27T23:05:03Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>

|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= Consider user concerns too - not just from the business viewpoint / Depends who the "consumers" are too

| summit_session_attendee_name2 = Vishal Garg
| summit_session_attendee_email2 = vishalgrg@gmail.com
| summit_session_attendee_company2= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= Consumers should have the visibility into the efforts made by businesses to secure their web portals, before they (consumers) provide their personal and credit card information.

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Metrics and Labelling
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session057
| mailing_list =

| short_working_session_description= Consumers and organizations enlist the services of web-based services with no ability to make an informed decision on its security. This can include enterprise class websites such as payment processing, HR portals, benefits administration, and other corporate services, as well as consumer centric websites such as tax preparation, personal finance, social media, or medical records. While the companies providing these services are unlikely to share detailed information about known vulnerabilities in their systems, it would be beneficial to have a standardized mechanism for describing the security controls and processes in place. In other words, what are they doing right that should give consumers some level of confidence that the provider exercises application security best practices?

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discuss positive security properties that should be tracked

| summit_session_objective_name2 = Discuss options for consumer-friendly labeling

| summit_session_objective_name3 = Discuss ways to encourage participation in risk labeling

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = White paper sketching out a standard for a software security label and a plan to finalize the standard.

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Eng
| summit_session_leader_email1 = ceng@Veracode.com
| summit_session_leader_username1 = Chris Eng

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session057
| session_home_page =  Summit_2011_Working_Sessions/Session057
}}

Summit 2011 Working Sessions/Session055

2011-01-27T22:56:28Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 = Colin Watson
| summit_session_attendee_email1 = colin.watson@owasp.org
| summit_session_attendee_username1 = Clerkendweller
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= There is a financial impact on users, mis-users, partners, and society too

| summit_session_attendee_name2 = Justin Clarke
| summit_session_attendee_email2 = justin.clarke@owasp.org
| summit_session_attendee_username2 = Justin42
| summit_session_attendee_company2= Gotham Digital Science
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 = Sherif Koussa
| summit_session_attendee_email3 = sherif.koussa@owasp.org
| summit_session_attendee_username3 = Koussa
| summit_session_attendee_company3= Software Secured
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 = Konstantinos Papapanagiotou
| summit_session_attendee_email4 = Konstantinos@owasp.org
| summit_session_attendee_username4 = conpap
| summit_session_attendee_company4= Syntax IT Inc
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 = Vishal Garg
| summit_session_attendee_email5 = vishalgrg@gmail.com
| summit_session_attendee_username5= Vishal_Garg
| summit_session_attendee_company5= AppSecure Labs Ltd
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_username6=
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_username7=
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_username8=
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_username9=
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_username10=
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_username11=
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_username12=
| summit_session_attendee_company12 =
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_username13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_username14=
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_username15=
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_username16=
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_username17=
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_username18=
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_username19=
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_username20=
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._metrics.jpg]]
| summit_ws_logo = [[Image:WS._metrics.jpg]]
| summit_session_name = Risk Metrics
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session055
| mailing_list =

|-

| short_working_session_description= We all know that you can’t control what you can’t measure and that you need to measure the right things or you won’t be steering towards the right outcome. For this session we will define the right outcome as “low risk to an organization from vulnerabilities in applications.” What are the right things to measure? How can we measure them? How can we use these application security metrics to drive towards low application risk. It would also be great if this could be translated into monetary risk to determine if an organizations investment in applications is not too much or too little. Some of the concepts discussed will be to take a portfolio view of application risk, assigning business risk to applications, counting defects, and measuring SDLC process performance. This is a big unsolved problem so come prepared with ideas and be willing to take part in a discussion.

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =

|summit_session_deliverable_name2 =

|summit_session_deliverable_name3 =

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Chris Wysopal
| summit_session_leader_email1 = cwysopal@Veracode.com
| summit_session_leader_username1 = Chris Wysopal

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_username1 =
|-

| meeting_notes =

|-
| session_name_mask =  Session055
| session_home_page =  Summit_2011_Working_Sessions/Session055
}}

User:Vishal Garg

2011-01-27T22:52:17Z

Vishal Garg:

''' Profile '''

Vishal is the Founder and Principal Security Consultant at [http://www.appsecurelabs.com AppSecure Labs Limited], a UK based company offering application security and penetration testing services.

Vishal has over a decade of IT industry experience and has worked in information and application security for the last five years. He has a masters degree in Information Security from Royal Hollow, University of London and is the holder of CISSP and CISA cirtifications. He is currently the project leader for the OWASP Development Guide project.

For more information, check his [http://www.linkedin.com/in/vishalgrg linkedin] profile.

Summit 2011 Working Sessions/Session066

2011-01-27T11:42:44Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Development Guide
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| mailing_list =

|-

| short_working_session_description= If done from the earliest stages, secure applications cost about the same to develop as insecure applications, but are far more cost effective in the long run. The primary aim of the OWASP Development Guide is to help businesses, developers, designers and solution architects to build secure web applications from the outset. The next version of the guide is an extension from the existing version with further enhancements to make it more usable for all stake holders. The aim of the working session is to have a discussion on the shortcomings of the existing guide and to make it a basis for further enhancements, alignment of the guide to ASVS Standard and OWASP common numbering scheme, potential for alignment of all three OWASP guides (DG, CRG and TG) and the ways to improve the usefulness of the guide to all the stake holders.

|-

| related_project_name1 = Project Wiki Page
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discussion on major enhancements to the next version of the development guide

| summit_session_objective_name2 = Discussion on aligning the guide to ASVS standard and OWASP common numbering scheme

| summit_session_objective_name3 = Discussion on improving the usefulness of the guide to the stake holders

| summit_session_objective_name4 = Seeking collaboration with other OWASP guides to follow same set of standards

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = An updated outline for the development guide that is tied into the OWASP common numbering scheme

|summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Development Guide for evaluation and discussion by the community at large.

|summit_session_deliverable_name3 = A committed project manager who can reach out to experts to get the document completed.

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Vishal Garg
| summit_session_leader_email1 = vishalgrg@gmail.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session066
| session_home_page =  Summit_2011_Working_Sessions/Session066
}}

Summit 2011 Working Sessions/Session066

2011-01-27T00:02:55Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_company3=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_company5=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=

|-
| summit_track_logo = [[Image:T._individual_projects.jpg]]
| summit_ws_logo = [[Image:WS._individual_projects.jpg]]
| summit_session_name = Development Guide
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| mailing_list =

|-

| short_working_session_description= Discussion on major enhancements to the next version of the development guide.

|-

| related_project_name1 = Project Wiki Page
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1 = Discussion of major enhancements to the next version of the development guide

| summit_session_objective_name2 = Discussion of improving usefulness of the guide to Project Managers, Architects and Developers

| summit_session_objective_name3 = Seeking collaboration with other OWASP guides to follow same set of standards

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 = An updated outline for the development guide that is tied into the OWASP common numbering scheme

|summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Development Guide for evaluation and discussion by the community at large.

|summit_session_deliverable_name3 = A committed project manager who can reach out to experts to get the document completed.

|summit_session_deliverable_name4 =

|summit_session_deliverable_name5 =

|summit_session_deliverable_name6 =

|summit_session_deliverable_name7 =

|summit_session_deliverable_name8 =

|-

| summit_session_leader_name1 = Vishal Garg
| summit_session_leader_email1 = vishalgrg@gmail.com

| summit_session_leader_name2 =
| summit_session_leader_email2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
|-

| operational_leader_name1 =
| operational_leader_email1 =

|-

| meeting_notes =

|-
| session_name_mask =  Session066
| session_home_page =  Summit_2011_Working_Sessions/Session066
}}

Summit 2011 Attendee/Attendee088

2011-01-15T14:15:41Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Vishal Garg
| summit_attendee_email1 = vishalgrg@gmail.com
| summit_attendee_wiki_username1 = Vishal Garg
|-
| summit_attendee_company = [http://www.AppSecureLabs.com AppSecure Labs]
|-
| Project Leadership (less than 6 months old) = Development Guide 3.0
| Project Leadership (more than 6 months old) = OWASP Tools Project
| Release Leadership (less than 6 months old) =
| Release Leadership (more than 6 months old) =
| Project Contribution (less than 6 months old) = OWASP Common Vulnerability List
| Project Contribution (more than 6 months old) =
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership =
| Conference Co-Leadership =
| Projected Funding Cost = $1023 USD
|-
| summit_attendee_current_owasp_involvement_name1 = OWASP Guide Project Lead
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About
| summit_attendee_current_owasp_involvement_name2 = OWASP Common Vulnerability List Contributor
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Guide Working Session
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 = AppSecure Labs
| summit_attendee_summit_time_paid_by_url_1 = http://www.AppSecureLabs.com
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP Guide Project Lead, OWASP Common Vulnerability List
|-
| status = Confirmed, Seeking Funding
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee088
| attendee_home_page =  Summit_2011_Attendee/Attendee088
}}

Summit 2011 Attendee/Attendee088

2011-01-06T22:25:33Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Vishal Garg
| summit_attendee_email1 = vishalgrg@gmail.com
| summit_attendee_wiki_username1 = Vishal Garg
|-
| summit_attendee_company = [http://www.AppsScureLabs.com AppSecure Labs]
|-
| Project Leadership (less than 6 months old) = Development Guide 3.0
| Project Leadership (more than 6 months old) = OWASP Tools Project
| Release Leadership (less than 6 months old) = Development Guide 3.0
| Release Leadership (more than 6 months old) = OWASP Tools Project
| Project Contribution (less than 6 months old) = OWASP Common Vulnerability List
| Project Contribution (more than 6 months old) = Development Guide 3.0
| Release Contribution (less than 6 months old) =
| Release Contribution (more than 6 months old) =
| Committee Membership =
| Chapter Co-Leadership =
| Conference Co-Leadership =
|-
| summit_attendee_current_owasp_involvement_name1 = OWASP Guide Project Lead
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About
| summit_attendee_current_owasp_involvement_name2 = OWASP Common Vulnerability List Contributor
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Guide Working Session
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 = AppSecure Labs
| summit_attendee_summit_time_paid_by_url_1 = http://www.AppSecureLabs.com
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP Guide Project Lead, OWASP Common Vulnerability List
|-
| status = Confirmed, Seeking Funding
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee088
| attendee_home_page =  Summit_2011_Attendee/Attendee088
}}

Summit 2011 Attendee/Attendee088

2010-12-24T10:52:27Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Vishal Garg
| summit_attendee_email1 = vishalgrg@gmail.com
| summit_attendee_wiki_username1 = Vishal Garg
|-
| summit_attendee_company = [http://www.AppsScureLabs.com AppSecure Labs]
|-
| summit_attendee_current_owasp_involvement_name1 = OWASP Guide Project
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About
| summit_attendee_current_owasp_involvement_name2 = OWASP Common Vulnerability List
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Guide Working Sesion
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 = AppSecure Labs
| summit_attendee_summit_time_paid_by_url_1 = http://www.AppSecureLabs.com
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP Guide Project Lead, OWASP Common Vulnerability List
|-
| status = Confirmed, Seeking Funding
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee088
| attendee_home_page =  Summit_2011_Attendee/Attendee088
}}

Summit 2011 Attendee/Attendee088

2010-12-19T17:49:39Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Vishal Garg
| summit_attendee_email1 = vishalgrg@gmail.com
| summit_attendee_wiki_username1 = Vishal Garg
|-
| summit_attendee_company = [http://www.AppsScureLabs.com AppSecure Labs]
|-
| summit_attendee_current_owasp_involvement_name1 = OWASP Guide Project
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About
| summit_attendee_current_owasp_involvement_name2 =
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Guide Working Sesion
| summit_attendee_reason_for_summit_participation_url_1 = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 = AppSecure Labs
| summit_attendee_summit_time_paid_by_url_1 = http://www.AppSecureLabs.com
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP Guide Project Lead
|-
| status = Confirmed, Seeking Funding
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee088
| attendee_home_page =  Summit_2011_Attendee/Attendee088
}}

Summit 2011 Working Sessions/Session066

2010-12-19T17:42:17Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_name = Development Guide
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066

|-

| short_working_session_description=

|-

| related_project_name1 = Project Wiki Page
| related_project_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1= Discussion of major enhancements to the next version of the development guide.

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 = Vishal Garg
| summit_session_leader_email1 = vishalgrg@gmail.com
| summit_session_leader_wiki_username1 = Vishal Garg

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_wiki_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_wiki_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_wiki_username1 =

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_wiki_username1 =

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_wiki_username2 =

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_wiki_username3 =

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_wiki_username4 =

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_wiki_username5 =

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_wiki_username6 =

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_wiki_username7 =

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_wiki_username8 =

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_wiki_username9 =

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_wiki_username10 =

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_wiki_username11 =

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_wiki_username12 =

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_wiki_username13 =

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_wiki_username14 =

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_wiki_username15 =

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_wiki_username16 =

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_wiki_username17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_wiki_username18 =

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_wiki_username19 =

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_wiki_username20 =

|-

| meeting_notes =

|-
| session_name_mask =  Session066
| session_home_page =  Summit_2011_Working_Sessions/Session066
}}

Summit 2011 Working Sessions/Session066

2010-12-19T17:34:44Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Summit 2011 Working Sessions test tab</noinclude>
|-

| summit_session_name = Development Guide Project
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066

|-

| short_working_session_description=

|-

| related_project_name1 =
| related_project_url_1 =

| related_project_name2 =
| related_project_url_2 =

| related_project_name3 =
| related_project_url_3 =

| related_project_name4 =
| related_project_url_4 =

| related_project_name5 =
| related_project_url_5 =

|-

| summit_session_objective_name1=

| summit_session_objective_name2 =

| summit_session_objective_name3 =

| summit_session_objective_name4 =

| summit_session_objective_name5 =

|-

| working_session_date_and_time =

|-

| discussion_model = participants and attendees

|-

| operational_resources = Projector, whiteboards, markers, Internet connectivity, power

|-

| working_session_additional_details =

|-

|summit_session_deliverable_name1 =
|summit_session_deliverable_url_1 =

|summit_session_deliverable_name2 =
|summit_session_deliverable_url_2 =

|summit_session_deliverable_name3 =
|summit_session_deliverable_url_3 =

|summit_session_deliverable_name4 =
|summit_session_deliverable_url_4 =

|summit_session_deliverable_name5 =
|summit_session_deliverable_url_5 =

|-

| summit_session_leader_name1 =
| summit_session_leader_email1 =
| summit_session_leader_wiki_username1 =

| summit_session_leader_name2 =
| summit_session_leader_email2 =
| summit_session_leader_wiki_username2 =

| summit_session_leader_name3 =
| summit_session_leader_email3 =
| summit_session_leader_wiki_username3 =

|-

| operational_leader_name1 =
| operational_leader_email1 =
| operational_leader_wiki_username1 =

|-

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_wiki_username1 =

| summit_session_attendee_name2 =
| summit_session_attendee_email2 =
| summit_session_attendee_wiki_username2 =

| summit_session_attendee_name3 =
| summit_session_attendee_email3 =
| summit_session_attendee_wiki_username3 =

| summit_session_attendee_name4 =
| summit_session_attendee_email4 =
| summit_session_attendee_wiki_username4 =

| summit_session_attendee_name5 =
| summit_session_attendee_email5 =
| summit_session_attendee_wiki_username5 =

| summit_session_attendee_name6 =
| summit_session_attendee_email6 =
| summit_session_attendee_wiki_username6 =

| summit_session_attendee_name7 =
| summit_session_attendee_email7 =
| summit_session_attendee_wiki_username7 =

| summit_session_attendee_name8 =
| summit_session_attendee_email8 =
| summit_session_attendee_wiki_username8 =

| summit_session_attendee_name9 =
| summit_session_attendee_email9 =
| summit_session_attendee_wiki_username9 =

| summit_session_attendee_name10 =
| summit_session_attendee_email10 =
| summit_session_attendee_wiki_username10 =

| summit_session_attendee_name11 =
| summit_session_attendee_email11 =
| summit_session_attendee_wiki_username11 =

| summit_session_attendee_name12 =
| summit_session_attendee_email12 =
| summit_session_attendee_wiki_username12 =

| summit_session_attendee_name13 =
| summit_session_attendee_email13 =
| summit_session_attendee_wiki_username13 =

| summit_session_attendee_name14 =
| summit_session_attendee_email14 =
| summit_session_attendee_wiki_username14 =

| summit_session_attendee_name15 =
| summit_session_attendee_email15 =
| summit_session_attendee_wiki_username15 =

| summit_session_attendee_name16 =
| summit_session_attendee_email16 =
| summit_session_attendee_wiki_username16 =

| summit_session_attendee_name17 =
| summit_session_attendee_email17 =
| summit_session_attendee_wiki_username17=

| summit_session_attendee_name18 =
| summit_session_attendee_email18 =
| summit_session_attendee_wiki_username18 =

| summit_session_attendee_name19 =
| summit_session_attendee_email19 =
| summit_session_attendee_wiki_username19 =

| summit_session_attendee_name20 =
| summit_session_attendee_email20 =
| summit_session_attendee_wiki_username20 =

|-

| meeting_notes =

|-
| session_name_mask =  Session066
| session_home_page =  Summit_2011_Working_Sessions/Session066
}}

Summit 2011 Attendee/Attendee088

2010-12-19T17:23:45Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Vishal Garg
| summit_attendee_email1 = vishalgrg@gmail.com
| summit_attendee_wiki_username1 = Vishal Garg
|-
| summit_attendee_company = [http://www.AppsScureLabs.com AppSecure Labs]
|-
| summit_attendee_current_owasp_involvement_name1 = OWASP Guide Project
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About
| summit_attendee_current_owasp_involvement_name2 =
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Guide Working Sesion
| summit_attendee_reason_for_summit_participation_url_1 =
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 = AppSecure Labs
| summit_attendee_summit_time_paid_by_url_1 = http://www.AppSecureLabs.com
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP Guide Project Lead
|-
| status = Confirmed, Seeking Funding
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee088
| attendee_home_page =  Summit_2011_Attendee/Attendee088
}}

Summit 2011 Attendee/Attendee088

2010-12-19T17:20:26Z

Vishal Garg:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP 2011 Global Summit Attendee Tab</noinclude>
|-
| summit_attendee_name1 = Vishal Garg
| summit_attendee_email1 = vishalgrg@gmail.com
| summit_attendee_wiki_username1 = Vishal Garg
|-
| summit_attendee_company = [http://www.AppsScureLabs.com AppSecure Labs]
|-
| summit_attendee_current_owasp_involvement_name1 = OWASP Guide Project
| summit_attendee_current_owasp_involvement_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About
| summit_attendee_current_owasp_involvement_name2 =
| summit_attendee_current_owasp_involvement_url_2 =
| summit_attendee_current_owasp_involvement_name3 =
| summit_attendee_current_owasp_involvement_url_3 =
| summit_attendee_current_owasp_involvement_name4 =
| summit_attendee_current_owasp_involvement_url_4 =
| summit_attendee_current_owasp_involvement_name5 =
| summit_attendee_current_owasp_involvement_url_5 =
|-
| summit_attendee_reason_for_summit_participation_name1 = OWASP Guide Working Sesion
| summit_attendee_reason_for_summit_participation_url_1 =
| notes_reason_for_participating_issues_to_be_discussed_1 =
| summit_attendee_reason_for_summit_participation_name2 =
| summit_attendee_reason_for_summit_participation_url_2 =
| notes_reason_for_participating_issues_to_be_discussed_2 =
| summit_attendee_reason_for_summit_participation_name3 =
| summit_attendee_reason_for_summit_participation_url_3 =
| notes_reason_for_participating_issues_to_be_discussed_3 =
| summit_attendee_reason_for_summit_participation_name4 =
| summit_attendee_reason_for_summit_participation_url_4 =
| notes_reason_for_participating_issues_to_be_discussed_4 =
| summit_attendee_reason_for_summit_participation_name5 =
| summit_attendee_reason_for_summit_participation_url_5 =
| notes_reason_for_participating_issues_to_be_discussed_5 =
|-
| summit_attendee_owasp_sponsor =
|-
| summit_attendee_summit_time_paid_by_name1 = AppSecure Labs
| summit_attendee_summit_time_paid_by_url_1 = http://www.AppSecureLabs.com
| summit_attendee_summit_time_paid_by_name2 =
| summit_attendee_summit_time_paid_by_url_2 =
|-
| summit_attendee_summit_expenses_paid_by_name1 =
| summit_attendee_summit_expenses_paid_by_url_1 =
| summit_attendee_summit_expenses_paid_by_name2 =
| summit_attendee_summit_expenses_paid_by_url_2 =
|-
| reason_for_sponsorship = OWASP Guide Project Lead
|-
| status =
|-
| letter sent to sponsor =
|-
| notes for Kate =
|-
| attendee_name_mask =  Attendee088
| attendee_home_page =  Summit_2011_Attendee/Attendee088
}}

User:Vishal Garg

2010-10-09T23:16:43Z

Vishal Garg:

''' Profile '''

Vishal Garg is the Founder and Principal Security Consultant at [http://www.appsecurelabs.com AppSecure Labs Limited]. He offers application security consultancy and verification services throughout the Software Development Lifecycle to businesses within the UK.

For more detailed information, view Vishal's public [http://www.linkedin.com/in/vishalgrg LinkedIn] profile. He can also be reached at: vishal.garg [at] appsecurelabs [dot] com

User:Vishal Garg

2010-10-09T01:25:22Z

Vishal Garg:

''' Profile '''

Vishal Garg is the Founder and Principal Security Consultant at [http://www.appsecurelabs.com AppSecure Labs Limited]. He offers web application security consultancy and penetration testing services to businesses within the UK.

For more detailed information, view Vishal's public [http://www.linkedin.com/in/vishalgrg LinkedIn] profile. Vishal can also be reached at: vishalgrg [at] gmail [dot] com

User:Vishal Garg

2010-07-16T13:45:05Z

Vishal Garg:

''' Profile '''

Vishal Garg is the Technical Services Manager for an IT security company within UK and manages the penetration testing team there. He has worked on application software development since 1998 and on application security and penetration testing since 2005. He has an MSc in Information Security from Royal Holloway, University of London and holds CISSP and CISA certifications.

For more detailed information, view Vishal's public LinkedIn profile [http://www.linkedin.com/in/vishalgrg here]. Vishal can also be reached at: vishalgrg [at] gmail [dot] com

Category:OWASP Tools Project

2010-06-12T22:39:55Z

Vishal Garg:

[[Category:OWASP Project|Tools Project]]
[[Category:OWASP Document]]
[[Category:OWASP Beta Quality Document]]

==== Main ====

== Vision ==

Our vision is to provide access to application security tools, resources and eductional material to everyone interested to learn and work in application security. We aim to achieve this by creating a repository of all the available resoruces at one place.

== Overview ==

New open source and commercial web application security tools are released almost every day. These tools are used either to detect vulnerabilities within web applications or to protect web applications from exploitation of potential vulnerabilties that may be present in these applications. With so many tools at hand, it may sometimes be difficult to make a decision about the selection of a tool that best meets your requirements.

The OWASP Tools Project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities. The goal of this project is to identify any available tools, categorise them and rate them according to a predefind criteria to assess their efficiency and performance.

== Project Roadmap ==

* Defining categories for tools
* Identification of tools within these categories
* Define rating criteria and the test procedure for identified tools
* Testing the tools against test applications to see how effectively the tool meets the rating criteria
* Provide rating to the tools based on their efficiency and performance

== Feedback and Participation ==

We hope you find the OWASP Tools Project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the mailing list [mailto:owasp-tools-project@lists.owasp.org here].

==== Project Identification ====

{{Template:OWASP Project Identification Tab
| project_name = OWASP Tools Project
| project_description = The OWASP Tools Project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities. The goal of this project is to identify any available tools, categorise them and rate them according to a predefind criteria to assess their effectiveness.
| project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution ShareAlike 3.0''']
| leader_name = Vishal Garg
| leader_email =
| leader_username = Vishal Garg
| maintainer_name = Vishal Garg
| maintainer_email =
| maintainer_username = Vishal Garg
| contributor_name1 = Dave van Stein
| contributor_email1 =
| contributor_username1 =
| contributor_name2 = [[User:D0ubl3_h3lix|Aung Khant]]
| contributor_email2 =
| contributor_username2 =
| contributor_name3 =
| contributor_email3 =
| contributor_username3 =
| contributor_name4 =
| contributor_email4 =
| contributor_username4 =
| contributor_name5 =
| contributor_email5 =
| contributor_username5 =
| contributor_name6 =
| contributor_email6 =
| contributor_username6 =
| contributor_name7 =
| contributor_email7 =
| contributor_username7 =
| contributor_name8 =
| contributor_email8 =
| contributor_username8 =
| contributor_name9 =
| contributor_email9 =
| contributor_username9 =
| contributor_name10 =
| contributor_email10 =
| contributor_username10 =
| pamphlet_link =
| presentation_link =
| mailing_list_name = owasp-tools-project
| links_url1 =
| links_name1 =
| links_url2 =
| links_name2 =
| links_url3 =
| links_name3 =
| links_url4 =
| links_name4 =
| links_url5 =
| links_name5 =
| links_url6 =
| links_name6 =
| links_url7 =
| links_name7 =
| links_url8 =
| links_name8 =
| links_url9 =
| links_name9 =
| links_url10 =
| links_name10 =
| project_road_map = :Category:OWASP_Tools_Project#Project_Roadmap
| project_health_status =
| current_release_name = First Release
| current_release_date =
| current_release_download_link =
| current_release_rating =
| current_release_leader_name = Vishal Garg
| current_release_leader_email =
| current_release_leader_username = Vishal Garg
| current_release_details =
| last_reviewed_release_name =
| last_reviewed_release_date =
| last_reviewed_release_download_link =
| last_reviewed_release_rating =
| last_reviewed_release_leader_name =
| last_reviewed_release_leader_email =
| last_reviewed_release_leader_username =
| old_release_name1 =
| old_release_date1 =
| old_release_download_link1 =
| old_release_name2 =
| old_release_date2 =
| old_release_download_link2 =
| old_release_name3 =
| old_release_date3 =
| old_release_download_link3 =
| old_release_name4 =
| old_release_date4 =
| old_release_download_link4 =
| old_release_name5 =
| old_release_date5 =
| old_release_download_link5 =
}}
__NOTOC__ <headertabs />

Category:Vulnerability Scanning Tools

2010-02-24T11:15:22Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' The tools listing in the table below has been presented in an alphabatical order. OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below. We have made every effort to put this information as acurately as possible. If you are the vendor of a tool below and think that this information is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite] || tool_owner = PortSwiger || tool_licence = Commercial / Free (Limited Capability)|| tool_platforms = Most platforms supported }}
|
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/Gamascan.aspx GamaScan] || tool_owner = GamaSec || tool_licence = Commercial || tool_platforms = Windows }}
|
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber] || tool_owner = Romain Gaucher || tool_licence = Open Source || tool_platforms = Python 2.4, BeautifulSoup and PyXML}}
|
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan] || tool_owner = David Byrne || tool_licence = Open Source || tool_platforms = Windows, Linux and Macintosh}}
|
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
|
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker] || tool_owner = MavitunaSecurity || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
|
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ ParosPro] || tool_owner = MileSCAN || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard] || tool_owner = Qualys || tool_licence = Commercial || tool_platforms = N/A}}
|
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina] || tool_owner = eEye Digital Security || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar] || tool_owner = iSec Partners || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
|
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti] || tool_owner = Informática Gesfor || tool_licence = Open Source || tool_platforms = Windows, Unix/Linux and Macintosh}}
|
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360] || tool_owner = nCircle || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ WebInspect] || tool_owner = HP || tool_licence = Commercial || tool_platforms = Windows}}
|
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 WebKing] || tool_owner = Parasoft || tool_licence = Commercial || tool_platforms = Windows / Linux / Solaris}}
|
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService] || tool_owner = German Web Security || tool_licence = Commercial || tool_platforms = N/A}}
|
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto] || tool_owner = Sensepost || tool_licence = Open Source || tool_platforms = Windows}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-24T11:11:28Z

Vishal Garg: /* Description */

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' The tools listing in the table below has been presented in an alphabatical order. OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below. We have made every effort to put this information as acurately as possible. If you are the vendor of a tool below and think that this information is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite] || tool_owner = PortSwiger || tool_licence = Commercial / Free (Limited Capability)|| tool_platforms = Most platforms supported }}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/Gamascan.aspx GamaScan] || tool_owner = GamaSec || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber] || tool_owner = Romain Gaucher || tool_licence = Open Source || tool_platforms = Python 2.4, BeautifulSoup and PyXML}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan] || tool_owner = David Byrne || tool_licence = Open Source || tool_platforms = Windows, Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker] || tool_owner = MavitunaSecurity || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ ParosPro] || tool_owner = MileSCAN || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard] || tool_owner = Qualys || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina] || tool_owner = eEye Digital Security || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar] || tool_owner = iSec Partners || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti] || tool_owner = Informática Gesfor || tool_licence = Open Source || tool_platforms = Windows, Unix/Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360] || tool_owner = nCircle || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ WebInspect] || tool_owner = HP || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 WebKing] || tool_owner = Parasoft || tool_licence = Commercial || tool_platforms = Windows / Linux / Solaris}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService] || tool_owner = German Web Security || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto] || tool_owner = Sensepost || tool_licence = Open Source || tool_platforms = Windows}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-24T11:09:22Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below. We have made every effort to put this information as acurately as possible. If you the vendor of a tool below and think that the information provided below is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite] || tool_owner = PortSwiger || tool_licence = Commercial / Free (Limited Capability)|| tool_platforms = Most platforms supported }}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/Gamascan.aspx GamaScan] || tool_owner = GamaSec || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber] || tool_owner = Romain Gaucher || tool_licence = Open Source || tool_platforms = Python 2.4, BeautifulSoup and PyXML}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan] || tool_owner = David Byrne || tool_licence = Open Source || tool_platforms = Windows, Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker] || tool_owner = MavitunaSecurity || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ ParosPro] || tool_owner = MileSCAN || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard] || tool_owner = Qualys || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina] || tool_owner = eEye Digital Security || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar] || tool_owner = iSec Partners || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti] || tool_owner = Informática Gesfor || tool_licence = Open Source || tool_platforms = Windows, Unix/Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360] || tool_owner = nCircle || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ WebInspect] || tool_owner = HP || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 WebKing] || tool_owner = Parasoft || tool_licence = Commercial || tool_platforms = Windows / Linux / Solaris}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService] || tool_owner = German Web Security || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto] || tool_owner = Sensepost || tool_licence = Open Source || tool_platforms = Windows}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-24T11:08:04Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below. We have made every effort to put this information as acurately as possible. If you the vendor of a tool below and think that the information provided below is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite] || tool_owner = PortSwiger || tool_licence = Commercial / Free (Limited Capability)|| tool_platforms = Most platforms supported }}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/Gamascan.aspx GamaScan] || tool_owner = GamaSec || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber] || tool_owner = Romain Gaucher || tool_licence = Open Source || tool_platforms = Python 2.4, BeautifulSoup and PyXML}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan] || tool_owner = David Byrne || tool_licence = Open Source || tool_platforms = Windows, Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker] || tool_owner = MavitunaSecurity || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ ParosPro] || tool_owner = MileSCAN || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard] || tool_owner = Qualys || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina] || tool_owner = eEye Digital Security || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar] || tool_owner = iSec Partners || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti] || tool_owner = Informática Gesfor || tool_licence = Open Source || tool_platforms = Windows, Unix/Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360] || tool_owner = nCircle || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ WebInspect] || tool_owner = HP || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 WebKing] || tool_owner = Parasoft || tool_licence = Commercial || tool_platforms = Windows / Linux / Solaris}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService] || tool_owner = German Web Security || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto] || tool_owner = Sensepost || tool_licence = Open Source || tool_platforms = Windows}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-23T12:16:54Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below. We have made every effort to put this information as acurately as possible. If you the vendor of a tool below and think that the information provided below is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Cenzic Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ HP WebInspect] || tool_owner = HP || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto] || tool_owner = Sensepost || tool_licence = Open Source || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ Rational AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 Parasoft WebKing] || tool_owner = Parasoft || tool_licence = Commercial || tool_platforms = Windows / Linux / Solaris}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService] || tool_owner = German Web Security || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360] || tool_owner = nCircle || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard] || tool_owner = Qualys || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber] || tool_owner = Romain Gaucher || tool_licence = Open Source || tool_platforms = Python 2.4, BeautifulSoup and PyXML}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan] || tool_owner = David Byrne || tool_licence = Open Source || tool_platforms = Windows, Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti] || tool_owner = Informática Gesfor || tool_licence = Open Source || tool_platforms = Windows, Unix/Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar] || tool_owner = iSec Partners || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite] || tool_owner = PortSwiger || tool_licence = Commercial / Free (Limited Capability)|| tool_platforms = Most platforms supported }}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/Gamascan.aspx GamaScan] || tool_owner = GamaSec || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ ParosPro] || tool_owner = MileSCAN || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker] || tool_owner = MavitunaSecurity || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina Web Security Scanner] || tool_owner = eEye Digital Security || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Whitehat Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-23T11:52:12Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below. We have made every effort to put this information as acurately as possible. If you the vendor of a tool below and think that the information provided below is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Cenzic Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ HP WebInspect] || tool_owner = HP || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto] || tool_owner = Sensepost || tool_licence = Open Source || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ Rational AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 Parasoft WebKing] || tool_owner = Parasoft || tool_licence = Commercial || tool_platforms = Windows / Linux / Solaris}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService] || tool_owner = German Web Security || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360] || tool_owner = nCircle || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard] || tool_owner = Qualys || tool_licence = Commercial || tool_platforms = N/A}}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber] || tool_owner = Romain Gaucher || tool_licence = Open Source || tool_platforms = Python 2.4, BeautifulSoup and PyXML}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan] || tool_owner = David Byrne || tool_licence = Open Source || tool_platforms = Windows, Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti] || tool_owner = By Informática Gesfor in the European ICT-Romulus Project || tool_licence = Open Source || tool_platforms = Windows, Unix/Linux and Macintosh}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar] || tool_owner = iSec Partners || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite] || tool_owner = PortSwiger || tool_licence = Commercial / Free (Limited Capability)|| tool_platforms = Most platforms supported }}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/ GamaScan]}}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ MileScan Web Security Auditor]}}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker]}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina Web Security Scanner] || tool_owner = eEye Digital Security || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Whitehat Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-23T11:03:41Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below. We have made every effort to put this information as acurately as possible. If you the vendor of a tool below and think that the information provided below is incomplete or incorrect, please send an e-mail to our mailing list and we will make every effort to correct this information.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Cenzic Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ HP WebInspect] || tool_owner = HP || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto] || tool_owner = Sensepost || tool_licence = Open Source || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ Rational AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 Parasoft WebKing] || tool_owner = Parasoft || tool_licence = Commercial || tool_platforms = Windows / Linux / Solaris}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService]}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360]}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard]}}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber]}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan]}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti]}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar]}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite]}}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/ GamaScan]}}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ MileScan Web Security Auditor]}}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker]}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina Web Security Scanner] || tool_owner = eEye Digital Security || tool_licence = Commercial / Free Trial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Whitehat Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-19T23:40:55Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Cenzic Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ HP WebInspect]}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto]}}
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ Rational AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 Parasoft WebKing]}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService]}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360]}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard]}}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber]}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan]}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti]}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar]}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite]}}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/ GamaScan]}}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ MileScan Web Security Auditor]}}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker]}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina Web Security Scanner] || tool_owner = eEye Digital Security || tool_licence = Commercial / Free Trial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Whitehat Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-19T23:39:58Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Cenzic Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stealth] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ HP WebInspect]}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto]}}
{{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/rational/offerings/websecurity/ Rational AppScan] || tool_owner = IBM || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/ntospider NTOSpider] || tool_owner = NT OBJECTives || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 Parasoft WebKing]}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService]}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360]}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard]}}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber]}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan]}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti]}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar]}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite]}}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/ GamaScan]}}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ MileScan Web Security Auditor]}}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker]}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina Web Security Scanner] || tool_owner = eEye Digital Security || tool_licence = Commercial / Free Trial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Whitehat Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]

Category:Vulnerability Scanning Tools

2010-02-19T23:13:45Z

Vishal Garg:

{{Template:Stub}}

== Description ==

Web Application Vulnerability Scanners are the automated tools that scan web applications to look for known security vulnerabilities such as cross-site scripting, SQL injection, command execution, directory traversal and insecure server configuration. A large number of both commercial and open source tools are available and and all these tools have their own strengths and weaknesses.

Here we will provide a listing of vulnerability scanning tools currently available in the market. The plan is to extend this listing to provide information about each tool's strengths and weaknesses to enable you to make an informed decision about the selection of a particular tool to meet your requirements.

 '''Disclaimer:''' OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below.

 

== Tools Listing ==

{{:Template:OWASP Tool Headings}}
{{OWASP Tool Info || tool_name = [http://www.acunetix.com/ Acunetix WVS] || tool_owner = Acunetix || tool_licence = Commercial / Free (Limited Capability) || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cenzic.com/ Cenzic Hailstorm] || tool_owner = Cenzic || tool_licence = Commercial || tool_platforms = Windows }}
{{OWASP Tool Info || tool_name = [http://www.nstalker.com/ N-Stalker] || tool_owner = N-Stalker || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.cirt.net/nikto2 Nikto] || tool_owner = CIRT || tool_licence = Open Source|| tool_platforms = Unix/Linux}}
{{OWASP Tool Info || tool_name = [https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-201-200^9570_4000_100__ HP WebInspect]}}
{{OWASP Tool Info || tool_name = [http://www.sensepost.com/research/wikto/ Wikto]}} {{OWASP Tool Info || tool_name = [http://www-01.ibm.com/software/awdtools/appscan/ IBM AppScan]}}
{{OWASP Tool Info || tool_name = [http://www.ntobjectives.com/products/ntospider.php NTOSpider]}}
{{OWASP Tool Info || tool_name = [http://www.parasoft.com/jsp/solutions/soa_solution.jsp?itemId=86 Parasoft WebKing]}}
{{OWASP Tool Info || tool_name = [http://www.german-websecurity.com/en/products/webscanservice/product-details/overview/ WebScanService]}}
{{OWASP Tool Info || tool_name = [http://www.ncircle.com/index.php?s=products_webapp360 WebApp360]}}
{{OWASP Tool Info || tool_name = [http://www.qualys.com/products/qg_suite/was/ QualysGuard]}}
{{OWASP Tool Info || tool_name = [http://rgaucher.info/beta/grabber/ Grabber]}}
{{OWASP Tool Info || tool_name = [http://grendel-scan.com/ Grendel-Scan]}}
{{OWASP Tool Info || tool_name = [http://wapiti.sourceforge.net/ Wapiti]}}
{{OWASP Tool Info || tool_name = [https://www.isecpartners.com/SecurityQAToolbar.html SecurityQA Toolbar]}}
{{OWASP Tool Info || tool_name = [http://www.portswigger.net/suite/ Burp Suite]}}
{{OWASP Tool Info || tool_name = [http://www.gamasec.com/ GamaScan]}}
{{OWASP Tool Info || tool_name = [http://www.milescan.com/hk/ MileScan Web Security Auditor]}}
{{OWASP Tool Info || tool_name = [http://www.mavitunasecurity.com/ Netsparker]}}
{{OWASP Tool Info || tool_name = [http://www.eeye.com/Products/Retina/Web-Security-Scanner.aspx Retina Web Security Scanner] || tool_owner = eEye Digital Security || tool_licence = Commercial / Free Trial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.kavado.com/ ScanDo] || tool_owner = KaVaDo Inc || tool_licence = Commercial || tool_platforms = Windows}}
{{OWASP Tool Info || tool_name = [http://www.whitehatsec.com/home/services/services.html Whitehat Sentinel] || tool_owner = WhiteHat Security || tool_licence = Commercial || tool_platforms = N/A}}
|}

== References ==

*http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria
*https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/black-box/261-BSI.html#dsy261-BSI_Evaluation-Criteria
*http://www.uml.org.cn/Test/12/Automated%20Testing%20Tool%20Evaluation%20Matrix.pdf
*http://securityinnovation.com/security-report/October/vulnScanners15.htm
*http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html
*http://www.tssci-security.com/archives/2007/11/24/2007-security-testing-tools-in-review/
*http://www.softwareqatest.com/qatweb1.html

[[Category:OWASP_Tools_Project]]