This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP 2013 Project Summit Appendix

From OWASP
Jump to: navigation, search

Appendix

In this section, you will find various reports, tables, slides, forms, and other materials produced for and at the summit. You will also find historical summit information such as previous summit budgets and funds spent. Finally, you will find a list of primary summit contributors with a short bio for each individual. Please contact Samantha Groves ([email protected]) if you have any questions about anything in the report or the Appendix section specifically

2009 SUMMIT FINANCIAL DETAILS

Category Cost Notes
Travel - Diplomata Tours $54,325.84 Includes Flights for 65 attendees
Other Travel Costs $12,563.72 Flights and other expenses submitted for reimbursement
Grande Real Santa Eulalia Hotel $58,018.12 Includes accommodations for 74 and food for 76 attendees
AV Expenses - Euroligistix $5,222.61
Advertising - Generator $1,261.50
Summit Personnel $960.00
FedEx $3,080.37
Miscellaneous $6,337.91
Banking & Currency Corrections $498.90
SUBTOTAL $142,268.97
Income - Reimbursements/ Donations -$6,290.04
TOTAL $135,978.93


Almost all OWASP participants (OWASP Project Leaders, Reviewers, and Contributors) at the 2008. Summit had their trip sponsored, at least in part, by the OWASP Foundation. To be considered a relevant. OWASP participant, and, consequently, to qualify to have the Summit attendance expenses partially paid, attendees needed to fall into of the following categories:

  1. OWASP Summer of Code 2008 project leaders & reviewers,
  2. OWASP Summer of Code 2008 special project contributors,
  3. OWASP Spring of Code 2007 project leaders & reviewers,
  4. OWASP Autumn of Code 2006 project leaders & reviewers,
  5. Active Project Leaders (not currently participating on SoC 08),
  6. Active Chapter Leaders
  7. Member with significant past OWASP Contribution.


A list of OWASP sponsored attendees to the 2008 Summit as well as the reason for the sponsorship (i.e. the category from the above list that they fall into) can be found at: http://spreadsheets.google.com/pub? key=pAX6n7m2zaTVLrPtR07riBA Additionally, the following rules were established by the 2008 Summit planning committee to clarify which expenses and how much would be paid for by the OWASP Foundation:

  1. With exceptions noted below, all accommodation and meals during the four-day event will be paid.
  2. As we are still seeking out financial sponsorship support, until further notice, none of the dinners will be paid.
  3. The meals consist of a pre-negotiated menu and only this menu will be paid.
  4. The accommodation will consist in a place in a shared T1 (3 people) or T2 (5 people) apartment. Therefore, even though one can choose an individual room, OWASP will pay only for the cost associated with a shared stay. At the cost of +/- 60 Euros per night, there is the option to stay in an individual room (or in a double-room, in the cases where the partner - wife / husband - is also present).
  5. Please note that the nights of 3 and 7 of Nov will be included in the paid accommodation for those individuals attending the whole event.
  6. Regarding the flight expenses, OWASP will pay a maximum of 1000 US dollars for all non-European attendees and 600 US dollars for the European ones.

Please Note: The 2008 Summit financial details information was taken from the 2011 Project Summit Report prepared by Sarah Baso.


2011 SUMMIT FINANCIAL DETAILS

EXPENSES: SUMMIT VENUE

Category Cost Notes
Alentejo Room $2,502.00 450€/day x 4 days = 1,800€
Campo Real 1 $3,614.00 650€/day x 4 days = 2,600€
Campo Real 2, 3 & 4 $3,614.00 650€/day x 4 days = 2,600€
Catering Supplement - dinner served in villas $1,056.40 1.50€/person/day = 760€
Catering Supplement $354.45 85€/day x 3 days = 255€
ASDL $1,997.75 €1,437.23
Printer $2,085.00 €1,500
Suite $1,390.00 200€day x 5 days = 1,000€
AV Equipment $16,853.75 €12,125
Drink Tickets $2,636.83 7€/drink x 271 tickets = 1,897€
Cocktail Hour $708.90 €510
Nuno Marco $7,717.38 5,066.10€ (Optimus, Projector, PCs, Labor)
Food & Beverage Extras $7,717.38 For Summit Team/Early Arrival 5,552.07€
Campo Real Total $51,572.34 €37,107.40


EXPENSES: SUMMIT GIVEAWAYS

Category Cost Notes
Podcast CD & Book $1,800.00
Attendee Misc. $5,254.17 Stickers, Passports & Compasses


EXPENSES: SUMMIT EQUIPMENT & SERVICES

Category Cost Notes
Operational Expenses $1,384.22 Disposable cell phones, SIM cards, Netgear hub, baggage fees, ipad
OWASP Band Equipment Rental $1,500.00 €1,100
Apparel - LX Studios & Polo Shirts $2,858.96


EXPENSES: SUMMIT EQUIPMENT & SERVICES

Category Cost Notes
Marketing - Hackers News Network $250.00
PR - Generator Beyond the Brand $2,760.00 €2,000
SAPO (Additional Internet Connectivity) $2,175.00 €1,577
Baltazar Martins (Summit Design/Marketing) $3,210.00 €2,327


EXPENSES:SUMMIT SUPPORT STAFF

Category Cost Notes
Sarah Baso (Summit Logistical Support) $4,000.00
Marta Pergorelli (Brazilian Delegation) $5,000.00
Sarah Cruz (Design) $2,100.00
Sandra Paiva (Working Session Editor) $2,000.00
Deb Brewer (Summit – On-site Event Planner) $3,915.77


EXPENSES: TOTALS

Category Cost Notes
Summit Expenses Subtotal $89,780.46
Summit Travel Subtotal $152,855.58 http://sl.owasp.org/summit2011_travelcosts
TOTAL EXPENSES $243,636.04


INCOME: OWASP BUDGET ALLOCATION - BOARD APPROVED

Category Cost Notes
OWASP Funds for Operational Expenses $50,000 $50,000 allocated by Board – Aug 2010
Summit Attendee Travel Budget $50,000 $50,000 approved by Board in Dec 2010
$15,000 for Operational Costs and $25,000 for Summit Travel Expenses $40,000 Approved by Board 23-Jan-2011


INCOME: EXTERNAL SPONSORSHIPS

Category Cost Notes
Local Chapter Sponsorships $44,095.65 Direct chapter donations & OSTR funds
Project Sponsorship $2,000.00 Funds donated from project budgets


INCOME: EXTERNAL SPONSORSHIPS

Category Cost Notes
Wiki Donations $1,310.11
Praetorian $1,942.14 $5000 Corporate membership with 40% ($2000 less fees) allocated to sponsor summit attendee
Security Innovation $1,942.14 $5000 Corporate membership with 40% ($2000 less fees) allocated to sponsor summit attendee
(ISC)2 $1,947.09 Lunch Sponsorship ($2,000 less fees)
Trustwave $1,975.00 Wireless Sponsorship ($2,000 less fees)


INCOME: ACCOMMODATION CREDIT

Category Cost Notes
Accommodation Credit $8,860.36 Credit from Diplomata Tours


EXPENSES: TOTALS

Subtotal Internal Income $186,095.65
Subtotal External Income $16,029.75
'TOTAL INCOME $202,125.40
'PROFIT/LOSS $40,510.64 style="background: #A9BA9D; color: black" |Total amount "over budget"
Total amount spent by OWASP $226,606.29


The above details on the 2011 Summit Expenses and Income can be found at: http://sl.owasp.org/ summit2011_finalbudget More details on Summit Travel and Accommodation costs, broken down by attendee can be found at: http:// sl.owasp.org/summit2011_travelcosts Please Note: The 2011 Summit financial details information was taken from the 2011 Project Summit Report prepared by Sarah Baso.


MARKETING MATERIALS: ACADEMIES AND TRAINING INVITATION TO THE COMMUNITY

Education and training is an important part of OWASP's mission as it helps not only in increasing the awareness around application security but also in actually improving the security of applications.

The OWASP Academies program aims to bring together academic institutions from all over the world in order to collaborate towards increasing awareness on application security. The OWASP Academy Portal is the actual deliverable of this process: a portal that will provide various types of content (presentations, labs, etc.) to students and faculty who wish to learn or teach application security.

We would like to invite you to join us in the OWASP 2013 Projects Summit which is organized during OWASP AppSec USA 2013, in New York City from November 18th to November 21st.

During the Projects Summit we intend to kick start the Academy Portal, complete the initial design and add some actual content. The OWASP Academy Portal will then serve as the meeting point for application security in academia. Moreover, we will discuss various training models and the experience we have gained over the past years in order to build a model that will be subsequently used to train developers and anyone involved in securing applications.

The OWASP 2013 Projects Summit will serve as a meeting point for several members of the educational and academic community and a unique opportunity to network, collaborate, exchange ideas and experience. The OWASP Project Summit is a smaller version of the much larger OWASP Summits. This year’s summit aims to give our project leaders the opportunity to have attendees sit down and work on project related activities during AppSec USA. It is an excellent opportunity to engage with active OWASP Project Leaders, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.

To participate in the Projects Summit Register for FREE for the “Expo and Career Fair Only Pass” and use the following discount code at checkout: NYC13_SUMMIT.Looking forward to working with you during the OWASP 2013 Projects Summit,


Dr. Kostas Papapanagiotou Martin Knobloch

MARKETING MATERIAL: OWASP REVIEW CRITERIA AND 2013 PROJECT ASSESSMENTS

I am happy to report that the Technical Project Advisors team has completed the final version of the our project assessment criteria. This criteria grades our project quality based on the overall project health and the overall quality of the product each project is producing. The aim of developing this criteria was to help guide OWASP Project Leaders toward the successful completion and development of their overall project deliverable. Moreover, this criteria will be used to establish the appropriate stage the reviewed project is in, basing the decision on overall project health and product quality. I encourage all Project Leaders to please take a bit of time and review the 2013 Project Assessment Criteria.

2013 PROJECT SUMMIT REVIEWS

As many of you know, attendees will be able to participate in the review of the entire inventory of OWASP Projects using the new assessment criteria developed by our team of Technical Project Advisors, during the OWASP Projects Review working session at AppSec USA. The aim of this session is to establish a more accurate representation of OWASP project health and product quality.

Leaders are encouraged to review the 2013 Project Assessment Criteria, and make certain that their project fulfills all of the guidelines outlined in the criteria. Please note, that it is not mandatory to work towards fulfilling all of the criteria for this round of reviews. However, passing the assessment is a requirement if you wish to graduate from an Incubator to a Lab and Lab to a Flagship Project. We do encourage all current Lab and Flagship project leaders to ensure that they are in alignment with the new 2013 project assessment criteria.

NEW OWASP PROJECT WIKI TEMPLATES

The new project wiki templates were created to make adding content to a project wiki page, a much easier task for Leaders. A big thank you to Colin Watson for creating these for us. We are encouraging all Leaders to switch over to these templates starting in 2014. Please note that Leaders are not required to use these templates, but the use of this wiki template is a requirement for graduation for Incubator projects starting in 2014. Below you will see an example of what we would like to see from an OWASP Project in regard to their wiki content and links.

If you have any questions about any of the topics above, or if you want to be involved, please reach out to me at [email protected]. See you all at the Project Summit in New York City!

MARKETING MATERIAL: 2013 PROJECT SUMMIT IS ONLY 2 WEEKS AWAY: SIGN UP NOW!

The Project Summit taking place in tandem with this year's AppSec USA in New York City, is only two weeks away! Unfortunately, we were not able to raise enough funds to facilitate remote participation for the 2013 Project Summit. It is certainly an aspect of our summits that we find incredibly important, and we will work hard to make sure remote participation is an option our contributors have in 2014. As a result, we recommend attending the summit in person, and signing up for the sessions you are interested in. We now have 18 sessions scheduled. The list includes:

Monday: Nov 18th

  1. OWASP Project Review Session
  2. ESAPI Hackathon Session
  3. OWASP Media Project
  4. OWASP PHP Security and RBAC Projects: An Introduction
  5. AppSensor 2.0 Hackathon
  6. Bug Bounty Hack Session

Tuesday: Nov. 19th

  1. OWASP Training Development Session
  2. OWASP Academies Development Session
  3. Mobile Security Session
  4. ESAPI Hackathon Session
  5. Bug Bounty Hack Session

Wednesday: Nov. 20th

  1. Writing and Documentation Review Session
  2. ESAPI Hackathon Session
  3. Bug Bounty Hack Session

Thursday: Nov. 21st

  1. ZAP Hackathon Session
  2. Open SAMM Session
  3. ESAPI Hackathon Session
  4. Bug Bounty Hack Session

For more information on the 2013 Project Summit, please contact Samantha Groves ([email protected]), or visit the Project Summit wiki page.

MARKETING MATERIAL: INDIVIDUAL SUMMIT TWEETS BY KAIT DISNEY-LEUGERS

  1. Those OWASP Projects are not going to review themselves, maybe you should help. https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/003
  2. The ESAPI Hackathon is going on throughout the four days of the Projects Summit. Sign up to participate here: https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/001
  3. A 'live-hacking' event in a controlled environment. Get your hack on at the Bug Bounty Session, sign up here:https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/0013
  4. Help to define the standards and guidelines on training material. Sign up for the Training Development Session here: https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/008
  5. OWASP is going back to school to get the youth involved. Help create the guidelines for the Academies Initiatives:https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/009
  6. Build and maintain secure mobile applications at the Mobile Security Session. Sign up here: https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/0012
  7. Release your inner wordsmith at the Project Guide Review Writing Session. https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/005
  8. Wrap up your week at the OWASP Projects Summit by participating in the ZAP Hackathon. Sign up here: https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/007

2013 SUMMIT: SKY LOUNGE FLOOR PLAN

The floor plan below was put together by Fabio Cerullo after the planning team were able to assess the space in person. The space allocation was organized based on the space needs of each session Leader. Mark Miller had a suite to himself for filming in the Podcast area, and the talk room area was created by using a room divider and a projector. The ESAPI and Media areas were separated out as they required more space for more expected contributors. The Media area was given a projector and media equipment, as well. Overall, the spaces worked well, but it is important that the summit area not be shared with any other conference happenings if taking place with a conference. Sharing the space simply did not work, and it caused many distractions for contributors.

Sky lounge chart.png

SUMMIT LOGOS AND IMAGES

Summit-horizontal-logo.jpg


Summit-logo.jpg

PLANNING TEAM, WORKING SESSION LEADERS, AND KEY SUMMIT VOLUNTEERS

PRIMARY PLANNING TEAM

Samantha Groves

SAM.jpg
Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She now works to help our OWASP Project Leaders, aiding them in starting and running their OWASP based projects.


Kait Disney-Leugers

Kait.jpg
Kait was the Grants and Fundraising Intern for the fall of 2013. Kait received her B.A. in history from Ohio University. She has previously worked with non-profit groups and museums doing fundraising, acquisitions and research. She lives in the Bay Area/Silicon Valley area, and her side project includes running the social media for the OWASP Mantra OS project.


WORKING SESSION LEADERS

Johanna Curiel

Johanna curiel.jpg
Johanna is one of OWASPs Technical Project Advisors responsible for creating our new project assessment criteria and grading process. Johanna has mainly worked in the area of C# and ASP.NET development, Testing and Quality Control. She is an experienced developer and understands different types of programming languages such as Java and PHP and different types of scripting languages. Johanna has ample experience in Microsoft Technologies and Security Engineering.

Chuck Cooper

Cooper c.jpg
Chuck has been developing and/or managing several award winning software products for over 25 years including working on Great Plains Property Management, Borland Paradox, Acuity Projects, CA Clarity, and Paylocity Web Pay. For the past 8 years he has been working as the CIO at Paylocity, and recently he earned his CISSP certification and became the CISO and Sr. VP of Enterprise Architecture. Now he can focus primarily on network and application security for Paylocity's Software-as-a-Service Payroll, HR, Time & Labor Management, and Online Benefits products.

Jonathan Marcil

Marcil j.jpg
As the chapter leader of OWASP Montreal, Jonathan manages most of the events and do the online community management. He is filling up the 2013 chapter's agenda with continuous events and bring new activities than just presentations the way we are used to: Workshops on OWASP projects, community mash-up with other programming related user groups, doing talks in various venues and online events using YouTube and Google Hangouts. He is also Advisor of the security track of ConFoo, a Web techno conference held each year in Montreal that gathers over 600 Web developers and enthusiasts.

Abbas Naderi

10347ca.jpg
Information security, cryptography, computer science, and all sorts of geeky stuff make up my life. I spend considerable time in OWASP, and deem myself one of the people who is pushing OWASP forward in every direction. I am also currently chapter leader of Iran in OWASP and have participated in OWASP Projects for more than 5 years. I'm leading OWASP PHP Security Project, OWASP RBAC Project, and a handful of others and have plans for a lot more to come! On top of that I take part in other open source communities, trying to improve the security aspects of every software.

Rahul Chaudhary

Chaudhary.jpg
I like security and algorithms. I like the codes and logic combined to form something that makes your daily work so easy. Just think of all the money in the banks...they are just numbers in computers dancing around in super speed, all numbers, all algorithms....and they need to be SAFE!

Dinis Cruz

Project Track.jpg
Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform and Security

Innovation's TeamMentor (Dinis is the main developer and architect of both Applications). Current day job is with Security Innovation where Dinis tries to promote openness, quality and sharing as part a core tenet of TeamMentor's application development environment. After many years (and multiple roles) Dinis is still very active at OWASP, currently leading the O2 Platform project and helping out other projects and initiatives. Additionally, Dinis provided essential mentorship, and was a key contributor in the pre-planning and execution of the 2013 Summit.


Michael Hidalgo

Michael hidalgo.jpg
Software Developer Engineer based on San José, Costa Rica. With more than 6 years of experience building financial applications and with his high sense of responsibility and quality, Michael always work hard to do things better. Currently Michael works as a Software Developer Engineer for one of the best Application Security company in the market. He also leads the OWASP Chapter in Costa Rica and he is always writing about software, testing, quality and application security.

John Melton

Melton.jpg
John specializes in the design, development and security analysis of secure J2EE web-based applications.

Goal: Help other J2EE developers grow in knowledge with regards to building secure applications.


Kevin Wall

Kevin wall.jpg
Kevin is an experienced Application Security developer, and he is the OWASP ESAPI project co-leader / committer.

Dennis Groves

Dennis.groves.jpg
Dennis Groves's work focuses on a multidisciplinary approach to risk management. He is particularly interested in risk, randomness, and uncertainty. He holds an MSc in Information Security from the University of Royal Holloway where his thesis received a distinction. He is currently a UK expert for the UK mirror of ISO subcommittee 27, IT Security Techniques, working group 4, Security Controls and Services at the British Standards Institute. He is most well known for co-founding OWASP. His contributions to OWASP include the ‘OWASP Guide (v1)’ downloaded over 2 million times; now a reference document in the PCI DSS standard, and the de-facto standard for securing web applications. He is a thought leader in the web application security space, where he has spent the last decade of his career. Dennis Groves has been an Security Architect, Ethical Hacker, Web Application Security Consultant, IT Security Consultant, System Administrator, Network Administrator, and a Software Engineer. He has taught various courses on information security and is best known for his ability to bring fresh insight to difficult security problems.

Chris Schmidt

Chris schmidt.jpg
Chris is currently the Project Leader for the OWASP ESAPI Projects and also served on the OWASP Global Projects Committee. He has been involved with OWASP for 6 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership discussions amongst the organization. During the day, Chris is Chief Architect for Contrast Security where he has been since fall 2010. Prior to joining the team at Contrast Security he spent 5 years as 'Black Ops Beef' for ServiceMagic Inc with the official title of Software Engineer. Before getting involved in software professionally, Chris worked in hardware as a Senior Field Service Engineer providing hardware and software support for PC’s, Servers, Midrange Systems and Peripherals for 9 years.

Konstantinos Papapanagiotou

Konstantinos Papapanagiotou.jpg
Dr Konstantinos Papapanagiotou has more than 10 years of experience in the field of Information Security both as a corporate consultant and as a researcher. Currently he is leading the information security services practice at OTE, the largest telco in Greece. In the past he has provided information security services to large organizations in Greece, Cyprus, Balkans and the Middle East. He has been involved with OWASP for several years now, leading the OWASP Greek Chapter and lately the Hackademic Challenges Project. He also organized the OWASP AppSec Research 2012 conference. Konstantinos hold a BSc and PhD from the University of Athens and an MSc in Information Security from Royal Holloway, University of London.

Jack Mannino

Mannino j.jpeg
Jack Mannino is a Partner at nVisium, a DC area firm specializing in application security. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful security initiatives. He is an active Android security researcher/tinkerer, and has a keen interest in identifying security issues and trends on a large scale. Jack is a leader and founder of the OWASP Mobile Security Project. He is the lead developer for the OWASP GoatDroid project, and is the chairman of the OWASP Northern Virginia chapter.

Jason Haddix

Haddix j.jpg
I currently facilitate information security consulting at HP which includes developing test plans for Fortune 100 companies and competing in "bake-offs" against other top tier consulting vendors. My strengths are web, network, and mobile assessments. I write for my own infosec website (www.securityaegis.com) that reviews industry training, interviews security professionals, and provides anecdotal/practical advice related to offensive security. I also write articles for security publications and speak at security conferences whenever possible. I am a semi-regular player on the capture the flag team Shellphish, an academic hacking group based out of the University of California, Santa Barbara.

Martin Knobloch

Martin-knobloch 6.png
Martin is an independent security consultant and owner of PervaSec (http://www.pervasec.nl). His main working area is (software) security in general, from awareness to implementation. In his daily work, he is responsible for education in application security matters, advise and implementation of application security measures. Martin got involved in OWASP in 2006. He became a member of the OWASP Netherland Chapter board in 2007. He has contributed to several OWASP projects and is co-organizer of the OWASP BeNeLux-Day conference since 2008. Martin has been chair of the Global Education Committee from 2008 until the ending of the Global Committees.Martin is a frequent speaker at universities, hacker spaces and various conferences.

Simon Bennetts

SimonBennetts-OWASP.jpg
Simon Bennetts has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He is the OWASP Zed Attack Proxy Project Leader and works for Mozilla as part of the Security Team.


Key Summit Volunteers

Fabio Cerullo

Fabio-cerullo-small.jpg
Fabio has over 10 years of experience in the information security field gained across a diverse range of industries. As CEO & Founder of Cycubix, he helps customers around the globe by assessing the security of applications developed in-house or by third parties, defining policies and standards, implementing risk management initiatives, as well as providing training on the subject to developers, auditors, executives and security professionals. As a member of the OWASP Foundation, Fabio is part of the Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security, and has been appointed OWASP Ireland Chapter Leader since early 2010. He holds a Msc in Computer Engineering from UCA and has been granted the CISSP & CSSLP certificates by (ISC)2.

Larry Conklin

SnowFROC2013 Conklin.JPG
Larry is the co-project leader of the OWASP Code Review Guide. His current emphasis is in Microsoft .NET technologies including C#, VB.NET, and SQL Server. Recent project experiences include converting legacy VB software to .NET, creating and maintaining operational support web sites to help QuikTrip manage it’s 600+ stores. Larry is currently a Senior Software Developer for QuickTrip.

Andrew van der Stock

Van der stock.jpg
Andrew is a seasoned web application security specialist and enterprise security architect. He leads the Technical Security Service line at KPMG Australia, performing security architecture, security architecture reviews, coding guidelines, PCI DSS technical remediation, secure code reviews, penetration tests, and developer training. Andrew has worked in the IT industry for over 20 years. Andrew has researched and developed the web application security and architecture fields since 1998, based in Melbourne, Sydney, and the USA for Fortune 50

clients here in Australia, Asia-Pacific, Europe, and the USA. Andrew currently leads the OWASP Developer Guide 2013, the forthcoming OWASP Proactive Security Controls, and has contributed a significant revision of the Application Security Verification Standard 2.0. He has previously lead the OWASP Top 10 2007 and ESAPI for PHP projects.


Andrew Muller

Muller.jpg
I have a drive to improve the security and efficiency of business processes through innovative solutions to perennial problems. Currently I am developing security management through security automation and redefining the security testing process through work with Standards Australia and OWASP.

Matteo Meucci

Meucci.jpg
Matteo Meucci is the CEO and a cofounder of Minded Security, where he is responsible for strategic direction and business development for the Company. Prior to founding Minded Security, Matteo had several consulting experiences from BT Global Services, INS, Business-e and CryptoNet. Matteo has more than 13 years of specialized in information security and collaborates from several years at the OWASP Project: he founded the OWASP-Italy Chapter in 2005 and leads the OWASP Testing Guide from 2006. Matteo is invited as speaker at many events all around the world about Web Application Security. Matteo has undergraduate degrees in Computer Science Engineering from the University of Bologna.

Bev Corwin

Corwin,b.jpg
Bev was one of our room proctors at the 2013 Summit at AppSec USA. She helped manage the room on several days,making sure all of the leaders had everything they needed during their working sessions. Bev is a consultant and the Member Representative for the IDESG Identity Ecosystem for the OWASP Foundation.

Robert Shullich

Shullich.jpg
Robert is a Senior IT Specialist in Administration and Information Security of computer systems. He works in areas of IT Security Governance, Security Review, Security Audit, and Incident Response. Specializing in GRC and ITRM. Robert was another one of our room proctors. He made sure all of our leaders had everything they needed during their working sessions.

OWASP MEDIA PROJECT REPORT AFTER APPSEC USA 2013

AT last AppSec USA, OWASP Media Project has put 43 videos online for 32 hours for the talks, and also 6 videos from the Project Summit for 2.5 hours of content. All of that was online live for the summit and less than 24 hours after for the first talks, then the rest was published in one week just after the conference.


Media playlist project summit.jpg


Media playlist project summit 2.jpg


Page views.jpg


We are at 11,289 views and 79,874 of estimated watched minutes.

Let me remind you that before that, we were at 245 views for 1,312 minutes, mainly from the OWASP Global Meetup live hangouts. As for the subscribers, we are at 438 and we gained 442 of them with AppSec USA efforts. We lost 4 hence the numbers.

The average view duration is 7:04 minutes, so 16% of the total time of videos. Since we have mostly one hour long videos, this is normal and in fact is probably a great number for YouTube.

Notable popular videos are:

Popular videos.jpg


Finally, the countries with the top viewership:

  • United States - 37%
  • Canada - 12%
  • India - 4.5%
  • United Kingdom - 4.0%

I must point out that we were watched in 114 counties in total. That's amazing and shows the power of OWASP worldwide.

With that big first step done, we will continue with our Roadmap and the next thing on the table is to present a Webinar on how to use Google Hangout with live YouTube streaming. We will also shake things with the Chapters by inciting them to use Google Hangout and YouTube in order to get more info into the Global Chapter Meetings Project. This has great potential but is not really used now for helping similar chapters to get contents.

And last, but not least, we are officially on the OWASP home page and we can control what is shown without having to edit the Wiki.

One thing that is sure, is that we need more people in OWASP Media Project. The good new is, unlike most other OWASP projects, you don't need to be an application security specialist to be really useful, you just need to be motivated to share knowledge with the worl. If you want to join us, contact Jonathan Marcil the project leader.

Thanks to all who contributed and helped with OWASP Media Project.

PROJECT REVIEWS: USABILITY ASSESSMENT

http://sl.owasp.org/assessment_project_usability

Usability assessment.png
Project assessment 2.png
Project assessment 3.png
Project assessment 4.png

OWASP PROJECT HEALTH ASSESSMENT

http://sl.owasp.org/assessment_project_health

Project health 1.png
Project health 2.png
Project health 3.png
Project health 4.png
Project health 5.png

PROJECT QUALITY ASSESSMENT: DOCUMENTATION PROJECTS

http://sl.owasp.org/assessment_project_quality_documentation

Project quality 1.png
Project quality 2.png
Project quality 3.png

PROJECT QUALITY ASSESSMENT: CODE AND TOOL PROJECTS

http://sl.owasp.org/assessment_project_quality_tool_code

Quality assessment 1.png
Quality assessment 2.png
Quality assessment 3.png
Quality assessment 4.png

CONTACT INFORMATION

If you would like more information regarding anything in this report, please contact the OWASP Projects Manager, Samantha Groves via e-mail at ([email protected]).