This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Projects Summit 2013/Test

Jump to: navigation, search



2013 OWASP Project Summit Report

The OWASP Project Summit is a smaller version of the much larger OWASP Summits. This event activity gives our project leaders the opportunity to showcase their project progress, and have attendees sit down and work on project tasks before, during and after the annual fundraiser (AppSec) regional event. It is an excellent opportunity to engage the event attendees, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.


Call to Action by Samantha Groves/OWASP Projects Manager

Hello OWASP Leaders,

The 2013 OWASP Summit is happening! We had to overcome a few obstacles to get to where we are now, but we have had incredible support from the community after our intentions where made public. It's now time to start working on OWASP 5.0 at this year's AppSec USA in New York. I do realize that we still have a massive workload to complete before the event, but I am confident that we can make this Summit a great success for our community and beyond. We need to ensure that the culture of our OWASP Summits continues, and I am dedicated to making this a great success for our community so we may continue our efforts for years to come.

Help design the 2013 OWASP Summit in New York!

As OWASP Leaders, I would like you to take some time to help us design this year's Summit. We currently have a handful of tracks and session ideas, but I would love to have your input on what you think we should focus on. Please have a think about the projects, topics, working sessions, and tracks you would like to see or participate in at this year's summit. The Summit team will take these ideas, and create a cohesive and comprehensive schedule of sessions based on your input so I encourage you to summit your ideas straight away. I encourage you to have a look at the current track and session ideas.

We need your ideas, energy, and input NOW! Please add your name to the attendee list if you are joining us or would like to attend!

We will see you at AppSec USA in New York City!

Samantha Groves

OWASP Projects Manager

IMG 5439.JPG

Summit group.jpg

Summit Organisation Pages

These are pages with organization details about this event



Marriott Marquis: New York City, USA


Space allocated

  • Sky Lounge: Monday, Tuesday, Wednesday, Thursday: 9AM - 5PM
  • Bag stuffers room (Monday: They will need part of the room.)
  • Additional Hotel Suite available as well.


Below is the Sky Lounge floor plan. this is the room we will be working with for all of the summit sessions. We have an additional suite that we can use if we find that we will need to divide up the session during the on site logistics planning. If room changes are made, attendees will be notified during registration.


Project Summit 2013

Back to the Projects_Summit_2013 page.

Tracks and Sessions

Click on the working session name to see the home page for that particular session. During the Summit those working session home pages will be used to document discussions and outcomes.

If you're interested in adding a Working Session for the 2013 Summit, there still is time to start a session! Please review the Working Session methodology for Working Session rules.

NOTE: The current session below are tentative. Track topics are subject to change.

Current Daily Schedule

Monday: Nov 18th

  1. OWASP Projects Review Session
  2. OWASP Media Project Session
  3. OWASP PHP Security and RBAC Projects: An Introduction
  4. OWASP AppSensor 2.0 Hackathon
  5. ESAPI Hackathon Session
  6. Bug Bounty Hack Session

Tuesday: Nov. 19th

  1. OWASP Training Development Session
  2. OWASP Academies Development Session
  3. Mobile Security Session
  4. ESAPI Hackathon Session
  5. Bug Bounty Hack Session

Wednesday: Nov. 20th

  1. Writing and Documentation Review Session
  2. ESAPI Hackathon Session
  3. Bug Bounty Hack Session
  4. OWASP PCI Toolkit Session
  5. OWASP O2 Documentation Session

Thursday: Nov. 21st

  1. ZAP Hackathon Session
  2. Open SAMM Session
  3. ESAPI Hackathon Session
  4. Bug Bounty Hack Session

Suggested Tracks and Sessions

  • Product Development Session
  • Reference Implementation Session

Frequently Asked Questions

This page contains answers to frequently asked questions about the 2013 OWASP Summit.


What is the Global Summit? Is it like AppSec or other OWASP conferences?

The OWASP Global Summit is the place where application security experts meet to discuss plans, projects and solutions for the future of application security. The Summit is not a conference - there are no talks or training seminars - this is an opportunity to do actual work to further the field of application security. We are holding the summit as part of our AppSec USA 2013 conference, but it is a separate activity from the conference itself. Participants will stay in shared accommodations and collaborate to produce tangible progress towards influencing standards, establishing roadmaps, and setting the tone for OWASP and application security for the coming years. The Summit will consist of Summit Working Sessions with a variety of topics set by our community. Participants are free to attend any working session, but we encourage everyone to select working sessions for topics where they have the most to contribute.

Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, see the contact either Samantha Groves or Kait Disney Leugers.

When is the Summit?

The Summit will be held November 18th-21st (Monday-Thursday), 2013.

Where is the Summit being held?

The summit will be held in the Sky Lounge of the New York Marriott Marquis Hotel in New York City.

New York Marriott Marquis

1535 Broadway

New York, New York 10036 USA

Who do I contact for help?

For general assistance in all matters related to the Summit, contact Samantha Groves, or Kait Disney Leugers.

For help with travel and accommodations, contact Samantha Groves.

Where do I stay?

There are a few hotels you can use for your accomodation needs; however, all of the staff and the majority of leaders will be staying at the New York Marriott Marquis.

Who is going to the Summit?

Please visit the the expected attendee page to see the most up to date list on who is attending the Summit.

OWASP Summit Sponsorship

I'm an OWASP leader - why isn't this free for me?

During the previous Summit, OWASP was fortunate enough to be able to fund all OWASP leaders to attend the Summit. Unfortunately, the budget for the 2013 Summit is not as large as our previous budgets. Moreover, due to the success of OWASP, the organization has grown on a world-wide level resulting in even more OWASP leaders that want to attend the summit (and who need funding). As a result, we are making the following compromise with our attendees: OWASP will provide the venue meeting rooms, the A/V equipment, and the venue supporting staff in order to enable attendees to work effectively; attendees just have to pay for travel and accommodations for themselves.

So who is being funded?

The first round of sponsored attendees was selected based on their contribution to AppSec USA. These sponsored leaders are our Project Talk Speakers and Summit Session Leaders. Leaders with funding in their projects have also decided to use those project funds to assist with the summit, and give project talks at AppSec USA since our funds are very limited this year. Key summit assistants were also funded as they will be key to the successful running of a 4 day summit.

What does it mean to be a "sponsored" Summit attendee?

A sponsored summit leader must prepare and chair their scheduled summit session, and a sponsored summit assistant must be available to help with on-site logistics throughout the entirety of the summit.

Why do they get funded and not me?

Please understand that we have very limited funds available. If you were not chosen to be funded, please do not take it personally. We simply do not have enough funds to sponsor all the great members of OWASP to attend.

Someone from OWASP said that I would be sponsored. What gives?

Unfortunately there has been a great deal of inconsistent information spread around about the Summit, even from people highest levels of OWASP leadership. The reality is that the budget for the Summit is not nearly as large as it needs to be to sponsor all deserving attendees. If you were told by someone in OWASP that you would be sponsored, we apologize for the confusion.

Employer Funding/Sponsorship

My employer needs an invitation letter/documentation to sponsor me to go? Where do I get this?

Please contact Samantha Groves with your request, and she will work with you on creating some personalized material for your employer/sponsor.

Can my company have a logo on the wiki page if they fund me?

Yes. Please visit the expected attendee page to see where your company's logo will appear if they fund your trip.

I need help convincing my employer to fund my Summit attendance - what should I tell them?

You can use the following points in your discussion:
This year's Summit will be a gathering of OWASP leaders and key industry players to focus on a variety of important application security topics including browser security and cross-site scripting eradication. Attending the Summit will provide <EMPLOYEE NAME> with opportunities to:

  • Participate in the latest developments in application security and influence its trajectory
  • Gain new skills and technical knowledge for current application security projects
  • Find out where other companies are focusing their energy and resource
  • Increase visibility for <COMPANY’S NAME>

We believe that <EMPLOYEE’S NAME>’s attendance at the Global Summit is an worthwhile investment for both <COMPANY NAME> and <EMPLOYEE NAME>. Therefore, we are asking you to consider supporting <EMPLOYEE’S NAME> participation at this important event by donating <HIS/HER> time to attend the Summit.

Working Sessions

I want to plan/run a Working Session. What do I need to do?

  1. If you haven't done so already, please add your name to the Summit Attendee page.
  2. After we know you plan to attend the Summit, visit the Summit working sessions page and determine if there is a working session already listed that you are interested in running/planning/leading, or if you have a new idea.
  3. If there is a session already listed without a leader, feel free to add your name as the leader and send Samantha Groves an email letting her know your intent. She can set you up with a working session page and let you know about any next steps. If a leader already is listed for the session you are interested in, add you your name as session member/attendee and email the leader to see what you can do to help.
  4. If you have a new idea, add your information to one of the blank rows under the appropriate track name, or under Track: OWASP if you don't see a good fit. Send Samantha Groves an email letting her know your intent. She can set you up with a working session page and let you know about any next steps.

I want to participate in a working session. Where do I sign up?

Visit the Summit working sessions page and click on "edit" in the left hand column next to the session(s) you want to participate in. When you get to the edit screen, scroll down to where you see:

| summit_session_attendee_name1 =
| summit_session_attendee_email1 =
| summit_session_attendee_wiki_username1 =

At a minimum, please enter your name and email address so the person leading the group can contact you to follow up.
If you don't see a session you are interested in and want to create one, or want to lead a session, see the answer under the previous question (above).

Corporate Sponsorship

My company wants to sponsor the Summit. What do I do?

Please send an e-mail to Samantha Groves to discuss current opportunities.

Back to the Projects_Summit_2013 page

Project Summit 2013 FAQ


Below, you will find an up-to-date list of our 2013 Project Budget and spending.

Leader Name Hotel Covered by Projects Flights Covered by Projects Hotel Covered by Track Flights Covered by Track Nights Room Rate Total Room Costs Track Fund Additional Budget Budget Total
Andrew van der Stock $1,545.00 $1,520.60 5 $309.00 $1,545 $3,065.60
Kevin Wall $610.60 $610.60
Samantha Groves $1,081.50 $ 7 $309.00 $2,163 $3,244.50
Dennis Groves $375.70 $375.70
Martin Knobloch $4,123.00 $730.30 7 $309.00 $4,123.00 $4,853.30
Steven van der Baan
Dinis Cruz $2,163.00 $699.00 $2,862
Jonathan Marcil
Andrew Muller and Wife $722.50 $1,586.78 5 $309.00 $1,545.00 $2,309.28
Fabio and Wife $618.00 $520.50 4 $309.00 $1,236.00 $1,138.50
Kostas and Wife $700.00 $520.50 7 $309.00 $2,163.00
Larry $507.56 5 $309.00 $1,545.00
Chris Schmidt $1,545.00 $287.80 5 $309.00 $1,545.00
Kait Disney-Leugers and Husband $463.50 3 $309.00 $927.00
Michael Hidalgo and Wife $463.50 $554.06 3 $309.00 $927.00
Abbas Naderi and Wife $618.00 4 $309.00 $1,234.00
Total $3,862.50 $4,513.34 $10,230.50 $2,997.10 $21,118.00 $8,205.26 $5,000.00 $13,205.26

Monday, November 18th Tuesday, November 19th Wednesday, November 20th Thursday, November 21st Total
Pizza $16.25-$22.00 $16.25-$22.00 $16.25-$22.00 $16.25-$22.00 $16.25-$22.00 per pizza
Tea and Coffee $1,800 $1,800 $1,800 $1,800 $1,800.00
Water Bottles $11.98 $11.98 $11.98 $11.98 $11.98 24pk
Fruit $14.00 assorted $14.00 assorted $14.00 assorted $14.00 assorted $56.00
Keg $90-$250 $90-$250.00
Office Materials
Markers $3.90 $3.90 $3.90 $3.90 $3.90 4pk
Paper Tablets $16.79 $16.79 $16.79 $16.79 $16.79 12pk
Staples $3.29 $3.29 $3.29 $3.29 $3.29 each
Staplers $8.99
Pens $6.99 $6.99 $6.99 $6.99 $6.99 60pk
Pencils $1.69 $1.69 $1.69 $1.69 $1.69 12pk
Notebooks $1.29 each $1.29 each $1.29 each $1.29 each $1.29 each
Black and White $0.03-$0.32 $0.03-$0.32 per page
Full Color $0.15- $2.00 $0.15 - $2.00 per page
Shuttle ride from Airport $35.00 LGA, $50.00 JFK $35.00 LGA, $50.00 JFK $35.00 LGA, $50.00 JFK $35.00 LGA, $50.00 JFK $70.00 LGA, $100.00 JFK
Dinner for Leaders $200 $200 $200 $200 $800.00
Average fare for cab ride $2.50 base $2.50 base $2.50 base $2.50 base $2.50 base
Additional Travel
Eclipse Member $2,000 $2,000.00
Apache Member $2,000 $2,000.00

  • Patzerias Perfect Pizza Inc.: 231 West 46th Street (Broadway and 8th Ave) 212) 575-7646
  • Famous Original Ray's Pizza: 736 7th Avenue (212) 956-7297
  • John's Pizzeria: 260 W. 44th Street (212) 391-7560
  • Staples: 776 8th Ave (212) 265-4550
  • Walgreens: 1471 Broadway (212) 302-0552
  • Tower Copy East: 115 West 45th Street, Suite 502 (212) 679-3509
  • priced per pack or size

Back to the Projects_Summit_2013 page


Back to main Summit 2013 page

Click here for Summit attendee bios

Confirmed Summit Attendees: with Funding

2013 OWASP Projects Summit Attendees
Name Company Reason for Summit Participation
Working Group Interest
Summit Time Paid By Summit Expenses Paid By Reason for Sponsorship
view edit Dennis Groves @ OWASP
Circle owasp logo nowhitebackground.png
view edit Dinis Cruz @ Security Innovations
  • Bug Bounty Hack Summit Session Leader

Circle owasp logo nowhitebackground.png
view edit Simon Bennetts @ Mozilla Mozilla-logo-wordmark.png
view edit Martin Knobloch PervaSec
  • University Outreach, Education, and Training Summit Session Leader
Circle owasp logo nowhitebackground.png
view edit Konstantinos Papapanagiotou [email protected]
  • University Outreach, Education, and Training Summit Session Leader

Circle owasp logo nowhitebackground.png
view edit Chris Schmidt Aspect Security Aspect logo owasp.jpg
Circle owasp logo nowhitebackground.png
view edit Sam Groves @ OWASP
  • Lead Summit Organizer
Circle owasp logo nowhitebackground.png
Circle owasp logo nowhitebackground.png
view edit Michael Hidalgo Security Innovation
  • Writing Sessions!
Circle owasp logo nowhitebackground.png
view edit Kevin Wall
Circle owasp logo nowhitebackground.png
view edit Sebastien Deleersnyder BNP Paribas Fortis
  • Open SAMM
Circle owasp logo nowhitebackground.png
view edit Johanna Curiel @
  • Projects Review

view edit Jason Haddix Hewlett-Packard
  • Mobile Security Session!
view edit Abbas Naderi @
Circle owasp logo nowhitebackground.png
view edit Jonathan Marcil @ OWASP
  • Session Leader

view edit Jack Mannino
  • Mobile Security Session

view edit Jason Haddix
  • Mobile Security Session

view edit Jonathan Marcil @ Phéromone
Circle owasp logo nowhitebackground.png
view edit James Robertson University of Maryland University College Maryland
Circle owasp logo nowhitebackground.png
view edit Riotaro Okada AsteriskResearch, Inc.
Circle owasp logo nowhitebackground.png
view edit Beth Ritter-Guth Union County College
Circle owasp logo nowhitebackground.png
view edit Suchit Mishra Salesforce
Circle owasp logo nowhitebackground.png
view edit Serg Belokamen Bugcrowd
Circle owasp logo nowhitebackground.png
view edit Casey Ellis Bugcrowd
Circle owasp logo nowhitebackground.png
view edit Simon Roses Femerling Vulnex
Circle owasp logo nowhitebackground.png
view edit Bev Corwin OWASP
Circle owasp logo nowhitebackground.png
view edit Jeff Williams @ Aspect Security
Circle owasp logo nowhitebackground.png
view edit Sasikumar Srinivasan ZohoCorp
Circle owasp logo nowhitebackground.png
view edit Carlos Hoyos IBM
Circle owasp logo nowhitebackground.png
view edit Chuck Cooper Paylocity
Circle owasp logo nowhitebackground.png
view edit Tobias Gondrom Thames Stanley
Circle owasp logo nowhitebackground.png
view edit Sean Bates Farm Credit Canada
Circle owasp logo nowhitebackground.png
view edit Tony DeLaGrange Fidelity National Information Services
Circle owasp logo nowhitebackground.png
view edit Jaydeep Dave Trend Micro
Circle owasp logo nowhitebackground.png
view edit Guillermo Skrilec GeneXus Consulting
Circle owasp logo nowhitebackground.png
view edit James Hurley Texas Conference of Urban Counties
Circle owasp logo nowhitebackground.png

Confirmed Summit Attendees: Seeking Funds/Sponsorship

2013 OWASP Projects Summit Attendees
Name Company Reason for Summit Participation
Working Group Interest
Summit Time Paid By Summit Expenses Paid By Reason for SponsorshipSummit 2013 Attendee/Attendee018

Unconfirmed Summit Attendees

2013 OWASP Projects Summit Attendees
Name Company Reason for Summit Participation
Working Group Interest
Summit Time Paid By Summit Expenses Paid By Reason for Sponsorship

Projects Participating

OWASP AppSensor

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities.

OWASP Code Review Guide

The Code Review Guide focuses on secure code reviews and tools that aim to support the developer community. Such an activity is very powerful as it gives the developer community a place to start regarding secure application development.

OWASP Development Guide

The Development Guide is aimed at architects, developers, consultants, and auditors. It is a comprehensive manual for designing, developing, and deploying secure Web Applications and Web Services. The OWASP Developer Guide 2013 aims to focus the content from countermeasures and weaknesses to secure software engineering.

The OWASP Education Projects

The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project will not deliver education material as such, but define standards and guidelines on education material. Furthermore, this project aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses, and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously.

OWASP Training

  • OWASP Boot Camp
  • OWASP Training Events

OWASP Academies

  • OWASP Academy Portal
  • OWASP University Outreach
  • OWASP Student Chapter

OWASP Enterprise Security API

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications.


The Software Assurance Maturity Model (SAMM) is an open framework that aims to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development.

OWASP Testing Guide

This Testing Guide Project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations. Contributors of this project are currently writing Version 4 of the guide, and are actively seeking authors.

OWASP Zed Attack Proxy (ZAP)

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience, and as such, is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

OWASP Mobile Security Project

The primary focus is at the application layer. While we take into consideration the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas that the average developer can make a difference. Additionally, we focus not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features.

Contact Us

If you need help with anything summit related, or if you simply need some more information, please do not hesitate to contact either Samantha Groves or Kait Disney-Leugers.