Summit 2011 Outcomes

If you have any comments, corrections, or questions about the information contained in this page or related links, please contact Sarah Baso

Final Report

View OWASP Summit 2011: Post-Summit Report and Working Sessions Outcomes

• Purchase black & white copy of report on Lulu.com or free PDF download
• Purchase full color copy of report on Lulu.com or free PDF download

Press Release & Media Mentions

• Global Summit 2011 Press Release & Results Summary (View PDF Format)(View Word Format)

• Summit Outcomes ppt
  

• Interview with Jeff Williams - http://www.vimeo.com/25335824
  
• Interview with Tom Brennan - http://www.vimeo.com/23889097

Summit Background

(included in final report)

2011 Summit Finances & Budget

• Summit 2011 Financials: Summary of Expenses and Income and Summit Travel and Accommodations Costs

• Comparison to 2008 Summit Budget
• Projection of costs needed for future Summit

2011 Summit Lessons Learned

(included in final report)

Appendix: Working Session Details and Documentation

Browser Security

Browser Security Report

Notes from the 5 Browser Security Sessions

DOM Sandboxing notes (pdf)

HTML5 Security notes (pdf)

EcmaScript 5 Security notes (pdf)

Enduser Warnings notes (pdf)

Site Security Policy notes (pdf)

XSS Eradication

DOM based XSS Prevention Cheat Sheet (Jim Manico & Abraham Kang)

XSS and the Frameworks: XSS - Awareness, Resources, and Partnerships (Justin Clarke) - Working Session Notes

WAF Mitigation for XSS: Virtual Patching Best Practices (Ryan Barnett) - Working Session Notes

Metrics

Counting and Scoring Application Security Defects (Chris Eng & Chris Wysopal) - Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey

Risk Metrics: Metrics and Labeling (Chris Eng & Chris Wysopal) - Working Session Transcripts

Individual OWASP Projects

Application Security Verification Standard (ASVS) Project (Dave Wichers)

Development Guide (Vishal Garg)

OpenSAMM (Pravir Chandra) - BSIMM activities mapped to SAMM

OWASP Common Structure and Numbering for All Guides (Keith Turpin/Matteo Meucci/Vishal Garg)

OWASP Common Vulnerability List (Meucci/Keary/Agarwal) - CVL ppt presentation created by Matteo Meucci

OWASP Java Project (Lucas Ferreira) - Action Plan for the Java Project, New Project Leader

OWASP Mobile Security Project (Mike Zusman) - Working Session Notes

OWASP O2 Platform (Dinis Cruz)

OWASP Portuguese Language Project (Lucas Ferreira) - Working Session Outcomes

OWASP Project Disclosure Policies (Chris Schmidt) - OWASP Project Disclosure Policy, OWASP Security Bulletin Template

OWASP Secure Coding Practices - Quick Reference Guide (Keith Turpin) - Working Session Notes

OWASP Testing Guide (Matteo Meucci) - Working Session Notes, Planning the OWASP Testing Guide 4.0 ppt presentation

Threat Modeling (Anurag Agarwal) - Working Session discussion points and notes

Secure Coding Workshop

General Information on the OWASP Secure Coding Track - Code Repository (Google)

Applying ESAPI Input Validation (Chris Schmidt)

Contextual Output Encoding: ESAPI-CORE (Chris Schmidt & Jim Manico)

Defining AppSensor Detection Points (Michael Coates) - Working Session Notes, Updated AppSensor-Tutorial code with new lessons and lesson structure enhancements, AppSensor Updated Getting Started Guide for new adopters and developers leveraging feedback from session

Protecting Information Stored Client-Side (John Steven)

Providing Access to Persisted Data (Dan Cornell) - Working Session Notes

University, Education, and Training

OWASP Education Project (Martin Knobloch)

OWASP Certification (Jason Taylor & Jason Li) - Certification Code of Conduct Draft

OWASP Exams Project (Jason Taylor)

OWASP Hackademic Challenges Project (Kostas Papapanagiotou & Vasileros Vlachos)

OWASP Top 10 Training in Hacking-Lab (Ivan Buetler) - Hacking Lab Website

OWASP Training (Sandra Paiva) - Working Session Notes

University Outreach - OWASP Academies (Sandra Paiva) - Working Session Notes, OWASP Academy Portal Project

University Outreach - OWASP College Chapter Program (Martin Knobloch) (renamed "OWASP Student Chapters Program")

OWASP Internal Governance and Global Committees

Global Chapters Committee (Seba Deleersnyder) - Working Session Meeting Minutes

Global Conferences Committee (Mark Bristow) - Working Session/Monthly Committee Meeting Minutes

Global Education Committee (Martin Knobloch)

Global Industry Committee (Eoin Keary & Colin Watson) - Working Session Notes, 2011 Industry Outreach Survey

Global Membership Committee (Dan Cornell) - Working Session Notes, Membership page with changes subsequent to 2011 Summit

Global Projects Committee (Jason Li & Brad Causey) - Summary of Outcomes and Post-Summit Progress, February GPC Meeting Minutes

OWASP Board & Global Committee Governance (Mark Bristow) - Working Session Rationale, 2011 Board of Directors Election Information, New Bylaws

OWASP Chapters:Asia/Pacific Working Group (Helen Gao) - Working Group Outcomes

OWASP Chapters: Building the OWASP Brazilian Leaders Group (Lucas Ferreira) - Objectives and action plan to improve OWASP presence in Brazil

OWASP Funding and CEO Discussion (Keith Turpin) - Working Session Notes, List of suggestions from Funding and CEO discussion, Arguments for hiring an OWASP CEO

OWASP Licensing (Abraham Kang) - Working Session Notes, OWASP Licensing PowerPoint, Licensing - Questions for follow up

Overhauling the OWASP Website (Jason Li) - Summary of Outcomes

OWASP Points - Tracking OWASP Participation (Mark Bristow)

Other OWASP Initiatives

Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies (Dinis Cruz & Jeff Williams) - Draft OWASP Codes of Conduct Document

Enterprise Web Defense Roundtable (Michael Coates & Chris Lyon) - Etherpad Notes Page with Agenda, Slides & Background Reading

Government Outreach (Doug Wilson) - Working Session Outcome

Healthcare Industry Outreach & Banking/Finance Industry Outreach ( Lorna Alamri) - Vertical Outreach Notes, Industry Outreach Mapping

How can OWASP reach/talk/engage with auditors? (Matthew Chalmers) - Working Session Notes

Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson) - Working Session Notes

Should OWASP work directly with PCI-DSS? (Matthew Chalmers) - Working Session Notes

Summit Team & Attendee Bios

• Summit Attendees and Staff Bios

Summit-Related Blog Posts

Colin Watson - 3 part Recap/Reflections on OWASP Summit 2011, 8-Feb-2011

Carlos Serrão - OWASP Summit 2011, 9-Feb-2011

Ben Tomhave - Evolving OWASP: Reflections on the 2011 Summit, 11-Feb-2011

John Wilander - Fears & Hopes for OWASP, 13-Febr-2011

Dinis Cruz - OWASP Summit 2011 Results, 15-Feb-2011

Chris Schmidt - Dear OWASP Summit, Obrigado, 16-Feb-2011

Supply Chain Technology - Notes from the OWASP 2011 Summit Published, 17-Feb-2011

Mark Curphey - OWASP - Has it reached a tipping point?, 19-Feb-2011

Michael Coates - A Vision for OWASP, 21-Feb-2011

Pravir Chandra - BSIMM activities mapped to SAMM, 3-Mar-2011

Video & Pictures of Summit

Video clips of the Summit recorded by Zaki Akhmad, a Summit Attendee & OWASP Chapter Leader from Indonesia. Full video of the Summit Working Sessions is forthcoming.

• Summit 2011 - Governance Session, part 1
• Summit 2011 - Governance Session, part 2
• Summit 2011 - Wrap Up Session #1
• Summit 2011 - Browser Security Wrap Up
• Summit 2011 - ESAPI Working Session
• Summit 2011 - Chapter Leader Working Session

Pictures of the Summit:

• Pictures taken by Ofer Maor, a Summit Attendee & OWASP Chapter Leader from Israel
• Pictures taken by Vlatko Kosturjak, a Summit Attendee & OWASP Chapter Leader from Croatia
• Pictures taken by Carlos Serrão, a Summit Attendee & OWASP Chapter Leader from Portugal