This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Outcomes"
Sarah Baso (talk | contribs) m |
Sarah Baso (talk | contribs) |
||
| Line 42: | Line 42: | ||
| − | ===XSS Eradication | + | ===XSS Eradication=== |
| − | [[Summit_2011_Working_Sessions/Session009|XSS and the Frameworks | + | [[Summit_2011_Working_Sessions/Session009|XSS and the Frameworks: XSS - Awareness, Resources, and Partnerships]] (Justin Clarke) - [https://docs.google.com/document/d/1Qxj9_mV3Ocl1klTH0PQivi9SQS0C9Mc6AYkxsAEidgM/edit?hl=en_US&authkey=CMPpvKkO Working Session Notes]<br> |
| + | |||
| + | [[Summit_2011_Working_Sessions/Session043|WAF Mitigation for XSS: Virtual Patching Best Practices]] (Ryan Barnett)- [https://docs.google.com/document/d/1gx5LAFfU07IOR5BtgDRUBF3CetsABXsuCECoGGa4Xqo/edit?hl=en_US&authkey=CLvq7M0H Working Session Notes]<br> | ||
[https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet DOM based XSS Prevention Cheat Sheet] (Jim Manico & Abraham Kang)<br> | [https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet DOM based XSS Prevention Cheat Sheet] (Jim Manico & Abraham Kang)<br> | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
===Metrics=== | ===Metrics=== | ||
| − | [[Summit_2011_Working_Sessions/Session055|Risk Metrics]] (Chris Wysopal | + | [[Summit_2011_Working_Sessions/Session055|Risk Metrics: Metrics and Labeling]] (Chris Wysopal & Chris Eng) - [https://docs.google.com/document/d/1OWKzMuqjabrXYaVhdMvcLbLbBtLjPRuq2iXxNZBqBHM/edit?hl=en_US&authkey=CNin8vsH Working Session Transcripts]<br> |
[[Summit_2011_Working_Sessions/Session058|Counting and Scoring Application Security Defects]] (Chris Eng & Chris Wysopal) - [https://docs.google.com/leaf?id=0B5Z9zE0hx0LNMzNmMTViZjgtZTZhNy00ZjQ3LTgxNzQtMDQ4YWM3Njc4NzFi&hl=en_US&authkey=CM_-3OQB Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey]<br> | [[Summit_2011_Working_Sessions/Session058|Counting and Scoring Application Security Defects]] (Chris Eng & Chris Wysopal) - [https://docs.google.com/leaf?id=0B5Z9zE0hx0LNMzNmMTViZjgtZTZhNy00ZjQ3LTgxNzQtMDQ4YWM3Njc4NzFi&hl=en_US&authkey=CM_-3OQB Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey]<br> | ||
| Line 74: | Line 71: | ||
[[OWASP_Working_Session_-_OWASP_Certification|OWASP Certification]] (Jason Taylor & Jason Li) - [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNMTlkMDUxNGEtZmM1MS00ODI2LWEwMDYtMjU1Nzc4ZWEwYmJk&hl=en_US&authkey=CNbHmJkP Certification Code of Conduct Draft]<br> | [[OWASP_Working_Session_-_OWASP_Certification|OWASP Certification]] (Jason Taylor & Jason Li) - [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNMTlkMDUxNGEtZmM1MS00ODI2LWEwMDYtMjU1Nzc4ZWEwYmJk&hl=en_US&authkey=CNbHmJkP Certification Code of Conduct Draft]<br> | ||
| + | [[Summit_2011_Working_Sessions/Session069|OWASP Top 10 Training in Hacking-Lab]] (Ivan Buetler) - [https://www.hacking-lab.com/ Hacking Lab Website]<br> | ||
| Line 83: | Line 81: | ||
[[Summit_2011_Working_Sessions/Session030|Providing Access to Persisted Data]] (Dan Cornell) - [https://docs.google.com/document/d/1bdmsNimmANJnRaVOpxYL1jVGutEMF84cK_iSjhSo40o/edit?hl=en_US&authkey=CIfD594I Working Session Notes]<br> | [[Summit_2011_Working_Sessions/Session030|Providing Access to Persisted Data]] (Dan Cornell) - [https://docs.google.com/document/d/1bdmsNimmANJnRaVOpxYL1jVGutEMF84cK_iSjhSo40o/edit?hl=en_US&authkey=CIfD594I Working Session Notes]<br> | ||
| − | [[Summit_2011_Working_Sessions/ | + | [[Summit_2011_Working_Sessions/Session034|Contextual Output Encoding: ESAPI-CORE]] (Chris Schmidt & Jim Manico)<br> |
| − | |||
| − | |||
[[Summit_2011_Working_Sessions/Applying_ESAPI_Input_Validation|Applying ESAPI Input Validation]] (Chris Schmidt)<br> | [[Summit_2011_Working_Sessions/Applying_ESAPI_Input_Validation|Applying ESAPI Input Validation]] (Chris Schmidt)<br> | ||
| Line 181: | Line 177: | ||
==Summit-Related Blog Posts== | ==Summit-Related Blog Posts== | ||
| − | [http://www.clerkendweller.com/2011/2/8/OWASP-Summit-2011-Part-1 Colin Watson - 3 part Recap/Reflections on OWASP Summit 2011, | + | [http://www.clerkendweller.com/2011/2/8/OWASP-Summit-2011-Part-1 Colin Watson - 3 part Recap/Reflections on OWASP Summit 2011, 8-Feb-2011]<br> |
| + | |||
| + | [http://www.carlosserrao.net/2011/02/owasp-summit-2011/ Carlos Serrão - OWASP Summit 2011, 9-Feb-2011]<br> | ||
| − | [http://www. | + | [http://www.secureconsulting.net/2011/02/evolving_owasp_reflections_on.html Ben Tomhave - Evolving OWASP: Reflections on the 2011 Summit, 11-Feb-2011]<br> |
| − | [http:// | + | [http://appsandsecurity.blogspot.com/2011/02/fears-hopes-for-owasp.html John Wilander - Fears & Hopes for OWASP, 13-Febr-2011]<br> |
| − | [http:// | + | [http://diniscruz.blogspot.com/2011/02/owasp-summit-2011-results.html Dinis Cruz - OWASP Summit 2011 Results, 15-Feb-2011]<br> |
| − | [http:// | + | [http://yet-another-dev.blogspot.com/search/label/owasp%20summit Chris Schmidt - Dear OWASP Summit, Obrigado, 16-Feb-2011]<br> |
| − | [http:// | + | [http://supplychaintechnology.wordpress.com/2011/02/17/notes-from-owasp-2011-summit-published/ Supply Chain Technology - Notes from the OWASP 2011 Summit Published, 17-Feb-2011 |
| − | [http://www.curphey.com/2011/02/owasp-has-it-reached-a-tipping-point/ Mark Curphey - OWASP - Has it reached a tipping point?, | + | [http://www.curphey.com/2011/02/owasp-has-it-reached-a-tipping-point/ Mark Curphey - OWASP - Has it reached a tipping point?, 19-Feb-2011]<br> |
| − | [http://michael-coates.blogspot.com/2011/02/vision-for-owasp.html Michael Coates - A Vision for OWASP, | + | [http://michael-coates.blogspot.com/2011/02/vision-for-owasp.html Michael Coates - A Vision for OWASP, 21-Feb-2011]<br> |
| − | [http://www.opensamm.org/2011/03/bsimm-activities-mapped-to-samm/ Pravir Chandra - BSIMM activities mapped to SAMM, | + | [http://www.opensamm.org/2011/03/bsimm-activities-mapped-to-samm/ Pravir Chandra - BSIMM activities mapped to SAMM, 3-Mar-2011]<br> |
Revision as of 14:21, 24 June 2011
Global Summit 2011 Outcomes - please note that this is a work in progress. If you have any comments, corrections, or questions please contact Sarah Baso
Acknowledgements
Press Release & Media Mentions
Interview with Jeff Williams - http://www.vimeo.com/25335824
Interview with Tom Brennan - http://www.vimeo.com/23889097
Summit Background
2011 Summit Finances & Budget
- Breakdown of 2011 Summit Budget, Operational and Travel
Summit 2011 Financials Summary of Expenses and Income and Summit Travel and Accommodations Costs
- Comparison to 2008 Summit Budget
- Projection of costs needed for future Summit
2011 Summit Lessons Learned
Appendix: Working Session Details and Documentation
Browser Security
Here are the notes from all the four browser security sessions. John Wilander is working on a Browser Security Report building on these sessions.
Site Security Policy notes (pdf)
EcmaScript 5 Security notes (pdf)
XSS Eradication
XSS and the Frameworks: XSS - Awareness, Resources, and Partnerships (Justin Clarke) - Working Session Notes
WAF Mitigation for XSS: Virtual Patching Best Practices (Ryan Barnett)- Working Session Notes
DOM based XSS Prevention Cheat Sheet (Jim Manico & Abraham Kang)
Metrics
Risk Metrics: Metrics and Labeling (Chris Wysopal & Chris Eng) - Working Session Transcripts
Counting and Scoring Application Security Defects (Chris Eng & Chris Wysopal) - Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey
University, Education, and Training
OWASP Education Project (Martin Knobloch)
OWASP Training (Sandra Paiva) - Working Session Notes
University Outreach - OWASP Academies (Sandra Paiva) - Working Session Notes, OWASP Academy Portal Project
OWASP Top 10 Online Training in Hacking-Lab (Ivan Buetler)
University Outreach - OWASP College Chapter Program (Martin Knobloch) (renamed "OWASP Student Chapters Program")
OWASP Exams Project (Jason Taylor)
OWASP Certification (Jason Taylor & Jason Li) - Certification Code of Conduct Draft
OWASP Top 10 Training in Hacking-Lab (Ivan Buetler) - Hacking Lab Website
Secure Coding Workshop
General Information on the OWASP Secure Coding Track - Code Repository (Google)
Protecting Information Stored Client-Side (John Steven)
Providing Access to Persisted Data (Dan Cornell) - Working Session Notes
Contextual Output Encoding: ESAPI-CORE (Chris Schmidt & Jim Manico)
Applying ESAPI Input Validation (Chris Schmidt)
Defining AppSensor Detection Points (Michael Coates)
Individual OWASP Projects
OWASP Secure Coding Practices (Keith Turpin) - Working Session Notes
Enterprise Web Defense Roundtable (Michael Coates & Chris Lyon) - Etherpad Notes Page with Agenda, Slides & Background Reading
Threat Modeling (Anurag Agarwal) - Working Session discussion points and notes
OWASP Common Vulnerability List (Meucci/Keary/Agarwal) - CVL ppt presentation created by Matteo Meucci
Common Structure and Numbering for All Guides (Keith Turpin/Matteo Meucci/Vishal Garg)
OWASP Testing Guide (Matteo Meucci) - Working Session Notes, Planning the OWASP Testing Guide 4.0 ppt presentation
OWASP Mobile Security Project (Mike Zusman) - Working Session Notes
Development Guide (Vishal Garg)
Application Security Verification Standard (ASVS) Project (Dave Wichers)
OWASP Portuguese Language Project (Lucas Ferriera) - Working Session Outcomes
OWASP Hackademic Challenges Project (Kostas & Vasileros Vlachos)
OWASP Java Project (Lucas Ferriera) - Action Plan for the Java Project, New Project Leader
OpenSAMM (Pravir Chandra) - BSIMM activities mapped to SAMM
The Future of OpenSAMM (Pravir Chandra)
OWASP Project Disclosure Policies (Chris Schmidt) - OWASP Project Disclosure Policy, OWASP Security Bulletin Template
OWASP O2 Platform (Dinis Cruz)
OWASP Governance and Committees
Global Education Committee (Martin Knobloch)
Global Industry Committee (Eoin Keary & Colin Watson) - Working Session Notes
Global Projects Committee (Jason Li & Brad Causey) - Summary of Outcomes and Post-Summit Progress, February GPC Meeting Minutes
Global Membership Committee (Dan Cornell) - Working Session Notes, Membership page with changes subsequent to 2011 Summit
Global Chapters Committee (Seba Deleersnyder) - Working Session Meeting Minutes
Global Conferences Committee (Mark Bristow) - Working Session/Monthly Committee Meeting Minutes
OWASP Board/Committee Governance (Mark Bristow) - Working Session Rationale, 2011 Board of Directors Election Information, New Bylaws
Government Outreach (Doug Wilson) - Working Session Outcome
OWASP Funding and CEO Discussion (Keith Turpin) - Working Session Notes, List of suggestions from Funding and CEO discussion, Arguments for & against hiring a CEO for OWASP
OWASP Points - Tracking OWASP Participation (Mark Bristow)
OWASP Licensing (Abraham Kang) - Working Session Notes, OWASP Licensing PowerPoint, Licensing - Questions for follow up
OWASP Codes of Conduct (Dinis Cruz & Jeff Williams) - Draft Document
Building the OWASP Brazilian Leaders Group (Lucas Ferriera) - Objectives and action plan to improve OWASP presence in Brazil
OWASP Asia/Pacific Working Group (Helen Gao) - Working Group Outcomes
Healthcare Industry Outreach & Banking/Finance Industry Outreach ( Lorna Alamri) - Vertical Outreach Notes, Industry Outreach Mapping
Miscellaneous
Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson) - Working Session Notes
Overhauling the OWASP Website (Jason Li) - Summary of Outcomes
Should OWASP work directly with PCI-DSS? (Matthew Chalmers) - Working Session Notes
How can OWASP reach/talk/engage with auditors? (Matthew Chalmers) - Working Session Notes
Developer Outreach (Mark Bristow & Jason Li)
Summit Team & Attendee Bios
Support Staff Bios
Attendee Bios
Summit-Related Blog Posts
Colin Watson - 3 part Recap/Reflections on OWASP Summit 2011, 8-Feb-2011
Carlos Serrão - OWASP Summit 2011, 9-Feb-2011
Ben Tomhave - Evolving OWASP: Reflections on the 2011 Summit, 11-Feb-2011
John Wilander - Fears & Hopes for OWASP, 13-Febr-2011
Dinis Cruz - OWASP Summit 2011 Results, 15-Feb-2011
Chris Schmidt - Dear OWASP Summit, Obrigado, 16-Feb-2011
[http://supplychaintechnology.wordpress.com/2011/02/17/notes-from-owasp-2011-summit-published/ Supply Chain Technology - Notes from the OWASP 2011 Summit Published, 17-Feb-2011
Mark Curphey - OWASP - Has it reached a tipping point?, 19-Feb-2011
Michael Coates - A Vision for OWASP, 21-Feb-2011
Pravir Chandra - BSIMM activities mapped to SAMM, 3-Mar-2011
