This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Projects Summit 2013/Working Sessions/0013"

From OWASP
Jump to: navigation, search
(Created page with "{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Projects Summit 2013 Working Sessions</noinclude> |- | summit_track_logo = Image:Working_Session.jpg | summit_ws_lo...")
 
Line 31: Line 31:
 
|-
 
|-
  
| summit_session_objective_name1= The primary focus is at the application layer.
+
| summit_session_objective_name1= Collaboration, Learning and Sharing Knowledge - By creating an environment where attendees can get together in an 'live hacking' event.
| summit_session_objective_name2 = Target the areas that the average developer can make a difference.
+
| summit_session_objective_name2 = In order to keep things legal and focused, the 'targets' are going to be companies that have public "Bug Bounties' programs. These will be companies that accept adn want to be targets for such ethical hacking activities.
  
| summit_session_objective_name3 = Focus on the mobile applications deployed to end user devices.  
+
| summit_session_objective_name3 = Each participant will be asked to have 'common sense' and to respect a couple 'soft' rules of engagement.  
| summit_session_objective_name4 = Focus on the broader server-side infrastructure which the mobile apps communicate with.
+
| summit_session_objective_name4 = All participants are encouraged to share their ideas, techniques and discoveries.
  
| summit_session_objective_name5 =  A heavy focus is placed on the integration between the mobile application, remote authentication services, and cloud platform-specific features.
+
| summit_session_objective_name5 =  In addition to the 'Bug Bounty' targets, we will also add a couple Open Source apps so that the 'builders' also have the opportunity to fix the source code and the 'breakers' can do source-code analysis.
  
 
|-
 
|-
Line 56: Line 56:
 
[[Image:NEW-PROJECTS-BANNER2.jpg]]
 
[[Image:NEW-PROJECTS-BANNER2.jpg]]
  
===Chair: Jack Mannino===
+
===Chair: Dinis Cruz===
 +
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
  
Jack Mannino is a managing partner at nVisium Security, a leading provider of mobile application and web application security services. At nVisium he is responsible for ensuring that all services are delivered at the highest levels of quality and with keen attention to detail.  He focuses on mobile application security research (especially Android), and is the co-leader of the OWASP Mobile Security Project. In addition to the Mobile Security Project, Jack is also heavily involved with the OWASP Northern Virginia Chapter where he serves as the chapter leader.
+
For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.  
  
Jack is the lead developer for the OWASP GoatDroid Project, and is a contributor to the OWASP RailsGoat Project.
+
At OWASP, Dinis is the leader of the OWASP O2 Platform project
 
===Operational Manager:===
 
===Operational Manager:===
  
 
|-
 
|-
  
|summit_session_deliverable_name1 = Top Ten Mobile Risks
+
|summit_session_deliverable_name1 =  
  
|summit_session_deliverable_name2 = Mobile Tools
+
|summit_session_deliverable_name2 =  
  
|summit_session_deliverable_name3 = Mobile Security Testing
+
|summit_session_deliverable_name3 =  
  
|summit_session_deliverable_name4 = Mobile Cheat Sheet Series
+
|summit_session_deliverable_name4 =  
  
|summit_session_deliverable_name5 = Secure Mobile Development
+
|summit_session_deliverable_name5 =  
  
|summit_session_deliverable_name6 = Top Ten Mobile Controls
+
|summit_session_deliverable_name6 =  
  
|summit_session_deliverable_name7 = OWASP Mobile Threat Model Project
+
|summit_session_deliverable_name7 =  
  
 
|summit_session_deliverable_name8 =  
 
|summit_session_deliverable_name8 =  
Line 83: Line 84:
 
|-
 
|-
  
| summit_session_leader_name1 = Jack Mannino
+
| summit_session_leader_name1 = Dinis Cruz
| summit_session_leader_email1 = [email protected]
+
| summit_session_leader_email1 =  
 
| summit_session_leader_username1 =  
 
| summit_session_leader_username1 =  
  

Revision as of 23:07, 7 October 2013

Global Summit 2013 Home Page
Global Summit 2013 Tracks

Working Session.jpg Mobile Security Project
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications.
Related Projects (if any)


Email Contacts & Roles Chair
Dinis Cruz

 Operational Manager
 Mailing list
Google Groups: owasp-project-summit-2013
WORKING SESSION SPECIFICS
Objectives
  1. Collaboration, Learning and Sharing Knowledge - By creating an environment where attendees can get together in an 'live hacking' event.
  2. In order to keep things legal and focused, the 'targets' are going to be companies that have public "Bug Bounties' programs. These will be companies that accept adn want to be targets for such ethical hacking activities.
  3. Each participant will be asked to have 'common sense' and to respect a couple 'soft' rules of engagement.
  4. All participants are encouraged to share their ideas, techniques and discoveries.
  5. In addition to the 'Bug Bounty' targets, we will also add a couple Open Source apps so that the 'builders' also have the opportunity to fix the source code and the 'breakers' can do source-code analysis.

Venue/Date&Time/Model Venue/Room
AppSec USA 2013: Times Square, New York City 		Date & Time
Monday and Tuesday: all day


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS

NEW-PROJECTS-BANNER2.jpg

Chair: Dinis Cruz

Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.

For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.

At OWASP, Dinis is the leader of the OWASP O2 Platform project

Operational Manager:

WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group 'Delivered by Working Group

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed

{{{summit_session_attendee_company21}}}
 {{{summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed21}}}




























































Retrieved from "https://wiki.owasp.org/index.php?title=Projects_Summit_2013/Working_Sessions/0013&oldid=159902"