Difference between revisions of "Projects Summit 2013/Working Sessions/0013"

Latest revision as of 19:45, 22 October 2013

Global Summit 2013 Home Page
Global Summit 2013 Tracks

Bug Bounty Session
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.

WORKING SESSION IDENTIFICATION

Short Work Session Description

Collaboration, Learning, and Sharing Knowledge are the objectives for Bug Bounty program. It offers a 'live hacking' event within a controlled environment.

Related Projects (if any)

OWASP Bug Bounty Session

Email Contacts & Roles

Chair
Dinis Cruz @

Operational Manager

Mailing list
Google Groups: owasp-project-summit-2013

WORKING SESSION SPECIFICS
Objectives	Collaboration, Learning and Sharing Knowledge - By creating an environment where attendees can get together in an 'live hacking' event. In order to keep things focused, the 'targets' are going to be companies that have public "Bug Bounties' programs. These will be companies that accept and want to be targets for such ethical hacking activities. Each participant will be asked to have 'common sense' and to respect a couple 'soft' rules of engagement. All participants are encouraged to share their ideas, techniques and discoveries. In addition to the 'Bug Bounty' targets, we will also add a couple Open Source apps so that the 'builders' also have the opportunity to fix the source code and the 'breakers' can do source-code analysis.
Venue/Date&Time/Model	Venue/Room AppSec USA 2013: Times Square, New York City	Date & Time Monday to Thursday, November 18-21: 8PM to 11:59PM	Discussion Model participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS

Chair: Dinis Cruz

Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.

For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.

At OWASP, Dinis is the leader of the OWASP O2 Platform project.

Operational Manager:

WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group	'Delivered by Working Group
To have authorization to attack/test 'targets'.	After the Meeting - fill in here.
	After the Meeting - fill in here.
	After the Meeting - fill in here.
	After the Meeting - fill in here.
	After the Meeting - fill in here.
	After the Meeting - fill in here.
	After the Meeting - fill in here.
	After the Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name	Company	Notes & reason for participating, issues to be discussed/addressed
	{{{summit_session_attendee_company21}}}	{{{summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed21}}}

@@ Line 3: / Line 3: @@
 | summit_track_logo = [[Image:Working_Session.jpg]]
 | summit_ws_logo = [[Image:Working_Session.jpg]]
-| summit_session_name = Mobile Security Project
+| summit_session_name = Bug Bounty Session
-| summit_session_url = http://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/003
+| summit_session_url = http://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/0013
 | mailing_list = Google Groups: [https://groups.google.com/forum/#!forum/owasp-project-summit-2013 owasp-project-summit-2013]
 |-
-| short_working_session_description= '''The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications.'''
+| short_working_session_description= '''Collaboration, Learning, and Sharing Knowledge are the objectives for Bug Bounty program. It offers a 'live hacking' event within a controlled environment.'''
 |-
-| related_project_name1 = OWASP Mobile Security Project
+| related_project_name1 = OWASP Bug Bounty Session
-| related_project_url_1 = https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
+| related_project_url_1 = https://bugcrowd.com/list-of-bug-bounty-programs/
-| related_project_name2 = Project Assessment
+| related_project_name2 =
-| related_project_url_2 = https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdHVBRUphTkY4MGNYeFpLbV83OFZoNlE&usp=sharing
+| related_project_url_2 =
-| related_project_name3 = Active Project Inventory
+| related_project_name3 =
-| related_project_url_3 = https://www.owasp.org/index.php/OWASP_Project_Inventory
+| related_project_url_3 =
 | related_project_name4 =
@@ Line 31: / Line 31: @@
 |-
-| summit_session_objective_name1= The primary focus is at the application layer.
+| summit_session_objective_name1= Collaboration, Learning and Sharing Knowledge - By creating an environment where attendees can get together in an 'live hacking' event.
-| summit_session_objective_name2 = Target the areas that the average developer can make a difference.
+| summit_session_objective_name2 = In order to keep things focused, the 'targets' are going to be companies that have public "Bug Bounties' programs. These will be companies that accept and want to be targets for such ethical hacking activities.
-| summit_session_objective_name3 = Focus on the mobile applications deployed to end user devices.
+| summit_session_objective_name3 = Each participant will be asked to have 'common sense' and to respect a couple 'soft' rules of engagement.
-| summit_session_objective_name4 = Focus on the broader server-side infrastructure which the mobile apps communicate with.
+| summit_session_objective_name4 = All participants are encouraged to share their ideas, techniques and discoveries.
-| summit_session_objective_name5 =  A heavy focus is placed on the integration between the mobile application, remote authentication services, and cloud platform-specific features.
+| summit_session_objective_name5 =  In addition to the 'Bug Bounty' targets, we will also add a couple Open Source apps so that the 'builders' also have the opportunity to fix the source code and the 'breakers' can do source-code analysis.
 |-
-| working_session_date_and_time = Monday and Tuesday: all day
+| working_session_date_and_time = Monday to Thursday, November 18-21: 8PM to 11:59PM
 |-
@@ Line 56: / Line 56: @@
 [[Image:NEW-PROJECTS-BANNER2.jpg]]
-===Chair: Jack Mannino===
+===Chair: Dinis Cruz===
+Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
-Jack Mannino is a managing partner at nVisium Security, a leading provider of mobile application and web application security services. At nVisium he is responsible for ensuring that all services are delivered at the highest levels of quality and with keen attention to detail.  He focuses on mobile application security research (especially Android), and is the co-leader of the OWASP Mobile Security Project. In addition to the Mobile Security Project, Jack is also heavily involved with the OWASP Northern Virginia Chapter where he serves as the chapter leader.
+For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.
-Jack is the lead developer for the OWASP GoatDroid Project, and is a contributor to the OWASP RailsGoat Project.
+At OWASP, Dinis is the leader of the OWASP O2 Platform project.
 ===Operational Manager:===
 |-
-|summit_session_deliverable_name1 = Top Ten Mobile Risks
+|summit_session_deliverable_name1 = To have authorization to attack/test 'targets'.
-|summit_session_deliverable_name2 = Mobile Tools
+|summit_session_deliverable_name2 =
-|summit_session_deliverable_name3 = Mobile Security Testing
+|summit_session_deliverable_name3 =
-|summit_session_deliverable_name4 = Mobile Cheat Sheet Series
+|summit_session_deliverable_name4 =
-|summit_session_deliverable_name5 = Secure Mobile Development
+|summit_session_deliverable_name5 =
-|summit_session_deliverable_name6 = Top Ten Mobile Controls
+|summit_session_deliverable_name6 =
-|summit_session_deliverable_name7 = OWASP Mobile Threat Model Project
+|summit_session_deliverable_name7 =
 |summit_session_deliverable_name8 =
@@ Line 83: / Line 84: @@
 |-
-| summit_session_leader_name1 = Jack Mannino
+| summit_session_leader_name1 = Dinis Cruz
-| summit_session_leader_email1 = Jack@nvisiumsecurity.com
+| summit_session_leader_email1 = dinis.cruz@owasp.org
 | summit_session_leader_username1 =
@@ Line 228: / Line 229: @@
 |-
-| session_name_mask = <!--Please replace DO NOT EDIT this string --> Session003
+| session_name_mask = <!--Please replace DO NOT EDIT this string --> Session0013
-| session_home_page = <!--Please replace DO NOT EDIT this string --> Projects_Summit_2013/Working_Sessions/003
+| session_home_page = <!--Please replace DO NOT EDIT this string --> Projects_Summit_2013/Working_Sessions/0013
 }}

Difference between revisions of "Projects Summit 2013/Working Sessions/0013"

Latest revision as of 19:45, 22 October 2013

Chair: Dinis Cruz

Operational Manager:

Working Session Participants

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools