This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Owasp Italy Appsec agenda"
(→2015) |
|||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | This is the Application Security Agenda for Owasp Italian chapter. | + | This is the Application Security Agenda for Owasp Italian chapter. Please note, this is not a page for an '''appsec conference''', this page is about an application security strategy for the Italian chapter in order to give a boost for activities and to be used year by year to measure how things went in our Country. |
+ | == 2015 == | ||
+ | |||
+ | Goals for 2015 | ||
+ | |||
+ | * Date an opensource project | ||
+ | * Build a local meetup network | ||
+ | * Communication boost | ||
+ | * Fill the gap with developers | ||
+ | * Setup a new application security conference here in Italy | ||
+ | |||
+ | === Date an opensource project === | ||
− | == 2015 == | + | In order to build a culture of security, filling the gap with developers we want to adopt opensource projects, doing code review and penetration tests over it, providing developers security feedbacks to raise the bar for attackers. |
+ | |||
+ | ==== Stuff to be done ==== | ||
+ | |||
+ | [https://twitter.com/_ikki Luca Carettoni @_ikki] proposes a formal engagement process to adopt an opensource project, making assessments and giving feedbacks. We are evaluating how to procede, creating a framework to #fillthegap. | ||
+ | We are also wondering about creating some whitepapers to help development team introducing appsec. | ||
+ | |||
+ | Popular projects that are candidate to be adopted are: | ||
+ | * [http://symfony.com/ Symfony] | ||
+ | * [http://rubyonrails.org Ruby on rails] | ||
+ | * [http://angular.js Angular.js] | ||
+ | * more to come | ||
+ | |||
+ | === Build a local meetup network === | ||
+ | |||
+ | In Italy, application security specialists don't meet each other and, more important, they don't meet developers and stakeholders in informal meetups to spread the #appsec credo. There are some focused security events (Infosecurity, Security Summit) but they are organized by security guys for other security guys and there are more formal state-of-art event in the Italian panorama. | ||
+ | |||
+ | We feel the need of creating informal meetups were appsec guys gather each other java people, php people, ruby people, .Net people, UX people, entrepreneurs in order to build strong security basements for people make the real web. | ||
+ | |||
+ | We hope to start meetups up in Spring 2015 (around April 2015). | ||
+ | Meetup will be monthly based. | ||
+ | |||
+ | ==== Local meetup leader ==== | ||
+ | |||
+ | Local meetup leader is a person in charge of plan, organise and keep #appsec hype high on his neighborhood/city. For big cities like Milano, Torino, Roma, Napoli, ... there will be of course more leaders that '''must''' collaborate each other. | ||
+ | |||
+ | ==== Stuff to be done ==== | ||
+ | |||
+ | We must create a whitepaper document describing some general rules about how to organize a local meetup. Where to organize, who to invite, how to document the event (photo, talks recording), how to do media coverage, how to advertise the event, where to put infos, slidedecks, ... | ||
+ | |||
+ | === Communication boost === | ||
+ | |||
+ | People who wants to use IRC to chat with Owasp Italy members can use irc server chat.freenode.net on channel #owasp-italy | ||
+ | |||
+ | === Fill the gap with developers === | ||
+ | |||
+ | There are some very interesting conferences here in Italy for developers. We have to spread the security culture, submitting a talk and trying to reach them. | ||
+ | |||
+ | * [http://2015.phpday.it/ PHP Day, May 15th-16th, Verona] | ||
+ | * [http://2015.jsday.it/ Js Day, May 15th-16th, Verona] | ||
+ | * [http://rubyday.it Ruby Day, TBA, TBA] | ||
+ | |||
+ | === Setup a new application security conference here in Italy === | ||
− | + | TBA | |
− | |||
− |
Latest revision as of 11:12, 2 February 2015
This is the Application Security Agenda for Owasp Italian chapter. Please note, this is not a page for an appsec conference, this page is about an application security strategy for the Italian chapter in order to give a boost for activities and to be used year by year to measure how things went in our Country.
2015
Goals for 2015
- Date an opensource project
- Build a local meetup network
- Communication boost
- Fill the gap with developers
- Setup a new application security conference here in Italy
Date an opensource project
In order to build a culture of security, filling the gap with developers we want to adopt opensource projects, doing code review and penetration tests over it, providing developers security feedbacks to raise the bar for attackers.
Stuff to be done
Luca Carettoni @_ikki proposes a formal engagement process to adopt an opensource project, making assessments and giving feedbacks. We are evaluating how to procede, creating a framework to #fillthegap. We are also wondering about creating some whitepapers to help development team introducing appsec.
Popular projects that are candidate to be adopted are:
- Symfony
- Ruby on rails
- Angular.js
- more to come
Build a local meetup network
In Italy, application security specialists don't meet each other and, more important, they don't meet developers and stakeholders in informal meetups to spread the #appsec credo. There are some focused security events (Infosecurity, Security Summit) but they are organized by security guys for other security guys and there are more formal state-of-art event in the Italian panorama.
We feel the need of creating informal meetups were appsec guys gather each other java people, php people, ruby people, .Net people, UX people, entrepreneurs in order to build strong security basements for people make the real web.
We hope to start meetups up in Spring 2015 (around April 2015). Meetup will be monthly based.
Local meetup leader
Local meetup leader is a person in charge of plan, organise and keep #appsec hype high on his neighborhood/city. For big cities like Milano, Torino, Roma, Napoli, ... there will be of course more leaders that must collaborate each other.
Stuff to be done
We must create a whitepaper document describing some general rules about how to organize a local meetup. Where to organize, who to invite, how to document the event (photo, talks recording), how to do media coverage, how to advertise the event, where to put infos, slidedecks, ...
Communication boost
People who wants to use IRC to chat with Owasp Italy members can use irc server chat.freenode.net on channel #owasp-italy
Fill the gap with developers
There are some very interesting conferences here in Italy for developers. We have to spread the security culture, submitting a talk and trying to reach them.
Setup a new application security conference here in Italy
TBA