This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Working Session Top 10 2009"

From OWASP

Jump to: navigation, search

Latest revision as of 14:45, 18 December 2008

Working Sessions Operational Rules - Please see here the general frame of rules.

WORKING SESSION IDENTIFICATION
Work Session Name	OWASP Top 10 2009
Short Work Session Description	Aims to provide a key awareness document for web application security.
Related Projects (if any)	OWASP Top Ten Project
Email Contacts & Roles	Chair Dave Wichers	Secretary Jeff Williams	Mailing list Subscription Page

WORKING SESSION SPECIFICS
Objectives	Discuss current Top10 structure and objectives, Identify which information sources will be considered for analysis, Eg: MITRE Compromise DB's (Attrition, WASC etc) and bias due to reporting Anonomised penetration test results and the difficulty in obtaining Define methodology to collect attacks statistics, Define prioritisation approach Agree weighting between current or emerging threats
Venue/Date&Time/Model	Venue OWASP EU Summit Portugal 2008	Date&Time November 5 & 7, 2008 Time TBD	Discussion Model "Participants + Attendees"

WORKING SESSION OPERATIONAL RESOURCES
Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.

WORKING SESSION ADDITIONAL DETAILS
Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution. Potential Resources: MITRE's Common Vulnerability Enumeration (CVE) Database The WASC Web Hacking Incidents Database The 2007 WASC Web Application Security Statistics Report

WORKING SESSION ADDITIONAL DETAILS

Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.

Potential Resources:

MITRE's Common Vulnerability Enumeration (CVE) Database

The WASC Web Hacking Incidents Database

The 2007 WASC Web Application Security Statistics Report

WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions	Proposed by Working Group	Approved by OWASP Board
	The sources of input for the 2009 Top 10 will be identified.	After the Board Meeting - fill in here.
	The ordering scheme for the Top 10 will be determined.	After the Board Meeting - fill in here.
	Discussion of whether the existing document structure should be maintained or adjusted.	After the Board Meeting - fill in here.
	Video	After the Board Meeting - fill in here.

Working Session Participants

(Add your name by editing this table. On the right, just above this frame, you have the option to edit)

WORKING SESSION PARTICIPANTS
	Name	Company	Notes & reason for participating, issues to be discussed/addressed
1	Paolo Perego	Spike Reply	As penetration tester it woud be great to me to participating in writing the new Top 10. As code reviewer and Orizon project leader it would be very interesting in scouting dynamic threats in order to add some dynamic feature to my tool.
2	David Campbell	OWASP Denver
3	Robert Mann	RBS / ABN AMRO
4	Troy Leach	PCI Security Standards Council	Technical Director
5	Eoin Keary	Ernst & Young. Long time OWASP member (Code and Testing guides)
6	Matteo Meucci	Minded Security	I'd like to discuss about a new way to create the Top10 from the OWASP Community
7	Giorgio Fedon	Minded Security
8	Andrea Cogliati	OWASP Rochester, NY	I volunteered as a technical writer
9	Christian Martorella	S21sec	Interested in participating on the creating the Top 10, share some ideas.
10	Nishi Kumar	Systems Architect (FIS) Global Web Development Group	Interested in participating and sharing ideas
11	Tom Brennan	OWASP/WhiteHat Security	Want to discuss some of the stats we can share with OWASP
12	Georg Hess	OWASP Germany	mainly to get some insight into the process
12	Arturo 'Buanzo' Busleiman	Independent	Expert Contributor for SANS TOP20 since 2005. want to contribute here.
12	Fabio Cerullo	AIB	Interested in participating on the creation of the Top 10, share some ideas.
12	Sébastien Gioria	OWASP France	Interested in reviewing and give some Point of View frome France ans some pentesting made here. Also interessted to translate it as soon as possible for our France Market.
13	Marco Mella	Independent

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Working_Session_Top_10_2009&oldid=49545"

Category:

OWASP Working Session

Difference between revisions of "OWASP Working Session Top 10 2009"

Latest revision as of 14:45, 18 December 2008

Working Session Participants

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 1: / Line 1: @@
 {| style="width:100%" border="0" align="center"
-  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''Working Session Identification'''
+ ! colspan="7" align="center" style="background:#b3b3b3; color:white"|<font color="black">'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].
+ |}
+{| style="width:100%" border="0" align="center"
+  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION IDENTIFICATION'''
   |-
-  | style="width:15%; background:#7B8ABD" align="center"|'''Name'''
+  | style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''
   | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Top 10 2009'''
   |-
+ | style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''
+ | colspan="6" style="width:85%; background:#cccccc" align="left"|Aims to provide a key awareness document for web application security.
   |-
-  | style="width:15%; background:#7B8ABD" align="center"|'''Mission'''
+  | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''
-  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"> To provide a key awareness document for web application security.
+  | colspan="6" style="width:85%; background:#cccccc" align="left"|[[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]
   |-
-  | style="width:15%; background:#7B8ABD" align="center"|'''Lead'''
+  | style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
-  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"> Dave Wichers
+  | style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:dave.wichers(at)owasp.org '''Dave Wichers''']
-|-
+  | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:jeff.williams(at)owasp.org '''Jeff Williams''']
-  | style="width:15%; background:#7B8ABD" align="center"|'''Team'''
+  | style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-topten '''Subscription Page''']
- | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"> Jeff Williams
+  |}
-|-
-  | style="width:15%; background:#7B8ABD" align="center"|'''Mailing List'''
- | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"> [https://lists.owasp.org/mailman/listinfo/owasp-topten Subscription Page]
-|-
- | style="width:15%; background:#7B8ABD" align="center"|'''Related Projects (if any)'''
-  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"> [[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]
-|}
 {| style="width:100%" border="0" align="center"
-  ! colspan="7" align="center" style="background:#a0c0e0; color:white"|<font color="black">'''First Working Session'''
+  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION SPECIFICS'''
- |-
- | style="width:15%; background:#7B8ABD" align="center"|'''Location'''
- | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
- |-
- | style="width:15%; background:#7B8ABD" align="center"|'''Date'''
- | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">TBD
-  |-
- | style="width:15%; background:#7B8ABD" align="center"| '''Agenda'''
- | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">TBD
   |-
-  | style="width:15%; background:#7B8ABD" align="center"| '''Objectives'''
+  | style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''
   | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">
-* Discuss current Top10 structure and objectives
+* Discuss current Top10 structure and objectives,
-* Define methodology to collect attacks statistics
+* Identify which information sources will be considered for analysis, Eg:
-* Propose the revised OWASP Top 10 for 2009
+** MITRE
+** Compromise DB's (Attrition, WASC etc) and bias due to reporting
+** Anonomised penetration test results and the difficulty in obtaining
+* Define methodology to collect attacks statistics,
+* Define prioritisation approach
+** Agree weighting between current or emerging threats
   |-
-  | style="width:15%; background:#7B8ABD" align="center"| '''Working Session Resources'''
+  | style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
-  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">TBD - Please add any needed relevant resources here.
+  | style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]
- |-
+  | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5 & 7, 2008<br>Time TBD
- | style="width:15%; background:#7B8ABD" align="center"|'''Working Group Sessions General Methodology'''
+  | style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees"
- | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">Please see [[:Working Sessions Methodology|'''here''']].
+  |}
- |-
+{| style="width:100%" border="0" align="center"
-  | style="width:15%; background:#7B8ABD" align="center"|'''Chosen Organizational Model'''
+  ! colspan="7" align="center" style="background:white; color:white"|<font color="black">
-  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">"Invited Participants"
-  |-
- | style="width:15%; background:#7B8ABD" align="center"|'''Working Session Secretary'''
- | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">TBD - [mailto:name@name Name]
-  |-
- | style="width:15%; background:#7B8ABD" align="center"|'''Working Session Registration'''
- | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">If the Organizational Model is "Everybody is a Participant", please add your name and e-mail here. Otherwise, please wait for an invitation.<br>
-* [mailto:name@name Name]
   |}
+{|style="width:100%" border="0" align="center"
+ ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES'''
+ |-
+ | style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
+ |}
+{| style="width:100%" border="0" align="center"
+ ! colspan="7" align="center" style="background:white; color:white"|<font color="black">
+ |}
 {| style="width:100%" border="0" align="center"
-  | style="width:15%; background:#a0c0e0" align="center"|
+  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS'''
- | style="width:42%; background:#b3b3b3" align="center"|'''Proposed by Working Group'''
- | style="width:43%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''
   |-
-  | style="width:15%; background:#a0c0e0" align="center"|'''First Working Session Outcomes'''<br>(Initiatives, Statements, and Decisions)
+  | style="width:100%; background:#cccccc" align="left"|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.
-  | style="width:42%; background:#C2C2C2" align="center"|To fill in here.
-  | style="width:43%; background:#C2C2C2" align="center"|To fill in here
+Potential Resources:
+* [http://cve.mitre.org/cve/ MITRE's Common Vulnerability Enumeration (CVE) Database]
+* The [http://www.webappsec.org/projects/whid/whid.shtml WASC Web Hacking Incidents Database]
+* The [http://www.webappsec.org/projects/statistics/ 2007 WASC Web Application Security Statistics Report]
+ |}
+{| style="width:100%" border="0" align="center"
+ ! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES'''
+ |-
+ | style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions
+  | style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group'''
+ | style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''
+ |-
+ | style="width:7%; background:#7B8ABD" align="center"|
+ | style="width:46%; background:#C2C2C2" align="center"|The sources of input for the 2009 Top 10 will be identified.
+ | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
+ |-
+ | style="width:7%; background:#7B8ABD" align="center"|
+ | style="width:46%; background:#C2C2C2" align="center"|The ordering scheme for the Top 10 will be determined.
+ | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
+ |-
+  | style="width:7%; background:#7B8ABD" align="center"|
+ | style="width:46%; background:#C2C2C2" align="center"|Discussion of whether the existing document structure should be maintained or adjusted.
+ | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
   |-
+ | style="width:7%; background:#7B8ABD" align="center"|
+ | style="width:46%; background:#C2C2C2" align="center"|[http://uk.youtube.com/watch?v=GsRbpshqqII Video]
+ | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.
   |}
+== Working Session Participants ==
+(Add your name by editing this table. On the right, just above this frame, you have the option to edit)
+{| style="width:100%" border="0" align="center"
+ ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION PARTICIPANTS'''
+ |-
+ | style="width:7%; background:#7B8ABD" align="center"|
+ | style="width:15%; background:#cccccc" align="center"|'''Name'''
+ | style="width:15%; background:#cccccc" align="center"|'''Company'''
+ | style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''
+ |-
+ | style="width:7%; background:#7B8ABD" align="center"|1
+ | style="width:15%; background:#cccccc" align="center"|Paolo Perego
+ | style="width:15%; background:#cccccc" align="center"|Spike Reply
+ | style="width:63%; background:#cccccc" align="center"|As penetration tester it woud be great to me to participating in writing the new Top 10. As code reviewer and Orizon project leader it would be very interesting in scouting dynamic threats in order to add some dynamic feature to my tool.
+ |-
+ | style="width:7%; background:#7B8ABD" align="center"|2
+ | style="width:15%; background:#cccccc" align="center"|David Campbell
+ | style="width:15%; background:#cccccc" align="center"|OWASP Denver
+ | style="width:63%; background:#cccccc" align="center"|
+ |-
+ | style="width:7%; background:#7B8ABD" align="center"|3
+ | style="width:15%; background:#cccccc" align="center"|Robert Mann
+ | style="width:15%; background:#cccccc" align="center"|RBS / ABN AMRO
+ | style="width:63%; background:#cccccc" align="center"|
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|4
+ | style="width:15%; background:#cccccc" align="center"|Troy Leach
+ | style="width:15%; background:#cccccc" align="center"|[https://www.pcisecuritystandards.org/ PCI Security Standards Council]
+ | style="width:63%; background:#cccccc" align="center"|Technical Director
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|5
+ | style="width:15%; background:#cccccc" align="center"|Eoin Keary
+ | style="width:15%; background:#cccccc" align="center"|Ernst & Young. Long time OWASP member (Code and Testing guides)
+ | style="width:63%; background:#cccccc" align="center"|
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|6
+ | style="width:15%; background:#cccccc" align="center"| Matteo Meucci
+ | style="width:15%; background:#cccccc" align="center"| Minded Security
+ | style="width:63%; background:#cccccc" align="center"| I'd like to discuss about a new way to create the Top10 from the OWASP Community
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|7
+ | style="width:15%; background:#cccccc" align="center"|Giorgio Fedon
+ | style="width:15%; background:#cccccc" align="center"|Minded Security
+ | style="width:63%; background:#cccccc" align="center"|
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|8
+ | style="width:15%; background:#cccccc" align="center"|Andrea Cogliati
+ | style="width:15%; background:#cccccc" align="center"|OWASP Rochester, NY
+ | style="width:63%; background:#cccccc" align="center"|I volunteered as a technical writer
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|9
+ | style="width:15%; background:#cccccc" align="center"|Christian Martorella
+ | style="width:15%; background:#cccccc" align="center"|S21sec
+ | style="width:63%; background:#cccccc" align="center"|Interested in participating on the creating the Top 10, share some ideas.
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|10
+ | style="width:15%; background:#cccccc" align="center"|Nishi Kumar
+ | style="width:15%; background:#cccccc" align="center"|Systems Architect (FIS) Global Web Development Group
+ | style="width:63%; background:#cccccc" align="center"|Interested in participating and sharing ideas
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|11
+ | style="width:15%; background:#cccccc" align="center"| Tom Brennan
+ | style="width:15%; background:#cccccc" align="center"| OWASP/WhiteHat Security
+ | style="width:63%; background:#cccccc" align="center"| Want to discuss some of the stats we can share with OWASP
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|12
+ | style="width:15%; background:#cccccc" align="center"| Georg Hess
+ | style="width:15%; background:#cccccc" align="center"| OWASP Germany
+ | style="width:63%; background:#cccccc" align="center"| mainly to get some insight into the process
+ |
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|12
+ | style="width:15%; background:#cccccc" align="center"| Arturo 'Buanzo' Busleiman
+ | style="width:15%; background:#cccccc" align="center"| Independent
+ | style="width:63%; background:#cccccc" align="center"| Expert Contributor for SANS TOP20 since 2005. want to contribute here.
+ |
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|12
+ | style="width:15%; background:#cccccc" align="center"| Fabio Cerullo
+ | style="width:15%; background:#cccccc" align="center"| AIB
+ | style="width:63%; background:#cccccc" align="center"| Interested in participating on the creation of the Top 10, share some ideas.
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|12
+ | style="width:15%; background:#cccccc" align="center"| Sébastien Gioria
+ | style="width:15%; background:#cccccc" align="center"| OWASP France
+ | style="width:63%; background:#cccccc" align="center"| Interested in reviewing and give some Point of View frome France ans some pentesting made here. Also interessted to translate it as soon as possible for our France Market.
+|-
+ | style="width:7%; background:#7B8ABD" align="center"|13
+ | style="width:15%; background:#cccccc" align="center"| Marco Mella
+ | style="width:15%; background:#cccccc" align="center"| Independent
+ | style="width:63%; background:#cccccc" align="center"|
+ |}
+[[Category:OWASP_Working_Session]]