|
|
(151 intermediate revisions by 18 users not shown) |
Line 1: |
Line 1: |
− | __NOTOC__
| + | {| |
− | | |
− | ==== Welcome ====
| |
− | | |
− | {| cellspacing="0" cellpadding="20" border="0" class="FCK__ShowTableBorders" | |
| |- | | |- |
− | | [[Image:OWASPGlobalSummitLogo-3THISONEHASTHEMOSTVOTESSOFAR.jpg|border|center|462x347px]]
| + | ! width="600" align="center" | |
− | | | + | ! width="600" align="center" | |
− | === Dear OWASP Leaders and appsec community, === | |
− | | |
− | <br>The Summit will be held February 8th-11th in (Cascais) Lisbon, Portugal. This will be the place where appsec experts meet, discuss, work, socialize, and set the roadmap for OWASP in coming years. <br><br>
| |
− | | |
− | === The Summit Activates *You* ===
| |
− | | |
− | Whereas the OWASP AppSec conferences are great places to listen to interesting talks, go for training, and meet with OWASP people, the Global Summit is the place where we all sit down together and take the time to discuss and work out plans, projects and solutions for the appsec future.
| |
− | | |
− | Examples of topics:
| |
− | | |
− | *How should we support the OWASP projects?
| |
− | *How can we work with browser vendors to enhance security (see "Browser Day" tab above)?
| |
− | *How should the community reach out to developers and education institutions?
| |
− | *How often should we publish the OWASP Top 10?
| |
− | *How can OWASP support your chapter?
| |
− | | |
| |- | | |- |
− | | valign="top" | | + | | align="center" | [[Image:Final summit logo half.jpg|link=https://www.owasp.org/index.php/Summit_2011_Logo_Explained]] <br/> |
− | === Organizing Committee ===
| + | | align="center" | [[Image:Summit_Report_Title.JPG|link=http://sl.owasp.org/summit2011_finalreport]] <br/> [http://sl.owasp.org/summit2011_finalreport Click here to view the report!]<br/>[[:Summit_2011_Outcomes| Click here to view all Summit documentation including session notes and presentations.]]<br/> |
− | | |
− | [[User:Lorna Alamri|Lorna Alamri]], [[User:Bradcausey|Brad Causey]], [[User:Justin42|Justin Clarke]], [[User:Paulo Coimbra|Paulo Coimbra]], [[User:Dinis.cruz|Dinis Cruz]], [[User:Knoblochmartin|Martin Knobloch]], [[User:Wichers|Dave Wichers]], [[User:John.wilander|John Wilander]], [[User:Jason Li|Jason Li]], Tara Causey, [[User:Sarah Baso|Sarah Baso]] . | |
− | | |
− | | valign="top" |
| |
− | === Who's Invited? ===
| |
− | | |
− | As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info.
| |
| | | |
| |} | | |} |
| | | |
− | <!---[[Image:Summit Group 4.jpg|border|OWASP Summit 2008 in Portugal]] --->
| + | ====Summit Links==== |
| + | *[https://picasaweb.google.com/owaspphotos/OWASPSummit# Summit Pictures] |
| + | *[[Summit 2011/Open letter to WebAppSec Tool and Services vendors: Release your schemas and allow automation|Open letter to WebAppSec Tool and Services vendors]] |
| + | *[https://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png]<br> |
| + | *[[Summit 2011/Media|PRESS RELEASES & Media Mentions]]<br/> |
| + | *[[Summit 2011 Attendee|Who is going?]]<br/> |
| + | *[[Summit 2011/Venue|Where is the venue?]]<br/> |
| + | *[[Summit_2011_Reservations|Tickets/Reservations]]<br/> |
| + | *[[Summit_2011_Corporate_Sponsorship|How can I become a corporate sponsor?]]<br/> |
| + | *[[Summit_2011_FAQ|Other Frequently Asked Questions]]<br/> |
| + | *[[Summit_2011/Emails_To_Attendees|Emails to Attendees]]<br/> |
| + | *[[:Category:Summit 2011 Tracks|Summit 2011 Working Sessions]]<br/> |
| + | *[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation] |
| + | *[https://www.owasp.org/index.php/Summit_2011/Remote_Participants#Remote_Participants Video Broadcast Channels] |
| + | <paypal>Summit</paypal> |
| + | *[[Summit_2011_Archived|Summit 2011 Archived]]<br/> |
| + | *[[Summit 2011 Internals|Summit 2011 Internals]] |
| | | |
− | ==== Operational guidelines ====
| |
| | | |
− | Following the first meeting of the Summit 2011 Organizational team, here are the current proposed operational guidelines:
| |
| | | |
− | #the summit is an annual event
| |
− | #outside OWASP conference
| |
− | #the summit should take place in January not later then begin of February
| |
− | #the summit takes 3 to 4 days
| |
− | #budget aim is US$ 150'000 US$ where 50'000 from OWASP and US$100'000 from sponsors
| |
− | #attendees targets are:
| |
− | ##OWASP Funded:
| |
− | ###Board
| |
− | ###Committee Members
| |
− | ##Chapter / sponsor Funded:
| |
− | ###Chapter Leaders
| |
− | ##Project Leaders
| |
− | #venue / location criteria (no decision on the venue)
| |
− | ##1 key organizer in close contact with the venue
| |
− | ##hosting 30 to 100 people
| |
− | ##US$2'000 a head (flight/accommodation/food/beers)
| |
− | ##conference facilities
| |
− | ###multiple meeting rooms
| |
− | ###one big meeting room e.g. auditorium
| |
− | ###hotel with the conference facilities or conference venue within walking distance
| |
− | ###apartments if possible (to share apartments/rooms and save money)
| |
− | ###4 to 5 star hotel
| |
− | ###local food supplier for apartment crashing
| |
− | ###has to be negotiated with the hotel
| |
− | ###max 50 km's form international airport
| |
− | ###sufficient Internet access!
| |
| | | |
− | '''Success factors (what indicates the summit as success)'''
| + | ==== Video of Summit ==== |
| | | |
− | #break even
| + | === Vimeo === |
− | #the summits are the place to go to discus about and working on Web Application Security
| |
− | #review of the past year
| |
− | #working sessions on committees, projects and industry sectors (e.g. browsers and frameworks)
| |
− | ##universities / education sessions
| |
− | ##committee member election
| |
− | ##board election
| |
− | ##strategic OWASP issues
| |
− | ##road map and action plans for the next 12 month
| |
| | | |
− | Other local Summit(s):
| + | [http://vimeo.com/channels/owaspsummit http://vimeo.com/channels/owaspsummit] |
| | | |
− | *The conferences are free to organize small, conference bound summit
| + | === YouTube Intro === |
− | *this are not sponsored by OWASP of OWASP summit budget
| + | {{#ev:youtube|Yc7Jo8yeh0g}} |
| | | |
− | <br>
| |
| | | |
− | == XSS Eradication ==
| |
| | | |
− | We will have a half day working session on Cross Site Scripting - specifically how OWASP can make 2011 the year of XSS... going away. How we help bring this about through contributing our knowledge to cornerstone projects, how we can raise the awareness through advocacy, and what we can do to ensure that OWASP and other freely available resources and made available to the wider community, and that they are aware of them. <br>
| + | [https://picasaweb.google.com/owaspphotos/OWASPSummit# Summit Pictures] |
| | | |
− | == Enterprise Web Defense Roundtable == | + | ==== Creating OWASP 4.0! ==== |
| | | |
− | How are enterprises defending web applications. Discussion of best practices, effective methods, and new ideas to enhance web application defense. (Session Leader: Michael Coates, Mozilla)
| + | {{:Summit_2011_Creating_OWASP_4dotOh}} |
| | | |
− | == University Outreach == | + | ==== Fixed Schedule ==== |
| + | [[:Summit_2011_Schedule|Click HERE to view the entire summit fixed schedule. This is just a sample.<br/>]] |
| + | [[Image:Agenda Unvarying 2.jpg|link=Summit_2011_Schedule]] |
| | | |
− | This summit will be the place to bring OWASP Educational Supporters together! What security major and minor educations are out there? How can OWASP participate and influence their curricula? How can the relationship between Universities and OWASP be standardized? What does OWASP have to offer Universities and what can they, in turn, expect from each other?
| + | ==== Dynamic Schedule ==== |
| + | [[:Summit_2011_Schedule_Dynamic|Click HERE to view the entire summit dynamic schedule. This is just a sample<br/>]] |
| + | [[Image:Agenda Dynamic 2.JPG|link=Summit 2011 Schedule Dynamic]] |
| | | |
− | == OWASP Projects ==
| |
| | | |
− | We will have a session on how OWASP should support, grow, and manage projects. This includes:<br>-Assessment criteria<br>-Orphaned projects<br>-Funding<br>-Marketing<br>-Commercial services
| + | ==== Remote Participants ==== |
| + | <br/> |
| + | [[:Summit_2011/Remote_Participants|Details on how to participate remotely are HERE.]] |
| | | |
− | <br>
| |
| | | |
− | ==== OWASP Around the World ====
| |
| | | |
− | OWASP is a fast growing global community. How should we support and manage this growth? During this session we'll look into issues of:
| + | __NOTOC__ |
− | | + | <headertabs /> |
− | *[http://www.owasp.org/index.php/OWASP_Internationalization Internationalization]
| + | Contact [mailto:sarah.baso@owasp.org| Sarah Baso] with questions related to Summit outcomes or results<br/> |
− | *The [http://www.owasp.org/index.php/OWASP_Jobs global job board]
| + | [[Summit 2011 Committee|Summit 2011 Committee]]<br/> |
− | *New OWASP chapters in parts of the world where we have not spread much yet
| + | [[Category:Summit_2011]] |
− | | |
− | ==== More Topics ====
| |
− | | |
− | You know how OWASP works – it's all up to you. Please '''edit this tab and enter topics we should cover''' during the Global Summit 2011! If you want you can add your name after each suggestion and we can work out the details with you.
| |
− | | |
− | *Discussion on Douglas Crockford's bold statement that we should stop HTML5 development, fix XSS, and then start over. Is he right? How is OWASP active in the HTML5 development? Check [http://blip.tv/file/3755495 this webcast], jump to 20:50 to hear the XSS part. /John Wilander
| |
− | *[Your topic here]
| |
− | | |
− | ==== How Do I Join? / Mailing list ====
| |
− | | |
− | As an OWASP leader you are automatically invited to the summit.
| |
− | | |
− | The first thing to do is to join the [https://lists.owasp.org/mailman/listinfo/owasp-summit-2011 Summit 2011 mailing list].
| |
− | | |
− | On the mailing list you'll get first hand information on how to register, exact dates, updates to the agenda, funding for your trip etc.
| |
− | | |
− | If you are a leading appsec expert from industry or academia but not yet an OWASP leader you can just contact John.Wilander at owasp.org and we'll try to get you in.
| |
− | | |
− | ==== Social Events ====
| |
− | | |
− | It goes without saying – the summit is all about meeting people. So there will be a constant mixture of workshops, dinners, beers and wine. We like to think of the summit as a very social event in itself.
| |
− | | |
− | ==== Venue ====
| |
− | | |
− | [[Image:Hotel entrance 697x395.jpg]]
| |
− | | |
− | Below is the link to the Venue of the 2011 OWASP Summit in Lisbon, Portugal.<br>
| |
− | | |
− | [http://www.camporeal.pt/en/hotel-residences.aspx http://www.camporeal.pt/en/hotel-residences.aspx]
| |
− | | |
− | The hotel has an Airport Shuttle, Gym and Fitness Center, Gootball camp, Horse Back Riding, Day Spa, Internet WiFi, and Golfcourse as well as many other amenities.
| |
− | | |
− | Meals and coffee breaks will be provided by OWASP.<br>
| |
− | | |
− | [[Image:Villas.jpg]]<br>
| |
− | | |
− | '''Villa Accomadations:'''<br>
| |
− | | |
− | Residence-Pool 3 or 4 bedrooms<br> - Villa
| |
− | | |
− | Each Residence includes:<br>- Private bathroom(s)<br>- Kitchenette<br>- Balcony or garden<br>- Swimming-pool shared by apartment/townhouse block<br>- Residence-Pool for 3 bedroom and 4 bedroom villas include a private swimming-pool
| |
− | | |
− | <br>
| |
− | | |
− | '''A Day in Lisbon, Portugal:'''
| |
− | | |
− | [[Image:Cascais2.jpg]]<br><br>Click this link to see all the City of Lisbon has to offer, which is only a short train ride from the resort.<br>[http://www.golisbon.com/portugal/cities/cascais.html http://www.golisbon.com/portugal/cities/cascais.html]<br>or<br>[http://www.travel-in-portugal.com/Cascais/ http://www.travel-in-portugal.com/Cascais/]<br>'''Lisbon''' - Spreading out along the right bank of the Tagus, its downtown, the Baixa, is located in the 18th-century area around Rossio. East of the arcade Praça do Comércio, are the medieval quarters of Alfama and Mouraria, crowned by the magnificent St. George's Castle. To the west lie Bairro Alto and Madragoa, with their typical streets, and on the western extreme is Belém, with its Belém Tower, (the sentinel over the Tagus river that protects the entrance into Lisbon), the Jerónimos Monastery (masterpieces of Manueline architecture and classified in UNESCO's International Heritage list) and the Cultural Center of Belém.[http://www.portugalvirtual.pt/0/83.html <br>Museums:] Ancient Art, Chiado (Contemporary Art), Tile, Archaeology, Ethnology, Coach, Costume, Theater, Maritime, Military, City, Gulbenkian, Modern Art Center, and the Ricardo Espirito Santo Silva Foundation. Palaces open to the public: Ajuda and Fronteira. Churches: Cathedral (with Treasury); São Vicente de Fora; Conceição Velha (Manueline), São Roque and Sacred Art; Madre Deus; Santa Engrácia Pantheon (Baroque), and the Estrela Basilica.<br>[http://www.portugalvirtual.pt/0/60.html Shopping:] Downtown; Avenida de Roma, Praça de Londres, Avenida Guerra Junqueiro, and Amoreiras. <br>[http://www.portugalvirtual.pt/0/80.html Nightlife:] Bairro Alto and Avenida 24 de Julho.<br>[http://www.portugalvirtual.pt/tours/index.html Guided Tours]<br><br>
| |
− | | |
− | <br>
| |
− | | |
− | ==== Sponsoring ====
| |
− | | |
− | We will welcome a few sponsors of this very special event, typically organization that participate in the summit. If you are interested in supporting the global summit, please contact Lorna.Alamri at owasp.org.
| |
− | | |
− | <br>
| |
− | | |
− | '''Attendees that qualify to be sponsored by OWASP<br>Some leaders that are active within OWASP may qualify to have all or partial transportation and lodging paid for by OWASP.<br>To be considered for qualification, you must meet one or more of the following criteria:'''
| |
− | | |
− | #Member of the OWASP Board
| |
− | #Active member of a Global Committee (as determined by the OWASP Board)
| |
− | #Operational personnel that are necessary for the operation of the Summit
| |
− | | |
− | '''Current sponsorship budget is $50,000 for the Summit.'''
| |
− | | |
− | If you feel you might qualify, please contact Brad Causey or Jason Li. If you do not meet these criteria, and still feel that you should be sponsored, please contact {{Template:Contact | name = Brad Causey | email = bradcausey@owasp.org }} or {{Template:Contact | name = Jason Li | email = [email protected]}} | |
− | | |
− | <br>
| |
− | | |
− | ==== Applying for Chapter or Project Sponsorship ====
| |
− | | |
− | [https://docs.google.com/document/d/1TBj0BxBnzx8P7SegtEc8dSUNlQdLEZ5xXTbwfbdh6Bg/edit?hl=en&authkey=CNvixYEL Application for OWASP Chapter or Project Funding] <br> <br>[[Image:WorkflowProcesstoApplyforChapterorProjectFunding.png|800x600px]] <br>
| |
− | | |
− | <br>
| |
− | | |
− | ==== Confirmed Summit Attendees ====
| |
− | | |
− | '''<u>[https://docs.google.com/document/d/1Q3it1KCIm3HKFhWUtQYdaYd-bTbw_5oLN_dwk9Sc-j0/edit?hl=en&authkey=COymwN4E CONFIRMED 2011 OWASP GLOBAL SUMMIT ATTENDEES]</u>'''
| |
− | | |
− | *OWASP role/affiliation appear in parentheses
| |
− | | |
− | <br> Lorna Alamri (Industry, Summit)
| |
− | | |
− | Sarah Baso (Summit) | |
− | | |
− | Tom Brennan (Global Board, Membership), Proactive Risk
| |
− | | |
− | Mark Bristow (Conferences)
| |
− | | |
− | Larry Casey (Director of IT), Aspect Security
| |
− | | |
− | Brad Causey (Projects, Summit)
| |
− | | |
− | Justin Clarke (Connections, Summit), Director at Gotham Digital Science
| |
− | | |
− | Michael Coates (Membership), Mozilla Web Security
| |
− | | |
− | Dan Cornell (Membership), CTO Denim Group
| |
− | | |
− | Dinis Cruz (Global Board, Projects, Summit)
| |
− | | |
− | Lucas C. Ferreira (Conferences), Brazilian Chamber of Deputies
| |
− | | |
− | Kate Hartmann (OWASP Operations Director)
| |
− | | |
− | Eoin Keary (Global Board, Industry)
| |
− | | |
− | Martin Knobloch (Education, Summit)
| |
− | | |
− | Jason Li (Projects, Summit), Aspect Security
| |
− | | |
− | Jim Manico (OWASP Podcast)
| |
− | | |
− | Eduardo Neves (Education, Summit)
| |
− | | |
− | Yiannis Pavlosoglou (Industry)
| |
− | | |
− | Matt Tesauro (Global Board, Industry), Praetorian
| |
− | | |
− | Colin Watson (Industry)
| |
− | | |
− | Dave Wichers (Global Board, Conferences), Aspect Security
| |
− | | |
− | Jeff Williams (Global Board Chair), Aspect Security
| |
− | | |
− | <br>
| |
− | | |
− | <br>
| |
− | | |
− | ==== Letters and Summit Materials ====
| |
− | | |
− | [[Media:OWASP_summit2011_DC_update.pdf|Summit 2011 Presentation for AppSec DC]] <br> [https://docs.google.com/document/d/1TBj0BxBnzx8P7SegtEc8dSUNlQdLEZ5xXTbwfbdh6Bg/edit?hl=en&authkey=CNvixYEL Application for OWASP Chapter or Project Funding] <br>[https://docs.google.com/document/d/1Q3it1KCIm3HKFhWUtQYdaYd-bTbw_5oLN_dwk9Sc-j0/edit?hl=en&authkey=COymwN4E Confirmed 2011 OWASP Global Summit Attendees]<br><br> [https://docs.google.com/document/d/1sDeYKk6HuJiQ-CvihS4r1QVs21W3LhtLYfPyyLBwtQc/edit?hl=en&authkey=CPXmjJkK Template Letter - 2011 Global Summit Basic Invitation] <br> [https://docs.google.com/document/d/1Hi2Rc6wsaDMVEEssKuWqpBZe0IxtR51dLEbNIYsQaR0/edit?hl=en&authkey=CJbSpfEI Template Letter - 2011 Global Summit University Outreach Invitation]<br> [https://docs.google.com/document/d/13H-iGoHeUrAC0Pdm9mkA40no1M71YwgMdNA1829rLs0/edit?hl=en&authkey=CMaG0pIK Template Letter - 2011 Global Summit Government Invitation]<br> [https://docs.google.com/document/d/1u0ydRKuDOlzoxM4pI9Gyka_Goh_RDz5rLlMcLohUtdU/edit?hl=en&authkey=CMOizEs Template Letter - 2011 Global Summit Request for Employer Funding and Sponsorship]<br> [https://docs.google.com/document/d/10mE4EcsfwNOl3X43fKaTMERU79X2z5jUxLvAKkrlgqQ/edit?hl=en&authkey=CN2x0qoN Template Letter - 2011 Global Summit Request for Employer Funding, Version 2]<br>
| |
− | | |
− | ==== Schedule<br> ====
| |
− | | |
− | {| border="0" align="center" style="width: 90%;"
| |
− | |-
| |
− | | align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" colspan="5" | Agenda for Tuesday, February the 8th, 2011<br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 0900 - 1000 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Registration, Meet & Greet<br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1100 - 1200 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Board Welcome & Kickoff
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1100 - 1200 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Lunch
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1300 - 1320 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Projects
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1330 - 1350 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Industry
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1400 - 1420<br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Membership
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1430 - 1450<br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Connections
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1500 - 1520 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Coffee Break
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1530 - 1450 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Chapters
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1600 - 1620 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Education
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1630 - 1730 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | TBD
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1730 - 1800 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Wrap up of the Day <br>
| |
− | | |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1900 - 2100 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Dinner <br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 2100 - 0000 <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" |
| |
− | Evening Event TBD<br>
| |
− | | |
− | |}
| |
− | | |
− | <br>
| |
− | | |
− | {| border="0" align="center" style="width: 90%;"
| |
− | |-
| |
− | | align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" colspan="5" | Agenda for Wednesday, February 9th, 2011
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | [http://www.owasp.org/index.php/Working_Sessions_Methodology Working Sessions]
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 0900 - 1100
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php?title=Working_Sessions_Browser_Working_Group&action=edit Browser Working Group]
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php/Assesment_Criteria_%26_Orphaned_Projects Projects - Assessment Criteria & Orphaned Projects]<br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | TBD<br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1100 - 1300
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php?title=Working_Sessions_Browser_Working_Group&action=edit Browser Working Group]
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | TBD<br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | TBD<br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1300 - 1400
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Lunch
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Lunch<br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Lunch<br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1330 - 1530
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php?title=Working_Sessions_Browser_Working_Group&action=edit Browser Working Group]
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php/Funding,_Marketing,_%26_Commerical_Services Projects - Funding, Marketing, & Commerical Services]<br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | TBD<br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1530 - 1400
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Coffee Break
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Coffee Break<br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Coffee Break<br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1400 - 1900
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php?title=Working_Sessions_Browser_Working_Group&action=edit Browser Working Group]
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | TBD<br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | TBD<br>
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1900 - 2100
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Dinner
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 2100 - 0000
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Evening Event TBD
| |
− | |}
| |
− | | |
− | <br>
| |
− | | |
− | {| border="0" align="center" style="width: 90%;"
| |
− | |-
| |
− | | align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" colspan="5" | Agenda for Thursday, February 10th, 2010
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | <br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Main Room
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php/Working_Sessions_Methodology Working Sessions]<br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php/Working_Sessions_Methodology Working Sessions<br>]
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 0900 - 1100
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | <br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php/XSS_-_Frameworks XSS - Frameworks]
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | TBD
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1100 - 1300
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | <br>
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | [http://www.owasp.org/index.php/Assesment_Criteria_%26_Orphaned_Projects XSS- Awarness, Resources & Partnerships]
| |
− | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | TBD
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1300- 1330
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Lunch
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1330 - 1415
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Projects
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1415 - 1530
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Memberships
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1530 - 1600
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Coffee Break
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1600 - 1645
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Chapters
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1645- 1730
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Connections
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1900 - 2100
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Dinner
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 2100 - 0000
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Evening Event TBD
| |
− | |}
| |
− | | |
− | <br>
| |
− | | |
− | {| border="0" align="center" style="width: 90%;"
| |
− | |-
| |
− | | align="center" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" colspan="6" | Agenda for Friday, February 11th, 2011
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 0900 - 1000
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Board Presentation
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1000 - 1045
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Industry
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1045 - 1130
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Connections
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1130 - 1215
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Education
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1230 - 1330
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="4" | Lunch
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1330 - 1530
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="5" | TBD
| |
− | |-
| |
− | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 1530 - 1700
| |
− | | align="center" style="width: 90%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" colspan="5" | Wrap Up Summit
| |
− | |}
| |
− | | |
− | <br>* '''Browser Day:'''
| |
− | <span style="font-weight: bold;"> </span>
| |
− | One of the great challenges of application security is browser security. The browser is becoming our de facto runtime platform for applications and it comprises a whole ecosystem of plugins and web technologies.Therefore we will spend a full day working together with the leading browser vendors to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and endusers.Do not miss this chance to influence what's important in browser security in the coming years.
| |
− | | |
− | '''* Sandboxing:''' Is sandboxing the right way forward? Can sandboxing be harmonized with the origin policies for cookies, scripting, and ajax – i e share the same compartmentalization? How should we apply sandboxing to plugins?<br> '''* Securing plugins:''' Should browsers ship with default plugins? Should plugins be auto-updated? Can plugins or versions of plugins be blacklisted centrally?<br> '''* Enduser warnings: '''How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? What to do about 50 % of users clicking through warnings?<br> '''* Blacklisting: '''Can we cooperate better on blacklisting? Does it work between cultures, i e can we have the same process for reporting throughout the world?<br> '''* OS integration: '''More and more features in browsers get integrated with the underlying operating system. Processes, fonts, filesystem, 3D graphics. How do we secure this?<br> '''* JavaScript:''' How do we secure the universally deployed web application language? Much focus has been on execution performance but what about security? Will EcmaScript 5 strict-mode be supported anytime soon (currently no support)? Are (more) secure "dialects" such as FBJS and Caja the way to go? What's happening in EcmaScript Harmony?<br> '''* New HTTP headers:''' Are new opt-in HTTP headers the right way to add security features? For example Strict Transport Security, x-frame-options, origin and Content Security Policy.
| |
− | | |
− | <headertabs />
| |
In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great infrastructure. OWASP 2.0 was establishing the 501c3, putting in the wiki, and getting lots of great projects started. OWASP 3.0 started with the Summit in Portugal when we created the new committees and has focused on creating thriving projects instead of standalone tools. Thank you for all of your efforts growing a fun, civil, productive community.
I reach out to you now to ask you to take some time and think about what OWASP should become. The time has come to measure our success not by the number of members, projects, and conferences, but by whether we are succeeding at making the world’s software more secure. It’s time to get our message and strategy to the next level.
If you consider yourself an OWASP Leader, won’t you take a few minutes of quiet time and propose a few ideas for how OWASP can retool, reorganize, refocus, and revamp itself to really achieve our mission? We will rip, mix, and burn these ideas into a new strategy for OWASP at the Portugal Summit. I encourage you to check out the resort and all the plans happening right now at https://www.owasp.org/index.php/Summit_2011.
Here are some ideas to get you started.
In one week of thinking, arguing, coding, hacking, and writing we are going to accomplish more than the rest of the world’s appsec efforts combined. We’ll see you in Portugal ready to rock. Thanks!
Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, see the promotional materials page.