This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "User talk:Jmanico"

From OWASP
Jump to: navigation, search
m (Cryptographic Storage Cheat Sheet)
(strategic goal ideas 2015)
Line 1: Line 1:
 
= Jim's Suggestions for 2015 Strategic Plans =  
 
= Jim's Suggestions for 2015 Strategic Plans =  
* Build a scalable OWASP training program that spreads security training around the world
 
** Focus on building free and open source training materials for all to use
 
** Take existing wiki, powerpoint from talks, powerpoints from trainers who have open sourced content, key OWASP training-centric projects (webgoat, security Shepard, etc) and merge, clean up and professionalize the content into an OWASP branded series of trainings.
 
** Produce professional OWASP branded training videos and CBT
 
** Focus conference training program on using open source as opposed to proprietary/commercial content
 

* Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events.
 
** Better plan to help chapters use funds
 
** Alert all chapters of existing chapter funds, on a monthly basis, on their public lists. Link to "How to use it to spread the message"
 
** FUND SMALLER CHAPTERS IN A VERY SIGNIFICANT WAY
 

* Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects.
 
** Consider hiring senior developer/developers to mature code centric OWASP programs like ESAPI, OWASP Java Encoder, etc.
 
** Consider funding security initiatives reviewing various open source projects and software frameworks in common use
 
** Build a new website that is developer centric, pointing to key developers/secure coding projects and materials and other resources
 
  
==Cryptographic Storage Cheat Sheet==
+
== Build a scalable OWASP training program that spreads security training around the world ==
Jim, I've been just looking at [[Cryptographic Storage Cheat Sheet]] and it's missing direct requirement on ensuring message integrity. It's kind of mentioned in the section on authenticated encryption modes, but without mentioning HMAC it's like describing Rolls-Royce without mentioning Ford :) And the problem seems to be wide-spread (as I've just wrote [http://ipsec.pl/node/1085 here]). I can add that, but wanted to coordinate with you first. [[User:Pawel Krawczyk|Pawel Krawczyk]] 21:47, 21 January 2013 (UTC)
+
*  Focus on building free and open source training materials for all to use
 +
* Take existing wiki, powerpoint from talks, powerpoints from trainers who have open sourced content, key OWASP training-centric projects (webgoat, security Shepard, etc) and merge, clean up and professionalize the content into an OWASP branded series of trainings.
 +
* Produce professional OWASP branded training videos and CBT
 +
* Focus conference training program on using open source as opposed to proprietary/commercial content
 +
 +
== Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events. ==
 +
* Better plan to help chapters use funds
 +
* Alert all chapters of existing chapter funds, on a monthly basis, on their public lists. Link to "How to use it to spread the message"
 +
* FUND SMALLER CHAPTERS IN A VERY SIGNIFICANT WAY
 +
 +
== Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects. ==
 +
* Consider hiring senior developer/developers to mature code centric OWASP programs like ESAPI, OWASP Java Encoder, etc.
 +
* Consider funding security initiatives reviewing various open source projects and software frameworks in common use
 +
* Build a new website that is developer centric, pointing to key developers/secure coding projects and materials and other resources

Revision as of 14:55, 22 May 2015

Jim's Suggestions for 2015 Strategic Plans

Build a scalable OWASP training program that spreads security training around the world

  • Focus on building free and open source training materials for all to use
  • Take existing wiki, powerpoint from talks, powerpoints from trainers who have open sourced content, key OWASP training-centric projects (webgoat, security Shepard, etc) and merge, clean up and professionalize the content into an OWASP branded series of trainings.
  • Produce professional OWASP branded training videos and CBT
  • Focus conference training program on using open source as opposed to proprietary/commercial content

Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events.

  • Better plan to help chapters use funds
  • Alert all chapters of existing chapter funds, on a monthly basis, on their public lists. Link to "How to use it to spread the message"
  • FUND SMALLER CHAPTERS IN A VERY SIGNIFICANT WAY

Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects.

  • Consider hiring senior developer/developers to mature code centric OWASP programs like ESAPI, OWASP Java Encoder, etc.
  • Consider funding security initiatives reviewing various open source projects and software frameworks in common use
  • Build a new website that is developer centric, pointing to key developers/secure coding projects and materials and other resources