This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011"
Sarah Baso (talk | contribs) (Changing attendee list) |
Tara Causey (talk | contribs) |
||
Line 3: | Line 3: | ||
==== Welcome ==== | ==== Welcome ==== | ||
− | {| | + | {| cellspacing="0" cellpadding="20" border="0" class="FCK__ShowTableBorders" |
|- | |- | ||
| [[Image:OWASPGlobalSummitLogo-3THISONEHASTHEMOSTVOTESSOFAR.jpg|border|center|462x347px]] | | [[Image:OWASPGlobalSummitLogo-3THISONEHASTHEMOSTVOTESSOFAR.jpg|border|center|462x347px]] | ||
Line 9: | Line 9: | ||
=== Dear OWASP Leaders and appsec community, === | === Dear OWASP Leaders and appsec community, === | ||
− | <br>The Summit will be held February 8th-11th in (Cascais) Lisbon, Portugal. This will be the place where appsec experts meet, discuss, work, socialize, and set the roadmap for OWASP in coming years. <br><br> | + | <br>The Summit will be held February 8th-11th in (Cascais) Lisbon, Portugal. This will be the place where appsec experts meet, discuss, work, socialize, and set the roadmap for OWASP in coming years. <br><br> |
=== The Summit Activates *You* === | === The Summit Activates *You* === | ||
Line 27: | Line 27: | ||
=== Organizing Committee === | === Organizing Committee === | ||
− | [[User:Lorna Alamri|Lorna Alamri]], [[User:Bradcausey|Brad Causey]], [[User:Justin42|Justin Clarke]], [[User:Paulo Coimbra|Paulo Coimbra]], [[User:Dinis.cruz|Dinis Cruz]], [[User:Knoblochmartin|Martin Knobloch]], [[User:Wichers|Dave Wichers]], [[User:John.wilander|John Wilander]], [[User:Jason Li|Jason Li]], Tara Causey, [[User:Sarah Baso | Sarah Baso]] | + | [[User:Lorna Alamri|Lorna Alamri]], [[User:Bradcausey|Brad Causey]], [[User:Justin42|Justin Clarke]], [[User:Paulo Coimbra|Paulo Coimbra]], [[User:Dinis.cruz|Dinis Cruz]], [[User:Knoblochmartin|Martin Knobloch]], [[User:Wichers|Dave Wichers]], [[User:John.wilander|John Wilander]], [[User:Jason Li|Jason Li]], Tara Causey, [[User:Sarah Baso|Sarah Baso]] . |
− | . | ||
| valign="top" | | | valign="top" | | ||
=== Who's Invited? === | === Who's Invited? === | ||
− | As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info. | + | As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info. |
|} | |} | ||
− | <!---[[Image:Summit Group 4.jpg|border|OWASP Summit 2008 in Portugal]] ---> | + | <!---[[Image:Summit Group 4.jpg|border|OWASP Summit 2008 in Portugal]] ---> |
==== Operational guidelines ==== | ==== Operational guidelines ==== | ||
Line 51: | Line 50: | ||
##OWASP Funded: | ##OWASP Funded: | ||
###Board | ###Board | ||
− | ###Committee Members | + | ###Committee Members |
##Chapter / sponsor Funded: | ##Chapter / sponsor Funded: | ||
− | ###Chapter Leaders | + | ###Chapter Leaders |
− | ##Project Leaders | + | ##Project Leaders |
#venue / location criteria (no decision on the venue) | #venue / location criteria (no decision on the venue) | ||
##1 key organizer in close contact with the venue | ##1 key organizer in close contact with the venue | ||
Line 87: | Line 86: | ||
*this are not sponsored by OWASP of OWASP summit budget | *this are not sponsored by OWASP of OWASP summit budget | ||
− | <br> | + | <br> |
==== Agenda (draft) ==== | ==== Agenda (draft) ==== | ||
Line 105: | Line 104: | ||
== XSS Eradication == | == XSS Eradication == | ||
− | We will have a half day working session on Cross Site Scripting - specifically how OWASP can make 2011 the year of XSS... going away. How we help bring this about through contributing our knowledge to cornerstone projects, how we can raise the awareness through advocacy, and what we can do to ensure that OWASP and other freely available resources and made available to the wider community, and that they are aware of them. <br> | + | We will have a half day working session on Cross Site Scripting - specifically how OWASP can make 2011 the year of XSS... going away. How we help bring this about through contributing our knowledge to cornerstone projects, how we can raise the awareness through advocacy, and what we can do to ensure that OWASP and other freely available resources and made available to the wider community, and that they are aware of them. <br> |
== Enterprise Web Defense Roundtable == | == Enterprise Web Defense Roundtable == | ||
− | How are enterprises defending web applications. Discussion of best practices, effective methods, and new ideas to enhance web application defense. (Session Leader: Michael Coates, Mozilla) | + | How are enterprises defending web applications. Discussion of best practices, effective methods, and new ideas to enhance web application defense. (Session Leader: Michael Coates, Mozilla) |
− | == University Outreach == | + | == University Outreach == |
This summit will be the place to bring OWASP Educational Supporters together! What security major and minor educations are out there? How can OWASP participate and influence their curricula? How can the relationship between Universities and OWASP be standardized? What does OWASP have to offer Universities and what can they, in turn, expect from each other? | This summit will be the place to bring OWASP Educational Supporters together! What security major and minor educations are out there? How can OWASP participate and influence their curricula? How can the relationship between Universities and OWASP be standardized? What does OWASP have to offer Universities and what can they, in turn, expect from each other? | ||
− | == OWASP Projects == | + | == OWASP Projects == |
We will have a session on how OWASP should support, grow, and manage projects. This includes:<br>-Assessment criteria<br>-Orphaned projects<br>-Funding<br>-Marketing<br>-Commercial services | We will have a session on how OWASP should support, grow, and manage projects. This includes:<br>-Assessment criteria<br>-Orphaned projects<br>-Funding<br>-Marketing<br>-Commercial services | ||
− | <br> | + | <br> |
==== OWASP Around the World ==== | ==== OWASP Around the World ==== | ||
Line 154: | Line 153: | ||
A Day in Lisbon, Portugal: | A Day in Lisbon, Portugal: | ||
− | [[Image:Cascais2.jpg]]<br><br>Click this link to see all the City of Lisbon has to offer, which is only a short train ride from the resort.<br>[http://www.golisbon.com/portugal/cities/cascais.html http://www.golisbon.com/portugal/cities/cascais.html]<br>or<br>[http://www.travel-in-portugal.com/Cascais/ http://www.travel-in-portugal.com/Cascais/]<br>'''Lisbon''' - Spreading out along the right bank of the Tagus, its downtown, the Baixa, is located in the 18th-century area around Rossio. East of the arcade Praça do Comércio, are the medieval quarters of Alfama and Mouraria, crowned by the magnificent St. George's Castle. To the west lie Bairro Alto and Madragoa, with their typical streets, and on the western extreme is Belém, with its Belém Tower, (the sentinel over the Tagus river that protects the entrance into Lisbon), the Jerónimos Monastery (masterpieces of Manueline architecture and classified in UNESCO's International Heritage list) and the Cultural Center of Belém.[http://www.portugalvirtual.pt/0/83.html <br>Museums:] Ancient Art, Chiado (Contemporary Art), Tile, Archaeology, Ethnology, Coach, Costume, Theater, Maritime, Military, City, Gulbenkian, Modern Art Center, and the Ricardo Espirito Santo Silva Foundation. Palaces open to the public: Ajuda and Fronteira. Churches: Cathedral (with Treasury); São Vicente de Fora; Conceição Velha (Manueline), São Roque and Sacred Art; Madre Deus; Santa Engrácia Pantheon (Baroque), and the Estrela Basilica.<br>[http://www.portugalvirtual.pt/0/60.html Shopping:] Downtown; Avenida de Roma, Praça de Londres, Avenida Guerra Junqueiro, and Amoreiras. <br>[http://www.portugalvirtual.pt/0/80.html Nightlife:] Bairro Alto and Avenida 24 de Julho.<br>[http://www.portugalvirtual.pt/tours/index.html Guided Tours]<br><br> | + | [[Image:Cascais2.jpg]]<br><br>Click this link to see all the City of Lisbon has to offer, which is only a short train ride from the resort.<br>[http://www.golisbon.com/portugal/cities/cascais.html http://www.golisbon.com/portugal/cities/cascais.html]<br>or<br>[http://www.travel-in-portugal.com/Cascais/ http://www.travel-in-portugal.com/Cascais/]<br>'''Lisbon''' - Spreading out along the right bank of the Tagus, its downtown, the Baixa, is located in the 18th-century area around Rossio. East of the arcade Praça do Comércio, are the medieval quarters of Alfama and Mouraria, crowned by the magnificent St. George's Castle. To the west lie Bairro Alto and Madragoa, with their typical streets, and on the western extreme is Belém, with its Belém Tower, (the sentinel over the Tagus river that protects the entrance into Lisbon), the Jerónimos Monastery (masterpieces of Manueline architecture and classified in UNESCO's International Heritage list) and the Cultural Center of Belém.[http://www.portugalvirtual.pt/0/83.html <br>Museums:] Ancient Art, Chiado (Contemporary Art), Tile, Archaeology, Ethnology, Coach, Costume, Theater, Maritime, Military, City, Gulbenkian, Modern Art Center, and the Ricardo Espirito Santo Silva Foundation. Palaces open to the public: Ajuda and Fronteira. Churches: Cathedral (with Treasury); São Vicente de Fora; Conceição Velha (Manueline), São Roque and Sacred Art; Madre Deus; Santa Engrácia Pantheon (Baroque), and the Estrela Basilica.<br>[http://www.portugalvirtual.pt/0/60.html Shopping:] Downtown; Avenida de Roma, Praça de Londres, Avenida Guerra Junqueiro, and Amoreiras. <br>[http://www.portugalvirtual.pt/0/80.html Nightlife:] Bairro Alto and Avenida 24 de Julho.<br>[http://www.portugalvirtual.pt/tours/index.html Guided Tours]<br><br> |
− | <br> | + | <br> |
==== Sponsoring ==== | ==== Sponsoring ==== | ||
Line 162: | Line 161: | ||
We will welcome a few sponsors of this very special event, typically organization that participate in the summit. If you are interested in supporting the global summit, please contact Lorna.Alamri at owasp.org. | We will welcome a few sponsors of this very special event, typically organization that participate in the summit. If you are interested in supporting the global summit, please contact Lorna.Alamri at owasp.org. | ||
− | <br> | + | <br> |
'''Attendees that qualify to be sponsored by OWASP<br>Some leaders that are active within OWASP may qualify to have all or partial transportation and lodging paid for by OWASP.<br>To be considered for qualification, you must meet one or more of the following criteria:''' | '''Attendees that qualify to be sponsored by OWASP<br>Some leaders that are active within OWASP may qualify to have all or partial transportation and lodging paid for by OWASP.<br>To be considered for qualification, you must meet one or more of the following criteria:''' | ||
Line 172: | Line 171: | ||
'''Current sponsorship budget is $50,000 for the Summit.''' | '''Current sponsorship budget is $50,000 for the Summit.''' | ||
− | If you feel you might qualify, please contact Brad Causey or Jason Li. If you do not meet these criteria, and still feel that you should be sponsored, please contact {{Template:Contact | name = Brad Causey | email = [email protected]}} or {{Template:Contact | name = Jason Li | email = [email protected]}} | + | If you feel you might qualify, please contact Brad Causey or Jason Li. If you do not meet these criteria, and still feel that you should be sponsored, please contact {{Template:Contact | name = Brad Causey | email = [email protected]}} or {{Template:Contact | name = Jason Li | email = [email protected]}} |
− | <br> | + | <br> |
==== Applying for Chapter or Project Sponsorship ==== | ==== Applying for Chapter or Project Sponsorship ==== | ||
− | |||
− | |||
+ | [https://docs.google.com/document/d/1TBj0BxBnzx8P7SegtEc8dSUNlQdLEZ5xXTbwfbdh6Bg/edit?hl=en&authkey=CNvixYEL Application for OWASP Chapter or Project Funding] <br> <br>[[Image:WorkflowProcesstoApplyforChapterorProjectFunding.png|800x600px]] <br> | ||
− | + | <br> | |
− | + | ==== Confirmed Summit Attendees ==== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | Dinis Cruz (Board)<br> Tom Brennan (Board)<br> Eoin Keary (Board)<br> Jeff Williams (Board)<br> Seba Deleersnyder (Board)<br> Dave Wichers (Board)<br> Matt Tesauro (Board)<br> Paulo Coimbra (OWASP)<br> Alison Shrader (OWASP)<br> Kate Hartmann (OWASP)<br> Larry Casey (OWASP)<br> | ||
+ | <br> | ||
− | ==== Letters and Summit Materials==== | + | ==== Letters and Summit Materials ==== |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | [[Media:OWASP_summit2011-DC-update.pdf|Summit 2011 Presentation for AppSec DC]] <br> [https://docs.google.com/document/d/1TBj0BxBnzx8P7SegtEc8dSUNlQdLEZ5xXTbwfbdh6Bg/edit?hl=en&authkey=CNvixYEL Application for OWASP Chapter or Project Funding] <br><br> [https://docs.google.com/document/d/1sDeYKk6HuJiQ-CvihS4r1QVs21W3LhtLYfPyyLBwtQc/edit?hl=en&authkey=CPXmjJkK Template Letter - 2011 Global Summit Basic Invitation] <br> [https://docs.google.com/document/d/1Hi2Rc6wsaDMVEEssKuWqpBZe0IxtR51dLEbNIYsQaR0/edit?hl=en&authkey=CJbSpfEI Template Letter - 2011 Global Summit University Outreach Invitation]<br> [https://docs.google.com/document/d/13H-iGoHeUrAC0Pdm9mkA40no1M71YwgMdNA1829rLs0/edit?hl=en&authkey=CMaG0pIK Template Letter - 2011 Global Summit Government Invitation]<br> [https://docs.google.com/document/d/1u0ydRKuDOlzoxM4pI9Gyka_Goh_RDz5rLlMcLohUtdU/edit?hl=en&authkey=CMOizEs Template Letter - 2011 Global Summit Request for Employer Funding and Sponsorship]<br> [https://docs.google.com/document/d/10mE4EcsfwNOl3X43fKaTMERU79X2z5jUxLvAKkrlgqQ/edit?hl=en&authkey=CN2x0qoN Template Letter - 2011 Global Summit Request for Employer Funding, Version 2]<br> | ||
− | <headertabs /> | + | ==== Schedule (Draft) ==== |
+ | |||
+ | {| border="0" align="center" style="width: 80%;" | ||
+ | |- | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | Agenda for Monday, November 3rd, 2008 | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:00 | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Title Here | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% white;" | Training Sessions | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:00 - 17:00 | ||
+ | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Securing WebGoat with ModSecurity<br>Stephen Craig Evans | ||
+ | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | WebSec Apps for Managers and Executives<br>[http://uk.youtube.com/watch?v=r04EOuukvMQ Video]<br>Mano Paul | ||
+ | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(192, 160, 160);" | OWASP Testing Guide<br>Matteo Meucci | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 19:00 | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Summit Briefing<br>Dinis Cruz and Summit Organization Team | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 20:00 | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Dinner | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | {| border="0" align="center" style="width: 80%;" | ||
+ | |- | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | Agenda for Tuesday, November 4th, 2008 | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 08:00 | ||
+ | | align="center" colspan="4" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Registration | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:00 | ||
+ | | align="center" colspan="4" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Summit Keynote<br>Dinis Cruz and Summit Organization Team | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" colspan="2" style="width: 45%; background: none repeat scroll 0% 0% rgb(255, 223, 128);" | '''Documents''' | ||
+ | | align="center" colspan="2" style="width: 45%; background: none repeat scroll 0% 0% rgb(160, 192, 224);" | '''Tools''' | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:30 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP Testing Project|'''OWASP Testing Guide - SoC 08''']]<br>[http://www.owasp.org/images/2/2c/OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt PowerPoint Presentation]<br>Matteo Meucci | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP JSP Testing Tool Project|'''OWASP JSP Testing Tool - SoC 08''']]<br>Jason Li | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:45 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP Code Review Project|'''OWASP Code Review Project - SoC 08''']]<br>[https://www.owasp.org/images/5/59/Code_Review_Eoin.pptx PowerPoint Presentation]<br>Eoin Keary | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP Orizon Project|'''OWASP Orizon Project - SoC 08''']]<br>[https://www.owasp.org/images/9/9b/OWASP_EU_Summit_2008_The_Owasp_Orizon_Project.ppt PowerPoint Presentation]<br>Paolo Perego | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP ASDR Project|'''OWASP Application Security Desk Reference - SoC 08''']]<br>Leonardo Cavallari Militelli | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP Live CD 2008 Project|'''OWASP Live CD - SoC 08''']]<br>Matt Tesauro | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:OWASP Spanish|'''OWASP Spanish Project - SoC 08''']]<br>Juan Carlos Calderon | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP WebScarab Project|'''OWASP WebScarab Project''']]<br>[https://www.owasp.org/images/8/88/OWASP_EU_Summit_2008_WebScarab_treasures.ppt PowerPoint Presentation]<br>Rogan Dawes | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:30 | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:45 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | .NET ESAPI<br>Alex Smolen | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:00 | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Working Sessions Briefing<br>Dinis Cruz | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% white;" | Working Sessions | ||
+ | |} | ||
+ | |||
+ | {| border="0" align="center" style="width: 80%;" | ||
+ | |- | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% white;" | | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:15 - 13:00 | ||
+ | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP Documentation Projects|'''Documentation Projects/Guides Integration and Unified 4.0 Version''']]<br>[https://www.owasp.org/images/9/92/Final_OWASP_Guidelines_Ideas_List_.docx WS Conclusions]<br>Eduardo Neves | ||
+ | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - Browser Security|'''OWASP Intrinsic Security Working Group - Browser Security''']]<br>Arshan Dabirsiaghi | ||
+ | | align="center" style="width: 30%; background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP Tools Projects|'''Tools Projects''']]<br>[https://www.owasp.org/images/5/51/EUSummit08_OWASP_Tools_Working_Session_Suggestions.doc WS Conclusions]<br>Matt Tesauro | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:00 | ||
+ | | align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% white;" | Training Sessions | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:00 | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''The Art and Science of Threat Modeling Web Applications'''<br>[http://uk.youtube.com/watch?v=r04EOuukvMQ Video]<br>Mano Paul | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''Web Server Hardening SELinux'''<br>[https://www.owasp.org/images/d/db/SELinux-course-OWASP.pdf PDF Presentation]<br>Pavol Luptak | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''Offensive WebApp Hacking'''<br>[http://www.youtube.com/watch?v=cl6BHhi2Dys Video - LDAP, XML and SQL injection]<br>[http://www.carlosserrao.net/files/owasp/owaspdemo02.swf Video - LDAP injection demo]<br>[http://www.carlosserrao.net/files/owasp/owaspdemo04.swf XML injection demo]<br>[http://www.carlosserrao.net/files/owasp/owaspdemo03.swf Video - SQL injection demo ]<br>Marco Slaviero | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:00 | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''Phishing attack'''<br>[http://www.youtube.com/watch?v=uf9hw-qvx-I Video]<br>Matt Teasuro & Brad Causey | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''Clickjacking'''<br>[http://www.youtube.com/watch?v=H9srYh0HMP4 Video]<br>[http://www.carlosserrao.net/files/owasp/owaspdemo01.swf Demonstration]<br>Arshan Dabirsiaghi | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:00 | ||
+ | | align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% white;" | Working Sessions | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:30 | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session Enterprise Security API Project|'''OWASP Enterprise Security API Project (ESAPI)''']]<br>[http://uk.youtube.com/watch?v=-D_bymZ-8vI Video]<br>[https://www.owasp.org/images/7/70/ESAPI_Ideas_List.docx WS Conclusions]<br>Jeff Williams | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 18:30 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP ASDR|'''OWASP Application Security Desk Reference - ASDR''']]<br>Leonardo Cavallari | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - .NET Project|'''.NET Project''']]<br>Dinis Cruz | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | {| border="0" align="center" style="width: 80%;" | ||
+ | |- | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | Agenda for Wednesday, November 5th, 2008 | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:15 | ||
+ | | align="center" colspan="4" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Daily Briefing<br>Dinis Cruz | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" colspan="2" style="width: 30%; background: none repeat scroll 0% 0% rgb(255, 223, 128);" | '''Standards and Education''' | ||
+ | | align="center" colspan="2" style="width: 30%; background: none repeat scroll 0% 0% rgb(160, 192, 224);" | '''Tools''' | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP Positive Security Project|'''OWASP Positive Security Project - SoC 08''']]<br>Eduardo Neves | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP Access Control Rules Tester Project|'''OWASP Access Control Rules Tester - SoC 08''']]<br>[https://www.owasp.org/images/3/32/OWASP_EU_Summit_2008_AcCoRuTe.pptx PowerPoint Presentation]<br>Andrew Petukhov | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP Education Project|'''OWASP Education Project - SoC 08''']]<br>Sebastien Deleersnyder, Martin Knobloch | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP Teachable Static Analysis Workbench Project|'''OWASP Teachable Static Analysis Workbench - SoC 08''']]<br>[https://www.owasp.org/images/6/69/Teachable_static_analysis_workbench.pptx PowerPoint Presentation]<br>Dmitry Kozlov | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:30 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:OWASP Internationalization|'''OWASP Internationalization Project - Soc 08''']]<br>Juan Carlos Calderon | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP AppSensor Project|'''OWASP AppSensor - SoC 08''']]<br>[https://www.owasp.org/images/7/77/Presentation_AppSensor.ppt PowerPoint Presentation]<br> Michael Coates | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:45 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | '''PASSWD Project: Metrics and Vulnerabilities'''<br>[https://www.owasp.org/images/f/f6/PASSWD.ppt PowerPoint Presentation]<br>Lucilla Mancini | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP Backend Security Project|'''OWASP Backend Security Project - SoC 08''']]<br>[https://www.owasp.org/images/2/20/OWASP_EU_Summit_2008_Presentation_Model.ppt PowerPoint Prsentation]<br>Carlo Pelliccioni | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:00 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP Open Review Project|'''OWASP Open Review Project''']]<br>Dan Cornell | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|'''OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project - SoC 08''']]<br>[https://www.owasp.org/images/c/c4/Site_generator.pptx PowerPoint Presentation]<br>Dmitry Kozlov | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:15 | ||
+ | | align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(242, 152, 76);" | [[OWASP EU Summit 2008#NEW_GLOBAL_COMMITTEE_STRUCTURE|'''OWASP Global Committee Elections''']] | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30 | ||
+ | | align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% white;" | Working Sessions | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 12:45 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[OWASP Working Session Education Project|'''Education Project''']]<br>[https://www.owasp.org/images/3/33/OWASP_Education_Working_Session_Notes_-_Ideas.ppt WS Conclusions]<br>Sebastien Deleersnyder | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP Testing Guide|'''Testing Guide''']]<br>Matteo Meucci | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - Web Application Framework Security|'''Web Application Framework Security''']]<br>Arshan Dabirsiaghi | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:45 | ||
+ | | align="center" colspan="4" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch (During Working Sessions) | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% white;" | Training Sessions | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 15:00 | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''Flash Player Security'''<br>Peleus Uhley | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''OWASP Top 10'''<br>[http://uk.youtube.com/watch?v=GsRbpshqqII Video]<br>Sebastien Deleersnyder and Martin Knobloch | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''Uncovering WebScarab's Secret Treasures'''<br>[https://www.owasp.org/images/8/88/OWASP_EU_Summit_2008_WebScarab_treasures.ppt PowerPoint Presentation]<br>Rogan Dawes | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | '''Hacking the Orizon'''<br>[http://www.owasp.org/index.php/Image:Hacking_the_Owasp_Orizon.ppt PowerPoint Presentation]<br>Paolo Perego | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 17:00 | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="4" style="width: 90%; background: none repeat scroll 0% 0% white;" | Working Sessions | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 17:30 | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - Code Review Guide|'''Code Review Guide''']]<br>Eoin Keary | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | EU Funding for OWASP Projects<br>Carlos Serrao | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP Certification|'''OWASP Certification''']]<br>Tom Brennan | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | Software Assurance Maturity Model<br>Pravir Chandra | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 19:00 | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP Website|'''OWASP Website''']]<br>[https://www.owasp.org/images/8/8b/EUSummit08_OWASP_Web_Site_Working_Session_Suggestions.doc WS Conclusions]<br>[https://www.owasp.org/images/2/2e/Website.ppt PPT Presentation]<br>Fabio Cerullo | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | '''Metrics & Vulnerabilities'''<br>[https://www.owasp.org/images/0/0d/PASSWD_description.doc Word Presentation]<br>Lucilla Mancini | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | OWASP Orizon<br>Paolo Perego | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | {| border="0" align="center" style="width: 80%;" | ||
+ | |- | ||
+ | | align="center" colspan="6" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | Agenda for Thursday, November 6th, 2008 | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 09:15 | ||
+ | | align="center" colspan="5" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Daily Briefing<br>Dinis Cruz | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" colspan="2" style="width: 30%; background: none repeat scroll 0% 0% rgb(255, 223, 128);" | '''Technology''' | ||
+ | | align="center" colspan="3" style="width: 30%; background: none repeat scroll 0% 0% rgb(160, 192, 224);" | '''Tools''' | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Classic ASP Security Project|'''OWASP Classic ASP Security Project - SoC 08''']]<br>Juan Carlos Calderon | ||
+ | | align="center" colspan="3" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP Source Code Review OWASP Projects Project|'''OWASP Source Code Review - SoC 08''']]<br>[https://www.owasp.org/images/c/c9/OWASPEU_SourceReview.ppt PowerPoint Presentation]<br>James Walden | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP Ruby on Rails Security Guide V2|'''OWASP Ruby on Rails Security Project - SoC 08''']]<br>[https://www.owasp.org/images/3/32/Rails_security_2_presentation.pdf PDF Presentation]<br>Heiko Webers | ||
+ | | align="center" colspan="3" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp - SoC 08''']]<br>Arturo Alberto Busleiman | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:30 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP Webslayer Project|'''OWASP Webslayer Project''']]<br>Christian Martorella | ||
+ | | align="center" colspan="3" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP Securing WebGoat using ModSecurity Project|'''OWASP Securing WebGoat using ModSecurity Project - SoC 08''']]<br>Stephen Evans and Christian Folini | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:00 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(255, 223, 128);" | [[:Category:OWASP Skavenger Project|'''OWASP Skavenger Project - SoC 08''']]<br>Matthias Rohr | ||
+ | | align="center" colspan="3" style="background: none repeat scroll 0% 0% rgb(160, 192, 224);" | [[:Category:OWASP AntiSamy Project .NET|'''OWASP AntiSamy Project - SoC 08''']]<br>Marcin Wielgoszewski | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:15 | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Coffee Break | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="5" style="width: 90%; background: none repeat scroll 0% 0% white;" | Working Sessions | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30 | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session Top 10 2009|'''OWASP Top 10 - 2009''']]<br>Dave Wichers | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP Intra Governmental Affairs|'''OWASP Intra Governmental Affairs''']]<br>David Campbell | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | SAMM v2 | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP Website|'''OWASP Website''']]<br>Fabio Cerullo | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | Handling Web MalWare | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:00 | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Lunch (During Working Sessions) | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="5" style="width: 90%; background: none repeat scroll 0% 0% white;" | Training Sessions | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:00 | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Ajax Security | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Auditing Flash Applications<br>Peleus Uhley | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | WebApp Assessment<br>Vicente Aguilera Diaz | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(192, 160, 160);" | Mod Security<br>Lucas C. Ferreira | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% white;" | | ||
+ | | align="center" colspan="5" style="width: 90%; background: none repeat scroll 0% 0% white;" | Working Sessions | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 16:30 | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:Working Session OWASP Strategic Planning|'''OWASP Strategic Planning and Business Models compatible with OWASP values''']]<br>Jeff Williams, Dinis Cruz, Dave Wichers, Sebastien Deleersnyder, Tom Brennan & Kate Hartmann and Paulo Combra | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 18:30 | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - Two-way Internationalization of OWASP Content|'''Two-way Internationalization of OWASP Content''']]<br>Juan Carlos Calderon & Sebastien Deleersnyder | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:Best Practices for OWASP Chapter Leaders|'''OWASP Best Practices for Chapter Leaders''']]<br>[https://www.owasp.org/images/0/01/BestPractices_2008.pptx WS Conclusions]<br>Georg Hess | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(179, 255, 153);" | [[:OWASP Working Session - OWASP Live CD&DVD|'''OWASP Live CD & DVD''']]<br>Matt Tesauro | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 20:00 | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Gala Dinner | ||
+ | |- | ||
+ | | align="center" style="background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 22:00 | ||
+ | | align="center" colspan="5" style="background: none repeat scroll 0% 0% rgb(194, 194, 194);" | OWASP Band | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | {| border="0" align="center" style="width: 80%;" | ||
+ | |- | ||
+ | | align="center" colspan="2" style="background: none repeat scroll 0% 0% rgb(64, 88, 160); color: white;" | Agenda for Friday, November 7th, 2008 | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:00 | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Daily Briefing<br>Dinis Cruz | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 10:15 | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 152, 76);" | OWASP AppSec Agenda 2009: Working Session Outcomes | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Documentation Projects/Guides Integration and Unified 4.0 Version<br>Eduardo Neves | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Browser Security<br>Arshan Dabirsiaghi | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | ESAPI<br>Jeff Williams | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Tools Projects<br>Matt Tesauro | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Code Review Guide<br>Eoin Keary | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | OWASP Certification<br>Tom Brennan | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Software Assurance Maturity Model<br>Pravir Chandra | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Top 10 2009<br>Dave Wichers | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Intra Governmental Affairs<br>David Campbell | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Best Practices for Chapter Leaders<br>Georg Hess | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:15 | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 152, 76);" | Coffee Break and Vote (put your dots on the wall) | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 11:30 | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Live CD & DVD<br>Matt Tesauro | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | ADSR<br>Leonardo Cavallari | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Education Project<br>Sebastien Deleersnyder | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Web Application Framework Security<br>Arshan Dabirsiaghi | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Testing Guide<br>Matteo Meucci | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | OWASP Censorship<br>Tom Brennan | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | EU Funding for OWASP Projects<br>Carlos Serrao | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | OWASP Website<br>Fabio Cerullo | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | OWASP Orizon<br>Paolo Perego | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Handling Web MalWare | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | 2-Way Internationalization<br>Juan Carlos Calderon | ||
+ | |- | ||
+ | | style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Portuguese Public & Private Organizations<br>Carlos Serrao | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(194, 194, 194);" | Winter of Code 2009<br>Dinis Cruz and Sebastien Deleersnyder | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 13:00 | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 242, 242);" | Lunch | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 14:00 | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 152, 76);" | [http://www.owasp.org/index.php/Owasp_Board_Meetings_11-07-08 Board Meeting] | ||
+ | |- | ||
+ | | align="center" style="width: 10%; background: none repeat scroll 0% 0% rgb(123, 138, 189);" | 17:00 | ||
+ | | align="center" style="width: 80%; background: none repeat scroll 0% 0% rgb(242, 152, 76);" | Announcement of Summit Procedings | ||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | <br> <headertabs /> |
Revision as of 01:11, 15 November 2010
Welcome
Dear OWASP Leaders and appsec community,
The Summit Activates *You*Whereas the OWASP AppSec conferences are great places to listen to interesting talks, go for training, and meet with OWASP people, the Global Summit is the place where we all sit down together and take the time to discuss and work out plans, projects and solutions for the appsec future. Examples of topics:
| |
Organizing CommitteeLorna Alamri, Brad Causey, Justin Clarke, Paulo Coimbra, Dinis Cruz, Martin Knobloch, Dave Wichers, John Wilander, Jason Li, Tara Causey, Sarah Baso . |
Who's Invited?As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info. |
Operational guidelines
Following the first meeting of the Summit 2011 Organizational team, here are the current proposed operational guidelines:
- the summit is an annual event
- outside OWASP conference
- the summit should take place in January not later then begin of February
- the summit takes 3 to 4 days
- budget aim is US$ 150'000 US$ where 50'000 from OWASP and US$100'000 from sponsors
- attendees targets are:
- OWASP Funded:
- Board
- Committee Members
- Chapter / sponsor Funded:
- Chapter Leaders
- Project Leaders
- OWASP Funded:
- venue / location criteria (no decision on the venue)
- 1 key organizer in close contact with the venue
- hosting 30 to 100 people
- US$2'000 a head (flight/accommodation/food/beers)
- conference facilities
- multiple meeting rooms
- one big meeting room e.g. auditorium
- hotel with the conference facilities or conference venue within walking distance
- apartments if possible (to share apartments/rooms and save money)
- 4 to 5 star hotel
- local food supplier for apartment crashing
- has to be negotiated with the hotel
- max 50 km's form international airport
- sufficient Internet access!
Success factors (what indicates the summit as success)
- break even
- the summits are the place to go to discus about and working on Web Application Security
- review of the past year
- working sessions on committees, projects and industry sectors (e.g. browsers and frameworks)
- universities / education sessions
- committee member election
- board election
- strategic OWASP issues
- road map and action plans for the next 12 month
Other local Summit(s):
- The conferences are free to organize small, conference bound summit
- this are not sponsored by OWASP of OWASP summit budget
Agenda (draft)
Browser Day
One of the great challenges of application security is browser security. The browser is becoming our de facto runtime platform for applications and it comprises a whole ecosystem of plugins and web technologies.Therefore we will spend a full day working together with the leading browser vendors to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and endusers.Do not miss this chance to influence what's important in browser security in the coming years.
- Sandboxing. Is sandboxing the right way forward? Can sandboxing be harmonized with the origin policies for cookies, scripting, and ajax – i e share the same compartmentalization? How should we apply sandboxing to plugins?
- Securing plugins. Should browsers ship with default plugins? Should plugins be auto-updated? Can plugins or versions of plugins be blacklisted centrally?
- Enduser warnings. How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? What to do about 50 % of users clicking through warnings?
- Blacklisting. Can we cooperate better on blacklisting? Does it work between cultures, i e can we have the same process for reporting throughout the world?
- OS integration. More and more features in browsers get integrated with the underlying operating system. Processes, fonts, filesystem, 3D graphics. How do we secure this?
- JavaScript. How do we secure the universally deployed web application language? Much focus has been on execution performance but what about security? Will EcmaScript 5 strict-mode be supported anytime soon (currently no support)? Are (more) secure "dialects" such as FBJS and Caja the way to go? What's happening in EcmaScript Harmony?
- New HTTP headers. Are new opt-in HTTP headers the right way to add security features? For example Strict Transport Security, x-frame-options, origin and Content Security Policy.
XSS Eradication
We will have a half day working session on Cross Site Scripting - specifically how OWASP can make 2011 the year of XSS... going away. How we help bring this about through contributing our knowledge to cornerstone projects, how we can raise the awareness through advocacy, and what we can do to ensure that OWASP and other freely available resources and made available to the wider community, and that they are aware of them.
Enterprise Web Defense Roundtable
How are enterprises defending web applications. Discussion of best practices, effective methods, and new ideas to enhance web application defense. (Session Leader: Michael Coates, Mozilla)
University Outreach
This summit will be the place to bring OWASP Educational Supporters together! What security major and minor educations are out there? How can OWASP participate and influence their curricula? How can the relationship between Universities and OWASP be standardized? What does OWASP have to offer Universities and what can they, in turn, expect from each other?
OWASP Projects
We will have a session on how OWASP should support, grow, and manage projects. This includes:
-Assessment criteria
-Orphaned projects
-Funding
-Marketing
-Commercial services
OWASP Around the World
OWASP is a fast growing global community. How should we support and manage this growth? During this session we'll look into issues of:
- Internationalization
- The global job board
- New OWASP chapters in parts of the world where we have not spread much yet
More Topics
You know how OWASP works – it's all up to you. Please edit this tab and enter topics we should cover during the Global Summit 2011! If you want you can add your name after each suggestion and we can work out the details with you.
- Discussion on Douglas Crockford's bold statement that we should stop HTML5 development, fix XSS, and then start over. Is he right? How is OWASP active in the HTML5 development? Check this webcast, jump to 20:50 to hear the XSS part. /John Wilander
- [Your topic here]
How Do I Join? / Mailing list
As an OWASP leader you are automatically invited to the summit.
The first thing to do is to join the Summit 2011 mailing list.
On the mailing list you'll get first hand information on how to register, exact dates, updates to the agenda, funding for your trip etc.
If you are a leading appsec expert from industry or academia but not yet an OWASP leader you can just contact John.Wilander at owasp.org and we'll try to get you in.
Social Events
It goes without saying – the summit is all about meeting people. So there will be a constant mixture of workshops, dinners, beers and wine. We like to think of the summit as a very social event in itself.
Venue
A Day in Lisbon, Portugal:
Click this link to see all the City of Lisbon has to offer, which is only a short train ride from the resort.
http://www.golisbon.com/portugal/cities/cascais.html
or
http://www.travel-in-portugal.com/Cascais/
Lisbon - Spreading out along the right bank of the Tagus, its downtown, the Baixa, is located in the 18th-century area around Rossio. East of the arcade Praça do Comércio, are the medieval quarters of Alfama and Mouraria, crowned by the magnificent St. George's Castle. To the west lie Bairro Alto and Madragoa, with their typical streets, and on the western extreme is Belém, with its Belém Tower, (the sentinel over the Tagus river that protects the entrance into Lisbon), the Jerónimos Monastery (masterpieces of Manueline architecture and classified in UNESCO's International Heritage list) and the Cultural Center of Belém.
Museums: Ancient Art, Chiado (Contemporary Art), Tile, Archaeology, Ethnology, Coach, Costume, Theater, Maritime, Military, City, Gulbenkian, Modern Art Center, and the Ricardo Espirito Santo Silva Foundation. Palaces open to the public: Ajuda and Fronteira. Churches: Cathedral (with Treasury); São Vicente de Fora; Conceição Velha (Manueline), São Roque and Sacred Art; Madre Deus; Santa Engrácia Pantheon (Baroque), and the Estrela Basilica.
Shopping: Downtown; Avenida de Roma, Praça de Londres, Avenida Guerra Junqueiro, and Amoreiras.
Nightlife: Bairro Alto and Avenida 24 de Julho.
Guided Tours
Sponsoring
We will welcome a few sponsors of this very special event, typically organization that participate in the summit. If you are interested in supporting the global summit, please contact Lorna.Alamri at owasp.org.
Attendees that qualify to be sponsored by OWASP
Some leaders that are active within OWASP may qualify to have all or partial transportation and lodging paid for by OWASP.
To be considered for qualification, you must meet one or more of the following criteria:
- Member of the OWASP Board
- Active member of a Global Committee (as determined by the OWASP Board)
- Operational personnel that are necessary for the operation of the Summit
Current sponsorship budget is $50,000 for the Summit.
If you feel you might qualify, please contact Brad Causey or Jason Li. If you do not meet these criteria, and still feel that you should be sponsored, please contact Brad Causey @ or Jason Li @
Applying for Chapter or Project Sponsorship
Application for OWASP Chapter or Project Funding
Confirmed Summit Attendees
Dinis Cruz (Board)
Tom Brennan (Board)
Eoin Keary (Board)
Jeff Williams (Board)
Seba Deleersnyder (Board)
Dave Wichers (Board)
Matt Tesauro (Board)
Paulo Coimbra (OWASP)
Alison Shrader (OWASP)
Kate Hartmann (OWASP)
Larry Casey (OWASP)
Letters and Summit Materials
Summit 2011 Presentation for AppSec DC
Application for OWASP Chapter or Project Funding
Template Letter - 2011 Global Summit Basic Invitation
Template Letter - 2011 Global Summit University Outreach Invitation
Template Letter - 2011 Global Summit Government Invitation
Template Letter - 2011 Global Summit Request for Employer Funding and Sponsorship
Template Letter - 2011 Global Summit Request for Employer Funding, Version 2
Schedule (Draft)
Agenda for Monday, November 3rd, 2008 | ||||
13:00 | Title Here | |||
Training Sessions | ||||
15:00 - 17:00 | Securing WebGoat with ModSecurity Stephen Craig Evans |
WebSec Apps for Managers and Executives Video Mano Paul |
OWASP Testing Guide Matteo Meucci | |
19:00 | Summit Briefing Dinis Cruz and Summit Organization Team | |||
20:00 | Dinner |
Agenda for Tuesday, November 4th, 2008 | |||||
08:00 | Registration | ||||
09:00 | Summit Keynote Dinis Cruz and Summit Organization Team | ||||
Documents | Tools | ||||
09:30 | OWASP Testing Guide - SoC 08 PowerPoint Presentation Matteo Meucci |
OWASP JSP Testing Tool - SoC 08 Jason Li | |||
09:45 | OWASP Code Review Project - SoC 08 PowerPoint Presentation Eoin Keary |
OWASP Orizon Project - SoC 08 PowerPoint Presentation Paolo Perego | |||
10:00 | OWASP Application Security Desk Reference - SoC 08 Leonardo Cavallari Militelli |
OWASP Live CD - SoC 08 Matt Tesauro | |||
10:15 | OWASP Spanish Project - SoC 08 Juan Carlos Calderon |
OWASP WebScarab Project PowerPoint Presentation Rogan Dawes | |||
10:30 | Coffee Break | ||||
10:45 | .NET ESAPI Alex Smolen |
||||
11:00 | Working Sessions Briefing Dinis Cruz | ||||
Working Sessions |
11:15 - 13:00 | Documentation Projects/Guides Integration and Unified 4.0 Version WS Conclusions Eduardo Neves |
OWASP Intrinsic Security Working Group - Browser Security Arshan Dabirsiaghi |
Tools Projects WS Conclusions Matt Tesauro | |
13:00 | Lunch | |||
Training Sessions | ||||
14:00 | The Art and Science of Threat Modeling Web Applications Video Mano Paul |
Web Server Hardening SELinux PDF Presentation Pavol Luptak |
Offensive WebApp Hacking Video - LDAP, XML and SQL injection Video - LDAP injection demo XML injection demo Video - SQL injection demo Marco Slaviero | |
15:00 | Phishing attack Video Matt Teasuro & Brad Causey |
Clickjacking Video Demonstration Arshan Dabirsiaghi | ||
16:00 | Coffee Break | |||
Working Sessions | ||||
16:30 | OWASP Enterprise Security API Project (ESAPI) Video WS Conclusions Jeff Williams | |||
18:30 | OWASP Application Security Desk Reference - ASDR Leonardo Cavallari |
.NET Project Dinis Cruz |
Agenda for Wednesday, November 5th, 2008 | |||||
09:15 | Daily Briefing Dinis Cruz | ||||
Standards and Education | Tools | ||||
10:00 | OWASP Positive Security Project - SoC 08 Eduardo Neves |
OWASP Access Control Rules Tester - SoC 08 PowerPoint Presentation Andrew Petukhov | |||
10:15 | OWASP Education Project - SoC 08 Sebastien Deleersnyder, Martin Knobloch |
OWASP Teachable Static Analysis Workbench - SoC 08 PowerPoint Presentation Dmitry Kozlov | |||
10:30 | OWASP Internationalization Project - Soc 08 Juan Carlos Calderon |
OWASP AppSensor - SoC 08 PowerPoint Presentation Michael Coates | |||
10:45 | PASSWD Project: Metrics and Vulnerabilities PowerPoint Presentation Lucilla Mancini |
OWASP Backend Security Project - SoC 08 PowerPoint Prsentation Carlo Pelliccioni | |||
11:00 | OWASP Open Review Project Dan Cornell |
OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project - SoC 08 PowerPoint Presentation Dmitry Kozlov | |||
11:15 | OWASP Global Committee Elections | ||||
11:30 | Coffee Break | ||||
Working Sessions | |||||
12:45 | Education Project WS Conclusions Sebastien Deleersnyder |
Testing Guide Matteo Meucci |
Web Application Framework Security Arshan Dabirsiaghi | ||
14:45 | Lunch (During Working Sessions) | ||||
Training Sessions | |||||
15:00 | Flash Player Security Peleus Uhley |
OWASP Top 10 Video Sebastien Deleersnyder and Martin Knobloch |
Uncovering WebScarab's Secret Treasures PowerPoint Presentation Rogan Dawes |
Hacking the Orizon PowerPoint Presentation Paolo Perego | |
17:00 | Coffee Break | ||||
Working Sessions | |||||
17:30 | Code Review Guide Eoin Keary |
EU Funding for OWASP Projects Carlos Serrao |
OWASP Certification Tom Brennan |
Software Assurance Maturity Model Pravir Chandra | |
19:00 | OWASP Website WS Conclusions PPT Presentation Fabio Cerullo |
Metrics & Vulnerabilities Word Presentation Lucilla Mancini |
OWASP Orizon Paolo Perego |
Agenda for Thursday, November 6th, 2008 | ||||||
09:15 | Daily Briefing Dinis Cruz | |||||
Technology | Tools | |||||
10:00 | OWASP Classic ASP Security Project - SoC 08 Juan Carlos Calderon |
OWASP Source Code Review - SoC 08 PowerPoint Presentation James Walden | ||||
10:15 | OWASP Ruby on Rails Security Project - SoC 08 PDF Presentation Heiko Webers |
OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp - SoC 08 Arturo Alberto Busleiman | ||||
10:30 | OWASP Webslayer Project Christian Martorella |
OWASP Securing WebGoat using ModSecurity Project - SoC 08 Stephen Evans and Christian Folini | ||||
11:00 | OWASP Skavenger Project - SoC 08 Matthias Rohr |
OWASP AntiSamy Project - SoC 08 Marcin Wielgoszewski | ||||
11:15 | Coffee Break | |||||
Working Sessions | ||||||
11:30 | OWASP Top 10 - 2009 Dave Wichers |
OWASP Intra Governmental Affairs David Campbell |
SAMM v2 | OWASP Website Fabio Cerullo |
Handling Web MalWare | |
13:00 | Lunch (During Working Sessions) | |||||
Training Sessions | ||||||
14:00 | Ajax Security | Auditing Flash Applications Peleus Uhley |
WebApp Assessment Vicente Aguilera Diaz |
Mod Security Lucas C. Ferreira | ||
Working Sessions | ||||||
16:30 | OWASP Strategic Planning and Business Models compatible with OWASP values Jeff Williams, Dinis Cruz, Dave Wichers, Sebastien Deleersnyder, Tom Brennan & Kate Hartmann and Paulo Combra | |||||
18:30 | Two-way Internationalization of OWASP Content Juan Carlos Calderon & Sebastien Deleersnyder |
OWASP Best Practices for Chapter Leaders WS Conclusions Georg Hess |
OWASP Live CD & DVD Matt Tesauro | |||
20:00 | Gala Dinner | |||||
22:00 | OWASP Band |
Agenda for Friday, November 7th, 2008 | |
10:00 | Daily Briefing Dinis Cruz |
10:15 | OWASP AppSec Agenda 2009: Working Session Outcomes |
Documentation Projects/Guides Integration and Unified 4.0 Version Eduardo Neves | |
Browser Security Arshan Dabirsiaghi | |
ESAPI Jeff Williams | |
Tools Projects Matt Tesauro | |
Code Review Guide Eoin Keary | |
OWASP Certification Tom Brennan | |
Software Assurance Maturity Model Pravir Chandra | |
Top 10 2009 Dave Wichers | |
Intra Governmental Affairs David Campbell | |
Best Practices for Chapter Leaders Georg Hess | |
11:15 | Coffee Break and Vote (put your dots on the wall) |
11:30 | Live CD & DVD Matt Tesauro |
ADSR Leonardo Cavallari | |
Education Project Sebastien Deleersnyder | |
Web Application Framework Security Arshan Dabirsiaghi | |
Testing Guide Matteo Meucci | |
OWASP Censorship Tom Brennan | |
EU Funding for OWASP Projects Carlos Serrao | |
OWASP Website Fabio Cerullo | |
OWASP Orizon Paolo Perego | |
Handling Web MalWare | |
2-Way Internationalization Juan Carlos Calderon | |
Portuguese Public & Private Organizations Carlos Serrao | |
Winter of Code 2009 Dinis Cruz and Sebastien Deleersnyder | |
13:00 | Lunch |
14:00 | Board Meeting |
17:00 | Announcement of Summit Procedings |