This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Projects Summit 2013/Test
| |
|
|---|---|
|
- WELCOME
- VENUE
- PLANNING HANGOUTS
- TRACKS AND SESSIONS
- FAQ
- BUDGET
- ATTENDEES
- PROJECTS PARTICIPATING
- ADDITIONAL LINKS
- CONTACT US
Welcome
2013 OWASP Project Summit Report
The OWASP Project Summit is a smaller version of the much larger OWASP Summits. This event activity gives our project leaders the opportunity to showcase their project progress, and have attendees sit down and work on project tasks before, during and after the annual fundraiser (AppSec) regional event. It is an excellent opportunity to engage the event attendees, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.
|
Call to Action by Samantha Groves/OWASP Projects Manager
Hello OWASP Leaders,
The 2013 OWASP Summit is happening! We had to overcome a few obstacles to get to where we are now, but we have had incredible support from the community after our intentions where made public. It's now time to start working on OWASP 5.0 at this year's AppSec USA in New York. I do realize that we still have a massive workload to complete before the event, but I am confident that we can make this Summit a great success for our community and beyond. We need to ensure that the culture of our OWASP Summits continues, and I am dedicated to making this a great success for our community so we may continue our efforts for years to come.
Help design the 2013 OWASP Summit in New York!
As OWASP Leaders, I would like you to take some time to help us design this year's Summit. We currently have a handful of tracks and session ideas, but I would love to have your input on what you think we should focus on. Please have a think about the projects, topics, working sessions, and tracks you would like to see or participate in at this year's summit. The Summit team will take these ideas, and create a cohesive and comprehensive schedule of sessions based on your input so I encourage you to summit your ideas straight away. I encourage you to have a look at the current track and session ideas.
We need your ideas, energy, and input NOW! Please add your name to the attendee list if you are joining us or would like to attend!
We will see you at AppSec USA in New York City!
Samantha Groves
OWASP Projects Manager
 |
|
Summit Organisation Pages
These are pages with organization details about this event
- Projects Summit 2013 Attendees
- Mailing list (at Google Groups: owasp-project-summit-2013
- Projects Summit page at main AppSec USA website
- Working_Sessions
- Venue
- Remote_Participation
- Budget
Venue
Location
Marriott Marquis: New York City, USA
| |
|
|---|---|
 |
 |
Space allocated
- Sky Lounge: Monday, Tuesday, Wednesday, Thursday: 9AM - 5PM
- Bag stuffers room (Monday: They will need part of the room.)
- Additional Hotel Suite available as well.
Floorplan
Below is the Sky Lounge floor plan. this is the room we will be working with for all of the summit sessions. We have an additional suite that we can use if we find that we will need to divide up the session during the on site logistics planning. If room changes are made, attendees will be notified during registration.
| |
|
|---|---|
|
Project Summit 2013
Back to the Projects_Summit_2013 page.
Tracks and Sessions
Click on the working session name to see the home page for that particular session. During the Summit those working session home pages will be used to document discussions and outcomes.
If you're interested in adding a Working Session for the 2013 Summit, there still is time to start a session! Please review the Working Session methodology for Working Session rules.
NOTE: The current session below are tentative. Track topics are subject to change.
Current Daily Schedule
Monday: Nov 18th
- OWASP Projects Review Session
- OWASP Media Project Session
- OWASP PHP Security and RBAC Projects: An Introduction
- OWASP AppSensor 2.0 Hackathon
- ESAPI Hackathon Session
- Bug Bounty Hack Session
Tuesday: Nov. 19th
- OWASP Training Development Session
- OWASP Academies Development Session
- Mobile Security Session
- ESAPI Hackathon Session
- Bug Bounty Hack Session
Wednesday: Nov. 20th
- Writing and Documentation Review Session
- ESAPI Hackathon Session
- Bug Bounty Hack Session
- OWASP PCI Toolkit Session
- OWASP O2 Documentation Session
Thursday: Nov. 21st
Suggested Tracks and Sessions
- Product Development Session
- Reference Implementation Session
Frequently Asked Questions
OWASP Staff
The OWASP Staff is available to help with any and all questions you have regarding the planning and execution of your event. OWASP Staff can also help provide historical conference/event information. OWASP Staff must be involved for handling contracts and finances related to your event. Volunteers should not be signing or entering into any contract on behalf of the foundation. Volunteers also should not be collecting funds on behalf of the Foundation without pre-approval from the OWASP Staff.
Contact the OWASP Staff with any questions related to their role in planning your event.
Local Event Planners
The local event planners are the individuals ultimately responsible for the successful planning, implementation, and execution of the event module. As these event activities are optional, the local event planners have to assess whether they have the necessary resources available to successfully plan one of these activities. Local planners can choose to delegate the project management of each activity to a volunteer, but it is ultimately up to them to make sure the event module is executed successfully. Local planners must also make sure that the OWASP brand is represented appropriately.
Event Module Coordinator
The local event planners might choose to appoint a volunteer Event Module Coordinator or an Event Activity Coordinator. These volunteers can be made responsible for the planning of the event module on behalf of the Local Event Planners. The volunteer will be responsible for the end to end project planning and management of the module for the event.
Event Module Volunteers
Event Module Volunteers are individuals made responsible for a particular role on the day of the event. They are to be given roles and responsibilities by the Event Module Coordinator, and are to report to this role with any questions, issues, or concerns. These volunteers are generally not involved in the pre-planning of the event modules.
OWASP Resources
Please remember that the foundation does have personnel who can help with the project event module planning. Please direct your questions to either the Contact Form or email OWASP Support.
Budget
Below, you will find an up-to-date list of our 2013 Project Budget and spending.
| Leader Name | Hotel Covered by Projects | Flights Covered by Projects | Hotel Covered by Track | Flights Covered by Track | Nights | Room Rate | Total Room Costs | Track Fund | Additional Budget | Budget Total |
|---|---|---|---|---|---|---|---|---|---|---|
| Andrew van der Stock | $1,545.00 | $1,520.60 | 5 | $309.00 | $1,545 | $3,065.60 | ||||
| Kevin Wall | $610.60 | $610.60 | ||||||||
| Samantha Groves | $1,081.50 | $ | 7 | $309.00 | $2,163 | $3,244.50 | ||||
| Dennis Groves | $375.70 | $375.70 | ||||||||
| Martin Knobloch | $4,123.00 | $730.30 | 7 | $309.00 | $4,123.00 | $4,853.30 | ||||
| Steven van der Baan | ||||||||||
| Dinis Cruz | $2,163.00 | $699.00 | $2,862 | |||||||
| Jonathan Marcil | ||||||||||
| Andrew Muller and Wife | $722.50 | $1,586.78 | 5 | $309.00 | $1,545.00 | $2,309.28 | ||||
| Fabio and Wife | $618.00 | $520.50 | 4 | $309.00 | $1,236.00 | $1,138.50 | ||||
| Kostas and Wife | $700.00 | $520.50 | 7 | $309.00 | $2,163.00 | |||||
| Larry | $507.56 | 5 | $309.00 | $1,545.00 | ||||||
| Chris Schmidt | $1,545.00 | $287.80 | 5 | $309.00 | $1,545.00 | |||||
| Kait Disney-Leugers and Husband | $463.50 | 3 | $309.00 | $927.00 | ||||||
| Michael Hidalgo and Wife | $463.50 | $554.06 | 3 | $309.00 | $927.00 | |||||
| Abbas Naderi and Wife | $618.00 | 4 | $309.00 | $1,234.00 | ||||||
| Total | $3,862.50 | $4,513.34 | $10,230.50 | $2,997.10 | $21,118.00 | $8,205.26 | $5,000.00 | $13,205.26
|
| Monday, November 18th | Tuesday, November 19th | Wednesday, November 20th | Thursday, November 21st | Total | |
|---|---|---|---|---|---|
| Food | |||||
| Pizza | $16.25-$22.00 | $16.25-$22.00 | $16.25-$22.00 | $16.25-$22.00 | $16.25-$22.00 per pizza |
| Tea and Coffee | $1,800 | $1,800 | $1,800 | $1,800 | $1,800.00 |
| Water Bottles | $11.98 | $11.98 | $11.98 | $11.98 | $11.98 24pk |
| Fruit | $14.00 assorted | $14.00 assorted | $14.00 assorted | $14.00 assorted | $56.00 |
| Keg | $90-$250 | $90-$250.00 | |||
| Office Materials | |||||
| Markers | $3.90 | $3.90 | $3.90 | $3.90 | $3.90 4pk |
| Paper Tablets | $16.79 | $16.79 | $16.79 | $16.79 | $16.79 12pk |
| Staples | $3.29 | $3.29 | $3.29 | $3.29 | $3.29 each |
| Staplers | $8.99 | ||||
| Pens | $6.99 | $6.99 | $6.99 | $6.99 | $6.99 60pk |
| Pencils | $1.69 | $1.69 | $1.69 | $1.69 | $1.69 12pk |
| Notebooks | $1.29 each | $1.29 each | $1.29 each | $1.29 each | $1.29 each |
| Printing | |||||
| Black and White | $0.03-$0.32 | $0.03-$0.32 per page | |||
| Full Color | $0.15- $2.00 | $0.15 - $2.00 per page | |||
| Miscellaneous | |||||
| Shuttle ride from Airport | $35.00 LGA, $50.00 JFK | $35.00 LGA, $50.00 JFK | $35.00 LGA, $50.00 JFK | $35.00 LGA, $50.00 JFK | $70.00 LGA, $100.00 JFK |
| Dinner for Leaders | $200 | $200 | $200 | $200 | $800.00 |
| Average fare for cab ride | $2.50 base | $2.50 base | $2.50 base | $2.50 base | $2.50 base |
| Additional Travel | |||||
| Eclipse Member | $2,000 | $2,000.00 | |||
| Apache Member | $2,000 | $2,000.00 |
- Patzerias Perfect Pizza Inc.: 231 West 46th Street (Broadway and 8th Ave) 212) 575-7646
- Famous Original Ray's Pizza: 736 7th Avenue (212) 956-7297
- John's Pizzeria: 260 W. 44th Street (212) 391-7560
- Staples: 776 8th Ave (212) 265-4550
- Walgreens: 1471 Broadway (212) 302-0552
- Tower Copy East: 115 West 45th Street, Suite 502 (212) 679-3509
- priced per pack or size
Back to the Projects_Summit_2013 page
Attendees
Click here for Summit attendee bios
Confirmed Summit Attendees: with Funding
| 2013 OWASP Projects Summit Attendees | ||||||||
| Name | Company | Reason for Summit Participation Working Group Interest |
Summit Time Paid By | Summit Expenses Paid By | Reason for Sponsorship | |||
| view edit | Dennis Groves @ | OWASP | |
|
||||
| view edit | Dinis Cruz @ | Security Innovations |
|
|
|
|||
| view edit | Simon Bennetts @ | Mozilla |  |
|
||||
| view edit | Martin Knobloch | PervaSec |
|
 |
|
|||
| view edit | Konstantinos Papapanagiotou | Voice@Net |
|
|
|
|||
| view edit | Chris Schmidt | Aspect Security |  |
|
||||
| view edit | Sam Groves @ | OWASP |
|
|
|
|||
| view edit | Michael Hidalgo | Security Innovation |
|
 |
|
|||
| view edit | Kevin Wall | |
|
|||||
| view edit | Sebastien Deleersnyder | BNP Paribas Fortis |
|
 |
|
|||
| view edit | Johanna Curiel @ |
|
|
|||||
| view edit | Jason Haddix | Hewlett-Packard |
|
 |
||||
| view edit | Abbas Naderi @ | |
|
|||||
| view edit | Jonathan Marcil @ | OWASP |
|
|
||||
| view edit | Jack Mannino |
|
|
|||||
| view edit | Jason Haddix |
|
|
|||||
| view edit | Jonathan Marcil @ | Phéromone | |
|
||||
| view edit | James Robertson | University of Maryland University College Maryland | |
|
||||
| view edit | Riotaro Okada | AsteriskResearch, Inc. | |
|
||||
| view edit | Beth Ritter-Guth | Union County College | |
|
||||
| view edit | Suchit Mishra | Salesforce | |
|
||||
| view edit | Serg Belokamen | Bugcrowd | |
|
||||
| view edit | Casey Ellis | Bugcrowd | |
|
||||
| view edit | Simon Roses Femerling | Vulnex | |
|
||||
| view edit | Bev Corwin | OWASP | |
|
||||
| view edit | Jeff Williams @ | Aspect Security | |
|
||||
| view edit | Sasikumar Srinivasan | ZohoCorp | |
|
||||
| view edit | Carlos Hoyos | IBM | |
|
||||
| view edit | Chuck Cooper | Paylocity | |
|
||||
| view edit | Tobias Gondrom | Thames Stanley | |
|
||||
| view edit | Sean Bates | Farm Credit Canada | |
|
||||
| view edit | Tony DeLaGrange | Fidelity National Information Services | |
|
||||
| view edit | Jaydeep Dave | Trend Micro | |
|
||||
| view edit | Guillermo Skrilec | GeneXus Consulting | |
|
||||
| view edit | James Hurley | Texas Conference of Urban Counties | |
|
||||
Confirmed Summit Attendees: Seeking Funds/Sponsorship
| 2013 OWASP Projects Summit Attendees | ||||||||
| Name | Company | Reason for Summit Participation Working Group Interest |
Summit Time Paid By | Summit Expenses Paid By | Reason for SponsorshipSummit 2013 Attendee/Attendee018 | |||
Unconfirmed Summit Attendees
| 2013 OWASP Projects Summit Attendees | ||||||||
| Name | Company | Reason for Summit Participation Working Group Interest |
Summit Time Paid By | Summit Expenses Paid By | Reason for Sponsorship
| |||
Projects Participating
The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities.
The Code Review Guide focuses on secure code reviews and tools that aim to support the developer community. Such an activity is very powerful as it gives the developer community a place to start regarding secure application development.
The Development Guide is aimed at architects, developers, consultants, and auditors. It is a comprehensive manual for designing, developing, and deploying secure Web Applications and Web Services. The OWASP Developer Guide 2013 aims to focus the content from countermeasures and weaknesses to secure software engineering.
The OWASP Education Projects
The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project will not deliver education material as such, but define standards and guidelines on education material. Furthermore, this project aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses, and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously.
OWASP Training
- OWASP Boot Camp
- OWASP Training Events
OWASP Academies
- OWASP Academy Portal
- OWASP University Outreach
- OWASP Student Chapter
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications.
The Software Assurance Maturity Model (SAMM) is an open framework that aims to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development.
This Testing Guide Project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations. Contributors of this project are currently writing Version 4 of the guide, and are actively seeking authors.
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience, and as such, is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
The primary focus is at the application layer. While we take into consideration the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas that the average developer can make a difference. Additionally, we focus not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features.
Additional Links
Summit Organisation Pages and Additional Links
These are pages with organizational details about the 2013 OWASP Summit.
- Projects Summit 2013 Attendees
- Mailing list (at Google Groups: owasp-project-summit-2013
- Projects Summit page at main AppSec USA website
- Venue
- Remote_Participation
- Budget
- AppSec USA 2013 Summit Page
- Projects Summit 2013
Contact Us
If you need help with anything summit related, or if you simply need some more information, please do not hesitate to contact either Samantha Groves or Kait Disney-Leugers.
