This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP EU Summit 2008 Working Sessions"

From OWASP
Jump to: navigation, search
(WORKING SESSIONS - November 3rd, 4th & 5th (Mon, Tue & Wed))
(Replacing page with '* All the information was transferred to the OWASP EU Summit Portugal 2008. * Please check and change it as you find best.')
 
(37 intermediate revisions by 6 users not shown)
Line 1: Line 1:
== THIS IS STILL under heavy UPDATES (i.e. work in progress) ==
+
* All the information was transferred to the [[OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]].   
 
+
* Please check and change it as you find best.
== WORKING SESSIONS - November 3rd, 4th & 5th (Mon, Tue & Wed) ==
 
'''Monday Morning'''
 
* OWASP ISWG: Browser Security (part 1)  - 4h  . . .  (ISWG = Intrinsic Security Working Group)
 
 
 
'''Monday Afternoon'''
 
* ISWG: Browser Security (part 2)  - 4h
 
 
 
'''Tuesday Morning'''
 
* Working Sessions Operational model - 1h , ALL to attend
 
* OWASP Strategic Planning for 2009 - 3h
 
* OWASP Tool's Projects (consolidation action-plan) - 3h
 
* OWASP ISWG: Web Application Framework Security (part 1) - 4h . . .  (ISWG = Intrinsic Security Working Group)
 
 
 
 
 
'''Tuesday Afternoon'''
 
* OWASP ISWG: Web Application Framework Security (part 2) - 4h 
 
* OWASP Documentation Projects (consolidation action-plan) - 3h
 
* Winter Of Code 2009 - 4h
 
* OWASP .NET Project - 2h
 
 
 
'''Wednesday Morning'''
 
* OWASP Top 10 2009 - 2h
 
* OWASP Education Project - 2h
 
* ESAPI Project - 4h
 
* Code Review (next version) - 2h
 
* Testing Guide (next version) -2h
 
* OWASP Certifications - 2h
 
* OWASP Application Security Desk Reference (ASDR) - 4h
 
 
 
'''Wednesday Afternoon'''
 
* OWASP Intra Governmental Affairs - 2h
 
* OWASP Awards - 2h
 
* OWASP Website -2h
 
* OWASP Advisory Board (private presentation) - 2h
 
* OWASP Board Meeting (public session) - 3h
 
* OWASP CD/DVD - 2 h
 
 
 
== WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS)==
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
==== <font color="white"> OWASP Top 10 2009 </font>====
 
 
 
|-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:''' {name}<br/>
 
'''Working Session Team:''' {name}<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" or "Invited Participants + Attendees" <br/>
 
'''Objectives:'''
 
* {objective 1}
 
* {objective 2}
 
* {objective 3}
 
'''Additional Details:'''
 
...<br/>
 
'''Projected Outcomes:'''
 
* {outcome 1}
 
* {outcome 2}
 
* {outcome 3}
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" | 
 
==== <font color="white"> OWASP Strategic Planning </font>====
 
 
 
|-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:''' OWASP Board<br/>
 
'''Working Session Team:''' OWASP Board, Kate & Paulo<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" or "Invited Participants + Attendees" <br/>
 
'''Agenda'''
 
* OWASP Governance (e.g. International guidelines, Board member confirmation)
 
* Projects (e.g. Organize and rate projects, Development plans,Documentation
 
* Chapter Governance (e.g. Budgets, Activities)
 
* OWASP Future (e.g. Action Plan for 2009, Investment recommendation, 5 year Outlook)
 
* Global Community Outreach (PR Issues, Pro Bono opportunities)
 
'''Objectives:'''
 
* {objective 1}
 
* {objective 2}
 
* {objective 3}
 
'''Additional Details:'''
 
...<br/>
 
'''Projected Outcomes:'''
 
* {outcome 1}
 
* {outcome 2}
 
* {outcome 3}
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
 
 
==== <font color="white"> OWASP Education Project</font>====
 
 
 
|-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:''' Sebastien Deleersnyder<br/>
 
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" or "Invited Participants + Attendees" <br/>
 
'''Objectives:'''
 
* {objective 1}
 
* {objective 2}
 
* {objective 3}
 
'''Additional Details:'''
 
...<br/>
 
'''Projected Outcomes:'''
 
* {outcome 1}
 
* {outcome 2}
 
* {outcome 3}
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
==== <font color="white"> Winter Of Code 2009 </font>====
 
 
 
|-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:''' Paulo Coimbra<br/>
 
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" <br/>
 
'''Objectives:'''
 
* Define the operation model for the next OWASP Season of Code (the Winter of Code 08)
 
* Identify which areas should receive priority selection
 
* Create 'virtual teams' from the attendees and allocate them to key projects
 
'''Additional Details:'''
 
...<br/>
 
'''Projected Outcomes:'''
 
* OWASP Winter of Code 08 plan
 
* # of projects for immediate approval (assuming the delivery team is all set)
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
 
 
==== <font color="white"> Enterprise Security API Project </font>====
 
 
 
  |-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:''' Jeff Williams<br/>
 
'''Working Session Team:''' Arshan Dabirsiaghi<br/>
 
'''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/>
 
'''Objectives:'''
 
* Introduce everyone to the idea and cost-benefits of an ESAPI
 
*
 
* {objective 3}
 
'''Additional Details:'''
 
...<br/>
 
'''Projected Outcomes:'''
 
* A volunteer to lead the 'marketing' campaign for ESAPI
 
* Prioritized list of marketing ideas for the ESAPI concept
 
* Prioritized list of ideas for improving the API
 
*
 
* {outcome 3}
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
 
 
==== <font color="white"> ISWG: Browser Security </font>====
 
 
 
  |-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:''' Arshan Dabirsiaghi <br/>
 
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/>
 
'''Objectives:'''
 
* Discuss ongoing HTML5 security research
 
* Discuss further ramifications of HTML5 (cross-site XHR, Access-Control, client storage, etc.)
 
* Take a look at security critical areas and discuss possible browser improvements
 
'''Additional Details:'''
 
ISWG = Intrinsic Security Working Group<br/>
 
Browsers to invite: IE, FF, Safari, Opera and Chrome<br/>
 
'''Projected Outcomes:'''
 
* OWASP Top 10 Browser Wishlist
 
* Actionable advice and technical arguments for HTML5 featureset
 
* Establish OWASP points-of-contact for W3C
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
==== <font color="white"> ISWG: Web Application Framework Security </font>====
 
 
 
  |-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:'''Arshan Dabirsiaghi<br/>
 
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/>
 
'''Objectives:'''
 
* Discuss gaps and patterns in gaps in security coverage across frameworks
 
* Discuss possible solutions for security areas
 
*
 
'''Additional Details:'''
 
ISWG = Intrinsic Security Working Group<br/>
 
Frameworks to invite: .NET, J2EE, Spring, Struts, ASP.NET MVC, RoR, PHP, etc.<br/>
 
'''Projected Outcomes:'''
 
* Actionable advice for each individual frameworks
 
* Identify points-of-contact for frameworks
 
* {outcome 3}
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
 
 
==== <font color="white"> OWASP .NET Project </font>====
 
 
 
  |-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:'''Mark Roxberry<br/>
 
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" <br/>
 
'''Objectives:'''
 
* {objective 1}
 
* {objective 2}
 
* {objective 3}
 
'''Additional Details:'''<br/>
 
...<br/>
 
'''Projected Outcomes:'''
 
* {outcome 1}
 
* {outcome 2}
 
* {outcome 3}
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
 
 
==== <font color="white"> Code Review (next version) </font>====
 
 
 
  |-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:'''Eoin Keary<br/>
 
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" <br/>
 
'''Objectives:'''
 
* {objective 1}: Discuss next version of code review guide.
 
* {objective 2}: Discuss industry requirements for code review.
 
* {objective 3}: Discuss academic versus practical rammifications of guide.
 
* {objective 4}: Brainstorm: Ideas for integration with other projects and tools.
 
* {objective 5}: Develop a roadmap for the code review guide: Technologies, approaches
 
'''Additional Details:'''<br/>
 
...<br/>
 
'''Projected Outcomes:'''
 
* {outcome 1}
 
* {outcome 2}
 
* {outcome 3}
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
 
 
==== <font color="white"> OWASP Awards</font>====
 
 
 
  |-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:'''Colin Watson'''<br/>
 
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" <br/>
 
'''Objectives:'''
 
* Discuss whether there should be OWASP Awards
 
* Discuss options for undertaking an awards process
 
* {objective 3}
 
'''Additional Details:'''<br/>
 
Should OWASP run an awards event?<br/>
 
What are the opportunities for public relations, marketing and sponsorship?<br/>
 
What categories should there be to honour people, projects and products?<br/>
 
Should the swards be a separate event or be part of another event?<br/>
 
What are the risks of running an awards event?<br/>
 
'''Projected Outcomes:'''
 
* Decision whether to progress with OWASP Awards
 
* Identify actions to progress if decision is "yes" or "maybe"
 
* List of further information required
 
* {outcome 4}
 
|-
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
 
 
==== <font color="white">OWASP Intra Governmental Affairs </font>====
 
 
 
  |-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:'''Dhruv Soi'''<br/>
 
'''Working Session Team:''' Puneet Mehta<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" <br/>
 
'''Objectives:'''
 
* {objective 1}
 
* {objective 2}
 
* {objective 3}
 
'''Additional Details:'''<br/>
 
...<br/>
 
'''Projected Outcomes:'''
 
* {outcome 1}
 
* {outcome 2}
 
* {outcome 3}
 
|-
 
|}
 
 
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
==== <font color="white">OWASP CD/DVD </font>====
 
 
 
  |-
 
| style="background:#F2F2F2" |
 
'''Working Session Lead:'''Matt Tesauro'''<br/>
 
'''Working Session Team:''' TBD<br/>
 
'''Working Sessions Organization Model''': "Everybody is an Participant" <br/>
 
'''Objectives:'''
 
* Resolve possible confusion over various Live CD projects
 
* Determine the duration of OWASP branding for follow-on releases of older projects (Also applies to OWASP projects in general)
 
* Discuss an OWASP Project Life Cycle for Live CDs (Also applies to OWASP projects in general)
 
'''Additional Details:'''<br/>
 
Googling either "OWASP LiveCD" or "OWASP Live CD" leads to multiple projects both old and new.  For someone not familiar with the Live CD history, determining the "real" Live CD is confusing at best.  This topic arose from comments by a review of the current Live CD 2008 project  [http://www.owasp.org/index.php/Project_Information:template_Live_CD_2008_Project_-_Final_Review_-_Second_Reviewer_-_F here]<br/>
 
'''Projected Outcomes:'''
 
* A graceful method to handle current and future OWASP Live CD releases
 
* Determine the duration of OWASP branding for Live CDs (possibly better scoped for general OWASP projects discussion)
 
* Determine an OWASP Project Life Cycle for Live CDs (possibly better scoped for general OWASP projects discussion)
 
|-
 
|}
 
 
 
{| style="width:80%" border="0" align="center"
 
! align="center" style="background:#4058A0; color:white" |
 
==== <font color="white"> OWASP ASDR </font>====
 
 
 
|-
 
| style="background:#F2F2F2" |  
 
'''Working Session Lead:'''Leonardo Cavallari Militelli<br/>
 
'''Working Session Team:''' {name}<br/>
 
'''Working Sessions Organization Model''': Invited Participants + Attendees <br/>
 
'''Objectives:'''
 
* {objective 1}
 
* {objective 2}
 
* {objective 3}
 
'''Additional Details:'''
 
...<br/>
 
'''Projected Outcomes:'''
 
* {outcome 1}
 
* {outcome 2}
 
* {outcome 3}
 
|-
 
|}
 
 
 
 
 
== Draft notes==
 
 
 
 
 
Note: there needs to be a 1h session on the 1st day of working sessions (Tue) to explain the rules of the game, how everything will work and what is expected from each WS (Working Session)
 
 
 
* Working Sessions can meet simultaneously or by some method of time allotment (depends on scheduling and priority)
 
 
 
* Open membership, first order of business is to confirm chair and secretary of group (We can get this setup  and discuss on the lists now, so we are running when we get to the Summit)
 
* Dinis, Paulo suggested  that working groups will produce OWASP Initiatives, Statements, Decisions.
 
* OWASP Initiatives, Statements and Decisions can be distributed in electronic form prior to the Summit or a Working Group assembly.
 
** Additionally, time should be allocated for anything new at the actual Working Group assembly. (Again, we can get the ball rolling on this now and have discussion and motion at Summit).
 
 
 
** Simple Majority to Pass Motions (I can distribute a Roberts Rules of Order - Lite prior to the meeting to the chair)
 
 
 
* Board Reserves Veto and Tabling Authority at the Summit
 
 
 
* Working Groups:
 
** OWASP Top 10 2009
 
** OWASP Governance (e.g. International guidelines, Board member confirmation)
 
** Projects (e.g. Organize and rate projects, Development plans,Documentation
 
** Chapter Governance (e.g. Budgets, Activities)
 
** OWASP Future (e.g. Action Plan for 2009, Investment recommendation, 5 year Outlook)
 
** Web Vulnerability Assessment (Code Review/Testing)
 
** Global Community Outreach (PR Issues, Pro Bono opportunities)
 
** Web Technology (e.g. Browser security wishlist, architectural recommendations, technology recommendations)
 
 
 
=== Agenda ===
 
 
 
* Opening Statement
 
* Motions on the table (1st, 2nd, Vote)
 
* New Business (new motions, statements for record)
 
* Closing Statement
 
 
 
*As the first ever of this format, we should invite working group chairs and discuss a potential list of motions to get them started (specifically for
 
financially related motions, e.g. Dinis mentioned $200K USD investment plan as an example in an earlier e-mail). What kinds of things to start with. Then they can put the ideas to a list or lists for discussion prior to the meeting. 
 
 
 
 
 
=== Working Sessions outcomes ===
 
 
 
 
 
* '''OWASP Initiates''':  "Spend xyz on Project yyy" , "Plan to organize all OWASP tools / books" , "Stategy to organize and rate ALL OWASP projects", "6 month Development plan for EASPI"
 
* '''Public Statements''': "Here is the OWASP Top 10 2009", "This is what OWASP's position is on xxx" , "Browser security wish-list for Browsers (IE, Mozilla, Safari and Opera)"
 
* '''OWASP Decisions''': "Action plan for OWASP in 2009", "Hire x developers to support projects", "next 200k USD investment plan", "OWASP governance and vote of 6th Board Member", "Internaltional OWASP non-profit organizations guidelines",
 
 
 
=== Summit ===
 
 
 
* Should a Board Member chair?
 
 
 
* Agenda
 
 
 
** Opening Statement (this is the first Summit, so this is a special thing)
 
 
 
** Overall Summit meeting can be an informational meeting about Working group motions.  Board can approve, veto or table motions from Working
 
Groups.  However, if doing this at the Summit, there may be controversial
 
issues where the Board rejects a motion.  Each working group has a spot on
 
this agenda.
 
 
 
** OWASP Motions not from Working Groups, allocate time for this.
 
 
 
** Closing Statement
 

Latest revision as of 17:49, 5 October 2008