This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP EU Summit 2008 Working Sessions"
(→<font color="white"> OWASP Strategic Planning </font>) |
(→WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS)) |
||
Line 40: | Line 40: | ||
'''Working Session Team:''' Jeff Williams<br/> | '''Working Session Team:''' Jeff Williams<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" or "Invited Participants + Attendees" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" or "Invited Participants + Attendees" <br/> | ||
− | '''Working Session Wiki Page:''' [[OWASP Top 10 2009 | + | '''Working Session Wiki Page:''' [[OWASP Top 10 2009 2008 SummitWS| OWASP Top 10 2009]]<br/> |
'''Objectives:''' | '''Objectives:''' | ||
Line 59: | Line 59: | ||
'''Working Session Team:''' OWASP Board, Kate & Paulo<br/> | '''Working Session Team:''' OWASP Board, Kate & Paulo<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" or "Invited Participants + Attendees" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" or "Invited Participants + Attendees" <br/> | ||
− | '''Working Session Wiki Page:''' [[OWASP Strategic Planning | + | '''Working Session Wiki Page:''' [[OWASP Strategic Planning 2008 SummitWS| OWASP Strategic Planning]]<br/> |
'''Objectives:''' | '''Objectives:''' | ||
Line 82: | Line 82: | ||
'''Working Session Team:''' Martin Knobloch + TBD<br/> | '''Working Session Team:''' Martin Knobloch + TBD<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP Education Project 2008 SummitWS| OWASP Education Project]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* How to improve knowledge transfer from OWASP projects towards the community | * How to improve knowledge transfer from OWASP projects towards the community | ||
Line 111: | Line 113: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[Winter Of Code 2008 2008 SummitWS| Winter Of Code 2008]]<br/> | ||
+ | |||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Define the operation model for the next OWASP Season of Code (the Winter of Code 08) | * Define the operation model for the next OWASP Season of Code (the Winter of Code 08) | ||
Line 130: | Line 135: | ||
'''Working Session Team:''' Arshan Dabirsiaghi<br/> | '''Working Session Team:''' Arshan Dabirsiaghi<br/> | ||
'''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/> | '''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/> | ||
+ | '''Working Session Wiki Page:''' [[Enterprise Security API Project 2008 SummitWS| Enterprise Security API Project 2009]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Introduce everyone to the idea and cost-benefits of an ESAPI | * Introduce everyone to the idea and cost-benefits of an ESAPI | ||
Line 147: | Line 154: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/> | '''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/> | ||
+ | '''Working Session Wiki Page:''' [[ISWG Browser Security 2008 SummitWS| ISWG: Browser Security]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss ongoing HTML5 security research | * Discuss ongoing HTML5 security research | ||
Line 181: | Line 190: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/> | '''Working Sessions Organization Model''': "Invited Participants + Attendees" <br/> | ||
+ | '''Working Session Wiki Page:''' [[ISWG Web Application Framework Security 2008 SummitWS| ISWG: Web Application Framework Security]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss gaps and patterns in gaps in security coverage across frameworks | * Discuss gaps and patterns in gaps in security coverage across frameworks | ||
Line 217: | Line 228: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP NET Project 2008 SummitWS| OWASP .NET Project]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss audience and purpose of the OWASP .NET project | * Discuss audience and purpose of the OWASP .NET project | ||
Line 240: | Line 253: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP Certification 2008 SummitWS| OWASP Certification]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss and review current proposal and survey results | * Discuss and review current proposal and survey results | ||
Line 257: | Line 272: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[Code Review Guide 2008 SummitWS| Code Review Guide]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss next version of code review guide. | * Discuss next version of code review guide. | ||
Line 277: | Line 294: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP Awards 2008 SummitWS| OWASP Awards]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss whether there should be OWASP Awards | * Discuss whether there should be OWASP Awards | ||
Line 304: | Line 323: | ||
'''Working Session Team:''' Paulo Coimbra<br/> | '''Working Session Team:''' Paulo Coimbra<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[Business Models Comparable to OWASP Values 2008 SummitWS| Business Models Comparable to OWASP Values]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Identify the business models that are comparable to OWASP values | * Identify the business models that are comparable to OWASP values | ||
Line 323: | Line 344: | ||
'''Working Session Team:''' Puneet Mehta<br/> | '''Working Session Team:''' Puneet Mehta<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP Intra Governmental Affairs| OWASP Intra Governmental Affairs]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Identify top reasons and driving factors to work with Government of different countries | * Identify top reasons and driving factors to work with Government of different countries | ||
Line 345: | Line 368: | ||
'''Working Session Team:''' {name}<br/> | '''Working Session Team:''' {name}<br/> | ||
'''Working Sessions Organization Model''': Invited Participants + Attendees <br/> | '''Working Sessions Organization Model''': Invited Participants + Attendees <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP ASDR 2008 SummitWS| OWASP ASDR]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss project objectives for short and long term | * Discuss project objectives for short and long term | ||
Line 363: | Line 388: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': Invited Participants + Attendees <br/> | '''Working Sessions Organization Model''': Invited Participants + Attendees <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP Documentation Projects 2008 SummitWS| OWASP Documentation Projects]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss content normalization, standardization, integration and | * Discuss content normalization, standardization, integration and | ||
Line 383: | Line 410: | ||
'''Working Session Team:''' {name}<br/> | '''Working Session Team:''' {name}<br/> | ||
'''Working Sessions Organization Model''': Invited Participants + Attendees <br/> | '''Working Sessions Organization Model''': Invited Participants + Attendees <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP Tools Projects 2008 SummitWS| OWASP Tools Projects]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Discuss documentation procedures | * Discuss documentation procedures | ||
Line 401: | Line 430: | ||
'''Working Session Team:''' TBD<br/> | '''Working Session Team:''' TBD<br/> | ||
'''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | '''Working Sessions Organization Model''': "Everybody is a Participant" <br/> | ||
+ | '''Working Session Wiki Page:''' [[OWASP CDDVD 2008 SummitWS| OWASP CD/DVD]]<br/> | ||
+ | |||
'''Objectives:''' | '''Objectives:''' | ||
* Normalize possible confusion over various Live CD projects | * Normalize possible confusion over various Live CD projects |
Revision as of 03:13, 30 September 2008
- 1 THIS IS STILL under heavy UPDATES (i.e. work in progress)
- 2 WORKING SESSIONS - November 3rd, 4th & 5th (Mon, Tue & Wed)
- 3 WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS)
- 3.1 OWASP Top 10 2009
- 3.2 OWASP Strategic Planning
- 3.3 OWASP Education Project
- 3.4 Winter Of Code 2008
- 3.5 Enterprise Security API Project
- 3.6 ISWG: Browser Security
- 3.7 ISWG: Web Application Framework Security
- 3.8 OWASP .NET Project
- 3.9 OWASP Certification
- 3.10 Code Review Guide
- 3.11 OWASP Awards
- 3.12 Business Models Comparable to OWASP Values
- 3.13 OWASP Intra Governmental Affairs
- 3.14 OWASP ASDR
- 3.15 OWASP Documentation Projects
- 3.16 OWASP Tools Projects
- 3.17 OWASP CD/DVD
- 4 Draft notes
THIS IS STILL under heavy UPDATES (i.e. work in progress)
WORKING SESSIONS - November 3rd, 4th & 5th (Mon, Tue & Wed)
Monday
- OWASP ISWG: Browser Security (part 1) - 4h . . . (ISWG = Intrinsic Security Working Group)
Tuesday
- Working Sessions Operational model - 1h , ALL to attend
- OWASP Strategic Planning for 2009 - 3h
- OWASP Tool's Projects (consolidation action-plan) - 3h
- OWASP ISWG: Web Application Framework Security (part 1) - 3h . . . (ISWG = Intrinsic Security Working Group)
- OWASP Documentation Projects (consolidation action-plan) - 3h
- Winter Of Code 2009 - 4h
- OWASP .NET Project - 2h
- Two-way Internationalization of OWASP Content - 2h
Wednesday
- OWASP Top 10 2009 - 2h
- OWASP Education Project - 2h
- ESAPI Project - 4h
- Code Review (next version) - 2h
- Testing Guide (next version) -2h
- OWASP Certifications - 2h
- OWASP Application Security Desk Reference (ASDR) - 4h
- OWASP Intra Governmental Affairs - 2h
- OWASP Awards - 2h
- OWASP Website -2h
- OWASP Advisory Board (private presentation) - 2h
- OWASP CD/DVD - 2 h
- OWASP Board Meeting (public session) - 3h
WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS)
OWASP Top 10 2009 |
---|
Working Session Lead: Dave Wichers Objectives:
Projected Outcomes:
|
OWASP Strategic Planning |
---|
Working Session Lead: OWASP Board Objectives:
Projected Outcomes:
|
OWASP Education Project |
---|
Working Session Lead: Sebastien Deleersnyder Objectives:
Additional Details: There is plenty of knowledge available inside the OWASP community. This is spread via the OWASP AppSec Conferences and the local chapter meetings, not to forget the books available now. Another, very important way to distribute the available knowledge is to teach! In plenty presentations knowledge is put into slides to share it. The next step is to reuse the information of those presentations and create training material. In a Boot Camp for example, it's not only about telling how to break stuff, but let the attendees break it themselves. Also let them fix the problems, with guidance of the experienced! Projected Outcomes:
|
Winter Of Code 2008 |
---|
Working Session Lead: Paulo Coimbra
Projected Outcomes:
|
Enterprise Security API Project |
---|
Working Session Lead: Jeff Williams Objectives:
Projected Outcomes:
|
ISWG: Browser Security |
---|
Working Session Lead: Arshan Dabirsiaghi Objectives:
Additional Details:
ISWG = Intrinsic Security Working Group
Time: 30 mins Introduction |
ISWG: Web Application Framework Security |
---|
Working Session Lead:Arshan Dabirsiaghi Objectives:
Additional Details:
ISWG = Intrinsic Security Working Group
Time: 30 mins Introduction |
OWASP .NET Project |
---|
Working Session Lead:Mark Roxberry Objectives:
Additional Details:
Projected Outcomes:
|
OWASP Certification |
---|
Working Session Lead:James McGovern Objectives:
Projected Outcomes:
|
Code Review Guide |
---|
Working Session Lead:Eoin Keary Objectives:
Projected Outcomes:
|
OWASP Awards |
---|
Working Session Lead:Colin Watson Objectives:
Additional Details:
|
Business Models Comparable to OWASP Values |
---|
Working Session Lead:Dinis Cruz Objectives:
Projected Outcomes:
|
OWASP Intra Governmental Affairs |
---|
Working Session Lead:Dhruv Soi Objectives:
Projected Outcomes:
|
OWASP ASDR |
---|
Working Session Lead:Leonardo Cavallari Militelli Objectives:
Projected Outcomes:
|
OWASP Documentation Projects |
---|
Working Session Lead:Leonardo Cavallari Militelli Objectives:
collaboration
Projected Outcomes:
|
OWASP Tools Projects |
---|
Working Session Lead:Leonardo Cavallari Militelli Objectives:
Projected Outcomes:
|
OWASP CD/DVD |
---|
Working Session Lead:Matt Tesauro Objectives:
Additional Details:
|
Draft notes
Note: there needs to be a 1h session on the 1st day of working sessions (Tue) to explain the rules of the game, how everything will work and what is expected from each WS (Working Session)
- Working Sessions can meet simultaneously or by some method of time allotment (depends on scheduling and priority)
- Open membership, first order of business is to confirm chair and secretary of group (We can get this setup and discuss on the lists now, so we are running when we get to the Summit)
- Dinis, Paulo suggested that working groups will produce OWASP Initiatives, Statements, Decisions.
- OWASP Initiatives, Statements and Decisions can be distributed in electronic form prior to the Summit or a Working Group assembly.
- Additionally, time should be allocated for anything new at the actual Working Group assembly. (Again, we can get the ball rolling on this now and have discussion and motion at Summit).
- Simple Majority to Pass Motions (I can distribute a Roberts Rules of Order - Lite prior to the meeting to the chair)
- Board Reserves Veto and Tabling Authority at the Summit
- Working Groups:
- OWASP Top 10 2009
- OWASP Governance (e.g. International guidelines, Board member confirmation)
- Projects (e.g. Organize and rate projects, Development plans,Documentation
- Chapter Governance (e.g. Budgets, Activities)
- OWASP Future (e.g. Action Plan for 2009, Investment recommendation, 5 year Outlook)
- Web Vulnerability Assessment (Code Review/Testing)
- Global Community Outreach (PR Issues, Pro Bono opportunities)
- Web Technology (e.g. Browser security wishlist, architectural recommendations, technology recommendations)
Agenda
- Opening Statement
- Motions on the table (1st, 2nd, Vote)
- New Business (new motions, statements for record)
- Closing Statement
- As the first ever of this format, we should invite working group chairs and discuss a potential list of motions to get them started (specifically for
financially related motions, e.g. Dinis mentioned $200K USD investment plan as an example in an earlier e-mail). What kinds of things to start with. Then they can put the ideas to a list or lists for discussion prior to the meeting.
Working Sessions outcomes
- OWASP Initiates: "Spend xyz on Project yyy" , "Plan to organize all OWASP tools / books" , "Stategy to organize and rate ALL OWASP projects", "6 month Development plan for EASPI"
- Public Statements: "Here is the OWASP Top 10 2009", "This is what OWASP's position is on xxx" , "Browser security wish-list for Browsers (IE, Mozilla, Safari and Opera)"
- OWASP Decisions: "Action plan for OWASP in 2009", "Hire x developers to support projects", "next 200k USD investment plan", "OWASP governance and vote of 6th Board Member", "Internaltional OWASP non-profit organizations guidelines",
Summit
- Should a Board Member chair?
- Agenda
- Opening Statement (this is the first Summit, so this is a special thing)
- Overall Summit meeting can be an informational meeting about Working group motions. Board can approve, veto or table motions from Working
Groups. However, if doing this at the Summit, there may be controversial issues where the Board rejects a motion. Each working group has a spot on this agenda.
- OWASP Motions not from Working Groups, allocate time for this.
- Closing Statement