This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP EU Summit 2008 Working Sessions"

From OWASP
Jump to: navigation, search
(WORKING SESSIONS - November 3rd, 4th & 5th (Mon, Tue & Wed))
(WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS))
Line 174: Line 174:
 
ISWG = Intrinsic Security Working Group<br/>
 
ISWG = Intrinsic Security Working Group<br/>
 
Frameworks to invite: .NET, J2EE, Spring, Struts, ASP.NET MVC, RnR, PhP, etc...<br/>
 
Frameworks to invite: .NET, J2EE, Spring, Struts, ASP.NET MVC, RnR, PhP, etc...<br/>
 +
'''Projected Outcomes:'''
 +
* {outcome 1}
 +
* {outcome 2}
 +
* {outcome 3}
 +
|-
 +
{| style="width:80%" border="0" align="center"
 +
! align="center" style="background:#4058A0; color:white" |
 +
==== <font color="white"> OWASP .NET Project </font>====
 +
 +
  |-
 +
| style="background:#F2F2F2" |
 +
'''Working Session Lead:'''Mark Roxberry<br/>
 +
'''Working Session Team:''' TBD<br/>
 +
'''Working Sessions Organization Model''': "Everybody is an Participant" <br/>
 +
'''Objectives:'''
 +
* {objective 1}
 +
* {objective 2}
 +
* {objective 3}
 +
'''Additional Details:'''<br/>
 +
...<br/>
 
'''Projected Outcomes:'''
 
'''Projected Outcomes:'''
 
* {outcome 1}
 
* {outcome 1}

Revision as of 23:29, 8 September 2008

THIS IS STILL under heavy UPDATES (i.e. work in progress)

WORKING SESSIONS - November 3rd, 4th & 5th (Mon, Tue & Wed)

Monday Morning

  • OWASP ISWG: Browser Security (part 1) - 4h . . . (ISWG = Intrinsic Security Working Group)

Monday Afternoon

  • ISWG: Browser Security (part 2) - 4h

Tuesday Morning

  • Working Sessions Operational model - 1h , ALL to attend
  • OWASP Strategic Planning for 2009 - 3h
  • OWASP Tool's Projects (consolidation action-plan) - 3h
  • OWASP Documentation Projects (consolidation action-plan) - 3h
  • OWASP ISWG: Web Application Framework Security (part 1) - 4h . . . (ISWG = Intrinsic Security Working Group)


Tuesday Afternoon

  • OWASP Top 10 2009 - 3h
  • Winter Of Code 2009 - 4h
  • Code Review (next version) - 3h
  • Testing Guide (next version) -3h
  • OWASP ISWG: Web Application Framework Security (part 2) - 4h
  • OWASP .NET Project - 2h

Wednesday Morning

  • OWASP Education Project - 4h
  • ESAPI Project - 4h
  • OWASP Certifications - 4h
  • OWASP Application Security Desk Reference (ASDR) - 4h

Wednesday Afternoon

  • OWASP Awards - 2h
  • OWASP Website -2h
  • OWASP Advisory Board (private presentation) - 2h
  • OWASP Board Meeting (public session) - 3h

WORKING SESSIONS - November 4rd & 5th (Tue & Wed) (DETAILS)

OWASP Top 10 2009

Working Session Lead: {name}
Working Session Team: {name}
Working Sessions Organization Model: "Everybody is an Participant" or "Invited Participants + Attendees"
Objectives:

  • {objective 1}
  • {objective 2}
  • {objective 3}

Additional Details: ...
Projected Outcomes:

  • {outcome 1}
  • {outcome 2}
  • {outcome 3}

OWASP Strategic Planning

Working Session Lead: {name}
Working Session Team: {name}
Working Sessions Organization Model: "Everybody is an Participant" or "Invited Participants + Attendees"
Objectives:

  • {objective 1}
  • {objective 2}
  • {objective 3}

Additional Details: ...
Projected Outcomes:

  • {outcome 1}
  • {outcome 2}
  • {outcome 3}

OWASP Education Project

Working Session Lead: Sebastien Deleersnyder
Working Session Team: TBD
Working Sessions Organization Model: "Everybody is an Participant" or "Invited Participants + Attendees"
Objectives:

  • {objective 1}
  • {objective 2}
  • {objective 3}

Additional Details: ...
Projected Outcomes:

  • {outcome 1}
  • {outcome 2}
  • {outcome 3}

Winter Of Code 2009

Working Session Lead: Paulo Coimbra
Working Session Team: TBD
Working Sessions Organization Model: "Everybody is an Participant"
Objectives:

  • {objective 1}
  • {objective 2}
  • {objective 3}

Additional Details: ...
Projected Outcomes:

  • {outcome 1}
  • {outcome 2}
  • {outcome 3}

ESAPI Project

Working Session Lead: Jeff Williams
Working Session Team: TBD
Working Sessions Organization Model: "Everybody is an Participant" or "Invited Participants + Attendees"
Objectives:

  • {objective 1}
  • {objective 2}
  • {objective 3}

Additional Details: ...
Projected Outcomes:

  • {outcome 1}
  • {outcome 2}
  • {outcome 3}

ISWG: Browser Security

Working Session Lead: Arshan Dabirsiaghi
Working Session Team: TBD
Working Sessions Organization Model: "Invited Participants + Attendees"
Objectives:

  • {objective 1}
  • {objective 2}
  • {objective 3}

Additional Details: ISWG = Intrinsic Security Working Group
Browsers to invite: IE,FF, Safari, Opera and Chrome
Projected Outcomes:

  • {outcome 1}
  • {outcome 2}
  • {outcome 3}

ISWG: Web Application Framework Security

Working Session Lead:Arshan Dabirsiaghi
Working Session Team: TBD
Working Sessions Organization Model: "Invited Participants + Attendees"
Objectives:

  • {objective 1}
  • {objective 2}
  • {objective 3}

Additional Details: ISWG = Intrinsic Security Working Group
Frameworks to invite: .NET, J2EE, Spring, Struts, ASP.NET MVC, RnR, PhP, etc...
Projected Outcomes:

  • {outcome 1}
  • {outcome 2}
  • {outcome 3}

OWASP .NET Project

Working Session Lead:Mark Roxberry
Working Session Team: TBD
Working Sessions Organization Model: "Everybody is an Participant"
Objectives:

  • {objective 1}
  • {objective 2}
  • {objective 3}

Additional Details:
...
Projected Outcomes:

  • {outcome 1}
  • {outcome 2}
  • {outcome 3}

Draft notes

Note: there needs to be a 1h session on the 1st day of working sessions (Tue) to explain the rules of the game, how everything will work and what is expected from each WS (Working Session)

  • Working Sessions can meet simultaneously or by some method of time allotment (depends on scheduling and priority)
  • Open membership, first order of business is to confirm chair and secretary of group (We can get this setup and discuss on the lists now, so we are running when we get to the Summit)
  • Dinis, Paulo suggested that working groups will produce OWASP Initiatives, Statements, Decisions.
  • OWASP Initiatives, Statements and Decisions can be distributed in electronic form prior to the Summit or a Working Group assembly.
    • Additionally, time should be allocated for anything new at the actual Working Group assembly. (Again, we can get the ball rolling on this now and have discussion and motion at Summit).
    • Simple Majority to Pass Motions (I can distribute a Roberts Rules of Order - Lite prior to the meeting to the chair)
  • Board Reserves Veto and Tabling Authority at the Summit
  • Working Groups:
    • OWASP Top 10 2009
    • OWASP Governance (e.g. International guidelines, Board member confirmation)
    • Projects (e.g. Organize and rate projects, Development plans,Documentation
    • Chapter Governance (e.g. Budgets, Activities)
    • OWASP Future (e.g. Action Plan for 2009, Investment recommendation, 5 year Outlook)
    • Web Vulnerability Assessment (Code Review/Testing)
    • Global Community Outreach (PR Issues, Pro Bono opportunities)
    • Web Technology (e.g. Browser security wishlist, architectural recommendations, technology recommendations)

Agenda

  • Opening Statement
  • Motions on the table (1st, 2nd, Vote)
  • New Business (new motions, statements for record)
  • Closing Statement
  • As the first ever of this format, we should invite working group chairs and discuss a potential list of motions to get them started (specifically for

financially related motions, e.g. Dinis mentioned $200K USD investment plan as an example in an earlier e-mail). What kinds of things to start with. Then they can put the ideas to a list or lists for discussion prior to the meeting.


Working Sessions outcomes

  • OWASP Initiates: "Spend xyz on Project yyy" , "Plan to organize all OWASP tools / books" , "Stategy to organize and rate ALL OWASP projects", "6 month Development plan for EASPI"
  • Public Statements: "Here is the OWASP Top 10 2009", "This is what OWASP's position is on xxx" , "Browser security wish-list for Browsers (IE, Mozilla, Safari and Opera)"
  • OWASP Decisions: "Action plan for OWASP in 2009", "Hire x developers to support projects", "next 200k USD investment plan", "OWASP governance and vote of 6th Board Member", "Internaltional OWASP non-profit organizations guidelines",

Summit

  • Should a Board Member chair?
  • Agenda
    • Opening Statement (this is the first Summit, so this is a special thing)
    • Overall Summit meeting can be an informational meeting about Working group motions. Board can approve, veto or table motions from Working

Groups. However, if doing this at the Summit, there may be controversial issues where the Board rejects a motion. Each working group has a spot on this agenda.

    • OWASP Motions not from Working Groups, allocate time for this.
    • Closing Statement