This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Working Session - Web Application Framework Security"
From OWASP
(12 intermediate revisions by 6 users not shown) | |||
Line 9: | Line 9: | ||
|- | |- | ||
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' | | style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' | ||
− | | colspan="6" style="width:85%; background:#cccccc" align="left"| | + | | colspan="6" style="width:85%; background:#cccccc" align="left"|Generate |
|- | |- | ||
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)''' | | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)''' | ||
− | | colspan="6" style="width:85%; background:#cccccc" align="left"| | + | | colspan="6" style="width:85%; background:#cccccc" align="left"|Brainstorming on how to introduce more useful security into our web application frameworks |
OWASP ISWG (Intrinsic Security Working Group) - Web Application Framework Security | OWASP ISWG (Intrinsic Security Working Group) - Web Application Framework Security | ||
|- | |- | ||
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles''' | | style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles''' | ||
| style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:arshan.dabirsiaghi(at)aspectsecurity.com '''Arshan Dabirsiaghi'''] | | style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:arshan.dabirsiaghi(at)aspectsecurity.com '''Arshan Dabirsiaghi'''] | ||
− | | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto: | + | | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:kuai.hinojosa(at)owasp.org '''Kuai Hinojosa'''] |
| style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-iswg-web-application-framework-security '''Subscription Page'''] | | style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-iswg-web-application-framework-security '''Subscription Page'''] | ||
|} | |} | ||
Line 30: | Line 30: | ||
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model''' | | style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model''' | ||
| style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] | | style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] | ||
− | | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5 | + | | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5, 2008 <br>Time 9:00AM |
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees" | | style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees" | ||
|} | |} | ||
Line 40: | Line 40: | ||
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' | ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' | ||
|- | |- | ||
− | | style="width:100%; background:#cccccc" align="center"| | + | | style="width:100%; background:#cccccc" align="center"|Projector, whiteboards, markers, Internet connectivity, power |
|} | |} | ||
{| style="width:100%" border="0" align="center" | {| style="width:100%" border="0" align="center" | ||
Line 49: | Line 49: | ||
|- | |- | ||
| style="width:100%; background:#cccccc" align="left"| | | style="width:100%; background:#cccccc" align="left"| | ||
+ | * '''Related resources:''' [[OWASP_Working_Session_-_Browser_Security_Letters]] | ||
* '''Frameworks to invite:''' .NET, J2EE, Spring, Struts, ASP.NET MVC, RoR, PHP, etc. | * '''Frameworks to invite:''' .NET, J2EE, Spring, Struts, ASP.NET MVC, RoR, PHP, etc. | ||
+ | ** 10 Oct: "Open Letter to Frameworks (version for open mailing lists)" sent to | ||
+ | *** Ruby-on-Rails Core mailing list | ||
+ | *** Springnet Developer mailing list | ||
+ | *** Struts Dev mailing list | ||
+ | |||
|} | |} | ||
{| style="width:100%" border="0" align="center" | {| style="width:100%" border="0" align="center" | ||
Line 64: | Line 70: | ||
| style="width:7%; background:#7B8ABD" align="center"| | | style="width:7%; background:#7B8ABD" align="center"| | ||
| style="width:46%; background:#C2C2C2" align="center"|Identify points-of-contact for frameworks. | | style="width:46%; background:#C2C2C2" align="center"|Identify points-of-contact for frameworks. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | ||
|} | |} | ||
Line 83: | Line 81: | ||
| style="width:15%; background:#cccccc" align="center"|'''Company''' | | style="width:15%; background:#cccccc" align="center"|'''Company''' | ||
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed''' | | style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed''' | ||
+ | |- | ||
+ | | style="width:7%; background:#7B8ABD" align="center"| - | ||
+ | | style="width:15%; background:#cccccc" align="center"| TDB (Officially Invited by OWASP) | ||
+ | | style="width:15%; background:#cccccc" align="center"| http://forums.asp.net/Themes/fan/images/roleicons/dff6f773-6732-4cd8-addf-42a8ab367d22.gif | ||
+ | | style="width:63%; background:#cccccc" align="center"| Official Representative from Microsoft's ASP.NET team | ||
+ | |- | ||
+ | | style="width:7%; background:#7B8ABD" align="center"| - | ||
+ | | style="width:15%; background:#cccccc" align="center"| TDB (Officially Invited by OWASP) | ||
+ | | style="width:15%; background:#cccccc" align="center"| http://metawidget.sourceforge.net/media/logo-struts.gif | ||
+ | | style="width:63%; background:#cccccc" align="center"| Official Representative from Apache Struts team | ||
+ | |- | ||
+ | | style="width:7%; background:#7B8ABD" align="center"| - | ||
+ | | style="width:15%; background:#cccccc" align="center"| TDB (Officially Invited by OWASP) | ||
+ | | style="width:15%; background:#cccccc" align="center"| http://boedesign.com/wp-content/themes/bd5/images/cakephp.gif | ||
+ | | style="width:63%; background:#cccccc" align="center"| Official Representative from CakePHP team | ||
+ | |- | ||
+ | | style="width:7%; background:#7B8ABD" align="center"| - | ||
+ | | style="width:15%; background:#cccccc" align="center"| TDB (Officially Invited by OWASP) | ||
+ | | style="width:15%; background:#cccccc" align="center"| http://www.tutorialized.com/upload/20070625154105_rails.jpg | ||
+ | | style="width:63%; background:#cccccc" align="center"| Official Representative from Ruby-on-Rails team | ||
+ | |- | ||
+ | | style="width:7%; background:#7B8ABD" align="center"| - | ||
+ | | style="width:15%; background:#cccccc" align="center"| TDB (Officially Invited by OWASP) | ||
+ | | style="width:15%; background:#cccccc" align="center"| http://www.springframework.net/doc-1.1-M1/reference/html/images/xdev-spring_logo.jpg | ||
+ | | style="width:63%; background:#cccccc" align="center"| Official Representative from Spring.NET team | ||
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|1 | | style="width:7%; background:#7B8ABD" align="center"|1 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Mario Heiderich |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Independent |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|General Expertise |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|2 | | style="width:7%; background:#7B8ABD" align="center"|2 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Gareth Heyes |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Independent |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|General Expertise |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|3 | | style="width:7%; background:#7B8ABD" align="center"|3 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Marcin Wielgoszewski |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Protiviti |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|4 | | style="width:7%; background:#7B8ABD" align="center"|4 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Adam Baso |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Symantec |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|5 | | style="width:7%; background:#7B8ABD" align="center"|5 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Giorgio Fedon |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Minded Security |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|6 | | style="width:7%; background:#7B8ABD" align="center"|6 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Colin Watson |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"| Watson Hall |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|7 | | style="width:7%; background:#7B8ABD" align="center"|7 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Esteban Ribicic |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|HP |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Participant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|8 | | style="width:7%; background:#7B8ABD" align="center"|8 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"| Daniele Bellucci |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"| Communication Valley |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"| Partecipant |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|9 | | style="width:7%; background:#7B8ABD" align="center"|9 | ||
Line 135: | Line 158: | ||
|} | |} | ||
If needed add here more lines. | If needed add here more lines. | ||
+ | |||
+ | [[Category:OWASP_Working_Session]] |
Latest revision as of 16:20, 1 November 2008
Working Sessions Operational Rules - Please see here the general frame of rules. |
---|
WORKING SESSION IDENTIFICATION | ||||||
---|---|---|---|---|---|---|
Work Session Name | ISWG Web Application Framework Security | |||||
Short Work Session Description | Generate | |||||
Related Projects (if any) | Brainstorming on how to introduce more useful security into our web application frameworks
OWASP ISWG (Intrinsic Security Working Group) - Web Application Framework Security | |||||
Email Contacts & Roles | Chair Arshan Dabirsiaghi |
Secretary Kuai Hinojosa |
Mailing list Subscription Page |
WORKING SESSION SPECIFICS | ||||||
---|---|---|---|---|---|---|
Objectives |
| |||||
Venue/Date&Time/Model | Venue OWASP EU Summit Portugal 2008 |
Date&Time November 5, 2008 Time 9:00AM |
Discussion Model "Participants + Attendees" |
WORKING SESSION OPERATIONAL RESOURCES | ||||||
---|---|---|---|---|---|---|
Projector, whiteboards, markers, Internet connectivity, power |
WORKING SESSION ADDITIONAL DETAILS | ||||||
---|---|---|---|---|---|---|
|
WORKING SESSION OUTCOMES | ||
---|---|---|
Statements, Initiatives or Decisions | Proposed by Working Group | Approved by OWASP Board |
Actionable advice for each individual frameworks . | After the Board Meeting - fill in here. | |
Identify points-of-contact for frameworks. | After the Board Meeting - fill in here. |
Working Session Participants
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
WORKING SESSION PARTICIPANTS | ||||||
---|---|---|---|---|---|---|
Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
- | TDB (Officially Invited by OWASP) | Official Representative from Microsoft's ASP.NET team | ||||
- | TDB (Officially Invited by OWASP) | Official Representative from Apache Struts team | ||||
- | TDB (Officially Invited by OWASP) | Official Representative from CakePHP team | ||||
- | TDB (Officially Invited by OWASP) | Official Representative from Ruby-on-Rails team | ||||
- | TDB (Officially Invited by OWASP) | Official Representative from Spring.NET team | ||||
1 | Mario Heiderich | Independent | General Expertise | |||
2 | Gareth Heyes | Independent | General Expertise | |||
3 | Marcin Wielgoszewski | Protiviti | Participant | |||
4 | Adam Baso | Symantec | Participant | |||
5 | Giorgio Fedon | Minded Security | Participant | |||
6 | Colin Watson | Watson Hall | Participant | |||
7 | Esteban Ribicic | HP | Participant | |||
8 | Daniele Bellucci | Communication Valley | Partecipant | |||
9 | ||||||
10 |
If needed add here more lines.