This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Working Session Top 10 2009

From OWASP
Revision as of 13:40, 21 October 2008 by Wichers (talk | contribs)

Jump to: navigation, search
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Work Session Name OWASP Top 10 2009
Short Work Session Description Aims to provide a key awareness document for web application security.
Related Projects (if any) OWASP Top Ten Project
Email Contacts & Roles Chair
Dave Wichers
Secretary
Jeff Williams
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  • Discuss current Top10 structure and objectives,
  • Identify which information sources will be considered for analysis, Eg:
    • MITRE
    • Compromise DB's (Attrition, WASC etc) and bias due to reporting
    • Anonomised penetration test results and the difficulty in obtaining
  • Define methodology to collect attacks statistics,
  • Define prioritisation approach
    • Agree weighting between current or emerging threats
Venue/Date&Time/Model Venue
OWASP EU Summit Portugal 2008
Date&Time
November 5 & 7, 2008
Time TBD
Discussion Model
"Participants + Attendees"
WORKING SESSION OPERATIONAL RESOURCES
Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
WORKING SESSION ADDITIONAL DETAILS
Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.

Potential Resources:

WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions Proposed by Working Group Approved by OWASP Board
The sources of input for the 2009 Top 10 will be identified. After the Board Meeting - fill in here.
The ordering scheme for the Top 10 will be determined. After the Board Meeting - fill in here.
Discussion of whether the existing document structure should be maintained or adjusted. After the Board Meeting - fill in here.

Working Session Participants

(Add your name by editing this table. On the right, just above this frame, you have the option to edit)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
1 Paolo Perego Spike Reply As penetration tester it woud be great to me to participating in writing the new Top 10. As code reviewer and Orizon project leader it would be very interesting in scouting dynamic threats in order to add some dynamic feature to my tool.
2 David Campbell OWASP Denver
3 Robert Mann RBS / ABN AMRO
4 Troy Leach PCI Security Standards Council Technical Director
5 Eoin Keary Ernst & Young. Long time OWASP member (Code and Testing guides)
6 Matteo Meucci Minded Security I'd like to discuss about a new way to create the Top10 from the OWASP Community
7 Giorgio Fedon Minded Security
8
9
10

If needed add here more lines.