This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Owasp Italy Appsec agenda"

From OWASP
Jump to: navigation, search
(2015)
(Date an opensource project)
Line 12: Line 12:
  
 
In order to build a culture of security, filling the gap with developers we want to adopt opensource projects, doing code review and penetration tests over it, providing developers security feedbacks to raise the bar for attackers.
 
In order to build a culture of security, filling the gap with developers we want to adopt opensource projects, doing code review and penetration tests over it, providing developers security feedbacks to raise the bar for attackers.
 +
 +
==== Stuff to be done ====
 +
 +
[https://twitter.com/_ikki Luca Carettoni @_ikki] proposes a formal engagement process to adopt an opensource project, making assessments and giving feedbacks. We are evaluating how to procede, creating a framework to #fillthegap.
 +
We are also wondering about creating some whitepapers to help development team introducing appsec.
 +
 +
Popular projects that are candidate to be adopted are:
 +
* [http://symfony.com/ Symfony]
 +
* [http://rubyonrails.org Ruby on rails]
 +
* [http://angular.js Angular.js]
 +
* more to come
  
 
=== Build a local meetup network ===
 
=== Build a local meetup network ===

Revision as of 10:55, 28 January 2015

This is the Application Security Agenda for Owasp Italian chapter. Please note, this is not a page for an appsec conference, this page is about an application security strategy for the Italian chapter in order to give a boost for activities and to be used year by year to measure how things went in our Country.

2015

Goals for 2015

  • Date an opensource project
  • Build a local meetup network
  • Communication boost

Date an opensource project

In order to build a culture of security, filling the gap with developers we want to adopt opensource projects, doing code review and penetration tests over it, providing developers security feedbacks to raise the bar for attackers.

Stuff to be done

Luca Carettoni @_ikki proposes a formal engagement process to adopt an opensource project, making assessments and giving feedbacks. We are evaluating how to procede, creating a framework to #fillthegap. We are also wondering about creating some whitepapers to help development team introducing appsec.

Popular projects that are candidate to be adopted are:

Build a local meetup network

In Italy, application security specialists don't meet each other and, more important, they don't meet developers and stakeholders in informal meetups to spread the #appsec credo. There are some focused security events (Infosecurity, Security Summit) but they are organized by security guys for other security guys and there are more formal state-of-art event in the Italian panorama.

We feel the need of creating informal meetups were appsec guys gather each other java people, php people, ruby people, .Net people, UX people, entrepreneurs in order to build strong security basements for people make the real web.

Communication boost

People who wants to use IRC to chat with Owasp Italy members can use irc server chat.freenode.net on channel #owasp-italy