This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Projects/Reports/2014-06-06

From OWASP
Jump to: navigation, search
OWASP Project Header.jpg

Metrics

  • Active Projects: 157
  • Inactive Projects: 131
  • Incubator Projects: 124
  • Lab Projects: 33
  • Flagship Projects: 0

OWASP Project of the Month

Education-project.png

AppSecEU 2014.jpg

  • Project Activity Modules in Cambridge UK
    • The AppSec EU event is coming up fast.
    • We are working hard to prepare for the activities scheduled for the conference.
    • The project leaders are working hard to make sure everything goes according to plan.
    • I will no longer be able to attend the event so they will need to pick up the on-site management during the conference.
  • AppSec EU and 2014 Summit
    • I will no longer be able to attend the AppSec EU conference.
    • This means that I will no longer be involved in the 2014 Project Summit.
    • I will be having 2 hand-off meetings today to guide volunteers on what is left to be done for the Summit, and what to expect during the event.
    • Dinis Cruz and Matt Tesauro have kindly agreed to do the planning and on-site management after next Tuesday.
    • I wish the team the best of luck at the event! Rock it, Summit team! :-)
  • Staff Hand-off
    • Hugo, Kait, Sarah and I had a hand-off call this week to discuss how the team will be moving forward after my departure.
    • There will be many challenges ahead, but I am confident that the team will thrive despite my absence.
    • We successfully developed a plan and reporting structure for all future project administration and design/marketing work.
    • After Tuesday, June 10th, Sarah will be taking on this extra responsibility.
  • Off-boarding
    • I have been working all week to try and consolidate everything I do for the staff and community.
    • I have resigned my post, and my last day on the job is Tuesday, June 10th 2014.
    • I have made a list of daily/weekly tasks I work on, and current projects I am managing.
    • Additionally, I have made a list of Summit needs that will need to be taken on before the June 23/24 event.
  • Daily Project based queries and requests
    • This has not changed much since I began the post: questions are very similar in nature.
    • Global AppSec questions.
    • Funding queries.
    • Travel availability.
    • Project based administrative help.
    • Project status information.
    • Several project donation questions.
    • Marketing questions.
    • Grant funding questions.
    • OWASP social media updates.
    • What's happening with projects, questions.
    • Managing Salesforce cases.

General Awards

  • OWASP OWTF Project: Brucon 5x5 Award
  1. Amount: €5,000.00 (Approx. $6,670.00)
  2. Status: Awarded. Congratulations, Abraham Aranguren and all involved in the project, for your award.

Proposals Awarded

  1. Amount: $25,000 USD
  2. Status: Awarded. The first payment has been allocated to our project budgets. The second invoice has now been sent to Georgia Tech and payment has been received.
  3. OWASP Development Guide Plan
  4. OWASP Testing Guide Plan
  5. OWASP Code Review Guide Plan
  • Google Grants Proposal
  1. Amount: $120,000 USD in Adwords Funds
  2. Status: Awarded.
  3. Note: There is no link to show the proposal for this grant. There was a form that was submitted to Google, and we did not receive a record of this form.
  4. Google Grants Usage Report
  • Google Summer of Code
  1. Amount: $5,500
  2. Status: Awarded
  • Projects breakdown:
    • 4 ZAP Projects: $2,000
    • 4 OWTF Projects: $2,000
    • 1 PHP Security Project: $500
    • 1 Hackademics Project: $500
    • 1 Modsecurity Project: $500
    • Travel Expenses: $1,896.38 (Reimbursement)
    • Note: Big thank you to Fabio Cerullo for coordinating and managing this award.
  1. Amount: $15,000 USD
  2. Status: Awarded.
  • Total Funds Awarded: $172,170 USD for 2013.

Proposals Denied

  • European Commission Grant Proposal
  1. Amount: €250,000
  2. Status: Denied.
  1. Amount: $112,000 USD
  2. Status: Denied
  1. Amount: $25,000 USD
  2. Status: Denied
  1. Amount: $30,000 USD
  2. Status: Denied
  1. Amount: $55,800 USD
  2. Status: Denied

Current Project Funds

OWASP Program Manager leaving OWASP

Dear OWASP Leaders,

I am writing to inform you that I have resigned my post, and I will be concluding my staff work with OWASP on Tuesday, June 10th, 2014. My original last day was meant to be August 8th, 2014, but circumstances have changed and I have had to depart sooner.

I feel sad to leave OWASP as this is one of the best communities I have ever had the pleasure of working with. I consider many of you, family, and I am truly sad to be leaving.

I am confident that this is the best decision for me, and I wish you all the best of luck. If you need me, you know where to find me. :-)

Thank you for the opportunity to get to know you. Keep being amazing! :-)


Best Regards,

Samantha Groves

OWASP 2014 Project Summit Handoff

Agenda for Pre-Summit Handover Meeting

1. New Roles for the Summit

2. Conference Planners:

3. Additional Staff

4. Pre-Summit Planning

    • Manage budgets and expense tracking for Leader travel and hotel expenses. 
    • Manage budgets and expense tracking for summit overall expenses. 
  • Volunteer recruitment
  • AV/Wireless/Equipment needs (Minimum: free wifi for all, at least 2 printers for all to use, Projectors for every room, Monitors for every room.
  • Marketing plan to promote summit
  • Photographer needs to be sourced
  • Film crew if wanted.
  • Make sure each session has at least 4 goals they want to accomplish at the Summit.

5. On-Site Planning

  • Staffing: Make sure all staff know what they need to do, where they need to be, and at what time.
  • Catering: Make sure the catering is set to go (You will need to monitor this every day and make adjustments as the day goes on)
  • AV/Wireless: Make sure the rooms are ready to go with AV/Wireless (This may go smoothly or you will have to deal with this for 4 days straight as it happened in 2013.
  • Travel Mishaps: Make sure the session leaders have made it to the venue
  • Creative Direction: Manage the photography and filming. Communicate the direction of this with the staff for these items. What do you want to visually represent?
  • Matt and Dinis: Make sure you have a second in command that acts as a second you in case you are called away. This person should know everything you do about the Summit and should be able to make decisions in your absence. (I’m sure you got this).

6. Just breathe and have fun! Have a beer for me on Tuesday evening. I will miss you guys. ;-)

Registration: Make sure to register!


I have put together a comprehensive list of the items I work on regularly for OWASP. Now that I will no longer be doing this work after Friday, volunteers will need to be taking this on. Let me know if you have questions. Here it is:

Project Operations

  • Writing of the yearly Project Leader Handbook. This includes adding the content to the wiki.
  • Six month editing of the project leader handbook, in case there are any changes in policy.
  • Keep the following inventories updated:
  • Salesforce Infrastructure Inventory: Need to ask for access.
  • Someone will need to be on every weekly conference call for every region an AppSec is going on.
  • Someone will need to process new project requests.
  • Someone will need to process project cases and e-mails.
  • Someone will need to manage the budgets for each grant we have awarded to us.
  • Someone will need to manage the grant relationships we currently have.
  • Someone will need to manage the design staff and the marketing requests for all of the foundation.
  • Someone will need to manage the payment of our design staff.
  • Someone will need to approve all project expenses, and keep track of these expenses in the appropriate sections.
  • Every 6 months there will need to be a project audit that removes inactive projects.
  • Someone will need to manage long-term volunteer initiatives.
  • During conference, someone will need to manage the implementation of event modules, on-site.
  • Someone will need to manage the social media, because I have been doing a lot of it.
  • Manage wiki project template edits and questions.


Event Module Management

1. Project Event Modules: https://www.owasp.org/index.php/How_to_Host_an_OWASP_Projects_Event_Module

  • There are several project event modules you can have at your conference. Please look at the link above for more info.
  • Generally, you have to do the following to plan for each event.
  • Module pre-planning
  • Regular weekly communication with the volunteers
  • Monthly and quarterly communications with community about module dates
  • Application process to gather volunteer help.
  • Selection process for demos, talks and sessions.
  • On-site management of module.
  • Budgeting, expense tracking, and reporting
  • Project module closure process.


2. Women in AppSec (WIAS): https://www.owasp.org/index.php/Women_In_AppSec

  • Volunteers will need to take this on if they want this at their conference.
  • First you have to raise funds for the Women in AppSec award. Typically, you want 2 sponsors of $3K each.
  • Offer them a mention on the website and the conference program and other materials the WIAS award is mentioned.
  • Develop selection criteria and choose a selection committee of at least 3 people.
  • Develop a marketing plan and execute it: Focus on getting sponsors, getting submissions, and pre/post conference promotion.
  • Select your winner, announce the winner, and make sure her travel, training, and hotel are sorted.
  • Make sure there is someone there to greet the winner and introduce her to other fellow OWASPers.
  • Get her bio and picture to put up on the Women in AppSec Website.


Foundation Grants

I locate grant opportunities for project leaders come to me for advice on an opportunity they have encountered. If the project leader wishes to proceed with a grant opportunity, then I would initiate the grant writing and management process. This is what would occur.

1. Adwords Account

  • Someone will have to go in there and manage it every month.
  • Someone will need to take on the responsibility of helping Leaders set this up for their project, chapters, initiatives, etc.


2. Guidebooks

  • We have three projects with grants here: Code Review Guide, Testing Guide, Development Guide
  • Testing Guide is in the Editing phase, The next phase is design.
  • Code Review Guide is in the writing phase. The book is half complete.
  • Development Guide requires more support and management and contributors. Focus here if you want to help.


3. Someone will need to do the following for all of these projects:

  • Project Planning
  • Regular weekly communication with the volunteers
  • Monthly and quarterly communications with the HOST team on project status
  • Talent resourcing for Editing, Design, publishing, etc.
  • Managing the individual editing, design, and publishing project deliverables for each.
  • Budgeting, expense tracking, and reporting
  • Project closure process.


4. AppSensor

  • The award has been granted for this project, but funds have not been transferred. However, HOST is now in a position where this is going to occur very shortly. Someone will need to manage the following:
  • Project Planning
  • Regular weekly communication with the volunteers
  • Monthly and quarterly communications with the HOST team on project status
  • Talent resourcing for Editing, Design, publishing, etc.
  • Budgeting, expense tracking, and reporting
  • Project closure process.


OWASP Mini Summits

This involves getting project leaders together to participate working sessions. This is a very brief list of what generally occurs, and what needs to be done to put one together. For more detailed information, see the 2013 Project Summit Report: https://www.owasp.org/images/c/c3/OWASP_2013_PROJECT_SUMMIT_REPORT.pdf

Generally these are the tasks involved:

1. Pre-Summit Planning

  • Secure a budget of no less than $20,000
  • Make sure to offer sponsorship opportunities: $5,000k per sponsor (mention in the conference program, and website, and banner at the event.
  • Locate a venue (book for 2-4 days, make sure it is no more than 20% of your budget)
  • Develop a floor plan with the space you have
  • Allocate time slots for each session so you know how much space you can offer Leaders
  • Sort out Catering: This will be your most expensive cost next to the venue
  • Make sure to remember beer/wine at 5pm each day
  • AV/Wireless/Equipment needs (Minimum: free wifi for all, at least 2 printers for all to use, Projectors for every room, Monitors for every room.
  • Summit on-site staffing (please see 2013 report for detailed staffing needs)
  • Marketing plan to promote summit
  • Get wiki page to promote the summit finished. Update with relevant information.
  • Photographer needs to be sourced
  • Film crew (can be volunteer: contact Jonathan Marcil and cover his travel expenses. He is great at this)
  • You will need to create a visual identity for the summit (Contact Hugo Costa) Make sure your summit visual identity is similar to the conference it is running next to if it is happening at the same time as an AppSec.
  • Gather the summit sessions Leaders want to participate in.
  • Make sure each session has at least 4 goals they want to accomplish at the Summit.
  • Manage budgets and expense tracking for Leader travel and hotel expenses.
  • Manage budgets and expense tracking for summit overall expenses.


2. During the Summit

  • Make sure all staff know what they need to do, where they need to be, and at what time.
  • Make sure the catering is set to go (You will need to monitor this every day and make adjustments as the day goes on)
  • Make sure the rooms are ready to go with AV/Wireless (This may go smoothly or you will have to deal with this for 4 days straight as it happened in 2013.
  • Make sure the session leaders have made it to the venue
  • Manage the photography and filming. Communicate the direction of this with the staff for these items. What do you want to visually represent?
  • Make sure you have a second in command that acts as a second you in case you are called away. This person should know everything you do about the Summit and should be able to make decisions in your absence.


Marketing and Design

This involves all of the work Hugo is doing, along with helping build a bridge between our “client” and the designer. Being the buffer, if you will. For this role, I did the following:

  • Developed job description
  • Promote Opportunity via our Marketing Channels
  • Process applications
  • Interview Candidates
  • Pick top 5 for a second interview
  • 2nd Interview
  • Pick a top candidate and make an offer
  • On-boarding process: Guide through OWASP, set up of accounts, explanation of responsibilities, first tasks


1. Ongoing

  • Set Up system to manage workload and workflow in Salesforce
  • Developed menu of services.
  • Ensured that the creative briefs had the appropriate specifications for Hugo
  • Daily communication with Hugo about projects.
  • Daily interaction with design clients from our community.
  • Use expertise to get projects completed by providing appropriate specs to Hugo based on client needs and agreements.


Interns

I am not sure if you will want to continue running this program. I recommend that it does not continue to run as this team’s work load is going to increase by 50% if the roles are not replaced. For this role, I did the following:

  • Write intern job description
  • Promote Opportunity via our Marketing Channels
  • Process applications
  • Interview Candidates
  • Pick top 5 for a second interview
  • 2nd Interview
  • Pick a top candidate and make an offer
  • On-boarding process: Guide through OWASP, set up of accounts, explanation of responsibilities, first tasks


1. Ongoing

  • Closely monitor progress, workload, educational milestones, weekly reports.
  • Weekly calls for progress report
  • Daily communication with intern and daily tasks and milestones


There is probably more, but that is what I can think of at the moment. Let me know if you have questions.