This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Summit 2011"

Jump to: navigation, search
(Undo revision 127510 by Dinis.cruz (talk))
(112 intermediate revisions by 14 users not shown)
Line 1: Line 1:
==== Welcome  ====
{| cellspacing="0" cellpadding="20" border="0" class="FCK__ShowTableBorders"
| [[Image:OWASPGlobalSummitLogo-3THISONEHASTHEMOSTVOTESSOFAR.jpg|border|center|462x347px]]
! width="600" align="center" |  
! width="600" align="center" |
=== Dear OWASP Leaders and appsec community,  ===
<br>The Summit will be held February 8th-11th at [ CampoReal Resort] in central Oeste Portugal, 38 km north of Lisbon and 18 km inland from the Atlantic Ocean. This will be the place where appsec experts meet, discuss, work, socialize, and set the roadmap for OWASP in coming years. <br><br>
=== The Summit Activates *You*  ===
Whereas the OWASP AppSec conferences are great places to listen to interesting talks, go for training, and meet with OWASP people, the Global Summit is the place where we all sit down together and take the time to discuss and work out plans, projects and solutions for the appsec future.
Examples of topics:
*How should we support the OWASP projects?
*How can we work with browser vendors to enhance security (see "Browser Day" tab above)?
*How should the community reach out to developers and education institutions?
*How often should we publish the OWASP Top 10?
*How can OWASP support your chapter?
| valign="top" |  
| align="center" | [[Image:Final summit logo half.jpg|link=]] <br/>
=== Organizing Committee  ===
| align="center" | [[Image:Summit_Report_Title.JPG|link=]] <br/> [ Click here to view the report!]<br/>[[:Summit_2011_Outcomes| Click here to view all Summit documentation including session notes and presentations.]]<br/>
[[User:Lorna Alamri|Lorna Alamri]], [[User:Bradcausey|Brad Causey]], [[User:Justin42|Justin Clarke]], [[User:Paulo Coimbra|Paulo Coimbra]], [[User:Dinis.cruz|Dinis Cruz]], [[User:Knoblochmartin|Martin Knobloch]], [[User:Wichers|Dave Wichers]], [[User:John.wilander|John Wilander]], and&nbsp;[[User:Jason Li|Jason Li]].
| valign="top" |
=== Who's Invited?  ===
As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info.  
<!---[[Image:Summit Group 4.jpg|border|OWASP Summit 2008 in Portugal]] --->
====Summit Links====
*[ Summit Pictures]
*[[Summit 2011/Open letter to WebAppSec Tool and Services vendors: Release your schemas and allow automation|Open letter to WebAppSec Tool and Services vendors]]
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]]<br/>
*[[Summit 2011 Attendee|Who is going?]]<br/>
*[[Summit 2011/Venue|Where is the venue?]]<br/>
*[[Summit_2011_Corporate_Sponsorship|How can I become a corporate sponsor?]]<br/>
*[[Summit_2011_FAQ|Other Frequently Asked Questions]]<br/>
*[[Summit_2011/Emails_To_Attendees|Emails to Attendees]]<br/>
*[[:Category:Summit 2011 Tracks|Summit 2011 Working Sessions]]<br/>
*[ If you can't attend in person, register here for remote participation]
*[ Video Broadcast Channels]
*[[Summit_2011_Archived|Summit 2011 Archived]]<br/>
*[[Summit 2011 Internals|Summit 2011 Internals]]
==== OWASP Around the World  ====
OWASP is a fast growing global community. How should we support and manage this growth? During this session we'll look into issues of:
*[ Internationalization]
==== Video of Summit ====
*The [ global job board]
*New OWASP chapters in parts of the world where we have not spread much yet
==== More Topics  ====
=== Vimeo ===
You know how OWASP works - it's all up to you. Please '''edit this tab and enter topics we should cover''' during the Global Summit 2011! If you want you can add your name after each suggestion and we can work out the details with you.  
*Discussion on Douglas Crockford's bold statement that we should stop HTML5 development, fix XSS, and then start over. Is he right? How is OWASP active in the HTML5 development? Check [ this webcast], jump to 20:50 to hear the XSS part. /John Wilander
=== YouTube Intro ===
*Better engagement/partnerships with the development community - Mark Bristow
*Ways to recognize participation in OWASP in a tangable way - Mark Bristow
*Foundation/Board/Committee Governance &amp; Standardization - Mark Bristow
*OWASP Website
*OWASP Branding
*Can/should OWASP push for fundamental change to flawed specs?
**OWASP Influence change - or - Is it enough to make/use bandages on poor specs?
***HTML spec - separate data and code
***HTTP - CSRF should be at a much lower level than the app layer
***OpenID - transparent login is a security issue
***SSL - long list of CAs, who delegate CAs <recurse> - trust? security?
*[Your topic here]
==== How Do I Join? / Mailing list  ====
As an OWASP leader you are automatically invited to the summit. Cost to attend the summit is $800 USD (shared accommodations)&nbsp;plus travel expenses. Please see "Applying for Chapter and Project Funding" and "Letters and Summit Materials" tabs for more information on finding funding help for expenses.
The first thing to do is to join the [ Summit 2011 mailing list].
[ Summit Pictures]
On the mailing list you'll get first hand information on how to register, exact dates, updates to the agenda, funding for your trip etc.  
==== Creating OWASP 4.0! ====
If you are a leading appsec expert from industry or academia but not yet an OWASP leader you can just contact John.Wilander at and we'll try to get you in.
==== Social Events ====
==== Fixed Schedule ====
[[:Summit_2011_Schedule|Click HERE to view the entire summit fixed schedule. This is just a sample.<br/>]]
[[Image:Agenda Unvarying 2.jpg|link=Summit_2011_Schedule]]
It goes without saying - the summit is all about meeting people. So there will be a constant mixture of workshops, dinners, beers and wine. We like to think of the summit as a very social event in itself.  
==== Dynamic Schedule ====
[[:Summit_2011_Schedule_Dynamic|Click HERE to view the entire summit dynamic schedule. This is just a sample<br/>]]
[[Image:Agenda Dynamic 2.JPG|link=Summit 2011 Schedule Dynamic]]
==== Summit Pricing and Reservations  ====
==== Remote Participants ====
[[:Summit_2011/Remote_Participants|Details on how to participate remotely are HERE.]]
==== Venue  ====
[[Image:Hotel entrance 697x395.jpg]]
Below is the link to the Venue of the 2011 OWASP Global Summit -- CampoReal Resort. CampoReal is located in central Oeste Portugal 38 km north of Lisbon and 18 km inland from the Atlantic Ocean.<br>
[ Download a PDF factsheet about CampoReal Resort]
The hotel has an Airport Shuttle, Gym and Fitness Center, Gootball camp, Horse Back Riding, Day Spa, Internet WiFi, and Golfcourse as well as many other amenities.
Meals and coffee breaks will be provided by OWASP.<br>
'''Villa Accommodations:'''<br>
Residence-Pool 3 or 4 bedrooms<br>- Villa
Each Residence includes:<br>- Private bathroom(s)<br>- Kitchenette<br>- Balcony or garden<br>- Swimming-pool shared by apartment/townhouse block<br>- Residence-Pool for 3 bedroom and 4 bedroom villas include a private swimming-pool
'''A Day in Lisbon, Portugal:'''
[[Image:Cascais2.jpg]]<br><br>Click this link to see all the City of Lisbon has to offer, which is only a short train ride from the resort.<br>[]<br>or<br>[]<br>'''Lisbon''' - Spreading out along the right bank of the Tagus, its downtown, the Baixa, is located in the 18th-century area around Rossio. East of the arcade Praça do Comércio, are the medieval quarters of Alfama and Mouraria, crowned by the magnificent St. George's Castle. To the west lie Bairro Alto and Madragoa, with their typical streets, and on the western extreme is Belém, with its Belém Tower, (the sentinel over the Tagus river that protects the entrance into Lisbon), the Jerónimos Monastery (masterpieces of Manueline architecture and classified in UNESCO's International Heritage list) and the Cultural Center of Belém.[ <br>Museums:] Ancient Art, Chiado (Contemporary Art), Tile, Archaeology, Ethnology, Coach, Costume, Theater, Maritime, Military, City, Gulbenkian, Modern Art Center, and the Ricardo Espirito Santo Silva Foundation. Palaces open to the public: Ajuda and Fronteira. Churches: Cathedral (with Treasury); São Vicente de Fora; Conceição Velha (Manueline), São Roque and Sacred Art; Madre Deus; Santa Engrácia Pantheon (Baroque), and the Estrela Basilica.<br>[ Shopping:] Downtown; Avenida de Roma, Praça de Londres, Avenida Guerra Junqueiro, and Amoreiras. <br>[ Nightlife:] Bairro Alto and Avenida 24 de Julho.<br>[ Guided Tours]<br><br>
==== Sponsoring  ====
We will welcome a few sponsors of this very special event, typically organization that participate in the summit.
A number of opportunities to sponsor attendees are available:
* For organizations that are sponsoring their employees attending the summit, logo promotion and links on the Summit Attendee page
* Organizations can sponsor an individual non-employee attendee for USD$2,000, with associated logo promotion and links on the Summit Attendee page
* Organizations can sponsor an entire villa (5 attendees) for USD$10,000, with associated logo promotion and links on the Summit Attendee page, promotional mentions, and on-site promotion and photo opportunities (such as banner advertising on the sponsored villa)
Other sponsorship options are under discussion, and will be posted here soon.
If you are interested in supporting the global summit, please contact Lorna.Alamri at
==== Attending the Summit  ====
The summit is open to the OWASP community, and the members of the general Application Security community invited to participate and add to the summit working sessions.
Some leaders that are active within OWASP may qualify to have all or partial transportation and lodging paid for by OWASP.<br>To be considered for qualification, you must meet one or more of the following criteria:
#Member of the OWASP Board
#Active member of a Global Committee (as determined by the OWASP Board)
#Operational personnel that are necessary for the operation of the Summit
'''The current OWASP sponsorship budget is $50,000 for the Summit.'''
If you feel you might qualify, please contact Brad Causey or Jason Li. If you do not meet these criteria, and still feel that you should be sponsored, please contact {{Template:Contact | name = Brad Causey | email = [email protected]}} or {{Template:Contact | name = Jason Li | email = [email protected]}} or apply for [ Chapter or Project Sponsorship].
'''Please visit our [ Summit Attendee Page] to see who will be joining us in Portugal or to add your name to the list!''' <br><br>[[Image:12 3 2010 6 18 39 PM tmp52.jpg|600x166px]]
==== Applying for Chapter or Project Sponsorship  ====
[ Application for OWASP Chapter or Project Funding] <br>
'''*DATES HAVE&nbsp;BEEN&nbsp;EXTENDED!!!'''
'''Please submit forms - we will continue to process until mid-January.'''
<br>[[Image:WorkflowProcesstoApplyforChapterorProjectFunding.png|800x600px]] <br>
==== Letters and Summit Materials  ====
[[Media:OWASP_summit2011_DC_update.pdf|Summit 2011 Presentation for AppSec DC]] <br>[ Application for OWASP Chapter or Project Funding] <br>[ Confirmed 2011 OWASP Global Summit Attendees]<br><br>[ Template Letter - 2011 Global Summit Basic Invitation] <br>[ Template Letter - 2011 Global Summit University Outreach Invitation]<br>[ Template Letter - 2011 Global Summit Government Invitation]<br>[ Template Letter - 2011 Global Summit Request for Employer Funding and Sponsorship]<br>[ Template Letter - 2011 Global Summit Request for Employer Funding, Version 2]<br>[ Template Letter - 2011 Global Summit Request for Employer SUPPORT - no funding]
==== Working Sessions  ====
==== Schedule and Tracks  ====
<headertabs />  
<headertabs />  
Contact [mailto:[email protected]| Sarah Baso] with questions related to Summit outcomes or results<br/>
[[Summit 2011 Committee|Summit 2011 Committee]]<br/>

Latest revision as of 10:53, 6 April 2012

Final summit logo half.jpg
Summit Report Title.JPG
Click here to view the report!
Click here to view all Summit documentation including session notes and presentations.

Summit Links


Video of Summit


YouTube Intro

Summit Pictures

Creating OWASP 4.0!

Call to action by Jeff Williams / OWASP Board Chair

Hi everyone,

In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great infrastructure. OWASP 2.0 was establishing the 501c3, putting in the wiki, and getting lots of great projects started. OWASP 3.0 started with the Summit in Portugal when we created the new committees and has focused on creating thriving projects instead of standalone tools. Thank you for all of your efforts growing a fun, civil, productive community.

I reach out to you now to ask you to take some time and think about what OWASP should become. The time has come to measure our success not by the number of members, projects, and conferences, but by whether we are succeeding at making the world’s software more secure. It’s time to get our message and strategy to the next level.

Help design OWASP in Portugal at the Summit!

If you consider yourself an OWASP Leader, won’t you take a few minutes of quiet time and propose a few ideas for how OWASP can retool, reorganize, refocus, and revamp itself to really achieve our mission? We will rip, mix, and burn these ideas into a new strategy for OWASP at the Portugal Summit. I encourage you to check out the resort and all the plans happening right now at

Here are some ideas to get you started.

  • We bootstrap several application security ecosystems around key technologies like mobile, cloud, REST
  • We reach out to governments around the world to help them push for application security
  • We raise money to fund real security enhancements to tools, browsers, protocols (e.g. OpenSSL)
  • We make the OWASP materials more usable by providing a “user” site and keep the wiki for development
  • We invest in marketing AppSec – How do we scale David Rice and the “greening” of AppSec
  • We continue our education initiative – academies, college chapters, videos, curriculum
  • We continue our browser initiative and do whatever it takes to get the browsers and frameworks talking
  • We invest in getting in front of new technologies like HTML5
  • We launch a no-holds barred XSS eradication campaign
  • We create a set of objective AppSec *market* metrics that quantify the state of our art
  • We continue to push on creating standards
  •  ???

We need your ideas NOW. Get yourself on the Attendee list!

In one week of thinking, arguing, coding, hacking, and writing we are going to accomplish more than the rest of the world’s appsec efforts combined. We’ll see you in Portugal ready to rock. Thanks!


OWASP Foundation Board Chair

Summit 2011 About

The OWASP Global Summit is the place where application security experts meet to discuss plans, projects and solutions for the future of application security. The Summit is not a conference - there are no talks or training seminars - this is an opportunity to do actual work to further the field of application security. Participants will stay in shared accommodations and collaborate to produce tangible progress towards influencing standards, establishing roadmaps, and setting the tone for OWASP and application security for the coming years.

The Summit will consist of working sessions across a variety of topics set by our community. Participants are free to attend any working session, but we encourage everyone to select working sessions for topics where they have the most to contribute.

Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, see the promotional materials page.

Last Summit

This OWASP Global Summit is following the same model used at the OWASP EU Summit 08 which also took place in Portugal and gathered over 80 application security experts from over 20 countries. A smaller Summit 2009 was organized together with the AppSec US conference.

Fixed Schedule

Click HERE to view the entire summit fixed schedule. This is just a sample.
Agenda Unvarying 2.jpg

Dynamic Schedule

Click HERE to view the entire summit dynamic schedule. This is just a sample
Agenda Dynamic 2.JPG

Remote Participants

Details on how to participate remotely are HERE.

Contact Sarah Baso with questions related to Summit outcomes or results
Summit 2011 Committee