This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011"

From OWASP
Jump to: navigation, search
(Organizing Committee)
Line 3: Line 3:
 
==== Welcome  ====
 
==== Welcome  ====
  
[[Image:Summit Group 4.jpg|border|OWASP Summit 2008 in Portugal]]
+
[[Image:Summit Group 4.jpg|border|OWASP Summit 2008 in Portugal]]  
  
Dear OWASP Leaders and appsec community,
+
Dear OWASP Leaders and appsec community,  
  
January/February 2011 it's time for the Global OWASP Summit. The place where appsec experts meet, discuss, work, socialize, and set the roadmap for OWASP.
+
January/February 2011 it's time for the Global OWASP Summit. The place where appsec experts meet, discuss, work, socialize, and set the roadmap for OWASP.  
  
=== The Summit Activates *You* ===
+
=== The Summit Activates *You* ===
  
Whereas the OWASP AppSec conferences are great places to listen to interesting talks, go for training, and meet with OWASP people, the Global Summit is the place where we all sit down together and take the time to discuss and work out plans, projects and solutions for the appsec future.
+
Whereas the OWASP AppSec conferences are great places to listen to interesting talks, go for training, and meet with OWASP people, the Global Summit is the place where we all sit down together and take the time to discuss and work out plans, projects and solutions for the appsec future.  
  
Examples of topics:
+
Examples of topics:  
* How should we support the OWASP projects?
+
 
* How can we work with browser vendors to enhance security (see "Browser Day" tab above)?
+
*How should we support the OWASP projects?  
* How should the community reach out to developers and education institutions?
+
*How can we work with browser vendors to enhance security (see "Browser Day" tab above)?  
* How often should we publish the OWASP Top 10?
+
*How should the community reach out to developers and education institutions?  
* How can OWASP support your chapter?
+
*How often should we publish the OWASP Top 10?  
 +
*How can OWASP support your chapter?
  
 
=== Organizing Committee  ===
 
=== Organizing Committee  ===
  
A group of very experienced and passionate OWASPers have joined the organizing committee for Global Summit 2011.
+
A group of very experienced and passionate OWASPers have joined the organizing committee for Global Summit 2011.  
  
* Lorna Alamri
+
*Lorna Alamri  
* Brad Causey
+
*Brad Causey  
* Justin Clarke
+
*Justin Clarke  
* Paulo Coimbra
+
*Paulo Coimbra  
* Dinis Cruz
+
*Dinis Cruz  
* Martin Knobloch
+
*Martin Knobloch  
* Dave Wichers
+
*Dave Wichers  
* John Wilander
+
*John Wilander  
* Jason Li
+
*Jason Li  
* Tara Causey
+
*Tara Causey  
* Sarah Baso
+
*Sarah Baso
  
 
=== Who's Invited?  ===
 
=== Who's Invited?  ===
  
As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info.
+
As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info.  
  
====Operational guidelines====
+
==== Operational guidelines ====
  
Following the first meeting of the Summit 2011 Organizational team, here are the current proposed operational guidelines:
+
Following the first meeting of the Summit 2011 Organizational team, here are the current proposed operational guidelines:  
  
# the summit is an annual event
+
#the summit is an annual event  
# outside OWASP conference
+
#outside OWASP conference  
# the summit should take place in January not later then begin of February
+
#the summit should take place in January not later then begin of February  
# the summit takes 3 to 4 days
+
#the summit takes 3 to 4 days  
# budget aim is US$ 150'000 US$ where 50'000 from OWASP and US$100'000 from sponsors
+
#budget aim is US$ 150'000 US$ where 50'000 from OWASP and US$100'000 from sponsors  
# attendees targets are:
+
#attendees targets are:  
## OWASP Funded:
+
##OWASP Funded:  
### Board
+
###Board  
### Committee Members
+
###Committee Members  
## Chapter / sponsor Funded:
+
##Chapter / sponsor Funded:  
### Chapter Leaders
+
###Chapter Leaders  
## Project Leaders
+
##Project Leaders  
# venue / location criteria (no decision on the venue)
+
#venue / location criteria (no decision on the venue)  
## 1 key organizer in close contact with the venue
+
##1 key organizer in close contact with the venue  
## hosting 30 to 100 people  
+
##hosting 30 to 100 people  
## US$2'000 a head (flight/accommodation/food/beers)
+
##US$2'000 a head (flight/accommodation/food/beers)  
## conference facilities
+
##conference facilities  
### multiple meeting rooms
+
###multiple meeting rooms  
### one big meeting room e.g. auditorium
+
###one big meeting room e.g. auditorium  
### hotel with the conference facilities or conference venue within walking distance
+
###hotel with the conference facilities or conference venue within walking distance  
### apartments if possible (to share apartments/rooms and save money)
+
###apartments if possible (to share apartments/rooms and save money)  
### 4 to 5 star hotel
+
###4 to 5 star hotel  
### local food supplier for apartment crashing
+
###local food supplier for apartment crashing  
### has to be negotiated with the hotel
+
###has to be negotiated with the hotel  
### max 50 km's form international airport
+
###max 50 km's form international airport  
### sufficient Internet access!
+
###sufficient Internet access!
 
 
'''Success factors (what indicates the summit as success)'''
 
# break even
 
# the summits are the place to go to discus about and working on Web Application Security
 
# review of the past year
 
# working sessions on committees, projects and industry sectors (e.g. browsers and frameworks)
 
## universities / education sessions
 
## committee member election
 
## board election
 
## strategic OWASP issues
 
## road map and action plans for the next 12 month
 
  
Other local Summit(s):
+
'''Attendees that qualify to be sponsored by OWASP'''<br>Some leaders that are active within OWASP may qualify to have all or partial transportation and lodging paid for by OWASP.<br>To be considered for qualification, you must meet one or more of the following criteria:
* The conferences are free to organize small, conference bound summit
+
 
* this are not sponsored by OWASP of OWASP summit budget  
+
#Member of the OWASP Board
 +
#Member of a global committee that has been active in the last 6 months. This will be verified by the leader(s) of the committee.
 +
#Key personnel that are integral to the operation of the summit
 +
 
 +
If you feel you might qualify, please contact [[[email protected]|Brad Causey]] or [[[email protected]|Jason Li]]. If you do not meet these criteria, and still feel that you should be sponsored, please contact [[[email protected]|Brad Causey]] or [[[email protected]|Jason Li]].
 +
 
 +
'''Success factors (what indicates the summit as success)'''
 +
 
 +
#break even
 +
#the summits are the place to go to discus about and working on Web Application Security
 +
#review of the past year
 +
#working sessions on committees, projects and industry sectors (e.g. browsers and frameworks)
 +
##universities / education sessions
 +
##committee member election
 +
##board election
 +
##strategic OWASP issues
 +
##road map and action plans for the next 12 month
 +
 
 +
Other local Summit(s):  
 +
 
 +
*The conferences are free to organize small, conference bound summit  
 +
*this are not sponsored by OWASP of OWASP summit budget
  
 
==== Browser Day!  ====
 
==== Browser Day!  ====
  
One of the great challenges of application security is browser security.
+
One of the great challenges of application security is browser security.  
  
Therefore we will spend '''a full day working together with the leading browser vendors''' to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and endusers.
+
Therefore we will spend '''a full day working together with the leading browser vendors''' to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and endusers.  
  
Do not miss this chance to define what's important in browser security in the coming years.
+
Do not miss this chance to define what's important in browser security in the coming years.  
  
 
=== Agenda  ===
 
=== Agenda  ===
  
Please '''edit this tab and enter topics we should cover''' during the Browser Day. If you want you can add your name after each suggestion and we can work out the details with you.
+
Please '''edit this tab and enter topics we should cover''' during the Browser Day. If you want you can add your name after each suggestion and we can work out the details with you.  
  
* How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? /John Wilander
+
*How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? /John Wilander  
* [Your topic here]
+
*[Your topic here]
  
==== XSS Eradication ====
+
==== XSS Eradication ====
  
We will have a '''half day working session on Cross Site Scripting''' - specifically how OWASP can make 2011 the year of XSS... going away. How we help bring this about through contributing our knowledge to cornerstone projects, how we can raise the awareness through advocacy, and what we can do to ensure that OWASP and other freely available resources and made available to the wider community, and that they are aware of them.
+
We will have a '''half day working session on Cross Site Scripting''' - specifically how OWASP can make 2011 the year of XSS... going away. How we help bring this about through contributing our knowledge to cornerstone projects, how we can raise the awareness through advocacy, and what we can do to ensure that OWASP and other freely available resources and made available to the wider community, and that they are aware of them.  
  
 
=== Agenda  ===
 
=== Agenda  ===
  
Please '''edit this tab and enter topics we should cover''' during the XSS session. If you want you can add your name after each suggestion and we can work out the details with you.
+
Please '''edit this tab and enter topics we should cover''' during the XSS session. If you want you can add your name after each suggestion and we can work out the details with you.  
 +
 
 +
*Outreach to frameworks/other constituent parties /Justin Clarke
 +
*OWASP XSS Awareness resources and partner freely available resources /Justin Clarke
 +
*[Your topic here]
  
* Outreach to frameworks/other constituent parties /Justin Clarke
+
==== OWASP Projects  ====
* OWASP XSS Awareness resources and partner freely available resources /Justin Clarke
 
* [Your topic here]
 
  
==== OWASP Projects ====
+
We will have a session on how OWASP should support, grow, and manage projects. This includes:
  
We will have a session on how OWASP should support, grow, and manage projects. This includes:
+
*Assessment criteria  
* Assessment criteria
+
*Orphaned projects  
* Orphaned projects
+
*Funding  
* Funding
+
*Marketing  
* Marketing
+
*Commercial services
* Commercial services
 
  
As an OWASP leader you have most probably seen some of the above topics discussed on the leaders list. Now is the time to boil down to consensus.
+
As an OWASP leader you have most probably seen some of the above topics discussed on the leaders list. Now is the time to boil down to consensus.  
  
 
==== OWASP Around the World  ====
 
==== OWASP Around the World  ====
  
OWASP is a fast growing global community. How should we support and manage this growth? During this session we'll look into issues of:
+
OWASP is a fast growing global community. How should we support and manage this growth? During this session we'll look into issues of:  
* [http://www.owasp.org/index.php/OWASP_Internationalization Internationalization]
+
 
* The [http://www.owasp.org/index.php/OWASP_Jobs global job board]
+
*[http://www.owasp.org/index.php/OWASP_Internationalization Internationalization]  
* New OWASP chapters in parts of the world where we have not spread much yet
+
*The [http://www.owasp.org/index.php/OWASP_Jobs global job board]  
 +
*New OWASP chapters in parts of the world where we have not spread much yet
  
==== More Topics ====
+
==== More Topics ====
  
You know how OWASP works – it's all up to you. Please '''edit this tab and enter topics we should cover''' during the Global Summit 2011! If you want you can add your name after each suggestion and we can work out the details with you.
+
You know how OWASP works – it's all up to you. Please '''edit this tab and enter topics we should cover''' during the Global Summit 2011! If you want you can add your name after each suggestion and we can work out the details with you.  
  
* Discussion on Douglas Crockford's bold statement that we should stop HTML5 development, fix XSS, and then start over. Is he right? How is OWASP active in the HTML5 development? Check [http://blip.tv/file/3755495 this webcast], jump to 20:50 to hear the XSS part. /John Wilander
+
*Discussion on Douglas Crockford's bold statement that we should stop HTML5 development, fix XSS, and then start over. Is he right? How is OWASP active in the HTML5 development? Check [http://blip.tv/file/3755495 this webcast], jump to 20:50 to hear the XSS part. /John Wilander  
* [Your topic here]
+
*[Your topic here]
  
==== How Do I Join? / Mailing list ====
+
==== How Do I Join? / Mailing list ====
  
As an OWASP leader you are automatically invited to the summit.
+
As an OWASP leader you are automatically invited to the summit.  
  
The first thing to do is to join the [https://lists.owasp.org/mailman/listinfo/owasp-summit-2011 Summit 2011 mailing list].
+
The first thing to do is to join the [https://lists.owasp.org/mailman/listinfo/owasp-summit-2011 Summit 2011 mailing list].  
  
On the mailing list you'll get first hand information on how to register, exact dates, updates to the agenda, funding for your trip etc.
+
On the mailing list you'll get first hand information on how to register, exact dates, updates to the agenda, funding for your trip etc.  
  
If you are a leading appsec expert from industry or academia but not yet an OWASP leader you can just contact John.Wilander at owasp.org and we'll try to get you in.
+
If you are a leading appsec expert from industry or academia but not yet an OWASP leader you can just contact John.Wilander at owasp.org and we'll try to get you in.  
  
 
==== Social Events  ====
 
==== Social Events  ====
  
It goes without saying – the summit is all about meeting people. So there will be a constant mixture of workshops, dinners, beers and wine. We like to think of the summit as a very social event in itself.
+
It goes without saying – the summit is all about meeting people. So there will be a constant mixture of workshops, dinners, beers and wine. We like to think of the summit as a very social event in itself.  
  
 
==== Venue  ====
 
==== Venue  ====
  
We are currently checking out three locations discussing prices and space for all our activities. Check the "How Do I Join?" tab on how to get the latest info in your inbox.
+
We are currently checking out three locations discussing prices and space for all our activities. Check the "How Do I Join?" tab on how to get the latest info in your inbox.  
  
 
==== Sponsoring  ====
 
==== Sponsoring  ====
  
We will welcome a few sponsors of this very special event, typically organization that participate in the summit. If you are interested in supporting the global summit, please contact Lorna.Alamri at owasp.org.
+
We will welcome a few sponsors of this very special event, typically organization that participate in the summit. If you are interested in supporting the global summit, please contact Lorna.Alamri at owasp.org.  
  
 
<headertabs />
 
<headertabs />

Revision as of 01:45, 28 October 2010


Welcome

OWASP Summit 2008 in Portugal

Dear OWASP Leaders and appsec community,

January/February 2011 it's time for the Global OWASP Summit. The place where appsec experts meet, discuss, work, socialize, and set the roadmap for OWASP.

The Summit Activates *You*

Whereas the OWASP AppSec conferences are great places to listen to interesting talks, go for training, and meet with OWASP people, the Global Summit is the place where we all sit down together and take the time to discuss and work out plans, projects and solutions for the appsec future.

Examples of topics:

  • How should we support the OWASP projects?
  • How can we work with browser vendors to enhance security (see "Browser Day" tab above)?
  • How should the community reach out to developers and education institutions?
  • How often should we publish the OWASP Top 10?
  • How can OWASP support your chapter?

Organizing Committee

A group of very experienced and passionate OWASPers have joined the organizing committee for Global Summit 2011.

  • Lorna Alamri
  • Brad Causey
  • Justin Clarke
  • Paulo Coimbra
  • Dinis Cruz
  • Martin Knobloch
  • Dave Wichers
  • John Wilander
  • Jason Li
  • Tara Causey
  • Sarah Baso

Who's Invited?

As an OWASP leader you are automatically invited to the summit, but we also welcome leading experts from industry and academia. Together we can create a more secure web. Check the "How Do I Join?" tab above for more info.

Operational guidelines

Following the first meeting of the Summit 2011 Organizational team, here are the current proposed operational guidelines:

  1. the summit is an annual event
  2. outside OWASP conference
  3. the summit should take place in January not later then begin of February
  4. the summit takes 3 to 4 days
  5. budget aim is US$ 150'000 US$ where 50'000 from OWASP and US$100'000 from sponsors
  6. attendees targets are:
    1. OWASP Funded:
      1. Board
      2. Committee Members
    2. Chapter / sponsor Funded:
      1. Chapter Leaders
    3. Project Leaders
  7. venue / location criteria (no decision on the venue)
    1. 1 key organizer in close contact with the venue
    2. hosting 30 to 100 people
    3. US$2'000 a head (flight/accommodation/food/beers)
    4. conference facilities
      1. multiple meeting rooms
      2. one big meeting room e.g. auditorium
      3. hotel with the conference facilities or conference venue within walking distance
      4. apartments if possible (to share apartments/rooms and save money)
      5. 4 to 5 star hotel
      6. local food supplier for apartment crashing
      7. has to be negotiated with the hotel
      8. max 50 km's form international airport
      9. sufficient Internet access!

Attendees that qualify to be sponsored by OWASP
Some leaders that are active within OWASP may qualify to have all or partial transportation and lodging paid for by OWASP.
To be considered for qualification, you must meet one or more of the following criteria:

  1. Member of the OWASP Board
  2. Member of a global committee that has been active in the last 6 months. This will be verified by the leader(s) of the committee.
  3. Key personnel that are integral to the operation of the summit

If you feel you might qualify, please contact Brad Causey or Jason Li. If you do not meet these criteria, and still feel that you should be sponsored, please contact Brad Causey or Jason Li.

Success factors (what indicates the summit as success)

  1. break even
  2. the summits are the place to go to discus about and working on Web Application Security
  3. review of the past year
  4. working sessions on committees, projects and industry sectors (e.g. browsers and frameworks)
    1. universities / education sessions
    2. committee member election
    3. board election
    4. strategic OWASP issues
    5. road map and action plans for the next 12 month

Other local Summit(s):

  • The conferences are free to organize small, conference bound summit
  • this are not sponsored by OWASP of OWASP summit budget

Browser Day!

One of the great challenges of application security is browser security.

Therefore we will spend a full day working together with the leading browser vendors to penetrate current problems, new ideas, and how security fits in alongside other requirements from developers and endusers.

Do not miss this chance to define what's important in browser security in the coming years.

Agenda

Please edit this tab and enter topics we should cover during the Browser Day. If you want you can add your name after each suggestion and we can work out the details with you.

  • How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? /John Wilander
  • [Your topic here]

XSS Eradication

We will have a half day working session on Cross Site Scripting - specifically how OWASP can make 2011 the year of XSS... going away. How we help bring this about through contributing our knowledge to cornerstone projects, how we can raise the awareness through advocacy, and what we can do to ensure that OWASP and other freely available resources and made available to the wider community, and that they are aware of them.

Agenda

Please edit this tab and enter topics we should cover during the XSS session. If you want you can add your name after each suggestion and we can work out the details with you.

  • Outreach to frameworks/other constituent parties /Justin Clarke
  • OWASP XSS Awareness resources and partner freely available resources /Justin Clarke
  • [Your topic here]

OWASP Projects

We will have a session on how OWASP should support, grow, and manage projects. This includes:

  • Assessment criteria
  • Orphaned projects
  • Funding
  • Marketing
  • Commercial services

As an OWASP leader you have most probably seen some of the above topics discussed on the leaders list. Now is the time to boil down to consensus.

OWASP Around the World

OWASP is a fast growing global community. How should we support and manage this growth? During this session we'll look into issues of:

More Topics

You know how OWASP works – it's all up to you. Please edit this tab and enter topics we should cover during the Global Summit 2011! If you want you can add your name after each suggestion and we can work out the details with you.

  • Discussion on Douglas Crockford's bold statement that we should stop HTML5 development, fix XSS, and then start over. Is he right? How is OWASP active in the HTML5 development? Check this webcast, jump to 20:50 to hear the XSS part. /John Wilander
  • [Your topic here]

How Do I Join? / Mailing list

As an OWASP leader you are automatically invited to the summit.

The first thing to do is to join the Summit 2011 mailing list.

On the mailing list you'll get first hand information on how to register, exact dates, updates to the agenda, funding for your trip etc.

If you are a leading appsec expert from industry or academia but not yet an OWASP leader you can just contact John.Wilander at owasp.org and we'll try to get you in.

Social Events

It goes without saying – the summit is all about meeting people. So there will be a constant mixture of workshops, dinners, beers and wine. We like to think of the summit as a very social event in itself.

Venue

We are currently checking out three locations discussing prices and space for all our activities. Check the "How Do I Join?" tab on how to get the latest info in your inbox.

Sponsoring

We will welcome a few sponsors of this very special event, typically organization that participate in the summit. If you are interested in supporting the global summit, please contact Lorna.Alamri at owasp.org.