This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Outcomes"
Sarah Baso (talk | contribs) |
Sarah Baso (talk | contribs) |
||
| Line 85: | Line 85: | ||
Government Outreach (Doug Wilson)<br> | Government Outreach (Doug Wilson)<br> | ||
Professionalize OWASP (Martin Knobloch)<br> | Professionalize OWASP (Martin Knobloch)<br> | ||
| − | + | [https://docs.google.com/document/d/1WghR2_ID1ZNUJqtjZhQHPcEpdbGt_RRR7snu7b8xTvU/edit?hl=en_US&authkey=CNClgtMN OWASP Funding and CEO Discussion] (Keith Turpin)<br> | |
OWASP Board/Committee Governance (Mark Bristow)<br> | OWASP Board/Committee Governance (Mark Bristow)<br> | ||
| − | Tracking OWASP Participation (Mark Bristow)<br> | + | [[OWASP Points]] - Tracking OWASP Participation (Mark Bristow)<br> |
OWASP Licensing (Abraham Kang)<br> | OWASP Licensing (Abraham Kang)<br> | ||
OWASP Industry Outreach (Eoin Keary & Colin Watson)<br> | OWASP Industry Outreach (Eoin Keary & Colin Watson)<br> | ||
| − | OWASP Projects Committee Brad Causey and Jason Li)<br> | + | OWASP Projects Committee (Brad Causey and Jason Li)<br> |
OWASP vs. Government vs. Universities (Dinis Cruz & Jeff Williams)<br> | OWASP vs. Government vs. Universities (Dinis Cruz & Jeff Williams)<br> | ||
Building the OWASP Brazilian Leaders Group (Lucas Ferriera)<br> | Building the OWASP Brazilian Leaders Group (Lucas Ferriera)<br> | ||
Revision as of 12:41, 23 June 2011
Global Summit 2011 Outcomes - please note that this is a work in progress. If you have any comments, corrections, or questions please contact Sarah Baso
Table of Contents
Press Release
Working Session "Briefs"
This section will be made up of one page summaries, similarly formatted, of the Summit working sessions. Comprehensive Outcomes Working Document
Browser Security
Here are the notes from all the four browser security sessions. John Wilander is working on a Browser Security Report building on these sessions.
Site Security Policy notes (pdf)
DOM Sandboxing notes (pdf)
HTML5 Security notes (pdf)
EcmaScript 5 Security notes (pdf)
Enduser Warnings notes (pdf)
XSS Eradication
XSS and the Frameworks (Justin Clarke)
XSS - Awareness, Resources, and Partnerships (Justin Clarke)
WAF Mitigation for XSS (Ryan Barnett)
Metrics
Risk Metrics (Chris Wysopal)
Metrics and Labelling (Chris Eng)
Counting and Scoring Application Security Defects (? Chris Eng & Chris Wysopal)
Formal Risk Assessment Methods (Benjamin Tomhave)
Common Structure and Guide for All Guides (Keith Turpin, Matteo Meucci, Vishal Garg)
Mitigation
Virtual Patching Best Practices (Ryan Barnett)
Scaling Web Application Security Testing (Arian Evans & Dinis Cruz)
Microsoft’s SDL in 16 Steps (and lessons learned) (Jeremy Dallman)
University, Education, and Training
OWASP Training (Sandra Paiva)
OWASP Academies (Sandra Paiva)
OWASP Exams (Jason Taylor)
University Outreach (Martin Knobloch)
OWASP Certification (Jason Taylor)
OWASP College Chapter Program (Martin Knobloch)
Secure Coding Workshop
OWASP Secure Coding Practices (Keith Turpin)
Protecting Information Stored Client-Side (John Steven)
Providing Access to Persisted Data (Dan Cornell)
Contextual Ourput Encoding (Chris Schmidt)
ESAPI-CORE (Jim Manico)
Applying ESAPI input Validation (Chris Schmidt)
Defining AppSensor Detection Points (Michael Coates)
Secure Development Guidelines for Smartphone Developers (Giles Hogben)
Individual OWASP Projects
Enterprise Web Defense Roundtable (Michael Coates & Chris Lyon)
Threat Modeling (Anurag Agarwal)
OWASP Common Vulnerability List (Meucci/Keary/Agarwal)
Common Structure and Numbering for All Guides (Keith Turpin/Matteo Meucci/Vishal Garg)
OWASP Testing Guide (Matteo Meucci)
Mobile Security (Mike Zusman)
OWASP Top 10 Online Training in Hacking-Lab (Ivan Buetler)
Development Guide (Vishal Garg)
ASVS Project (Dave Wichers)
OWASP Portuguese Language Project (Lucas Ferriera)
Hackademic Challenges (Kostas & Vasileros Vlachos)
OWASP Java Project (Lucas Ferriera)
OpenSAMM (Pravir Chandra)
The Future of OpenSAMM (Pravir Chandra)
Vulnerability Disclosure Policies (Chris Schmidt)
O2 Platform (Dinis Cruz)
OWASP Governance and Committees
Government Outreach (Doug Wilson)
Professionalize OWASP (Martin Knobloch)
OWASP Funding and CEO Discussion (Keith Turpin)
OWASP Board/Committee Governance (Mark Bristow)
OWASP Points - Tracking OWASP Participation (Mark Bristow)
OWASP Licensing (Abraham Kang)
OWASP Industry Outreach (Eoin Keary & Colin Watson)
OWASP Projects Committee (Brad Causey and Jason Li)
OWASP vs. Government vs. Universities (Dinis Cruz & Jeff Williams)
Building the OWASP Brazilian Leaders Group (Lucas Ferriera)
OWASP Asia/Pacific Working Group (Helen Gao)
Industry - Healthcare (Joe Bernik & Lorna Alamri)
Industry - Banking/Finance (Joe Bernik & Lorna Alamri)
Conferences - Improving Conference Planner Support (Mark Bristow)
Chapters Committee & Planning South/Central America AppSec (Seba)
Education Committee (Martin Knobloch)
Membership Committee (Dan Cornell)
Miscellaneous
Overhauling the OWASP Website (Jason Li)
Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson)
Whould OWASP work directly with PCI-DSS? (Matthew Chalmers)
How can OWASP reach/talk/engage with auditors (Matthew Chalmers)
Developer Outreach (Mark Bristow & Jason Li)
Summit "Behind the Scenes"
Summit Budget
- Breakdown of 2011 Summit Budget, Operational and Travel
Summit 2011 Financials Summary of Expenses and Income and Summit Travel and Accommodations Costs
- Comparison to 2008 Summit Budget
- Projection of costs needed for future Summit
Roles and Responsibilities
Fixes and Dynamic Working Sessions
Lessons Learned
Appendix
Support Staff Bios
Attendee Bios
