This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Outcomes"
Sarah Baso (talk | contribs) |
Sarah Baso (talk | contribs) |
||
Line 153: | Line 153: | ||
[[Summit_2011_Working_Sessions/Session035|Building the OWASP Brazilian Leaders Group]] (Lucas Ferriera) - [[Summit_2011_Working_Sessions/Session035/Deliverable_1|Objectives and action plan to improve OWASP presence in Brazil]]<br> | [[Summit_2011_Working_Sessions/Session035|Building the OWASP Brazilian Leaders Group]] (Lucas Ferriera) - [[Summit_2011_Working_Sessions/Session035/Deliverable_1|Objectives and action plan to improve OWASP presence in Brazil]]<br> | ||
− | [[Summit_2011_Working_Sessions/Session251|OWASP Asia/Pacific Working Group]] (Helen Gao)<br> | + | [[Summit_2011_Working_Sessions/Session251|OWASP Asia/Pacific Working Group]] (Helen Gao) - |
+ | [[Summit_2011_Working_Sessions/Session251|Working Group Outcomes]]<br> | ||
− | Industry - Healthcare (Joe Bernik & Lorna Alamri)<br> | + | [[Summit_2011_Working_Sessions/Session262|Industry - Healthcare]] (Joe Bernik & Lorna Alamri)<br> |
− | Industry - Banking/Finance (Joe Bernik & Lorna Alamri)<br> | + | [[Summit_2011_Working_Sessions/Session263|Industry - Banking/Finance]] (Joe Bernik & Lorna Alamri)<br> |
===Miscellaneous=== | ===Miscellaneous=== | ||
− | Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson) - [https://docs.google.com/document/d/1iemUPPunBlWC7rBCALirPLN662rdYHQPPCerDzKIO6c/edit?hl=en_US&authkey=CLmG9nQ Working Session Notes]<br> | + | [[Summit_2011_Working_Sessions/Session073|Privacy - Personal Data/PII, Legislation and OWASP]] (Colin Watson) - [https://docs.google.com/document/d/1iemUPPunBlWC7rBCALirPLN662rdYHQPPCerDzKIO6c/edit?hl=en_US&authkey=CLmG9nQ Working Session Notes]<br> |
− | Overhauling the OWASP Website (Jason Li)<br> | + | [[Working_Sessions_OWASP_Website|Overhauling the OWASP Website]] (Jason Li)<br> |
− | Should OWASP work directly with PCI-DSS? (Matthew Chalmers) - [https://docs.google.com/document/d/19s9oXr2-wvaGI7Wka44ii5amsUflfTEvCweTBMV7Dew/edit?hl=en_US&authkey=CKmbgLoI Working Session Notes]<br> | + | [[Summit_2011_Working_Sessions/Session080|Should OWASP work directly with PCI-DSS?]] (Matthew Chalmers) - [https://docs.google.com/document/d/19s9oXr2-wvaGI7Wka44ii5amsUflfTEvCweTBMV7Dew/edit?hl=en_US&authkey=CKmbgLoI Working Session Notes]<br> |
− | How can OWASP reach/talk/engage with auditors? (Matthew Chalmers) - [https://docs.google.com/document/d/1Kv5Qb9JeTaxBvCJMksSi3XlI0Sk77kdRVxj8-PY3jMI/edit?hl=en_US&authkey=COqF7e4M Working Session Notes]<br> | + | [[Summit_2011_Working_Sessions/Session082|How can OWASP reach/talk/engage with auditors?]] (Matthew Chalmers) - [https://docs.google.com/document/d/1Kv5Qb9JeTaxBvCJMksSi3XlI0Sk77kdRVxj8-PY3jMI/edit?hl=en_US&authkey=COqF7e4M Working Session Notes]<br> |
− | Developer Outreach (Mark Bristow & Jason Li)<br> | + | [[Summit_2011_Working_Sessions/Session072|Developer Outreach]] (Mark Bristow & Jason Li)<br> |
Revision as of 22:39, 23 June 2011
Global Summit 2011 Outcomes - please note that this is a work in progress. If you have any comments, corrections, or questions please contact Sarah Baso
Acknowledgements
Press Release & Media Mentions
Interview with Jeff Williams - http://www.vimeo.com/25335824
Interview with Tom Brennan - http://www.vimeo.com/23889097
Summit Background
2011 Summit Finances & Budget
- Breakdown of 2011 Summit Budget, Operational and Travel
Summit 2011 Financials Summary of Expenses and Income and Summit Travel and Accommodations Costs
- Comparison to 2008 Summit Budget
- Projection of costs needed for future Summit
2011 Summit Lessons Learned
Appendix: Working Session Details and Documentation
Browser Security
Here are the notes from all the four browser security sessions. John Wilander is working on a Browser Security Report building on these sessions.
Site Security Policy notes (pdf)
EcmaScript 5 Security notes (pdf)
XSS Eradication & Mitigation
XSS and the Frameworks & XSS - Awareness, Resources, and Partnerships (Justin Clarke) - Combined Working Session Notes
DOM based XSS Prevention Cheat Sheet (Jim Manico & Abraham Kang)
WAF Mitigation for XSS (Ryan Barnett)
Virtual Patching Best Practices (Ryan Barnett) - Working Session Notes
Metrics
Risk Metrics (Chris Wysopal) & Metrics and Labeling (Chris Eng) - Working Session Transcripts
Counting and Scoring Application Security Defects (Chris Eng & Chris Wysopal) - Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey
University, Education, and Training
OWASP Education Project (Martin Knobloch)
OWASP Training (Sandra Paiva) - Working Session Notes
University Outreach - OWASP Academies (Sandra Paiva) - Working Session Notes, OWASP Academy Portal Project
OWASP Top 10 Online Training in Hacking-Lab (Ivan Buetler)
University Outreach - OWASP College Chapter Program (Martin Knobloch) (renamed "OWASP Student Chapters Program")
OWASP Exams Project (Jason Taylor)
OWASP Certification (Jason Taylor & Jason Li) - Certification Code of Conduct Draft
Secure Coding Workshop
Protecting Information Stored Client-Side (John Steven)
Providing Access to Persisted Data (Dan Cornell) - Working Session Notes]
Contextual Ourput Encoding (Chris Schmidt)
ESAPI-CORE (Jim Manico)
Applying ESAPI input Validation (Chris Schmidt)
Defining AppSensor Detection Points (Michael Coates)
Secure Development Guidelines for Smartphone Developers (Giles Hogben)
Individual OWASP Projects
OWASP Secure Coding Practices (Keith Turpin) - Working Session Notes
Enterprise Web Defense Roundtable (Michael Coates & Chris Lyon) - Etherpad Notes Page with Agenda, Slides & Background Reading
Threat Modeling (Anurag Agarwal) - Working Session discussion points and notes
OWASP Common Vulnerability List (Meucci/Keary/Agarwal) - CVL ppt presentation created by Matteo Meucci
Common Structure and Numbering for All Guides (Keith Turpin/Matteo Meucci/Vishal Garg)
OWASP Testing Guide (Matteo Meucci) - Working Session Notes, Planning the OWASP Testing Guide 4.0 ppt presentation
OWASP Mobile Security Project (Mike Zusman) - Working Session Notes
Development Guide (Vishal Garg)
Application Security Verification Standard (ASVS) Project (Dave Wichers)
OWASP Portuguese Language Project (Lucas Ferriera) - Working Session Outcomes
OWASP Hackademic Challenges Project (Kostas & Vasileros Vlachos)
OWASP Java Project (Lucas Ferriera) - Action Plan for the Java Project, New Project Leader
OpenSAMM (Pravir Chandra) - Pravir Chandra - BSIMM activities mapped to SAMM
The Future of OpenSAMM (Pravir Chandra)
OWASP Project Disclosure Policies (Chris Schmidt) - OWASP Project Disclosure Policy, OWASP Security Bulletin Template, Project Adherence Rules
OWASP O2 Platform (Dinis Cruz)
OWASP Governance and Committees
Global Education Committee (Martin Knobloch)
Global Industry Committee (Eoin Keary & Colin Watson) - Working Session Notes
Global Projects Committee (Jason Li & Brad Causey)
Global Membership Committee (Dan Cornell) - Working Session Notes
Global Chapters Committee (Seba Deleersnyder) - Working Session Meeting Minutes
Global Conferences Committee (Mark Bristow)
Government Outreach (Doug Wilson) - Working Session Outcome
OWASP Funding and CEO Discussion (Keith Turpin) - Working Session Notes, List of suggestions from Funding and CEO discussion, Arguments for & against hiring a CEO for OWASP
OWASP Board/Committee Governance (Mark Bristow) - Comments re: why this working session is/was necessary
OWASP Points - Tracking OWASP Participation (Mark Bristow)
OWASP Licensing (Abraham Kang) - Working Session Notes, OWASP Licensing PowerPoint, Licensing - Questions for follow up
OWASP Codes of Conduct (Dinis Cruz & Jeff Williams) - Draft Document]
Building the OWASP Brazilian Leaders Group (Lucas Ferriera) - Objectives and action plan to improve OWASP presence in Brazil
OWASP Asia/Pacific Working Group (Helen Gao) -
Working Group Outcomes
Industry - Healthcare (Joe Bernik & Lorna Alamri)
Industry - Banking/Finance (Joe Bernik & Lorna Alamri)
Miscellaneous
Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson) - Working Session Notes
Overhauling the OWASP Website (Jason Li)
Should OWASP work directly with PCI-DSS? (Matthew Chalmers) - Working Session Notes
How can OWASP reach/talk/engage with auditors? (Matthew Chalmers) - Working Session Notes
Developer Outreach (Mark Bristow & Jason Li)
Summit Team & Attendee Bios
Support Staff Bios
Attendee Bios
Summit-Related Blog Posts
Colin Watson - 3 part Recap/Reflections on OWASP Summit 2011, February 8-10, 2011
Carlos Serrão - OWASP Summit 2011, February 9, 2011
Ben Tomhave - Evolving OWASP: Reflections on the 2011 Summit, February 11, 2011
John Wilander - Fears & Hopes for OWASP, February 13, 2011
Dinis Cruz - OWASP Summit 2011 Results, February 15, 2011
Chris Schmidt - Dear OWASP Summit, Obrigado, February 16, 2011
Mark Curphey - OWASP - Has it reached a tipping point?, February 19, 2011
Michael Coates - A Vision for OWASP, February 21, 2011
Pravir Chandra - BSIMM activities mapped to SAMM, March 3, 2011