This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Outcomes"
Sarah Baso (talk | contribs) (Added links to Summit Pictures) |
Sarah Baso (talk | contribs) |
||
| Line 49: | Line 49: | ||
[[Summit_2011_Working_Sessions/Session009|XSS and the Frameworks: XSS - Awareness, Resources, and Partnerships]] (Justin Clarke) - [https://docs.google.com/document/d/1Qxj9_mV3Ocl1klTH0PQivi9SQS0C9Mc6AYkxsAEidgM/edit?hl=en_US&authkey=CMPpvKkO Working Session Notes]<br> | [[Summit_2011_Working_Sessions/Session009|XSS and the Frameworks: XSS - Awareness, Resources, and Partnerships]] (Justin Clarke) - [https://docs.google.com/document/d/1Qxj9_mV3Ocl1klTH0PQivi9SQS0C9Mc6AYkxsAEidgM/edit?hl=en_US&authkey=CMPpvKkO Working Session Notes]<br> | ||
| − | [[Summit_2011_Working_Sessions/Session043|WAF Mitigation for XSS: Virtual Patching Best Practices]] (Ryan Barnett)- [https://docs.google.com/document/d/1gx5LAFfU07IOR5BtgDRUBF3CetsABXsuCECoGGa4Xqo/edit?hl=en_US&authkey=CLvq7M0H Working Session Notes]<br> | + | [[Summit_2011_Working_Sessions/Session043|WAF Mitigation for XSS: Virtual Patching Best Practices]] (Ryan Barnett) - [https://docs.google.com/document/d/1gx5LAFfU07IOR5BtgDRUBF3CetsABXsuCECoGGa4Xqo/edit?hl=en_US&authkey=CLvq7M0H Working Session Notes]<br> |
| Line 55: | Line 55: | ||
[[Summit_2011_Working_Sessions/Session058|Counting and Scoring Application Security Defects]] (Chris Eng & Chris Wysopal) - [https://docs.google.com/leaf?id=0B5Z9zE0hx0LNMzNmMTViZjgtZTZhNy00ZjQ3LTgxNzQtMDQ4YWM3Njc4NzFi&hl=en_US&authkey=CM_-3OQB Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey]<br> | [[Summit_2011_Working_Sessions/Session058|Counting and Scoring Application Security Defects]] (Chris Eng & Chris Wysopal) - [https://docs.google.com/leaf?id=0B5Z9zE0hx0LNMzNmMTViZjgtZTZhNy00ZjQ3LTgxNzQtMDQ4YWM3Njc4NzFi&hl=en_US&authkey=CM_-3OQB Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey]<br> | ||
| − | [[Summit_2011_Working_Sessions/Session055|Risk Metrics: Metrics and Labeling]] (Chris | + | [[Summit_2011_Working_Sessions/Session055|Risk Metrics: Metrics and Labeling]] (Chris Eng & Chris Wysopal) - [https://docs.google.com/document/d/1OWKzMuqjabrXYaVhdMvcLbLbBtLjPRuq2iXxNZBqBHM/edit?hl=en_US&authkey=CNin8vsH Working Session Transcripts]<br> |
| + | ===Individual OWASP Projects=== | ||
| + | [[ASVS|Application Security Verification Standard (ASVS) Project]] (Dave Wichers)<br> | ||
| + | |||
| + | [[Projects/OWASP_Development_Guide|Development Guide]] (Vishal Garg)<br> | ||
| − | === | + | [http://www.opensamm.org/ OpenSAMM] (Pravir Chandra) - [http://www.opensamm.org/2011/03/bsimm-activities-mapped-to-samm/ BSIMM activities mapped to SAMM]<br> |
| − | [[ | + | |
| + | [[OWASP_Common_Numbering_Project|OWASP Common Structure and Numbering for All Guides]] (Keith Turpin/Matteo Meucci/Vishal Garg)<br> | ||
| + | |||
| + | [[OWASP_Common_Numbering_Project|OWASP Common Vulnerability List]] (Meucci/Keary/Agarwal) - [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNOTkzNmYwN2YtNWZmZC00NjdhLTk1ZjMtMmU5NjQ5ZThhYmVl&hl=en_US&authkey=CNPQ4LkG CVL ppt presentation created by Matteo Meucci]<br> | ||
| + | |||
| + | [[OWASP Java Project]] (Lucas Ferreira) - [[Summit_2011_Working_Sessions/Session053/Deliverable_1|Action Plan for the Java Project]], [[Summit_2011_Working_Sessions/Session053/Deliverable_2|New Project Leader]]<br> | ||
| + | |||
| + | [[OWASP Mobile Security Project]] (Mike Zusman) - [https://docs.google.com/document/d/1vDB6FMCFHLqpEfB-SPlG0hliKak8flnUvJ1fwZPa-qM/edit?hl=en_US&authkey=CI_Mj4wJ Working Session Notes]<br> | ||
| − | [[OWASP | + | [[OWASP O2 Platform]] (Dinis Cruz)<br> |
| − | [[ | + | [[OWASP Portuguese Language Project]] (Lucas Ferreira) - [[Summit_2011_Working_Sessions/Session048/Deliverable_1|Working Session Outcomes]]<br> |
| − | [[Summit_2011_Working_Sessions/ | + | [[Summit_2011_Working_Sessions/Session203|OWASP Project Disclosure Policies]] (Chris Schmidt) - [[Summit_2011_Working_Sessions/Session203/Deliverable_1|OWASP Project Disclosure Policy]], [[Summit_2011_Working_Sessions/Session203/Deliverable_2|OWASP Security Bulletin Template]]<br> |
| − | [[OWASP | + | [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]] (Keith Turpin) - [https://docs.google.com/document/d/12SMf5i0zRSYEeHfYrJtWHSqy-dnSZq72OkTaMa_UM3U/edit?hl=en_US&authkey=CNjU_5oP Working Session Notes]<br> |
| − | [[OWASP | + | [[OWASP Testing Project|OWASP Testing Guide]] (Matteo Meucci) - [https://docs.google.com/document/d/11vERv8lf0xrEgdi37iLbuJL2rqjAsgP8icoE4rMtL50/edit?hl=en_US&authkey=CPLqrfoJ Working Session Notes], [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNMWVmZTE5ZTctOTZkYy00MGZiLWE1N2UtNDE1NjEwZDg2MGRi&hl=en_US&authkey=CJfF-KwL Planning the OWASP Testing Guide 4.0 ppt presentation]<br> |
| − | [[ | + | [[Threat Modeling]] (Anurag Agarwal) - [https://docs.google.com/document/d/1QnCgW7Sr1cGx6cg3EKOqxhvNyx9G6xmFP5Mksebd3Ts/edit?hl=en_US&authkey=CLexzjE Working Session discussion points and notes]<br> |
| Line 89: | Line 100: | ||
| − | === | + | ===University, Education, and Training=== |
| − | [[ | + | [[:Category:OWASP_Education_Project|OWASP Education Project]] (Martin Knobloch)<br> |
| − | |||
| − | [[ | + | [[OWASP_Working_Session_-_OWASP_Certification|OWASP Certification]] (Jason Taylor & Jason Li) - [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNMTlkMDUxNGEtZmM1MS00ODI2LWEwMDYtMjU1Nzc4ZWEwYmJk&hl=en_US&authkey=CNbHmJkP Certification Code of Conduct Draft]<br> |
| − | [[ | + | [[OWASP Exams Project]] (Jason Taylor)<br> |
| − | [ | + | [[OWASP Hackademic Challenges Project]] (Kostas Papapanagiotou & Vasileros Vlachos)<br> |
| − | [[ | + | [[Summit_2011_Working_Sessions/Session069|OWASP Top 10 Training in Hacking-Lab]] (Ivan Buetler) - [https://www.hacking-lab.com/ Hacking Lab Website]<br> |
| − | [[OWASP | + | [[OWASP Training]] (Sandra Paiva) - [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNY2I5M2YwMjMtMGJjNi00ZjZkLWJkYmUtZmU0YjhjNjc4NzYx&hl=en_US&authkey=COzlt4cC Working Session Notes]<br> |
| − | [[OWASP | + | [[OWASP Academies| University Outreach - OWASP Academies]] (Sandra Paiva) - [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNZGE2MmE4MjAtYmEwYS00M2NmLTk2ZjYtNmM3ODc2MDQyODBm&hl=en_US&authkey=CPHdmtIB Working Session Notes], [[OWASP Academy Portal Project]]<br> |
| − | [[OWASP | + | [[OWASP_Student_Chapters_Program|University Outreach - OWASP College Chapter Program]] (Martin Knobloch) (renamed "OWASP Student Chapters Program")<br> |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | ===OWASP Internal Governance and Global Committees== | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | ===OWASP Internal Governance and Committees | ||
[[Global Chapters Committee]] (Seba Deleersnyder) - [[Summit_2011_Working_Sessions/Session018/Deliverable_1|Working Session Meeting Minutes]]<br> | [[Global Chapters Committee]] (Seba Deleersnyder) - [[Summit_2011_Working_Sessions/Session018/Deliverable_1|Working Session Meeting Minutes]]<br> | ||
| Line 128: | Line 126: | ||
[[Global Education Committee]] (Martin Knobloch)<br> | [[Global Education Committee]] (Martin Knobloch)<br> | ||
| − | [[Global Industry Committee]] (Eoin Keary & Colin Watson) - [https://docs.google.com/document/d/1XtFXZuyzCmRAxMTwmtSmz4zQ9m7yAdqOFO7c0PLYDLw/edit?hl=en_US&authkey=CPPl898J Working Session Notes]<br> | + | [[Global Industry Committee]] (Eoin Keary & Colin Watson) - [https://docs.google.com/document/d/1XtFXZuyzCmRAxMTwmtSmz4zQ9m7yAdqOFO7c0PLYDLw/edit?hl=en_US&authkey=CPPl898J Working Session Notes], [https://www.surveymonkey.com/s/SCJBX7R 2011 Industry Outreach Survey]<br> |
[[Global Membership Committee]] (Dan Cornell) - [https://docs.google.com/document/d/1lsoExx4UW-dpjRgRlZaJq0BQPf4lRxRQPI56McMfUBs/edit?hl=en_US&authkey=COO8kd4E Working Session Notes], [[Membership|Membership page with changes subsequent to 2011 Summit]]<br> | [[Global Membership Committee]] (Dan Cornell) - [https://docs.google.com/document/d/1lsoExx4UW-dpjRgRlZaJq0BQPf4lRxRQPI56McMfUBs/edit?hl=en_US&authkey=COO8kd4E Working Session Notes], [[Membership|Membership page with changes subsequent to 2011 Summit]]<br> | ||
| Line 154: | Line 152: | ||
[[Summit_2011_Working_Sessions/Session072|Developer Outreach]] (Mark Bristow & Jason Li)<br> | [[Summit_2011_Working_Sessions/Session072|Developer Outreach]] (Mark Bristow & Jason Li)<br> | ||
| + | |||
| + | [[Summit_2011_Working_Sessions/Session068|Enterprise Web Defense Roundtable]] (Michael Coates & Chris Lyon) - [http://etherpad.mozilla.org:9000/OWASP-EWDR Etherpad Notes Page with Agenda, Slides & Background Reading]<br> | ||
[[Summit_2011_Working_Sessions/Session036|Government Outreach]] (Doug Wilson) - [[Summit_2011_Working_Sessions/Session036/Deliverable_1|Working Session Outcome]]<br> | [[Summit_2011_Working_Sessions/Session036|Government Outreach]] (Doug Wilson) - [[Summit_2011_Working_Sessions/Session036/Deliverable_1|Working Session Outcome]]<br> | ||
Revision as of 04:49, 25 June 2011
If you have any comments, corrections, or questions about the information contained in this page or related links, please contact Sarah Baso
- 1 Acknowledgements
- 2 Press Release & Media Mentions
- 3 Summit Background
- 4 2011 Summit Finances & Budget
- 5 2011 Summit Lessons Learned
- 6 Appendix: Working Session Details and Documentation
- 7 =OWASP Internal Governance and Global Committees
- 8 Summit Team & Attendee Bios
- 9 Summit-Related Blog Posts
- 10 Video & Pictures of Summit
Acknowledgements
(Forthcoming)
Press Release & Media Mentions
- Interview with Jeff Williams - http://www.vimeo.com/25335824
- Interview with Tom Brennan - http://www.vimeo.com/23889097
Summit Background
(Forthcoming)
2011 Summit Finances & Budget
- Summit 2011 Financials: Summary of Expenses and Income and Summit Travel and Accommodations Costs
- Comparison to 2008 Summit Budget
- Projection of costs needed for future Summit
2011 Summit Lessons Learned
(Forthcoming)
Appendix: Working Session Details and Documentation
Browser Security
Here are the notes from all the four browser security sessions. John Wilander is working on a Browser Security Report building on these sessions.
EcmaScript 5 Security notes (pdf)
Site Security Policy notes (pdf)
XSS Eradication
DOM based XSS Prevention Cheat Sheet (Jim Manico & Abraham Kang)
XSS and the Frameworks: XSS - Awareness, Resources, and Partnerships (Justin Clarke) - Working Session Notes
WAF Mitigation for XSS: Virtual Patching Best Practices (Ryan Barnett) - Working Session Notes
Metrics
Counting and Scoring Application Security Defects (Chris Eng & Chris Wysopal) - Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey
Risk Metrics: Metrics and Labeling (Chris Eng & Chris Wysopal) - Working Session Transcripts
Individual OWASP Projects
Application Security Verification Standard (ASVS) Project (Dave Wichers)
Development Guide (Vishal Garg)
OpenSAMM (Pravir Chandra) - BSIMM activities mapped to SAMM
OWASP Common Structure and Numbering for All Guides (Keith Turpin/Matteo Meucci/Vishal Garg)
OWASP Common Vulnerability List (Meucci/Keary/Agarwal) - CVL ppt presentation created by Matteo Meucci
OWASP Java Project (Lucas Ferreira) - Action Plan for the Java Project, New Project Leader
OWASP Mobile Security Project (Mike Zusman) - Working Session Notes
OWASP O2 Platform (Dinis Cruz)
OWASP Portuguese Language Project (Lucas Ferreira) - Working Session Outcomes
OWASP Project Disclosure Policies (Chris Schmidt) - OWASP Project Disclosure Policy, OWASP Security Bulletin Template
OWASP Secure Coding Practices - Quick Reference Guide (Keith Turpin) - Working Session Notes
OWASP Testing Guide (Matteo Meucci) - Working Session Notes, Planning the OWASP Testing Guide 4.0 ppt presentation
Threat Modeling (Anurag Agarwal) - Working Session discussion points and notes
Secure Coding Workshop
General Information on the OWASP Secure Coding Track - Code Repository (Google)
Applying ESAPI Input Validation (Chris Schmidt)
Contextual Output Encoding: ESAPI-CORE (Chris Schmidt & Jim Manico)
Defining AppSensor Detection Points (Michael Coates)
Protecting Information Stored Client-Side (John Steven)
Providing Access to Persisted Data (Dan Cornell) - Working Session Notes
University, Education, and Training
OWASP Education Project (Martin Knobloch)
OWASP Certification (Jason Taylor & Jason Li) - Certification Code of Conduct Draft
OWASP Exams Project (Jason Taylor)
OWASP Hackademic Challenges Project (Kostas Papapanagiotou & Vasileros Vlachos)
OWASP Top 10 Training in Hacking-Lab (Ivan Buetler) - Hacking Lab Website
OWASP Training (Sandra Paiva) - Working Session Notes
University Outreach - OWASP Academies (Sandra Paiva) - Working Session Notes, OWASP Academy Portal Project
University Outreach - OWASP College Chapter Program (Martin Knobloch) (renamed "OWASP Student Chapters Program")
=OWASP Internal Governance and Global Committees
Global Chapters Committee (Seba Deleersnyder) - Working Session Meeting Minutes
Global Conferences Committee (Mark Bristow) - Working Session/Monthly Committee Meeting Minutes
Global Education Committee (Martin Knobloch)
Global Industry Committee (Eoin Keary & Colin Watson) - Working Session Notes, 2011 Industry Outreach Survey
Global Membership Committee (Dan Cornell) - Working Session Notes, Membership page with changes subsequent to 2011 Summit
Global Projects Committee (Jason Li & Brad Causey) - Summary of Outcomes and Post-Summit Progress, February GPC Meeting Minutes
OWASP Board & Committee Governance (Mark Bristow) - Working Session Rationale, 2011 Board of Directors Election Information, New Bylaws
OWASP Chapters:Asia/Pacific Working Group (Helen Gao) - Working Group Outcomes
OWASP Chapters: Building the OWASP Brazilian Leaders Group (Lucas Ferriera) - Objectives and action plan to improve OWASP presence in Brazil
OWASP Funding and CEO Discussion (Keith Turpin) - Working Session Notes, List of suggestions from Funding and CEO discussion, Arguments for hiring an OWASP CEO
OWASP Licensing (Abraham Kang) - Working Session Notes, OWASP Licensing PowerPoint, Licensing - Questions for follow up
Overhauling the OWASP Website (Jason Li) - Summary of Outcomes
OWASP Points - Tracking OWASP Participation (Mark Bristow)
Other OWASP Initiatives
Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies (Dinis Cruz & Jeff Williams) - Draft OWASP Codes of Conduct Document
Developer Outreach (Mark Bristow & Jason Li)
Enterprise Web Defense Roundtable (Michael Coates & Chris Lyon) - Etherpad Notes Page with Agenda, Slides & Background Reading
Government Outreach (Doug Wilson) - Working Session Outcome
Healthcare Industry Outreach & Banking/Finance Industry Outreach ( Lorna Alamri) - Vertical Outreach Notes, Industry Outreach Mapping
How can OWASP reach/talk/engage with auditors? (Matthew Chalmers) - Working Session Notes
Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson) - Working Session Notes
Should OWASP work directly with PCI-DSS? (Matthew Chalmers) - Working Session Notes
Summit Team & Attendee Bios
Support Staff Bios
Attendee Bios
Summit-Related Blog Posts
Colin Watson - 3 part Recap/Reflections on OWASP Summit 2011, 8-Feb-2011
Carlos Serrão - OWASP Summit 2011, 9-Feb-2011
Ben Tomhave - Evolving OWASP: Reflections on the 2011 Summit, 11-Feb-2011
John Wilander - Fears & Hopes for OWASP, 13-Febr-2011
Dinis Cruz - OWASP Summit 2011 Results, 15-Feb-2011
Chris Schmidt - Dear OWASP Summit, Obrigado, 16-Feb-2011
Supply Chain Technology - Notes from the OWASP 2011 Summit Published, 17-Feb-2011
Mark Curphey - OWASP - Has it reached a tipping point?, 19-Feb-2011
Michael Coates - A Vision for OWASP, 21-Feb-2011
Pravir Chandra - BSIMM activities mapped to SAMM, 3-Mar-2011
Video & Pictures of Summit
Video clips of the Summit recorded by Zaki Akhmad, a Summit Attendee & OWASP Chapter Leader from Indonesia. Full video of the Summit Working Sessions is forthcoming.
- Summit 2011 - Governance Session, part 1
- Summit 2011 - Governance Session, part 2
- Summit 2011 - Wrap Up Session #1
- Summit 2011 - Browser Security Wrap Up
- Summit 2011 - ESAPI Working Session
- Summit 2011 - Chapter Leader Working Session
Pictures of the Summit:
