This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Outcomes"
Sarah Baso (talk | contribs) m |
Zakiakhmad (talk | contribs) m (→Video & Pictures of Summit) |
||
(11 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
If you have any comments, corrections, or questions about the information contained in this page or related links, please contact [mailto:[email protected] Sarah Baso] | If you have any comments, corrections, or questions about the information contained in this page or related links, please contact [mailto:[email protected] Sarah Baso] | ||
− | == | + | ==Final Report== |
− | + | [http://sl.owasp.org/summit2011_finalreport View OWASP Summit 2011: Post-Summit Report and Working Sessions Outcomes] | |
+ | |||
+ | * [http://www.lulu.com/product/paperback/owasp-summit-2011-post-summit-report-and-working-session-outcomes/16364260 Purchase] black & white copy of report on Lulu.com or free PDF download | ||
+ | * [http://www.lulu.com/product/paperback/owasp-summit-2011-post-summit-report-and-working-session-outcomes/16364260 Purchase] full color copy of report on Lulu.com or free PDF download | ||
Line 14: | Line 17: | ||
==Summit Background== | ==Summit Background== | ||
− | ( | + | (included in final report) |
Line 25: | Line 28: | ||
==2011 Summit Lessons Learned== | ==2011 Summit Lessons Learned== | ||
− | ( | + | (included in final report) |
Line 31: | Line 34: | ||
===Browser Security=== | ===Browser Security=== | ||
− | + | ||
+ | [https://docs.google.com/document/d/1KcdJKBG_ZMuqWoy6RQRS6HNsKgXkGbuayEjK-PXwD2U/edit?hl=en_US&authkey=CKy3gO8M Browser Security Report] | ||
+ | |||
+ | |||
+ | '''Notes from the 5 Browser Security Sessions'''<br> | ||
[http://www.owasp.org/images/0/06/OWASPSummit2011DOMSandboxingBrowserSecurityTrack.pdf DOM Sandboxing notes (pdf)]<br> | [http://www.owasp.org/images/0/06/OWASPSummit2011DOMSandboxingBrowserSecurityTrack.pdf DOM Sandboxing notes (pdf)]<br> | ||
Line 93: | Line 100: | ||
[[Summit_2011_Working_Sessions/Session034|Contextual Output Encoding: ESAPI-CORE]] (Chris Schmidt & Jim Manico)<br> | [[Summit_2011_Working_Sessions/Session034|Contextual Output Encoding: ESAPI-CORE]] (Chris Schmidt & Jim Manico)<br> | ||
− | [[Summit_2011_Working_Sessions/Session026|Defining AppSensor Detection Points]] (Michael Coates)<br> | + | [[Summit_2011_Working_Sessions/Session026|Defining AppSensor Detection Points]] (Michael Coates) - [https://lists.owasp.org/pipermail/owasp-appsensor-project/2011-February/000208.html Working Session Notes], [http://code.google.com/p/appsensor/source/browse/#svn%2Ftrunk%2FAppSensor-Tutorial Updated AppSensor-Tutorial code with new lessons and lesson structure enhancements], [https://www.owasp.org/index.php/AppSensor_Developer_Guide AppSensor Updated Getting Started Guide for new adopters and developers leveraging feedback from session]<br> |
[[Summit_2011_Working_Sessions/Session028|Protecting Information Stored Client-Side]] (John Steven)<br> | [[Summit_2011_Working_Sessions/Session028|Protecting Information Stored Client-Side]] (John Steven)<br> | ||
Line 102: | Line 109: | ||
===University, Education, and Training=== | ===University, Education, and Training=== | ||
[[:Category:OWASP_Education_Project|OWASP Education Project]] (Martin Knobloch)<br> | [[:Category:OWASP_Education_Project|OWASP Education Project]] (Martin Knobloch)<br> | ||
− | |||
[[OWASP_Working_Session_-_OWASP_Certification|OWASP Certification]] (Jason Taylor & Jason Li) - [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNMTlkMDUxNGEtZmM1MS00ODI2LWEwMDYtMjU1Nzc4ZWEwYmJk&hl=en_US&authkey=CNbHmJkP Certification Code of Conduct Draft]<br> | [[OWASP_Working_Session_-_OWASP_Certification|OWASP Certification]] (Jason Taylor & Jason Li) - [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNMTlkMDUxNGEtZmM1MS00ODI2LWEwMDYtMjU1Nzc4ZWEwYmJk&hl=en_US&authkey=CNbHmJkP Certification Code of Conduct Draft]<br> | ||
Line 119: | Line 125: | ||
− | ===OWASP Internal Governance and Global Committees== | + | ===OWASP Internal Governance and Global Committees=== |
[[Global Chapters Committee]] (Seba Deleersnyder) - [[Summit_2011_Working_Sessions/Session018/Deliverable_1|Working Session Meeting Minutes]]<br> | [[Global Chapters Committee]] (Seba Deleersnyder) - [[Summit_2011_Working_Sessions/Session018/Deliverable_1|Working Session Meeting Minutes]]<br> | ||
Line 132: | Line 138: | ||
[[Global Projects Committee]] (Jason Li & Brad Causey) - [[GPC_2011_Summit_Outcomes|Summary of Outcomes and Post-Summit Progress]], [https://lists.owasp.org/pipermail/global-projects-committee/2011-February/001777.html February GPC Meeting Minutes] <br> | [[Global Projects Committee]] (Jason Li & Brad Causey) - [[GPC_2011_Summit_Outcomes|Summary of Outcomes and Post-Summit Progress]], [https://lists.owasp.org/pipermail/global-projects-committee/2011-February/001777.html February GPC Meeting Minutes] <br> | ||
− | [[Summit_2011_Working_Sessions/Session013|OWASP Board & Committee Governance]] (Mark Bristow) - [[Talk:Summit_2011_Working_Sessions/Session013|Working Session Rationale]], [[Membership/2011Election|2011 Board of Directors Election Information]], [https://docs.google.com/a/owasp.org/document/d/1r_hS2ioEBcNOKqmEjSJmlLUOdQEb5qPb_0GU_VU1Arw/edit?hl=en&authkey=CLe5nZwD New Bylaws]<br> | + | [[Summit_2011_Working_Sessions/Session013|OWASP Board & Global Committee Governance]] (Mark Bristow) - [[Talk:Summit_2011_Working_Sessions/Session013|Working Session Rationale]], [[Membership/2011Election|2011 Board of Directors Election Information]], [https://docs.google.com/a/owasp.org/document/d/1r_hS2ioEBcNOKqmEjSJmlLUOdQEb5qPb_0GU_VU1Arw/edit?hl=en&authkey=CLe5nZwD New Bylaws]<br> |
[[Summit_2011_Working_Sessions/Session251|OWASP Chapters:Asia/Pacific Working Group]] (Helen Gao) - [[Summit_2011_Working_Sessions/Session251|Working Group Outcomes]]<br> | [[Summit_2011_Working_Sessions/Session251|OWASP Chapters:Asia/Pacific Working Group]] (Helen Gao) - [[Summit_2011_Working_Sessions/Session251|Working Group Outcomes]]<br> | ||
Line 144: | Line 150: | ||
[[Working_Sessions_OWASP_Website|Overhauling the OWASP Website]] (Jason Li) - [[Summit_2011_Working_Sessions/Session023/Deliverable_1|Summary of Outcomes]]<br> | [[Working_Sessions_OWASP_Website|Overhauling the OWASP Website]] (Jason Li) - [[Summit_2011_Working_Sessions/Session023/Deliverable_1|Summary of Outcomes]]<br> | ||
− | [[OWASP Points | + | [[OWASP Points|OWASP Points - Tracking OWASP Participation]] (Mark Bristow)<br> |
Line 150: | Line 156: | ||
[[OWASP Codes of Conduct|Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies]] (Dinis Cruz & Jeff Williams) - [https://docs.google.com/document/d/1F5HI3ddSxf-gF2qM_fNaEb2u73nsnrJXm3VmbsVVo28/edit?hl=en_US&authkey=CPy0gZwH Draft OWASP Codes of Conduct Document]<br> | [[OWASP Codes of Conduct|Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies]] (Dinis Cruz & Jeff Williams) - [https://docs.google.com/document/d/1F5HI3ddSxf-gF2qM_fNaEb2u73nsnrJXm3VmbsVVo28/edit?hl=en_US&authkey=CPy0gZwH Draft OWASP Codes of Conduct Document]<br> | ||
− | |||
− | |||
[[Summit_2011_Working_Sessions/Session068|Enterprise Web Defense Roundtable]] (Michael Coates & Chris Lyon) - [http://etherpad.mozilla.org:9000/OWASP-EWDR Etherpad Notes Page with Agenda, Slides & Background Reading]<br> | [[Summit_2011_Working_Sessions/Session068|Enterprise Web Defense Roundtable]] (Michael Coates & Chris Lyon) - [http://etherpad.mozilla.org:9000/OWASP-EWDR Etherpad Notes Page with Agenda, Slides & Background Reading]<br> | ||
Line 169: | Line 173: | ||
==Summit Team & Attendee Bios== | ==Summit Team & Attendee Bios== | ||
− | + | * [[Media: Attendee_Bios_for_Outcomes_-_Participants.pdf|Summit Attendees and Staff Bios]] | |
− | * [[Media:Attendee_Bios_for_Outcomes_- | ||
− | |||
− | |||
− | |||
− | |||
Line 200: | Line 199: | ||
==Video & Pictures of Summit== | ==Video & Pictures of Summit== | ||
− | Video clips of the Summit recorded by Zaki Akhmad, a Summit Attendee & OWASP Chapter Leader from Indonesia. Full video of the Summit Working Sessions is forthcoming. | + | Video clips of the Summit recorded by [[User:Zakiakhmad|Zaki Akhmad]], a Summit Attendee & OWASP Chapter Leader from [[Indonesia|Indonesia]]. Full video of the Summit Working Sessions is forthcoming. |
*[http://www.youtube.com/watch?v=w6nuPCxCyC8 Summit 2011 - Governance Session, part 1] | *[http://www.youtube.com/watch?v=w6nuPCxCyC8 Summit 2011 - Governance Session, part 1] |
Latest revision as of 11:19, 19 January 2012
If you have any comments, corrections, or questions about the information contained in this page or related links, please contact Sarah Baso
Final Report
View OWASP Summit 2011: Post-Summit Report and Working Sessions Outcomes
- Purchase black & white copy of report on Lulu.com or free PDF download
- Purchase full color copy of report on Lulu.com or free PDF download
Press Release & Media Mentions
- Interview with Jeff Williams - http://www.vimeo.com/25335824
- Interview with Tom Brennan - http://www.vimeo.com/23889097
Summit Background
(included in final report)
2011 Summit Finances & Budget
- Summit 2011 Financials: Summary of Expenses and Income and Summit Travel and Accommodations Costs
- Comparison to 2008 Summit Budget
- Projection of costs needed for future Summit
2011 Summit Lessons Learned
(included in final report)
Appendix: Working Session Details and Documentation
Browser Security
Notes from the 5 Browser Security Sessions
EcmaScript 5 Security notes (pdf)
Site Security Policy notes (pdf)
XSS Eradication
DOM based XSS Prevention Cheat Sheet (Jim Manico & Abraham Kang)
XSS and the Frameworks: XSS - Awareness, Resources, and Partnerships (Justin Clarke) - Working Session Notes
WAF Mitigation for XSS: Virtual Patching Best Practices (Ryan Barnett) - Working Session Notes
Metrics
Counting and Scoring Application Security Defects (Chris Eng & Chris Wysopal) - Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey
Risk Metrics: Metrics and Labeling (Chris Eng & Chris Wysopal) - Working Session Transcripts
Individual OWASP Projects
Application Security Verification Standard (ASVS) Project (Dave Wichers)
Development Guide (Vishal Garg)
OpenSAMM (Pravir Chandra) - BSIMM activities mapped to SAMM
OWASP Common Structure and Numbering for All Guides (Keith Turpin/Matteo Meucci/Vishal Garg)
OWASP Common Vulnerability List (Meucci/Keary/Agarwal) - CVL ppt presentation created by Matteo Meucci
OWASP Java Project (Lucas Ferreira) - Action Plan for the Java Project, New Project Leader
OWASP Mobile Security Project (Mike Zusman) - Working Session Notes
OWASP O2 Platform (Dinis Cruz)
OWASP Portuguese Language Project (Lucas Ferreira) - Working Session Outcomes
OWASP Project Disclosure Policies (Chris Schmidt) - OWASP Project Disclosure Policy, OWASP Security Bulletin Template
OWASP Secure Coding Practices - Quick Reference Guide (Keith Turpin) - Working Session Notes
OWASP Testing Guide (Matteo Meucci) - Working Session Notes, Planning the OWASP Testing Guide 4.0 ppt presentation
Threat Modeling (Anurag Agarwal) - Working Session discussion points and notes
Secure Coding Workshop
General Information on the OWASP Secure Coding Track - Code Repository (Google)
Applying ESAPI Input Validation (Chris Schmidt)
Contextual Output Encoding: ESAPI-CORE (Chris Schmidt & Jim Manico)
Defining AppSensor Detection Points (Michael Coates) - Working Session Notes, Updated AppSensor-Tutorial code with new lessons and lesson structure enhancements, AppSensor Updated Getting Started Guide for new adopters and developers leveraging feedback from session
Protecting Information Stored Client-Side (John Steven)
Providing Access to Persisted Data (Dan Cornell) - Working Session Notes
University, Education, and Training
OWASP Education Project (Martin Knobloch)
OWASP Certification (Jason Taylor & Jason Li) - Certification Code of Conduct Draft
OWASP Exams Project (Jason Taylor)
OWASP Hackademic Challenges Project (Kostas Papapanagiotou & Vasileros Vlachos)
OWASP Top 10 Training in Hacking-Lab (Ivan Buetler) - Hacking Lab Website
OWASP Training (Sandra Paiva) - Working Session Notes
University Outreach - OWASP Academies (Sandra Paiva) - Working Session Notes, OWASP Academy Portal Project
University Outreach - OWASP College Chapter Program (Martin Knobloch) (renamed "OWASP Student Chapters Program")
OWASP Internal Governance and Global Committees
Global Chapters Committee (Seba Deleersnyder) - Working Session Meeting Minutes
Global Conferences Committee (Mark Bristow) - Working Session/Monthly Committee Meeting Minutes
Global Education Committee (Martin Knobloch)
Global Industry Committee (Eoin Keary & Colin Watson) - Working Session Notes, 2011 Industry Outreach Survey
Global Membership Committee (Dan Cornell) - Working Session Notes, Membership page with changes subsequent to 2011 Summit
Global Projects Committee (Jason Li & Brad Causey) - Summary of Outcomes and Post-Summit Progress, February GPC Meeting Minutes
OWASP Board & Global Committee Governance (Mark Bristow) - Working Session Rationale, 2011 Board of Directors Election Information, New Bylaws
OWASP Chapters:Asia/Pacific Working Group (Helen Gao) - Working Group Outcomes
OWASP Chapters: Building the OWASP Brazilian Leaders Group (Lucas Ferreira) - Objectives and action plan to improve OWASP presence in Brazil
OWASP Funding and CEO Discussion (Keith Turpin) - Working Session Notes, List of suggestions from Funding and CEO discussion, Arguments for hiring an OWASP CEO
OWASP Licensing (Abraham Kang) - Working Session Notes, OWASP Licensing PowerPoint, Licensing - Questions for follow up
Overhauling the OWASP Website (Jason Li) - Summary of Outcomes
OWASP Points - Tracking OWASP Participation (Mark Bristow)
Other OWASP Initiatives
Defining a Minimal AppSec Program for Universities, Governments, and Standards Bodies (Dinis Cruz & Jeff Williams) - Draft OWASP Codes of Conduct Document
Enterprise Web Defense Roundtable (Michael Coates & Chris Lyon) - Etherpad Notes Page with Agenda, Slides & Background Reading
Government Outreach (Doug Wilson) - Working Session Outcome
Healthcare Industry Outreach & Banking/Finance Industry Outreach ( Lorna Alamri) - Vertical Outreach Notes, Industry Outreach Mapping
How can OWASP reach/talk/engage with auditors? (Matthew Chalmers) - Working Session Notes
Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson) - Working Session Notes
Should OWASP work directly with PCI-DSS? (Matthew Chalmers) - Working Session Notes
Summit Team & Attendee Bios
Summit-Related Blog Posts
Colin Watson - 3 part Recap/Reflections on OWASP Summit 2011, 8-Feb-2011
Carlos Serrão - OWASP Summit 2011, 9-Feb-2011
Ben Tomhave - Evolving OWASP: Reflections on the 2011 Summit, 11-Feb-2011
John Wilander - Fears & Hopes for OWASP, 13-Febr-2011
Dinis Cruz - OWASP Summit 2011 Results, 15-Feb-2011
Chris Schmidt - Dear OWASP Summit, Obrigado, 16-Feb-2011
Supply Chain Technology - Notes from the OWASP 2011 Summit Published, 17-Feb-2011
Mark Curphey - OWASP - Has it reached a tipping point?, 19-Feb-2011
Michael Coates - A Vision for OWASP, 21-Feb-2011
Pravir Chandra - BSIMM activities mapped to SAMM, 3-Mar-2011
Video & Pictures of Summit
Video clips of the Summit recorded by Zaki Akhmad, a Summit Attendee & OWASP Chapter Leader from Indonesia. Full video of the Summit Working Sessions is forthcoming.
- Summit 2011 - Governance Session, part 1
- Summit 2011 - Governance Session, part 2
- Summit 2011 - Wrap Up Session #1
- Summit 2011 - Browser Security Wrap Up
- Summit 2011 - ESAPI Working Session
- Summit 2011 - Chapter Leader Working Session
Pictures of the Summit: