This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Summit 2011 Working Sessions/Session047"

From OWASP
Jump to: navigation, search
Line 125: Line 125:
 
| summit_track_logo =  
 
| summit_track_logo =  
 
| summit_ws_logo =  
 
| summit_ws_logo =  
| summit_session_name = Security Refactoring
+
| summit_session_name = OWASP Security Refactorings
 
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session047
 
| summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session047
 
| mailing_list =
 
| mailing_list =
Line 131: Line 131:
 
|-
 
|-
  
| short_working_session_description=Most developers will read security guide information and cannot relate because they usually have not written code in a secure manner.  This session looks to present security coding bad practices as "bad smells" in a similar format to Martin Fowler's ''Refactoring: Improving the Design of Existing Code''.  By presenting bad coding examples, we are hoping that developers reading the information think, "Oh, crap, I have similar code running in production and I need to utilize the solution provided (using ESAPI of course) to fix my mistake".   
+
| short_working_session_description=Most developers will read security guide information and cannot relate because they usually have not written code in the manner being shown.  This session looks to present security coding bad practices as "bad smells" in a similar format to Martin Fowler's ''Refactoring: Improving the Design of Existing Code''.  By presenting bad coding examples, we are hoping that developers reading the information think, "Oh, crap, I have similar code running in production and I need to utilize the solution provided (using ESAPI of course) to fix my mistake".   
  
 
|-
 
|-
Line 152: Line 152:
 
|-
 
|-
  
| summit_session_objective_name1=  
+
| summit_session_objective_name1= 1.  Goals and Scope of initial "Security Refactorings"
  
| summit_session_objective_name2 =  
+
| summit_session_objective_name2 = 2.  High level Organization of Code Example Smells
  
| summit_session_objective_name3 =  
+
| summit_session_objective_name3 = 3.  Format to present Security Refactorings
  
| summit_session_objective_name4 =  
+
| summit_session_objective_name4 = 4.  Solutions and Segmenting of work.
  
 
| summit_session_objective_name5 =   
 
| summit_session_objective_name5 =   
Line 180: Line 180:
 
|-
 
|-
  
|summit_session_deliverable_name1 = 1.  High level Organization of Code Example Smells
+
|summit_session_deliverable_name1 = 1.  Goals and Scope of initial "Security Refactorings"
  
|summit_session_deliverable_name2 = 2.  Format to present Security Refactorings
+
|summit_session_deliverable_name2 = 2.  High level Organization of Code Example Smells
  
|summit_session_deliverable_name3 = 3.  Solutions and Segmenting of work.
+
|summit_session_deliverable_name3 = 3.  Format to present Security Refactorings
  
|summit_session_deliverable_name4 = 4.  Scope of initial "Security Refactorings"
+
|summit_session_deliverable_name4 = 4.  Solutions and Segmenting of work.
  
 
|summit_session_deliverable_name5 =  
 
|summit_session_deliverable_name5 =  

Revision as of 05:05, 3 February 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

OWASP Security Refactorings
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Most developers will read security guide information and cannot relate because they usually have not written code in the manner being shown. This session looks to present security coding bad practices as "bad smells" in a similar format to Martin Fowler's Refactoring: Improving the Design of Existing Code. By presenting bad coding examples, we are hoping that developers reading the information think, "Oh, crap, I have similar code running in production and I need to utilize the solution provided (using ESAPI of course) to fix my mistake".
Related Projects (if any)


Email Contacts & Roles Chair
Abraham Kang @

Operational Manager
Abraham Kang @
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  1. 1. Goals and Scope of initial "Security Refactorings"
  2. 2. High level Organization of Code Example Smells
  3. 3. Format to present Security Refactorings
  4. 4. Solutions and Segmenting of work.

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
Looking to discuss organization of code examples, format for each "Security Refactoring" and secure solutions.
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

1. Goals and Scope of initial "Security Refactorings"

After the Board Meeting - fill in here.

2. High level Organization of Code Example Smells

After the Board Meeting - fill in here.

3. Format to present Security Refactorings

After the Board Meeting - fill in here.

4. Solutions and Segmenting of work.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Abraham Kang @