This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Summit 2011 Working Sessions/Session082

From OWASP
Revision as of 06:26, 1 February 2011 by Dinis.cruz (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. owasp.jpg How can OWASP reach/talk/engage with auditors
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Are you an auditor? Not in the sense of one who "audits" web applications for vulnerabilities, but one engaged in the professional practice of internal auditing. Have you been audited? (No, not by the IRS.) Do you really know what auditors do, how the appsec "world" looks to them, and how they can help you?

The IIA defines auditing as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."

This working session aims to:

  • Educate security professionals and developers on, and dispel the myths about, audit and control
  • Educate auditors on OWASP, software development and web & application security
  • Discuss ways OWASP can help security pros, developers and auditors work together for mutual benefit and world domination

The proposed track for this working session is OWASP.

If you are interested in participating in this working session please edit the Working Session Participants section below to add your name & areas of interest. Please feel free to join the discussion of this working session in the Summit 2011 Working Sessions Google Group.

Related Projects (if any)


Email Contacts & Roles Chair
Matthew Chalmers @

Operational Manager
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  1. Educate security professionals and developers on, and dispel the myths about, audit and control
  2. Educate auditors on OWASP, software development and web & application security
  3. Discuss ways OWASP can help security pros, developers and auditors work together for mutual benefit and world domination

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A white paper describing specific strategies for interacting with auditors as described above.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Matthew Chalmers @
ralogo_web.gif
Wish to dispel myths about IT auditing and find out how security, development and audit folks are working together
Achim Hoffmann @
Sicsec-130x39.png
define/find the circle: pentest - audit- workshop
Justin Clarke @
Gotham Digital Science
Don't do IT audits anymore, but I used to and I'm still a CISA