This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Summit 2011 Working Sessions/Session201"
(10 intermediate revisions by 6 users not shown) | |||
Line 2: | Line 2: | ||
|- | |- | ||
− | | summit_session_attendee_name1 = | + | | summit_session_attendee_name1 = Vishal Garg |
− | | summit_session_attendee_email1 = | + | | summit_session_attendee_email1 = [email protected] |
− | | summit_session_attendee_username1 = | + | | summit_session_attendee_username1 = Vishal_Garg |
− | | summit_session_attendee_company1= | + | | summit_session_attendee_company1= AppSecure Labs |
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= | ||
− | | summit_session_attendee_name2 = | + | | summit_session_attendee_name2 = Keith Turpin |
− | | summit_session_attendee_email2 = | + | | summit_session_attendee_email2 = [email protected] |
− | | summit_session_attendee_username2 = | + | | summit_session_attendee_username2 = Keith_Turpin |
| summit_session_attendee_company2= | | summit_session_attendee_company2= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= | ||
− | | summit_session_attendee_name3 = | + | | summit_session_attendee_name3 = Fred Donovan |
− | | summit_session_attendee_email3 = | + | | summit_session_attendee_email3 = [email protected] |
− | | summit_session_attendee_username3 = | + | | summit_session_attendee_username3 = Fred.Donovan |
| summit_session_attendee_company3= | | summit_session_attendee_company3= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= | ||
− | | summit_session_attendee_name4 = | + | | summit_session_attendee_name4 = Wojciech Dworakowski |
− | | summit_session_attendee_email4 = | + | | summit_session_attendee_email4 = [email protected] |
− | | summit_session_attendee_username4 = | + | | summit_session_attendee_username4 = Wojciech Dworakowski |
− | | summit_session_attendee_company4= | + | | summit_session_attendee_company4= SecuRing |
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= | ||
− | | summit_session_attendee_name5 = | + | | summit_session_attendee_name5 = Vlatko Kosturjak |
− | | summit_session_attendee_email5 = | + | | summit_session_attendee_email5 = [email protected] |
− | | summit_session_attendee_username5= | + | | summit_session_attendee_username5= kost |
| summit_session_attendee_company5= | | summit_session_attendee_company5= | ||
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= | | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= | ||
Line 132: | Line 132: | ||
| short_working_session_description = | | short_working_session_description = | ||
+ | |||
+ | There are many OWASP projects like OWASP Testing Guide, OWASP Code Review Guide, OWASP Developers Guide, etc which discuss on how to look for and remediate various vulnerabilities in a web application. For e.g., people using OWASP Testing Guide to test for vulnerabilities in their application can go through a list of vulnerabilities and test for it but there is no easy way for them to cross reference to dev guide to jump to a specific section and be able to access the relevant information quickly. These vulnerabilities are discussed as individual list in all the guides and there is no easy way to cross-reference all of them. | ||
+ | |||
+ | OWASP Common Vulnerability List will be a lightweight list, which will contain only the vulnerability ID, category, vulnerability name and a brief description. The main objective of this list is to provide a common platform for other guides and tools to provide a link to each other. | ||
|- | |- | ||
− | | related_project_name1 = | + | | related_project_name1 = OWASP Common Vulnerability List |
− | | related_project_url_1 = | + | | related_project_url_1 = http://www.owasp.org/index.php/OWASP_Common_Vulnerability_List |
− | | related_project_name2 = | + | | related_project_name2 = OWASP Testing Project |
− | | related_project_url_2 = | + | | related_project_url_2 = http://www.owasp.org/index.php/Category:OWASP_Testing_Project |
− | | related_project_name3 = | + | | related_project_name3 = OWASP Code Review Guide |
− | | related_project_url_3 = | + | | related_project_url_3 = http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project |
− | | related_project_name4 = | + | | related_project_name4 = OWASP Building Guide |
− | | related_project_url_4 = | + | | related_project_url_4 = http://www.owasp.org/index.php/OWASP_Guide_Project |
| related_project_name5 = | | related_project_name5 = | ||
Line 152: | Line 156: | ||
|- | |- | ||
− | | summit_session_objective_name1= | + | | summit_session_objective_name1= Build the first version of the OWASP Common vulnerability list |
| summit_session_objective_name2 = | | summit_session_objective_name2 = | ||
Line 176: | Line 180: | ||
|- | |- | ||
− | | working_session_additional_details = | + | | working_session_additional_details = The goals of OWASP common vulnerability list are:<br> |
+ | 1. Serve as a common list to all other OWASP initiatives (Dev Guide, Testing Guide, CR Guide, etc) which has any reference to web application vulnerabilities (just like OWASP common numbering scheme).<br> | ||
+ | 2. Can be referenced by various open source and commercial tools as the list of vulnerabilities being identified or for any other purpose.<br> | ||
+ | 3. Provides a clear requirement for PCI and other compliance laws | ||
|- | |- | ||
− | |summit_session_deliverable_name1 = | + | |summit_session_deliverable_name1 = Debating the vulnerability list and deliver the first version of the project. |
|summit_session_deliverable_name2 = | |summit_session_deliverable_name2 = |
Latest revision as of 10:37, 8 February 2011
Global Summit 2011 Home Page
Global Summit 2011 Tracks
OWASP Common vulnerability list | ||||||
---|---|---|---|---|---|---|
Please see/use the 'discussion' page for more details about this Working Session | ||||||
Working Sessions Operational Rules - Please see here the general frame of rules. |
WORKING SESSION IDENTIFICATION | ||||||
---|---|---|---|---|---|---|
Short Work Session Description | There are many OWASP projects like OWASP Testing Guide, OWASP Code Review Guide, OWASP Developers Guide, etc which discuss on how to look for and remediate various vulnerabilities in a web application. For e.g., people using OWASP Testing Guide to test for vulnerabilities in their application can go through a list of vulnerabilities and test for it but there is no easy way for them to cross reference to dev guide to jump to a specific section and be able to access the relevant information quickly. These vulnerabilities are discussed as individual list in all the guides and there is no easy way to cross-reference all of them.
OWASP Common Vulnerability List will be a lightweight list, which will contain only the vulnerability ID, category, vulnerability name and a brief description. The main objective of this list is to provide a common platform for other guides and tools to provide a link to each other. | |||||
Related Projects (if any) |
| |||||
Email Contacts & Roles | Chair Matteo Meucci @ Eoin Keary @ Anurag Agarwal @ |
Operational Manager |
Mailing list Subscription Page |
WORKING SESSION SPECIFICS | ||||||
---|---|---|---|---|---|---|
Objectives |
| |||||
Venue/Date&Time/Model | Venue/Room OWASP Global Summit Portugal 2011 |
Date & Time
|
Discussion Model participants and attendees |
|
---|
WORKING SESSION OPERATIONAL RESOURCES | ||||||
---|---|---|---|---|---|---|
|
---|
WORKING SESSION ADDITIONAL DETAILS | ||||||
---|---|---|---|---|---|---|
The goals of OWASP common vulnerability list are: 1. Serve as a common list to all other OWASP initiatives (Dev Guide, Testing Guide, CR Guide, etc) which has any reference to web application vulnerabilities (just like OWASP common numbering scheme). |
WORKING SESSION OUTCOMES / DELIVERABLES | ||
---|---|---|
Proposed by Working Group | Approved by OWASP Board | |
Debating the vulnerability list and deliver the first version of the project. |
After the Board Meeting - fill in here. | |
After the Board Meeting - fill in here. | ||
After the Board Meeting - fill in here. | ||
After the Board Meeting - fill in here. | ||
After the Board Meeting - fill in here. | ||
After the Board Meeting - fill in here. | ||
After the Board Meeting - fill in here. | ||
After the Board Meeting - fill in here. |
Working Session Participants
(Add you name by clicking "edit" on the tab on the upper left side of this page)
WORKING SESSION PARTICIPANTS | ||||||
---|---|---|---|---|---|---|
Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
Vishal Garg @ |
AppSecure Labs |
| ||||
Keith Turpin @ |
| |||||
Fred Donovan @ |
| |||||
Wojciech Dworakowski @ |
SecuRing |
| ||||
Vlatko Kosturjak @ |
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
| |||||
|
|