Difference between revisions of "Test2test"

Philosophy

OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. OWASP's philosophy is that achieving security involves all parts of an organization, including people, process, and technology. We support the use of our brand consistent with this philosophy. However, we cannot allow the use of our brand when it implies something inconsistent with OWASP's comprehensive and balanced approach to application security. Therefore, we have defined these brand usage rules to clarify appropriate and inappropriate uses of the OWASP brand, including our name, domain, logos, project names, and other trademarks.

Brand Usage Rules

The following rules make reference to all OWASP marketing and graphic materials. This refers to any tools, documentation, or other content from OWASP. The rules also make reference to "OWASP Published Standards" which are currently in the process of being developed and released. Currently there are no OWASP Published Standards.

1. The OWASP Brand may be used to direct people to the OWASP website for information about application security.
2. The OWASP Brand may be used in commentary about the materials found on the OWASP website.
3. The OWASP Brand may be used by OWASP Members in good standing to promote a person or company's involvement in OWASP.
4. The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
5. The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
6. The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials other than an OWASP Published Standard.
7. The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials other than an OWASP Published Standard.
8. The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control category.
9. The OWASP Brand may be used by special arrangement with The OWASP Foundation.

Resources

• OWASP Logo Toolbox: This includes all of OWASP's logo image files in various formats.
• OWASP Business Card Templates: This includes the front and back PSD files for the OWASP Business Card.

Merchandise Requests

• Submit your application using the OWASP Merchandise Request Form.

Ads/Flyers

• OWASP Flyer
• OWASP 2012 Standard Print Ad
• OWASP 2012 A4 Print Ready Ad
• OWASP 2012 A4-2 Print Ready Ad

Banners

• Banner Examples
• Cog wheel banner
• Honeycomb banner

Presentations

These slides are presented at Global AppSec Conferences by the Global Board to provide a high level overview of OWASP and to highlight some of the key initiatives at a Global level. This can be presented in its current form at OWASP Chapter meetings to enable a clarification of the mission and purpose of the local chapter. This can also be used or sent to the press/media when looking for an "overview of owasp".

• 2012 Athens Where we are, Where we are going..
• 2011 Where we are, Where we are going..

OWASP Press

The OWASP press is a pattern for massive community collaboration on OWASP documentation projects with just-in-time publication. Visit the OWASP Press Page for more information.

OWASP Project Infrastructure

• OWASP Project Lifecycle: The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

• Incubator Project: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

• Labs Project: OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

• Flagship Project: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining.

• Project Benefits: The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

OWASP Project Reviews

• Project Reviews: Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

• Project Reviewer Pool: The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

• Project Graduation: The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

• Project Health Assessment: The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document.

• Project Release: A project release refers to the final deliverable a project produces. It is the final product of the project.

• Project Deliverable/Release Review: The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

OWASP Project Processes

• Project Processes: The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

• Project Inception Process: The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

• Project Donation Process: The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

• Project Transition Process: The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

• Project Abandonment Process: The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

• Incubator Graduation Process: The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

Projects at Conferences

• AppSec Conferences: OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

• Open Source Showcase: The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

• OWASP Project Track: The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

OWASP Projects General

• OWASP Code of Ethics: The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the OWASP About page.

Donate to OWASP Projects Division

OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

This is how your money can help:

• $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
• $100 could help fund OWASP project demos at major conferences.
• $250 could help get our volunteer Project Leaders to speaking engagements.

OWASP Project Sponsors

Americas

Africa

Asia

Europe

Middle East

Social Media

Security Podcast with Jim Manico

	The OWASP foundation presents the OWASP PODCAST SERIES hosted and produced by Jim Manico. Listen as interviews are conducted with OWASP volunteers, industry experts and leaders within the field of software security. Visit the Podcast Page for more information.

OWASP Appsec Tutorial Series with Jerry Hoff

The OWASP AppSec Tutorial Series project provides a video based means of conveying complex application security concepts in an easily accessible and understandable way. Each video is approximately 5-10 minutes long and highlights one or more specific application security concepts, tools, or methodologies. The goal of the project is quite simple and yet quite audacious - provide top notch application security video based training... for free! Visit the Tutorial Series Page for more information.

OWASP Global Projects Announcements

Samantha Groves: OWASP Project Manager

Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She is eager to begin her work at OWASP and help the organization reach its project completion goals. Samantha earned her MBA in International Management with a concentration in sustainability from Royal Holloway, University of London. She earned her Bachelor's degree majoring in Multimedia from The University of Advancing Technology in Mesa, Arizona, and she earned her Associate's degree from Scottsdale Community College in Scottsdale, Arizona. Additionally, Samantha recently attained her Prince2 (Foundation) project management certification. Please see the Project Manager Role Description for more information.

GPC Meeting Reports

2013

• GPC Meeting: January 04 2013 Project Manager Report
• GPC Meeting: January 11 2013 Project Manager Report
• GPC Meeting: January 18 2013 Project Manager Report
• GPC Meeting: January 25 2013 Project Manager Report

2012

• GPC Meeting: August 24 2012 Project Manager Report
• GPC Meeting: September 07 2012 Project Manager Report
• GPC Meeting: September 14 2012 Project Manager Report
• GPC Meeting: September 21 2012 Project Manager Report
• GPC Meeting: September 28 2012 Project Manager Report
• GPC Meeting: October 05 2012 Project Manager Report
• GPC Meeting: October 12 2012 Project Manager Report
• GPC Meeting: October 19 2012 Project Manager Report
• GPC Meeting: November 09 2012 Project Manager Report
• GPC Meeting: November 16 2012 Project Manager Report
• GPC Meeting: November 30 2012 Project Manager Report
• GPC Meeting: December 07 2012 Project Manager Report
• GPC Meeting: December 14 2012 Project Manager Report
• GPC Meeting: December 21 2012 Project Manager Report
• GPC Meeting: December 27 2012 Project Manager Report

Board Meeting Reports

• Board Meeting: August 2012 Project Manager Report
• Board Meeting: September 2012 Project Manager Report
• Board Meeting: October 2012 Project Manager Report
• Board Meeting: November 2012 Project Manager Report
• Board Meeting: December 2012 Project Manager Report
• Board Meeting: January 2013 Project Manager Report

Project Funds

• Chapter and Individual Project Funds
• Project Reboot 2012 Information

Project Manger's Quarterly Strategic Objectives

Goals and Objectives: 2012 Q4

• Identify and initiate 3 grant opportunities.
• Complete metadata for Salesforce import related to projects.
• Finalize and launch the Project database communication tool and webpage
  • https://www.owasp.org/index.php/Test2test
• Complete the project lifecycle redesign
  • Sort out levels and stages for projects.
  • Determine and define landmarks for project advancement.
  • Document release stages and reviewer participation.
• Update Project handbook
  • Document process for project donation.
  • Define and develop process for project advancement.
  • Define and develop process for funding requests.

Contact the Project Manager

OWASP Representation

• Samantha Groves: OWASP Project Manager

Global Project Committee Members

• Jason Li: Acting Committee Chair
• Brad Causey: Committee Member
• Chris Schmidt: Committee Member
• Justin Searle: Committee Member
• Nishi Kumar: Committee Member
• Keith Turpin: Committee Member