This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "User talk:Jmanico"

From OWASP
Jump to: navigation, search
m
m (Cryptographic Storage Cheat Sheet)
Line 1: Line 1:
 +
= Jim's Suggestions for 2015 Strategic Plans =
 +
* Build a scalable OWASP training program that spreads security training around the world
 +
** Focus on building free and open source training materials for all to use
 +
** Take existing wiki, powerpoint from talks, powerpoints from trainers who have open sourced content, key OWASP training-centric projects (webgoat, security Shepard, etc) and merge, clean up and professionalize the content into an OWASP branded series of trainings.
 +
** Produce professional OWASP branded training videos and CBT
 +
** Focus conference training program on using open source as opposed to proprietary/commercial content
 +

* Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events.
 +
** Better plan to help chapters use funds
 +
** Alert all chapters of existing chapter funds, on a monthly basis, on their public lists. Link to "How to use it to spread the message"
 +
** FUND SMALLER CHAPTERS IN A VERY SIGNIFICANT WAY
 +

* Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects.
 +
** Consider hiring senior developer/developers to mature code centric OWASP programs like ESAPI, OWASP Java Encoder, etc.
 +
** Consider funding security initiatives reviewing various open source projects and software frameworks in common use
 +
** Build a new website that is developer centric, pointing to key developers/secure coding projects and materials and other resources
 +
 
==Cryptographic Storage Cheat Sheet==
 
==Cryptographic Storage Cheat Sheet==
 
Jim, I've been just looking at [[Cryptographic Storage Cheat Sheet]] and it's missing direct requirement on ensuring message integrity. It's kind of mentioned in the section on authenticated encryption modes, but without mentioning HMAC it's like describing Rolls-Royce without mentioning Ford :) And the problem seems to be wide-spread (as I've just wrote [http://ipsec.pl/node/1085 here]). I can add that, but wanted to coordinate with you first. [[User:Pawel Krawczyk|Pawel Krawczyk]] 21:47, 21 January 2013 (UTC)
 
Jim, I've been just looking at [[Cryptographic Storage Cheat Sheet]] and it's missing direct requirement on ensuring message integrity. It's kind of mentioned in the section on authenticated encryption modes, but without mentioning HMAC it's like describing Rolls-Royce without mentioning Ford :) And the problem seems to be wide-spread (as I've just wrote [http://ipsec.pl/node/1085 here]). I can add that, but wanted to coordinate with you first. [[User:Pawel Krawczyk|Pawel Krawczyk]] 21:47, 21 January 2013 (UTC)

Revision as of 14:49, 22 May 2015

Jim's Suggestions for 2015 Strategic Plans

  • Build a scalable OWASP training program that spreads security training around the world
    • Focus on building free and open source training materials for all to use
    • Take existing wiki, powerpoint from talks, powerpoints from trainers who have open sourced content, key OWASP training-centric projects (webgoat, security Shepard, etc) and merge, clean up and professionalize the content into an OWASP branded series of trainings.
    • Produce professional OWASP branded training videos and CBT
    • Focus conference training program on using open source as opposed to proprietary/commercial content


* Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events.

    • Better plan to help chapters use funds
    • Alert all chapters of existing chapter funds, on a monthly basis, on their public lists. Link to "How to use it to spread the message"
    • FUND SMALLER CHAPTERS IN A VERY SIGNIFICANT WAY


* Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects.

    • Consider hiring senior developer/developers to mature code centric OWASP programs like ESAPI, OWASP Java Encoder, etc.
    • Consider funding security initiatives reviewing various open source projects and software frameworks in common use
    • Build a new website that is developer centric, pointing to key developers/secure coding projects and materials and other resources

Cryptographic Storage Cheat Sheet

Jim, I've been just looking at Cryptographic Storage Cheat Sheet and it's missing direct requirement on ensuring message integrity. It's kind of mentioned in the section on authenticated encryption modes, but without mentioning HMAC it's like describing Rolls-Royce without mentioning Ford :) And the problem seems to be wide-spread (as I've just wrote here). I can add that, but wanted to coordinate with you first. Pawel Krawczyk 21:47, 21 January 2013 (UTC)