|
|
(9 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
− | = Jim's Suggestions for 2015 Strategic Plans = | + | == You deleted HTTP Response Splitting == |
− | * Build a scalable OWASP training program that spreads security training around the world
| |
− | ** Focus on building free and open source training materials for all to use
| |
− | ** Take existing wiki, powerpoint from talks, powerpoints from trainers who have open sourced content, key OWASP training-centric projects (webgoat, security Shepard, etc) and merge, clean up and professionalize the content into an OWASP branded series of trainings.
| |
− | ** Produce professional OWASP branded training videos and CBT
| |
− | ** Focus conference training program on using open source as opposed to proprietary/commercial content
| |
− |
* Strengthen OWASP chapters and increase Chapter’s abilities to spread message of OWASP through locally organized and run events.
| |
− | ** Better plan to help chapters use funds
| |
− | ** Alert all chapters of existing chapter funds, on a monthly basis, on their public lists. Link to "How to use it to spread the message"
| |
− | ** FUND SMALLER CHAPTERS IN A VERY SIGNIFICANT WAY
| |
− |
* Mature the OWASP Projects Platform: Provide the OWASP projects community a mature project platform to encourage senior developers to participate in the various and many OWASP projects.
| |
− | ** Consider hiring senior developer/developers to mature code centric OWASP programs like ESAPI, OWASP Java Encoder, etc.
| |
− | ** Consider funding security initiatives reviewing various open source projects and software frameworks in common use
| |
− | ** Build a new website that is developer centric, pointing to key developers/secure coding projects and materials and other resources
| |
| | | |
− | ==Cryptographic Storage Cheat Sheet==
| + | Hi Jim, why did you delete the HTTP Response Splitting page? There is no descriptive information in the "move log". |
− | Jim, I've been just looking at [[Cryptographic Storage Cheat Sheet]] and it's missing direct requirement on ensuring message integrity. It's kind of mentioned in the section on authenticated encryption modes, but without mentioning HMAC it's like describing Rolls-Royce without mentioning Ford :) And the problem seems to be wide-spread (as I've just wrote [http://ipsec.pl/node/1085 here]). I can add that, but wanted to coordinate with you first. [[User:Pawel Krawczyk|Pawel Krawczyk]] 21:47, 21 January 2013 (UTC) | + | [[User:Douglasheld|Douglasheld]] ([[User talk:Douglasheld|talk]]) 04:06, 29 June 2016 (CDT) |
| + | Douglas, I'm deleting several old projects, I revived the HTTP Response Splitting page and removed some of the legacy junk. |
Hi Jim, why did you delete the HTTP Response Splitting page? There is no descriptive information in the "move log".
Douglasheld (talk) 04:06, 29 June 2016 (CDT)
Douglas, I'm deleting several old projects, I revived the HTTP Response Splitting page and removed some of the legacy junk.