Summit 2011 Outcomes

''Global Summit 2011 Outcomes - please note that this is a work in progress. If you have any comments, corrections, or questions please contact [mailto:sarah.baso@owasp.org Sarah Baso]''

Press Release & Media Mentions

 * Global Summit 2011 Press Release & Results Summary (View PDF Format)(View Word Format)


 * '''[[Media:Summit_Outcomes.pptx|Summit Outcomes ppt]]

2011 Summit Finances & Budget
Summit 2011 Financials Summary of Expenses and Income and Summit Travel and Accommodations Costs
 * Breakdown of 2011 Summit Budget, Operational and Travel


 * Comparison to 2008 Summit Budget
 * Projection of costs needed for future Summit

Browser Security
Here are the notes from all the four browser security sessions. John Wilander is working on a Browser Security Report building on these sessions.

Site Security Policy notes (pdf)

DOM Sandboxing notes (pdf)

HTML5 Security notes (pdf)

EcmaScript 5 Security notes (pdf)

Enduser Warnings notes (pdf)

XSS Eradication
XSS and the Frameworks & XSS - Awareness, Resources, and Partnerships (Justin Clarke) - Combined Working Session Notes

WAF Mitigation for XSS (Ryan Barnett)

Metrics
Risk Metrics (Chris Wysopal) & Metrics and Labeling (Chris Eng) - Working Session Transcripts

Counting and Scoring Application Security Defects (Chris Eng & Chris Wysopal)

Formal Risk Assessment Methods (Benjamin Tomhave)

Common Structure and Guide for All Guides (Keith Turpin, Matteo Meucci, Vishal Garg)

Mitigation
Virtual Patching Best Practices (Ryan Barnett) - Working Session Notes

Scaling Web Application Security Testing (Arian Evans & Dinis Cruz)

Microsoft’s SDL in 16 Steps (and lessons learned) (Jeremy Dallman)

University, Education, and Training
OWASP Education Project (Martin Knobloch)

OWASP Training (Sandra Paiva) - Working Session Notes

University Outreach - OWASP Academies (Sandra Paiva) - Working Session Notes, OWASP Academy Portal Project

OWASP Top 10 Online Training in Hacking-Lab (Ivan Buetler)

University Outreach - OWASP College Chapter Program (Martin Knobloch) (renamed "OWASP Student Chapters Program")

OWASP Exams (Jason Taylor)

OWASP Certification (Jason Taylor & Jason Li) - Certification Code of Conduct Draft

Secure Coding Workshop
OWASP Secure Coding Practices (Keith Turpin)

Protecting Information Stored Client-Side (John Steven)

Providing Access to Persisted Data (Dan Cornell) - Working Session Notes]

Contextual Ourput Encoding (Chris Schmidt)

ESAPI-CORE (Jim Manico)

Applying ESAPI input Validation (Chris Schmidt)

Defining AppSensor Detection Points (Michael Coates)

Secure Development Guidelines for Smartphone Developers (Giles Hogben)

Individual OWASP Projects
Enterprise Web Defense Roundtable (Michael Coates & Chris Lyon)

Threat Modeling (Anurag Agarwal) - Working Session discussion points and notes

OWASP Common Vulnerability List (Meucci/Keary/Agarwal) - CVL ppt presentation created by Matteo Meucci

Common Structure and Numbering for All Guides (Keith Turpin/Matteo Meucci/Vishal Garg)

OWASP Testing Guide (Matteo Meucci) - Working Session Notes, Planning the OWASP Testing Guide 4.0 ppt presentation

OWASP Mobile Security Project (Mike Zusman) - Working Session Notes

Development Guide (Vishal Garg)

Application Security Verification Standard (ASVS) Project (Dave Wichers)

OWASP Portuguese Language Project (Lucas Ferriera)

OWASP Hackademic Challenges Project (Kostas & Vasileros Vlachos)

OWASP Java Project (Lucas Ferriera)

OpenSAMM (Pravir Chandra)

The Future of OpenSAMM (Pravir Chandra)

Vulnerability Disclosure Policies (Chris Schmidt)

O2 Platform (Dinis Cruz)

OWASP Governance and Committees
Global Education Committee (Martin Knobloch)

Global Industry Committee (Eoin Keary & Colin Watson) - Working Session Notes

Global Projects Committee (Jason Li & Brad Causey)

Global Membership Committee (Dan Cornell) - Working Session Notes

Global Chapters Committee (Seba Deleersnyder)

Global Conferences Committee (Mark Bristow)

Government Outreach (Doug Wilson)

OWASP Funding and CEO Discussion (Keith Turpin) Working Session Notes

OWASP Board/Committee Governance (Mark Bristow)

OWASP Points - Tracking OWASP Participation (Mark Bristow)

OWASP Licensing (Abraham Kang) - Working Session Notes, OWASP Licensing PowerPoint, Licensing - Questions for follow up

OWASP Codes of Conduct (Dinis Cruz & Jeff Williams) - Draft Document] Building the OWASP Brazilian Leaders Group (Lucas Ferriera)

OWASP Asia/Pacific Working Group (Helen Gao)

Industry - Healthcare (Joe Bernik & Lorna Alamri)

Industry - Banking/Finance (Joe Bernik & Lorna Alamri)

Miscellaneous
Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson) - Working Session Notes

Overhauling the OWASP Website (Jason Li)

Should OWASP work directly with PCI-DSS? (Matthew Chalmers)

How can OWASP reach/talk/engage with auditors (Matthew Chalmers)

Developer Outreach (Mark Bristow & Jason Li)

Support Staff Bios

 * [[Media:Attendee_Bios_for_Outcomes_-_Staff.pdf|Summit Support Staff Bios]]

Attendee Bios

 * [[Media: Attendee_Bios_for_Outcomes_-_Participants.pdf|Summit Participant Bios]]