OWASP 2013 Project Summit Appendix

Appendix
In this section, you will ﬁnd various reports, tables, slides, forms, and other materials produced for and at the summit. You will also ﬁnd historical summit information such as previous summit budgets and funds spent. Finally, you will ﬁnd a list of primary summit contributors with a short bio for each individual. Please contact Samantha Groves (Samantha.Groves@owasp.org) if you have any questions about anything in the report or the Appendix section speciﬁcally

2009 SUMMIT FINANCIAL DETAILS
Almost all OWASP participants (OWASP Project Leaders, Reviewers, and Contributors) at the 2008. Summit had their trip sponsored, at least in part, by the OWASP Foundation. To be considered a relevant. OWASP participant, and, consequently, to qualify to have the Summit attendance expenses partially paid, attendees needed to fall into of the following categories:


 * 1) OWASP Summer of Code 2008 project leaders & reviewers,
 * 2) OWASP Summer of Code 2008 special project contributors,
 * 3) OWASP Spring of Code 2007 project leaders & reviewers,
 * 4) OWASP Autumn of Code 2006 project leaders & reviewers,
 * 5) Active Project Leaders (not currently participating on SoC 08),
 * 6) Active Chapter Leaders
 * 7) Member with signiﬁcant past OWASP Contribution.

A list of OWASP sponsored attendees to the 2008 Summit as well as the reason for the sponsorship (i.e. the category from the above list that they fall into) can be found at: http://spreadsheets.google.com/pub? key=pAX6n7m2zaTVLrPtR07riBA Additionally, the following rules were established by the 2008 Summit planning committee to clarify which expenses and how much would be paid for by the OWASP Foundation:


 * 1) With exceptions noted below, all accommodation and meals during the four-day event will be paid.
 * 2) As we are still seeking out ﬁnancial sponsorship support, until further notice, none of the dinners will be paid.
 * 3) The meals consist of a pre-negotiated menu and only this menu will be paid.
 * 4) The accommodation will consist in a place in a shared T1 (3 people) or T2 (5 people) apartment. Therefore, even though one can choose an individual room, OWASP will pay only for the cost associated with a shared stay. At the cost of +/- 60 Euros per night, there is the option to stay in an individual room (or in a double-room, in the cases where the partner - wife / husband - is also present).
 * 5) Please note that the nights of 3 and 7 of Nov will be included in the paid accommodation for those individuals attending the whole event.
 * 6) Regarding the ﬂight expenses, OWASP will pay a maximum of 1000 US dollars for all non-European attendees and 600 US dollars for the European ones.

Please Note: The 2008 Summit ﬁnancial details information was taken from the 2011 Project Summit Report prepared by Sarah Baso.

2011 SUMMIT FINANCIAL DETAILS
EXPENSES: SUMMIT VENUE

EXPENSES: SUMMIT GIVEAWAYS

EXPENSES: SUMMIT EQUIPMENT & SERVICES

EXPENSES: SUMMIT EQUIPMENT & SERVICES

EXPENSES:SUMMIT SUPPORT STAFF

EXPENSES: TOTALS

INCOME: OWASP BUDGET ALLOCATION - BOARD APPROVED

INCOME: EXTERNAL SPONSORSHIPS

INCOME: EXTERNAL SPONSORSHIPS

INCOME: ACCOMMODATION CREDIT

EXPENSES: TOTALS

The above details on the 2011 Summit Expenses and Income can be found at: http://sl.owasp.org/ summit2011_ﬁnalbudget More details on Summit Travel and Accommodation costs, broken down by attendee can be found at: http:// sl.owasp.org/summit2011_travelcosts Please Note: The 2011 Summit ﬁnancial details information was taken from the 2011 Project Summit Report prepared by Sarah Baso.

MARKETING MATERIALS: ACADEMIES AND TRAINING INVITATION TO THE COMMUNITY
Education and training is an important part of OWASP's mission as it helps not only in increasing the awareness around application security but also in actually improving the security of applications.

The OWASP Academies program aims to bring together academic institutions from all over the world in order to collaborate towards increasing awareness on application security. The OWASP Academy Portal is the actual deliverable of this process: a portal that will provide various types of content (presentations, labs, etc.) to students and faculty who wish to learn or teach application security.

We would like to invite you to join us in the OWASP 2013 Projects Summit which is organized during OWASP AppSec USA 2013, in New York City from November 18th to November 21st.

During the Projects Summit we intend to kick start the Academy Portal, complete the initial design and add some actual content. The OWASP Academy Portal will then serve as the meeting point for application security in academia. Moreover, we will discuss various training models and the experience we have gained over the past years in order to build a model that will be subsequently used to train developers and anyone involved in securing applications.

The OWASP 2013 Projects Summit will serve as a meeting point for several members of the educational and academic community and a unique opportunity to network, collaborate, exchange ideas and experience. The OWASP Project Summit is a smaller version of the much larger OWASP Summits. This year’s summit aims to give our project leaders the opportunity to have attendees sit down and work on project related activities during AppSec USA. It is an excellent opportunity to engage with active OWASP Project Leaders, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.

To participate in the Projects Summit Register for FREE for the “Expo and Career Fair Only Pass” and use the following discount code at checkout: NYC13_SUMMIT.Looking forward to working with you during the OWASP 2013 Projects Summit,

Dr. Kostas Papapanagiotou Martin Knobloch

MARKETING MATERIAL: OWASP REVIEW CRITERIA AND 2013 PROJECT ASSESSMENTS
I am happy to report that the Technical Project Advisors team has completed the ﬁnal version of the our project assessment criteria. This criteria grades our project quality based on the overall project health and the overall quality of the product each project is producing. The aim of developing this criteria was to help guide OWASP Project Leaders toward the successful completion and development of their overall project deliverable. Moreover, this criteria will be used to establish the appropriate stage the reviewed project is in, basing the decision on overall project health and product quality. I encourage all Project Leaders to please take a bit of time and review the 2013 Project Assessment Criteria.

2013 PROJECT SUMMIT REVIEWS

As many of you know, attendees will be able to participate in the review of the entire inventory of OWASP Projects using the new assessment criteria developed by our team of Technical Project Advisors, during the OWASP Projects Review working session at AppSec USA. The aim of this session is to establish a more accurate representation of OWASP project health and product quality.

Leaders are encouraged to review the 2013 Project Assessment Criteria, and make certain that their project fulﬁlls all of the guidelines outlined in the criteria. Please note, that it is not mandatory to work towards fulﬁlling all of the criteria for this round of reviews. However, passing the assessment is a requirement if you wish to graduate from an Incubator to a Lab and Lab to a Flagship Project. We do encourage all current Lab and Flagship project leaders to ensure that they are in alignment with the new 2013 project assessment criteria.

NEW OWASP PROJECT WIKI TEMPLATES

The new project wiki templates were created to make adding content to a project wiki page, a much easier task for Leaders. A big thank you to Colin Watson for creating these for us. We are encouraging all Leaders to switch over to these templates starting in 2014. Please note that Leaders are not required to use these templates, but the use of this wiki template is a requirement for graduation for Incubator projects starting in 2014. Below you will see an example of what we would like to see from an OWASP Project in regard to their wiki content and links.

If you have any questions about any of the topics above, or if you want to be involved, please reach out to me at Samantha.Groves@owasp.org. See you all at the Project Summit in New York City!

MARKETING MATERIAL: 2013 PROJECT SUMMIT IS ONLY 2 WEEKS AWAY: SIGN UP NOW!
The Project Summit taking place in tandem with this year's AppSec USA in New York City, is only two weeks away! Unfortunately, we were not able to raise enough funds to facilitate remote participation for the 2013 Project Summit. It is certainly an aspect of our summits that we ﬁnd incredibly important, and we will work hard to make sure remote participation is an option our contributors have in 2014. As a result, we recommend attending the summit in person, and signing up for the sessions you are interested in. We now have 18 sessions scheduled. The list includes: Monday: Nov 18th
 * 1) OWASP Project Review Session
 * 2) ESAPI Hackathon Session
 * 3) OWASP Media Project
 * 4) OWASP PHP Security and RBAC Projects: An Introduction
 * 5) AppSensor 2.0 Hackathon
 * 6) Bug Bounty Hack Session

Tuesday: Nov. 19th
 * 1) OWASP Training Development Session
 * 2) OWASP Academies Development Session
 * 3) Mobile Security Session
 * 4) ESAPI Hackathon Session
 * 5) Bug Bounty Hack Session

Wednesday: Nov. 20th
 * 1) Writing and Documentation Review Session
 * 2) ESAPI Hackathon Session
 * 3) Bug Bounty Hack Session

Thursday: Nov. 21st
 * 1) ZAP Hackathon Session
 * 2) Open SAMM Session
 * 3) ESAPI Hackathon Session
 * 4) Bug Bounty Hack Session

For more information on the 2013 Project Summit, please contact Samantha Groves (Samantha.Groves@owasp.org), or visit the Project Summit wiki page.

MARKETING MATERIAL: INDIVIDUAL SUMMIT TWEETS BY KAIT DISNEY-LEUGERS

 * 1) Those OWASP Projects are not going to review themselves, maybe you should help. https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/003
 * 2) The ESAPI Hackathon is going on throughout the four days of the Projects Summit. Sign up to participate here: https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/001
 * 3) A 'live-hacking' event in a controlled environment. Get your hack on at the Bug Bounty Session, sign up here:https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/0013
 * 4) Help to deﬁne the standards and guidelines on training material. Sign up for the Training Development Session here: https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/008
 * 5) OWASP is going back to school to get the youth involved. Help create the guidelines for the Academies Initiatives:https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/009
 * 6) Build and maintain secure mobile applications at the Mobile Security Session. Sign up here: https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/0012
 * 7) Release your inner wordsmith at the Project Guide Review Writing Session. https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/005
 * 8) Wrap up your week at the OWASP Projects Summit by participating in the ZAP Hackathon. Sign up here: https://www.owasp.org/index.php/Projects_Summit_2013/Working_Sessions/007

2013 SUMMIT: SKY LOUNGE FLOOR PLAN
The ﬂoor plan below was put together by Fabio Cerullo after the planning team were able to assess the space in person. The space allocation was organized based on the space needs of each session Leader. Mark Miller had a suite to himself for ﬁlming in the Podcast area, and the talk room area was created by using a room divider and a projector. The ESAPI and Media areas were separated out as they required more space for more expected contributors. The Media area was given a projector and media equipment, as well. Overall, the spaces worked well, but it is important that the summit area not be shared with any other conference happenings if taking place with a conference. Sharing the space simply did not work, and it caused many distractions for contributors.

SUMMIT LOGOS AND IMAGES




PLANNING TEAM, WORKING SESSION LEADERS, AND KEY SUMMIT VOLUNTEERS
PRIMARY PLANNING TEAM

Samantha Groves



Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She now works to help our OWASP Project Leaders, aiding them in starting and running their OWASP based projects.