Matt Tesauro

As you consider how to cast your vote for the newly created 6th OWASP Board Member, I've added the information below to provide some background on me.

Past involvement with OWASP:
OWASP Live CD – SoC 2008 to present

There have been ~300,000 downloads of the OWASP Live CD since I first made my version available last fall. The OWASP Live CD is available as an ISO image and VM images for VMware and VirtualBox.

OWASP Podcast “roving reporter”

I've helped Jim Manico with the OWASP podcast by recording interviews at various conferences or over Skype. So far, I've done AppSec EU 2009, a couple of individual interviews and will be at AppSec DC 2009 with mic in hand.

OWASP Global Projects Committee (GPC)

I joined the GPC after the Portugal Summit. I've been very active in the GPC and was the principal author of the Assessment Criteria v2.

3 OWASP Testing Guide classes

I've created and will donate 3 classes on the OWASP Testing Guide. There are 1, 2 and 5 day versions of the class. Each class includes a schedule, handouts, slides, labs and 2 VirtualBox VM images – the OWASP Live CD and a server with vulnerable web applications called “Attack Me, Ltd.” These will be donated to the Education project at AppSec DC 2009.

Presentations about OWASP
 * OWASP Austin Chapter on Securing Sensitive Configuration Data in .Net
 * TRISC 2009 (Austin) on the OWASP Live CD
 * DHS Software Assurance Workship (D.C) on the OWASP Live CD
 * ISSA Austin Chapter on Open Source Tools for Security
 * AppSec EU 2009 (Poland) on the OWASP Live CD & OWASP ROI
 * AppSec Academia (UC Irving) on the OWASP Live CD
 * OWASP Austin Chapter on OWASP ROI
 * AppSec Brazil 2009 on OWASP ROI
 * AppSec D.C. 2009 on the OWASP Live CD

Currently working on

 * OWASP Archive – I'm working with the Open Source Labs to determine if OWASP could use their services to host an FTP mirror. The mirror would include the latest releases of all OWASP projects. It could also be expanded to hold conference material such as presentations and videos. The OWASP Archive would remove the risk of the project releases becoming unavailable should the project lead decide to no longer maintain the project. This is especially true for those projects which use non-owasp.org hosts to deliver their project files.


 * Sub-domaining www.owasp.org – I'm looking into the possibility of offering sub-domains of owasp.org to projects which have traditionally been hosted externally. Beyond being a nice perk to projects, this would allow projects that need more then the wiki can offer a method of remaining on owasp.org but offering extra options to their users. Some possible sub-domains that come to mind are o2.owasp.org, esapi.owasp.org, samm.owasp.org and livecd.owasp.org.


 * Converting the OWASP Live CD from SLAX to Ubuntu. This will allow for a much more robust and flexible Live CD. For each addition to the Live CD, a separate .deb package will be created and an apt-get'able repository will be created. The conversion will also allow for easy custom versions of the Live CD – for example, an OWASP ESAPI version could be created with ESAPI, the J2EE reference implementation, Eclipse and Swingset. This could be offered as an ISO or VM image.