Owasp Italy Appsec agenda

This is the Application Security Agenda for Owasp Italian chapter. Please note, this is not a page for an appsec conference, this page is about an application security strategy for the Italian chapter in order to give a boost for activities and to be used year by year to measure how things went in our Country.

2015
Goals for 2015


 * Date an opensource project
 * Build a local meetup network
 * Communication boost
 * Fill the gap with developers
 * Setup a new application security conference here in Italy

Date an opensource project
In order to build a culture of security, filling the gap with developers we want to adopt opensource projects, doing code review and penetration tests over it, providing developers security feedbacks to raise the bar for attackers.

Stuff to be done
Luca Carettoni @_ikki proposes a formal engagement process to adopt an opensource project, making assessments and giving feedbacks. We are evaluating how to procede, creating a framework to #fillthegap. We are also wondering about creating some whitepapers to help development team introducing appsec.

Popular projects that are candidate to be adopted are:
 * Symfony
 * Ruby on rails
 * Angular.js
 * more to come

Build a local meetup network
In Italy, application security specialists don't meet each other and, more important, they don't meet developers and stakeholders in informal meetups to spread the #appsec credo. There are some focused security events (Infosecurity, Security Summit) but they are organized by security guys for other security guys and there are more formal state-of-art event in the Italian panorama.

We feel the need of creating informal meetups were appsec guys gather each other java people, php people, ruby people, .Net people, UX people, entrepreneurs in order to build strong security basements for people make the real web.

We hope to start meetups up in Spring 2015 (around April 2015). Meetup will be monthly based.

Local meetup leader
Local meetup leader is a person in charge of plan, organise and keep #appsec hype high on his neighborhood/city. For big cities like Milano, Torino, Roma, Napoli, ... there will be of course more leaders that must collaborate each other.

Stuff to be done
We must create a whitepaper document describing some general rules about how to organize a local meetup. Where to organize, who to invite, how to document the event (photo, talks recording), how to do media coverage, how to advertise the event, where to put infos, slidedecks, ...

Communication boost
People who wants to use IRC to chat with Owasp Italy members can use irc server chat.freenode.net on channel #owasp-italy

Fill the gap with developers
There are some very interesting conferences here in Italy for developers. We have to spread the security culture, submitting a talk and trying to reach them.


 * PHP Day, May 15th-16th, Verona
 * Js Day, May 15th-16th, Verona
 * Ruby Day, TBA, TBA

Setup a new application security conference here in Italy
TBA