OWASP Project Summit 2014/Home

From OWASP
Jump to: navigation, search


SUMMIT 2014 LOGO.jpg


[edit]

Welcome

The OWASP Project Summit is a smaller version of the much larger OWASP Summits. This event activity gives our project leaders the opportunity to showcase their project progress, and have attendees sit down and work on project tasks before, during and after the annual fundraiser ([https://2015.appsec.eu/) regional event. It is an excellent opportunity to engage the event attendees, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.

Call to Action

Hello OWASP Leaders,

The 2014 OWASP Summit is currently in the planning process. We have managed to acquire a great space at Anglia Ruskin University thanks to the AppSec EU 2014 planning team. A big thank you to the team for helping us nail down this pace for our summit. There are still quite a few things to do before we are good to go with this year's summit activities. As I mentioned last year, we need to ensure that the culture of our OWASP Summits continues, and I am dedicated to making this a great success for our community so we may continue our efforts for years to come.

Help design the 2014 OWASP Summit in Cambridge, UK!

As OWASP Leaders, I would like you to take some time to help us design this year's Summit. We are currently looking for summit track and session ideas. I would love to have your input on what you think we should focus on. Please have a think about the projects, topics, working sessions, and tracks you would like to see or participate in at this year's summit. The Summit team will take these ideas, and create a cohesive and comprehensive schedule of sessions based on your input so I encourage you to summit your ideas straight away. Please email either Johanna Curiel, Dinis Cruz or Matt Tesauro.

We need your ideas, energy, and input! Please reach out to any of us if you would like to lead a session or attend the 2014 Project Summit!

We will see you at AppSec EU in Cambridge, UK!


Summit1.jpg

Summit2.jpg



How do I sign up for a session?

Please visit the individual summit session page on SCHED.org to sign up for each session. You might need to create an account before you sign up. We are encouraging all those who wish to join to use this method. We will be using the attendees on this session page to do our pre-conference planning for each session so please make sure to sign up if you plan to join.

The SCHED.org sessions pages can be found here: https://2014.appsec.eu/conference-schedule/. This also has the full list for the AppSec EU conference and training sessions.


Location

Anglia Ruskin University: Cambridge, UK



Ruskin-building.jpg
Lecture theatre blue5.jpg


Space allocated

  • 3 Rooms: Monday, Tuesday: 9AM - 5PM
  • Additional Hotel Suite available at the following venus thanks to the AppSec EU 2014 planning team.

The planning team have confirmed rooms at the below accommodation options for the benefit of Conference delegates. You are encouraged to secure your accommodation via the registration form to ensure that you receive the negotiated competitive rates. Rate of 60 GBP per night (20% taxes included). Subject to availability. Please visit the AppSec EU 2014 site for more information.

  1. Cambridge Newmarket Road Hotel
  2. Travelodge Cambridge Central Hotel

We are currently looking for more working session ideas for the summit. If you're interested in adding a Working Session for the 2014 Summit, please contact either Johanna Curiel, Dinis Cruz or Matt Tesauro. Please review the Working Session methodology for Working Session rules.

Keep checking back, as we will be adding more working sessions every week.

Current Daily Schedule

Floor Maps Hotel

Wednesday: May 20

OWASP ZAP Summit 2015

Thursday: May 21

Room Monday 9:00am - 1:00pm Monday 2:00pm - 6:00pm Monday 4:00pm - 6:00pm Tuesday 9:00am - 12:00pm Tuesday 9:00am - 1:00pm Tuesday 2:00pm - 6:00pm Tuesday 2:30pm - 5:00pm
LAB 215
LAB 215
LAB 215

What is the Global Summit? Is it like AppSec or other OWASP conferences?

The OWASP Global Summit is the place where application security experts meet to discuss plans, projects and solutions for the future of application security. The Summit is not a conference - there are no talks or training seminars - this is an opportunity to do actual work to further the field of application security. We are holding the summit as part of our AppSec USA 2013 conference, but it is a separate activity from the conference itself. Participants will stay in shared accommodations and collaborate to produce tangible progress towards influencing standards, establishing roadmaps, and setting the tone for OWASP and application security for the coming years.

The Summit will consist of Summit Working Sessions with a variety of topics set by our community. Participants are free to attend any working session, but we encourage everyone to select working sessions for topics where they have the most to contribute. Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, see the contact either Johanna Curiel (johanna.curiel@owasp.org), Dinis Cruz (dinis.cruz@owasp.org) or Matt Tesauro (matt.tesauro@owasp.org).

When is the Summit?

The Summit will be held May 20th and 22nd, 2015.

Where is the Summit being held?

Anglia Ruskin University located in Cambridge, UK.

Who do I contact for help?

For general assistance in all matters related to the Summit, contact Johanna Curiel, Dinis Cruz or Matt Tesauro.

For help with travel and accommodations, contact Johanna Curiel (johanna.curiel@owasp.org).

Where do I stay?

The planning team have confirmed rooms at the below accommodation options for the benefit of Conference delegates. You are encouraged to secure your accommodation via the registration form to ensure that you receive the negotiated competitive rates. Rate of 60 GBP per night (20% taxes included). Subject to availability. Please visit the AppSec EU 2014 site for more information.

  1. Cambridge Newmarket Road Hotel
  2. Travelodge Cambridge Central Hotel

OWASP SUMMIT SPONSORSHIP

I’m an OWASP leader - why isn’t this free for me?

So who is being funded?

The first round of sponsored attendees was selected based on their contribution to AppSec EU. These sponsored leaders are our Project Talk Speakers and Summit Session Leaders. Leaders with funding in their projects have also decided to use those project funds to assist with the summit, and give project talks at AppSec EU. Key summit assistants were also funded as they will be key to the successful running of a 4 day summit.

What does it mean to be a “sponsored” Summit attendee?

A sponsored summit leader must prepare and chair their scheduled summit session, and a sponsored summit assistant must be available to help with on-site logistics throughout the entirety of the summit.

Why do they get funded and not me?

EMPLOYER FUNDING/SPONSORSHIP

My employer needs an invitation letter/documentation to sponsor me to go. Where do I get this?

Please contact Samantha Groves with your request, and she will work with you on creating some personalized material for your employer/sponsor.

I need help convincing my employer to fund my Summit attendance - what should I tell them?

You can use the following points in your discussion: This year's Summit will be a gathering of OWASP leaders and key industry players to focus on a variety of important application security topics including browser security and cross-site scripting eradication. Attending the Summit will provide <EMPLOYEE NAME> with opportunities to:

  • Participate in the latest developments in application security and influence its trajectory
  • Gain new skills and technical knowledge for current application security projects
  • Find out where other companies are focusing their energy and resource
  • Increase visibility for <COMPANY’S NAME>

We believe that <EMPLOYEE’S NAME>’s attendance at the Global Summit is an worthwhile investment for both <COMPANY NAME> and <EMPLOYEE NAME>. Therefore, we are asking you to consider supporting <EMPLOYEE’S NAME> participation at this important event by donating <HIS/HER> time to attend the Summit.

WORKING SESSIONS

I want to plan/run a working session. What do I need to do?

  1. If you haven't done so already, please add your name to the Summit Attendee page.
  2. After we know you plan to attend the Summit, visit the Summit working sessions page and determine if there is a working session already listed that you are interested in running/planning/leading, or if you have a new idea.
  3. If there is a session already listed without a leader, feel free to add your name as the leader and send Samantha Groves an email letting her know your intent. She can set you up with a working session page and let you know about any next steps. If a leader already is listed for the session you are interested in, add you your name as session member/attendee and email the leader to see what you can do to help.
  4. If you have a new idea, add your information to one of the blank rows under the appropriate track name, or under Track: OWASP if you don't see a good fit. Send Johanna Curiel (johanna.curiel@owasp.org) an email letting her know your intent. She can set you up with a working session page and let you know about any next steps.

If you are attending the 2014 Summit, please add your name and details to the list below. If you need assistance, please contact either Johanna Curiel, Dinis Cruz or Matt Tesauro.

Confirmed Summit Attendees: with Funding

2014 OWASP Project Summit Attendees
Name Company Reason for Summit Participation
Working Group Interest
Summit Time Paid By Summit Expenses Paid By Reason for Sponsorship
view edit
view edit Martin Knobloch @ PervaSec
  • University Outreach, Education, and Training Summit Session Leader

view edit Vasileios Vlachos @ T.E.I. of Larissa
view edit Talal Basha @
view edit Johanna Curiel @ Salom ICT Solutions
  • Project Advisory Board member- Project Task force

logo_new.png Sponsor of OWASP PCI Toolkit
view edit Andrew van der Stock @ KPMG Australia
Circle owasp logo nowhitebackground.png
view edit Eoin Keary @ edgescan
Circle owasp logo nowhitebackground.png
view edit Jonathan Marcil @ OWASP Montréal
  • Live streaming and recording of talks at the conference + demonstrations by other summit participants

Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png
view edit
Circle owasp logo nowhitebackground.png

Projects Participating

OWASP Education Project

The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project will not deliver education material as such, but define standards and guidelines on education material. Furthermore, this project aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. The initial agenda could look like this:

  • Re-thinking the concept of OWASP University Supporter
  • Expand the concept of the OWASP Student Chapters.
  • Establish and expand the OWASP University Challenge.
  • Suggested application security curriculum.
  • Discuss and establish the concept of OWASP Academic Advocate.


OWASP Media Project

OWASP Media Project is an infrastructure project that gather, consolidate and promote OWASP content in video format on a central appealing hub. The first and main instance of the project will be a YouTube channel.


OWASP 24/7 Podcast

"OWASP 24/7" is series of recorded broadcasts, highlighting OWASP projects and people from around the world. With over 43,000 members in 100 countries, the OWASP 24/7 channel is available on demand, at anytime, anywhere on the planet. You are welcome to embed the broadcasts on your page, download them for your personal listening or keep up to date by subscribing to the iTunes channel.


OWASP Developer Guide

In this session, we will briefly take a short tour through the long and inter-twined history of OWASP and the Developer Guide, OWASP's first project. The Developer Guide has had various attempts to restart it over the years, and very nearly all of them failed. Let's have an interactive session on how to get the Developer Guide back on its feet, build community, and re-build a working project team.


OWASP Academies Project

The OWASP Academy Portal is to be the single access point to the categorized OWASP educational Material. On the OWASP Academy Portal, all OWASP internal and donated training material can be accessed. Those training material is reviewed and approved by the OWASP Academy Portal Project members in order to set and maintain an OWASP-worthy training quality.


OWASP Code Review Guide

A gathering of software developers sharing good and bad coding examples, with the aim of educating everyone reading the code review guide on what to do and what not do do when coding web sites.


OWASP PCI Toolkit

OWASP PCI toolkit is an Open Source C# Windows form project, that will help you to scope the PCI-DSS requirements for your Web Applications. The PCI toolkit is based on a decision tree assessment methodology, to help you define if your web applications are part of the PCI-DSS scope and within the PCI-DSS requirements. By decomposing , one by one , you will be able to create an assessment and a final report of your scope delimitation and which OWASP guidelines must be used.

OWASP OpenSAMM

During the AppSec conferences, the SAMM project team organises workshops for you to influence the direction SAMM evolves. This is an excellent opportunity to exchange experiences with your peers. Understanding of SAMM is a prerequisite for participation in this OWASP summit session.

OWASP Cyber Security Startup Initiative

The initiative is a pre-startup accelerator that will leverage academia and startup communitys to build next generation cyber security startups.

Remote participation will be key for the success of this Projects Summit. Ideally we should should have 10x remote attendees (vs local attendees), since that allows project leaders, contributors and users that cannot make it to the conference (or will arrive late) to also participate. Remote participation at the summit will be dependent on whether we get at least 10 remote participants registered before the event. If we do not, then we will drop this aspect of the summit for 2014.

Starting with the basics here is what will be needed:

  • Good Internet connectivity (ideally dedicated, but that will have further costs)
  • Local moderators
  • Streaming technology (in both video, audio and text)
  • Sharing tools (virtual docs, whiteboards,etc..)
  • Registration system for remote participates
  • Schedule for remote participants

If you need help with anything summit related, or if you simply need some more information, please do not hesitate to contact either Johanna Curiel, Dinis Cruz or Matt Tesauro.