Difference between revisions of "GPC/Meetings/2013-26-04"

From OWASP
Jump to: navigation, search
 
(6 intermediate revisions by one user not shown)
Line 5: Line 5:
 
**Active Projects: 148
 
**Active Projects: 148
 
**Inactive Projects: 67
 
**Inactive Projects: 67
 +
 +
*'''New OWASP Projects'''
 +
**[https://www.owasp.org/index.php/OWASP_Web_Application_Security_Quick_Reference_Guide_Project OWASP Web Application Security Quick Reference Guide Project]
 +
**[https://www.owasp.org/index.php/OWASP_Application_Fuzzing_Framework_Project OWASP Application Fuzzing Framework Project]
 +
**[https://www.owasp.org/index.php/OWASP_Security_JDIs_Project OWASP Security JDIs Project]
 +
 +
*'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Amvv_7Gz8Z7TdHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE#gid=0 Project Applications]'''
 +
**OWASP Scytale Project
 +
**OWASP iMAS - iOS Mobile Application Security
 +
**OWASP Testdemo
  
 
*'''Projects Under Review'''
 
*'''Projects Under Review'''
Line 11: Line 21:
 
**[https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework Xenotix XSS Exploit Framework]
 
**[https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework Xenotix XSS Exploit Framework]
 
**Project reviews are on hold until we can fill the [https://www.owasp.org/index.php/Projects/Reviews_Management_Proposal_2013 Technical Project Advisor] [http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000AUtE volunteer roles].  
 
**Project reviews are on hold until we can fill the [https://www.owasp.org/index.php/Projects/Reviews_Management_Proposal_2013 Technical Project Advisor] [http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000AUtE volunteer roles].  
 
*'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Amvv_7Gz8Z7TdHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE#gid=0 Project Applications]'''
 
**OWASP Web Application Security Quick Reference Guide Project
 
**OWASP Application Fuzzing Framework Project
 
**OWASP Security JDIs Project
 
**OWASP Scytale Project
 
  
 
==Currently Working On==     
 
==Currently Working On==     
  
 
*'''OWASP Marketing'''
 
*'''OWASP Marketing'''
**I am managing the OWASP Marketing deliverables for the foundation.  
+
**I worked with Sisterworks Publishing this week on organizing a webinar for our community.  
**I am managing the relationship with the Marketing company hired to deliver some materials for us.
+
**They were meant to present their Phase 2 recommendations to us on Thursday during a live webinar.  
**The Ops Team and I discussed our current relationship with them, and the deliverables they have provided us.
+
** Unfortunately, the presenters were not able to make it during the regular time.
**We made decisions on these pieces, and recommendations on creative brief adjustments.
+
**I stepped in and presented their recommendations to the community.  
**We met with the Marketing company this week, and communicated our decisions to them.
+
**[https://www.owasp.org/images/c/c5/OWASP_Recommendations-Presentation2-April24.pdf Sisterworks Publishing recommendations to OWASP].  
**I am currently coordinating a webinar with the Marketing company, to communicate out their recommendations to us to our community.
+
  
*'''Projects in SalesForce'''
+
*'''Determining Active Project Status'''
 
**All existing project meta data has been entered into SalesForce.
 
**All existing project meta data has been entered into SalesForce.
**The challenge now is implementing a workflow that will help me manage the data and the relationships between each piece of information.
+
**There are still quite a few challenges with managing all of this data.
**I am currently working with Kate to figure out a short term solution for this.
+
**I've determined that we must first confirm that our Active projects are indeed Active, and that the named project leader is accurate as well.
**The long term solution is to build SalesForce portals that will allow project leaders the ability to self manage their data.  
+
**I am reaching out to each leader individually to confirm these two key pieces of data for all 148 projects.  
 
+
*'''Women in Security Event Module'''
+
**I met with several volunteers at the New York City volunteer meeting for AppSec USA 2013.
+
**Some of these volunteers are interested in bringing the Women in Security event module back to AppSec USA this year.
+
**I helped collect volunteer information, created a mailing list, and I am managing the conversation to help get this event module to the conference this year.
+
**We are currently developing guidelines and entry requirements for new candidates.  
+
  
 
*'''Projects at AppSec EU'''
 
*'''Projects at AppSec EU'''
**Several members of the Ops Team and I met with Dirk, the local events planner for AppSec EU 2013.
+
**I have put together several communications pieces, instructions, forms, and scheduled deadlines for the AppSec EU Open Source Showcase (OSS).
**We decided on bringing the Open Source Showcase, and the OWASP Projects Track (OPT) to the conference this year.
+
**As mentioned in my previous report, the local event organizers are already trying to allocate presenters for the OWASP Projects Track (OPT).  
**Dirk already has speakers lined up for the OPT, and I am putting together a "Call for Entries" for the OSS.  
+
**I don't anticipate needing to have a call for entries for the OPT, but I am prepared if we find we need to.
 +
**[https://docs.google.com/document/d/1dOrUYtwlBXwfhPyZa9JYqV1MeUUjSxvjm5mwgMqJXhE/edit?usp=sharing Projects at AppSec EU Document].
 +
**[https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGhkUUhkeDBWOVZPcVdzcWloYWhla3c6MA#gid=0 AppSec EU OSS Call for Entries].
 +
 
 +
*'''Personal Development'''
 +
**I am always looking for different ways of improving my skills so I have developed a list of personal development activities I wish to undertake for the year.
 +
**I have each activity separated into quarters.
 +
**This quarter, Q2, I am focusing on increasing my Information Security knowledge and understanding.
 +
**To do this, I am taking a 7 week course on [https://www.coursera.org/course/inforiskman Information Security and Risk Management in Context].
 +
**The course is made available through Coursera.  
  
 
*'''Daily Project based queries and requests'''
 
*'''Daily Project based queries and requests'''
Line 71: Line 77:
 
*'''Google Grants Proposal'''
 
*'''Google Grants Proposal'''
 
#Amount: $120,00 in Adwords Funds
 
#Amount: $120,00 in Adwords Funds
#Status: We continue to test different keywords and strategies to try and find the best way to leverage this grant award. We are currently testing a strategy for the AppSec USA conference this year. I have contacted Joseph McElroy who is the CEO of Corporate Performance Artists in New York, USA. Corporate performance Artist is a community management firm that specialises in SEO, Google Analytics, and Google Grants Adwords campaigns. He had some amazing insights for me. I am currently reviewing these recommendations.
+
#Status: We continue to test different keywords and strategies to try and find the best way to leverage this grant award. We are currently testing a strategy for the AppSec USA conference this year. I have contacted Joseph McElroy who is the CEO of Corporate Performance Artists in New York, USA. Corporate performance Artist is a community management firm that specializes in SEO, Google Analytics, and Google Grants Adwords campaigns. He had some amazing insights for me. I am currently reviewing these recommendations.
  
 
*'''LSEC Web Attack Proposal'''
 
*'''LSEC Web Attack Proposal'''
 
#Amount: TBD (Will be in Euros)
 
#Amount: TBD (Will be in Euros)
#Status: This proposal is currently being put together by a grant partner. This grant is from the European Commission (EC). They are looking for European organisations to collaborate on research and implementation activities for the EC. If OWASP participates in this initiative, the organisation will partner with up to 7 different companies from across the European Union. We are still in the process of writing the proposal and working out logistics.  
+
#Status: This proposal is currently being put together by a grant partner. This grant is from the European Commission (EC). They are looking for European organizations to collaborate on research and implementation activities for the EC. If OWASP participates in this initiative, the organization will partner with up to 7 different companies from across the European Union. We are still in the process of writing the proposal and working out logistics.  
  
  

Latest revision as of 12:51, 25 April 2013

Contents

OWASP Global Projects Report

  • Project Applications
    • OWASP Scytale Project
    • OWASP iMAS - iOS Mobile Application Security
    • OWASP Testdemo

Currently Working On

  • OWASP Marketing
    • I worked with Sisterworks Publishing this week on organizing a webinar for our community.
    • They were meant to present their Phase 2 recommendations to us on Thursday during a live webinar.
    • Unfortunately, the presenters were not able to make it during the regular time.
    • I stepped in and presented their recommendations to the community.
    • Sisterworks Publishing recommendations to OWASP.
  • Determining Active Project Status
    • All existing project meta data has been entered into SalesForce.
    • There are still quite a few challenges with managing all of this data.
    • I've determined that we must first confirm that our Active projects are indeed Active, and that the named project leader is accurate as well.
    • I am reaching out to each leader individually to confirm these two key pieces of data for all 148 projects.
  • Projects at AppSec EU
    • I have put together several communications pieces, instructions, forms, and scheduled deadlines for the AppSec EU Open Source Showcase (OSS).
    • As mentioned in my previous report, the local event organizers are already trying to allocate presenters for the OWASP Projects Track (OPT).
    • I don't anticipate needing to have a call for entries for the OPT, but I am prepared if we find we need to.
    • Projects at AppSec EU Document.
    • AppSec EU OSS Call for Entries.
  • Personal Development
    • I am always looking for different ways of improving my skills so I have developed a list of personal development activities I wish to undertake for the year.
    • I have each activity separated into quarters.
    • This quarter, Q2, I am focusing on increasing my Information Security knowledge and understanding.
    • To do this, I am taking a 7 week course on Information Security and Risk Management in Context.
    • The course is made available through Coursera.
  • Daily Project based queries and requests
    • This has not changed much since I began the post: questions are very similar in nature.
    • Global AppSec questions.
    • Funding queries.
    • Travel availability.
    • Project based administrative help.
    • Project status information.
    • Several project donations questions.
    • OWASP Social Media Updates.
    • What's happening with projects, questions.

Grants Updates

  • Guidebooks Grant
  1. Amount: $25,000
  2. Status: We have received our first payment from DHS.
  • ESAPI Proposal
  1. Amount: $25,000
  2. Status: The ESAPI proposal is still being reviewed.
  • ModSecurity Grant Writing
  1. Amount: $30,000
  2. Status: The ModSecurity proposal is still being reviewed.
  • Google Grants Proposal
  1. Amount: $120,00 in Adwords Funds
  2. Status: We continue to test different keywords and strategies to try and find the best way to leverage this grant award. We are currently testing a strategy for the AppSec USA conference this year. I have contacted Joseph McElroy who is the CEO of Corporate Performance Artists in New York, USA. Corporate performance Artist is a community management firm that specializes in SEO, Google Analytics, and Google Grants Adwords campaigns. He had some amazing insights for me. I am currently reviewing these recommendations.
  • LSEC Web Attack Proposal
  1. Amount: TBD (Will be in Euros)
  2. Status: This proposal is currently being put together by a grant partner. This grant is from the European Commission (EC). They are looking for European organizations to collaborate on research and implementation activities for the EC. If OWASP participates in this initiative, the organization will partner with up to 7 different companies from across the European Union. We are still in the process of writing the proposal and working out logistics.


  • Total Grant Funds Awarded: $145,000 for 2013.