Difference between revisions of "OWASP EU Summit 2008"

From OWASP
Jump to: navigation, search
(Achim added)
(NEW FREE TOOLS AND GUIDANCE)
 
(493 intermediate revisions by 34 users not shown)
Line 1: Line 1:
(WORK IN PROGRESS /UNDER DISCUSSION)
+
{|
== UPDATES ==
+
! width="315" align="left"|
*[[OWASP EU Summit 2008 - updates|'''OWASP EU Summit 2008 - updates''']]
+
! width="190" align="center" |
 +
! width="300" align="center" |
 +
|-
 +
| align="center"|__TOC__
 +
| align="center"|[[Image:OWASP EU Summit Portugal 2008.jpg]]<br>''''SETTING THE WEB APPLICATION SECURITY AGENDA FOR 2009''''<br>3th - 7th November 2008
 +
| align="left"|
 +
* [https://www.owasp.org/index.php/OWASP_EU_Summit_2008_Media_Coverage Summit media coverage]
 +
* [http://spreadsheets.google.com/pub?key=pAX6n7m2zaTVLrPtR07riBA Sponsored Participants]
 +
|}
 +
{| style="width:80%" border="0" align="center"
 +
| align="center" |
 +
|-
 +
| style="width:100%; align="center"|[[Image:Summit Group 4.jpg]]
 +
|}
 +
 
 +
{|
 +
== KEY RESULTS FROM THE OWASP SUMMIT ==
 +
 
 +
=== SUMMIT CONCLUSIONS DOCUMENT ===
 +
 
 +
"ALGARVE, PORTUGAL, November 7, 2008 – The Open Web Application Security Project (OWASP) today announced results from the annual OWASP Summit. Over 80 application security experts from over 20 countries joined forces to identify, coordinate, and prioritize our 2009 efforts to create a more secure Internet.
 +
 
 +
OWASP is a free and open community that focuses on improving application security. There is overwhelming evidence that the vast majority of web applications contain security holes that are increasingly putting people and organizations at serious risk. Securing web applications is an extraordinarily difficult technical challenge that demands a concerted effort.
 +
 
 +
“OWASP came together for a week and produced a stunning amount of new ideas,” said OWASP Chair Jeff Williams. “Our community is growing and organizing into a powerful movement that will affect software development worldwide.  This summit marks a major milestone our efforts to improve application security. (...)”<b> [https://www.owasp.org/images/4/46/Board_signed_Document.pdf See here the fully OWASP Board's signed document with OWASP Summit 2008's conclusions"] and watch OWASP Board's ([[User:Dinis.cruz|'''Dinis Cruz''']] and [[User:Jeff Williams|'''Jeff Williams''']]) videos:</b>
 +
 
 +
<center>{{#ev:youtube|kHAC7skATQg}} {{#ev:youtube|skTNrQOGLOc}} <hr>
 +
|}
 +
 
 +
 
 +
Key results from the OWASP Summit include:
 +
 
 +
=== UPDATED OWASP PRINCIPLES ===
 +
 
 +
• Free & Open,
 +
 
 +
• Governed by rough consensus & running code,
 +
 
 +
• Abide by a code of ethics (see ethics),
 +
 
 +
• Not-for-profit,
 +
 
 +
• Not driven by commercial interests,
 +
 
 +
• Risk based approach.
 +
 
 +
=== UPDATED CODE OF ETHICS ===
 +
• Support the implementation of and promote compliance with standards, procedures, controls for application security,
  
== What: OWASP Summit, a conference about OWASP and for OWASP's community ==
+
• Have objectivity, due diligence and professional care in accordance with established standards,
=== When: 4 to 7 Nov 2008 (4 & 5: Meetings and Training, 6 & 7: Conference) ===
 
=== Where: Portugal ===
 
Faro or Lisbon
 
=== Organization===
 
Dinis Cruz, Paulo Coimbra and the OWASP Summit Team - Eduardo Neves, Leonardo Cavallari Militelli, Mark Roxberry, Michael Coates, Arturo 'Buanzo' Busleiman.
 
  
== Agenda ==
+
• Responsible disclosure.
Theme: Present OWASP's projects, community and activities  .....    '....Connecting the dots.... "
 
  
'''Day 1 & 2'''
+
=== NEW OUTREACH PROGRAMS ===
*Training sessions (similar to what happens at the moment at the other OWASP conferences)
+
• OWASP has expanded its outreach efforts by building relationships with technology vendors, framework providers, and standards bodies. In addition, we piloted a new program to provide free one-day seminars at universities and developer conferences worldwide.
*OWASP Working Group sessions (1/2 day each) on:
 
** OWASP Governance, "What is OWASP's position on ...." & Action Plan for 2009
 
** ESAPI
 
** Browser Security
 
** OWASP Top 10 2009
 
  
'''Day 3 & 4 Agenda:'''
+
=== NEW GLOBAL COMMITTEE STRUCTURE ===
* Presentations from AoC, SpoC and SoC Participants
+
OWASP recognized the extraordinary contribution of our most active leaders by engaging them to lead a set of six new committees.  Each democratically established committee will focus on a key function or geographic region, such as OWASP projects, conferences, local chapters, membership and industry outreach.
* Presentations from 'Release' Quality OWASP projects (not included in the list above) or Key OWASP projects (like ESAPI)
 
* Presentations about OWASP : How it works, Financial reports, OotM (OWASP on the Move), new project management guidelines, local chapter finances, OWASP governance
 
* Presentation from Chapter leaders on the activities developed on their project
 
* Discussion on next steps for OWASP and focus of next OWASP financial investment plans
 
  
Other ideas:
+
{| style="width:90%" border="0" align="center"
 +
| colspan="7" align="center" style="background:#4058A0; color:white" | '''OWASP GLOBAL COMMITTEES (OWASP GC) - ELECTED AT THE OWASP SUMMIT 08'''
 +
|-
 +
| style="width:15%; background:#f2984c" align="center" | OWASP GLOBAL COMMITTEES
 +
| style="width:15%; background:#f2984c" align="center" | [[Global Projects and Tools Committee|'''Projects & Tools''']] 
 +
| style="width:14%; background:#f2984c" align="center" | [[Global Membership Committee|'''Membership''']]
 +
| style="width:14%; background:#f2984c" align="center" | [[Global Education Committee|'''Education''']]
 +
| style="width:14%; background:#f2984c" align="center" | [[Global Conferences Committee|'''Conferences''']] 
 +
| style="width:14%; background:#f2984c" align="center" | [[Global Industry Committee|'''Industry''']]
 +
| style="width:14%; background:#f2984c" align="center" | [[Global Chapter Committee|'''Chapters''']] 
 +
|-
 +
| style="width:15%; background:#cccccc" align="center" | Current committee members
 +
| style="width:15%; background:#cccccc" align="center" |
 +
* [[:User:Dinis.cruz|Dinis Cruz]]
 +
* [[:Image:Image021-Jason Li.jpg|Jason Li]]
 +
* [[:Image:Image019-Matt Tesauro.jpg|Matt Tesauro]]
 +
* [[:Image:Image022-Leo Cavallari.jpg|Leo Cavallari]]
 +
* [[:Image:Image020-Pravir Chandra.jpg|Pravir Chandra]]
 +
| style="width:14%; background:#cccccc" align="center" |
 +
* [[:User:Brennan|Tom Brennan]]
 +
* [[:Image:Image018-Dan Cornell.jpg|Dan Cornell]]
 +
* [[:Image:Image017-Michael Coates.jpg|Michael Coates]]
 +
| style="width:14%; background:#cccccc" align="center" |
 +
* [[User:Sdeleersnyder|Seba Deleersnyder]]
 +
* [[:Image:Image007-Martin Knobloch.jpg|Martin Knobloch]]
 +
* [[:Image:Image012-Mano Paul.jpg|Mano Paul]]
 +
* [[:Image:Image008-Eduardo Neves.jpg|Eduardo Neves]]
 +
* [[:Image:Image010-Kuai Hinjosa.jpg|Kuai Hinjosa]]
 +
* [[:Image:Image011-Cecil Su.jpg|Cecil Su]]
 +
* [[:Image:Image009-Fabio Cerullo.jpg|Fabio Cerullo]]
 +
| style="width:14%; background:#cccccc" align="center" |
 +
* [[User:Wichers|Dave Wichers]]
 +
* [[:Image:Image005-Wayne Huang.jpg|Wayne Huang]]
 +
* [[:Image:Image003-Steve Antoniewicz.jpg|Steve Antoniewicz]]
 +
* [[:Image:Image004-Dhruv Soi.jpg|Dhruv Soi]]
 +
* [[:Image:Image006-David Campbell.jpg|David Campbell]]   
 +
| style="width:14%; background:#cccccc" align="center" |
 +
* [[:User:Brennan|Tom Brennan]]
 +
* [[:Image:Image014 Rex Booth.jpg|Rex Booth]]
 +
* [[:Image:Image016-Georg Hess.jpg|Georg Hess]]
 +
* [[:Image:Image013-Eoin Keary.jpg|Eoin Keary]]
 +
* [[:Image:Image015-David Campbell.jpg|David Campbell]]
 +
| style="width:14%; background:#cccccc" align="center" |
 +
* [[User:Sdeleersnyder|Seba Deleersnyder]]
 +
* [[:Image:Image001-Wayne Huang.jpg|Wayne Huang]]
 +
* [[:Image:Image002-Puneet Mehta.jpg|Puneet Mehta]] 
 +
|}
  
* vote on 6th OWASP board member (Candidates to Apply)
 
  
== other details==
+
See here [https://www.owasp.org/index.php/How_to_Join_a_Committee '''How to Join a Global Committee'''].
  
'''Projected Attendees:450 '''
+
=== NEW FREE TOOLS AND GUIDANCE ===
* 200 with some (or all) expenses covered by OWASP
 
** 33 SoC participants
 
** 70 SoC reviewers
 
** 10 SoC Collaborators
 
** 15 AoC & SpoC participants
 
** 15 Chapter Leaders
 
** 8 OWASP Board & Employees
 
** 49 OWASP non-individual members (2x per 9k Corporate? 1x for the others?)
 
  
=== Financial details ===
+
• OWASP announced the release of Live CD 2008, many new testing tools, static analysis tools, the Enterprise Security API (ESAPI v1.4), AntiSamy, the Application Security Verification Standard (ASVS), guidance for Ruby on Rails and Classic ASP, international versions of our materials, and much more.
'''Expenses'''
 
* Accommodation & meals: 80,000 USD  = 400 USD per person (200x) for 3 nights accommodation  and 5 meals (3 dinners and 2 lunches)
 
* Flights &  Trains : 70,000 USD
 
  
'''Revenue sources'''
+
{| style="width:85%" border="0" align="center"
* Tickets (for the 250 non 'OWASP invited' attendees)
+
| colspan="2" align="center" style="background:#4058A0; color:white" | '''OWASP is proud to launch the following new or updated tools:'''
* Training Sessions
+
|-
* Conference sponsors
+
| style="width:80%; background:#a0c0e0" align="center"|'''PROJECT'''
 +
| style="width:20%; background:#C2C2C2" align="center"|'''AUTHOR'''
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Application Security Verification Standard Project|'''OWASP Application Security Verification Standard - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Mike Boberski
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP AppSensor Project|'''OWASP AppSensor - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Michael Coates
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Access Control Rules Tester Project|'''OWASP Access Control Rules Tester - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Andrew Petukhov
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP AntiSamy Project .NET|'''OWASP AntiSamy Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Arshan Dabirsiaghi
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|'''OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Dmitry Kozlov
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Code Crawler|'''OWASP Code Crawler - SoC 08''']]<br>[https://www.owasp.org/images/6/61/OWASP_CodeCrawler_Presentation.ppt Power Point Presentation]
 +
| style="width:20%; background:#C2C2C2" align="center"|Alessio Marziali
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP JSP Testing Tool Project|'''OWASP JSP Testing Tool - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Jason Li
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Live CD 2008 Project|'''OWASP Live CD - SoC 08''']]
 +
 +
| style="width:20%; background:#C2C2C2" align="center"|Matt Tesauro
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Arturo ‘Buanzo’
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Orizon Project|'''OWASP Orizon Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Paolo Perego
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Python Static Analysis Project|'''OWASP Python Static Analysis Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Georgy Kilmov
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Skavenger Project|'''OWASP Skavenger Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Matthias Rohr
 +
|-
 +
| style="width:80%; background:#a0c0e0" align="center"|[[:Category:OWASP Teachable Static Analysis Workbench Project|'''OWASP Teachable Static Analysis Workbench - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Dmitry Kozlov & Igor Konnov
 +
|}
  
== Provisory list of 'expenses paid' participants    ==
 
  
{| style="width:100%" border="0" align="center"
+
{| style="width:85%" border="0" align="center"
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECTED CONFERENCE PAID ATTENDEES AND/OR SPEAKERS - NEEDS OWASP BOARD CONFIRMATION'''  
+
  | colspan="2" align="center" style="background:#4058A0; color:white" | '''OWASP is proud to launch the following new or updated documents and resources:'''
  |-  
+
|-
  | style="width:20%; background:#b3b3b3" align="center"|'''NAME'''
+
| style="width:80%; background:#FFDF80" align="center"|'''PROJECT'''
  | style="width:40%; background:#b3b3b3" align="center"|'''POSITION/REASON OF ATTENDANCE'''
+
| style="width:20%; background:#C2C2C2" align="center"|'''AUTHOR'''
  | style="width:20%; background:#b3b3b3" align="center"|'''COUNTRY'''
+
|-
  | style="width:20%; background:#b3b3b3" align="center"|'''DEPARTURE (AIRPORT/CITY)'''
+
| style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP ASDR Project|'''OWASP Application Security Desk Reference - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Leonardo Cavallari 
 +
|-
 +
| style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP Backend Security Project|'''OWASP Backend Security Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Carlo Pelliccioni
 +
|-
 +
| style="width:80%; background:#FFDF80" align="center"|[[:Classic ASP Security Project|'''OWASP Classic ASP Security Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Juan Carlos Calderon
 +
  |-
 +
| style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP Code Review Project|'''OWASP Code Review Project - SoC 08''']]
 +
  | style="width:20%; background:#C2C2C2" align="center"|Eoin Keary
 +
|-
 +
| style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP Education Project|'''OWASP Education Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Sebastien Deleersnyder, Martin Knobloch
 +
|-
 +
  | style="width:80%; background:#FFDF80" align="center"|[[:OWASP Internationalization|'''OWASP Internationalization Project - Soc 08''']]
 +
  | style="width:20%; background:#C2C2C2" align="center"|Juan Carlos Calderon
 +
|-
 +
| style="width:80%; background:#FFDF80" align="center"|[[:OWASP Spanish|'''OWASP Spanish Project - SoC 08''']]
 +
  | style="width:20%; background:#C2C2C2" align="center"|Juan Carlos Calderon
 +
|-
 +
| style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP Positive Security Project|'''OWASP Positive Security Project - SoC 08''']]
 +
| style="width:20%; background:#C2C2C2" align="center"|Eduardo V.C. Neves
 
  |-
 
  |-
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''OWASP BOARD MEMBERS & EMPLOYEES'''
+
  | style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP Ruby on Rails Security Guide V2|'''OWASP Ruby on Rails Security Project - SoC 08''']]
|-
+
  | style="width:20%; background:#C2C2C2" align="center"|Heiko Webers
| style="width:20%; background:#cccccc" align="center"|Williams
 
| style="width:40%; background:#cccccc" align="center"|Board, Chair, Wiki, Management
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Dave Wichers
 
| style="width:40%; background:#cccccc" align="center"|Board, Conferences, Financials
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
  | style="width:20%; background:#cccccc" align="center"|Dinis Cruz
 
| style="width:40%; background:#cccccc" align="center"|Board, Firehose of Ideas and Money spender
 
| style="width:20%; background:#cccccc" align="center"|UK
 
| style="width:20%; background:#cccccc" align="center"|London
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Tom Brennan
 
| style="width:40%; background:#cccccc" align="center"|Board, OWASP Governance
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Sebastien Deleersnyder
 
| style="width:40%; background:#cccccc" align="center"|Board, OWASP Chapters and Projects
 
| style="width:20%; background:#cccccc" align="center"|Belgium
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Paulo Coimbra
 
| style="width:40%; background:#cccccc" align="center"|Employee, Project Manager
 
| style="width:20%; background:#cccccc" align="center"|UK
 
| style="width:20%; background:#cccccc" align="center"|London
 
|-  
 
  | style="width:20%; background:#cccccc" align="center"|Kate Hartmann
 
| style="width:40%; background:#cccccc" align="center"|Employee, Operations Director
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Alison McNamee
 
| style="width:40%; background:#cccccc" align="center"|Employee, Accounting
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Larry Casey
 
| style="width:40%; background:#cccccc" align="center"|Employee, Director of Information Technology
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
 
  |-
 
  |-
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''OWASP SUMMER OF CODE 2008 PROJECT LEADERS & REVIEWERS'''
+
  | style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP Securing WebGoat using ModSecurity Project|'''OWASP Securing WebGoat using ModSecurity Project - SoC 08''']]  
|-
+
  | style="width:20%; background:#C2C2C2" align="center"|Stephen Craig Evans  
  | style="width:20%; background:#cccccc" align="center"|Achim Hoffmann
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP EnDe Project; Reviewer, OWASP Skavenger Project, OWASP w3af Project 
 
| style="width:20%; background:#cccccc" align="center"|Germany
 
| style="width:20%; background:#cccccc" align="center"|Frankfurt or Munich
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Alexander Fry
 
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Source Code Review OWASP Projects<br>OWASP Teachable Static Analysis Workbench<br>OWASP WeBekci Project
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-  
 
| style="width:20%; background:#cccccc" align="center"|Andrew Petukhov
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Access Control Rules Tester Project
 
| style="width:20%; background:#cccccc" align="center"|Russia
 
| style="width:20%; background:#cccccc" align="center"|Moscow
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Arturo Alberto Busleiman
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Enigform and mod_Openpgp
 
| style="width:20%; background:#cccccc" align="center"|Argentina
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Carlo Pelliccioni
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Backend Security Project
 
| style="width:20%; background:#cccccc" align="center"|Italy
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Eduardo Vianna de Camargo Neves 
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Positive Security 
 
| style="width:20%; background:#cccccc" align="center"|Brazil
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Eoin Keary
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Code Review Guide
 
| style="width:20%; background:#cccccc" align="center"|Ireland
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Esteban Ribicic
 
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Backend Security Project<br>OWASP Classic ASP Security Project<br>OWASP AntiSamy .NET<br>OWASP Interceptor Project - 2008 Update
 
| style="width:20%; background:#cccccc" align="center"|Croatia
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Fabio Cerullo
 
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Internationalization Guidelines Project<br>OWASP Spanish Project
 
| style="width:20%; background:#cccccc" align="center"|Ireland
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Frederick Donovan
 
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Application Security Desk Reference (ASDR)
 
| style="width:20%; background:#cccccc" align="center"|United States
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Heiko Webers
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Ruby on Rails Security Project
 
| style="width:20%; background:#cccccc" align="center"|Germany
 
| style="width:20%; background:#cccccc" align="center"|Frankfurt
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Juan Carlos Calderon
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Internationalization Guidelines<br>OWASP Spanish Project<br>OWASP Classic ASP Security Project
 
| style="width:20%; background:#cccccc" align="center"|Mexico
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Justin Derry
 
| style="width:40%; background:#cccccc" align="center"|Chapter leader & Project Leader, OWASP Interceptor Project
 
| style="width:20%; background:#cccccc" align="center"|Sydney Australia
 
  | style="width:20%; background:#cccccc" align="center"|Sydney Australia
 
|-
 
  | style="width:20%; background:#cccccc" align="center"|Kevin Fuller
 
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Testing Guide v3<br>OWASP SQL Injector Benchmarking Project (SQLiBENCH)
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|Sacramento Ca
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Leonardo Cavallari Militelli
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Application Security Desk Reference (ASDR)
 
| style="width:20%; background:#cccccc" align="center"|Brazil
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Mark Roxberry
 
| style="width:40%; background:#cccccc" align="center"|Leader, OWASP .NET Project
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Matt Tesauro
 
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP Live CD 2008
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|Austin
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Matthias Rohr
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Skavenger Project
 
| style="width:20%; background:#cccccc" align="center"|Germany
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Michael Coates
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP AppSensor
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|Chicago
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Nam Nguyen
 
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Testing Guide v3, Python Static Analysis, OWASP Education
 
| style="width:20%; background:#cccccc" align="center"|Vietnam
 
| style="width:20%; background:#cccccc" align="center"|Ho Chi Minh City
 
|-
 
| style="width:20%; background:#cccccc" align="center"|P.Satish Kumar
 
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP Code Review Guide
 
| style="width:20%; background:#cccccc" align="center"|India
 
| style="width:20%; background:#cccccc" align="center"|Hyderabad
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Paolo Perego
 
| style="width:40%; background:#cccccc" align="center"|Project Leader, OWASP Orizon Project 
 
| style="width:20%; background:#cccccc" align="center"|Italy
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Parvathy Iyer
 
| style="width:40%; background:#cccccc" align="center"|OWASP Corporate Application Security Guide
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Pierre Parrend
 
| style="width:40%; background:#cccccc" align="center"|Reviewer, OWASP OpenSign Server Project<br>OWASP Application Security Verification Standard
 
| style="width:20%; background:#cccccc" align="center"|France
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Stephen Craig Evans
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Securing WebGoat using ModSecurity
 
| style="width:20%; background:#cccccc" align="center"|Singapore
 
| style="width:20%; background:#cccccc" align="center"|Singapore
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Name
 
| style="width:40%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
 
  |-
 
  |-
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''OWASP SUMMER OF CODE 2008/LOGISTICS'''
+
  | style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP Source Code Review OWASP Projects Project|'''OWASP Source Code Review - SoC 08''']]
|-
+
  | style="width:20%; background:#C2C2C2" align="center"|James Walden
  | style="width:20%; background:#cccccc" align="center"|Sarah Cruz
 
| style="width:40%; background:#cccccc" align="center"|Project leader, Graphic Design
 
| style="width:20%; background:#cccccc" align="center"|UK
 
| style="width:20%; background:#cccccc" align="center"|London
 
|-  
 
  | style="width:20%; background:#cccccc" align="center"|Name
 
| style="width:40%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
 
  |-
 
  |-
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''OWASP SRING OF CODE 2007 PROJECT LEADERS & REVIEWERS'''
+
  | style="width:80%; background:#FFDF80" align="center"|[[:Category:OWASP Testing Project|'''OWASP Testing Guide V3 - SoC 08''']]<br>[http://www.owasp.org/images/2/2c/OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt PowerPoint Presentation]
|-
+
  | style="width:20%; background:#C2C2C2" align="center"|Matteo Meucci
  | style="width:20%; background:#cccccc" align="center"|Przemyslaw Skowron
 
| style="width:40%; background:#cccccc" align="center"|Project Leader, Refresh Attacks List 
 
| style="width:20%; background:#cccccc" align="center"|Poland
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Name
 
| style="width:40%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
|-
 
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''OWASP AUTUMN OF CODE 2006 PROJECT LEADERS & REVIEWERS'''  
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Rogan Dawes
 
| style="width:40%; background:#cccccc" align="center"|Project leader, WebScarab-NG
 
| style="width:20%; background:#cccccc" align="center"|South Africa
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Simon Roses Femerling
 
| style="width:40%; background:#cccccc" align="center"|Project leader, OWASP Pantera
 
| style="width:20%; background:#cccccc" align="center"|Spain
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Name
 
| style="width:40%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
|-  
 
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''ACTIVE PROJECT LEADERS (NOT CURRENTLY PARTICIPATING ON SOC 08)'''  
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Alex Smolen
 
| style="width:40%; background:#cccccc" align="center"| Project leader, .NET ESAPI
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Name
 
| style="width:40%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
  |-
 
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''ACTIVE CHAPTER LEADERS (NOT CURRENTLY PARTICIPATING ON SOC 08)'''
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Antti Laulajainen
 
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Helsinki   
 
| style="width:20%; background:#cccccc" align="center"|Finland
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Steve Antoniewicz
 
| style="width:40%; background:#cccccc" align="center"|Chapter Board Member, NY/NJ Metro 
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Kuai Hinojosa
 
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Twin-Cities
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Jim Manico
 
| style="width:40%; background:#cccccc" align="center"|Chapter leader/founder, Hawaii
 
| style="width:20%; background:#cccccc" align="center"|Hawaii, USA
 
| style="width:20%; background:#cccccc" align="center"|Anahola, Island of Kauai
 
|-
 
  | style="width:20%; background:#cccccc" align="center"|Rex Booth
 
| style="width:40%; background:#cccccc" align="center"|Chapter leader, Washington DC 
 
| style="width:20%; background:#cccccc" align="center"|USA
 
| style="width:20%; background:#cccccc" align="center"|?
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Name
 
| style="width:40%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
|-
 
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''SIGNIFICANT PAST OWASP CONTRIBUTOR (THAT IS NOT ALREADY COVERED BY ONE OF THE ABOVE CATEGORIES)'''
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Name
 
| style="width:40%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
|-
 
! colspan="7" align="left" style="background:white; color:black"|<font color="black">'''OWASP NON-INDIVIDUAL MEMBERS'''
 
|-
 
| style="width:20%; background:#cccccc" align="center"|Name
 
| style="width:40%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
| style="width:20%; background:#cccccc" align="center"|
 
|-
 
 
  |}
 
  |}
  
==Agenda and Presentations - November 4-7 ==
+
Find more OWASP Projects at the [https://www.owasp.org/index.php/Category:OWASP_Project OWASP Projects Page].
 +
 
 +
== EVENT AGENDA ==  
  
Under development. Please contact michael.coates{at}aspectsecurity.com with any questions or feedback.
+
{| style="width:80%" border="0" align="center"
 +
| colspan="5" align="center" style="background:#4058A0; color:white" | Agenda for Monday, November 3rd, 2008
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center"| 13:00
 +
| colspan="4" style="width:90%; background:#C2C2C2" align="center" | Lunch
 +
|-
 +
| style="width:10%; background:white" align="center"| 
 +
| colspan="4" style="width:90%; background:white" align="center" | Training Sessions
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center"| 15:00 - 17:00
 +
| style="width:30%; background:#c0a0a0" align="center" |  Securing WebGoat with ModSecurity<br>Stephen Craig Evans
 +
| style="width:30%; background:#c0a0a0" align="center" |  WebSec Apps for Managers and Executives<br>[http://uk.youtube.com/watch?v=r04EOuukvMQ Video]<br>Mano Paul
 +
| style="width:30%; background:#c0a0a0" align="center" |  OWASP Testing Guide<br>Matteo Meucci
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center" | 19:00
 +
| colspan="4" style="width:90%; background:#F2F2F2" align="center" | Summit Briefing<br>Dinis Cruz and Summit Organization Team
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center" | 20:00
 +
| colspan="4" style="width:90%; background:#C2C2C2" align="center" | Dinner
 +
|-
 +
|}
  
The agenda follows the successful OWASP conference two tracks format, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing pannel discussions back in the main auditorium both days.
 
  
 
{| style="width:80%" border="0" align="center"
 
{| style="width:80%" border="0" align="center"
  ! colspan="3" align="center" style="background:#4058A0; color:white" | Day 3 - November 6, 2008
+
  | colspan="5" align="center" style="background:#4058A0; color:white" | Agenda for Tuesday, November 4th, 2008
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center" | 08:00
 +
| colspan="4" style="width:80%; background:#C2C2C2" align="center" | Registration
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center"| 09:00
 +
| colspan="4" style="width:80%; background:#F2F2F2" align="center" | Summit Keynote<br>Dinis Cruz and Summit Organization Team
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center" |
 +
| colspan="2" style="width:45%; background:#FFDF80" align="center" |  '''Documents'''
 +
| colspan="2" style="width:45%; background:#a0c0e0" align="center" |  '''Tools''' 
 +
|-
 +
| style="background:#7B8ABD" align="center" | 09:30
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP Testing Project|'''OWASP Testing Guide - SoC 08''']]<br>[http://www.owasp.org/images/2/2c/OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt PowerPoint Presentation]<br>Matteo Meucci
 +
| colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP JSP Testing Tool Project|'''OWASP JSP Testing Tool - SoC 08''']]<br>Jason Li
 +
|-
 +
| style="background:#7B8ABD" align="center" | 09:45
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP Code Review Project|'''OWASP Code Review Project - SoC 08''']]<br>[https://www.owasp.org/images/5/59/Code_Review_Eoin.pptx PowerPoint Presentation]<br>Eoin Keary
 +
| colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP Orizon Project|'''OWASP Orizon Project - SoC 08''']]<br>[https://www.owasp.org/images/9/9b/OWASP_EU_Summit_2008_The_Owasp_Orizon_Project.ppt PowerPoint Presentation]<br>Paolo Perego
 +
|-
 +
| style="background:#7B8ABD" align="center" | 10:00
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP ASDR Project|'''OWASP Application Security Desk Reference - SoC 08''']]<br>Leonardo Cavallari Militelli
 +
| colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP Live CD 2008 Project|'''OWASP Live CD - SoC 08''']]<br>Matt Tesauro
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1: <Room 1>
+
  | style="background:#7B8ABD" align="center" | 10:15
  | style="width:40%; background:#BCA57A" | Track 2: Council Room
+
| colspan="2" style="background:#FFDF80" align="center" | [[:OWASP Spanish|'''OWASP Spanish Project - SoC 08''']]<br>Juan Carlos Calderon
 +
  | colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP WebScarab Project|'''OWASP WebScarab Project''']]<br>[https://www.owasp.org/images/8/88/OWASP_EU_Summit_2008_WebScarab_treasures.ppt PowerPoint Presentation]<br>Rogan Dawes
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee <Diamond Sponsor>
+
  | style="background:#7B8ABD" align="center"| 10:30
 +
| colspan="5" style="background:#C2C2C2" align="center" | Coffee Break
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 09:00-09:05 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Welcome to OWASP Summit Europe 2008
+
  | style="background:#7B8ABD" align="center"| 10:45
''speaker, company''
+
| colspan="2" style="background:#FFDF80" align="center" | .NET ESAPI<br>Alex Smolen
 +
| colspan="2" style="background:#a0c0e0" align="center" |  
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 09:05-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: text [https://www.owasp.org/ link]
+
  | style="width:10%; background:#7B8ABD" align="center" | 11:00
''speaker, company''
+
| colspan="4" style="width:90%; background:#F2F2F2" align="center" | Working Sessions Briefing<br>Dinis Cruz
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP State of the Union
+
  | style="width:10%; background:white" align="center"|
''Dinis Cruz''
+
| colspan="4" style="width:90%; background:white" align="center" | Working Sessions
 +
|}
 +
{| style="width:80%" border="0" align="center" |  
 +
| colspan="5" align="center" style="background:white" |
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
+
  | style="width:10%; background:#7B8ABD" align="center" | 11:15 - 13:00
 +
| style="width:30%; background:#B3FF99" align="center" |  [[:OWASP Working Session - OWASP Documentation Projects|'''Documentation Projects/Guides Integration and Unified 4.0 Version''']]<br>[https://www.owasp.org/images/9/92/Final_OWASP_Guidelines_Ideas_List_.docx WS Conclusions]<br>Eduardo Neves
 +
| style="width:30%; background:#B3FF99" align="center" |  [[:OWASP Working Session - Browser Security|'''OWASP Intrinsic Security Working Group - Browser Security ''']]<br>Arshan Dabirsiaghi
 +
| style="width:30%; background:#B3FF99" align="center" | [[:OWASP Working Session - OWASP Tools Projects|'''Tools Projects]]'''<br>[https://www.owasp.org/images/5/51/EUSummit08_OWASP_Tools_Working_Session_Suggestions.doc WS Conclusions]<br>Matt Tesauro
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-10:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="background:#7B8ABD" align="center" | 13:00
''[[user link | Speaker]], Company''
+
  | colspan="4" style="background:#C2C2C2" align="center" | Lunch
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 11:00-11:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:white" align="center"|
''[[user link | Speaker]], Company''
+
  | colspan="4" style="width:90%; background:white" align="center" | Training Sessions
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 11:20-11:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="background:#7B8ABD" align="center" | 14:00
''[[user link | Speaker]], Company''
+
| style="background:#c0a0a0" align="center" | '''The Art and Science of Threat Modeling Web Applications'''<br>[http://uk.youtube.com/watch?v=r04EOuukvMQ Video]<br>Mano Paul
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
| style="background:#c0a0a0" align="center" | '''Web Server Hardening SELinux'''<br>[https://www.owasp.org/images/d/db/SELinux-course-OWASP.pdf PDF Presentation]<br>Pavol Luptak
''[[user link | Speaker]], Company''
+
  | style="background:#c0a0a0" align="center" | '''Offensive WebApp Hacking'''<br>[http://www.youtube.com/watch?v=cl6BHhi2Dys Video - LDAP, XML and SQL injection]<br>[http://www.carlosserrao.net/files/owasp/owaspdemo02.swf Video - LDAP injection demo]<br>[http://www.carlosserrao.net/files/owasp/owaspdemo04.swf XML injection demo]<br>[http://www.carlosserrao.net/files/owasp/owaspdemo03.swf Video - SQL injection demo ]<br>Marco Slaviero
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 11:40-11:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="background:#7B8ABD" align="center" | 15:00
''[[user link | Speaker]], Company''
+
| style="background:#c0a0a0" align="center" | '''Phishing attack'''<br>[http://www.youtube.com/watch?v=uf9hw-qvx-I Video]<br>Matt Teasuro & Brad Causey
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | colspan="2" style="background:#c0a0a0" align="center" | '''Clickjacking'''<br>[http://www.youtube.com/watch?v=H9srYh0HMP4 Video]<br>[http://www.carlosserrao.net/files/owasp/owaspdemo01.swf Demonstration]<br>Arshan Dabirsiaghi
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 12:00-12:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="background:#7B8ABD" align="center" | 16:00
''[[user link | Speaker]], Company''
+
  | colspan="4" style="background:#C2C2C2" align="center" | Coffee Break
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 12:20-12:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:white" align="center"|
''[[user link | Speaker]], Company''
+
  | colspan="4" style="width:90%; background:white" align="center" | Working Sessions
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 12:35-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
+
  | style="width:10%; background:#7B8ABD" align="center" | 16:30
 +
| colspan="4" style="width:90%; background:#B3FF99" align="center" |[[:OWASP Working Session Enterprise Security API Project|'''OWASP Enterprise Security API Project (ESAPI)''']]<br>[http://uk.youtube.com/watch?v=-D_bymZ-8vI Video]<br>[https://www.owasp.org/images/7/70/ESAPI_Ideas_List.docx WS Conclusions]<br>Jeff Williams
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 14:00-14:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
| style="background:#7B8ABD" align="center" | 18:30
''[[user link | Speaker]], Company''
+
| colspan="2" style="background:#B3FF99" align="center" | [[:OWASP Working Session - OWASP ASDR|'''OWASP Application Security Desk Reference - ASDR]]'''<br>Leonardo Cavallari
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
| style="background:#B3FF99" align="center" | [[:OWASP Working Session - .NET Project|'''.NET Project''']]<br>Dinis Cruz
''[[user link | Speaker]], Company''
+
|}
|-
+
 
  | style="width:10%; background:#7B8ABD" | 14:20-14:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
 
''[[user link | Speaker]], Company''
+
 
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
{| style="width:80%" border="0" align="center"
''[[user link | Speaker]], Company''
+
| colspan="5" align="center" style="background:#4058A0; color:white" | Agenda for Wednesday, November 5th, 2008
 +
|-
 +
  | style="width:10%; background:#7B8ABD" align="center"| 09:15
 +
| colspan="4" style="width:80%; background:#F2F2F2" align="center" | Daily Briefing<br>Dinis Cruz
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 
 +
| colspan="2" style="width:30%; background:#FFDF80" align="center" | '''Standards and Education''' 
 +
| colspan="2" style="width:30%; background:#a0c0e0" align="center" |  '''Tools'''
 +
|-
 +
| style="background:#7B8ABD" align="center" | 10:00
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP Positive Security Project|'''OWASP Positive Security Project - SoC 08''']]<br>Eduardo Neves
 +
| colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP Access Control Rules Tester Project|'''OWASP Access Control Rules Tester - SoC 08''']]<br>[https://www.owasp.org/images/3/32/OWASP_EU_Summit_2008_AcCoRuTe.pptx PowerPoint Presentation]<br>Andrew Petukhov
 +
|-
 +
| style="background:#7B8ABD" align="center" | 10:15
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP Education Project|'''OWASP Education Project - SoC 08''']]<br>Sebastien Deleersnyder, Martin Knobloch
 +
| colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP Teachable Static Analysis Workbench Project|'''OWASP Teachable Static Analysis Workbench - SoC 08''']]<br>[https://www.owasp.org/images/6/69/Teachable_static_analysis_workbench.pptx PowerPoint Presentation]<br>Dmitry Kozlov
 +
|-
 +
| style="background:#7B8ABD" align="center" | 10:30
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:OWASP Internationalization|'''OWASP Internationalization Project - Soc 08''']]<br>Juan Carlos Calderon
 +
| colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP AppSensor Project|'''OWASP AppSensor - SoC 08''']]<br>[https://www.owasp.org/images/7/77/Presentation_AppSensor.ppt PowerPoint Presentation]<br> Michael Coates
 +
|-
 +
| style="background:#7B8ABD" align="center" | 10:45
 +
| colspan="2" style="background:#FFDF80" align="center" | '''PASSWD Project: Metrics and Vulnerabilities'''<br>[https://www.owasp.org/images/f/f6/PASSWD.ppt PowerPoint Presentation]<br>Lucilla Mancini
 +
| colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP Backend Security Project|'''OWASP Backend Security Project - SoC 08''']]<br>[https://www.owasp.org/images/2/20/OWASP_EU_Summit_2008_Presentation_Model.ppt PowerPoint Prsentation]<br>Carlo Pelliccioni
 +
|-
 +
| style="background:#7B8ABD" align="center" | 11:00
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP Open Review Project|'''OWASP Open Review Project''']]<br>Dan Cornell
 +
| colspan="2" style="background:#a0c0e0" align="center" | [[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|'''OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project - SoC 08''']]<br>[https://www.owasp.org/images/c/c4/Site_generator.pptx PowerPoint Presentation]<br>Dmitry Kozlov
 +
|-
 +
| style="background:#7B8ABD" align="center" | 11:15
 +
| colspan="4" style="background:#f2984c" align="center" | [[OWASP EU Summit 2008#NEW GLOBAL COMMITTEE STRUCTURE|'''OWASP Global Committee Elections''']]
 +
|-
 +
| style="background:#7B8ABD" align="center" | 11:30
 +
| colspan="4" style="background:#C2C2C2" align="center" | Coffee Break
 +
|-
 +
| style="width:10%; background:white" align="center"| 
 +
  | colspan="4" style="width:90%; background:white" align="center" | Working Sessions
 +
|-
 +
| style="background:#7B8ABD" align="center" | 12:45
 +
| colspan="2" style="background:#B3FF99" align="center" | [[OWASP Working Session Education Project|'''Education Project''']]<br>[https://www.owasp.org/images/3/33/OWASP_Education_Working_Session_Notes_-_Ideas.ppt WS Conclusions]<br>Sebastien Deleersnyder
 +
| style="background:#B3FF99" align="center" | [[:OWASP Working Session - OWASP Testing Guide|'''Testing Guide''']]<br>Matteo Meucci
 +
| style="background:#B3FF99" align="center" | [[:OWASP Working Session - Web Application Framework Security|'''Web Application Framework Security''']]<br>Arshan Dabirsiaghi
 +
|-
 +
| style="background:#7B8ABD" align="center" | 14:45
 +
| colspan="4" style="background:#C2C2C2" align="center" | Lunch (During Working Sessions)
 +
|-
 +
| style="width:10%; background:white" align="center"| 
 +
| colspan="4" style="width:90%; background:white" align="center" | Training Sessions
 +
|-
 +
| style="background:#7B8ABD" align="center" | 15:00
 +
| style="background:#c0a0a0" align="center" | '''Flash Player Security'''<br>Peleus Uhley
 +
| style="background:#c0a0a0" align="center" | '''OWASP Top 10'''<br>[http://uk.youtube.com/watch?v=GsRbpshqqII Video]<br>Sebastien Deleersnyder and Martin Knobloch
 +
| style="background:#c0a0a0" align="center" | '''Uncovering WebScarab's Secret Treasures'''<br>[https://www.owasp.org/images/8/88/OWASP_EU_Summit_2008_WebScarab_treasures.ppt PowerPoint Presentation]<br>Rogan Dawes
 +
| style="background:#c0a0a0" align="center" | '''Hacking the Orizon'''<br>[http://www.owasp.org/index.php/Image:Hacking_the_Owasp_Orizon.ppt PowerPoint Presentation]<br>Paolo Perego
 +
|-
 +
| style="background:#7B8ABD" align="center"| 17:00
 +
| colspan="5" style="background:#C2C2C2" align="center" | Coffee Break
 +
|-
 +
| style="width:10%; background:white" align="center"| 
 +
| colspan="4" style="width:90%; background:white" align="center" | Working Sessions
 +
|-
 +
| style="background:#7B8ABD" align="center" | 17:30
 +
| style="background:#B3FF99" align="center" | [[:OWASP Working Session - Code Review Guide|'''Code Review Guide''']]<br>Eoin Keary
 +
| style="background:#B3FF99" align="center" | EU Funding for OWASP Projects<br>Carlos Serrao
 +
| style="background:#B3FF99" align="center" | [[:OWASP Working Session - OWASP Certification|'''OWASP Certification''']]<br>Tom Brennan
 +
| style="background:#B3FF99" align="center" | Software Assurance Maturity Model<br>Pravir Chandra
 +
|-
 +
| style="background:#7B8ABD" align="center" | 19:00
 +
| style="background:#B3FF99" align="center" | [[:OWASP Working Session - OWASP Website|'''OWASP Website''']]<br>[https://www.owasp.org/images/8/8b/EUSummit08_OWASP_Web_Site_Working_Session_Suggestions.doc WS Conclusions]<br>[https://www.owasp.org/images/2/2e/Website.ppt PPT Presentation]<br>Fabio Cerullo
 +
| style="background:#B3FF99" align="center" | '''Metrics & Vulnerabilities'''<br>[https://www.owasp.org/images/0/0d/PASSWD_description.doc Word Presentation]<br>Lucilla Mancini
 +
| colspan="2" style="background:#B3FF99" align="center" | OWASP Orizon<br>Paolo Perego
 +
|}
 +
 
 +
 
 +
{| style="width:80%" border="0" align="center"
 +
| colspan="6" align="center" style="background:#4058A0; color:white" | Agenda for Thursday, November 6th, 2008
 +
|-
 +
  | style="width:10%; background:#7B8ABD" align="center"| 09:15
 +
| colspan="5" style="width:80%; background:#F2F2F2" align="center" | Daily Briefing<br>Dinis Cruz
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 
 +
| colspan="2" style="width:30%; background:#FFDF80" align="center" | '''Technology'''
 +
| colspan="3" style="width:30%; background:#a0c0e0" align="center" |  '''Tools'''
 +
|-
 +
| style="background:#7B8ABD" align="center" | 10:00
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Classic ASP Security Project|'''OWASP Classic ASP Security Project - SoC 08''']]<br>Juan Carlos Calderon
 +
| colspan="3" style="background:#a0c0e0" align="center" | [[:Category:OWASP Source Code Review OWASP Projects Project|'''OWASP Source Code Review - SoC 08''']]<br>[https://www.owasp.org/images/c/c9/OWASPEU_SourceReview.ppt PowerPoint Presentation]<br>James Walden
 +
|-
 +
| style="background:#7B8ABD" align="center" | 10:15
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP Ruby on Rails Security Guide V2|'''OWASP Ruby on Rails Security Project - SoC 08''']]<br>[https://www.owasp.org/images/3/32/Rails_security_2_presentation.pdf PDF Presentation]<br>Heiko Webers
 +
| colspan="3" style="background:#a0c0e0" align="center" | [[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|'''OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp - SoC 08''']]<br>Arturo Alberto Busleiman
 +
|-
 +
| style="background:#7B8ABD" align="center" | 10:30
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP Webslayer Project|'''OWASP Webslayer Project''']]<br>Christian Martorella
 +
| colspan="3" style="background:#a0c0e0" align="center" | [[:Category:OWASP Securing WebGoat using ModSecurity Project|'''OWASP Securing WebGoat using ModSecurity Project - SoC 08''']]<br>Stephen Evans and Christian Folini
 +
|-
 +
| style="background:#7B8ABD" align="center" | 11:00
 +
| colspan="2" style="background:#FFDF80" align="center" | [[:Category:OWASP Skavenger Project|'''OWASP Skavenger Project - SoC 08''']]<br>Matthias Rohr
 +
| colspan="3" style="background:#a0c0e0" align="center" | [[:Category:OWASP AntiSamy Project .NET|'''OWASP AntiSamy Project - SoC 08''']]<br>Marcin Wielgoszewski
 +
  |-
 +
| style="background:#7B8ABD" align="center"| 11:15
 +
| colspan="5" style="background:#C2C2C2" align="center" | Coffee Break
 +
|-
 +
| style="width:10%; background:white" align="center"| 
 +
| colspan="5" style="width:90%; background:white" align="center" | Working Sessions
 +
|-
 +
| style="background:#7B8ABD" align="center" | 11:30
 +
| style="background:#B3FF99" align="center" | [[:OWASP Working Session Top 10 2009|'''OWASP Top 10 - 2009''']]<br>Dave Wichers
 +
| style="background:#B3FF99" align="center" | [[:OWASP Working Session - OWASP Intra Governmental Affairs|'''OWASP Intra Governmental Affairs''']]<br>David Campbell
 +
| style="background:#B3FF99" align="center" | SAMM v2
 +
| style="background:#B3FF99" align="center" | [[:OWASP Working Session - OWASP Website|'''OWASP Website''']]<br>Fabio Cerullo
 +
| style="background:#B3FF99" align="center" | Handling Web MalWare
 +
|-
 +
| style="background:#7B8ABD" align="center" | 13:00
 +
| colspan="5" style="background:#C2C2C2" align="center" | Lunch (During Working Sessions)
 +
|-
 +
| style="width:10%; background:white" align="center"| 
 +
| colspan="5" style="width:90%; background:white" align="center" | Training Sessions
 +
|-
 +
| style="background:#7B8ABD" align="center" | 14:00
 +
| style="background:#c0a0a0" align="center" | Ajax Security
 +
| colspan="2" style="background:#c0a0a0" align="center" | Auditing Flash Applications<br>Peleus Uhley
 +
| style="background:#c0a0a0" align="center" | WebApp Assessment<br>Vicente Aguilera Diaz
 +
| style="background:#c0a0a0" align="center" | Mod Security<br>Lucas C. Ferreira
 +
|-
 +
| style="width:10%; background:white" align="center"| 
 +
| colspan="5" style="width:90%; background:white" align="center" | Working Sessions
 +
|-
 +
| style="background:#7B8ABD" align="center" | 16:30
 +
| colspan="5" style="background:#B3FF99" align="center" |  [[:Working Session OWASP Strategic Planning|'''OWASP Strategic Planning and Business Models compatible with OWASP values''']]<br>Jeff Williams, Dinis Cruz, Dave Wichers, Sebastien Deleersnyder, Tom Brennan & Kate Hartmann and Paulo Combra
 +
|-
 +
| style="background:#7B8ABD" align="center" | 18:30
 +
| colspan="2" style="background:#B3FF99" align="center" | [[:OWASP Working Session - Two-way Internationalization of OWASP Content|'''Two-way Internationalization of OWASP Content''']]<br>Juan Carlos Calderon & Sebastien Deleersnyder
 +
| colspan="2" style="background:#B3FF99" align="center" | [[:Best Practices for OWASP Chapter Leaders|'''OWASP Best Practices for Chapter Leaders''']]<br>[https://www.owasp.org/images/0/01/BestPractices_2008.pptx WS Conclusions]<br>Georg Hess
 +
| colspan="2" style="background:#B3FF99" align="center" | [[:OWASP Working Session - OWASP Live CD&DVD|'''OWASP Live CD & DVD''']]<br>Matt Tesauro
 +
|-
 +
| style="background:#7B8ABD" align="center" | 20:00
 +
| colspan="5" style="background:#C2C2C2" align="center" | Gala Dinner
 +
|-
 +
| style="background:#7B8ABD " align="center" | 22:00
 +
| colspan="5" style="background:#C2C2C2" align="center" | OWASP Band
 +
|}
 +
 
 +
 
 +
{| style="width:80%" border="0" align="center"
 +
| colspan="2" align="center" style="background:#4058A0; color:white" | Agenda for Friday, November 7th, 2008
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center" | 10:00
 +
| style="width:80%; background:#F2F2F2" align="center" | Daily Briefing<br>Dinis Cruz
 +
|-
 +
| style="width:10%; background:#7B8ABD" align="center" | 10:15
 +
| style="width:80%; background:#f2984c" align="center" | OWASP AppSec Agenda 2009:  Working Session Outcomes
 +
|-
 +
| style="width:10%; background:#7B8ABD" | 
 +
| style="width:80%; background:#C2C2C2" align="center" | Documentation Projects/Guides Integration and Unified 4.0 Version<br>Eduardo Neves
 +
|-
 +
| style="width:10%; background:#7B8ABD" |
 +
| style="width:80%; background:#C2C2C2" align="center" | Browser Security<br>Arshan Dabirsiaghi
 +
|-
 +
| style="width:10%; background:#7B8ABD" |
 +
| style="width:80%; background:#C2C2C2" align="center" | ESAPI<br>Jeff Williams
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 14:40-14:55 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | Tools Projects<br>Matt Tesauro
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 15:00-15:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |   
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | Code Review Guide<br>Eoin Keary
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
|-
 
  | style="width:10%; background:#7B8ABD" | 15:20-15:35 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
|-
 
| style="width:10%; background:#7B8ABD" | 15:35-15:55 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
 
|-
 
| style="width:10%; background:#7B8ABD" | 16:00-16:15 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
| style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 15:20-15:35 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | [[SummitEU08_link | Event Title ]] Organized by
+
  | style="width:10%; background:#7B8ABD" |
 +
| style="width:80%; background:#C2C2C2" align="center" | OWASP Certification<br>Tom Brennan
 
  |-
 
  |-
 +
| style="width:10%; background:#7B8ABD" | 
 +
| style="width:80%; background:#C2C2C2" align="center" | Software Assurance Maturity Model<br>Pravir Chandra
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 19:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering: Dinner and Drinks at ...
+
  | style="width:10%; background:#7B8ABD" |
 +
| style="width:80%; background:#C2C2C2" align="center" | Top 10 2009<br>Dave Wichers
 
  |-
 
  |-
  ! colspan="3" align="center" style="background:#4058A0; color:white" | Day 4 - November 7, 2008
+
  | style="width:10%; background:#7B8ABD"
 +
| style="width:80%; background:#C2C2C2" align="center" | Intra Governmental Affairs<br>David Campbell
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | || style="width:40%; background:#BC857A" | Track 1:  <Room 1>
+
  | style="width:10%; background:#7B8ABD" |
| style="width:40%; background:#BCA57A" | Track 2: Council Room
+
| style="width:80%; background:#C2C2C2" align="center" | Best Practices for Chapter Leaders<br>Georg Hess
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee <Diamond Sponsor>
+
  | style="width:10%; background:#7B8ABD" align="center" | 11:15
 +
| style="width:80%; background:#f2984c" align="center" | Coffee Break and Vote (put your dots on the wall)
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | Keynote: text [https://www.owasp.org/ link]
+
  | style="width:10%; background:#7B8ABD" align="center" | 11:30
''speaker, company''
+
| style="width:80%; background:#C2C2C2" align="center" | Live CD & DVD<br>Matt Tesauro
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 09:45-10:20 || colspan="2" style="width:80%; background:#F2F2F2" align="center" | OWASP Looking Forward
+
  | style="width:10%; background:#7B8ABD" |
''speaker, company''
+
| style="width:80%; background:#C2C2C2" align="center" | ADSR<br>Leonardo Cavallari
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:20-10:40 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
+
  | style="width:10%; background:#7B8ABD" |
 +
| style="width:80%; background:#C2C2C2" align="center" | Education Project<br>Sebastien Deleersnyder
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | Web Application Framework Security<br>Arshan Dabirsiaghi
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | Testing Guide<br>Matteo Meucci
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | OWASP Censorship<br>Tom Brennan
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 12:30-14:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
+
  | style="width:10%; background:#7B8ABD" |
 +
| style="width:80%; background:#C2C2C2" align="center" | EU Funding for OWASP Projects<br>Carlos Serrao
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | OWASP Website<br>Fabio Cerullo
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | OWASP Orizon<br>Paolo Perego
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | Handling Web MalWare
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 15:50-16:10 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
+
  | style="width:10%; background:#7B8ABD" |
 +
| style="width:80%; background:#C2C2C2" align="center" | 2-Way Internationalization<br>Juan Carlos Calderon
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | Portuguese Public & Private Organizations<br>Carlos Serrao
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 10:40-11:20 || style="width:40%; background:#BC857A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
+
  | style="width:10%; background:#7B8ABD" align="center" |
''[[user link | Speaker]], Company''
+
  | style="width:80%; background:#C2C2C2" align="center" | Winter of Code 2009<br>Dinis Cruz and Sebastien Deleersnyder
  | style="width:40%; background:#BCA57A" align="left" | [[SummitEU08_link | title]] ([http://www.owasp.org/location.ppt ppt])
 
''[[user link | Speaker]], Company''
 
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 18:00-19:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | [[SummitEU08_link | Event Title ]] Organized by
+
  | style="width:10%; background:#7B8ABD" align="center" | 13:00  
 +
| style="width:80%; background:#F2F2F2" align="center" | Lunch
 
  |-
 
  |-
  | style="width:10%; background:#7B8ABD" | 19:00-21:00 || colspan="2" style="width:80%; background:#C2C2C2" align="left" | OWASP Social Gathering: Dinner and Drinks at ...}
+
  | style="width:10%; background:#7B8ABD" align="center"| 14:00  
 +
| style="width:80%; background:#f2984c" align="center" | [http://www.owasp.org/index.php/Owasp_Board_Meetings_11-07-08 Board Meeting]
 
  |-
 
  |-
 +
| style="width:10%; background:#7B8ABD" align="center" | 17:00
 +
| style="width:80%; background:#f2984c" align="center" | Announcement of Summit Procedings
 
  |}
 
  |}
  
Venue: <address> [http://owasp.org Google Maps Link]  
+
== OWASP BOARD MEETING ==
 +
Board meeting was held at the OWASP Summit - [http://www.owasp.org/index.php/Owasp_Board_Meetings_11-07-08 RESULTS].
 +
 
 +
== EVENT'S PHOTOS ==
 +
 
 +
More event's photos can be seen [http://picasaweb.google.com/paulocoimbra7/OWASPSummitEUPortugal2008# here].<br>[http://picasaweb.google.com/paulocoimbra7/OWASPSummitEUPortugal2008#slideshow Summit's slide show].
 +
 
 +
==ARCHIVED DATA==
 +
 
 +
'''FORMER AGENDA''': [[:OWASP EU Summit 2008 Former Agenda|Click here to see.]]
 +
 
 +
'''SUMMIT BROCHURE''': [https://www.owasp.org/images/8/89/OWASP_EU_Summit_2008-Overview.pdf 6 page brochure] or this [https://www.owasp.org/images/3/3d/OWASP_EU_Summit_2008_-Full_Brochure.pdf 33 page brochure].
 +
 
 +
'''VENUE & TRAVEL ARRANGEMENTS''': The OWASP European Summit 2008 was hosted at the 5 start Resort in Algarve Portugal ([http://www.granderealsantaeulaliahotel.com/index.html '''Grande Real Santa Eulália Resort & Hotel''']). Hotel booking and the travel arrangements were be handled via [http://www.diplomatatours.pt/owasp.php '''Diplomata Tours'''], the assigned travel agency. The venue location - [http://maps.google.com/maps?f=q&hl=en&geocode=&q=Grande+Real+Santa+Eul%C3%A1lia+Resort+%26+Hotel+algarve&sll=37.015438,-7.919769&sspn=0.084982,0.176468&ie=UTF8&ll=37.124054,-8.182583&spn=0.08486,0.176468&z=13&iwloc=B Google Maps Link]. Nearest Airport - [http://maps.google.co.uk/maps?f=q&hl=en&geocode=&q=Aeroporto+de+Faro,+Montenegro,+Faro,+8005,+Portugal&ie=UTF8&ll=37.096812,-7.967834&spn=0.502766,1.235962&z=10&output=html Faro].
 +
 
 +
'''OTHER LINKS''': [[OWASP EU Summit 2008--PRESS|Press Information]], [[:OWASP Working Session - Browser Security Letters|Open Letter to Browsers&Frameworks]], [[:OWASP Summit UALG 1 Day Conference|OWASP Summit UALG 1 Day Conference]], [http://twitter.com/OwaspEU08Summit OwaspEU08Summit on Twitter!], [[OWASP EU Summit 2008 Internals|OWASP EU Summit 2008 Internals]].
 +
 
 +
'''SPONSORS''':
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="0" align="center" style="background:white; color:white" |
 +
|-
 +
| style="width:100%; background:#FFDF80"; align="center" | https://www.owasp.org/images/5/5a/AOD_Logo_2c.gif https://www.owasp.org/images/9/9e/Mnemonic_logo.png    https://www.owasp.org/images/1/1a/Softtek_logo.gif 
 +
|}
  
Registration is available via the OWASP Conference Cvent site at: [http://owasp.org Cvent link]
+
[[Category:OWASP AppSec Conference]]

Latest revision as of 10:40, 6 February 2009

OWASP EU Summit Portugal 2008.jpg
'SETTING THE WEB APPLICATION SECURITY AGENDA FOR 2009'
3th - 7th November 2008
Summit Group 4.jpg

KEY RESULTS FROM THE OWASP SUMMIT

SUMMIT CONCLUSIONS DOCUMENT

"ALGARVE, PORTUGAL, November 7, 2008 – The Open Web Application Security Project (OWASP) today announced results from the annual OWASP Summit. Over 80 application security experts from over 20 countries joined forces to identify, coordinate, and prioritize our 2009 efforts to create a more secure Internet.

OWASP is a free and open community that focuses on improving application security. There is overwhelming evidence that the vast majority of web applications contain security holes that are increasingly putting people and organizations at serious risk. Securing web applications is an extraordinarily difficult technical challenge that demands a concerted effort.

“OWASP came together for a week and produced a stunning amount of new ideas,” said OWASP Chair Jeff Williams. “Our community is growing and organizing into a powerful movement that will affect software development worldwide. This summit marks a major milestone our efforts to improve application security. (...)” See here the fully OWASP Board's signed document with OWASP Summit 2008's conclusions" and watch OWASP Board's (Dinis Cruz and Jeff Williams) videos:



Key results from the OWASP Summit include:

UPDATED OWASP PRINCIPLES

• Free & Open,

• Governed by rough consensus & running code,

• Abide by a code of ethics (see ethics),

• Not-for-profit,

• Not driven by commercial interests,

• Risk based approach.

UPDATED CODE OF ETHICS

• Support the implementation of and promote compliance with standards, procedures, controls for application security,

• Have objectivity, due diligence and professional care in accordance with established standards,

• Responsible disclosure.

NEW OUTREACH PROGRAMS

• OWASP has expanded its outreach efforts by building relationships with technology vendors, framework providers, and standards bodies. In addition, we piloted a new program to provide free one-day seminars at universities and developer conferences worldwide.

NEW GLOBAL COMMITTEE STRUCTURE

• OWASP recognized the extraordinary contribution of our most active leaders by engaging them to lead a set of six new committees. Each democratically established committee will focus on a key function or geographic region, such as OWASP projects, conferences, local chapters, membership and industry outreach.

OWASP GLOBAL COMMITTEES (OWASP GC) - ELECTED AT THE OWASP SUMMIT 08
OWASP GLOBAL COMMITTEES Projects & Tools Membership Education Conferences Industry Chapters
Current committee members


See here How to Join a Global Committee.

NEW FREE TOOLS AND GUIDANCE

• OWASP announced the release of Live CD 2008, many new testing tools, static analysis tools, the Enterprise Security API (ESAPI v1.4), AntiSamy, the Application Security Verification Standard (ASVS), guidance for Ruby on Rails and Classic ASP, international versions of our materials, and much more.

OWASP is proud to launch the following new or updated tools:
PROJECT AUTHOR
OWASP Application Security Verification Standard - SoC 08 Mike Boberski
OWASP AppSensor - SoC 08 Michael Coates
OWASP Access Control Rules Tester - SoC 08 Andrew Petukhov
OWASP AntiSamy Project - SoC 08 Arshan Dabirsiaghi
OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project - SoC 08 Dmitry Kozlov
OWASP Code Crawler - SoC 08
Power Point Presentation
Alessio Marziali
OWASP JSP Testing Tool - SoC 08 Jason Li
OWASP Live CD - SoC 08 Matt Tesauro
OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp - SoC 08 Arturo ‘Buanzo’
OWASP Orizon Project - SoC 08 Paolo Perego
OWASP Python Static Analysis Project - SoC 08 Georgy Kilmov
OWASP Skavenger Project - SoC 08 Matthias Rohr
OWASP Teachable Static Analysis Workbench - SoC 08 Dmitry Kozlov & Igor Konnov


OWASP is proud to launch the following new or updated documents and resources:
PROJECT AUTHOR
OWASP Application Security Desk Reference - SoC 08 Leonardo Cavallari
OWASP Backend Security Project - SoC 08 Carlo Pelliccioni
OWASP Classic ASP Security Project - SoC 08 Juan Carlos Calderon
OWASP Code Review Project - SoC 08 Eoin Keary
OWASP Education Project - SoC 08 Sebastien Deleersnyder, Martin Knobloch
OWASP Internationalization Project - Soc 08 Juan Carlos Calderon
OWASP Spanish Project - SoC 08 Juan Carlos Calderon
OWASP Positive Security Project - SoC 08 Eduardo V.C. Neves
OWASP Ruby on Rails Security Project - SoC 08 Heiko Webers
OWASP Securing WebGoat using ModSecurity Project - SoC 08 Stephen Craig Evans
OWASP Source Code Review - SoC 08 James Walden
OWASP Testing Guide V3 - SoC 08
PowerPoint Presentation
Matteo Meucci

Find more OWASP Projects at the OWASP Projects Page.

EVENT AGENDA

Agenda for Monday, November 3rd, 2008
13:00 Lunch
Training Sessions
15:00 - 17:00 Securing WebGoat with ModSecurity
Stephen Craig Evans
WebSec Apps for Managers and Executives
Video
Mano Paul
OWASP Testing Guide
Matteo Meucci
19:00 Summit Briefing
Dinis Cruz and Summit Organization Team
20:00 Dinner


Agenda for Tuesday, November 4th, 2008
08:00 Registration
09:00 Summit Keynote
Dinis Cruz and Summit Organization Team
Documents Tools
09:30 OWASP Testing Guide - SoC 08
PowerPoint Presentation
Matteo Meucci
OWASP JSP Testing Tool - SoC 08
Jason Li
09:45 OWASP Code Review Project - SoC 08
PowerPoint Presentation
Eoin Keary
OWASP Orizon Project - SoC 08
PowerPoint Presentation
Paolo Perego
10:00 OWASP Application Security Desk Reference - SoC 08
Leonardo Cavallari Militelli
OWASP Live CD - SoC 08
Matt Tesauro
10:15 OWASP Spanish Project - SoC 08
Juan Carlos Calderon
OWASP WebScarab Project
PowerPoint Presentation
Rogan Dawes
10:30 Coffee Break
10:45 .NET ESAPI
Alex Smolen
11:00 Working Sessions Briefing
Dinis Cruz
Working Sessions
11:15 - 13:00 Documentation Projects/Guides Integration and Unified 4.0 Version
WS Conclusions
Eduardo Neves
OWASP Intrinsic Security Working Group - Browser Security
Arshan Dabirsiaghi
Tools Projects
WS Conclusions
Matt Tesauro
13:00 Lunch
Training Sessions
14:00 The Art and Science of Threat Modeling Web Applications
Video
Mano Paul
Web Server Hardening SELinux
PDF Presentation
Pavol Luptak
Offensive WebApp Hacking
Video - LDAP, XML and SQL injection
Video - LDAP injection demo
XML injection demo
Video - SQL injection demo
Marco Slaviero
15:00 Phishing attack
Video
Matt Teasuro & Brad Causey
Clickjacking
Video
Demonstration
Arshan Dabirsiaghi
16:00 Coffee Break
Working Sessions
16:30 OWASP Enterprise Security API Project (ESAPI)
Video
WS Conclusions
Jeff Williams
18:30 OWASP Application Security Desk Reference - ASDR
Leonardo Cavallari
.NET Project
Dinis Cruz


Agenda for Wednesday, November 5th, 2008
09:15 Daily Briefing
Dinis Cruz
Standards and Education Tools
10:00 OWASP Positive Security Project - SoC 08
Eduardo Neves
OWASP Access Control Rules Tester - SoC 08
PowerPoint Presentation
Andrew Petukhov
10:15 OWASP Education Project - SoC 08
Sebastien Deleersnyder, Martin Knobloch
OWASP Teachable Static Analysis Workbench - SoC 08
PowerPoint Presentation
Dmitry Kozlov
10:30 OWASP Internationalization Project - Soc 08
Juan Carlos Calderon
OWASP AppSensor - SoC 08
PowerPoint Presentation
Michael Coates
10:45 PASSWD Project: Metrics and Vulnerabilities
PowerPoint Presentation
Lucilla Mancini
OWASP Backend Security Project - SoC 08
PowerPoint Prsentation
Carlo Pelliccioni
11:00 OWASP Open Review Project
Dan Cornell
OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project - SoC 08
PowerPoint Presentation
Dmitry Kozlov
11:15 OWASP Global Committee Elections
11:30 Coffee Break
Working Sessions
12:45 Education Project
WS Conclusions
Sebastien Deleersnyder
Testing Guide
Matteo Meucci
Web Application Framework Security
Arshan Dabirsiaghi
14:45 Lunch (During Working Sessions)
Training Sessions
15:00 Flash Player Security
Peleus Uhley
OWASP Top 10
Video
Sebastien Deleersnyder and Martin Knobloch
Uncovering WebScarab's Secret Treasures
PowerPoint Presentation
Rogan Dawes
Hacking the Orizon
PowerPoint Presentation
Paolo Perego
17:00 Coffee Break
Working Sessions
17:30 Code Review Guide
Eoin Keary
EU Funding for OWASP Projects
Carlos Serrao
OWASP Certification
Tom Brennan
Software Assurance Maturity Model
Pravir Chandra
19:00 OWASP Website
WS Conclusions
PPT Presentation
Fabio Cerullo
Metrics & Vulnerabilities
Word Presentation
Lucilla Mancini
OWASP Orizon
Paolo Perego


Agenda for Thursday, November 6th, 2008
09:15 Daily Briefing
Dinis Cruz
Technology Tools
10:00 OWASP Classic ASP Security Project - SoC 08
Juan Carlos Calderon
OWASP Source Code Review - SoC 08
PowerPoint Presentation
James Walden
10:15 OWASP Ruby on Rails Security Project - SoC 08
PDF Presentation
Heiko Webers
OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp - SoC 08
Arturo Alberto Busleiman
10:30 OWASP Webslayer Project
Christian Martorella
OWASP Securing WebGoat using ModSecurity Project - SoC 08
Stephen Evans and Christian Folini
11:00 OWASP Skavenger Project - SoC 08
Matthias Rohr
OWASP AntiSamy Project - SoC 08
Marcin Wielgoszewski
11:15 Coffee Break
Working Sessions
11:30 OWASP Top 10 - 2009
Dave Wichers
OWASP Intra Governmental Affairs
David Campbell
SAMM v2 OWASP Website
Fabio Cerullo
Handling Web MalWare
13:00 Lunch (During Working Sessions)
Training Sessions
14:00 Ajax Security Auditing Flash Applications
Peleus Uhley
WebApp Assessment
Vicente Aguilera Diaz
Mod Security
Lucas C. Ferreira
Working Sessions
16:30 OWASP Strategic Planning and Business Models compatible with OWASP values
Jeff Williams, Dinis Cruz, Dave Wichers, Sebastien Deleersnyder, Tom Brennan & Kate Hartmann and Paulo Combra
18:30 Two-way Internationalization of OWASP Content
Juan Carlos Calderon & Sebastien Deleersnyder
OWASP Best Practices for Chapter Leaders
WS Conclusions
Georg Hess
OWASP Live CD & DVD
Matt Tesauro
20:00 Gala Dinner
22:00 OWASP Band


Agenda for Friday, November 7th, 2008
10:00 Daily Briefing
Dinis Cruz
10:15 OWASP AppSec Agenda 2009: Working Session Outcomes
Documentation Projects/Guides Integration and Unified 4.0 Version
Eduardo Neves
Browser Security
Arshan Dabirsiaghi
ESAPI
Jeff Williams
Tools Projects
Matt Tesauro
Code Review Guide
Eoin Keary
OWASP Certification
Tom Brennan
Software Assurance Maturity Model
Pravir Chandra
Top 10 2009
Dave Wichers
Intra Governmental Affairs
David Campbell
Best Practices for Chapter Leaders
Georg Hess
11:15 Coffee Break and Vote (put your dots on the wall)
11:30 Live CD & DVD
Matt Tesauro
ADSR
Leonardo Cavallari
Education Project
Sebastien Deleersnyder
Web Application Framework Security
Arshan Dabirsiaghi
Testing Guide
Matteo Meucci
OWASP Censorship
Tom Brennan
EU Funding for OWASP Projects
Carlos Serrao
OWASP Website
Fabio Cerullo
OWASP Orizon
Paolo Perego
Handling Web MalWare
2-Way Internationalization
Juan Carlos Calderon
Portuguese Public & Private Organizations
Carlos Serrao
Winter of Code 2009
Dinis Cruz and Sebastien Deleersnyder
13:00 Lunch
14:00 Board Meeting
17:00 Announcement of Summit Procedings

OWASP BOARD MEETING

Board meeting was held at the OWASP Summit - RESULTS.

EVENT'S PHOTOS

More event's photos can be seen here.
Summit's slide show.

ARCHIVED DATA

FORMER AGENDA: Click here to see.

SUMMIT BROCHURE: 6 page brochure or this 33 page brochure.

VENUE & TRAVEL ARRANGEMENTS: The OWASP European Summit 2008 was hosted at the 5 start Resort in Algarve Portugal (Grande Real Santa Eulália Resort & Hotel). Hotel booking and the travel arrangements were be handled via Diplomata Tours, the assigned travel agency. The venue location - Google Maps Link. Nearest Airport - Faro.

OTHER LINKS: Press Information, Open Letter to Browsers&Frameworks, OWASP Summit UALG 1 Day Conference, OwaspEU08Summit on Twitter!, OWASP EU Summit 2008 Internals.

SPONSORS:

AOD_Logo_2c.gif Mnemonic_logo.png Softtek_logo.gif