OWASP Working Session Top 10 2009

From OWASP
Revision as of 14:03, 29 October 2008 by Nishi (Talk | contribs)

Jump to: navigation, search
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Work Session Name OWASP Top 10 2009
Short Work Session Description Aims to provide a key awareness document for web application security.
Related Projects (if any) OWASP Top Ten Project
Email Contacts & Roles Chair
Dave Wichers
Secretary
Jeff Williams
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  • Discuss current Top10 structure and objectives,
  • Identify which information sources will be considered for analysis, Eg:
    • MITRE
    • Compromise DB's (Attrition, WASC etc) and bias due to reporting
    • Anonomised penetration test results and the difficulty in obtaining
  • Define methodology to collect attacks statistics,
  • Define prioritisation approach
    • Agree weighting between current or emerging threats
Venue/Date&Time/Model Venue
OWASP EU Summit Portugal 2008
Date&Time
November 5 & 7, 2008
Time TBD
Discussion Model
"Participants + Attendees"
WORKING SESSION OPERATIONAL RESOURCES
Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
WORKING SESSION ADDITIONAL DETAILS
Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.

Potential Resources:

WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions Proposed by Working Group Approved by OWASP Board
The sources of input for the 2009 Top 10 will be identified. After the Board Meeting - fill in here.
The ordering scheme for the Top 10 will be determined. After the Board Meeting - fill in here.
Discussion of whether the existing document structure should be maintained or adjusted. After the Board Meeting - fill in here.

Working Session Participants

(Add your name by editing this table. On the right, just above this frame, you have the option to edit)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
1 Paolo Perego Spike Reply As penetration tester it woud be great to me to participating in writing the new Top 10. As code reviewer and Orizon project leader it would be very interesting in scouting dynamic threats in order to add some dynamic feature to my tool.
2 David Campbell OWASP Denver
3 Robert Mann RBS / ABN AMRO
4 Troy Leach PCI Security Standards Council Technical Director
5 Eoin Keary Ernst & Young. Long time OWASP member (Code and Testing guides)
6 Matteo Meucci Minded Security I'd like to discuss about a new way to create the Top10 from the OWASP Community
7 Giorgio Fedon Minded Security
8 Andrea Cogliati OWASP Rochester, NY I volunteered as a technical writer
9 Christian Martorella S21sec Interested in participating on the creating the Top 10, share some ideas.
10 Tom Brennan OWASP/WhiteHat Security Want to discuss some of the stats we can share with OWASP

|-

| style="width:7%; background:#7B8ABD" align="center"|11
| style="width:15%; background:#cccccc" align="center"| Nishi Kumar
| style="width:15%; background:#cccccc" align="center"| Systems Architect (FIS) Global Web Development
| style="width:63%; background:#cccccc" align="center"| Interested in participating and sharing ideas
|}

If needed add here more lines.