Difference between revisions of "Projects Summit 2013/Working Sessions/001"

From OWASP
Jump to: navigation, search
Line 111: Line 111:
 
| summit_session_attendee_username1 =  
 
| summit_session_attendee_username1 =  
 
| summit_session_attendee_company1=
 
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=[https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP AntiSamy Project]
  
 
| summit_session_attendee_name2 = Kevin Wall
 
| summit_session_attendee_name2 = Kevin Wall
Line 117: Line 117:
 
| summit_session_attendee_username2 =  
 
| summit_session_attendee_username2 =  
 
| summit_session_attendee_company2=
 
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]
  
 
| summit_session_attendee_name3 = Jeff Williams
 
| summit_session_attendee_name3 = Jeff Williams
Line 123: Line 123:
 
| summit_session_attendee_username3 =  
 
| summit_session_attendee_username3 =  
 
| summit_session_attendee_company3=  
 
| summit_session_attendee_company3=  
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=[https://www.owasp.org/index.php/Projects/OWASP_ModSecurity_Core_Rule_Set_Project OWASP ModSecurity Core Rule Set]
  
 
| summit_session_attendee_name4 =  
 
| summit_session_attendee_name4 =  
Line 129: Line 129:
 
| summit_session_attendee_username4 =  
 
| summit_session_attendee_username4 =  
 
| summit_session_attendee_company4=
 
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=[https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project OWASP CSRFGuard]
  
 
| summit_session_attendee_name5 =  
 
| summit_session_attendee_name5 =  
Line 135: Line 135:
 
| summit_session_attendee_username5 =  
 
| summit_session_attendee_username5 =  
 
| summit_session_attendee_company5=  
 
| summit_session_attendee_company5=  
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=[https://www.owasp.org/index.php?title=OWASP_Web_Testing_Environment_Project OWASP Web Testing Environment]
  
 
| summit_session_attendee_name6 =  
 
| summit_session_attendee_name6 =  
Line 141: Line 141:
 
| summit_session_attendee_username6 =  
 
| summit_session_attendee_username6 =  
 
| summit_session_attendee_company6=
 
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=[https://www.owasp.org/index.php/Webgoat Webgoat]
  
 
| summit_session_attendee_name7 =  
 
| summit_session_attendee_name7 =  
Line 147: Line 147:
 
| summit_session_attendee_username7 =  
 
| summit_session_attendee_username7 =  
 
| summit_session_attendee_company7=
 
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy]
  
 
| summit_session_attendee_name8 =  
 
| summit_session_attendee_name8 =  
Line 153: Line 153:
 
| summit_session_attendee_username8 =  
 
| summit_session_attendee_username8 =  
 
| summit_session_attendee_company8=
 
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=[https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard]
  
 
| summit_session_attendee_name9 =  
 
| summit_session_attendee_name9 =  
Line 159: Line 159:
 
| summit_session_attendee_username9 =  
 
| summit_session_attendee_username9 =  
 
| summit_session_attendee_company9=
 
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=[https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review]
  
 
| summit_session_attendee_name10 =  
 
| summit_session_attendee_name10 =  
Line 165: Line 165:
 
| summit_session_attendee_username10 =  
 
| summit_session_attendee_username10 =  
 
| summit_session_attendee_company10=
 
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=[https://www.owasp.org/index.php/OWASP_Codes_of_Conduct OWASP Codes of Conduct]
  
 
| summit_session_attendee_name11 =  
 
| summit_session_attendee_name11 =  
Line 171: Line 171:
 
| summit_session_attendee_username11 =  
 
| summit_session_attendee_username11 =  
 
| summit_session_attendee_company11=
 
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=[https://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Development Guide Project]
  
 
| summit_session_attendee_name12 =  
 
| summit_session_attendee_name12 =  
Line 177: Line 177:
 
| summit_session_attendee_username12 =  
 
| summit_session_attendee_username12 =  
 
| summit_session_attendee_company12=
 
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=[https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide OWASP Secure Coding Practices]
  
 
| summit_session_attendee_name13 =  
 
| summit_session_attendee_name13 =  
Line 183: Line 183:
 
| summit_session_attendee_username13 =  
 
| summit_session_attendee_username13 =  
 
| summit_session_attendee_company13=
 
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=[https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model OWASP Software Assurance Maturity Model]
  
 
| summit_session_attendee_name14 =  
 
| summit_session_attendee_name14 =  
Line 189: Line 189:
 
| summit_session_attendee_username14 =  
 
| summit_session_attendee_username14 =  
 
| summit_session_attendee_company14=
 
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=  
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]
  
 
| summit_session_attendee_name15 =  
 
| summit_session_attendee_name15 =  
Line 195: Line 195:
 
| summit_session_attendee_username15 =  
 
| summit_session_attendee_username15 =  
 
| summit_session_attendee_company15=
 
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten]
  
 
| summit_session_attendee_name16 =  
 
| summit_session_attendee_name16 =  
Line 201: Line 201:
 
| summit_session_attendee_username16 =  
 
| summit_session_attendee_username16 =  
 
| summit_session_attendee_company16=
 
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=[https://www.owasp.org/index.php/OWASP_Cornucopia OWASP Cornucopia]
  
 
| summit_session_attendee_name17 =  
 
| summit_session_attendee_name17 =  
Line 207: Line 207:
 
| summit_session_attendee_username17 =  
 
| summit_session_attendee_username17 =  
 
| summit_session_attendee_company17=
 
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=[https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework OWASP Xenotix XSS Exploit Framework]
  
 
| summit_session_attendee_name18 =  
 
| summit_session_attendee_name18 =  
Line 213: Line 213:
 
| summit_session_attendee_username18 =  
 
| summit_session_attendee_username18 =  
 
| summit_session_attendee_company18=
 
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=[https://www.owasp.org/index.php/Cheat_Sheets OWASP Cheat Sheets]
  
 
| summit_session_attendee_name19 =  
 
| summit_session_attendee_name19 =  
Line 219: Line 219:
 
| summit_session_attendee_username19 =  
 
| summit_session_attendee_username19 =  
 
| summit_session_attendee_company19=
 
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=[https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer OWASP Java HTML Sanitizer]
  
 
| summit_session_attendee_name20 =  
 
| summit_session_attendee_name20 =  
Line 225: Line 225:
 
| summit_session_attendee_username20 =  
 
| summit_session_attendee_username20 =  
 
| summit_session_attendee_company20=
 
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=[https://www.owasp.org/index.php/OWASP_AppSensor_Project OWASP AppSensor]
  
  

Revision as of 00:51, 14 November 2013

Global Summit 2013 Home Page
Global Summit 2013 Tracks

Working Session.jpg ESAPI Hackathon
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Coordinate a Hackathon where ESAPI Project Goals are worked on and delivered based on the roadmap.
Related Projects (if any)


Email Contacts & Roles Chair
Chris Schmidt @

Operational Manager
Kevin Wall @
Mailing list
Google Groups: owasp-project-summit-2013
WORKING SESSION SPECIFICS
Objectives
  1. Planning to sponsor 2 "senior developers" to attend the hack-a-thon and take the lead role on the development effort, they will be involved in the architecture aspect of the project and goal-building and attendees will be able to choose a component from the architecture to work on.
  2. We will purchase a prize for the developer/team that accomplishes the most quality work scored based on complexity of the component(s) they will be working on. The judges for the prizes will be Jeff Williams, Kevin Wall and Chris Schmidt.
  3. There will be a set of guidelines for entries – primarily, backwards compatibility and/or clear upgrade path from ESAPI 2.x, testability, and distribution model of the component.

Venue/Date&Time/Model Venue/Room
AppSec USA 2013: Times Square, New York City
Date & Time
Monday to Thursday, November 18-21: 9am to 11am.


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS

NEW-PROJECTS-BANNER2.jpg

Chair: Chris Schmidt

Chris is currently the Project Leader for the OWASP ESAPI Projects and also serves on the OWASP Global Projects Committee. He has been involved with OWASP for 4 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership discussions amongst the organization. During the day, Chris is an Application Security Engineer and Senior Software Engineer for Aspect Security where he has been since fall 2010. Prior to joining the team at Aspect Security he spent 5 years as 'Black Ops Beef' for ServiceMagic Inc with the official title of Software Engineer. Before getting involved in software professionally, Chris worked in hardware as a Senior Field Service Engineer providing hardware and software support for PC’s, Servers, Midrange Systems and Peripherals for 9 years.

Operational Manager: Kevin Wall

Experienced Application Security developer, OWASP ESAPI Project co-owner.

WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group 'Delivered by Working Group

Identify the primary goals to deem the hack-a-thon a success.

After the Meeting - fill in here.

Layout the overall architecture vision for ESAPI 3.0.

After the Meeting - fill in here.

Lay down the infrastructure (Git, Continuous Integration, Testing Framework, etc.).

After the Meeting - fill in here.

Design the specification for the components that will be required.

After the Meeting - fill in here.

Close down all inactive ESAPI Projects.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed

{{{summit_session_attendee_company21}}}
{{{summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed21}}}
Chris Schmidt @

OWASP AntiSamy Project
Kevin Wall @

OWASP Enterprise Security API
Jeff Williams @

OWASP ModSecurity Core Rule Set


OWASP CSRFGuard


OWASP Web Testing Environment


Webgoat


OWASP Zed Attack Proxy


OWASP Application Security Verification Standard


OWASP Code Review


OWASP Codes of Conduct


OWASP Development Guide Project


OWASP Secure Coding Practices


OWASP Software Assurance Maturity Model


OWASP Testing Guide


OWASP Top Ten


OWASP Cornucopia


OWASP Xenotix XSS Exploit Framework


OWASP Cheat Sheets


OWASP Java HTML Sanitizer


OWASP AppSensor