Difference between revisions of "Projects Summit 2013/Working Sessions/003"

From OWASP
Jump to: navigation, search
(Created page with "{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Projects Summit 2013 Working Sessions</noinclude> |- | summit_track_logo = Image:Working_Session.jpg | summit_ws_lo...")
 
(Added CISO Guide)
 
(11 intermediate revisions by 4 users not shown)
Line 9: Line 9:
 
|-
 
|-
  
| short_working_session_description= '''Review of entire inventory of OWASP Projects using the new assessment criteria.'''  
+
| short_working_session_description= '''Review of all the current Flagship, some Lab, and some Incubator projects.  The review of OWASP Projects will be based on the new assessment criteria.'''  
  
  
Line 23: Line 23:
 
| related_project_url_3 = https://www.owasp.org/index.php/OWASP_Project_Inventory
 
| related_project_url_3 = https://www.owasp.org/index.php/OWASP_Project_Inventory
  
| related_project_name4 =  
+
| related_project_name4 = Project Health Assessment Form
| related_project_url_4 =  
+
| related_project_url_4 = https://docs.google.com/a/owasp.org/forms/d/1uhMBPM-jOL-zbRjW4Z9nd5JNWutY1nuSWJB_jGB6c8E/viewform
  
| related_project_name5 =  
+
| related_project_name5 = Product Quality Assessment Form
| related_project_url_5 =  
+
| related_project_url_5 = https://docs.google.com/a/owasp.org/forms/d/16fakSjwNY3w6B4vCF4NtQE96cyYeDyJYVM1NZTwDcjA/viewform
  
 +
| related_project_name6 = Comprehensive List of Assessment Criteria
 +
| related_project_url_6 = https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdGxrR29jZGRhRnVhX0FYbkxQa2ZmdlE&usp=sharing
 +
 +
| related_project_name7 = Comprehensive List of Assessment Criteria
 +
| related_project_url_7 = http://sched.co/GFUey0
 
|-
 
|-
  
| summit_session_objective_name1= The objectives of this working session are to focus on finishing off the project assessment criteria which we will use to assess all of our OWASP Projects in our inventory.  
+
| summit_session_objective_name1= Introduction to new assessment criteria to conduct reviews.
  
| summit_session_objective_name2 = The second objective is to design and develop 3 wiki templates for our projects.  
+
| summit_session_objective_name2 = Team in small groups (2 to 3 max) based on experience and background to asses a set of Projects (Code, Tool or Documentation).
  
| summit_session_objective_name3 = The third objective is to consolidate all of the repositories used by all of our project leaders, and add them to Ohloh.  
+
| summit_session_objective_name3 = Fill in the Questionnaire (Google Forms) to complete assessment of Projects and provide the review with a final score and results (Project defined as Incubator, Lab or Flagship).
  
| summit_session_objective_name4 =  
+
| summit_session_objective_name4 = Review results of questionnaire with your team.
  
| summit_session_objective_name5 =   
+
| summit_session_objective_name5 =  Present results and conclusions of assessment session.
  
 
|-
 
|-
  
| working_session_date_and_time = Monday, November 18th: 9AM - 11AM
+
| working_session_date_and_time = Monday, November 18, 9:00am to 1:00pm
  
 
|-
 
|-
  
| discussion_model = participants and attendees
+
| discussion_model = Introduction, participants, and attendees.
  
 
|-
 
|-
  
| operational_resources = Projector, whiteboards, markers, Internet connectivity, power
+
| operational_resources = Projector, whiteboards, markers, Internet connectivity, power.
  
 
|-
 
|-
Line 58: Line 63:
 
[[Image:NEW-PROJECTS-BANNER2.jpg]]
 
[[Image:NEW-PROJECTS-BANNER2.jpg]]
  
===Chair: Samantha Groves===
+
===Chair: Johanna Curiel ===
 +
Johanna has mainly worked in the area of C# and ASP.NET development, Testing and Quality Control. She is an experienced developer and understands different types of programming languages such as Java and PHP and different types of scripting languages. Johanna has ample experience in Microsoft Technologies and Security Engineering. At the moment she is working on a research to implement the Prime number theorem to calculate and predict prime numbers faster to break the RSA algorithm.
 +
 
 +
===Operational Manager: Samantha Groves===
 
Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioural research projects, competitor analysis, event organisation and management, volunteer engagement projects, staff recruitment and training, and marketing department organisation and strategy implementation projects for a variety of commercial and not-for-profit organisations.  
 
Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioural research projects, competitor analysis, event organisation and management, volunteer engagement projects, staff recruitment and training, and marketing department organisation and strategy implementation projects for a variety of commercial and not-for-profit organisations.  
 
===Operational Manager: Johanna Curiel===
 
ohanna has mainly worked in the area of C# and ASP.NET development, Testing and Quality Control. She is an experienced developer and understands different types of programming languages such as Java and PHP and different types of scripting languages. Johanna has ample experience in Microsoft Technologies and Security Engineering.
 
 
 
|-
 
|-
  
|summit_session_deliverable_name1 = Complete the final version of the Global Project Review Criteria.
+
|summit_session_deliverable_name1 = Review of all the current Flagship, some Lab, and some Incubator projects. Find here.  
  
|summit_session_deliverable_name2 = Complete the graduation process.  
+
|summit_session_deliverable_name2 = Assign them an appropriate stage designation based on the review.  
  
|summit_session_deliverable_name3 = Finish collecting all of our project repositories.
+
|summit_session_deliverable_name3 = Update the inventory based on reviews.  
  
|summit_session_deliverable_name4 = Discuss and complete project wiki templates for our Tool, Documentation, and Code Library Projects.  
+
|summit_session_deliverable_name4 = Create banners that show what stage each project is on. To be placed on the wiki.  
  
 
|summit_session_deliverable_name5 =  
 
|summit_session_deliverable_name5 =  
Line 84: Line 88:
 
|-
 
|-
  
| summit_session_leader_name1 = Samantha Groves
+
| summit_session_leader_name1 = Johanna Curiel
| summit_session_leader_email1 = Samantha.Groves@owasp.org
+
| summit_session_leader_email1 = Johanna.Curiel@owasp.org
 
| summit_session_leader_username1 =  
 
| summit_session_leader_username1 =  
  
Line 98: Line 102:
 
|-
 
|-
  
| operational_leader_name1 = Johanna Curiel
+
| operational_leader_name1 = Samantha Groves
| operational_leader_email1 = Johanna.Curiel@owasp.org
+
| operational_leader_email1 = Samantha.Groves@owasp.org
 
| operational_leader_username1 =  
 
| operational_leader_username1 =  
  
Line 107: Line 111:
 
|-
 
|-
  
| summit_session_attendee_name1 = Dennis Groves
+
| summit_session_attendee_name21 =  
| summit_session_attendee_email1 = Dennis.Groves@owasp.org
+
| summit_session_attendee_email21 =  
 +
| summit_session_attendee_username21 =
 +
| summit_session_attendee_company21=
 +
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed21=[https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project Application Security Guide for CISOs]
 +
 
 +
| summit_session_attendee_name1 =
 +
| summit_session_attendee_email1 =
 
| summit_session_attendee_username1 =  
 
| summit_session_attendee_username1 =  
 
| summit_session_attendee_company1=
 
| summit_session_attendee_company1=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=[https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP AntiSamy Project]
  
| summit_session_attendee_name2 = Dinis Cruz
+
| summit_session_attendee_name2 =  
| summit_session_attendee_email2 = Dinis.Cruz@owasp.org
+
| summit_session_attendee_email2 =  
 
| summit_session_attendee_username2 =  
 
| summit_session_attendee_username2 =  
 
| summit_session_attendee_company2=
 
| summit_session_attendee_company2=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]
  
 
| summit_session_attendee_name3 =  
 
| summit_session_attendee_name3 =  
Line 123: Line 133:
 
| summit_session_attendee_username3 =  
 
| summit_session_attendee_username3 =  
 
| summit_session_attendee_company3=  
 
| summit_session_attendee_company3=  
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=[https://www.owasp.org/index.php/Projects/OWASP_ModSecurity_Core_Rule_Set_Project OWASP ModSecurity Core Rule Set]
 +
 
  
 
| summit_session_attendee_name4 =  
 
| summit_session_attendee_name4 =  
Line 129: Line 140:
 
| summit_session_attendee_username4 =  
 
| summit_session_attendee_username4 =  
 
| summit_session_attendee_company4=
 
| summit_session_attendee_company4=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=[https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project OWASP CSRFGuard]
  
 
| summit_session_attendee_name5 =  
 
| summit_session_attendee_name5 =  
Line 135: Line 146:
 
| summit_session_attendee_username5 =  
 
| summit_session_attendee_username5 =  
 
| summit_session_attendee_company5=  
 
| summit_session_attendee_company5=  
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=[https://www.owasp.org/index.php?title=OWASP_Web_Testing_Environment_Project OWASP Web Testing Environment]
  
 
| summit_session_attendee_name6 =  
 
| summit_session_attendee_name6 =  
Line 141: Line 152:
 
| summit_session_attendee_username6 =  
 
| summit_session_attendee_username6 =  
 
| summit_session_attendee_company6=
 
| summit_session_attendee_company6=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=[https://www.owasp.org/index.php/Webgoat Webgoat]
  
 
| summit_session_attendee_name7 =  
 
| summit_session_attendee_name7 =  
Line 147: Line 158:
 
| summit_session_attendee_username7 =  
 
| summit_session_attendee_username7 =  
 
| summit_session_attendee_company7=
 
| summit_session_attendee_company7=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy]
  
 
| summit_session_attendee_name8 =  
 
| summit_session_attendee_name8 =  
Line 153: Line 164:
 
| summit_session_attendee_username8 =  
 
| summit_session_attendee_username8 =  
 
| summit_session_attendee_company8=
 
| summit_session_attendee_company8=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=[https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard]
  
 
| summit_session_attendee_name9 =  
 
| summit_session_attendee_name9 =  
Line 159: Line 170:
 
| summit_session_attendee_username9 =  
 
| summit_session_attendee_username9 =  
 
| summit_session_attendee_company9=
 
| summit_session_attendee_company9=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=[https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review]
  
 
| summit_session_attendee_name10 =  
 
| summit_session_attendee_name10 =  
Line 165: Line 176:
 
| summit_session_attendee_username10 =  
 
| summit_session_attendee_username10 =  
 
| summit_session_attendee_company10=
 
| summit_session_attendee_company10=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=[https://www.owasp.org/index.php/OWASP_Codes_of_Conduct OWASP Codes of Conduct]
  
 
| summit_session_attendee_name11 =  
 
| summit_session_attendee_name11 =  
Line 171: Line 182:
 
| summit_session_attendee_username11 =  
 
| summit_session_attendee_username11 =  
 
| summit_session_attendee_company11=
 
| summit_session_attendee_company11=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=[https://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Development Guide Project]
  
 
| summit_session_attendee_name12 =  
 
| summit_session_attendee_name12 =  
Line 177: Line 188:
 
| summit_session_attendee_username12 =  
 
| summit_session_attendee_username12 =  
 
| summit_session_attendee_company12=
 
| summit_session_attendee_company12=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=[https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide OWASP Secure Coding Practices]
  
 
| summit_session_attendee_name13 =  
 
| summit_session_attendee_name13 =  
Line 183: Line 194:
 
| summit_session_attendee_username13 =  
 
| summit_session_attendee_username13 =  
 
| summit_session_attendee_company13=
 
| summit_session_attendee_company13=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=[https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model OWASP Software Assurance Maturity Model]
  
 
| summit_session_attendee_name14 =  
 
| summit_session_attendee_name14 =  
Line 189: Line 200:
 
| summit_session_attendee_username14 =  
 
| summit_session_attendee_username14 =  
 
| summit_session_attendee_company14=
 
| summit_session_attendee_company14=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=  
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=[https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]
  
 
| summit_session_attendee_name15 =  
 
| summit_session_attendee_name15 =  
Line 195: Line 206:
 
| summit_session_attendee_username15 =  
 
| summit_session_attendee_username15 =  
 
| summit_session_attendee_company15=
 
| summit_session_attendee_company15=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten]
  
 
| summit_session_attendee_name16 =  
 
| summit_session_attendee_name16 =  
Line 201: Line 212:
 
| summit_session_attendee_username16 =  
 
| summit_session_attendee_username16 =  
 
| summit_session_attendee_company16=
 
| summit_session_attendee_company16=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=[https://www.owasp.org/index.php/OWASP_Cornucopia OWASP Cornucopia]
  
 
| summit_session_attendee_name17 =  
 
| summit_session_attendee_name17 =  
Line 207: Line 218:
 
| summit_session_attendee_username17 =  
 
| summit_session_attendee_username17 =  
 
| summit_session_attendee_company17=
 
| summit_session_attendee_company17=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=[https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework OWASP Xenotix XSS Exploit Framework]
  
 
| summit_session_attendee_name18 =  
 
| summit_session_attendee_name18 =  
Line 213: Line 224:
 
| summit_session_attendee_username18 =  
 
| summit_session_attendee_username18 =  
 
| summit_session_attendee_company18=
 
| summit_session_attendee_company18=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=[https://www.owasp.org/index.php/Cheat_Sheets OWASP Cheat Sheets]
  
 
| summit_session_attendee_name19 =  
 
| summit_session_attendee_name19 =  
Line 219: Line 230:
 
| summit_session_attendee_username19 =  
 
| summit_session_attendee_username19 =  
 
| summit_session_attendee_company19=
 
| summit_session_attendee_company19=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=[https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer OWASP Java HTML Sanitizer]
  
 
| summit_session_attendee_name20 =  
 
| summit_session_attendee_name20 =  
Line 225: Line 236:
 
| summit_session_attendee_username20 =  
 
| summit_session_attendee_username20 =  
 
| summit_session_attendee_company20=
 
| summit_session_attendee_company20=
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
+
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=[https://www.owasp.org/index.php/OWASP_AppSensor_Project OWASP AppSensor]
  
  
 
|-
 
|-
| session_name_mask = <!--Please replace DO NOT EDIT this string --> Session002
+
| session_name_mask = <!--Please replace DO NOT EDIT this string --> Session003
| session_home_page = <!--Please replace DO NOT EDIT this string --> Projects_Summit_2013/Working_Sessions/002
+
| session_home_page = <!--Please replace DO NOT EDIT this string --> Projects_Summit_2013/Working_Sessions/003
 
}}
 
}}

Latest revision as of 13:37, 15 November 2013

Global Summit 2013 Home Page
Global Summit 2013 Tracks

Working Session.jpg Project Reviews
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Review of all the current Flagship, some Lab, and some Incubator projects. The review of OWASP Projects will be based on the new assessment criteria.
Related Projects (if any)


Email Contacts & Roles Chair
Johanna Curiel @

Operational Manager
Samantha Groves @
Mailing list
Google Groups: owasp-project-summit-2013
WORKING SESSION SPECIFICS
Objectives
  1. Introduction to new assessment criteria to conduct reviews.
  2. Team in small groups (2 to 3 max) based on experience and background to asses a set of Projects (Code, Tool or Documentation).
  3. Fill in the Questionnaire (Google Forms) to complete assessment of Projects and provide the review with a final score and results (Project defined as Incubator, Lab or Flagship).
  4. Review results of questionnaire with your team.
  5. Present results and conclusions of assessment session.

Venue/Date&Time/Model Venue/Room
AppSec USA 2013: Times Square, New York City
Date & Time
Monday, November 18, 9:00am to 1:00pm


Discussion Model
Introduction, participants, and attendees.

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power.

WORKING SESSION ADDITIONAL DETAILS

NEW-PROJECTS-BANNER2.jpg

Chair: Johanna Curiel

Johanna has mainly worked in the area of C# and ASP.NET development, Testing and Quality Control. She is an experienced developer and understands different types of programming languages such as Java and PHP and different types of scripting languages. Johanna has ample experience in Microsoft Technologies and Security Engineering. At the moment she is working on a research to implement the Prime number theorem to calculate and predict prime numbers faster to break the RSA algorithm.

Operational Manager: Samantha Groves

Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioural research projects, competitor analysis, event organisation and management, volunteer engagement projects, staff recruitment and training, and marketing department organisation and strategy implementation projects for a variety of commercial and not-for-profit organisations.

WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group 'Delivered by Working Group

Review of all the current Flagship, some Lab, and some Incubator projects. Find here.

After the Meeting - fill in here.

Assign them an appropriate stage designation based on the review.

After the Meeting - fill in here.

Update the inventory based on reviews.

After the Meeting - fill in here.

Create banners that show what stage each project is on. To be placed on the wiki.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

After the Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed


Application Security Guide for CISOs


OWASP AntiSamy Project


OWASP Enterprise Security API


OWASP ModSecurity Core Rule Set


OWASP CSRFGuard


OWASP Web Testing Environment


Webgoat


OWASP Zed Attack Proxy


OWASP Application Security Verification Standard


OWASP Code Review


OWASP Codes of Conduct


OWASP Development Guide Project


OWASP Secure Coding Practices


OWASP Software Assurance Maturity Model


OWASP Testing Guide


OWASP Top Ten


OWASP Cornucopia


OWASP Xenotix XSS Exploit Framework


OWASP Cheat Sheets


OWASP Java HTML Sanitizer


OWASP AppSensor