Difference between revisions of "Summit 2011"

Jump to: navigation, search
m (Adding link to Vimeo videos.)
Line 37: Line 37:
==== Video of Summit ====
==== Video of Summit ====
=== Vimeo ===
[http://vimeo.com/channels/owaspsummit http://vimeo.com/channels/owaspsummit]
=== YouTube Intro ===

Revision as of 00:10, 18 May 2011

Final summit logo half.jpg



Summit 2011 Results PDF Format and Word Format
Summit 2011 Financials Summary of Expenses and Income and Summit Travel and Accommodations Costs

Hello World! OWASP Summit 2011 Kicks Off Massive Outreach Program

“I saw the ‘blossoming’ of OWASP in Portugal’s Spring. From an external viewpoint, OWASP has moved from niche to widely relevant, from localized to global, from pentesting to SDLC, from server to every component of the application’s delivery and use, from infosec to business process relevance.” – Colin Watson

Lisbon, Portugal, February 15, 2011 - The Open Web Application Security Project (OWASP) today announced the results from its 2011 OWASP Summit. Over 180 application security experts from over 120 companies and 30 different countries joined forces to plan, build, and execute programs to improve the security of the world’s software applications. The Summit was a significant step towards OWASP’s mission to ensure all types of organizations are empowered to build, select, and use software applications securely.

OWASP launched and advanced dozens of concrete initiatives to bring application security to governments, educational institutions, browser vendors, standards bodies, software development teams, and mobile platform vendors. Delegates gathered outside Lisbon, Portugal for a week of interactive working sessions and discussions. OWASP Summits are unlike conferences with static presentations. Instead, working sessions are used to author documents, create software, draft standards, and forge lasting relationships.

Some highlights from the 2011 OWASP Summit include:

  • OWASP-Portugal Partnership – OWASP has been working to establish relationships with various governments around the world, particularly the United States, Brazil, Portugal, and Greece. At the Summit, OWASP representatives worked directly with senior Portuguese IT officials to establish a protocol for working with Portugal to improve their application security capabilities.
  • OWASP Outreach to Educational Institutions – Reaching students is a unique opportunity to reach developers early in their development. At the Summit, delegates drafted an OWASP Code of Conduct for Educational Institutions, created a detailed plan for OWASP Student Chapters and continued development of the OWASP “Academies” Portal with extensive education and training materials.
  • OWASP Industry Outreach – OWASP resolved to develop industry working sessions to be held at major OWASP conferences starting with OWASP EU 2011 in Dublin, Ireland. The objective of these sessions will be to solicit feedback from industry players to help better focus OWASP efforts and make sure OWASP deliverables are relevant to industry concerns.
  • OWASP Browser Security Project – The Summit brought representatives from browser vendors Mozilla, Google, and Microsoft together with leading security researchers to discuss, and strategize about browser security issues. Several new OWASP initiatives were launched, including a browser security scorecard project based on OWASP’s recently created browser testing framework. There were extensive discussions on browser initiatives such as Mozilla’s Content Security Policy (CSP) and browser sandboxes.
  • OWASP-Apache Partnership – OWASP forged a relationship with the Apache Software Foundation (ASF) to start the process of sharing OWASP software projects with the ASF with the intention of including OWASP-provided code in Apache projects. The intention of this collaboration is to improve the security of the widely-used ASF Open Source software, as well to improve visibility for OWASP efforts.
  • OWASP Mobile Security Initiative – OWASP made progress on their upcoming Top 10 Mobile Vulnerabilities and Top 10 Mobile Defenses lists. In addition, OWASP resolved to reach out to mobile platform vendors to work with them on integrating better security into their environments.
  • OWASP Governance Expansion – OWASP updated its Charter and worked out procedures for the upcoming Board elections. These governance updates will help best support the dynamic and growing OWASP community.
  • International Focus – OWASP reaffirmed a commitment to be a truly international organization. Delegations from several countries and regions around the world including Asia-Pacific and South America participated in outreach workshops. Addition focus has been given to expanding international representation on OWASP’s Board and Global Committees.
  • Application Security Programs – To help organizations actually implement application security programs, we are mapping OWASP projects to all major approaches, including OWASP OpenSAMM, Microsoft’s SDL, and BSIMM.
  • Application Security Certification – OWASP reaffirmed its commitment to avoid becoming a certification body. Instead, it created the OWASP Code of Conduct for Certification Bodies that defines what application security certification program should entail.

The full results of the Summit will be captured and released as an OWASP Report. The results will be released for comment and then ratified as a final deliverable. For more information, including notes, video, pictures, and other deliverables, please visit www.owasp.org.

Click HERE to view the rest of Summit results summary.
Click HERE to view the comprehensive Summit documentation (work in progress).
Take a look at the photos from the event

Contact Sarah Baso with questions related to Summit outcomes or results

Video of Summit



YouTube Intro

Summit Pictures

Creating OWASP 4.0!

Call to action by Jeff Williams / OWASP Board Chair

Hi everyone,

In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great infrastructure. OWASP 2.0 was establishing the 501c3, putting in the wiki, and getting lots of great projects started. OWASP 3.0 started with the Summit in Portugal when we created the new committees and has focused on creating thriving projects instead of standalone tools. Thank you for all of your efforts growing a fun, civil, productive community.

I reach out to you now to ask you to take some time and think about what OWASP should become. The time has come to measure our success not by the number of members, projects, and conferences, but by whether we are succeeding at making the world’s software more secure. It’s time to get our message and strategy to the next level.

Help design OWASP in Portugal at the Summit!

If you consider yourself an OWASP Leader, won’t you take a few minutes of quiet time and propose a few ideas for how OWASP can retool, reorganize, refocus, and revamp itself to really achieve our mission? We will rip, mix, and burn these ideas into a new strategy for OWASP at the Portugal Summit. I encourage you to check out the resort and all the plans happening right now at https://www.owasp.org/index.php/Summit_2011.

Here are some ideas to get you started.

  • We bootstrap several application security ecosystems around key technologies like mobile, cloud, REST
  • We reach out to governments around the world to help them push for application security
  • We raise money to fund real security enhancements to tools, browsers, protocols (e.g. OpenSSL)
  • We make the OWASP materials more usable by providing a “user” site and keep the wiki for development
  • We invest in marketing AppSec – How do we scale David Rice and the “greening” of AppSec
  • We continue our education initiative – academies, college chapters, videos, curriculum
  • We continue our browser initiative and do whatever it takes to get the browsers and frameworks talking
  • We invest in getting in front of new technologies like HTML5
  • We launch a no-holds barred XSS eradication campaign
  • We create a set of objective AppSec *market* metrics that quantify the state of our art
  • We continue to push on creating standards
  •  ???

We need your ideas NOW. Get yourself on the Attendee list!

In one week of thinking, arguing, coding, hacking, and writing we are going to accomplish more than the rest of the world’s appsec efforts combined. We’ll see you in Portugal ready to rock. Thanks!


OWASP Foundation Board Chair

Summit 2011 About

The OWASP Global Summit is the place where application security experts meet to discuss plans, projects and solutions for the future of application security. The Summit is not a conference - there are no talks or training seminars - this is an opportunity to do actual work to further the field of application security. Participants will stay in shared accommodations and collaborate to produce tangible progress towards influencing standards, establishing roadmaps, and setting the tone for OWASP and application security for the coming years.

The Summit will consist of working sessions across a variety of topics set by our community. Participants are free to attend any working session, but we encourage everyone to select working sessions for topics where they have the most to contribute.

Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, see the promotional materials page.

Last Summit

This OWASP Global Summit is following the same model used at the OWASP EU Summit 08 which also took place in Portugal and gathered over 80 application security experts from over 20 countries. A smaller Summit 2009 was organized together with the AppSec US conference.

Fixed Schedule

Click HERE to view the entire summit fixed schedule. This is just a sample.
Agenda Unvarying 2.jpg

Dynamic Schedule

Click HERE to view the entire summit dynamic schedule. This is just a sample
Agenda Dynamic 2.JPG

Remote Participants

Details on how to participate remotely are HERE.