Difference between revisions of "Summit 2011 Outcomes"

Jump to: navigation, search
Line 155: Line 155:
[[Summit_2011_Working_Sessions/Session251|OWASP Asia/Pacific Working Group]] (Helen Gao) - [[Summit_2011_Working_Sessions/Session251|Working Group Outcomes]]<br>
[[Summit_2011_Working_Sessions/Session251|OWASP Asia/Pacific Working Group]] (Helen Gao) - [[Summit_2011_Working_Sessions/Session251|Working Group Outcomes]]<br>
[[Summit_2011_Working_Sessions/Session262|Industry - Healthcare]] & [[Summit_2011_Working_Sessions/Session263|Industry - Banking/Finance]] ( Lorna Alamri)<br> [https://docs.google.com/document/d/1YsQC2J6GIqvE69agde25xDE4LsZIZN-bKMrFbAatywU/edit?hl=en_US&authkey=CK35nnc Vertical Outreach Notes]
[[Summit_2011_Working_Sessions/Session262|Healthcare Industry Outreach]] & [[Summit_2011_Working_Sessions/Session263|Banking/Finance Industry Outreach]] ( Lorna Alamri)[https://docs.google.com/document/d/1YsQC2J6GIqvE69agde25xDE4LsZIZN-bKMrFbAatywU/edit?hl=en_US&authkey=CK35nnc Vertical Outreach Notes], [https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B5Z9zE0hx0LNYmM4Y2Y3YWEtMTU5YS00NGU0LTk1NTgtYjk1MzdiOWZkMWQ5&hl=en_US&authkey=CP3ZsqMK Industry Outreach Mapping]<br>
Line 161: Line 161:
[[Summit_2011_Working_Sessions/Session073|Privacy - Personal Data/PII, Legislation and OWASP]] (Colin Watson) - [https://docs.google.com/document/d/1iemUPPunBlWC7rBCALirPLN662rdYHQPPCerDzKIO6c/edit?hl=en_US&authkey=CLmG9nQ Working Session Notes]<br>
[[Summit_2011_Working_Sessions/Session073|Privacy - Personal Data/PII, Legislation and OWASP]] (Colin Watson) - [https://docs.google.com/document/d/1iemUPPunBlWC7rBCALirPLN662rdYHQPPCerDzKIO6c/edit?hl=en_US&authkey=CLmG9nQ Working Session Notes]<br>
[[Working_Sessions_OWASP_Website|Overhauling the OWASP Website]] (Jason Li)<br>[[Summit_2011_Working_Sessions/Session023/Deliverable_1|Summary of Outcomes]]
[[Working_Sessions_OWASP_Website|Overhauling the OWASP Website]] (Jason Li) - [[Summit_2011_Working_Sessions/Session023/Deliverable_1|Summary of Outcomes]]<br>
[[Summit_2011_Working_Sessions/Session080|Should OWASP work directly with PCI-DSS?]] (Matthew Chalmers) - [https://docs.google.com/document/d/19s9oXr2-wvaGI7Wka44ii5amsUflfTEvCweTBMV7Dew/edit?hl=en_US&authkey=CKmbgLoI Working Session Notes]<br>
[[Summit_2011_Working_Sessions/Session080|Should OWASP work directly with PCI-DSS?]] (Matthew Chalmers) - [https://docs.google.com/document/d/19s9oXr2-wvaGI7Wka44ii5amsUflfTEvCweTBMV7Dew/edit?hl=en_US&authkey=CKmbgLoI Working Session Notes]<br>

Revision as of 21:04, 23 June 2011

Global Summit 2011 Outcomes - please note that this is a work in progress. If you have any comments, corrections, or questions please contact Sarah Baso


Press Release & Media Mentions

Interview with Jeff Williams - http://www.vimeo.com/25335824
Interview with Tom Brennan - http://www.vimeo.com/23889097

Summit Background

2011 Summit Finances & Budget

  • Breakdown of 2011 Summit Budget, Operational and Travel

Summit 2011 Financials Summary of Expenses and Income and Summit Travel and Accommodations Costs

  • Comparison to 2008 Summit Budget
  • Projection of costs needed for future Summit

2011 Summit Lessons Learned

Appendix: Working Session Details and Documentation

Browser Security

Here are the notes from all the four browser security sessions. John Wilander is working on a Browser Security Report building on these sessions.

Site Security Policy notes (pdf)

DOM Sandboxing notes (pdf)

HTML5 Security notes (pdf)

EcmaScript 5 Security notes (pdf)

Enduser Warnings notes (pdf)

XSS Eradication & Mitigation

XSS and the Frameworks & XSS - Awareness, Resources, and Partnerships (Justin Clarke) - Combined Working Session Notes

DOM based XSS Prevention Cheat Sheet (Jim Manico & Abraham Kang)

WAF Mitigation for XSS (Ryan Barnett)

Virtual Patching Best Practices (Ryan Barnett) - Working Session Notes


Risk Metrics (Chris Wysopal) & Metrics and Labeling (Chris Eng) - Working Session Transcripts

Counting and Scoring Application Security Defects (Chris Eng & Chris Wysopal) - Brief Introduction to Common Weakness Scoring System ppt created by Steve Christey

University, Education, and Training

OWASP Education Project (Martin Knobloch)

OWASP Training (Sandra Paiva) - Working Session Notes

University Outreach - OWASP Academies (Sandra Paiva) - Working Session Notes, OWASP Academy Portal Project

OWASP Top 10 Online Training in Hacking-Lab (Ivan Buetler)

University Outreach - OWASP College Chapter Program (Martin Knobloch) (renamed "OWASP Student Chapters Program")

OWASP Exams Project (Jason Taylor)

OWASP Certification (Jason Taylor & Jason Li) - Certification Code of Conduct Draft

Secure Coding Workshop

General Information on the OWASP Secure Coding Track - Code Repository (Google)

Protecting Information Stored Client-Side (John Steven)

Providing Access to Persisted Data (Dan Cornell) - Working Session Notes

Contextual Ourput Encoding (Chris Schmidt)

ESAPI-CORE (Jim Manico)

Applying ESAPI Input Validation (Chris Schmidt)

Defining AppSensor Detection Points (Michael Coates)

Individual OWASP Projects

OWASP Secure Coding Practices (Keith Turpin) - Working Session Notes

Enterprise Web Defense Roundtable (Michael Coates & Chris Lyon) - Etherpad Notes Page with Agenda, Slides & Background Reading

Threat Modeling (Anurag Agarwal) - Working Session discussion points and notes

OWASP Common Vulnerability List (Meucci/Keary/Agarwal) - CVL ppt presentation created by Matteo Meucci

Common Structure and Numbering for All Guides (Keith Turpin/Matteo Meucci/Vishal Garg)

OWASP Testing Guide (Matteo Meucci) - Working Session Notes, Planning the OWASP Testing Guide 4.0 ppt presentation

OWASP Mobile Security Project (Mike Zusman) - Working Session Notes

Development Guide (Vishal Garg)

Application Security Verification Standard (ASVS) Project (Dave Wichers)

OWASP Portuguese Language Project (Lucas Ferriera) - Working Session Outcomes

OWASP Hackademic Challenges Project (Kostas & Vasileros Vlachos)

OWASP Java Project (Lucas Ferriera) - Action Plan for the Java Project, New Project Leader

OpenSAMM (Pravir Chandra) - Pravir Chandra - BSIMM activities mapped to SAMM

The Future of OpenSAMM (Pravir Chandra)

OWASP Project Disclosure Policies (Chris Schmidt) - OWASP Project Disclosure Policy, OWASP Security Bulletin Template, Project Adherence Rules

OWASP O2 Platform (Dinis Cruz)

OWASP Governance and Committees

Global Education Committee (Martin Knobloch)

Global Industry Committee (Eoin Keary & Colin Watson) - Working Session Notes

Global Projects Committee (Jason Li & Brad Causey)

Global Membership Committee (Dan Cornell) - Working Session Notes

Global Chapters Committee (Seba Deleersnyder) - Working Session Meeting Minutes

Global Conferences Committee (Mark Bristow)

Government Outreach (Doug Wilson) - Working Session Outcome

OWASP Funding and CEO Discussion (Keith Turpin) - Working Session Notes, List of suggestions from Funding and CEO discussion, Arguments for & against hiring a CEO for OWASP

OWASP Board/Committee Governance (Mark Bristow) - Comments re: why this working session is/was necessary

OWASP Points - Tracking OWASP Participation (Mark Bristow)

OWASP Licensing (Abraham Kang) - Working Session Notes, OWASP Licensing PowerPoint, Licensing - Questions for follow up

OWASP Codes of Conduct (Dinis Cruz & Jeff Williams) - Draft Document

Building the OWASP Brazilian Leaders Group (Lucas Ferriera) - Objectives and action plan to improve OWASP presence in Brazil

OWASP Asia/Pacific Working Group (Helen Gao) - Working Group Outcomes

Healthcare Industry Outreach & Banking/Finance Industry Outreach ( Lorna Alamri)Vertical Outreach Notes, Industry Outreach Mapping


Privacy - Personal Data/PII, Legislation and OWASP (Colin Watson) - Working Session Notes

Overhauling the OWASP Website (Jason Li) - Summary of Outcomes

Should OWASP work directly with PCI-DSS? (Matthew Chalmers) - Working Session Notes

How can OWASP reach/talk/engage with auditors? (Matthew Chalmers) - Working Session Notes

Developer Outreach (Mark Bristow & Jason Li)

Summit Team & Attendee Bios

Support Staff Bios

Attendee Bios

Summit-Related Blog Posts

Colin Watson - 3 part Recap/Reflections on OWASP Summit 2011, February 8-10, 2011

Carlos Serrão - OWASP Summit 2011, February 9, 2011

Ben Tomhave - Evolving OWASP: Reflections on the 2011 Summit, February 11, 2011

John Wilander - Fears & Hopes for OWASP, February 13, 2011

Dinis Cruz - OWASP Summit 2011 Results, February 15, 2011

Chris Schmidt - Dear OWASP Summit, Obrigado, February 16, 2011

Mark Curphey - OWASP - Has it reached a tipping point?, February 19, 2011

Michael Coates - A Vision for OWASP, February 21, 2011

Pravir Chandra - BSIMM activities mapped to SAMM, March 3, 2011