Difference between revisions of "Summit 2011 Working Sessions/Session082"

From OWASP
Jump to: navigation, search
 
Line 4: Line 4:
 
| summit_session_attendee_name1 = Matthew Chalmers
 
| summit_session_attendee_name1 = Matthew Chalmers
 
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
 
| summit_session_attendee_email1 = matthew.chalmers@owasp.org
 +
| summit_session_attendee_username1 =
 
| summit_session_attendee_company1= [http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
 
| summit_session_attendee_company1= [http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= Wish to dispel myths about IT auditing and find out how security, development and audit folks are working together
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= Wish to dispel myths about IT auditing and find out how security, development and audit folks are working together
Line 9: Line 10:
 
| summit_session_attendee_name2 = Achim Hoffmann
 
| summit_session_attendee_name2 = Achim Hoffmann
 
| summit_session_attendee_email2 = achim@owasp.org
 
| summit_session_attendee_email2 = achim@owasp.org
 +
| summit_session_attendee_username2 =
 
| summit_session_attendee_company2= [[File:Sicsec-130x39.png]]
 
| summit_session_attendee_company2= [[File:Sicsec-130x39.png]]
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= define/find the circle: pentest - audit- workshop
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= define/find the circle: pentest - audit- workshop
Line 14: Line 16:
 
| summit_session_attendee_name3 = Justin Clarke
 
| summit_session_attendee_name3 = Justin Clarke
 
| summit_session_attendee_email3 = justin.clarke@owasp.org
 
| summit_session_attendee_email3 = justin.clarke@owasp.org
 +
| summit_session_attendee_username3 =
 
| summit_session_attendee_company3=Gotham Digital Science
 
| summit_session_attendee_company3=Gotham Digital Science
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=Don't do IT audits anymore, but I used to and I'm still a CISA
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=Don't do IT audits anymore, but I used to and I'm still a CISA
Line 19: Line 22:
 
| summit_session_attendee_name4 =  
 
| summit_session_attendee_name4 =  
 
| summit_session_attendee_email4 =  
 
| summit_session_attendee_email4 =  
 +
| summit_session_attendee_username4 =
 
| summit_session_attendee_company4=
 
| summit_session_attendee_company4=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=
Line 24: Line 28:
 
| summit_session_attendee_name5 =  
 
| summit_session_attendee_name5 =  
 
| summit_session_attendee_email5 =  
 
| summit_session_attendee_email5 =  
 +
| summit_session_attendee_username5 =
 
| summit_session_attendee_company5=
 
| summit_session_attendee_company5=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=
Line 29: Line 34:
 
| summit_session_attendee_name6 =  
 
| summit_session_attendee_name6 =  
 
| summit_session_attendee_email6 =  
 
| summit_session_attendee_email6 =  
 +
| summit_session_attendee_username6 =
 
| summit_session_attendee_company6=
 
| summit_session_attendee_company6=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=
Line 34: Line 40:
 
| summit_session_attendee_name7 =  
 
| summit_session_attendee_name7 =  
 
| summit_session_attendee_email7 =  
 
| summit_session_attendee_email7 =  
 +
| summit_session_attendee_username7 =
 
| summit_session_attendee_company7=
 
| summit_session_attendee_company7=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=
Line 39: Line 46:
 
| summit_session_attendee_name8 =  
 
| summit_session_attendee_name8 =  
 
| summit_session_attendee_email8 =  
 
| summit_session_attendee_email8 =  
 +
| summit_session_attendee_username8 =
 
| summit_session_attendee_company8=
 
| summit_session_attendee_company8=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=
Line 44: Line 52:
 
| summit_session_attendee_name9 =  
 
| summit_session_attendee_name9 =  
 
| summit_session_attendee_email9 =  
 
| summit_session_attendee_email9 =  
 +
| summit_session_attendee_username9 =
 
| summit_session_attendee_company9=
 
| summit_session_attendee_company9=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=
Line 49: Line 58:
 
| summit_session_attendee_name10 =  
 
| summit_session_attendee_name10 =  
 
| summit_session_attendee_email10 =  
 
| summit_session_attendee_email10 =  
 +
| summit_session_attendee_username10 =
 
| summit_session_attendee_company10=
 
| summit_session_attendee_company10=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=
Line 54: Line 64:
 
| summit_session_attendee_name11 =  
 
| summit_session_attendee_name11 =  
 
| summit_session_attendee_email11 =  
 
| summit_session_attendee_email11 =  
 +
| summit_session_attendee_username11 =
 
| summit_session_attendee_company11=
 
| summit_session_attendee_company11=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=
Line 59: Line 70:
 
| summit_session_attendee_name12 =  
 
| summit_session_attendee_name12 =  
 
| summit_session_attendee_email12 =  
 
| summit_session_attendee_email12 =  
 +
| summit_session_attendee_username12 =
 
| summit_session_attendee_company12=
 
| summit_session_attendee_company12=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=
Line 64: Line 76:
 
| summit_session_attendee_name13 =  
 
| summit_session_attendee_name13 =  
 
| summit_session_attendee_email13 =  
 
| summit_session_attendee_email13 =  
 +
| summit_session_attendee_username13 =
 
| summit_session_attendee_company13=
 
| summit_session_attendee_company13=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=
Line 69: Line 82:
 
| summit_session_attendee_name14 =  
 
| summit_session_attendee_name14 =  
 
| summit_session_attendee_email14 =  
 
| summit_session_attendee_email14 =  
 +
| summit_session_attendee_username14 =
 
| summit_session_attendee_company14=
 
| summit_session_attendee_company14=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=  
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14=  
Line 74: Line 88:
 
| summit_session_attendee_name15 =  
 
| summit_session_attendee_name15 =  
 
| summit_session_attendee_email15 =  
 
| summit_session_attendee_email15 =  
 +
| summit_session_attendee_username15 =
 
| summit_session_attendee_company15=
 
| summit_session_attendee_company15=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=
Line 79: Line 94:
 
| summit_session_attendee_name16 =  
 
| summit_session_attendee_name16 =  
 
| summit_session_attendee_email16 =  
 
| summit_session_attendee_email16 =  
 +
| summit_session_attendee_username16 =
 
| summit_session_attendee_company16=
 
| summit_session_attendee_company16=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=
Line 84: Line 100:
 
| summit_session_attendee_name17 =  
 
| summit_session_attendee_name17 =  
 
| summit_session_attendee_email17 =  
 
| summit_session_attendee_email17 =  
 +
| summit_session_attendee_username17 =
 
| summit_session_attendee_company17=
 
| summit_session_attendee_company17=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=
Line 89: Line 106:
 
| summit_session_attendee_name18 =  
 
| summit_session_attendee_name18 =  
 
| summit_session_attendee_email18 =  
 
| summit_session_attendee_email18 =  
 +
| summit_session_attendee_username18 =
 
| summit_session_attendee_company18=
 
| summit_session_attendee_company18=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=
Line 94: Line 112:
 
| summit_session_attendee_name19 =  
 
| summit_session_attendee_name19 =  
 
| summit_session_attendee_email19 =  
 
| summit_session_attendee_email19 =  
 +
| summit_session_attendee_username19 =
 
| summit_session_attendee_company19=
 
| summit_session_attendee_company19=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=
Line 99: Line 118:
 
| summit_session_attendee_name20 =  
 
| summit_session_attendee_name20 =  
 
| summit_session_attendee_email20 =  
 
| summit_session_attendee_email20 =  
 +
| summit_session_attendee_username20 =
 
| summit_session_attendee_company20=
 
| summit_session_attendee_company20=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
 
| summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=
Line 192: Line 212:
 
| summit_session_leader_name2 =  
 
| summit_session_leader_name2 =  
 
| summit_session_leader_email2 =  
 
| summit_session_leader_email2 =  
 +
| summit_session_leader_username2 =
  
 
| summit_session_leader_name3 =  
 
| summit_session_leader_name3 =  
 
| summit_session_leader_email3 =  
 
| summit_session_leader_email3 =  
 +
| summit_session_leader_username3 =
  
 
|-
 
|-
Line 200: Line 222:
 
| operational_leader_name1 =
 
| operational_leader_name1 =
 
| operational_leader_email1 =
 
| operational_leader_email1 =
 +
| operational_leader_username1 =
  
 
|-
 
|-

Latest revision as of 01:26, 1 February 2011

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. owasp.jpg How can OWASP reach/talk/engage with auditors
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Short Work Session Description Are you an auditor? Not in the sense of one who "audits" web applications for vulnerabilities, but one engaged in the professional practice of internal auditing. Have you been audited? (No, not by the IRS.) Do you really know what auditors do, how the appsec "world" looks to them, and how they can help you?

The IIA defines auditing as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."

This working session aims to:

  • Educate security professionals and developers on, and dispel the myths about, audit and control
  • Educate auditors on OWASP, software development and web & application security
  • Discuss ways OWASP can help security pros, developers and auditors work together for mutual benefit and world domination

The proposed track for this working session is OWASP.

If you are interested in participating in this working session please edit the Working Session Participants section below to add your name & areas of interest. Please feel free to join the discussion of this working session in the Summit 2011 Working Sessions Google Group.

Related Projects (if any)


Email Contacts & Roles Chair
Matthew Chalmers @

Operational Manager
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  1. Educate security professionals and developers on, and dispel the myths about, audit and control
  2. Educate auditors on OWASP, software development and web & application security
  3. Discuss ways OWASP can help security pros, developers and auditors work together for mutual benefit and world domination

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time


Discussion Model
participants and attendees

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS
WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group Approved by OWASP Board

A white paper describing specific strategies for interacting with auditors as described above.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
Matthew Chalmers @
ralogo_web.gif
Wish to dispel myths about IT auditing and find out how security, development and audit folks are working together
Achim Hoffmann @
Sicsec-130x39.png
define/find the circle: pentest - audit- workshop
Justin Clarke @
Gotham Digital Science
Don't do IT audits anymore, but I used to and I'm still a CISA