[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-iso17799
Subject: OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic
From: "Dinis Cruz" <dinis () ddplus ! net>
Date: 2007-07-25 16:10:53
Message-ID: 701fd6b60707250910x5f40670dk9a46b1234c3e154 () mail ! gmail ! com
[Download RAW message or body]
OWASP subscribers, this is a call to action :)
See below (and online https://www.owasp.org/index.php/OWASP_Day) our ideas
for the organization of an OWASP Day on 6th Sep 2007
Some comments:
- There are currently only 10 chapters committed to participate but we
have 94 registered chapters (see
https://www.owasp.org/index.php/Category:OWASP_Chapter
). So come on, chapter leader get your act together and organize your
local event
- Sebastien Deleersnyder s our Chapter Master , so any questions about
chapter stuff talk to him
- If your local chapter is sleeping on the wheel , them this is a
great time to take responsibility for it (and replace the current chapter
leader)
- This could be a great opportunity to promote OWASP locally, so
please be as active as you can and contribute with ideas, actions and
leadership
- At the moment me and Mike de Libero (CCed) are the main global
organizers for this event, so feel free to contact us with your questions
(we will need more help!)
Let's make this happen
Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org
OWASP Day : Day of Worldwide OWASP 1 day conferences on the topic "Privacy
in the 21st Century" : Thursday 6th Sep 2007
*OWASP Day* is the current proposed title for the day where multiple
mini-conference will be staged by the local OWASP Chapters during the Global
Security Week <http://www.globalsecurityweek.com/>.
This is also a good opportunity to increase awareness on OWASP and to
motivate local OWASP Chapters to organize bigger events.
Chapters currently participating
- London
- NYNJMetro <https://www.owasp.org/index.php/NYNJMetro>
- Turkey
- Texas Roundup (with Austin + Houston)
- Seattle
- Phoenix
- Israel <https://www.owasp.org/index.php/Israel> (scheduled for Wed
5th)
- Boston (scheduled for Wed 5th)
- Italy
- San Jose + San Francisco
- (more to be confirmed)
Rules of Engagement
- Each Chapter is responsible for organizing all details regarding the
local event
- OWASP will issue a global Request for Proposals for all chapters
that commit to organizing such event by the 7th of August
- OWASP will try to get some funding for this event which will be
allocated to 'OWASP / Educational materials' for distribution at each event
(see below details on sponsoring this event)
- OWASP (and the local chapters) will try to organize live feeds of
each event so that each local conference can interact with the other :)
Event layout
Each chapter is free to organize its mini conference and to define how long
it should last.
But within the spirit of the event the following ideas are proposed:
- The topic of the event should be on "Privacy in the 21st Century",
so all talks should be related to it (we should be addressing the Web
Application side of Privacy (for example what happens to Privacy with SQL
Injection, XSS and issues like pdp's Snoop onto Them as they Snoop
onto us<http://www.gnucitizen.org/blog/snoop-onto-them-as-they-snoop-onto-us>)
- The event should have 4 to 5 speaking slots (can be 30m if required)
- If possible, invite a presenter from the local government to talk
about their views on the subject
- Presentation from a local OWASP Project leader about his/hers
project (i.e. for the cases where a leader of an OWASP
Project<https://www.owasp.org/index.php/Category:OWASP_Project>lives
locally (or will be in that city during the event)
- All events are recommended to have the same panel discussion on the
subject "*What is the current state of Privacy on Web Application
Security? and what should we be focusing on?*"). After the panel
discussion, each local chapters is invited to create a summary of its
conclusions for publishing on the OWASP website
- "Talk 'Lets get rid of 3 major sources of vulnerabilities:
1. CROSS-SITE SCRIPTING: 70-90% of web applications have
Cross-Site Scripting (XSS) holes. You must *both* carefully
validate input
and use HTML entity encoding on all data output.
2. SQL INJECTION: If your queries are a bunch of strings and
user input concatenated together, your database could be
attacked with SQL
Injection. Stamp out this attack by using "parameterized"
queries, such as
Java's PreparedStatement instead.
3. SESSION EXPOSURE: Your SESSIONIDs are *just* as valuable as
usernames and passwords, so make sure you never expose them. Don't ever
allow authenticated SESSIONIDs to be sent without SSL or exposed in the
URL."
Organizers
In addition to the local chapter leaders, Dinis Cruz and Mike de Libero are
the main points of contact (but of course much more help is needed :) )
Sponsoring this event
*Global Sponsorship*
The proposed sponsorship value is 10,000 USD which will give the sponsors:
- *OWASP Day* sponsorship status on OWASP website and local event's
venue
- (if required) Distribution of material at local event's venue
*Local Sponsorship*
To be organized and arranged by each local chapter (this usually covers the
costs of: venue, drinks and food)
Global Security Week (GWS)
For more details on the (GWS) see:
- http://www.globalsecurityweek.com/
- http://www.globalsecurityweek.com/html/national_activities.html
- http://www.globalsecurityweek.com/html/gsw_06.html (Resources)
And here is a description from one the organizers:
*The aim of Global Security Week is to raise security awareness amongst the
public and organizations about issues relating to security, primarily
information security. This year's theme is on the subject of privacy and we
hope that a number of events will be held worldwide to promote people's
awareness as to how to protect their privacy when online and also educate
companies on their responsibilities, both legal and morally, when it comes
to protecting the privacy of their customers.* *Global Security Week is a
totally voluntary initiative and we have no commercial funding or agenda.
The initiative is funded entirely from the committee's own funds and time.
We have people involved in Global Security Week throughout the world and
during the week we have events planned in different regions. For example
here in Ireland I plan to run a free seminar on the above topic open to
anyone who wished to attend*
*We ask that those who wish to become involved, help promote Global Security
Week in their region either by running specific events dedicated to Global
Security Week, taking part in events already planned or simply making people
aware that the week is on and the topic is "Privacy in the 21st Century".
Even simply making people aware of Global Security Week and directing them
to the website is a great help. Not having commercial funding we depend on
word of mouth and like minded individuals to make people aware of the week.*
Other Ideas
- Create a Security Manifest that will be 'signed' by all attendees
- Distributed capture the flag (where each local chapter plays has a
team (against the other chapters))
[Attachment #3 (text/html)]
OWASP subscribers, this is a call to action :)<br><br>See below (and online <a \
href="https://www.owasp.org/index.php/OWASP_Day" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">https://www.owasp.org/index.php/OWASP_Day \
</a>) our ideas for the organization of an OWASP Day on 6th Sep \
2007<br><br>Some comments:<br><ul><li>There are currently only<span \
style="font-weight: bold;"> 10 chapters committed to participate </span>but we \
have<span style="font-weight: bold;">
94 registered chapters</span> (see <a \
href="https://www.owasp.org/index.php/Category:OWASP_Chapter" target="_blank" \
onclick="return top.js.OpenExtLink(window,event,this)">https://www.owasp.org/index.php/Category:OWASP_Chapter
</a>). So come on, chapter leader get your act together and organize your local \
event </li><li>Sebastien Deleersnyder s our <span style="font-weight: bold;">Chapter \
Master</span> , so any questions about chapter stuff talk to him <br></li><li>If your \
local chapter is sleeping on the wheel , them this is a great time to take \
responsibility for it (and replace the current chapter leader) </li><li>This could be \
a great opportunity to promote OWASP locally, so please be as active as you can and \
contribute with ideas, actions and leadership<br></li><li>At the moment me and Mike \
de Libero (CCed) are the main global organizers for this event, so feel free to \
contact us with your questions (we will need more help!) </li></ul>Let's make \
this happen<br><br>Dinis Cruz<br>Chief OWASP Evangelist<br><a \
href="http://www.owasp.org/" target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)"> http://www.owasp.org</a><br><br><br><h2><span \
class="mw-headline"> OWASP Day : Day of Worldwide OWASP 1 day conferences on the \
topic "Privacy in the 21st Century" : Thursday 6th Sep 2007 \
</span></h2> <p><b>OWASP Day</b> is the current proposed title for the day where \
multiple mini-conference will be staged by the local OWASP Chapters during the <a \
href="http://www.globalsecurityweek.com/" class="external text" \
title="http://www.globalsecurityweek.com/" rel="nofollow"> Global Security Week</a>.
</p><p>This is also a good opportunity to increase awareness on OWASP and to motivate \
local OWASP Chapters to organize bigger events. </p>
<a name="Chapters_currently_participating"></a><h2><span \
class="editsection"></span><span class="mw-headline">Chapters currently participating \
</span></h2> <ul><li> London
</li><li> <a href="https://www.owasp.org/index.php/NYNJMetro" \
title="NYNJMetro">NYNJMetro</a> </li><li> Turkey
</li><li> Texas Roundup (with Austin + Houston)
</li><li> Seattle
</li><li> Phoenix
</li><li> <a href="https://www.owasp.org/index.php/Israel" title="Israel">Israel</a> \
(scheduled for Wed 5th) </li><li> Boston (scheduled for Wed 5th)
</li><li> Italy
</li><li> San Jose + San Francisco
</li></ul>
<ul><li> (more to be confirmed)
</li></ul>
<a name="Rules_of_Engagement"></a><h2><span class="editsection"></span><span \
class="mw-headline">Rules of Engagement </span></h2> <ul><li> Each Chapter is \
responsible for organizing all details regarding the local event </li><li> OWASP will \
issue a global Request for Proposals for all chapters that commit to organizing such \
event by the 7th of August </li><li> OWASP will try to get some funding for this \
event which will be allocated to 'OWASP / Educational materials' for \
distribution at each event (see below details on sponsoring this event)
</li><li> OWASP (and the local chapters) will try to organize live
feeds of each event so that each local conference can interact with the
other :)
</li></ul>
<a name="Event_layout"></a><h2><span class="editsection"></span><span \
class="mw-headline">Event layout </span></h2> <p>Each chapter is free to organize its \
mini conference and to define how long it should last. </p><p>But within the spirit \
of the event the following ideas are proposed: </p>
<ul><li> The topic of the event should be on "Privacy in the 21st
Century", so all talks should be related to it (we should be addressing
the Web Application side of Privacy (for example what happens to
Privacy with SQL Injection, XSS and issues like pdp's <a \
href="http://www.gnucitizen.org/blog/snoop-onto-them-as-they-snoop-onto-us" \
class="external text" \
title="http://www.gnucitizen.org/blog/snoop-onto-them-as-they-snoop-onto-us" \
rel="nofollow"> Snoop onto Them as they Snoop onto us</a>)
</li><li> The event should have 4 to 5 speaking slots (can be 30m if required)
</li><li> If possible, invite a presenter from the local government to talk about \
their views on the subject </li><li> Presentation from a local OWASP Project leader \
about his/hers project (i.e. for the cases where a leader of an <a \
href="https://www.owasp.org/index.php/Category:OWASP_Project" class="external text" \
title="https://www.owasp.org/index.php/Category:OWASP_Project" rel="nofollow"> OWASP \
Project</a> lives locally (or will be in that city during the event) </li><li> All \
events are recommended to have the same panel discussion on the subject "<b>What \
is the current state of Privacy on Web Application Security? and what should we be \
focusing on?</b>"). After the panel discussion, each local chapters is invited \
to create a summary of its conclusions for publishing on the OWASP website
</li><li> "Talk 'Lets get rid of 3 major sources of vulnerabilities:
<ol><li> CROSS-SITE SCRIPTING: 70-90% of web applications have
Cross-Site Scripting (XSS) holes. You must *both* carefully validate
input and use HTML entity encoding on all data output.
</li><li> SQL INJECTION: If your queries are a bunch of strings and
user input concatenated together, your database could be attacked with
SQL Injection. Stamp out this attack by using "parameterized" queries,
such as Java's PreparedStatement instead.
</li><li> SESSION EXPOSURE: Your SESSIONIDs are *just* as valuable as
usernames and passwords, so make sure you never expose them. Don't ever
allow authenticated SESSIONIDs to be sent without SSL or exposed in the
URL."
</li></ol>
</li></ul>
<a name="Organizers"></a><h2><span class="editsection"></span><span \
class="mw-headline">Organizers </span></h2> <p>In addition to the local chapter \
leaders, Dinis Cruz and Mike de Libero are the main points of contact (but of course \
much more help is needed :) )
</p>
<a name="Sponsoring_this_event"></a><h2><span class="editsection"></span><span \
class="mw-headline">Sponsoring this event </span></h2> <p><b>Global Sponsorship</b>
</p><p>The proposed sponsorship value is 10,000 USD which will give the sponsors:
</p>
<ul><li> <b>OWASP Day</b> sponsorship status on OWASP website and local event's \
venue </li><li> (if required) Distribution of material at local event's venue
</li></ul>
<p><b>Local Sponsorship</b>
</p><p>To be organized and arranged by each local chapter (this usually covers the \
costs of: venue, drinks and food) </p>
<a name="Global_Security_Week_.28GWS.29"></a><h2><span \
class="editsection"></span><span class="mw-headline">Global Security Week (GWS) \
</span></h2> <p>For more details on the (GWS) see:
</p>
<ul><li> <a href="http://www.globalsecurityweek.com/" class="external free" \
title="http://www.globalsecurityweek.com/" \
rel="nofollow">http://www.globalsecurityweek.com/</a> </li><li> <a \
href="http://www.globalsecurityweek.com/html/national_activities.html" \
class="external free" \
title="http://www.globalsecurityweek.com/html/national_activities.html" \
rel="nofollow">http://www.globalsecurityweek.com/html/national_activities.html </a>
</li><li> <a href="http://www.globalsecurityweek.com/html/gsw_06.html" \
class="external free" title="http://www.globalsecurityweek.com/html/gsw_06.html" \
rel="nofollow">http://www.globalsecurityweek.com/html/gsw_06.html</a> (Resources)
</li></ul>
<p>And here is a description from one the organizers:
</p><p><i>The aim of Global Security Week is to raise security
awareness amongst the public and organizations about issues relating to
security, primarily information security. This year's theme is on the
subject of privacy and we hope that a number of events will be held
worldwide to promote people's awareness as to how to protect their
privacy when online and also educate companies on their
responsibilities, both legal and morally, when it comes to protecting
the privacy of their customers.</i>
<i>Global Security Week is a totally voluntary initiative and we have
no commercial funding or agenda. The initiative is funded entirely from
the committee's own funds and time. We have people involved in Global
Security Week throughout the world and during the week we have events
planned in different regions. For example here in Ireland I plan to run
a free seminar on the above topic open to anyone who wished to attend</i>
</p><p><i>We ask that those who wish to become involved, help promote
Global Security Week in their region either by running specific events
dedicated to Global Security Week, taking part in events already
planned or simply making people aware that the week is on and the topic
is "Privacy in the 21st Century". Even simply making people aware of
Global Security Week and directing them to the website is a great help.
Not having commercial funding we depend on word of mouth and like
minded individuals to make people aware of the week.</i>
</p>
<a name="Other_Ideas"></a><h2><span class="editsection"></span><span \
class="mw-headline">Other Ideas </span></h2> <ul><li> Create a Security Manifest that \
will be 'signed' by all attendees </li><li> Distributed capture the flag \
(where each local chapter plays has a team (against the other chapters)) \
</li></ul><br>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic