Confirmed users
491
edits
OWASP 2010: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(→Booth) |
No edit summary |
||
| Line 47: | Line 47: | ||
*Brandon to record video with Rainer? | *Brandon to record video with Rainer? | ||
== Results == | |||
===Goal=== | |||
Spread awareness of the new content security policy feature within firefox to the web security community and engage the attendees to garter feedback and opinions. | |||
Present application security research related to application intrusion prevention techniques | |||
===Results - Summary === | |||
- CSP demo'ed by Brandon Sterne to entire conference attendance | |||
- Extensive discussions at Mozilla booth regarding CSP and Firefox 4 | |||
- CSP take-aways were a success | |||
- OWASP organization will support and promote CSP to world | |||
- Networking may result in several launch partners for CSP | |||
- AppSensor presentation given by Michael Coates was well attended and received good feedback | |||
- Networking may result in complimentary license for web scanning tool for Mozilla use | |||
- New OWASP Browser Security Working Group will increase exposure of Firefox security features and increase communication between OWASP security leaders and web browsers | |||
===Results - Detailed=== | |||
====CSP Presentation to entire conference attendance==== | |||
- A CSP presentation was delivered to the entire conference at the end of the first day. This reached approximately 300 individuals. | |||
- The CSP presentation was also tweeted by several attendees which results in substantial additional exposure. | |||
====Mozilla Booth==== | |||
- The Mozilla booth at the OWASP conference attended a large number of individuals who sought additional information on CSP. | |||
- The printout CSP "take-aways" were very effective and many users took one of these flyers along with other Mozilla shwag. | |||
====OWASP & Mozilla Lunch Roundtable==== | |||
- Michael Coates of Mozilla and Dinis Cruz of OWASP coordinated a meeting between Mozilla representatives, OWASP leaders and key application security players. The meeting focused on how OWASP and Mozilla could work together to achieve the mutual goal of making the web a safer place. There were a variety of positive results from this meeting including the primary action item of OWASP helping to promote the benefits of Content Security Policy. | |||
Attendees: | |||
* Jeff Williams, OWASP Chairmen & CEO Aspect Security | |||
* Dinis Cruz, OWASP Board & O2 Developer | |||
* Dave Wichers, OWASP Board & COO Aspect Security | |||
* Robert Hansen "rsnake" - CEO SecTheory | |||
* Jeremiah Grossman - CTO WhiteHat Security | |||
* Jim Manico - Security Expert & ESAPI Lead Developer | |||
* Justin Clark - Director and Co-Founder of Gotham Digital Science | |||
* James Landis - Senior Manager Paypal Security | |||
* Michael Coates | |||
* Sid Stamm | |||
* Brandon Sterne | |||
* Dan Veditz | |||
- This meeting also established the OWASP Browser Security Working Group which will be used to increase communication between OWASP and all browsers for security related discussions. | |||
- A follow up meeting is scheduled for the OWASP Summit that will take place in 2011 Q1. | |||
====Networking==== | |||
- Hallway discussions and networking opportunities enabled Mozilla to build new relationships with other leaders including security representatives from Microsoft, Symantec, and multiple security vendors. One immediate benefit is the potential inclusion of Mozilla security representatives at the Microsoft Blue Hat event. | |||
- At least one consulting company may be recommending CSP directly to their customers. These customers would work directly with Brandon Sterne as initial launch partners of CSP. | |||
- Another new relationship resulted in a complimentary license for a web scanning tool | |||