Thoughts on OWASP
This book is 60% complete
Last updated on 2014-04-07
About the Book
- Change log:
- Why This book
1 OWASP Organization
- 1.1 An Idea of a new model for OWASP
- 1.2 I wish that OWASP in 2014 ….
- 1.3 Improved Wikipedia funding page, why OWASP needs something similar, and who buys OWASP Corporate Memberships
- 1.4 OWASP Board Election: Why I voted ‘Abstain’ and why you should go on the record with your vote
- 1.5 OWASP Executive Director Role (Not yet)
- 1.6 OWASP Principles based on NHS?
- 1.7 OWASP Revenue Splits and the “Non-profits have a charter to be innovators”
- 1.8 OWASP: Proposed change for SoC: Use budget to pay for project related expenses
- 1.9 Proposal: Remove all commercial/non-OWASP logos from OWASP.org
- 1.10 Sarah Baso as OWASP Executive director, how it broke the model, structure and culture of OWASP employees
- 1.11 Why OWASP can’t pay OWASP Leaders
- 1.12 Why the need to enable the use of OWASP chapter funds
- 1.13 Why NDAs have no place at OWASP
- 1.14 Me and Jim Manico
- 1.15 On John Wilander….
2 OWASP Projects
- 2.1 160k USD available to OWASP Chapters and Projects
- 2.2 If you ever doubt that OWASP needs more Project Managers/Resources
- 2.3 On how to get paid to work on OWASP projects
- 2.4 OWASP GSD Project (GSD = Get Stuff Done)
- 2.5 OWASP Project Reboot 2012 - Here is a better model
- 2.6 OWASP project reboot spent funds (not a lot spent so far)
- 2.7 Project Management at OWASP
- 2.8 ROI on OWASP investment on Projects (ie paying leaders)
- 2.9 Some ideas for OWASP GSD Project
- 2.10 The difference between being ‘Appointed’ and being ‘Accepted’ as an OWASP Leader (of its Fork)
- 2.11 Why large OWASP projects start to stale (and who should pay for the work)
3 OWASP Summits
- 3.1 Great description of why OWASP Summits are special
- 3.2 I want to vote for a Summit Team+Vision , NOT for a venue
- 3.3 OWASP Flight Booking using Amex and Project’s Mini-Summit at OWASP AppSec USA 2013
- 3.4 Some proposed Visions for next OWASP Summit
- 3.5 Summits must be part of OWASP’s DNA
- 3.6 When is the next OWASP Summit!!!!!
4 OWASP Education
- 4.1 Let’s make this happen: “Investing in Developing Software Security Talent”
- 4.2 PDF with (draft) Exam of OWASP Top10 questions
5 OWASP MIA (Missing in Action)
- 5.1 ‘Using the HTML5 Fullscreen API for Phishing Attacks’, OWASP MIA and ‘We need SAST technology for browsing the web safely’
- 5.2 Big Security challenges with creating APIs for US Gov agencies
- 5.3 Example example of SQL Injection using Database.SQLQuery from GitHub (and idea for Cat.NET workflow)
- 5.4 Guidelines of OWASP
- 5.5 Hack Yourself First: Jeremiah at TEDxMaui
- 5.6 I think the time as come for OWASP to have its own secure browser(s)
- 5.7 Nice list of 20 online coding tools
- 5.8 No OWASP app on the OSX AppStore (Nov 2013)
- 5.9 OWASP and Privacy issues, we need to be involved
- 5.10 Software Labels – Jeff’s OWASP AppSecDC 2010 presentation (another dropped good idea)
- 6.1 Happiness makes business sense
- 6.2 The power of not being in power (and being ignored)
- 6.3 We’re all mortals, so lets make the most of it
- 6.4 Why do others think that I’m “hard to deal with” and that “I don’t listen”
7 Application Security Industry
- 7.1 Secure coding (and Application Security) must be invisible to developers
- 7.2 Blogger in HTTP only? What happened to HTTPS?
- 7.3 CI is the Key for Application Security SDL integration
- 7.4 Etsy.com - A case study on how to do security right?
- 7.5 Open question to Etsy security team: How can OWASP help?
- 7.6 FLOSSHack TeamMentor and the ‘sausage making process’ that is software/application development
- 7.7 I never liked the term ‘Rugged Software’, what about Robust/Resilient Software?
- 7.8 Is there a spreadsheet/template for Mapping WebServices Authorization Rules?
- 7.9 The next level App Security Social Graph
- 7.10 Trustworthy Internet Movement and SSL Pulse
- 7.11 Where to have AppSec Q&A threads (what about Reddit?)
- 7.12 Is the TeamMentor’s OWASP Library content released under an open License?
- 7.13 Reaching out to Developers, Aspect is doing it right with Contrast
- 7.14 My comments on the SATEC document (Static Analysis Tool Evaluation Criteria)
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.