Thoughts on OWASP
Thoughts on OWASP
Free!
Minimum price
$11.00
Suggested price
Thoughts on OWASP

This book is 60% complete

Last updated on 2014-04-07

About the Book

Table of Contents

  • Introduction
    • Change log:
    • Why This book
  • 1 OWASP Organization
    • 1.1 An Idea of a new model for OWASP
    • 1.2 I wish that OWASP in 2014 ….
    • 1.3 Improved Wikipedia funding page, why OWASP needs something similar, and who buys OWASP Corporate Memberships
    • 1.4 OWASP Board Election: Why I voted ‘Abstain’ and why you should go on the record with your vote
    • 1.5 OWASP Executive Director Role (Not yet)
    • 1.6 OWASP Principles based on NHS?
    • 1.7 OWASP Revenue Splits and the “Non-profits have a charter to be innovators”
    • 1.8 OWASP: Proposed change for SoC: Use budget to pay for project related expenses
    • 1.9 Proposal: Remove all commercial/non-OWASP logos from OWASP.org
    • 1.10 Sarah Baso as OWASP Executive director, how it broke the model, structure and culture of OWASP employees
    • 1.11 Why OWASP can’t pay OWASP Leaders
    • 1.12 Why the need to enable the use of OWASP chapter funds
    • 1.13 Why NDAs have no place at OWASP
    • 1.14 Me and Jim Manico
    • 1.15 On John Wilander….
  • 2 OWASP Projects
    • 2.1 160k USD available to OWASP Chapters and Projects
    • 2.2 If you ever doubt that OWASP needs more Project Managers/Resources
    • 2.3 On how to get paid to work on OWASP projects
    • 2.4 OWASP GSD Project (GSD = Get Stuff Done)
    • 2.5 OWASP Project Reboot 2012 - Here is a better model
    • 2.6 OWASP project reboot spent funds (not a lot spent so far)
    • 2.7 Project Management at OWASP
    • 2.8 ROI on OWASP investment on Projects (ie paying leaders)
    • 2.9 Some ideas for OWASP GSD Project
    • 2.10 The difference between being ‘Appointed’ and being ‘Accepted’ as an OWASP Leader (of its Fork)
    • 2.11 Why large OWASP projects start to stale (and who should pay for the work)
  • 3 OWASP Summits
    • 3.1 Great description of why OWASP Summits are special
    • 3.2 I want to vote for a Summit Team+Vision , NOT for a venue
    • 3.3 OWASP Flight Booking using Amex and Project’s Mini-Summit at OWASP AppSec USA 2013
    • 3.4 Some proposed Visions for next OWASP Summit
    • 3.5 Summits must be part of OWASP’s DNA
    • 3.6 When is the next OWASP Summit!!!!!
  • 4 OWASP Education
    • 4.1 Let’s make this happen: “Investing in Developing Software Security Talent”
    • 4.2 PDF with (draft) Exam of OWASP Top10 questions
  • 5 OWASP MIA (Missing in Action)
    • 5.1 ‘Using the HTML5 Fullscreen API for Phishing Attacks’, OWASP MIA and ‘We need SAST technology for browsing the web safely’
    • 5.2 Big Security challenges with creating APIs for US Gov agencies
    • 5.3 Example example of SQL Injection using Database.SQLQuery from GitHub (and idea for Cat.NET workflow)
    • 5.4 Guidelines of OWASP
    • 5.5 Hack Yourself First: Jeremiah at TEDxMaui
    • 5.6 I think the time as come for OWASP to have its own secure browser(s)
    • 5.7 Nice list of 20 online coding tools
    • 5.8 No OWASP app on the OSX AppStore (Nov 2013)
    • 5.9 OWASP and Privacy issues, we need to be involved
    • 5.10 Software Labels – Jeff’s OWASP AppSecDC 2010 presentation (another dropped good idea)
  • 6 Philosophy
    • 6.1 Happiness makes business sense
    • 6.2 The power of not being in power (and being ignored)
    • 6.3 We’re all mortals, so lets make the most of it
    • 6.4 Why do others think that I’m “hard to deal with” and that “I don’t listen”
  • 7 Application Security Industry
    • 7.1 Secure coding (and Application Security) must be invisible to developers
    • 7.2 Blogger in HTTP only? What happened to HTTPS?
    • 7.3 CI is the Key for Application Security SDL integration
    • 7.4 Etsy.com - A case study on how to do security right?
    • 7.5 Open question to Etsy security team: How can OWASP help?
    • 7.6 FLOSSHack TeamMentor and the ‘sausage making process’ that is software/application development
    • 7.7 I never liked the term ‘Rugged Software’, what about Robust/Resilient Software?
    • 7.8 Is there a spreadsheet/template for Mapping WebServices Authorization Rules?
    • 7.9 The next level App Security Social Graph
    • 7.10 Trustworthy Internet Movement and SSL Pulse
    • 7.11 Where to have AppSec Q&A threads (what about Reddit?)
    • 7.12 Is the TeamMentor’s OWASP Library content released under an open License?
    • 7.13 Reaching out to Developers, Aspect is doing it right with Contrast
    • 7.14 My comments on the SATEC document (Static Analysis Tool Evaluation Criteria)

About the Author

Dinis Cruz
Dinis Cruz

Dinis Cruz is the CISO of the Photobox Group and an active OWASP contributor (Owasp Summits and O2 Platform Project)

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms...

Write and Publish on Leanpub

Authors and publishers use Leanpub to publish amazing in-progress and completed ebooks, just like this one. You can use Leanpub to write, publish and sell your book as well! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub