Thoughts on OWASP
This book is 60% complete
Last updated on 2014-04-07
About the Book
- Change log:
- Why This book
1 OWASP Organization
- 1.1 An Idea of a new model for OWASP
- 1.2 I wish that OWASP in 2014 ….
- 1.3 Improved Wikipedia funding page, why OWASP needs something similar, and who buys OWASP Corporate Memberships
- 1.4 OWASP Board Election: Why I voted ‘Abstain’ and why you should go on the record with your vote
- 1.5 OWASP Executive Director Role (Not yet)
- 1.6 OWASP Principles based on NHS?
- 1.7 OWASP Revenue Splits and the “Non-profits have a charter to be innovators”
- 1.8 OWASP: Proposed change for SoC: Use budget to pay for project related expenses
- 1.9 Proposal: Remove all commercial/non-OWASP logos from OWASP.org
- 1.10 Sarah Baso as OWASP Executive director, how it broke the model, structure and culture of OWASP employees
- 1.11 Why OWASP can’t pay OWASP Leaders
- 1.12 Why the need to enable the use of OWASP chapter funds
- 1.13 Why NDAs have no place at OWASP
- 1.14 Me and Jim Manico
- 1.15 On John Wilander….
2 OWASP Projects
- 2.1 160k USD available to OWASP Chapters and Projects
- 2.2 If you ever doubt that OWASP needs more Project Managers/Resources
- 2.3 On how to get paid to work on OWASP projects
- 2.4 OWASP GSD Project (GSD = Get Stuff Done)
- 2.5 OWASP Project Reboot 2012 - Here is a better model
- 2.6 OWASP project reboot spent funds (not a lot spent so far)
- 2.7 Project Management at OWASP
- 2.8 ROI on OWASP investment on Projects (ie paying leaders)
- 2.9 Some ideas for OWASP GSD Project
- 2.10 The difference between being ‘Appointed’ and being ‘Accepted’ as an OWASP Leader (of its Fork)
- 2.11 Why large OWASP projects start to stale (and who should pay for the work)
3 OWASP Summits
- 3.1 Great description of why OWASP Summits are special
- 3.2 I want to vote for a Summit Team+Vision , NOT for a venue
- 3.3 OWASP Flight Booking using Amex and Project’s Mini-Summit at OWASP AppSec USA 2013
- 3.4 Some proposed Visions for next OWASP Summit
- 3.5 Summits must be part of OWASP’s DNA
- 3.6 When is the next OWASP Summit!!!!!
4 OWASP Education
- 4.1 Let’s make this happen: “Investing in Developing Software Security Talent”
- 4.2 PDF with (draft) Exam of OWASP Top10 questions
5 OWASP MIA (Missing in Action)
- 5.1 ‘Using the HTML5 Fullscreen API for Phishing Attacks’, OWASP MIA and ‘We need SAST technology for browsing the web safely’
- 5.2 Big Security challenges with creating APIs for US Gov agencies
- 5.3 Example example of SQL Injection using Database.SQLQuery from GitHub (and idea for Cat.NET workflow)
- 5.4 Guidelines of OWASP
- 5.5 Hack Yourself First: Jeremiah at TEDxMaui
- 5.6 I think the time as come for OWASP to have its own secure browser(s)
- 5.7 Nice list of 20 online coding tools
- 5.8 No OWASP app on the OSX AppStore (Nov 2013)
- 5.9 OWASP and Privacy issues, we need to be involved
- 5.10 Software Labels – Jeff’s OWASP AppSecDC 2010 presentation (another dropped good idea)
- 6.1 Happiness makes business sense
- 6.2 The power of not being in power (and being ignored)
- 6.3 We’re all mortals, so lets make the most of it
- 6.4 Why do others think that I’m “hard to deal with” and that “I don’t listen”
7 Application Security Industry
- 7.1 Secure coding (and Application Security) must be invisible to developers
- 7.2 Blogger in HTTP only? What happened to HTTPS?
- 7.3 CI is the Key for Application Security SDL integration
- 7.4 Etsy.com - A case study on how to do security right?
- 7.5 Open question to Etsy security team: How can OWASP help?
- 7.6 FLOSSHack TeamMentor and the ‘sausage making process’ that is software/application development
- 7.7 I never liked the term ‘Rugged Software’, what about Robust/Resilient Software?
- 7.8 Is there a spreadsheet/template for Mapping WebServices Authorization Rules?
- 7.9 The next level App Security Social Graph
- 7.10 Trustworthy Internet Movement and SSL Pulse
- 7.11 Where to have AppSec Q&A threads (what about Reddit?)
- 7.12 Is the TeamMentor’s OWASP Library content released under an open License?
- 7.13 Reaching out to Developers, Aspect is doing it right with Contrast
- 7.14 My comments on the SATEC document (Static Analysis Tool Evaluation Criteria)
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...