Thoughts on OWASP
With Membership
Suggested price

Thoughts on OWASP

About the Book

About the Author

Dinis Cruz
Dinis Cruz

Dinis Cruz is the CISO of the Photobox Group and an active OWASP contributor (Owasp Summits and O2 Platform Project)

Table of Contents

  • Introduction
    • Change log:
    • Why This book
  • 1 OWASP Organization
    • 1.1 An Idea of a new model for OWASP
    • 1.2 I wish that OWASP in 2014 ….
    • 1.3 Improved Wikipedia funding page, why OWASP needs something similar, and who buys OWASP Corporate Memberships
    • 1.4 OWASP Board Election: Why I voted ‘Abstain’ and why you should go on the record with your vote
    • 1.5 OWASP Executive Director Role (Not yet)
    • 1.6 OWASP Principles based on NHS?
    • 1.7 OWASP Revenue Splits and the “Non-profits have a charter to be innovators”
    • 1.8 OWASP: Proposed change for SoC: Use budget to pay for project related expenses
    • 1.9 Proposal: Remove all commercial/non-OWASP logos from
    • 1.10 Sarah Baso as OWASP Executive director, how it broke the model, structure and culture of OWASP employees
    • 1.11 Why OWASP can’t pay OWASP Leaders
    • 1.12 Why the need to enable the use of OWASP chapter funds
    • 1.13 Why NDAs have no place at OWASP
    • 1.14 Me and Jim Manico
    • 1.15 On John Wilander….
  • 2 OWASP Projects
    • 2.1 160k USD available to OWASP Chapters and Projects
    • 2.2 If you ever doubt that OWASP needs more Project Managers/Resources
    • 2.3 On how to get paid to work on OWASP projects
    • 2.4 OWASP GSD Project (GSD = Get Stuff Done)
    • 2.5 OWASP Project Reboot 2012 - Here is a better model
    • 2.6 OWASP project reboot spent funds (not a lot spent so far)
    • 2.7 Project Management at OWASP
    • 2.8 ROI on OWASP investment on Projects (ie paying leaders)
    • 2.9 Some ideas for OWASP GSD Project
    • 2.10 The difference between being ‘Appointed’ and being ‘Accepted’ as an OWASP Leader (of its Fork)
    • 2.11 Why large OWASP projects start to stale (and who should pay for the work)
  • 3 OWASP Summits
    • 3.1 Great description of why OWASP Summits are special
    • 3.2 I want to vote for a Summit Team+Vision , NOT for a venue
    • 3.3 OWASP Flight Booking using Amex and Project’s Mini-Summit at OWASP AppSec USA 2013
    • 3.4 Some proposed Visions for next OWASP Summit
    • 3.5 Summits must be part of OWASP’s DNA
    • 3.6 When is the next OWASP Summit!!!!!
  • 4 OWASP Education
    • 4.1 Let’s make this happen: “Investing in Developing Software Security Talent”
    • 4.2 PDF with (draft) Exam of OWASP Top10 questions
  • 5 OWASP MIA (Missing in Action)
    • 5.1 ‘Using the HTML5 Fullscreen API for Phishing Attacks’, OWASP MIA and ‘We need SAST technology for browsing the web safely’
    • 5.2 Big Security challenges with creating APIs for US Gov agencies
    • 5.3 Example example of SQL Injection using Database.SQLQuery from GitHub (and idea for Cat.NET workflow)
    • 5.4 Guidelines of OWASP
    • 5.5 Hack Yourself First: Jeremiah at TEDxMaui
    • 5.6 I think the time as come for OWASP to have its own secure browser(s)
    • 5.7 Nice list of 20 online coding tools
    • 5.8 No OWASP app on the OSX AppStore (Nov 2013)
    • 5.9 OWASP and Privacy issues, we need to be involved
    • 5.10 Software Labels – Jeff’s OWASP AppSecDC 2010 presentation (another dropped good idea)
  • 6 Philosophy
    • 6.1 Happiness makes business sense
    • 6.2 The power of not being in power (and being ignored)
    • 6.3 We’re all mortals, so lets make the most of it
    • 6.4 Why do others think that I’m “hard to deal with” and that “I don’t listen”
  • 7 Application Security Industry
    • 7.1 Secure coding (and Application Security) must be invisible to developers
    • 7.2 Blogger in HTTP only? What happened to HTTPS?
    • 7.3 CI is the Key for Application Security SDL integration
    • 7.4 - A case study on how to do security right?
    • 7.5 Open question to Etsy security team: How can OWASP help?
    • 7.6 FLOSSHack TeamMentor and the ‘sausage making process’ that is software/application development
    • 7.7 I never liked the term ‘Rugged Software’, what about Robust/Resilient Software?
    • 7.8 Is there a spreadsheet/template for Mapping WebServices Authorization Rules?
    • 7.9 The next level App Security Social Graph
    • 7.10 Trustworthy Internet Movement and SSL Pulse
    • 7.11 Where to have AppSec Q&A threads (what about Reddit?)
    • 7.12 Is the TeamMentor’s OWASP Library content released under an open License?
    • 7.13 Reaching out to Developers, Aspect is doing it right with Contrast
    • 7.14 My comments on the SATEC document (Static Analysis Tool Evaluation Criteria)

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

80% Royalties. Earn $16 on a $20 book.

We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub