A project summit on Tuesday 19th and Wednesday 20th May has been announced and information published on the AppSec EU 2015 web site. The concept of the summit is to work on improving and extending project outputs with other volunteers, and as such requires active participation and contribution.
Across all the sessions there are a wide range of inputs needed including requirements specification, architecture review, coding, testing, documentation/wiki writing and review, user interface design, planning, graphical design, video creation and translation. Full details, timings and objectives of each session are provided on the summit's wiki pages.
There are many projects participating, including sessions for projects I am actively involved in. My own parts of the summit are
Tuesday 19th May
- 10:30-12:00 hrs OWASP Codes of Conduct - Document Review
The current Codes of Conduct were developed primarily during the last major OWASP Summit in Portugal. They cover: Government Bodies Educational Institutions Standards Groups Trade Organizations Certifying Bodies Development Organizations This 1.5 hour session will review, edit, update and release v1.2 of each document. Participants should be interested in how external entities can be encouraged to support OWASP's mission, read the existing Codes of Conduct in advance, and come with suggestions for changes. The session agenda is 1. Introduction; 2. Joint review and edit (15 mins each document); 3. Publish updated documents to wiki (PDF and Word).
- 13:00-15:00 hrs OWASP AppSensor (Documentation) - Guide Review
The AppSensor Guide v2 was published in May last year, and has had two minor updates, the last one mainly due to the important release of the v2 code implementation. This session is to edit and improve the guide, since many of the chapters have not been fully reviewed. Participants should read a chapter or two in advance of the summit (chapter 5 onwards, but choose randomly/what is of interest) and bring their edits/comments to the session, where the guide will be updated. All participants will be acknowledged in the guide and on the project wiki page. The session agenda is 1. Briefing; 2. Live editing; 3. Publication updated PDF.
- 15:30-16:30 hrs OWASP Snakes and Ladders - Dutch Translation
OWASP Snakes and Ladders (web applications) has been translated into 5 other languages already, and Portuguese is in progress. But so far not Dutch. This rapid session will ask participants to translate the 900 words or so into Dutch, so that a PDF and Adobe Illustrator version can be created. It will also be possible to help remotely, as it will be set up on Crowdin. The session agenda is 1. Meet; 2.Translate; 3. Create Illustrator and PDF output; 4. Publish.
Wednesday 20th May
- 09:00-12:00 hrs OWASP Cornucopia - Ecommerce Website Edition - Video
The objective is to create a short "how to play the Cornucopia card game" video during this half-day session. Cornucopia is a card game that helps identify security requirements, but people may not be familiar with how easy it is to get started. Participants for this session are needed to be players, to create a narrative, to video the game being played, and if there is time and anyone has the skill, to edit the video and sound into a release version. It is preferable if participants are already a little familiar with the game and/or threat modelling. If there is time, we will also discuss alternative game strategies like a Jeopardy format. The session agenda is 1. Storyboarding; 2. Game play recording; 3. Editing; 4. Soundtrack; 5. Publish video.
- 13:30-17:00 hrs OWASP AppSensor (Code) - Dashboard
The AppSensor v2.0.0 code implementation final release was undertaken in January. One of the tasks to continue with is the development of a reporting dashboard. This session is to brainstorm ideas and layouts for the dashboard, and identify what tools/libraries can assist in the creation of the dashboard. Bring ideas, energy, URLs, paper and pens! The outputs will be dashboard mockups. The session agenda is 1. Introductions and objectives; 2. Information requirements; 3. User stories; 4. Information design; 5. Code libraries and frameworks.
- 17:00-18:00 hrs OWASP Automation Threats to Web Applications - Website Owner Experiences
The OWASP Automation Threats to Web Applications Project is undertaking research and will publish its outputs immediately prior to AppSec EU 2015. This meeting seeks input from training and conference attendees on their own organisations' experiences of automated attacks: What types of automated attacks occur and with what frequency? What were the symptoms? How are they detected? What incident response measures were taken? What steps were undertaken to prevent or mitigate such attacks? Participation/contribution can be anonymous or otherwise. The intention is to update the published documents during the session and if possible create additional sector-specific guidance.
Attendance at the project summit is free, but everyone is a participant to help achieve the objectives. Please register to let the team know who will be attending. Join as many or as few of the sessions as you like.
I look forward to seeing some of you there.
Posted on: 31 March 2015 at 13:52 hrs