On Tue, Sep 27, 2011 at 11:46 AM, Sethi, Rohit <ro...@sdelements.com> wrote:
> BTW, I've proposed to a few more OWASP people that we come up with
> better ways to engage the web app framework development community.
> Dinis Cruz, one of the core members of OWASP, has suggested we have an
> in-person summit sometime next year and invite various framework
> developers down. Do you think this is something you'd be interested
> in? Ideally we'd all work together to figure out how to improve web
> app security through frameworks and ways that OWASP can better support
> those frameworks
I'd be very interested, yes. We're embarking on some security-related stuff ourselves and would love to talk things over with other like-minded folk.
Jacob
--------------------
Hi
I really like this idea. Sounds like a very interesting and useful summit.
Best regards
Erlend
On Tue, Sep 27, 2011 at 12:51 PM, Rohit Sethi <rkl...@gmail.com> wrote:
> BTW, I just got the following message from Jacob @ Django:
>
> On Tue, Sep 27, 2011 at 11:46 AM, Sethi, Rohit <ro...@sdelements.com> wrote:
>
>> BTW, I've proposed to a few more OWASP people that we come up with
>> better ways to engage the web app framework development community
>> Dinis Cruz, one of the core members of OWASP, has suggested we have an
>> in-person summit sometime next year and invite various framework
>> developers down. Do you think this is something you'd be interested
>> in? Ideally we'd all work together to figure out how to improve web
>> app security through frameworks and ways that OWASP can better support
>> those framework.
>
> I'd be very interested, yes. We're embarking on some security-related stuff
> ourselves and would love to talk things over with other like-minded folk.
Rohit,
I think tihs is a great idea, and as someone who has a major stake in
ESAPI, I'm all for it, but I think it would foolish restrict it to
frameworks that are only (or mostly) concerned with web-based applications.
Certainly developer frameworks involved with mobile should at least be
involved as well.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
I believe I said this when the mailing list was first setup but I
think it's very important to make sure we approach this in the right
way. What I mean by that is we need to speak to the frameworks first,
find out what they want help with and find a way to use the awesome
OWASP brains and connections to help them out. Lets not do it the
other way round, you know the <fanfare> we are the security dudes and
we are here to fix YOUR insecure code.
Dave (@securityninja)
Hi guys!As said, this is a good initiative. I'll be speaking at SenchaCon in TX next month and would love to have something like this to promote there. Sencha is the company behind ExtJS (rich web widgets) and Sencha Touch (popular mobile framework).
I
· Align OWASP efforts with frameworks development efforts in order to improve the security of applications built on top of frameworks
· Have framework developers take a more active role at OWASP to help drive priorities
Specific areas to cover:
· How can OWASP better serve application framework developers? What can OWASP be doing a better job at?
· How can developers from different frameworks collaborate to discuss issues relating to security?
· How can OWASP volunteers work together with framework teams to deliver a consistent message about building secure apps on top of a specific framework?
· What practical ways can we increase participation from your core development team and your user community in OWASP?