Tuesday 23 May 2017

You can still create new Working Sessions and the Owasp Summit Schedule is not final !

(email sent to all Summit participants)

Hi Summit Participant, I had a couple emails about the Summit schedule which seem to imply that it was the final version, and that changes would be hard to make.

Just to be very clear. The final schedule will most likely only be published a couple days before the Summit (if not the day before). This is by design, and is a key factor in the Summit's success (to give you an idea of how much better we are this time around, at the last Summit (2011), we only had the first draft of the schedule about 4 days before the Summit started)

Our objective with the schedule is maximise participant's time and their need to be part of specific Working Sessions. From a practical point of view, what this means is that we map out first the key players and organisers of a particular Working Session, and then make sure (as much as we can) that there are no conflicts.

Monday 22 May 2017

Owasp Summit Working Session 'Definition of Done'

(email sent to all Summit Participants)
Hi Summit Participant. As you can see by the Summit Schedule, one of the nice problems that Participants will have is going to be: how to select which Working Sessions to attend.

The Summit will create a highly focused and energized environment where each Participant is donating it most valuable assets: Time and Knowledge

The Working Sessions organizers have the privilege of the Participant's time, which is a massive gift. Their responsibility is to create the most effective and productive environments for them.

Owasp Summit 2017 - 20 days to go (summit presentation)

Hi, please see this presentation for a nice overview of where we are with 20 days to go to the Owasp Summit 2017 in London.

We now have (draft) schedule and an amazing pool of talent participating onsite and remotely.

Please share this slide-deck with your network + blog + tweet, and if you have an Owasp chapter meeting coming up, please present it (it only takes 5 minutes)

Friday 19 May 2017

Please help to Promote the Summit

(Email sent to all Owasp Summit Participants)

Summit Participants, the success of the Summit depends on the amount of talent that we are able bring together.

Although the current list of Participants is already quite impressive, I'm sure we can do better, and bring even more talent to the Summit.

First Summit Schedule and Working Sessions Registration

(email sent to all Owasp Summit Participants)

Summit Participants, now that we have a first pass at the Summit Schedule, we really need you to update your Participant page with the Working Sessions that you want to be involved in.

Here are the individual Track's schedule

Here is the consolidated Summit Schedule

What is also really useful, is that after you add those Working Sessions mappings, you will be able to see your personalized schedule on your to your Participant's page.

Sunday 14 May 2017

Security message on recent Ransomware attacks (WannaCry worm)

(In case it helps, here is an email I sent today to all of PhotoBox Group Technology team)

Hi all Tech (TL;DR: high risk of Ransomware, see list of recommendations below)

As you probably have seen in the news, there has been a wide spread Ransomware attack which affected large number of companies worldwide, and is bound to cause more damage next week.

The attack is called Ransomware (a play on Ransom + Software) and has the business model of encrypting all files the affected computer has access to, and then asking for a ransom (i.e. payment) to decrypt the files.

Owasp Top 10 2017 Track at Owasp Summit 2017

The Owasp Summit now has a full track dedicated to the Owasp Top 10 2017 with the following Working Sessions:

Security Playbooks Track and request for anonymised data

After a conversation with Ante Gulam about Security Playbooks, I had the real-world experience of needing them in multiple occasions this week.

Since I was not able to find good resources online that I could easily use, I realised that the Summit presented a great opportunity to create a set of Security Playbooks in standard formats that could be used by the Owasp/Security community.

After some research, I created the Security Playbooks Track with these Working Sessions:
At the moment none of these Working Sessions have an organiser, so for the ones that you are interested in, please become one (or at least register as an onsite or remote participant).

If you already have Security Playbooks at your company (or similar documents/diagrams/workflows) please submit them in an anonymised format with an OpenSource/CC license (so that it can be used by the Working Sessions)

Remember that significant work and collaboration should occur before the Summit (i.e. between now and the 12th of June). It would be amazing if some of the Working Sessions listed above had its tasks completed before the Summit!

For example, we can start working and collaborating asap on the Security Playbooks Diagrams.

Do you have Playbook Diagrams that you can share? (pictures of whiteboard-based diagrams will be a great place to start)

Thanks for your help


Friday 12 May 2017

30 days to go for the Owasp Summit 2017

In 30 days (12 June) Owasp will host its 2017 Global Summit in London where hundreds of participants will join forces in Working Sessions focused on solving hard Application and Cyber Security problems.

This is not a conference with unidirectional presentations. Using the same model as the past two OWASP Summits in Portugal, this 5-day event will be a high-energy experience, during which attendees get the chance to work and collaborate intensively. Every thoroughly prepared working session is geared towards a specific application security challenge and will be focused on actionable outcomes.

"The Best Real-Life InfoSec Problem Solving Event in the World" (and new Owasp Summit blog)

I just added a blog feature to the Owasp Summit site (which wasn't very hard since Jekyll is a blogging engine) which you can see at http://owaspsummit.org/website/blog.html

The first 3 posts are:

Monday 8 May 2017

FAQ on attendees count, working session format and how to contribute (as a vendor)

(email sent to all Owasp Summit participants)

Hi Summit Participants, please see below an email sent today in response to a couple questions we received from one of the companies in the Security Crowdsourcing space. See if you can guess which one :)

I'm sure some of you have similar questions, specially around the participation by vendors of security products/services in the Summit's Working Sessions

Btw, if you have questions that you think we have not provided good answers for, please reach out, and we will do our best to answer them

The Woodstock of AppSec and more Owasp Summit Working Sessions

(email sent to all onsite and remote Owasp Summit Participants)

Hi Summit Participants, I hope you had a great weekend. Here in London I meet with Ante Gulam for BBQ and we had a very productive Sunday (as you can see below)

Before I go into the details, I have a question for you: What do you think of this tag line for the Summit: "The Woodstock of AppSec"

Seba come up with it when we meet for lunch on Friday, when we were talking about the Summit's gravitational pull (as in 'the place to be', 'the place were the most interesting AppSec conversations will occur', 'the place where the best minds in XYZ topic will be together', 'the place where participants are trying to solve hard problems that I have today')

Sunday 7 May 2017

Help with OWASP Summit 2017 Outreach

(email I just sent to the owasp-leaders list)

Hi Owasp Leaders, I would like to ask you for some help in promoting the Owasp Summit 2017

We are now at phase of the Summit's journey, where we have reached critical mass, and really need your energy, collaboration and involvement.

About the Summit:

Owasp Summits are not a normal conference where attendees go to watch presentations. This is a highly collaborative environment made of Working Sessions, which are created by the participants around areas they are passionate about or have real-world problems they need solutions for. 

How the Summit's Working Sessions will work and Summit's Schedule

(email sent to all Summit registered participants)

Hi Summit Participants (BCCed). I have been receiving a number of questions about how the Working Sessions will be organised at the Summit, so here is an explanation of how they will be setup.

At the moment it might look a bit weird the fact that we have more Working Sessions (106) than participants (81). This is actually quite normal (at this stage), since we still have a large number of participants that will be registering in the next month, and a significant number of Working Sessions that will not have enough energy, content, focus or registrations to justify its inclusion in the final schedule.

Saturday 6 May 2017

19 new Owasp Summit 2017 Working Sessions

(email I just send to all onsite and remote Owasp Summit 2017 participants)

Hi Summit Participant (BCCed)

I hope you are having a good weekend and have some energy for some Summit related GitHub Pull Request activities :)

Thursday 4 May 2017

39 Working Sessions with no organizers, two new Gold Sponsors (CapitalOne and PhotoBox)

Thanks for the Owasp Summit Participants that added themselves as an organiser to 6 Working Sessions.

It's a great start, but, we need more :)

In fact we now have 39 Working Sessions that need organisers (two more than yesterday), because we added the following 8 new Working sessions (most with no organiser and very little content)

Wednesday 3 May 2017

Summit Working Sessions with NO organizer (please help)

(here is the email I just sent to all registered Owasp Summit 2017 participants which also applies to you (reader of my blog) :)  . Please take a good look at those 37 'Working Sessions with no organizer' and pick one to help) 

Hi Owasp Summit Participants (onsite and remote)

As you can see by the latest list of 76 Working Sessions, we have a quite a good number of very interesting/important topics to collaborate/work at the Summit (with more sessions being added daily).

We have grouped them into the following tracks and technologies: