tag:blogger.com,1999:blog-70615680545403012992024-02-07T21:02:45.406+00:00Dinis Cruz BlogA personal blog about: transforming Web Application Security into an 'Application Visibility' engine, the OWASP O2 Platform, Application/Data interoperability and a lot moreUnknownnoreply@blogger.comBlogger1289125tag:blogger.com,1999:blog-7061568054540301299.post-6498531157736608912018-12-12T01:15:00.002+00:002018-12-20T09:32:18.208+00:00Creating Wardley Maps using Lambda Functions One of the biggest limitations that I had when trying to use/create Wardley Maps was my inability to programatically create the maps (ideally via and DSL or something like DOT language).<br />
<br />
What I really wanted was to be able to create Maps from an serverless environment, namely from an Lambda Function.<br />
<br />
After some research, I was able to find a nice way to do just that <img alt=":slight_smile:" class="emoji" src="https://discourse-cdn-sjc2.com/standard10/images/emoji/twitter/slight_smile.png?v=6" style="border: 0px; height: 20px; max-height: 500px; max-width: 690px; vertical-align: middle; width: 20px;" title=":slight_smile:" /> (all the code is available on this GitHub repo <a href="https://github.com/pbx-gs/wardley-maps-generator" rel="nofollow noopener" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #0088cc; cursor: pointer; overflow-wrap: break-word; text-decoration-line: none;">https://github.com/pbx-gs/wardley-maps-generator <span class="badge badge-notification clicks" style="background-color: #e9e9e9; border-radius: 10px; border: none; color: #919191; display: inline-block; font-size: 0.7579em; line-height: 1; min-width: 8px; padding: 3px 5px; position: relative; text-align: center; top: -1px; vertical-align: middle; white-space: nowrap;" title="7 clicks">7</span></a>)<br />
<br />
After playing with a number of scenarios and techniques I zoomed in on the following tech stack:<br /><br />
<ul style="clear: both; margin: 0px; padding: 0px 0px 0px 40px;">
<li>AWS API Gateway exposes an url that calls an</li>
<li>Lambda function, which saves the data supplied (coffeescript) in a file that will be loaded by an HTML page</li>
<li>the html will load up <a href="http://visjs.org/" rel="nofollow noopener" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #0088cc; cursor: pointer; overflow-wrap: break-word; text-decoration-line: none;">visjs <span class="badge badge-notification clicks" style="background-color: #e9e9e9; border-radius: 10px; border: none; color: #919191; display: inline-block; font-size: 0.7579em; line-height: 1; min-width: 8px; padding: 3px 5px; position: relative; text-align: center; top: -1px; vertical-align: middle; white-space: nowrap;" title="1 click">1</span></a> which is what will render the graph (in the browser)</li>
<li>start a local python web server, that</li>
<li>uses pyppeteer to open up a headless version of chrome, and</li>
<li>opens the page exposed by the web server in the headless browser, and</li>
<li>takes screenshot of the page, and</li>
<li>returns png value (to the browser or lambda caller)</li>
<li>Hugo was also used locally during develpment</li>
</ul>
<strong><br /></strong>
<br />
<a name='more'></a><strong><br /></strong><br />
1. Here is the first ‘kinda useful’ version of the programatically generated map:<br />
<br />
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/b2e8392b1c930ccf7b3ce972bafd85a30a45ac69" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/b2e8392b1c930ccf7b3ce972bafd85a30a45ac69.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><img alt="image" height="431" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/b2e8392b1c930ccf7b3ce972bafd85a30a45ac69_1_690x431.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/b2e8392b1c930ccf7b3ce972bafd85a30a45ac69_1_690x431.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/b2e8392b1c930ccf7b3ce972bafd85a30a45ac69_1_1035x646.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/b2e8392b1c930ccf7b3ce972bafd85a30a45ac69.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; vertical-align: middle;" width="690" /><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 690px;">
<span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1200x750 156 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></div>
</a></div>
<br />
<strong><br /></strong>
2. Here are the nodes positioned by row and col<br />
<strong><br /></strong>
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/d1ffd921b41e5ee6555f934b3fd406dfd9a8b7e5" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/d1ffd921b41e5ee6555f934b3fd406dfd9a8b7e5.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><img alt="image" height="431" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/d1ffd921b41e5ee6555f934b3fd406dfd9a8b7e5_1_690x431.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/d1ffd921b41e5ee6555f934b3fd406dfd9a8b7e5_1_690x431.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/d1ffd921b41e5ee6555f934b3fd406dfd9a8b7e5_1_1035x646.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/d1ffd921b41e5ee6555f934b3fd406dfd9a8b7e5.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; vertical-align: middle;" width="690" /><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 690px;">
<span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1200x750 137 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></div>
</a></div>
<br />
<ol start="3" style="clear: both;">
<li>Here is the next evolution, now with the ability to control the position of the components by row and col</li>
</ol>
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/412b107eef0242881230f953807309c7cbd5da8b" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/412b107eef0242881230f953807309c7cbd5da8b.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><img alt="image" class="d-lazyload" data-src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/412b107eef0242881230f953807309c7cbd5da8b_1_690x431.jpeg" height="431" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/412b107eef0242881230f953807309c7cbd5da8b_1_690x431.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/412b107eef0242881230f953807309c7cbd5da8b_1_690x431.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/412b107eef0242881230f953807309c7cbd5da8b_1_1035x646.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/412b107eef0242881230f953807309c7cbd5da8b.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; transition: opacity 0.4s ease 0.75s; vertical-align: middle;" width="690" /><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 690px;">
<span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1200x750 154 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></div>
</a></div>
<br />
<ol start="4" style="clear: both;">
<li>Setting the springConstant to a low value seems to have the least side effects when adding the connections between components (note how it possible to overwrite specific node positions using the <code style="background: rgb(248, 248, 248); color: #333333; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace; font-size: 1em;">node_fixed_x_y</code> method)</li>
</ol>
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/5092d576b7777a9b9c251316b5397c134807ce47" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/5092d576b7777a9b9c251316b5397c134807ce47.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><img alt="image" class="d-lazyload" data-src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/5092d576b7777a9b9c251316b5397c134807ce47_1_690x431.jpeg" height="431" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/5092d576b7777a9b9c251316b5397c134807ce47_1_690x431.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/5092d576b7777a9b9c251316b5397c134807ce47_1_690x431.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/5092d576b7777a9b9c251316b5397c134807ce47_1_1035x646.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/5092d576b7777a9b9c251316b5397c134807ce47.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; transition: opacity 0.4s ease 0.75s; vertical-align: middle;" width="690" /><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 690px;">
<span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1200x750 169 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></div>
</a></div>
<br />
<ol start="5" style="clear: both;">
<li>Here is the first working(ish) POC trhat shows the value chain</li>
</ol>
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/3c7875776972d079aac19ff47adc0894265f9ccd" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/3c7875776972d079aac19ff47adc0894265f9ccd.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><img alt="image" class="d-lazyload" data-src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/3c7875776972d079aac19ff47adc0894265f9ccd_1_690x431.jpeg" height="431" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/3c7875776972d079aac19ff47adc0894265f9ccd_1_690x431.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/3c7875776972d079aac19ff47adc0894265f9ccd_1_690x431.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/3c7875776972d079aac19ff47adc0894265f9ccd_1_1035x646.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/3c7875776972d079aac19ff47adc0894265f9ccd.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; transition: opacity 0.4s ease 0.75s; vertical-align: middle;" width="690" /><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 690px;">
<span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1200x750 160 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></div>
</a></div>
<br />
<ol start="6" style="clear: both;">
<li>Since we are drawing the map in an HTML 5 canvas, we can start to add shapes and text</li>
</ol>
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/61088adfd1276f4f221d44bc4f9fa56329a02944" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/61088adfd1276f4f221d44bc4f9fa56329a02944.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><img alt="image" class="d-lazyload" data-src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/61088adfd1276f4f221d44bc4f9fa56329a02944_1_690x431.jpeg" height="431" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/61088adfd1276f4f221d44bc4f9fa56329a02944_1_690x431.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/61088adfd1276f4f221d44bc4f9fa56329a02944_1_690x431.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/61088adfd1276f4f221d44bc4f9fa56329a02944_1_1035x646.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/61088adfd1276f4f221d44bc4f9fa56329a02944.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; transition: opacity 0.4s ease 0.75s; vertical-align: middle;" width="690" /><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 690px;">
<span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1200x750 157 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></div>
</a></div>
<br />
<ol start="7" style="clear: both;">
<li>version that just about looks like the original version of the ‘tea’ map <img alt=":slight_smile:" class="emoji" src="https://discourse-cdn-sjc2.com/standard10/images/emoji/twitter/slight_smile.png?v=6" style="border: 0px; height: 20px; max-height: 500px; max-width: 690px; vertical-align: middle; width: 20px;" title=":slight_smile:" /></li>
</ol>
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/b543ac9f611071527faa54923592245fc926199e" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/b543ac9f611071527faa54923592245fc926199e.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><img alt="image" class="d-lazyload" data-src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/b543ac9f611071527faa54923592245fc926199e_1_690x431.jpeg" height="431" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/b543ac9f611071527faa54923592245fc926199e_1_690x431.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/b543ac9f611071527faa54923592245fc926199e_1_690x431.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/b543ac9f611071527faa54923592245fc926199e_1_1035x646.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/b543ac9f611071527faa54923592245fc926199e.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; transition: opacity 0.4s ease 0.75s; vertical-align: middle;" width="690" /><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 690px;">
<span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1200x750 158 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></div>
</a></div>
<br />
<ol start="8" style="clear: both;">
<li>Here is the first pass at running the transformation inside a lambda function</li>
</ol>
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/c6c9cabb81fe3364f2ec1d60547c3d4e61a69667" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/c6c9cabb81fe3364f2ec1d60547c3d4e61a69667.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><img alt="image" class="d-lazyload" data-src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/c6c9cabb81fe3364f2ec1d60547c3d4e61a69667_1_690x431.jpeg" height="431" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/c6c9cabb81fe3364f2ec1d60547c3d4e61a69667_1_690x431.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/c6c9cabb81fe3364f2ec1d60547c3d4e61a69667_1_690x431.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/c6c9cabb81fe3364f2ec1d60547c3d4e61a69667_1_1035x646.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/c6c9cabb81fe3364f2ec1d60547c3d4e61a69667.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; transition: opacity 0.4s ease 0.75s; vertical-align: middle;" width="690" /><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 690px;">
<span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1200x750 150 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></div>
</a></div>
<br />
<ol start="9" style="clear: both;">
<li>here is the first PDF of an swardley Map generated inside an Lambda function (with all values provided programatically)</li>
</ol>
<br />
<div class="lightbox-wrapper" style="display: inline-block; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/e190e4b20361c0a909199379e406f5b2f3849f6d" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/e190e4b20361c0a909199379e406f5b2f3849f6d.jpeg" rel="nofollow noopener" style="background: rgb(233, 233, 233); color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="image.jpg"><span style="color: #0088cc;"><span style="background: rgb(233, 233, 233); border-color: initial; border-image: initial; border-style: initial; cursor: pointer; display: inline-block; object-position: center top; outline-color: initial; outline-style: initial; position: relative; transition-property: opacity;"><img alt="image" class="d-lazyload" data-src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/e190e4b20361c0a909199379e406f5b2f3849f6d_1_646x500.jpeg" height="500" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/e190e4b20361c0a909199379e406f5b2f3849f6d_1_646x500.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/e190e4b20361c0a909199379e406f5b2f3849f6d_1_646x500.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/e190e4b20361c0a909199379e406f5b2f3849f6d_1_969x750.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/e190e4b20361c0a909199379e406f5b2f3849f6d.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; object-fit: cover; object-position: center top; outline: 0px; transition: opacity 0.4s ease 0.75s; vertical-align: middle;" width="646" /></span></span><div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: #919191; cursor: pointer; display: inline-block; font-weight: bold; opacity: 0; outline: 0px; overflow-wrap: break-word; position: absolute; text-decoration-line: none; transition: opacity 0.2s ease 0s; width: 646px;">
<span class="filename" style="float: left; font-family: Helvetica, Arial, sans-serif; font-size: 14px; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">image.jpg</span><span class="informations" style="color: #a6a6a6; float: left; font-family: Helvetica, Arial, sans-serif; font-size: 14px; margin: 6px; outline: 0px; padding-right: 20px;">1200x928 144 KB</span><div>
<br /></div>
</div>
</a></div>
<i style="background-color: white; color: #222222; font-family: helvetica, arial, sans-serif; font-size: 14px;"><br /></i>
<i style="background-color: white; color: #222222; font-family: helvetica, arial, sans-serif; font-size: 14px;"><b><br />See also : </b></i><span style="color: #222222; font-family: helvetica, arial, sans-serif;"><span style="font-size: 14px;"><i><a href="http://blog.diniscruz.com/2018/12/3-wardley-maps-templates-im-using-to.html">3 Wardley Maps Templates I’m using to talk to Generation Z Developers </a></i></span></span><br />
<i style="background-color: white; color: #222222; font-family: helvetica, arial, sans-serif; font-size: 14px;"><br />(This was originally posted at </i><a href="https://community.z-developers.com/t/creating-wardley-maps-using-lambda-functions/48"><i>https://community.z-developers.com/t/creating-wardley-maps-using-lambda-functions/48</i></a><i style="background-color: white; color: #222222; font-family: helvetica, arial, sans-serif; font-size: 14px;">, please go there and add your comments to it)</i><br /><br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-83063105684498273582018-12-12T00:44:00.001+00:002018-12-20T09:33:06.598+00:003 Wardley Maps Templates I’m using to talk to Generation Z Developers <div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
Hi, as part of the content I’m writing for my “Generation Z Developers” book (see <a href="https://z-developers.com/" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; overflow-wrap: break-word; text-decoration-line: none;">https://z-developers.com</a>), I have created the following 3 templates to help engaging Gen Zs (kids and young adults born after 1996) into how to start mapping their life.</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
A key objective with these maps is to dispel a number of myths that a lot of amazing talented people have about development / programming (namely that learning how to program multiple languages is the MOST importing skillset and they they are not good at technology or development)</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<strong>The 1st one</strong> is an empty map that can be used as a template.</div>
<a name='more'></a><br />
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
</div>
<div class="lightbox-wrapper" style="background-color: white; color: #222222; display: inline-block; font-family: Helvetica, Arial, sans-serif; font-size: 14px; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/3646c7632599a43fe6bae72bafbdaba8a768661d" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/3646c7632599a43fe6bae72bafbdaba8a768661d.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.001.jpeg"><img alt="001" height="500" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/3646c7632599a43fe6bae72bafbdaba8a768661d_1_666x500.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/3646c7632599a43fe6bae72bafbdaba8a768661d_1_666x500.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/3646c7632599a43fe6bae72bafbdaba8a768661d_1_999x750.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/3646c7632599a43fe6bae72bafbdaba8a768661d.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; outline: 0px; vertical-align: middle;" width="666" /></a><br />
<div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: white; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 666px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/3646c7632599a43fe6bae72bafbdaba8a768661d" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/3646c7632599a43fe6bae72bafbdaba8a768661d.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.001.jpeg"><span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">GEN-Z-Templates.001.jpeg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1024x768 113 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></a></div>
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/3646c7632599a43fe6bae72bafbdaba8a768661d" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/3646c7632599a43fe6bae72bafbdaba8a768661d.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.001.jpeg">
</a></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
In order to facilitate the conversations with the Gen Zs, for the evolution’s X axis, I used these values:</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<ul style="background-color: white; clear: both; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px; padding: 0px 0px 0px 40px;">
<li>don’t know</li>
<li>used it</li>
<li>good at it</li>
<li>expert</li>
</ul>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
I know that they are a bit different from the traditional Wardley maps evolution values, but these 4 work work quite well with GenZ.</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
Note: the ‘map’ part of the image below was generated using a lambda function (see my next post). The layout was done on Keynote</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<strong>The 2nd one</strong> is where it gets interesting.</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
</div>
<div class="lightbox-wrapper" style="background-color: white; color: #222222; display: inline-block; font-family: Helvetica, Arial, sans-serif; font-size: 14px; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/44be0b0141829c2a98400041aed14942969428c3" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/44be0b0141829c2a98400041aed14942969428c3.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.003.jpeg"><img alt="003" height="500" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/44be0b0141829c2a98400041aed14942969428c3_1_666x500.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/44be0b0141829c2a98400041aed14942969428c3_1_666x500.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/44be0b0141829c2a98400041aed14942969428c3_1_999x750.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/44be0b0141829c2a98400041aed14942969428c3.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; outline: 0px; vertical-align: middle;" width="666" /></a><br />
<div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: white; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 666px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/44be0b0141829c2a98400041aed14942969428c3" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/44be0b0141829c2a98400041aed14942969428c3.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.003.jpeg"><span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">GEN-Z-Templates.003.jpeg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1024x768 209 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></a></div>
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/44be0b0141829c2a98400041aed14942969428c3" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/44be0b0141829c2a98400041aed14942969428c3.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.003.jpeg">
</a></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
I use this map to ask Gen Zs to draw/add the topics provided in the bullet points (based on their skill, experience and knowledge).</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
The punch-line is that the items on the 3rd column are not the ones that matter. For example I had a number of Gen Zs that said they really didn’t like coding. But in the map, Minecrat was all the way to the right (i.e. they were experts in Minecraft).</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
When we expanded on how they used Minecraft, I could tell they were able to create amazing things (showing good taste, architectural concepts, planning, attention to detail, passion and creativity). Some were even able to run their own servers and run tons of commands (via Minecraft command line interface). Basically they already had all the qualities that we want to see in a good developer.</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<strong><br /></strong></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<strong>The 3rd map</strong> is a variation of the 2nd one where I ask the GenZ to plot where they are in the MVP (Minimum Viable Product) technologies and workflows described in book (note that diagram was created using PlantUml)</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
</div>
<div class="lightbox-wrapper" style="background-color: white; color: #222222; display: inline-block; font-family: Helvetica, Arial, sans-serif; font-size: 14px; outline: 0px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/bf3d014c09c2a044bea3fbd4636297f121960b59" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/bf3d014c09c2a044bea3fbd4636297f121960b59.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.002.jpeg"><img alt="002" height="500" src="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/bf3d014c09c2a044bea3fbd4636297f121960b59_1_666x500.jpeg" srcset="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/bf3d014c09c2a044bea3fbd4636297f121960b59_1_666x500.jpeg, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/optimized/1X/bf3d014c09c2a044bea3fbd4636297f121960b59_1_999x750.jpeg 1.5x, https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/bf3d014c09c2a044bea3fbd4636297f121960b59.jpeg 2x" style="border: 0px; max-height: 500px; max-width: 690px; outline: 0px; vertical-align: middle;" width="666" /></a><br />
<div class="meta" style="background: rgb(34, 34, 34); bottom: 0px; color: white; font-weight: bold; opacity: 0; outline: 0px; position: absolute; transition: opacity 0.2s ease 0s; width: 666px;">
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/bf3d014c09c2a044bea3fbd4636297f121960b59" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/bf3d014c09c2a044bea3fbd4636297f121960b59.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.002.jpeg"><span class="filename" style="float: left; margin: 6px 6px 2px; max-width: 100%; outline: 0px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap;">GEN-Z-Templates.002.jpeg</span><span class="informations" style="color: #a6a6a6; float: left; font-size: 1em; margin: 6px; outline: 0px; padding-right: 20px;">1024x768 249 KB</span><span class="expand" style="bottom: 2px; float: left; outline: 0px; position: absolute; right: 7px;"></span></a></div>
<a class="lightbox" data-download-href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/bf3d014c09c2a044bea3fbd4636297f121960b59" href="https://discourse-cdn-sjc2.com/standard10/uploads/z_developers/original/1X/bf3d014c09c2a044bea3fbd4636297f121960b59.jpeg" rel="nofollow noopener" style="background: transparent; color: #0088cc; cursor: pointer; display: inline-block; outline: 0px; overflow-wrap: break-word; position: relative; text-decoration-line: none;" title="GEN-Z-Templates.002.jpeg">
</a></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
What do you think?</div>
<div style="background-color: white; color: #222222; font-family: Helvetica, Arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="background-color: white;">
<span style="color: #222222; font-family: helvetica, arial, sans-serif;"><span style="font-size: 14px;">Does it make sense ?</span></span><br /><br /><span style="color: #222222; font-family: helvetica, arial, sans-serif;"><span style="font-size: 14px;"><b>See also:</b> <a href="http://blog.diniscruz.com/2018/12/creating-wardley-maps-using-lambda.html">Creating Wardley Maps using Lambda Functions</a> </span></span><br />
<div style="color: #222222; font-family: helvetica, arial, sans-serif; font-size: 14px;">
<br /></div>
<div style="color: #222222; font-family: helvetica, arial, sans-serif; font-size: 14px;">
<i>(This was originally posted at https://community.z-developers.com/t/3-templates-im-using-to-talk-to-generation-z-developers/47, please go there and add your comments to it)</i></div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-46036789664859162932018-12-11T08:30:00.000+00:002018-12-11T08:31:01.990+00:00Please take a look my new https://z-developers.com website (and maybe get some Christmas shopping done)In order to help with the "<a href="https://z-developers.com/products/gen-z-developers-key-concepts-and-ideas-for-the-next-generation-of-developers">Generation Z Developers</a>" book I'm writing, I created the <a href="https://z-developers.com/">https://z-developers.com</a> website to centralise all content and products I created based on the book.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSnFI7wdsa9gebTLbCVXKtISoWZ3DX-SamoE6CARmNhWn2lsAPMQCCDc1dlRqdZXv0JjRbKjMZtru7gSyAfgaJ4ElndBg9FwDJaWIvfDqo3JsLeUMEJ21Wn9ENk1sixrPHH-Qoz_S80ahG/s1600/Screenshot+2018-12-11+at+08.00.37.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="858" data-original-width="1600" height="342" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSnFI7wdsa9gebTLbCVXKtISoWZ3DX-SamoE6CARmNhWn2lsAPMQCCDc1dlRqdZXv0JjRbKjMZtru7gSyAfgaJ4ElndBg9FwDJaWIvfDqo3JsLeUMEJ21Wn9ENk1sixrPHH-Qoz_S80ahG/s640/Screenshot+2018-12-11+at+08.00.37.png" width="640" /></a></div>
<br />
It would be great if you could take a look and share it with your friends :)<br />
<br />
<br />
<a name='more'></a>Using Shopify (which is amazing btw), I was able to easily add integrations with Instagram and Facebook, so if you are on those platforms please share it with your followers (you can even start buying the products directly from Facebook or instagram)<br />
<br />
Here is the facebook page: <a href="https://www.facebook.com/zdevelopers/">https://www.facebook.com/zdevelopers/</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.facebook.com/zdevelopers/"><img border="0" data-original-height="1240" data-original-width="1578" height="251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCgemUo3Sm9OIXcCR_MmXWDlz-XBdraKNUSEg3IyVIwcNhcwswwN79UDX-VqhlQqeOV1S_IEcO-y9MQNH8n4OAp6nLr_DihfOnz_Oqa8uguk9FS9K9YfJla6ziWxxFj4KXgQx8MxBEhU_e/s320/Screenshot+2018-12-10+at+22.47.57.png" width="320" /></a></div>
<br />
Here is the instagram page: <a href="https://www.instagram.com/genz_devs/">https://www.instagram.com/genz_devs/</a><br />
<span style="color: #0000ee;"><u><br /></u></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="margin-left: 1em; margin-right: 1em;"><a href="https://www.instagram.com/genz_devs/"><img border="0" data-original-height="1074" data-original-width="1356" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUavx1tUO3LvQzpGtMTt7lQFdBso5LRKNbuK1y_UQvyuRtevnZ1bYpaiF9PIiQMNMUU8GFOIFMZNhT-tybJmZ_FWHyTIfn349cq6oYdc2X1EvtmjIgT-59ix2RCwhyphenhyphenc-qtKOAzQpSfqD0q/s320/Screenshot+2018-12-10+at+22.54.28.png" width="320" /></a></span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
In order to create a community (and to be able to answer the multiple questions I receive from GenZs and GenZ parents) I created (based on the amazing <a href="https://www.discourse.org/">Discourse</a> platform) a Discussion Forum environment that you can find at <a href="https://community.z-developers.com/">https://community.z-developers.com/</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFag2IupkGH_WMmnEafNtv2fs9jh3jw0KzrJp1ztEZnFjgxr4ZviD2zQA8riLr9JIB7E1couVQcnnfH-uFwLqlto3shEoL_kWjkw5knKA4vSf-ctuEWKbhi2u9PfDIJ25sQF18G-xz-PT0/s1600/Screenshot+2018-12-11+at+08.09.35.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="710" data-original-width="1600" height="177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFag2IupkGH_WMmnEafNtv2fs9jh3jw0KzrJp1ztEZnFjgxr4ZviD2zQA8riLr9JIB7E1couVQcnnfH-uFwLqlto3shEoL_kWjkw5knKA4vSf-ctuEWKbhi2u9PfDIJ25sQF18G-xz-PT0/s400/Screenshot+2018-12-11+at+08.09.35.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
I also created some products around the ideas I talk about in the book. You can buy them <a href="https://z-developers.com/collections/all">from the z-developers.com website</a> , and I hope they are nice Christmas presents for your GenZ friends or relatives :)</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Important note:</b> please order before the 15th f December so that I can get them on time delivered to you on time.</div>
<div class="separator" style="clear: both; text-align: left;">
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbYbPQsqoZTFSwxhw9a_9_7X7ymRZmuSEJNSie0lAL7_cIsOAALqCtaxKwzmj2SA6mZ4_1YVuPh7xk1eiFSIrgj-y-KXhjBNS9e8RI4yzb23fjdw9AYGxr1CHgOSQShGnnzQUvU9jD7XH-/s1600/Screenshot+2018-12-11+at+08.12.06.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1372" data-original-width="1274" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbYbPQsqoZTFSwxhw9a_9_7X7ymRZmuSEJNSie0lAL7_cIsOAALqCtaxKwzmj2SA6mZ4_1YVuPh7xk1eiFSIrgj-y-KXhjBNS9e8RI4yzb23fjdw9AYGxr1CHgOSQShGnnzQUvU9jD7XH-/s640/Screenshot+2018-12-11+at+08.12.06.png" width="594" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNTVj1ojS6I5S-EESL0m0K_0G-9Dzw3Tf7t9p6NAujcvbY6VZX0afECv6uAqPcvUOmVc2RZYGbyFydJWfJORYR1W9mTUwCPBqA67Ag4Lnq7sl9RSOC4rCkn2wehsvzmIsPs4rla9LqxV_5/s1600/Screenshot+2018-12-11+at+08.12.26.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="466" data-original-width="1600" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNTVj1ojS6I5S-EESL0m0K_0G-9Dzw3Tf7t9p6NAujcvbY6VZX0afECv6uAqPcvUOmVc2RZYGbyFydJWfJORYR1W9mTUwCPBqA67Ag4Lnq7sl9RSOC4rCkn2wehsvzmIsPs4rla9LqxV_5/s640/Screenshot+2018-12-11+at+08.12.26.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
You can get the book from:</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ul>
<li><a href="https://z-developers.com/products/gen-z-developers-key-concepts-and-ideas-for-the-next-generation-of-developers">z-developers.com website</a></li>
<li><a href="https://www.amazon.co.uk/Gen-Developers-concepts-generation-developers/dp/1724194607/">Amazon</a> (worldwide and with next day delivery)</li>
<li><a href="https://leanpub.com/generation-z/">Leanpub</a> (available for free if you set the price to zero)</li>
<li><a href="https://github.com/DinisCruz/Book_Generation_Z_Developer">GitHub</a> (all content and pdf of latest version)</li>
</ul>
<div>
Please read it and write a review :)</div>
<div>
<br /></div>
<div>
Here are some nice comments and testimonials that I have received:</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggj48ivpT_kNEktSOWELI-FGw7FQAvYApSgOrsh4YZ1dfGAJfsh_zVZyEXqlxl962P635VEsAZ6Hy9ws6bZ-ttwdXQ3yEaumaFWMqQLQ4ByiIIZJmDpjEmmP4SmU0YryIw-V2RJyWjaNRD/s1600/Screenshot+2018-12-11+at+08.17.36.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="975" data-original-width="1388" height="448" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggj48ivpT_kNEktSOWELI-FGw7FQAvYApSgOrsh4YZ1dfGAJfsh_zVZyEXqlxl962P635VEsAZ6Hy9ws6bZ-ttwdXQ3yEaumaFWMqQLQ4ByiIIZJmDpjEmmP4SmU0YryIw-V2RJyWjaNRD/s640/Screenshot+2018-12-11+at+08.17.36.png" width="640" /></a></div>
<div>
</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Thanks for you help, and please start some conversations at <a href="https://community.z-developers.com/">https://community.z-developers.com/</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br />
<br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-47620277934404682712018-10-07T21:47:00.003+01:002018-10-07T21:47:48.434+01:00Just published new version of "Generation Z Developers" book (v0.60)I've been working on a new book called "Generation Z Developers" and I really would like your feedback (you can get it for free from Leanpub at <a href="https://leanpub.com/generation-z">https://leanpub.com/generation-z</a>)<br />
<br />
In this version:<br />
<br />
- Content fixes and contributions by: Mike Eriksson, Michael Chadwick and Claudio Camerino<br />
- New book cover<br />
- New chapters:<br />
- DOT Language<br />
- AST (Abstract Syntax Tree)<br />
- Being criticized is an privilege<br />
<br />
Here is the diff with the previous version: <a href="https://github.com/DinisCruz/Book_Generation_Z_Developer/compare/v0.50...v0.60">v0.50...v0.60</a>]<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://leanpub.com/generation-z"><img border="0" data-original-height="932" data-original-width="1600" height="372" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjr5MZgKcdEcQXYcnHQJY3-T-Idw7pMe4w79gppMO76AMoOrhDPQWBCpNPfJ9YRflbrxg_QZlXMnlqbdMOgaUwpR5mqggEemXDAxP0YOBFII57PBWyhimONQmq0ESlK7fzal5HUkBBFifpM/s640/Screen+Shot+2018-10-07+at+21.46.34.png" width="640" /></a></div>
<br />
<br />
<br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-34636594020086275612018-10-07T19:57:00.001+01:002018-10-07T19:57:26.200+01:00Published 3 new chapters from the Generation Z Developers bookI just published the following 3 posts on medium with the content of the respective chapters on the "<a href="https://leanpub.com/generation-z/">Generation Z Developers</a>" book I'm currently writing:<br />
<br />
<ul>
<li><a href="https://medium.com/@dinis.cruz/dot-language-graph-based-diagrams-c3baf4c0decc">Dot Language (graph based diagrams)</a> </li>
<li><a href="https://medium.com/@dinis.cruz/ast-abstract-syntax-tree-538aa146c53b">AST (Abstract Syntax Tree)</a> </li>
<li><a href="https://medium.com/@dinis.cruz/being-criticized-is-an-privilege-d9a91e9a2284">Being criticized is an privilege</a> </li>
</ul>
<br />
Check out these posts and let me know what you think of them (all content is at <a href="https://github.com/DinisCruz/Book_Generation_Z_Developer">this GitHub repo</a> and you can use GitHub issues and Pull Requests to send your feedback)Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-13958203393949821552018-10-04T14:10:00.001+01:002018-10-04T14:10:16.514+01:00My comments on the "Open Letter to the OWASP Board from the OWASP Chapters"Thanks Josh (and others who put this <a href="http://lists.owasp.org/pipermail/owasp-chapters/2018-October/001285.html">Open Letter together</a>) for the effort and passion on Owasp and in continuing to try to find solutions to improve the current situation<br />
<br />
Although I don't agree 100% with the solutions presented in this document (see some of my ideas below), I'm happy to sign it since this is the kind of fact based discussions and conversations that we must have as a community (one request, can we put this letter in a GitHub repo so that we can send comments using git and sign it using Pull Requests)<br />
<br />
Note that I have not been that involved lately in Owasp foundation threads (including reading all my @owasp.org email), but the key themes of decentralisation and openness are key for Owasp future and require creative solutions<br />
<br />
My view on situations like this Open Letter, is that this is a great example of the passion that our community has for Owasp (which is a very positive thing). It is not good that they needed to resort to an Open Letter to raise the issue, but what is important is how we all react to the challenge and help to improve Owasp's future and organisation<br />
<br />
<a name='more'></a><br />
In terms of improving the current operational model, here are ideas I would like to see implemented, that I believe would help with the current friction points and unblock Owasp:<br />
<br />
<ul>
<li>Creation of Global Committees (and let the Owasp leaders who want to work for the foundation for free, get on with it and propose solutions)</li>
<li>Creation of a global fund available to ALL chapters and projects</li>
<li>Hiring of operational resources (via Upwork for example) allocated to local chapters/projects (with a remit to also help a bit centrally)</li>
<li>Proactive central use (by Owasp Foundation) of the chapters/projects funds on activities that directly benefit those chapters or projects (like the idea above to hire resources to help projects or chapters)</li>
<li>Bring Owasp leaders together in events like the <a href="https://open-security-summit.org/">Owasp Summits</a> (which is where a lot of the strong bonds that exist today between the Owasp leadership community have been created, and where a lot of work on Owasp projects and chapters gets done)</li>
<li>Be radically transparent and open with what happens in the foundation, where just about everything is shared and made available publicly (from comms , to finances , to requests processed, to current tasks being done). My view has always been that the Owasp employees work crazy hard and create magic every day. Unfortunately the visibility of what they do is not clear to the rest of the Owasp community, which tends to create the situation and feeling in the wider community of<i> 'what are they doing all day?' </i></li>
</ul>
I also would like to see the current Owasp board (and other Owasp leaders concerned with the governance of Owasp) to REACH OUT to Owasp leaders that have been here for a while (who passionately believe in Owasp, since after all we helped to build Owasp), in order to ASK for their ADVISE and LISTEN to their views and ideas (all these comms should also be opened and 'on the record')<br />
<br />
This last point is the most important one. One of Owasp's main assets is the amazing set of talented individuals that loves Owasp and wants to help.<br />
<br />
I am one of those individuals and unless I missed it, I don't think that I have been requested to help out (and as you can see by this email, I want to help)<br />
<br />
If you want to read more ideas (that can be implemented now) please see my "I wish that Owasp in 2014..." blog post at: <a href="http://blog.diniscruz.com/2012/11/i-wish-that-owasp-in-2014.html">http://blog.diniscruz.com/2012/11/i-wish-that-owasp-in-2014.html</a><br />
<br />
I also published a book a while back on leanpub called "Thoughts on Owasp" made of the multiple blog posts I wrote about Owasp when I was an Owasp board member. You can get this book for free at <a href="https://leanpub.com/Thoughts_OWASP">https://leanpub.com/Thoughts_OWASP</a>. I wonder how many board members have read it? (note that the amount of feedback that I have received on that book as been very little)<br />
<br />
So ... let's take Owasp to another level and let me know how I can helpUnknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-56503374713483048482018-06-05T00:47:00.000+01:002018-06-05T00:48:16.202+01:00Great first day and Tuesday Schedule for Open security SummitHere are some cool photos from the 1st day of the <a href="https://open-security-summit.org/">Open Security Summit</a> 2018<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi5us76SOKHCQMXXdCp2wL-3Zfw6MFXHDWMdgt-Mw1IlGTokXweeYTo-kKjqmDnKrQX0LWXEv6qQAlkSrzyRfQXruP4b8pTGDOl3Wnee2lxuNJTAFzrUAlocpWZJ5aM0aeKOh2qCeRu-4/s1600/Screen+Shot+2018-06-05+at+00.40.34.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1258" data-original-width="1078" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgi5us76SOKHCQMXXdCp2wL-3Zfw6MFXHDWMdgt-Mw1IlGTokXweeYTo-kKjqmDnKrQX0LWXEv6qQAlkSrzyRfQXruP4b8pTGDOl3Wnee2lxuNJTAFzrUAlocpWZJ5aM0aeKOh2qCeRu-4/s320/Screen+Shot+2018-06-05+at+00.40.34.png" width="274" /></a> </div>
<br />
<a name='more'></a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKTfDF_-ADZaeUIcesmRSXMumjviXrI-OSg5A0uVWIKN7I9sZRumTwH_LQaI2O2byOkE5FwVxZZw3SBjAdt4q6sez26ctY2ei-e-F9dFOgpZ60EISArCXpgk4wAqgUdA8XDPy5eS3LMzI/s1600/Screen+Shot+2018-06-05+at+00.40.40.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="848" data-original-width="1086" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKTfDF_-ADZaeUIcesmRSXMumjviXrI-OSg5A0uVWIKN7I9sZRumTwH_LQaI2O2byOkE5FwVxZZw3SBjAdt4q6sez26ctY2ei-e-F9dFOgpZ60EISArCXpgk4wAqgUdA8XDPy5eS3LMzI/s320/Screen+Shot+2018-06-05+at+00.40.40.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Here is what will happen tomorrow</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZMHkRQab6vT12_C_1FXzYrC5zJTZ3p1nHq8AVFmprswY-A3BSNaTM4VIJOa_gaMe7KEOJBGbMdZ4PSd0fbsyNd8fhbAQsuhpiYQ3GY6ZmGOFrPz_ALZJVvEV2LA1-4fnvETT72HiNBUw/s1600/Screen+Shot+2018-06-05+at+00.41.01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="840" data-original-width="1600" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZMHkRQab6vT12_C_1FXzYrC5zJTZ3p1nHq8AVFmprswY-A3BSNaTM4VIJOa_gaMe7KEOJBGbMdZ4PSd0fbsyNd8fhbAQsuhpiYQ3GY6ZmGOFrPz_ALZJVvEV2LA1-4fnvETT72HiNBUw/s640/Screen+Shot+2018-06-05+at+00.41.01.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheA7tTf6qAiHXf_pgp__6j0tMn42sTYbs-3Dg-snhDuFnvY9nyFD9T8BWHL8dj9MlxlQH8pHc2gHELqOggjY5dBkad9l8l6XtaozyjJbsQdW0hYKfS1881lk_2rZ1VQoLuoLvTG55_Mw4/s1600/Screen+Shot+2018-06-05+at+00.42.51.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="783" data-original-width="1600" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheA7tTf6qAiHXf_pgp__6j0tMn42sTYbs-3Dg-snhDuFnvY9nyFD9T8BWHL8dj9MlxlQH8pHc2gHELqOggjY5dBkad9l8l6XtaozyjJbsQdW0hYKfS1881lk_2rZ1VQoLuoLvTG55_Mw4/s640/Screen+Shot+2018-06-05+at+00.42.51.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgp8Yagy3bIm6hGkiGoVXlGorZLIldxK8Ag4RoMx1Ex-Og3LnWQiCP75k0q8XRVzrYnbNdPh1SQJULu4lS_iSXYD83_Y4_5sTCFR6pTRB3OxW_zmm_7d-aCSDxbCHCsPIHznMgSz0YNGro/s1600/Screen+Shot+2018-06-05+at+00.43.03.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="829" data-original-width="1600" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgp8Yagy3bIm6hGkiGoVXlGorZLIldxK8Ag4RoMx1Ex-Og3LnWQiCP75k0q8XRVzrYnbNdPh1SQJULu4lS_iSXYD83_Y4_5sTCFR6pTRB3OxW_zmm_7d-aCSDxbCHCsPIHznMgSz0YNGro/s640/Screen+Shot+2018-06-05+at+00.43.03.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Dinis Cruzhttp://www.blogger.com/profile/01508591064643847461noreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-68617307761342083962018-06-04T08:33:00.000+01:002018-06-05T08:33:13.840+01:00Looking for your next challenge, join the Photobox Group Security TeamLast year I took on the role of <a href="https://pbx-group-security.com/">Photobox Group Security</a> CISO and was given a strong mandate to transform the Group's security activities and build a modern security function<br />
<br />
After building a great team and creating a strong foundation, we are looking for 3 senior security leaders to take us to the next level:<br />
<br />
<ul>
<li><a href="https://pbx-group-security.com/roles/permanent/head-of-appsec/">Head of AppSec</a> </li>
<li><a href="https://pbx-group-security.com/roles/permanent/head-of-detect/">Head of Incident Response</a></li>
<li><a href="https://pbx-group-security.com/roles/permanent/head-of-cloud-security/">Head of Cloud Security</a></li>
</ul>
If you are looking for an environment where you will make a big difference, where you will learn constantly and will work on an empowered environment, then Photobox Group Security is for you :)<br />
<br />
If you know me from my open source contributions, event speaking and leadership roles (past member of Owasp Board and creator of the Owasp Summits), you know that I'm a very strong believer in Openness, Trust, Quality, doing the 'right thing' and building high effective teams.<br />
<br />
For more details on how we approach security, see this post I wrote on the Photobox Group Security website <a href="https://pbx-group-security.com/blog/2017/12/11/why-join-photobox-group-security/">Why join Photobox Group Security</a> and this post from the Group's CTO <a href="https://pbx-group-security.com/blog/2017/12/17/how-we-think-about-security/">How we think about Security</a><br />
<br />
If you are interested in these roles, and are around London this week (4th to 8th of June), the best place to meet the team is at the Open Security Summit (<a href="https://open-security-summit.org/">https://open-security-summit.org</a>). This is where you will meet most of the team and we will be able to see you in action. As a sponsor for this event we still have some day tickets available, so let us know if you need oneDinis Cruzhttp://www.blogger.com/profile/01508591064643847461noreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-7406563061331872382018-03-19T10:54:00.001+00:002018-03-19T10:54:16.905+00:00GDPR Patterns - Working Session tomorrow<span style="background-color: white; color: #555555; font-size: 14px; orphans: 2; widows: 2;"><i><span style="font-family: Arial, Helvetica, sans-serif;">(From this <a href="https://open-security-summit.org/working-sessions/pre-summit/gdpr-patterns/">GDPR Patterns Working Sessions</a> page)</span></i></span><br />
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">You can participate online (London) or remotely. Get your <a href="https://www.eventbrite.com/e/owasp-working-session-tickets-42421937156" style="background-color: transparent; box-sizing: border-box; color: #6aae7a; text-decoration: none; transition: all 0.2s ease-out;">ticket here</a></span></div>
<figure style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin: 0px; orphans: 2; widows: 2;"><span style="font-family: Arial, Helvetica, sans-serif;"><img src="https://user-images.githubusercontent.com/656739/37588814-41f2252c-2b5b-11e8-928a-d314c2206bd2.png" style="border: 0px; box-sizing: border-box; vertical-align: middle;" width="540" /></span></figure><h3 id="what-are-gdpr-patterns" style="background-color: white; box-sizing: border-box; color: #00549e; font-size: 24px; font-variant-ligatures: normal; line-height: 1.1; margin-bottom: 20px; margin-top: 20px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">What are GDPR Patterns?</span></h3>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">They are reusable mappings of data journeys across specific threat modeling scenarios.</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">The idea is to take the diagram below and map specific scenarios to it.</span></div>
<a name='more'></a><br />
<figure style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin: 0px; orphans: 2; widows: 2;"><span style="font-family: Arial, Helvetica, sans-serif;"><img src="https://user-images.githubusercontent.com/656739/37588949-ac1bfc84-2b5b-11e8-832b-3732595bb25f.png" style="border: 0px; box-sizing: border-box; vertical-align: middle;" width="540" /></span></figure><h3 id="based-on-threat-models" style="background-color: white; box-sizing: border-box; color: #00549e; font-size: 24px; font-variant-ligatures: normal; line-height: 1.1; margin-bottom: 20px; margin-top: 20px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">‘Based on Threat Models?’</span></h3>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">Threat models diagrams are perfect sources of data mappings since they already mapped the flows of data (where it comes from and where they go to)</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">Here is an example of a Threat model created at the last Summit’s Working session on Threat Modeling (on OWASP Juice shop application).</span></div>
<figure style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin: 0px; orphans: 2; widows: 2;"><span style="font-family: Arial, Helvetica, sans-serif;"><img src="https://user-images.githubusercontent.com/656739/37588955-b33a3472-2b5b-11e8-9efb-5cb7cbe24175.png" style="border: 0px; box-sizing: border-box; vertical-align: middle;" width="540" /></span></figure><h3 id="gdpr-pattern-driven-by-threat-model" style="background-color: white; box-sizing: border-box; color: #00549e; font-size: 24px; font-variant-ligatures: normal; line-height: 1.1; margin-bottom: 20px; margin-top: 20px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">GDPR Pattern driven by Threat Model</span></h3>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">Here is an example of what the ‘GDPR Pattern driven by Threat Model’ mapping looks like when it is done (for a service that regularly fetches data from Paypal and feeds it to AWS Redshift).</span></div>
<figure style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin: 0px; orphans: 2; widows: 2;"><span style="font-family: Arial, Helvetica, sans-serif;"><img src="https://user-images.githubusercontent.com/656739/37588963-b8453278-2b5b-11e8-856a-ca7716c1ff8c.png" style="border: 0px; box-sizing: border-box; vertical-align: middle;" width="540" /></span></figure><h3 id="maping-gdpr-appropriate-security-measures" style="background-color: white; box-sizing: border-box; color: #00549e; font-size: 24px; font-variant-ligatures: normal; line-height: 1.1; margin-bottom: 20px; margin-top: 20px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">Maping GDPR Appropriate Security Measures</span></h3>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">To help with the appropriate security controls, we use this table:</span></div>
<figure style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin: 0px; orphans: 2; widows: 2;"><span style="font-family: Arial, Helvetica, sans-serif;"><img src="https://user-images.githubusercontent.com/656739/37588972-c186abd2-2b5b-11e8-8c72-f7420230da32.png" style="border: 0px; box-sizing: border-box; vertical-align: middle;" width="540" /></span></figure><h3 id="owasp-gdpr-patterns" style="background-color: white; box-sizing: border-box; color: #00549e; font-size: 24px; font-variant-ligatures: normal; line-height: 1.1; margin-bottom: 20px; margin-top: 20px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">OWASP GDPR Patterns</span></h3>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">The GDPR patterns is an OWASP Project and all materials created are released under an open source license, allowing for internal and commercial use.</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">All content is hosted at the <a href="https://github.com/OWASP/gdpr-patterns" style="background-color: transparent; box-sizing: border-box; color: #6aae7a; text-decoration: none; transition: all 0.2s ease-out;">https://github.com/OWASP/gdpr-patterns</a> repo</span></div>
<h3 id="owasp-working-sessions" style="background-color: white; box-sizing: border-box; color: #00549e; font-size: 24px; font-variant-ligatures: normal; line-height: 1.1; margin-bottom: 20px; margin-top: 20px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">OWASP Working Sessions</span></h3>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">We passionately believe that the hard problems and challenges that our industry faces can only be solved by working together in a collaborative and open environment.</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">These OWASP Working Sessions are such events, where the community comes together, and works tirelessly on topics that they are passionate about.</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">Here are some photos from the last Owasp Working Sessions (on GDPR), hosted by <a href="https://pbx-group-security.com/" style="background-color: transparent; box-sizing: border-box; color: #6aae7a; text-decoration: none; transition: all 0.2s ease-out;">Photobox Group Security</a> team</span></div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
</div>
<figure style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin: 0px; orphans: 2; widows: 2;"><span style="font-family: Arial, Helvetica, sans-serif;"><img src="https://user-images.githubusercontent.com/656739/37588797-3306e516-2b5b-11e8-888a-ffec9496104f.png" style="border: 0px; box-sizing: border-box; vertical-align: middle;" width="540" /></span></figure><figure style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin: 0px; orphans: 2; widows: 2;"><span style="font-family: Arial, Helvetica, sans-serif;"><img src="https://user-images.githubusercontent.com/656739/37588917-907f5dfe-2b5b-11e8-9a4f-a267bb0b151c.png" style="border: 0px; box-sizing: border-box; vertical-align: middle;" width="540" /></span></figure><div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
</div>
<div style="background-color: white; box-sizing: border-box; color: #555555; font-size: 14px; font-variant-ligatures: normal; margin-bottom: 10px; orphans: 2; widows: 2;">
<span style="font-family: Arial, Helvetica, sans-serif;">Come and join us next <a href="https://www.eventbrite.com/e/owasp-working-session-tickets-42421937156" style="background-color: transparent; box-sizing: border-box; color: #6aae7a; text-decoration: none; transition: all 0.2s ease-out;">Tuesday 20 March 2018</a> for more discussions.</span></div>
Dinis Cruzhttp://www.blogger.com/profile/01508591064643847461noreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-41102753947095690602018-03-05T03:04:00.000+00:002018-03-05T03:04:03.955+00:00PDF of 'Generation Z Developer' book (v0.31)I just pushed an update to the <a href="https://leanpub.com/generation-z">https://leanpub.com/generation-z</a> book I'm currently writing. You can read this version below (via the embedded pdf) or directly at this <a href="https://github.com/DinisCruz/Book_Generation_Z_Developer/releases/tag/v0.31">GitHub release</a><br />
<br />
<b>Change log for this version:</b><br />
<ul>
<li>Added initial section which shows issues from GitHub</li>
<li>New/Improved chapters</li>
<ul>
<li>"The future needs you</li>
<li>"Backup your life"</li>
</ul>
<li>Couple content fixes</li>
<ul>
</ul>
</ul>
<br />
<a name='more'></a>Please provide feedback via twitter (<a href="https://twitter.com/DinisCruz">@DinisCruz</a>) or via the GitHub issues from the <a href="https://github.com/DinisCruz/Book_Generation_Z_Developer/issues">DinisCruz/Book_Generation_Z_Developer</a> repo.<br />
<br />
To receive updates or to get na eReader file (for kindle), please become a reader at <a href="https://leanpub.com/generation-z">https://leanpub.com/generation-z</a> .<br />
<h3>
<br /></h3>
<h3>
Embedded PDF:</h3>
<br />
<br /><iframe height="780" src="https://docs.google.com/viewer?url=https://github.com/DinisCruz/Book_Generation_Z_Developer/releases/download/v0.31/generation-z-v0.31.pdf&embedded=true" style="border: none;" width="600"></iframe>
<br />
<br />
Diff with previous version: <a href="https://github.com/DinisCruz/Book_Generation_Z_Developer/compare/v0.30...v0.31">v0.30...v0.31</a><br />
<br />Dinis Cruzhttp://www.blogger.com/profile/01508591064643847461noreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-7921656978959938602018-02-26T01:56:00.000+00:002018-02-26T01:56:36.748+00:00"Generation Z Developers" - new Leanpub Book<a href="https://leanpub.com/generation-z" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="1216" data-original-width="1376" height="282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg95AO1-YyEhQqQ6LVRuu1h78vcO4nhPxyORWEzLSx73sdumCSaMZ_FoVLBLPmLBz5eQp_LAXUxTJQVBXG4qvyre7vYAHBH7WBJ-ytuxFVHDxo_gZCAnpkXOmwkUeQ35tPVZFkka6uYVXk/s320/Screen+Shot+2018-02-26+at+01.42.26.png" width="320" /></a>In the last couple weeks I been been working on a book called <b><i>"Generation Z Developers"</i></b> which you can now get it <a href="https://leanpub.com/generation-z">for free from Leanpub</a><br />
<br />
As with all my books, the content is released under an creative commons license and hosted on this <a href="https://github.com/DinisCruz/Book_Generation_Z_Developer">GitHub repo</a><br />
<br />
One difference with this book, is that I'm using <a href="https://gohugo.io/">Hugo</a> for the static site generation of the book and the leanpub content generation (and it is helping a lot)<br />
<br />
I'm including below the current introduction to the book which provides a good explanation of why I wrote it.<br />
<br />
Let me know what you think of it, and what other topics or ideas should be included.<br />
<br />
<a href="https://leanpub.com/generation-z">https://leanpub.com/generation-z</a><br />
<br />
<br />
<a name='more'></a><br />
<hr />
<br />
<span style="background-color: white; color: #222222; font-family: "roboto" , sans-serif; font-size: 14.7px;">Hi Generation Z Developer, if you are passionate developer who wants to learn as much as you can about your craft, this is the book for you.</span><br />
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Roboto, sans-serif; font-size: 14.7px; margin-bottom: 1.7rem; margin-top: 1.7rem; padding: 0px;">
I decided to write this book after doing a series of presentations to Gen Z audiences, where I realised a number of key gaps in your generation is understanding of the history behind a number of key technologies that underpin the technological revolution that we are the in middle of.</div>
<div style="background-color: white; box-sizing: border-box; margin-bottom: 1.7rem; margin-top: 1.7rem; padding: 0px;">
<div style="color: #222222; font-family: roboto, sans-serif; font-size: 14.7px;">
Here is the slide that started it all, how many do you recognise?</div>
<div style="color: #222222; font-family: roboto, sans-serif; font-size: 14.7px;">
<br /></div>
<div style="color: #222222; font-family: roboto, sans-serif; font-size: 14.7px;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvCwQvz-6p0DSvYWAexoexk0GtSuFKXZ1Q-Gf9OtuoFzbLgNdPLS1e4Fazi_clBoZd7PHCdsBdCKK1RNPeZ3s5fsowOpAspQVvbwZyJCuwAtDoWabF6IOHLkfWqk6Zi13kBhVpJo62Bgc/s1600/list-of-icons.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="644" data-original-width="1600" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvCwQvz-6p0DSvYWAexoexk0GtSuFKXZ1Q-Gf9OtuoFzbLgNdPLS1e4Fazi_clBoZd7PHCdsBdCKK1RNPeZ3s5fsowOpAspQVvbwZyJCuwAtDoWabF6IOHLkfWqk6Zi13kBhVpJo62Bgc/s640/list-of-icons.png" width="640" /></a></div>
<br /></div>
<div style="color: #222222; font-family: roboto, sans-serif; font-size: 14.7px;">
<span style="font-size: 14.7px;"><br /></span></div>
<span style="color: #222222; font-family: "roboto" , sans-serif;"><span style="font-size: 14.7px;">My presentation started by me asking the audience if they recognised those logos, and then realising that not only they didn’t recognised most of the logos, they didn’t knew the history behind them. More importantly </span></span><span style="box-sizing: border-box; color: #222222; font-family: "roboto" , sans-serif; font-size: 14.7px; margin: 0px; padding: 0px;">why</span><span style="color: #222222; font-family: "roboto" , sans-serif; font-size: 14.7px;"> they where created, and what was the problem (or itch) they </span><span style="color: #222222; font-family: "roboto" , sans-serif;"><span style="font-size: 14.7px;">addressed.</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Roboto, sans-serif; font-size: 14.7px; margin-bottom: 1.7rem; margin-top: 1.7rem; padding: 0px;">
All these icons where ‘catalysts of change’ and it is important to understand the history behind them, why they occurred, and what happened next</div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Roboto, sans-serif; font-size: 14.7px; margin-bottom: 1.7rem; margin-top: 1.7rem; padding: 0px;">
Each one of these icons changed the world of technology, and the paradigms shifts that they created and still impacting our world today.</div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Roboto, sans-serif; font-size: 14.7px; margin-bottom: 1.7rem; margin-top: 1.7rem; padding: 0px;">
For example one of these changes/revolutions was the Creative Commons copyright license, which was one of my <em style="box-sizing: border-box; margin: 0px; padding: 0px;">‘WFT you don’t know what that means’</em> realizations. Creative Commons gives a number of rights to the consumer of creations. This book is release under an ‘Creative Commons Attribution-ShareAlike 4.0’ license, which basically means you are free (as in freedom) to use all the materials and content from this book (only requirements are that you provide some acknoledgement of the source and that you use a similar license). You can even sell books based on content from this book.</div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Roboto, sans-serif; font-size: 14.7px; margin-bottom: 1.7rem; margin-top: 1.7rem; padding: 0px;">
As you will seen thorough the book, what I find interesting, is not that that a particular technology or ideas allowed X to happen. What matters to me are the ways those ideas change how we act, how we think and how we behave.</div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Roboto, sans-serif; font-size: 14.7px; margin-bottom: 1.7rem; margin-top: 1.7rem; padding: 0px;">
We are in the middle of a massive technological and cultural revolution and you need to decide if you want to be a pawn, a player or even a play-maker in this new world. If you don’t understand the past, you are bound to not only repeat past mistakes, but you will not even understand what game is being played.</div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Roboto, sans-serif; font-size: 14.7px; margin-bottom: 1.7rem; margin-top: 1.7rem; padding: 0px;">
Please join me in this interesting trip down memory lane, where I will try to explain how I understand and learned from a multitude number of technologies, ideas and events.</div>
Dinis Cruzhttp://www.blogger.com/profile/01508591064643847461noreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-36746875774563966292017-12-18T00:55:00.000+00:002017-12-18T00:55:04.875+00:00We're hiring at PhotoBox Group Security (5x Senior Security positions)As some of you might have noticed, earlier this year I became the CISO of the PhotoBox Group :)<br />
<br />
Part of the strategy agreed with the Board, is the recruitment of 5x new senior security positions to create the Group Security leadership team.<br />
<br />
If you want to join me in this amazing experience, and execute the vision/ideas that you have read many times on this blog, please visit the <a href="https://pbx-group-security.com/roles/">PhotoBox Group Security</a> website, where you will find details about the following roles:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilOQOWeKhkC57opqHxG4ekZCD46vETgondvOThepxAXZJPEQBHTi09fZM0abbfArANfyAZHVO6Xn1c1ITE-KLuA1W7wniyV1aOGhAiPA4zljlVktBRBvyGG0kF60w_9E7p0xXl7HpnG2vA/s1600/Screen+Shot+2017-12-18+at+00.43.50.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="622" data-original-width="1406" height="282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilOQOWeKhkC57opqHxG4ekZCD46vETgondvOThepxAXZJPEQBHTi09fZM0abbfArANfyAZHVO6Xn1c1ITE-KLuA1W7wniyV1aOGhAiPA4zljlVktBRBvyGG0kF60w_9E7p0xXl7HpnG2vA/s640/Screen+Shot+2017-12-18+at+00.43.50.png" width="640" /></a></div>
<br />
We also have a couple Contract positions avaiable<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcpQ2FsKrUqPuOygAAAY_0eJmh7UofN2XkuWnbZn0xzik4zvf-TkgibRhZx-puVnMYpsUQnKIVxP1rqEoAO2lY9SEcWbyb8haFgpz4YsEgQFukyt8almQJUGeioR_Nfd0NiPnRtsxuViTE/s1600/Screen+Shot+2017-12-18+at+00.44.04.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="292" data-original-width="1372" height="136" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcpQ2FsKrUqPuOygAAAY_0eJmh7UofN2XkuWnbZn0xzik4zvf-TkgibRhZx-puVnMYpsUQnKIVxP1rqEoAO2lY9SEcWbyb8haFgpz4YsEgQFukyt8almQJUGeioR_Nfd0NiPnRtsxuViTE/s640/Screen+Shot+2017-12-18+at+00.44.04.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Big favour!!!! </b> </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
If you know of good candidates for these roles, xplease share the <a href="https://pbx-group-security.com/roles/">PhotoBox Group Security</a> link with them :)</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Finally, we are going to share a lot of what we are doing at PhotoBox Group Security in <a href="https://pbx-group-security.com/blog/">that site's blog</a> (not only how we are approaching the recruitment of these roles, but also how we use JIRA, like I showed in the <a href="https://www.slideshare.net/DinisCruz/creating-a-graph-based-security-organisation-devseccon-keynote-81345667">Creating a Graph Based Security Organisation</a> - DevSecCon keynote), so keep an eye on it</div>
<br />Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-81398175312715049052017-10-03T13:28:00.000+01:002017-10-03T13:42:15.584+01:00 RFP for Security Consulting ServicesHi I was asked to post this RFP, if you are interested DM me on Twitter and I'll put you in touch with the relevant party<br />
<br />
<hr />
<br />
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; padding: 0px;">
<strong>Project brief:</strong></div>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
Company X is performing a number of Security Projects that require specialised security skills and experience.<br />
<br />
<a name='more'></a></div>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
During this RfP process, we will approach the App/InfoSec community to invite responses from Europe-based consultancies interested in engaging with our Group Security team to work in the following areas:</div>
<ul style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin: 10px 0px 0px;">
<li>Map, normalise, and validate known Risks (already in Jira)</li>
<li>Review and validate vulnerabilities discovered in previous security-reviews/pen-tests and map them to Risks</li>
<li>Update existing Diagrams and Threat Models with mapped Risks<ul style="list-style-type: disc; margin: 0px;">
<li>Create info-graphs with information collected</li>
</ul>
</li>
<li>Perform Threat Models on specific applications and features</li>
<li>Review alerts currently generated by existing SIEM and Logging solutions (ideally helping to consolidate some of the views)</li>
<li>Perform 'GDPR implications' mapping for specific Applications' user journeys</li>
<li>Augment current DoS and Performance testing</li>
</ul>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br />
We welcome responses from industry-leading InfoSec and AppSec companies, which have full-stack technical experience of performing these activities.</div>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
Advanced communication, analytic, technical architecture, and application security experience are essential, and must be demonstrated.</div>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
Company X has a mature Project Management workflow and team, which will support this engagement and will provide detailed information about the tasks to be executed. </div>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
We are looking for the talent (i.e., individuals) to perform the work required. </div>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<strong>Proposal should be focused on:</strong></div>
<ul style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin: 10px 0px 0px;">
<li>WHO is available? (i.e. LinkedIn, GitHub, Twitter and Blog)</li>
<li>WHEN are they available?</li>
<li>WHAT is their daily rate? (in GBP)</li>
</ul>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br />
<strong>Project details</strong></div>
<ul style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin: 10px 0px 0px;">
<li><strong>Budget</strong>: £20k for App/InfoSec consultant time</li>
<li>Available timescales: </li>
<ul style="list-style-type: disc; margin: 0px;">
<li>Slot 1: <strong>9 – 19</strong> <strong>October 2017</strong></li>
<li>Slot 2: <strong>17 <strong>– </strong>31</strong> <strong>October 2017</strong></li>
<li>Slot 3: <strong>1 <strong><strong>– 15</strong></strong></strong> <strong>November 2017</strong> </li>
</ul>
<li>At least one consultant will need to be based onsite in London (others can work remotely)</li>
</ul>
<div style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
A quick start is required to meet project timelines.</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-43175459026571472452017-06-23T01:42:00.001+01:002017-06-23T01:42:27.750+01:00Owasp Summit 2017 debrief (v1.0) and 'We are the Crazy ones' VideoHere is the fist pass at mapping the <a href="https://owaspsummit.org/">Owasp Summit 2017</a> outcomes (there is still quite a bit missing, but as you will see, the <a href="https://owaspsummit.org/website/participants.html">Participants</a> created a massive amount of work and deliverables)<br />
<br />
See the <a href="https://owaspsummit.org/Outcomes/">Outcomes</a> pages for the full mapping (and latest developments).<br />
<br />
<a name='more'></a>This presentation also contains the keynote slides and some photos:<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="640" marginheight="0" marginwidth="0" scrolling="no" src="//www.slideshare.net/slideshow/embed_code/key/ENWu5aU9gWq755" style="border-width: 1px; border: 1px solid #ccc; margin-bottom: 5px; max-width: 100%;" width="100%"> </iframe> <br />
<div style="margin-bottom: 5px;">
<strong> <a href="https://www.slideshare.net/owaspsummit/owasp-summit-debrief-v10-jun-2017" target="_blank" title="Owasp summit debrief v1.0 (jun 2017)">Owasp summit debrief v1.0 (jun 2017)</a> </strong> from <strong><a href="https://www.slideshare.net/owaspsummit" target="_blank">owaspsummit</a></strong> </div>
<br />
<br />
<br />
Here is the 'We are the Crazy ones' video played during the Keynote (inspired by Apple's Think Different Ad campaign, using the audio from Steve Job's version)<br />
<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="600" src="https://www.youtube.com/embed/RlyPSY0KS2k" width="100%"></iframe>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-12204260247236318622017-06-20T09:25:00.001+01:002017-06-20T09:25:33.909+01:00(Owasp Summit 2017) Thanks for creating an amazing event, now we need to focus on the Outcomes :)<div dir="ltr">
<i>(email sent to all Summit Participants)</i><br />
<i><br /></i>
Hi Summit Participant, on behalf of the entire Summit organisation team and Owasp, I want to thank you for all the energy and hard-work you put at the Owasp Summit last week.<br />
<div>
<br /></div>
<div>
We received really good feedback, and we hope to see you all there next year for the Owasp Summit 2018, which will happen on 23-27 of April 2018 (same place, same team).</div>
<div>
<br /></div>
<div>
Now that you had a couple days to relax, it is really important that we make sure that we capture the outcomes created during the Summit.</div>
<div>
<br />
<a name='more'></a></div>
<div>
Our technical writers (Ann-Marie and Robert) have started this process, but now we need you (Note that Ann-Marie (CCed) is available to help and can be contacted directly, so if you need help don't hesitate to email her).</div>
<div>
<br /></div>
<div>
The current plan is to:</div>
<div>
<br /></div>
<div>
1) lock the content of the 2017 Working Sessions, Participants and Schedule in pure html pages (if you want to make any final changes, now is the time)</div>
<div>
2) finish the move all outcomes into a separate area (<a href="https://owaspsummit.org/Outcomes/">https://owaspsummit.org/Outcomes/</a>)</div>
<div>
3) fix/improve/finalise the outcome's content</div>
<div>
4) create follow-up plan for active Working Sessions (namely who to share the outcomes with, and how to continue the ideas/work started)</div>
<div>
<br /></div>
<div>
<b>For the Working Sessions that you were involved and attended, can you please take a look at it's page in <a href="https://owaspsummit.org/Outcomes/">https://owaspsummit.org/Outcomes/</a> and ensure that it is ok </b>(if that page doesn't exist, then please create it)</div>
<div>
<br /></div>
<div>
We are going to use the GitHub flow, with outcomes changes submitted via Pull Requests (<a href="https://github.com/OWASP/owasp-summit-2017/pulls">https://github.com/OWASP/owasp-summit-2017/pulls</a>). Note that the technical editors will continue to improve the text/content, with significant changes made via Pull Request (which should be reviewed by the Working Session organisers/participants).</div>
<div>
<br /></div>
<div>
Thanks again <a href="https://www.youtube.com/watch?v=RlyPSY0KS2k">for being the crazy one that believe you can change the world</a> and for making the Summit such an amazing experience.</div>
<div>
<br /></div>
<div>
Dinis, Seba and Francois</div>
<div>
<br /></div>
<div>
Here are two nice photos of the Participants (taken on Friday)</div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBBnyk9u7GTzdKfuKcpBm9NqSHiMuL0-uFP2TQf_1gARjQbcUQ553a_eIQQ_UrsbbgE1mC403xOO5Xj6NJgg5CK6cqhU3koXV8E9MH2pakcxnM1zHmFU1sXMnu9vV_zMPi5uu8no3bcqC-/s1600/image-742022.png"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6433631848370066674" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBBnyk9u7GTzdKfuKcpBm9NqSHiMuL0-uFP2TQf_1gARjQbcUQ553a_eIQQ_UrsbbgE1mC403xOO5Xj6NJgg5CK6cqhU3koXV8E9MH2pakcxnM1zHmFU1sXMnu9vV_zMPi5uu8no3bcqC-/s320/image-742022.png" /></a></div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjixti1ldfidL0zKZnOky8kLJCZumCuYhbT72bn0hQjKBhbM-VbCU6eL2tFvhXQ5QOnhJVsBb0pHGRjT3Rjr7dNO5RT60SEbAGhJjUapkDT-RMxnjERypprFhPOFtru3NxpyJRQkWHZ3ibF/s1600/image-747339.png"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6433631873775209058" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjixti1ldfidL0zKZnOky8kLJCZumCuYhbT72bn0hQjKBhbM-VbCU6eL2tFvhXQ5QOnhJVsBb0pHGRjT3Rjr7dNO5RT60SEbAGhJjUapkDT-RMxnjERypprFhPOFtru3NxpyJRQkWHZ3ibF/s320/image-747339.png" /></a></div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-87689021999125994052017-06-07T08:27:00.000+01:002017-06-07T08:27:01.417+01:005 days to the Owasp Summit, it's time to sort out your personalised Summit schedule!<div dir="ltr">
<i>(email sent to all Summit Participants)</i><br />
<br />
Hi Summit Participant :)<br />
<div>
<br /></div>
<div>
With 5 days to go, and with a new version of the Summit's site that supports a dynamic schedule mapping, it is time for you to take a really good look at the current Working Sessions schedule and make sure that you have at least 4 mapped to you per day.</div>
<div>
<br /></div>
<div>
If you go to <a href="https://owaspsummit.org/pages/schedule/">full schedule</a> page you will see the mapping of the 126 Working Sessions current scheduled to occur (see at the end of <a href="https://owaspsummit.org/website/working-sessions.html">the Tracks page</a> for the list of the 45 Working Sessions that are currently not scheduled).</div>
<div>
<br />
<a name='more'></a></div>
<div>
You can also see this list by <a href="https://owaspsummit.org/pages/schedule/by-track/Mon.html">Track</a> , by <a href="https://owaspsummit.org/pages/schedule/by-room/Mon.html">Room</a> and in every track's page (see pic below for the <a href="https://owaspsummit.org/Working-Sessions/OwaspSAMM/index.html">OwaspSAMM track schedule</a>)</div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYkb6ygf4pI_J_juaMXyEb_y9rj5uoyyD1Mi8DQC0Lyx4i8iRi9XzGZHEQY1k3Bc1yQaNaDT2c-_piTC96-_LVHku2DBQNoZmtX4AXDX0xcqf_XwvuI1OqOs3RtNJ0KGq035NY2qaF_RHf/s1600/image-796614.png"><img alt="" border="0" height="200" id="BLOGGER_PHOTO_ID_6428792948840793986" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYkb6ygf4pI_J_juaMXyEb_y9rj5uoyyD1Mi8DQC0Lyx4i8iRi9XzGZHEQY1k3Bc1yQaNaDT2c-_piTC96-_LVHku2DBQNoZmtX4AXDX0xcqf_XwvuI1OqOs3RtNJ0KGq035NY2qaF_RHf/s640/image-796614.png" width="640" /></a></div>
<div>
<br /></div>
<div>
There are lots of really amazing Working Sessions happening, and some Participants are already struggling to create a realistic schedule :)</div>
<div>
<br /></div>
<div>
What is really useful is that once you map an Working Session (or are invited to one), your personalised schedule will show that mapping (including special alert dialogs for cases when there are no mappings at a particular time slot, or there are multiple mapped Working Sessions occurring at the same time).</div>
<div>
<br /></div>
<div>
For example, here is <a href="https://owaspsummit.org/Participants/ticket-24h-sponsor/Francois-Raynaud.html">Francois</a>' personal schedule which shows a number of empty slots and conflicts:</div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijU3EloUtfbcYdnDFaGyPDsX0ikioUOLvd3TwPHRZu4umMQT8S4HWLRri2ACvD1TghNbj6Uk6se8WNsUcQI3wd9Iv7O3qx77j1Ir2-GDd23Fc8XONoOtth7d6U8dCv8nhM-_KWZj25YB70/s1600/image-703625.png"><img alt="" border="0" height="474" id="BLOGGER_PHOTO_ID_6428792972414690978" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijU3EloUtfbcYdnDFaGyPDsX0ikioUOLvd3TwPHRZu4umMQT8S4HWLRri2ACvD1TghNbj6Uk6se8WNsUcQI3wd9Iv7O3qx77j1Ir2-GDd23Fc8XONoOtth7d6U8dCv8nhM-_KWZj25YB70/s640/image-703625.png" width="640" /></a></div>
<div>
<br /></div>
<div>
<b>Invites</b></div>
<div>
<b><br /></b></div>
<div>
One of the most powerful features of the new schedule is the ability to 'invite' other participants. This is a great way to increase the talent pool available to a Working Session you really care about, and will allow us to make sure that we don't have any major schedule conflicts.</div>
<div>
<br /></div>
<div>
Here is how it works.</div>
<div>
<br /></div>
<div>
On a working session, for example the <a href="https://owaspsummit.org/Working-Sessions/CISO/GDRP-DPO-and-AppSec.html">GDPR and DPO AppSec implications</a> </div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2Hbp6-JoXqPfYAKTtI1_0KqcPlKmztZa1zHDrSLPiJGH8_TsxNR9rnnVArofiHBAo3W-biKObZkYbsytq6PZm7khkVfMA-fxJg2mb2kk9tmJ3iz3MUfTeg4Dr5SiytIOO5N3FoBAaHQrV/s1600/image-708460.png"><img alt="" border="0" height="164" id="BLOGGER_PHOTO_ID_6428792991671564114" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2Hbp6-JoXqPfYAKTtI1_0KqcPlKmztZa1zHDrSLPiJGH8_TsxNR9rnnVArofiHBAo3W-biKObZkYbsytq6PZm7khkVfMA-fxJg2mb2kk9tmJ3iz3MUfTeg4Dr5SiytIOO5N3FoBAaHQrV/s640/image-708460.png" width="640" /></a></div>
<div>
<br /></div>
<div>
There is an <b><i>invited:</i></b> field which can be edited in the Working Session page (in GitHub, or locally)</div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcdPrvNIbluF-Rco_ArHR5Ky84uTusitTtVesNRNbLpe1n1ZErNyxHNIIEmQYSRwcJLR_w_FKDweBsgLgeUWGYjXO0I1L76EjzHmX6IOkntBkQ1pRZWAjyCBcajsqQfoHysHArHvufUn_3/s1600/image-712815.png"><img alt="" border="0" height="234" id="BLOGGER_PHOTO_ID_6428793008687441970" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcdPrvNIbluF-Rco_ArHR5Ky84uTusitTtVesNRNbLpe1n1ZErNyxHNIIEmQYSRwcJLR_w_FKDweBsgLgeUWGYjXO0I1L76EjzHmX6IOkntBkQ1pRZWAjyCBcajsqQfoHysHArHvufUn_3/s640/image-712815.png" width="640" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Once a participant is added to that list (and the Pull Request is merged), that invite will show on the Participant's page:</div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUeYdej4ALPmOzJUPn5PScxlc8i95PPWWPbvNUObnNJFTgUrhkueg2bsJY_ta4-aACJn1VAlGkzE1Gjf2sXrgrSF6YVPySrwsOUGfs8UTVWlPUPXTmxj-TbUJzkC9L6ey9UXVCFwAkCgfp/s1600/image-717154.png"><img alt="" border="0" height="68" id="BLOGGER_PHOTO_ID_6428793031221645666" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUeYdej4ALPmOzJUPn5PScxlc8i95PPWWPbvNUObnNJFTgUrhkueg2bsJY_ta4-aACJn1VAlGkzE1Gjf2sXrgrSF6YVPySrwsOUGfs8UTVWlPUPXTmxj-TbUJzkC9L6ey9UXVCFwAkCgfp/s640/image-717154.png" width="640" /></a></div>
<div>
<br /></div>
<div>
With schedule conflicts easy to spot:</div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq9qlL8_O3REzeyrAr7fPcp5nNIUYuuIRKUsWqUfE22hkoRlooblodskShxtqNz9BD9lS3IRmL7KRvcx7-bz5dNiq2Ds0U3poEJInjT08lgw7EnwGJyfTAKpnOuscoMsCTM1tect9e9X2V/s1600/image-721301.png"><img alt="" border="0" height="96" id="BLOGGER_PHOTO_ID_6428793047073105378" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq9qlL8_O3REzeyrAr7fPcp5nNIUYuuIRKUsWqUfE22hkoRlooblodskShxtqNz9BD9lS3IRmL7KRvcx7-bz5dNiq2Ds0U3poEJInjT08lgw7EnwGJyfTAKpnOuscoMsCTM1tect9e9X2V/s640/image-721301.png" width="640" /></a></div>
<div>
<br /></div>
<div>
The current plan is to have a solid logistic team at the Summit, but their ability to help you, is limited if you haven't mapped the Working Sessions you want to participate in.</div>
<div>
<br /></div>
<div>
Remember that we can still change some of sessions around (to a different day or time), but you need to let us know your preferences and schedule clashes.</div>
<div>
<br /></div>
<div>
Please take the time to create a list of Working Sessions that you really want to go to, and add those mappings to your Participant page (if you need help, don't hesitate to contact us)</div>
<div>
<br /></div>
<div>
Finally, please take a look at the amazing <a href="https://owaspsummit.org/2017/06/07/Summit-Conference-Guide.html">Summit Conference Guide</a> design created by <a href="https://owaspsummit.org/Participants/ticket-24h-sponsor/Lisa-Raynaud.html">Lisa</a> (who also created the main Site's design)</div>
<div>
<br /></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_Q3MC0r-kT-v0WVx4Pf8OJ7nvA42B5A29eX4f7B02wc7K5uz8HsYsMyXU1ND19WT4VvT98_IOQYy6CAL3XePs7iieCRX2IOvxs8PoqBMW0bEVoeTaFJplZ4eSNLPTLFpH1kTSUqgkd0GE/s1600/image-725627.png"><img alt="" border="0" height="452" id="BLOGGER_PHOTO_ID_6428793065672831074" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_Q3MC0r-kT-v0WVx4Pf8OJ7nvA42B5A29eX4f7B02wc7K5uz8HsYsMyXU1ND19WT4VvT98_IOQYy6CAL3XePs7iieCRX2IOvxs8PoqBMW0bEVoeTaFJplZ4eSNLPTLFpH1kTSUqgkd0GE/s640/image-725627.png" width="640" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBlEQzFujeNqs_1MddU8_AUZE7ppKJ7xcAbc7Ksi7hDHbijcRKt-4F1r1aIQJ7v6v6qkT4W71NDRbvTmaa3aBpKgYJ_V8pE79Z3qb8LSThjjHMuAdA0prc0XbpV8eUmwQ_SmbI2s1k_hhi/s1600/image-730381.png"><img alt="" border="0" height="450" id="BLOGGER_PHOTO_ID_6428793085810217986" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBlEQzFujeNqs_1MddU8_AUZE7ppKJ7xcAbc7Ksi7hDHbijcRKt-4F1r1aIQJ7v6v6qkT4W71NDRbvTmaa3aBpKgYJ_V8pE79Z3qb8LSThjjHMuAdA0prc0XbpV8eUmwQ_SmbI2s1k_hhi/s640/image-730381.png" width="640" /></a></div>
<div>
<br /></div>
<div>
Thanks for your help, energy and time</div>
<div>
<br /></div>
<div>
Dinis, Seba and Francois</div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-61661224086462547192017-05-23T01:49:00.003+01:002017-05-23T01:49:56.225+01:00You can still create new Working Sessions and the Owasp Summit Schedule is not final !<div dir="ltr">
<i>(email sent to all Summit participants)<br /></i><br />
Hi <a href="http://owaspsummit.org/">Summit</a> Participant, I had a couple emails about the <a href="http://owaspsummit.org/schedule/summit-schedule.html">Summit schedule</a> which seem to imply that it was the final version, and that changes would be hard to make.<br />
<div>
<br /></div>
<div>
Just to be very clear. <b>The final schedule will most likely only be published a couple days before the Summit</b> (if not the day before). This is by design, and is a key factor in the Summit's success (to give you an idea of how much better we are this time around, at the last Summit (2011), we only had the first draft of the schedule about 4 days before the Summit started)</div>
<div>
<br /></div>
<div>
Our objective with the schedule is maximise participant's time and their need to be part of specific Working Sessions. From a practical point of view, what this means is that we map out first the key players and organisers of a particular Working Session, and then make sure (as much as we can) that there are no conflicts.</div>
<div>
<br />
<a name='more'></a></div>
<div>
There are also very interesting dynamics, where some Working Sessions really should occur before others.</div>
<div>
<br /></div>
<div>
One of the advantages of having the Participants 5 days in the same location, is that we have quite a lot of flexibility on how we create the schedule (and from the participant point of view, what matters is that the Working Session happens and the conflicts are minimal)</div>
<div>
<br /></div>
<div>
The only Working Sessions that are staring to be 'locked' to a particular day (not to a specific time), are the ones where the organisers are only going to be at the Summit for 1 or 2 days (which so far are very few cases). We will try to add a visual clue on the schedule to indicate which sessions are in this situation.</div>
<div>
<br /></div>
<div>
For the other 95% of Sessions, you should consider the current schedule as fluid and in a liquid state :)</div>
<div>
<br /></div>
<div>
This is why it is so important that you <b>register for the Working Sessions you want to be actively involved</b>, since that is the only way we can help you.<br />
<div>
<br /></div>
<div>
Regarding the <b>creation of new Working Sessions</b>, again <b>we are still in full darwinian mode, so please keep creating them </b>(up until the Summit starts). </div>
<div>
<br /></div>
<div>
The 'only' requirements for Working Sessions to be added to the schedule, is for them to have: energy, focus, quality and a solid 'definition of done'. </div>
<div>
<br /></div>
<div>
In the last Summit, some of the best and most relevant Working Session only 'appeared' close to the start date (and some during the Summit).</div>
<div>
<br /></div>
<div>
To give you an idea of the current rate of Working Session creation, here are the 13 created last week:</div>
<div>
<ul>
<li><a href="http://owaspsummit.org/Working-Sessions/CISO/AppSec-Article-5-Collective-Defence-Agreement.html">Article 5 - Collective Defence Agreement</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Education/CTFs.html">CTFs</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Education/Teaching-Attacker-Perspective-to-Developers.html">Teaching Attacker perspective to Developers</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Projects/Proactive-Controls.html">OWASP Proactive Controls</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Applying-Top-10-to-Standards.html">Applying Top 10 to Standards</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/How-is-the-Top-10-Used-in-Real-World.html">How is the Top 10 Used in Real World</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/New-Top-10-Deserialisation-Vulnerabilities.html">New Top 10 - Deserialisation Vulnerabilities</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Recommending-ESAPI-in-Top-10.html">Recommending ESAPI in Top 10</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Synchronize-Multiple-Owasp-Top-10s.html">Synchronize Multiple Owasp Top 10s</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Top-10-merge-with-Proactive-Controls.html">Top 10 merge with Proactive Controls</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Top-10-Selection-Criteria.html">Top 10 Selection Criteria</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/AppSec-Job-Fair.html">AppSec Job Fair</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Playbooks-Common-Format.html">Playbooks Common Format</a></li>
</ul>
</div>
</div>
<div>
I hope you agree with me that there are some VERY interesting topics and ideas in these recently added Working Sessions.</div>
<div>
<br /></div>
<div>
The questions you need to ask yourself is:<b> </b></div>
<div>
<b><br /></b></div>
<div>
<b>Given the amount of talent and knowledge that will be at the Summit, what should they work on?</b> </div>
<div>
<b><br /></b></div>
<div>
<b>What can only be created when you have all that brain power gathered in the same location and focused on working together on a common topic?</b></div>
<div>
<b><br /></b></div>
<div>
If the answer to your question is a topic that is currently not covered in one of the Tracks or Working sessions, then use <a href="https://github.com/OWASP/owasp-summit-2017/blob/master/Working-Sessions/_template/draft-working-session.md">this template</a> and create a new Working Session for your idea. If you need help, please contact one of the <a href="http://owaspsummit.org/Logistics/Summit-Editor.html">Summit Editors</a> (CCed in this email)</div>
<div>
<br /></div>
<div>
Thanks</div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-8755554245976105752017-05-22T00:15:00.001+01:002017-05-22T00:15:15.911+01:00Owasp Summit Working Session 'Definition of Done'<div dir="ltr">
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><i>(email sent to all Summit Participants)</i><br />Hi Summit Participant. As you can see by the <a href="http://owaspsummit.org/schedule/summit-schedule.html">Summit Schedule</a>, one of the nice problems that Participants will have is going to be: <strong>how to select which Working Sessions to attend</strong>.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">The Summit will create a highly focused and energized environment where each Participant is donating it most valuable assets: <strong>Time and Knowledge</strong></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><strong><br /></strong></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">The Working Sessions organizers have the privilege of the Participant's time, which is a massive gift. Their responsibility is to create the most effective and productive environments for them.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"></span></div>
<a name='more'></a><br />
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">In practice this means that we need to be very disciplined on what will happen in the Working Sessions, where we need to ensure that each one will create something tangible and actionable.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Working Sessions are competing for Participant's talent and time (in a darwinian way). Working Session organizers need to create detailed action plans and to-dos lists, that are easy pick up and start contributing (recommendation is to use GitHub Issues and Projects)</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">In the next couple weeks we need <strong>each Working Session to explicitly define what is its 'Definition of Done'</strong> (which will affect the location and duration of that Working Session in the main Summit's schedule).</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Here are some examples of what these outcomes/deliverables could look like:</span></div>
<ul style="color: black;">
<li><span style="font-family: arial, helvetica, sans-serif;">Artefacts (Diagrams)</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;">Documents or Books</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;">Playbooks</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;">Roadmaps (for next meeting)</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;">Wiki pages (namely on <a href="http://owasp.org/">owasp.org</a>)</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;">Code</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;">Statement or Position (signed by the Working Sessions Participants)</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;">Security Review (or a particular application or api)</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;">Lessons Learned</span></li>
</ul>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">All materials must be ready by end of the day (or Working Session), so that we can release them to the world in a consumable format (there will be some logistical support provided to Working Sessions organizers). For reference all materials need to be released under an <a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0</a> or <a href="https://apache.org/licenses/LICENSE-2.0.html">Apache 2.0</a> licenses.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">If you are an Working Session organizer, please <strong>start mapping what is the 'Definition of Done' for your Working Session</strong> (if you are not an organizer, but have ideas of what should happen at a particular Working Session, then become an organizer, and make your ideas real).</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">We will be adding a <em>'Definition of Done'</em> to all Working Sessions. <b>A</b><strong>ny Working Session that doesn't have one, will NOT be added to the main schedule</strong> and benefit from being part of the Summit Participant's individual daily schedule.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">It will be better to have a smaller number of Working Sessions highly focused on a common objective (for 1,3,6,9 hours) than to have large number of Working Sessions made of only <em>'great conversations and debates'</em> (which btw will still happen due to the Summit's 18h per day collaboration environment)</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Given the time restrictions of the talent pool available (couple days in June), the best way to achieve solid results at the Summit, is to work on the Working Sessions topics <strong>before the Summit</strong>. This means <b>NOW</b>!</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Please don't wait for the Summit to start thinking/sharing/working on the Working Sessions you want to be involved in.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Start collaborating now with the Participants already registered, and leave the hard questions or work for the Summit.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">We have a great opportunity to really make the difference in our industry and (more importantly) to make the world a bit safer.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">This is your time to create something special</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Thanks again for giving Owasp and the Security community your most valuable asset: Time and Knowledge</span></div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-36840085449495541362017-05-22T00:13:00.000+01:002017-05-22T00:13:13.422+01:00Owasp Summit 2017 - 20 days to go (summit presentation)<div dir="ltr">
Hi, please see this presentation for a nice overview of where we are with 20 days to go to the <a href="http://owaspsummit.org/">Owasp Summit</a> 2017 in London.<br />
<div>
<br /></div>
<div>
<a href="https://www.slideshare.net/DinisCruz/owasp-summit-2017-24-days-to-go">https://www.slideshare.net/DinisCruz/owasp-summit-2017-24-days-to-go</a></div>
<div>
<br /></div>
<div>
We now have (draft) <a href="http://owaspsummit.org/schedule/summit-schedule.html">schedule</a> and an amazing pool of talent participating <a href="http://owaspsummit.org/website/participants.html">onsite</a> and <a href="http://owaspsummit.org/website/participants-remote.html">remotely</a>.</div>
<div>
<br /></div>
<div>
Please share this slide-deck with your network + blog + tweet, and if you have an Owasp chapter meeting coming up, please present it (it only takes 5 minutes)</div>
<div>
<br /></div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-54288652056145139502017-05-19T02:29:00.002+01:002017-05-19T02:29:43.490+01:00Please help to Promote the Summit<div dir="ltr">
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><i>(Email sent to all Owasp Summit Participants)</i></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Summit Participants, the success of the Summit depends on the amount of talent that we are able bring together.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Although the current <a href="http://owaspsummit.org/website/participants.html">list of Participants</a> is already quite impressive, I'm sure we can do better, and bring even more talent to the Summit.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"></span></div>
<a name='more'></a><br />
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Since you will also be a beneficiary from talent, I would like to ask you (Summit Participant), to reach to your business and social networks, and share with them your views on the Summit (namely why you are going)</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Here are good resources you can use:</span></div>
<ul style="color: black;">
<li><span style="font-family: arial, helvetica, sans-serif;"><a href="https://www.slideshare.net/DinisCruz/owasp-summit-2017-24-days-to-go">Owasp Summit 2017 - 24 days to go</a> - Slide deck I presented recently at Owap London's Chapter meeting</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;"><a href="https://owasp.blogspot.co.uk/">Owasp Summit 2017</a> - From Owasp Blog</span></li>
<li><span style="font-family: arial, helvetica, sans-serif;"><a href="https://twitter.com/owaspsummit">@OwaspSummit</a> twitter feed</span></li>
</ul>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">So please tweet, blog, email or present the Owasp Summit, and help to keep the energy up.</span></div>
<div style="color: black;">
<br /></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Dinis Cruz</span></div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-23590029579114720172017-05-19T02:28:00.000+01:002017-05-19T02:28:02.303+01:00First Summit Schedule and Working Sessions Registration<div dir="ltr">
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><i>(email sent to all Owasp Summit Participants)</i></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><i><br /></i></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Summit Participants, now that we have a first pass at the <a href="http://owaspsummit.org/schedule/summit-schedule.html">Summit Schedule</a>, we really need you to update your <a href="http://owaspsummit.org/website/participants.html">Participant</a> page with the Working Sessions that you want to be involved in.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Here are the individual <a href="http://owaspsummit.org/schedule">Track's schedule</a></span></div>
<div style="color: black;">
<br /></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Here is the consolidated <a href="http://owaspsummit.org/schedule/summit-schedule.html">Summit Schedule</a></span></div>
<div style="color: black;">
<br /></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">What is also really useful, is that after you add those Working Sessions mappings, you will be able to see your personalized schedule on your to your Participant's page.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"></span></div>
<a name='more'></a><br />
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">For example see:</span></div>
<ul style="color: black;">
<li><a href="http://owaspsummit.org/Participants/ticket-24h-sponsor/Francois-Raynaud.html"><span style="font-family: arial, helvetica, sans-serif;">Francois Raynaud</span></a></li>
<li><a href="http://owaspsummit.org/Participants/ticket-24h-sponsor/Sebastien-Deleersnyder.html"><span style="font-family: arial, helvetica, sans-serif;">Sebastien Deleersnyder</span></a></li>
<li><span style="font-family: arial, helvetica, sans-serif;"><a href="http://owaspsummit.org/Participants/remote/Robert-Hurlbut.html">Robert Hurlbut.html</a> (participating remotely)</span></li>
</ul>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">One thing you will notice, is that in some Tracks, there are Working Sessions that are currently NOT on the schedule. For example in <a href="http://owaspsummit.org/schedule/tracks/DevSecOps.html">DevSecOps</a> .</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">If you are <strong>really interested</strong> in one of the Working Sessions currently not on the schedule (for example due to its lack of content or organizer), then please become an organizer of that Working Session, and improve its content.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">You can can also look at the Summit Participant's <a href="http://owaspsummit.org/pages/for-editors/participants/contacts.html">Contacts</a>, and invite who you really want to be at an Working Sessions.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">On average, most Working sessions will last about 1.5h, so for now, the rule-of-thumb is for you to commit to participating (or organizing) a maximum of 4 Working Sessions per day (excluding the Evening Sessions)</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">If you need help, please contact of the Summit Editors (CCed) with your request (btw, it is ok to send your changes and ideas by email, since GitHub can be quite a challenge for new users)</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Due to the number of Working Sessions that will be running at a given time, and the Participant's desires be involved in a number of Working Sessions, it is inevitable that there will be some schedule clashes. We will do the upmost to fix those schedule clashes, BUT we can't do anything, if you have not indicated which Working Sessions you want to be involved in.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">So please <strong>add those mappings and help to decide which Working Sessions will happen at the Summit</strong>.</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;">Thanks</span></div>
<div style="color: black;">
<span style="font-family: arial, helvetica, sans-serif;"><br /></span></div>
<div style="color: black;">
Dinis Cruz</div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-651672815578904832017-05-14T19:17:00.001+01:002017-05-15T11:20:59.686+01:00Security message on recent Ransomware attacks (WannaCry worm)<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr">
<i>(In case it helps, here is an email I sent today to all of PhotoBox Group Technology team)</i><br />
<i><br /></i>
Hi all Tech (TL;DR: high risk of Ransomware, see list of recommendations below) <br />
<br />
As you probably have <a href="http://www.bbc.co.uk/news/technology-39896393" target="_blank">seen in the news</a>, there has been a wide spread Ransomware attack which affected large number of companies worldwide, and is bound to cause <a href="http://www.bbc.co.uk/news/technology-39913630" target="_blank">more damage next week</a>.<span class="m_-3581702534468448267gmail-"></span><br />
<div>
<span class="m_-3581702534468448267gmail-"><br /></span></div>
<div>
<span class="m_-3581702534468448267gmail-">The attack is called Ransomware (a play on Ransom + Software) and has the business model of encrypting all files the affected computer has access to, and then asking for a ransom (i.e. payment) to decrypt the files.</span></div>
<div>
<span class="m_-3581702534468448267gmail-"></span><br />
<a name='more'></a></div>
<div>
What makes this attack dangerous, is that it's also a self-propagating worm. Once it runs on a machine, it will scan the local network and compromise computers not patched with the <a href="https://technet.microsoft.com/en-us/library/security/ms17-010.aspx" target="_blank">MS17-010 - Critical</a> security update released by Microsoft in March (and <a href="https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/" target="_blank">yesterday for XP</a>) . Once in the new infected computer, it will continue scanning (if connected to other networks) and eventually start encrypting all files. See Troy Hunt's post for a really nice<a href="https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware" target="_blank"> technical explanation of this issue</a>.</div>
<div>
<br /></div>
<div>
As far as we can tell, we have not been impacted with this WannaCry attack (although we have add Ransomware incidents in the past). This is more down to luck and maybe the fact that <a href="https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html" target="_blank">this security researcher</a> managed to <a href="http://www.bbc.co.uk/news/technology-39907049)" target="_blank">hit a 'kill switch' by accident</a> (which btw, could have a way to re-enable itself).</div>
<div>
<br /></div>
<div>
It is important to note that this attack is severely limited by the criminal's simple business model (pay $300 per affected computer). This would had been much, much worse, if the attackers corrupted/disclosed the data, and had a much higher ransom price. So when the NHS says that no patient <a href="http://www.bbc.co.uk/news/av/uk-39904278/no-evidence-patient-data-compromised" target="_blank">data has been compromised</a> this is more to do with the limited attackers business model vs the NHS ability to protect that data (i.e. the malicious code had access to patient data, but chose to 'only' encrypt it'). The analogy here is <i>"Imagine that the criminals broke into a bank, had access to all customer records + the money stored in the vault, and the only thing they did, was to change the locks of the font doors and vault"</i>).</div>
<div>
<br /></div>
<div>
If want to read more about Ransomware and their business model, see <a href="https://www.slideshare.net/jeremiahgrossman/ransomware-is-here-fundamentals-everyone-needs-to-know" target="_blank">"Ransomware is Here: Fundamentals Everyone Needs to Know</a>" and <a href="https://www.slideshare.net/jeremiahgrossman/what-the-kidnapping-ransom-economy-teaches-us-about-ransomware-75940725" target="_blank">"What the Kidnapping & Ransom Economy Teaches Us About Ransomware"</a></div>
<div>
<br /></div>
<div>
Note that this kind of attack is also moving to the cloud. See <a href="https://arstechnica.co.uk/security/2017/05/google-docs-phishing-worm/" target="_blank">"Look out for the Google Docs phishing worm"</a> and <a href="https://arstechnica.co.uk/security/2017/05/google-docs-worm-oauth-analysis" target="_blank">"Why the Google Docs worm was so convincing"</a>.</div>
<div>
<span class="m_-3581702534468448267gmail-"><br /></span>
<br />
<div>
<span class="m_-3581702534468448267gmail-">In terms of our ability to detect and mitigate against these type of attacks, we are not in a good shape, and really depend on your help. </span></div>
<div>
<span class="m_-3581702534468448267gmail-"><br /></span></div>
<div>
<span class="m_-3581702534468448267gmail-"><b>Here are some recommendations that we would like you to follow:</b></span></div>
<div>
<span class="m_-3581702534468448267gmail-"><br /></span></div>
<div>
<span class="m_-3581702534468448267gmail-">As a user:</span></div>
<br />
<div>
<ul><span class="m_-3581702534468448267gmail-">
<li>Install latest Security Updates (vs 'install it later tomorrow')</li>
<li>Be careful when clicking on links, and only download apps/executables from known/trusted sources</li>
<li>If you think you have been compromised:</li>
</span><ul>
<li>Communicate to the <a href="mailto:groupsecurity@photobox.com" target="_blank">Group Security Team</a> as soon as possible (#security on slack)</li>
<span class="m_-3581702534468448267gmail-">
<li>unplug device from network and shut it down as soon as possible</li>
</span></ul>
<span class="m_-3581702534468448267gmail-">
<li>Avoid at maximum to plug in non-company laptops/devices to our network (and if you have to, ask local IT support to take a look at that laptop's security)</li>
<li>Double check that your data is backed-up regularly (daily or hourly) so that when you/we are hit with RansomWare (which would encrypt those files), the amount of data lost would be minimal</li>
<li>Reduce the amount of data (and file shares) that you have access to (namely internal or customer's PII (Personally Identifiable Information))</li>
<li>Ask for your laptop/desktop to be rebuilt regularly (helps to understand the <i>'what is not currently backed'</i>)</li>
<li>Use 2FA (two factor-authentication) for your most important accounts</li>
<li>Use a Password Manager</li>
<li>Encrypt sensitive data (when not in use)</li>
</span></ul>
<span class="m_-3581702534468448267gmail-">If you run as an admin (or manage your IT infrastructure):</span></div>
<div>
<ul><span class="m_-3581702534468448267gmail-">
<li>Ensure Security Patches are automatically installed</li>
<li>Enable your Firewall and set it to block incoming connections (apart from some white-listed ports)</li>
<li>Ensure anti-virus are installed and automatically updated</li>
</span>
<li>Don't use old Operating Systems (if we have OSes that we can't patch, there are a couple mitigations we can do, like <a href="https://support.microsoft.com/en-gb/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012" target="_blank">"disabling SMB"</a>)</li>
<span class="m_-3581702534468448267gmail-">
<li>Don't run as admin, ideally creating low privilege accounts to browse the Internet + read emails, or even better, create VMs dedicated for Internet Browsing and email handling</li>
<li>Use git as an backup strategy since it will give you version-control and easy re-install (assuming you push it to GitHub)</li>
<li>Review the current 3rd party VPN connections to our network from 3rd party companies</li>
<li>Help to identify current Risks so that we can proactively find solutions for them (to be involved please see the OwaspSAMM and JIRA Risk mapping activities currently under way)</li>
</span></ul>
<div>
From a detection point of view, at the moment our best bet is the <a href="https://www.darktrace.com/" target="_blank">Dark Trace</a> service that we manage. This is a passive monitoring service which 'should' give us an alert if worms like WannaCry are set lose in our network. In the medium term I would like us to have a more proactive solution in place, where the damage is minimised when (not if) an malicious link was clicked or when (not if) malicious code is running in our network. </div>
</div>
</div>
<span class="m_-3581702534468448267gmail-"></span><br />
<div>
<span class="m_-3581702534468448267gmail-"><br /></span></div>
<div>
<span class="m_-3581702534468448267gmail-">For now we really depend on you to keep our data and our customers magical moments safe.</span></div>
<div>
<span class="m_-3581702534468448267gmail-"><br /></span></div>
<div>
<span class="m_-3581702534468448267gmail-">Finally, to give you an idea on who to talk about any of this issues, here is a brief intro to our current PBX Group Security team:</span></div>
<div>
<ul>
<li><span class="m_-3581702534468448267gmail-">Clare and Dilek are our Risk management and policies rock stars and the ones that proactively are help us to manage our risk</span></li>
<li><span class="m_-3581702534468448267gmail-">Naushad is our resident hacker (on the good/light side of the Force) which helps us to hack ourselves first and is currently helping to setup a SOC (Security Operations Centre) so that we can have a much better view on what is going on, and are able to effectively (and pragmatically) react to events</span></li>
<li><span class="m_-3581702534468448267gmail-">XYZ and Antoine are part of our NIS (Network Information Security) team, and are also very actively (50% of their time) in the setup of the SOC (which will be a service made available to all teams, and will leverage existing investments in log management and visualisation systems)</span></li>
<li><span class="m_-3581702534468448267gmail-">Anders is the one managing all Security Activities and helping to create the FY18 Security strategy (you know him from his previous TechOps role)</span></li>
</ul>
<div>
<span class="m_-3581702534468448267gmail-">Note that we are still quite a bit far off from the team, infrastructure and services that we need to have in place to protect all PBX Group brands and customers (which is why we really need your help in securing our world).</span></div>
</div>
<div>
<span class="m_-3581702534468448267gmail-"><br /></span></div>
<div>
<span class="m_-3581702534468448267gmail-">Don't hesitate to contact any of the team members if you have any questions, concerns or ideas.</span></div>
<div>
<span class="m_-3581702534468448267gmail-"><br /></span></div>
<div>
<span class="m_-3581702534468448267gmail-">Thanks for you help</span></div>
<div>
<span class="m_-3581702534468448267gmail-"><br /></span></div>
<div>
<span class="m_-3581702534468448267gmail-">Dinis Cruz</span></div>
<div>
<span class="m_-3581702534468448267gmail-">CISO PhotoBox Group</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-16127750933918199002017-05-14T12:20:00.002+01:002017-05-14T12:20:52.212+01:00 Owasp Top 10 2017 Track at Owasp Summit 2017<div dir="ltr">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJQURTipT-zrQw1t8cIvl8pqRh6wy5jg0tUfD1cVyqAk44EQ__9n75gL3FT5henV927lC2M6huEUxen9Fl1PCHESNsSiuYzeSsoOsEL4hbWwK2isGUy_E13g6rZdrk6BwcT7g1F0ddEuFT/s1600/Screen+Shot+2017-05-14+at+12.19.06.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJQURTipT-zrQw1t8cIvl8pqRh6wy5jg0tUfD1cVyqAk44EQ__9n75gL3FT5henV927lC2M6huEUxen9Fl1PCHESNsSiuYzeSsoOsEL4hbWwK2isGUy_E13g6rZdrk6BwcT7g1F0ddEuFT/s320/Screen+Shot+2017-05-14+at+12.19.06.png" width="320" /></a>The <a href="http://owaspsummit.org/">Owasp Summit</a> now has a full track dedicated to the <a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017">Owasp Top 10 2017</a> with the following Working Sessions:<br />
<div>
<ul>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Data-behind-OWASP-Top-10-2017.html">Data behind Owasp Top 10 2017</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/A10-Underprotected-APIs.html">A10 - Underprotected APIs</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/A7-Insufficient-Attack-Protection.html">A7 - Insufficient Attack Protection</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/What-Should-be-Added-to-the-Top-10.html">What Should be Added to the Top 10</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Implications-of-Owasp-Top-10-2017.html">Implications of Owasp Top 10 2017</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Is-the-Owasp-Top-Data-Collection-Open.html">Is the Owasp Top 10 Data Collection Open</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Sign-Ceremony-for-Owasp-Top-10-2017.html">Sign Ceremony for Owasp Top 10 2017</a></li>
</ul>
<div>
If you have any comments, or data, or ideas for the Owasp Top 10 2017, please actively participate on these Working Sessions.</div>
</div>
<div>
<br />
<a name='more'></a></div>
<div>
As you can see, the objective is to reach an agreement by the end of the Summit, so if you don't raise your voice and ideas now (with data and documentation to back it up), don't complain later. </div>
<div>
<br /></div>
<div>
<b>Now is the time to act!</b><br />
<br />
If you want to make a difference in what the Owasp Top 10 2017 will look like, the <a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017">Owasp Top 10 2017</a> Track is the place to do it.</div>
<div>
<br /></div>
<div>
And if you are not able to make it to Summit in London (even if just for one day), you can <a href="http://owaspsummit.org/website/participants-remote.html">participate remotely</a>.</div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-26475865959748417472017-05-14T01:28:00.002+01:002017-05-14T01:28:38.753+01:00Security Playbooks Track and request for anonymised data<div dir="ltr">
<div style="color: black; font-family: times; font-size: medium;">
After a conversation with <a href="http://owaspsummit.org/website/participants.html">Ante Gulam</a> about <strong>Security Playbooks</strong>, I had the real-world experience of needing them in multiple occasions this week.</div>
<div style="color: black; font-family: times; font-size: medium;">
<br /></div>
<div style="color: black; font-family: times; font-size: medium;">
Since I was not able to find good resources online that I could easily use, I realised that the Summit presented a great opportunity to create a set of Security Playbooks in standard formats that could be used by the Owasp/Security community.</div>
<div style="color: black; font-family: times; font-size: medium;">
<br /></div>
<div style="color: black; font-family: times; font-size: medium;">
After some research, I created the <a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/">Security Playbooks</a> Track with these Working Sessions:</div>
<ul style="color: black; font-family: times; font-size: medium;">
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Pentest-Playbook.html">AppSec Review and Pentest Playbook</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Security-Playbooks-Diagrams.html">Security Playbooks Diagrams</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Bug-Bounty-Playbook.html">Bug Bounty Playbook</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Create-Jira-Workflows-for-Security-Playbooks.html">Create Jira Workflows for Security Playbooks</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/DoS-Playbook.html">DoS Playbook</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Due-Diligence-Playbook.html">Due Diligence Playbook</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Incident-Response-Playbook.html">Incident Response Playbook</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Media-Handling-Playbook.html">Media Handling Playbook</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Playbooks-vs-Handbooks.html">Playbooks vs Handbooks</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Ransomware-Playbook.html">Ransomware Playbook</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Security-Monitoring-Playbooks.html">Security Monitoring Playbooks</a></li>
</ul>
<div style="color: black; font-family: times; font-size: medium;">
At the moment none of these Working Sessions have an organiser, so for the ones that you are interested in, please become one (or at least register as an <a href="http://owaspsummit.org/website/participants.html">onsite</a> or <a href="http://owaspsummit.org/website/participants-remote.html">remote</a> participant).</div>
<div style="color: black; font-family: times; font-size: medium;">
<br /></div>
<div style="color: black; font-family: times; font-size: medium;">
<strong>If you already have Security Playbooks at your company</strong> (or similar documents/diagrams/workflows) <strong>please submit them in an anonymised format with an OpenSource/CC license</strong> (so that it can be used by the Working Sessions)</div>
<div style="color: black; font-family: times; font-size: medium;">
<br /></div>
<div style="color: black; font-family: times; font-size: medium;">
Remember that significant work and collaboration should occur before the Summit (i.e. between now and the 12th of June). It would be amazing if some of the Working Sessions listed above had its tasks completed before the Summit!</div>
<div style="color: black; font-family: times; font-size: medium;">
<br /></div>
<div style="color: black; font-family: times; font-size: medium;">
For example, we can start working and collaborating asap on the <a href="http://owaspsummit.org/Working-Sessions/Security-Playbooks/Security-Playbooks-Diagrams.html">Security Playbooks Diagrams</a>.</div>
<div style="color: black; font-family: times; font-size: medium;">
<br /></div>
<div style="color: black; font-family: times; font-size: medium;">
Do you have Playbook Diagrams that you can share? (pictures of whiteboard-based diagrams will be a great place to start)</div>
<div style="color: black; font-family: times; font-size: medium;">
<br /></div>
<div style="color: black; font-family: times; font-size: medium;">
Thanks for your help</div>
<div style="color: black; font-family: times; font-size: medium;">
<br /></div>
<div style="color: black; font-family: times; font-size: medium;">
Dinis</div>
</div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-7061568054540301299.post-71900117088558733792017-05-12T21:40:00.002+01:002017-05-12T21:40:46.452+01:0030 days to go for the Owasp Summit 2017<div dir="ltr">
In 30 days (12 June) Owasp will host its <a href="http://owaspsummit.org/">2017 Global Summit</a> in <a href="http://owaspsummit.org/website/venue.html">London</a> where hundreds of <a href="http://owaspsummit.org/website/participants.html">participants</a> will join forces in <a href="http://owaspsummit.org/website/working-sessions.html">Working Sessions</a> focused on solving hard Application and Cyber Security problems.<br />
<br />
This is not a conference with unidirectional presentations. Using the same model as the past two OWASP Summits in Portugal, this 5-day event will be a high-energy experience, during which attendees get the chance to work and collaborate intensively. Every thoroughly prepared working session is geared towards a specific application security challenge and will be focused on actionable outcomes.<br />
<br />
<a name='more'></a><br />
With participants flying from all over the world and from major security/development teams, service/product providers and research organizations, this is the place to be to learn and collaborate with industry peers (and even competitors).<br />
<br />
The event is split over the following tracks, each focusing on a specific set of challenges:<br />
<ul>
<li><a href="http://owaspsummit.org/Working-Sessions/Threat-Model/">Threat Modeling</a> - This is one of the strongest tracks, with most of the core Threat Modeling talent in the world joining forces and collaborating</li>
<li><a href="http://owaspsummit.org/Working-Sessions/OwaspSAMM/">OwaspSAMM</a> - This is another track where we have the main contributors and users of this Owasp project participating at the Summit</li>
<li><a href="http://owaspsummit.org/Working-Sessions/DevSecOps/">DevSecOps</a> - This track has been generating quite a buzz among participants, since it is addressing real pain points and problems that companies face today</li>
<li><a href="http://owaspsummit.org/Working-Sessions/DevSecOps/">Education</a> - Always strong in OWASP, this track ranges from University master degree to how to create the next generation of AppSec professionals</li>
<li><a href="http://owaspsummit.org/Working-Sessions/Mobile-Security/">Mobile Security</a> - Another track where the key Owasp leaders of Mobile-related Owasp projects are participating</li>
<li><a href="http://owaspsummit.org/Working-Sessions/Education/">CISO</a> - This track reaches a wide audience of CISOs and covers a wide range of CISO-related topics</li>
<li><a href="http://owaspsummit.org/Working-Sessions/Research/">Research</a> - This track covers really important and interesting research topics (it's important to look at the future and work on the next generation of Application Security)</li>
<li><a href="http://owaspsummit.org/Working-Sessions/Agile-AppSec/">Agile AppSec</a> - This is a track driven by a couple participants who really care about Agile and want to find better ways to integrate it with AppSec practices</li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/">Security Crowdsourcing</a> - This is a track that is focused on scaling AppSec activities via internal and external crowdsourcing</li>
<li><a href="http://owaspsummit.org/Working-Sessions/Project-Summit/">Owasp Project's Summit</a> - Last but not least, this track has 31x Working Sessions directly related to an Owasp Project (with most having the Project Leader participating)</li>
</ul>
Each track's Working Session will be expected to deliver something tangible and usable by the Owasp community (whitepaper, documentation, play-books, code, action-plans, books, decisions, etc.) and all Participants are expected to participate actively in Working Sessions (as an organizer or contributor).<br />
<br />
Owasp Summit's Schedules are different from normal conferences, since they are focused on maximizing the Participant's time and Working Sessions they want to be actively involved. The current Schedule is under development and will be released in the next weeks.<br />
Here are some of the Working Sessions that will be worked on at the Summit:<br />
<ul>
<li><a href="http://owaspsummit.org/Working-Sessions/Education/AppSec-BSc-Masters-Curriculum-Design.html">Application Security BSc/Masters Curriculum Design</a> , <a href="http://owaspsummit.org/Working-Sessions/Education/Creating-AppSec-Teams.html">Creating AppSec Teams</a></li>
<li><a href="http://owaspsummit.org/2017/05/12/Working-Sessions/Threat-Model/Threat-Modeling-Cheat-Sheet.html">Threat Modeling Cheat Sheet</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Education/Software-Defined-Everything-%28SDx%29.html">Software Defined Everything (SDx)</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Research/Using-ML-and-AI-to-detect-attacks.html">Using ML and AI to detect Attacks</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Agile-AppSec/Agile-Practices-for-Security-Teams.html">Agile Practices for Security Teams</a> , <a href="http://owaspsummit.org/Working-Sessions/Agile-AppSec/Integrating-Security-into-a-Portfolio-Kanban.html">Integrating Security into a Portfolio Kanban</a> , <a href="http://owaspsummit.org/Working-Sessions/Agile-AppSec/Using-Security-Risks-to-Measure-Agile-Practices.html">Using Security Risks to Measure Agile Practices</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Tools/Scaling-Static-Analysis-Reviews-and-Deployments.html">Scaling Static Analysis Reviews and Deployments</a> , <a href="http://owaspsummit.org/Working-Sessions/Tools/NextGen-SecurityScanners.html">NextGen Security Scanners</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/CISO/">GDPR and DPO AppSec implications</a>, <a href="http://owaspsummit.org/Working-Sessions/CISO/">Cyber Insurance</a> , <a href="http://owaspsummit.org/Working-Sessions/CISO/InfoSec-Warranties-and-Guarantees.html">InfoSec Warranties and Guarantees</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Mobile-Security/MSTG.html">Mobile Security Testing Guide (MSTG)</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017">Implications of Owasp Top 10 2017</a>, <a href="http://owaspsummit.org/Working-Sessions/Owasp-Top-10-2017/Data-behind-OWASP-Top-10-2017.html">Data behind Owasp Top 10 2017</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Project-Summit/Juice-Shop.html">Juice Shop</a> , <a href="http://owaspsummit.org/Working-Sessions/Project-Summit/NodeGoat.html">NodeGoat</a> , <a href="http://owaspsummit.org/Working-Sessions/Project-Summit/Testing-Guide-v5.html">Testing Guide v5</a> , <a href="http://owaspsummit.org/Working-Sessions/CISO/Application-Security-Guide-for-CISO.html">Application Security Guide for CISO</a> , <a href="http://owaspsummit.org/Working-Sessions/Project-Summit/Risk-Rating-Management.html">OWASP Risk Rating Management Project</a></li>
<li><a href="http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/Crowdsourcing-Security-Knowledge.html">Crowdsourcing Security Knowledge</a> , <a href="http://owaspsummit.org/Working-Sessions/Security-Crowdsourcing/Responsible-disclosure.html">Responsible Disclosure</a></li>
</ul>
In order to attract as much talent as possible to the Summit, the <a href="http://owaspsummit.org/website/buy-ticket.html">Summit Tickets</a> were kept at a low price. A 5x 8h daily ticket costs £400 (i.e. without accommodation) and a 5x 24h daily ticket costs £1,200 (i.e. with 4-night accommodation), with a 10% discount (for 5 to 9 tickets) and a 20% discount (for 10+ tickets). 1x daily 8h tickets are also available at £100 and 24h tickets at £300.<br />
<br />
A key factor of the Owasp Summit's high level productivity and collaboration is the Lodge/Villa accommodation model, where participants will stay, and be literally involved in AppSec/Security conversations and debates from morning till dusk (a number of daily and evening Working Sessions will occur in the Lodges)<br />
<br />
Some companies are bringing larger teams to the Summit (with a dedicated Lodge/Villa) where they can double-up as team-building, strategic planning and offsite events.<br />
<br />
The Owasp Summit is going to be the largest concentration of AppSec and Security talent focused on solving problems in 2017.<br />
<br />
The question is: <strong>Will you be there?</strong><br />
<br />
Dinis, Seba and Francois</div>
Unknownnoreply@blogger.com