Wednesday, 2 February 2011

Register your interest in participating in the O2 Platform Working Session at the OWASP Summit

O2 users , please participate remotely on the O2 Working Session that will happen at the Summit. The time-slot and location of this session will depend on how many people are registered (both online and remotely) so if you are going to the Summit or can participate remotely, please register now!

If you are going to be at the Summit, you can add your name here: http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session063 (see 'Working Session Participants' section at the bottom)

If you are going to participate remotely, you can register here : https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ (make sure you select the O2 Platform Working Session :) )


Description:
This session will focus on exchanging experiences between O2 users and on how to make O2 easier to use and consume. There are a lot of areas that O2 can add value during security reviews, the problem most O2 users have is 'I know that it can be done, but how?'. Another key topic for discussion and debate is the 'No more security reports as PDFs concept' (where after a security engagement, clients should be given Unit Tests, not PDFs)

Objectives:
    1. Define 'What is O2'
    2. Map out easy ways to start using O2
    3. Document success stories and 'real world' O2 usage
Deliverables:
    1. Simple user’s guide that shows how to install, configure, and use O2 to do a few simple common things
    2. Detailed workflows for the more complex features
    3. Roadmap for the next version of O2
Fell free to edit the WIKI and add your ideas (if you have an O2 feature wish-list, now is a good time to document it).

Thanks and see you at this session...

1 comment:

Andrew Petukhov said...

Recently Rohit Sethi has published a post entitled "Domain-Driven Security".
Here's a link to it: http://labs.securitycompass.com/index.php/2011/01/21/domain-driven-security/

After reading this blog post it came to me that O2 platform could benefit here.
Here's the logic.

1. It's natural to disseminate knowledge about domain-specific vuln in domain-specific language (DSL);
2. There's already a platform O2, which is designed to "Automate
Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge."
3. DSL to O2 translator might be a win here!

Would be nice of you discuss this idea on the working session.

Btw, I registered to this session.