Dit is het weblog van Ferdinand Vroom. http://www.ferdinandvroom.nl

Lotusphere 2010 abstract

| woensdag, september 30, 2009
Ik heb vandaag een absract ingediend voor de Lotusphere 2010.
Ben benieuwd of mijn sessie op de agenda wordt gezet.
Doordat het aantal woorden dat gebruikt mocht worden, beperkt was, heb ik niet helemaal kunnen beschrijven wat ik wilde. Ik zag ook achteraf dat mijn opmerking over web 2.0 en enterprise 2.0 na het verwijderen van twee zinnen een beetje verband met de rest van het abstract mist...

Hieronder het abstract:

Session abstract/description

This BoF focusses on web application security.

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.

Web 2.0 and Enterprise 2.0 applications introduce a whole new palette of web application vulnerabilities.

Awareness is the first step into secure coding. Secure Software Development Lifecycle Management, Penetration testing and code reviewing will asure project succeses. We will discuss all these topics after a short introduction of the OWASP project.

Please outline why it is important that this session be included on this year’s Lotusphere agenda

This BoF should be included on this year's Lotusphere agenda because web application security is an important subject and somewhat underexposed on most every Lotusphere episode.

It's a general problem. Security is mostly a closing entry to every software development project. Developers are urged to code functional features first. When theres time left, other non- functional requirements get some attention.

Since security is not an integral part of the development lifecycle, security is not implemented and gets fixed when a user finds a security bug or even worse when an application gets hacked.

The Open Web Application Security Project (OWASP) is a worldwide free and open community

focused on improving the security of application software. It's projects and tools are highly valuable to every Lotus/ IBM software based project and infrastructure.

The guide is an exellent developers guide to secure coding. The Top Ten is a list of the ten most common and exploited vulnerabilities. This list is mainly used as an awareness tool for management, but also as a baseline for security tests. Tools like WebScarab and WebGoat help Java developers to analyse their code and learn from common coding mistakes.

This BoF will start with a short introduction of OWASP and some of it's projects. Then a general discussion about web application security, secure development lifecycles and testing is facilitated.
The OWASP life cd is handed out to every attendee.