Presentation is loading. Please wait.

Presentation is loading. Please wait.

OWASP Cambridge 2 nd December 2014. Agenda Networking, food and refreshments Welcome Colin Watson Global Application Security Survey & Benchmarking John.

Published byMarylou Stevens Modified over 8 years ago

Similar presentations

Presentation on theme: "OWASP Cambridge 2 nd December 2014. Agenda Networking, food and refreshments Welcome Colin Watson Global Application Security Survey & Benchmarking John."— Presentation transcript:

1 OWASP Cambridge 2 nd December 2014

2 Agenda Networking, food and refreshments Welcome Colin Watson Global Application Security Survey & Benchmarking John Smith Anatomy of a Data Breach Joe Pelletier OWASP Roundup Colin Watson Networking

3 OWASP Roundup Past conferences Project updates AppSec EU 2015 Supporters Close

4 Past AppSec Conferences AppSec EU 2014 23-26 June, Cambridge UK https://2014.appsec.eu/ https://www.youtube.com/playlist?list=PLpr-xdpM8wG_KHsxepT9o6trkqDELhr3_ AppSec USA 2014 16-19 September, Denver USA http://2014.appsecusa.org/2014/ http://2014.appsecusa.org/2014/about/live-streaming/ https://www.youtube.com/playlist?list=PLpr-xdpM8wG8jz9QpzQeLeB0914Ysq-Cl

5 Testing Guide Version 4 17 th September 2014 https://www.owasp.org/index.php/OWASP_Te sting_Project

6 Proactive Controls Version 1 10 th March 2014 https://www.owasp.org/index.php/OWASP_Pr oactive_Controls

7 AppSensor Website 11 th September 2014 http://www.appsensor.org/ Reference implementation 13 th September 2014 v2.0.0 beta https://github.com/jtmelton/appsensor/release s/tag/v2.0.0-beta

8 Dependency Checker Version 1.2.6 17 th November 2014 http://jeremylong.github.io/DependencyChec k/

9 Web Goat Version 6.0 12 th September 2014 http://webgoat.github.io/

10 Cyber Security Week OWASP London Cyber Security Week Workshops, talks and hackathon Startup focus Free to all Held at Google and UCL 26-30 January 2015

11 AppSec EU 2015 Envisioned program 4 applied talk tracks: Builder, Breaker, Defender, CISO 1 research track 19-22 May 2015 Amsterdam RAI The Netherlands

12 London Chapter Supporters

13 Thank You Speakers John Smith Joe Pelletier Chapter Leaders Justin Clarke Tobias Gondrom Hosts for this evening Skype Attendees

14 OWASP Volunteers Project leaders Project contributors Chapter leaders Members Corporate supporters Individual members Other supporters

15 Corporate Sponsors

16 Something Different Top Ten Risks 1.Injection 2.Broken Authentication and Session Management 3.Cross-Site Scripting (XSS) 4.Insecure Direct Object References 5.Security Misconfiguration 6.Sensitive Data Exposure 7.Missing Function Level Access Control 8.Cross-Site Request Forgery (CSRF) 9.Using Components with Known Vulnerabilities 10.Unvalidated Redirects and Forwards Top Ten Proactive Controls 1.Parameterize Queries 2.Encode Data 3.Validate All Inputs 4.Implement Appropriate Access Controls 5.Establish Identity and Authentication Controls 6.Protect Data and Privacy 7.Implement Logging, Error Handling and Intrusion Detection 8.Leverage Security Features of Frameworks and Security Libraries 9.Include Security-Specific Requirements 10.Design and Architect Security In

17 Another Game

18 Snakes and Ladders

19 Mobile Apps Too

20 Print Your Own Adobe PDF A2 print quality Adobe Illustrator Source Web Applications DE, EN, ES, FR, JA, ZH Mobile Apps EN, JA

21 Staying in Touch Chapter page https://www.owasp.org/index.php/London Mailing list http://lists.owasp.org/mailman/listinfo/owasp-london TwitterFacebook http://twitter.com/owasplondonhttps://www.facebook.com/OWASPLondon Elsewhere in the UK Birmingham, Bristol, Cambridge, East Midlands, Leeds, Manchester, Newcastle, Royal Holloway, Scotland, South Wales, Suffolk

22 The Melton Mowbray 18 Holborn

Download ppt "OWASP Cambridge 2 nd December 2014. Agenda Networking, food and refreshments Welcome Colin Watson Global Application Security Survey & Benchmarking John."

Similar presentations

Don’t Teach Developers Security Caleb Sima Armorize Technologies.

Don’t Teach Developers Security Caleb Sima Armorize Technologies.
OWASP Web Vulnerabilities and Auditing

OWASP Web Vulnerabilities and Auditing
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
A Demo of and Preventing XSS in.NET Applications.

A Demo of and Preventing XSS in.NET Applications.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Solving Real-World Problems with an Enterprise Security API (ESAPI) Chris Schmidt ESAPI Project Manager ESAPI4JS Project Owner Application Security Engineer.

Solving Real-World Problems with an Enterprise Security API (ESAPI) Chris Schmidt ESAPI Project Manager ESAPI4JS Project Owner Application Security Engineer.
BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN121051 Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.
Glass Box Testing: Thinking Inside the Box Omri Weisman Manager, Security Research Group IBM Rational.

Glass Box Testing: Thinking Inside the Box Omri Weisman Manager, Security Research Group IBM Rational.
2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs Marco Morana, Member of OWASP London, Project Lead of the OWASP, CISO Guide Tobias Gondrom,

2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs Marco Morana, Member of OWASP London, Project Lead of the OWASP, CISO Guide Tobias Gondrom,
OWASP London 18 th September 2014. Agenda Networking, food and refreshments Welcome Colin Watson Global Application Security Survey & Benchmarking John.

OWASP London 18 th September Agenda Networking, food and refreshments Welcome Colin Watson Global Application Security Survey & Benchmarking John.
Workshop 3 Web Application Security Li Weichao March 14 2014.

Workshop 3 Web Application Security Li Weichao March
“The cost of cybercrime is greater than the combined effect on the global economy of trafficking in marijuana, heroin and cocaine”|

“The cost of cybercrime is greater than the combined effect on the global economy of trafficking in marijuana, heroin and cocaine”|
OWASP Zed Attack Proxy Project Lead

OWASP Zed Attack Proxy Project Lead
The OWASP Way Understanding the OWASP Vision and the Top Ten.

The OWASP Way Understanding the OWASP Vision and the Top Ten.
Copyright 2008 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2008 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security testing of study information system Security team: Matis Alliksoo Alo Konno Urmo Lihten Taavi Podzuks Sander Saarm.

Security testing of study information system Security team: Matis Alliksoo Alo Konno Urmo Lihten Taavi Podzuks Sander Saarm.
Ryan Dewhurst - 20th March 2012 Web Application (PHP) Security.

Ryan Dewhurst - 20th March 2012 Web Application (PHP) Security.
Copyright © 2008 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Similar presentations

Ads by Google