Presentation is loading. Please wait.

Presentation is loading. Please wait.

OWASP Backend Security Project

Published byΑφροδίσια Αρβανίτης Modified over 6 years ago

Similar presentations

Presentation on theme: "OWASP Backend Security Project"— Presentation transcript:

1 OWASP Backend Security Project
Carlo Pelliccioni Backend Security Project leader

2 Who am I OWASP Italy active member
OWASP Testing Guide v2.0 contributor OWASP Backend Security Project leader Penetration Symantec Web Application Security trainer

3 Overview

4 Overview OWASP Backend Security Project is an OWASP project entirely dedicated to the core of the Web Applications. Several contributors (developers, system integrators and security testers) have contributed to achieve this important aim consisting in a beta quality guide composed by three sections oriented to the security field: Development, Hardening and Testing.

5 Objectives (1/2) The aim of this OWASP project is to create a new guide that could allow developers, administrators and testers to comprehend any parts of the security process about back-end components that directly communicate with the web applications as well as databases, ldaps, etc.. In this version (v1.0 beta) we were focalized to create new topics and collect the information on the OWASP wiki to reach the objectives defined during the first phase of the Summer of Code 2008.

6 Objectives (2/2) Overview Create a section with an introduction about the project (high-level description) explaining the main goals. Development Include the writings already existent in OWASP wiki concerning PHP,JAVA and ASP.NET and extend the projects' sections with new contents. Hardening Create new guidelines about the dbms hardening Testing Include the writings already existent in OWASP wiki about security testing. Create new articles about security testing.

7 Status and Future Steps
Beta Quality v1.0 (Summer of Code 2008) Security development (new articles) Java – PHP – .NET Security hardening (only DBMS in this version / new articles) Oracle – SQL Server – DB2 – MySQL – PostgreSQL Security testing (several articles from Testing Guide v3.0 / new articles) DBMS Fingerprinting – Oracle – MySQL – PostgreSQL – LDAP Release Quality v2.0 (Winter of Code 2009?) Improve the existent sections. Add new topics... ...some ideas? 

8 Closing Contributors: Reviewers: Daniele Bellucci Esteban Ribičić
Erik Sonnleitner Francesco Perna Giuseppe Gottardi Guido Landi Guido Pederzini Maurizio Agazzini Massimo Biagiotti Pasquale de Rinaldis Reviewers: Esteban Ribičić Josh Sweeney

Download ppt "OWASP Backend Security Project"

Similar presentations

EIONET Training Beginners Zope Course Miruna Bădescu Finsiel Romania Copenhagen, 27 October 2003.

EIONET Training Beginners Zope Course Miruna Bădescu Finsiel Romania Copenhagen, 27 October 2003.
Natural Business Services for Construct Users Mark Barnard R&D Manager – Natural Business Services.

Natural Business Services for Construct Users Mark Barnard R&D Manager – Natural Business Services.
Copyright © 2005 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
E m p o w e r i n g i n n o v a t i o n s. Ocean Technosys is founded with a goal to provide the highest level of professional services thru our expertise.

E m p o w e r i n g i n n o v a t i o n s. Ocean Technosys is founded with a goal to provide the highest level of professional services thru our expertise.
1 The IIPC Web Curator Tool: Steve Knight The National Library of New Zealand Philip Beresford and Arun Persad The British Library An Open Source Solution.

1 The IIPC Web Curator Tool: Steve Knight The National Library of New Zealand Philip Beresford and Arun Persad The British Library An Open Source Solution.
The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT

The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
Lecture 1 Intro Databases and Information Systems DT210 S McKeever 1.

Lecture 1 Intro Databases and Information Systems DT210 S McKeever 1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Presenter: RED DEVILIC Sponsored by SQLViet.com SQL SERVER CONFERENCE HCMC 2013 DATABASE TASKS OVERVIEW.

Presenter: RED DEVILIC Sponsored by SQLViet.com SQL SERVER CONFERENCE HCMC 2013 DATABASE TASKS OVERVIEW.
Content Management Systems Equals Distributed Web Site Maintenance Robert Gulick, EdD DBA / Technology Trainer Carmi Gulick.

Content Management Systems Equals Distributed Web Site Maintenance Robert Gulick, EdD DBA / Technology Trainer Carmi Gulick.
Introduction: Drupal is a free and open-source content management system (CMS). A content management system(CMS) is a computer program that allows publishing,

Introduction: Drupal is a free and open-source content management system (CMS). A content management system(CMS) is a computer program that allows publishing,
The Archivists’ Toolkit Lee Mandell Kelcy Shepherd Brad Westbrook MCN Presentation Nov. 3, 2005.

The Archivists’ Toolkit Lee Mandell Kelcy Shepherd Brad Westbrook MCN Presentation Nov. 3, 2005.
What’s Next? MIS 314 Professor Sandvig. Outline  What’s Next? ISC tracks ISC tracks E-commerce developer track E-commerce developer track MIS 324 - Intermediate.

What’s Next? MIS 314 Professor Sandvig. Outline  What’s Next? ISC tracks ISC tracks E-commerce developer track E-commerce developer track MIS Intermediate.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Company Logo Add Your Company Slogan Web Service Architecture (JAVA Web Service) Using Netbeans NetDesign Version 22/10/2011 By Pornpan P.

Company Logo Add Your Company Slogan Web Service Architecture (JAVA Web Service) Using Netbeans NetDesign Version 22/10/2011 By Pornpan P.
Archivists' Toolkit - CRADLE Presentation, 10 Feb. 20061 The Archivists’ Toolkit CRADLE Presentation 10 Feb. 2006.

Archivists' Toolkit - CRADLE Presentation, 10 Feb The Archivists’ Toolkit CRADLE Presentation 10 Feb
Archivists' Toolkit - CDL Presentation, October 17, 2005 The Archivists’ Toolkit Lee Mandell Brad Westbrook.

Archivists' Toolkit - CDL Presentation, October 17, 2005 The Archivists’ Toolkit Lee Mandell Brad Westbrook.
Introduction to CS520/CS596_026 Lecture Two Gordon Tian 408-668-5680 Fall 2015.

Introduction to CS520/CS596_026 Lecture Two Gordon Tian Fall 2015.
Title of Presentation Name Date 2011 Presentation Template.

Title of Presentation Name Date 2011 Presentation Template.

Similar presentations

Ads by Google