Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2007 - The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP AppSec India Aug 2008.

Published byBarrie Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2007 - The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP AppSec India Aug 2008."— Presentation transcript:

1 Copyright © 2007 - The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP AppSec India Aug 2008 http://www.owasp.org About OWASP The story so far and beyond. Part 1 Jason Li & Dinis Cruz (remotely) Jason.li@owasp.orgJason.li@owasp.org, dinis.cruz@owasp.org dinis.cruz@owasp.org August 16, 2008

2 OWASP Agenda  OWASP’s World  OWASP’s Seasons of Code  Governance  Membership  Next Conferences  Participate

3 OWASP’s World

4 OWASP

5 http://www.owasp.org

6 OWASP 6 OWASP – Open Web Application Security Project  Open source non-profit charitable foundation dedicated to enabling organizations so they can develop, maintain, and acquire software they can trust  Making Security Visible, through…  Documentation  Top Ten, Dev. Guide, Design Guide, Testing Guide, …  Tools  WebGoat, WebScarab, Site Generator, Report Generator, ESAPI, CSRF Guard, CSRF Tester, Stinger, Pantera, …  Working Groups  Browser Security, Industry Sectors, Access Control (XACML), Education, Mobile Phone Security, Preventive Security, OWASP SDL, OWASP Governance, RIA  Security Community and Awareness  Local Chapters, Conferences, Tutorials, Mailing Lists

7 OWASP What Is Unique about OWASP?  Everything we do is free and open…  OWASP Principles  All OWASP products are free and open  Application security knowledge should be freely available  OWASP encourages awareness, discussion, and best practices  Making security visible is key to changing the software market  OWASP does not recommend any commercial products or services  OWASP will not discuss/disclose 0-day exploits

8 OWASP OWASP Main Site Traffic 8 Worldwide UsersMost New Visitors /wk

9 OWASP OWASP Worldwide Community 9

10 OWASP OWASP Conferences 10

11 OWASP OWASP Books (http://stores.lulu.com/owasp)

12 OWASP OWASP KnowledgeBase 3,913 total articles 427 presentations 200 updates per day 179 mailing lists 180 blogs monitored 31 doc projects 19 deface attempts 12 grants

13 OWASP OWASP Body of Knowledge Core Application Security Knowledge Base Acquiring and Building Secure Applications Verifying Application Security Managing Application Security Application Security Tools AppSec Education and CBT Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures OWASP Foundation 501c3 OWASP Community Platform (wiki, forums, mailing lists) Projects Chapters AppSec Conferences Guide to Building Secure Web Applications and Web Services Guide to Application Security Testing and Guide to Application Security Code Review Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security Guidance and Tools for Measuring and Managing Application Security Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax)

14 OWASP OWASP Tools and Technology 14

15 OWASP’s Seasons Of Code

16 OWASP OWASP’s grant / sponsorship model  100% of OWASP membership fees are used to sponsor innovative research projects.  So far 3 “season of code” sponsored by OWASP.  OWASP Autumn Of Code 2006 $20,000 budget OWASP Autumn Of Code 2006  OWASP Spring Of Code 2007 $117,500 budget OWASP Spring Of Code 2007  OWASP Summer of Code 2008 $126,000 budget OWASP Summer of Code 2008

17 OWASP SpoC 007 - OWASP Spring of Code 2007  26 projects sponsored @ $125,000 USD  15 projects made strong to amazing deliveries  OWASP Education Project (PPTs for community use)  Code Review Guide  OWASP Top 10 - Ruby on Rails version  Attacks refresh (Wiki data consolidation)  OWASP Evaluation and Certification criteria  OWASP Scholastic Project (using OWASP at academia)  SpoC project management (we now know how to do it :) )  5 projects are in the final stages  6 projects were canceled  Final amount sponsored: $103,500 USD 17

18 OWASP OWASP Summer of Code 2008  31 grants to promising application security researchers as part of the OWASP Summer of Code 2008.OWASP Summer of Code 2008 18

19 OWASP Selected SoC projects (cont)

20 OWASP OWASP SoC 2008 – AppSec Innovation  AppSensor  Teachable Static Analysis Workbench  XML/WS Testing Tool  AntiSamy.NET  Positive Security Project  JSP TagLib Tester  Online Code Signing Service  Access Control Rules Tester 20

Download ppt "Copyright © 2007 - The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP AppSec India Aug 2008."

Similar presentations

Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
OpenSAMM Software Assurance Maturity Model Seba Deleersnyder SAMM project co-leaders Pravir Chandra AppSec USA 2014 Project.

OpenSAMM Software Assurance Maturity Model Seba Deleersnyder SAMM project co-leaders Pravir Chandra AppSec USA 2014 Project.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © 2009 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2008 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT

The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
Copyright © 2009 - The OWASP Foundation This work is available under the Creative Commons SA 3.0 license The OWASP Foundation OWASP

Copyright © The OWASP Foundation This work is available under the Creative Commons SA 3.0 license The OWASP Foundation OWASP
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.
The OWASP Foundation Setting up a Secure Development Life Cycle with OWASP Seba Deleersnyder OWASP Foundation Board.

The OWASP Foundation Setting up a Secure Development Life Cycle with OWASP Seba Deleersnyder OWASP Foundation Board.
Copyright © 2010 - The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP BeNeLux 2010

Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP BeNeLux 2010
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The OWASP Foundation AppSecEU11 Where we are.. Where we are going Tom Brennan, Eoin Keary, Seba Deleersnyder, Dave Wichers, Jeff Williams,

The OWASP Foundation AppSecEU11 Where we are.. Where we are going Tom Brennan, Eoin Keary, Seba Deleersnyder, Dave Wichers, Jeff Williams,
Copyright 2008 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2008 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
“Security is a process, not a product” -- Bruce Schneier.

“Security is a process, not a product” -- Bruce Schneier.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Similar presentations

Ads by Google