1 copyright © the owasp foundation permission is granted to copy, distribute and/or modify this...
TRANSCRIPT
1
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
2010 Update
<insert name>Volunteer, Global Board MemberOWASP [email protected]
2010
1
2OWASP
What is OWASP?
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit
worldwide charitable organization focused on improving the security of
application software. Our mission is to make application securityvisible, so that
people and organizations can make informed decisions about true application
security risks. Everyone is free to participate in OWASP and all of our materials
are available under a free and open software license.
3OWASP
What is OWASP? <local language>
El proyecto abierto de seguridad en aplicaciones Web (OWASP por sus siglas en inglés) es una comunidad libre y abierta enfocada en mejorar la seguridad de los programas aplicativos. Nuestra misión es hacer la seguridad en aplicaciones “visible”, de manera que las personas y organizaciones puedan tomar decisiones informadas sobre los riesgos de seguridad en aplicaciones. Todos pueden participar en OWASP y todos nuestros materiales están disponibles bajo una licencia de software libre y abierto. La fundación OWASP es una organización caritativa sin ánimo de lucro 501(c)3 que asegura viabilidad continua y el apoyo a nuestro trabajo. Visite el sitio de OWASP en línea en http://www.owasp.org.
4OWASP
What we have so far...
■ PROTECT - These are tools and documents that can be used to guard against
security-related design and implementation flaws.
■ DETECT - These are tools and documents that can be used to find security-
related design and implementation flaws.
■ LIFE CYCLE - These are tools and documents that can be used to add security-
related activities into the Software Development Life Cycle (SDLC).
5OWASP
Useful Resources?
Legal Contract Guide Developer Guides Top 10 Lists WebScarab Code Review Guide (WhiteBox) Testing Guide (Blackbox) Antisammy RFP Critera Spending Project +100 More!!
6OWASP
#FAIL
7OWASP
For years, we have watched as the software market fails to produce secure applications.
The sheer size and complexity of our software infrastructure are staggering and present novel security challenges every day.
The software market and security experts still struggle to
eliminate even simple well-understood problems in the code or
with mitigation controls.
DAILY HEADLINES
8OWASP
Why doesn’t the software market produce secure software?
Hacking your way secure?
Education
Culture Change
Brakes on CAR
9OWASP
Why is OWASP the right approach
“The OWASP mission is to make application security visible. Creating
transparency goes directly to the heart of what is wrong with the software
market and has the potential to actually change the game.”
“In many ways, we’re like public radio. This allows us to reach a very broad
audience and it makes it possible for us to avoid difficult commercial
relationships that influence our activities. This freedom from commercial
pressures allows us to provide unbiased, practical, cost-effective
information about application security”
10
OWASP
What is OWASP doing?
In November 2009, OWASP Leaders from around the world got together to discuss our progress and set our priorities for 2010. Each of our Global Committees reviewed their accomplishments and we discussed OWASP’s agenda for the future. We just established these committees in 2008 and they are already making huge progress establishing the foundation needed to achieve OWASP’s mission.
In this organization are some of the greatest minds in application security, software development and global industry.
I’d like to encourage all of you to figure out something you can do to change the culture in your team, company, or industry.
+5
Attend local meeting and bring a associate.
Pick (1) OWASP Project - review it, comment on it, improve it. (individual/chapter)
11
OWASP
12
OWASP
OWASP By the Numbers..
Founded in 2001’ the OWASP worldwide community is growing rapidly: There are 21,000 people who are actively involved with OWASP. These are the people who attend chapter meetings, participate in mailing lists, and have accounts on our wiki. There are 326 OWASP mailing lists (projects, committees, events and chapters)
★ 7 Global Committees w/ 39 Committee Volunteers
★ 159 Chapters
★ 117 Projects (Top 10, Testing Guide, Developer Guide etc..)
★ 17 OWASP Books
★ 18 full day or multi-day events and conferences around the world
Wiki Page edits since the wiki was set up: 76,865 and 6,381 articles
OWASP is the largest peer-reviewed knowledge-base of application security information anywhere.
With an average of 200 updates to the wiki everyday. Over 100,000 page views per week. Total views: 31,903,633
13
OWASP
Not listed? Talk with your local University today to support and join the mission
14
OWASPNot Listed? Show the world you support OWASP
15
OWASP
$ 2009
16
OWASP
17
18
OWASP
In addition to
Jeff Williams Dave Wichers Dinis Cruz Sebastien Deleersnyder Tom Brennan
Kate Hartmann Alison McNamme Paulo Coimbra
19
OWASP
FAQ
Does OWASP compete with ABC, XYZ association?
Does OWASP have a certification?
What is the purpose of Global Committees?
• Membership
• Projects
• Conferences
• Connections
Chapters
Education
I have a great idea for OWASP project...
If I want to be a speaker, join a chapter or get my company more involved.
20
OWASP
21
OWASP
2010 Global OWASP Appsec Events
OWASP Denver OWASP Mexico OWASP Sweden OWASP China OWASP France and more..
Visit www.owasp.org get your copy of the Annual Report
22
GOT OWASP?