Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP EU09 Poland OWASP State of the Union Dave Wichers Sebastien Deleersnyder Dinis Cruz Foundation Board
OWASP AppSecEU09 Poland Agenda OWASP ? State of the union Season of Code 2009 OWASP near you ! 2
OWASP AppSecEU09 Poland Agenda OWASP ? State of the union Season of Code 2009 OWASP near you ! 3
OWASP AppSecEU09 Poland 4 OWASP Open Web Application Security Project started 2001, OWASP Foundation Inc. established 2004 Participation in OWASP is free and open to all International not-for-profit charitable organization funded primarily by volunteers time, OWASP Memberships ($50 Individuals, $5k Supporters), and OWASP Conference fees Website: 6,464 registered users, 21,552,771 page views, and 55,941 page edits, 10k members on mailing lists
OWASP AppSecEU09 Poland What Is Unique about OWASP? Everything we do is free and open…
OWASP AppSecEU09 Poland 6 OWASP Vision & Mission Vision: a software market that produces code thats secure enough to rely on. Mission (to achieve that vision): to make security visible (or transparent) so that software buyers and sellers are on equal footing and market forces can work.
OWASP AppSecEU09 Poland 7 7
OWASP AppSecEU09 Poland OWASP Principles Free & Open Governed by rough consensus & running code Abide by a code of ethics: Not-for-profit Not driven by commercial interests Risk based approach 8
OWASP AppSecEU09 Poland OWASP Resources and Community Documentation (Wiki and Books) Code Review, Testing, Building, Legal, more … Code Projects Defensive, Offensive (Test tools), Education, Process, more … Chapters Over 150 and growing Conferences Major and minor events all around the world
OWASP AppSecEU09 Poland OWASP Foundation - Structure Volunteer Board (5) Jeff Williams, Dave Wichers, Dinis Cruz, Tom Brennan, Sebastien Deleersnyder Volunteer Global Committees (6) (25+) Members 150+ Local Chapters120+ Projects OWASP Employees (5)
OWASP AppSecEU09 Poland 150+ chapters 11
OWASP AppSecEU09 Poland OWASP Conferences ( ) 12 NYC Sep 2008 NYC Sep 2008 DC Mar & Nov 2009 DC Mar & Nov 2009 Brussels May 2008 Brussels May 2008 Poland May 2009 Poland May 2009 Taiwan Oct 2008 Taiwan Oct 2008 Portugal Summit Nov 2008 Portugal Summit Nov 2008 Israel Sep 2008/09 Israel Sep 2008/09 India Aug 2008 India Aug 2008 Gold Coast Feb 2008/09 Gold Coast Feb 2008/09 Minnesota Oct 2008 Minnesota Oct 2008 Denver Mar 2009 Denver Mar 2009 Germany Nov 2008 Germany Nov 2008 Ireland Sep 2009 Sweden May 2010 Sweden May 2010 New Zealand July 2009 New Zealand July 2009 Brazil Oct 2009 Brazil Oct 2009
OWASP AppSecEU09 Poland Mailing Lists 100+ Mailing Lists Local Chapters Projects Regional/Global Committees LinkedIn Group too… members 13
OWASP AppSecEU09 Poland 2009 Organization Supporters
OWASP AppSecEU09 Poland 2009 Educational Supporters 15
OWASP AppSecEU09 Poland Agenda OWASP ? State of the union Season of Code 2009 OWASP near you ! 16
OWASP AppSecEU09 Poland Summit Portugal - Nov 2008 First time OWASP community got together 80+ OWASP leaders under the same roof 20+ countries 12h/day workload (& lots of beer consumed) 17
OWASP AppSecEU09 Poland Summit Portugal Outcomes: New Free Tools and Guidance (from SoC08) New Global Committee Structure Education, Chapter, Conferences, Industry, Projects, Membership (who will create the action plan for 2009) New Outreach Program technology vendors, framework providers, and standards bodies new program to provide free one- day seminars at universities and developer conferences worldwide 18
OWASP AppSecEU09 Poland Global Committees – Established late
OWASP AppSecEU09 Poland Projects Committee 1.Organizing the next OWASP Season of Code 2.Drafting proposals for standardization and organization of OWASP Projects and Releases 3.Establishing a baseline assessment of all OWASP Projects and Releases 4.Survey all OWASP projects More about projects tomorrow! 20
OWASP AppSecEU09 Poland Industry Committee Start outreach to critical infrastructures worldwide such as: electricity generation, transmission and distribution; gas production, transport and distribution; oil and oil products production, transport and distribution; telecommunication; water supply (drinking water, waste water/sewage, stemming of surface water (e.g. dikes and sluices)); agriculture, food production and distribution; heating (e.g. natural gas, fuel oil, district heating); public health (hospitals, ambulances); transportation systems (fuel supply, railway network, airports, harbors, inland shipping); financial services (banking, clearing); security services (police, military). 21
OWASP AppSecEU09 Poland Industry - Accomplishments 1.Has submitted RFC feedback for both British and US/NIST rev 3 standards 2. Have been promoting supporter membership to raise awareness in industry verticals 3. Have established working relationships with ISSA & ISACA to assist with industry focused outreach and international insight 22
OWASP AppSecEU09 Poland Membership Committee Increase individual membership 100% in 18 months (Individuals)Individuals Increase organizational supporters 100% in 18 months (Supporters)Supporters Increase university supporters 100% in 18 months 1. Has created and launched a new membership model 2. Has created and launched Membership drive to support our efforts 3. Has created video to promote/explain 23
OWASP AppSecEU09 Poland 24 Education Committee The primary purpose of the Global Education Committee is: to work with the OWASP Education Project to provide educational materials for both internal and external users, develop liaisons with educational institutions worldwide.
OWASP AppSecEU09 Poland Current work Categorize (Organization) of educational materials Train the trainers (Teach the teachers) Create an online assessment and training portal Brazil – SoC09? OWASP Boot Camp Project OWASP CTF event NY CTF based - SoC09 proposal - "OWASP Challenge Framework" Speakers Bureau Project Marketing efforts Internationalization of the training materials Education material (Projects) Academic Educational Services 25
OWASP AppSecEU09 Poland Chapter Committee To provide the support required at the local level to accomplish the overall mission and goals of the association Define chapter and role in OWASP Identify the health of Chapters - number of Chapters Vs active chapters Define clear and transparent process of chapter Governance Develop Chapter Handbook 26
OWASP AppSecEU09 Poland Progress 27
OWASP AppSecEU09 Poland Agenda OWASP ? State of the union Season of Code 2009 OWASP near you ! 28
OWASP AppSecEU09 Poland SoC 09 (OWASP Season of Code) 4th edition of OWASP Grant program Pre-Lauched today here in Poland (see Proposed focus on 4 areas: OWASP Education Pack - managed by: Education Committee Enterprise usability of OWASP projects - managed by: Projects Committee) Additional Sources of Funding - managed by Membership & Chapters Committee) Marketing & PR - managed by Industry & Conferences Committee Initial budget of 90,000 USD 29
OWASP AppSecEU09 Poland Agenda OWASP ? State of the union Season of Code 2009 OWASP near you ! 30
OWASP AppSecEU09 Poland 31 OWASP Podcast Series Launched Nov 21, 2008 Episode 19 will be released May Interviews, 2 Roundtables, 4 News Commentary Programs and counting Produced and Hosted by Jim Manico of Aspect Security News team consists of Arshan Dabirsiaghi, Andre Gironda and Jeff Williams
OWASP AppSecEU09 Poland 56 videos 40+ hrs 32
OWASP AppSecEU09 Poland Local Chapter Resources Local Meetings Regional Mailing List Presentations Forum for discussion Meet fellow InfoSec professionals Create (Web)AppSec awareness Local projects JOBS =
OWASP AppSecEU09 Poland Upcoming Conferences OWASP New Zealand Day New Zealand July 13th - 2 track conference, University of Auckland OWASP AppSec Ireland 2009 September 10th Conference at Trinity College in Dublin OWASP AppSec Brazil 2009 October 27th-30th Conference and tutorials at Câmara dos Deputados OWASP AppSec US 2009 – November Washington, D.C. 34
OWASP AppSecEU09 Poland 35 TTD Visit Find your local chapter / conferences Listen to PodCasts Watch Videos Read Materials Post your (Web)AppSec questions Spread the word, invite peers Contribute to discussions Become member!
OWASP AppSecEU09 Poland 36 Get Involved