1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP Update Volunteer, Global Board Member OWASP
2 OWASP What is OWASP? The Open Web Application Security Project (OWASP) is a 501c3 not-for- profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application securityvisible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.visible, people and organizations can make informed decisions
3 OWASP What is OWASP? El proyecto abierto de seguridad en aplicaciones Web (OWASP por sus siglas en inglés) es una comunidad libre y abierta enfocada en mejorar la seguridad de los programas aplicativos. Nuestra misión es hacer la seguridad en aplicaciones “visible”, de manera que las personas y organizaciones puedan tomar decisiones informadas sobre los riesgos de seguridad en aplicaciones. Todos pueden participar en OWASP y todos nuestros materiales están disponibles bajo una licencia de software libre y abierto. La fundación OWASP es una organización caritativa sin ánimo de lucro 501(c)3 que asegura viabilidad continua y el apoyo a nuestro trabajo. Visite el sitio de OWASP en línea en
4 OWASP What we have so far... ■PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws. ■DETECT - These are tools and documents that can be used to find security- related design and implementation flaws. ■LIFE CYCLE - These are tools and documents that can be used to add security- related activities into the Software Development Life Cycle (SDLC).
5 OWASP Useful Resources? Legal Contract Guide Developer Guides Top 10 Lists WebScarab Code Review Guide (WhiteBox) Testing Guide (Blackbox) Antisammy RFP Critera Spending Project +100 More!!
6 OWASP #FAIL
7 OWASP For years, we have watched as the software market fails to produce secure applications. The sheer size and complexity of our software infrastructure are staggering and present novel security challenges every day. The software market and security experts still struggle to eliminate even simple well-understood problems in the code or with mitigation controls. DAILY HEADLINES
8 OWASP Why doesn’t the software market produce secure software? Hacking your way secure? Education Culture Change Brakes on CAR
9 OWASP Why is OWASP the right approach “The OWASP mission is to make application security visible. Creating transparency goes directly to the heart of what is wrong with the software market and has the potential to actually change the game.” “In many ways, we’re like public radio. This allows us to reach a very broad audience and it makes it possible for us to avoid difficult commercial relationships that influence our activities. This freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security”
10 OWASP What is OWASP doing? In November 2009, OWASP Leaders from around the world got together to discuss our progress and set our priorities for Each of our Global Committees reviewed their accomplishments and we discussed OWASP’s agenda for the future. We just established these committees in 2008 and they are already making huge progress establishing the foundation needed to achieve OWASP’s mission. In this organization are some of the greatest minds in application security, software development and global industry. I’d like to encourage all of you to figure out something you can do to change the culture in your team, company, or industry. +5 Attend local meeting and bring a associate. Pick (1) OWASP Project - review it, comment on it, improve it. (individual/chapter)
11 OWASP
12 OWASP OWASP By the Numbers.. Founded in 2001’ the OWASP worldwide community is growing rapidly: There are 21,000 people who are actively involved with OWASP. These are the people who attend chapter meetings, participate in mailing lists, and have accounts on our wiki. There are 326 OWASP mailing lists (projects, committees, events and chapters) ★ 7 Global Committees w/ 39 Committee Volunteers ★ 159 Chapters ★ 117 Projects (Top 10, Testing Guide, Developer Guide etc..) ★ 17 OWASP Books ★ 18 full day or multi-day events and conferences around the world Wiki Page edits since the wiki was set up: 76,865 and 6,381 articles OWASP is the largest peer-reviewed knowledge-base of application security information anywhere. With an average of 200 updates to the wiki everyday. Over 100,000 page views per week. Total views: 31,903,633
13 OWASP Not listed? Talk with your local University today to support and join the mission
14 OWASP Not Listed? Show the world you support OWASP
15 OWASP $ 2009
16 OWASP
17
18 OWASP In addition to Jeff Williams Dave Wichers Dinis Cruz Sebastien Deleersnyder Tom Brennan Kate Hartmann Alison McNamme Paulo Coimbra
19 OWASP FAQ Does OWASP compete with ABC, XYZ association? Does OWASP have a certification? What is the purpose of Global Committees? Membership Projects Conferences Connections Chapters Education I have a great idea for OWASP project... If I want to be a speaker, join a chapter or get my company more involved.
20 OWASP
21 OWASP 2010 Global OWASP Appsec Events OWASP Denver OWASP Mexico OWASP Sweden OWASP China OWASP France and more.. Visit get your copy of the Annual Reportwww.owasp.org
22 GOT OWASP?