Copyright © 2009 - The OWASP Foundation This work is available under the Creative Commons SA 3.0 license The OWASP Foundation OWASP

Slides:



Advertisements
Similar presentations
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Advertisements

OpenSAMM Software Assurance Maturity Model Seba Deleersnyder SAMM project co-leaders Pravir Chandra AppSec USA 2014 Project.
OWASP Overview Germany 2008 Conference
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
The OWASP Foundation AppSec DC Learning by Breaking A New Project for Insecure Web Apps Chuck Willis Technical Director MANDIANT
What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Setting up a Secure Development Life Cycle with OWASP Seba Deleersnyder OWASP Foundation Board.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP BeNeLux 2010
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
OWASP - Where we are… where we are going
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The OWASP Foundation AppSecEU11 Where we are.. Where we are going Tom Brennan, Eoin Keary, Seba Deleersnyder, Dave Wichers, Jeff Williams,
Copyright 2008 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
“Security is a process, not a product” -- Bruce Schneier.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The OWASP Foundation OWASP The Open Web Application Security Project Join the application security community for free, unbiased, open.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
The OWASP Foundation OWASP Belgium Chapter OWASP Update Sebastien Deleersnyder Foundation Board, Zenitel Belgium
The OWASP Foundation OWASP Belgium Chapter OWASP Update Sebastien Deleersnyder Foundation Board, Zenitel Belgium
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Where we are Where we are going Seba DeleersnyderEoin Keary OWASP Foundation Board.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The OWASP Foundation OWASP Belgium Chapter OWASP Update 12-Sep-2012 Seba Deleersnyder Foundation / BE Board
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP AppSec India Aug 2008.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP AppSec India Aug 2008.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Getting Started with OWASP The Top 10, ASVS, and the Guides Dave Wichers COO, Aspect Security OWASP Board Member OWASP Top 10 and ASVS Projects Lead.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP Denver February 2012.
The OWASP Foundation OWASP Global Update Seba Deleersnyder OWASP Foundation Board Member.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
OWASP Foundation OWASP Where we are.. Where we are going.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Finding and Fighting the Causes of Insecure Applications
Jeff Williams OWASP Chair
Jeff Williams OWASP Foundation Chair
OWASP in favor of a more secure world
Canberra OWASP Chapter meeting
Tour of OWASP’s projects
Organizing and Delivering the World’s AppSec Information
Finding and Fighting the Causes of Insecure Applications
OWASP Global Projects Committee
OWASP Update 26-Sep-2012 OWASP Belgium Chapter David Mathy
Presentation transcript:

Copyright © The OWASP Foundation This work is available under the Creative Commons SA 3.0 license The OWASP Foundation OWASP The Open Web Application Security Project Jeff Williams Aspect Security, CEO Volunteer OWASP Chair June 25, 2009

OWASP OWASP World OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks. OWASP is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.

OWASP 2009 OWASP Supporters

OWASP OWASP Worldwide Community 4

OWASP OWASP Dashboard 5 Worldwide UsersMost New Visitors 22,782,709 page views

OWASP OWASP Conferences ( ) 6 NYC Sep 2008 NYC Sep 2008 DC Sep 2009 DC Sep 2009 Brussels May 2008 Brussels May 2008 Poland May 2009 Poland May 2009 Taiwan Oct 2008 Taiwan Oct 2008 Portugal Summit Nov 2008 Portugal Summit Nov 2008 Israel Sep 2008 Israel Sep 2008 India Aug 2008 India Aug 2008 Gold Coast Feb Gold Coast Feb Minnesota Oct 2008 Minnesota Oct 2008 Denver Spring 2009 Denver Spring 2009 Germany Nov 2008 Germany Nov 2008 Ireland 2009

OWASP OWASP KnowledgeBase 6,381 total articles 427 presentations 200 updates per day 271 mailing lists 180 blogs monitored 19 deface attempts

OWASP OWASP AppSec News and Intelligence  Moderated AppSec News Feed  ic/atom/user/ /state/com.google/broadcast ic/atom/user/ /state/com.google/broadcast  OWASP Podcast  s/MZStore.woa/wa/viewPodcast?id= s/MZStore.woa/wa/viewPodcast?id=  OWASP TV  8

OWASP OWASP AppSec Job Board 9

OWASP 10 OWASP Top Ten Critical Vulnerabilities

OWASP OWASP AppSec Guides  Free and open source  Cheap printed copies  Covers all critical security controls  Hundreds of expert authors  All aspects of application security 11

OWASP OWASP Application Security Verification Std  Standard for verifying the security of web applications  Four levels  Automated  Manual  Architecture  Internal 12

OWASP OWASP Software Assurance Maturity Model 13

OWASP OWASP WebGoat 14

OWASP OWASP WebScarab 15

OWASP OWASP CSRFTester 16

OWASP Add Token to HTML OWASP CSRFGuard 17 User (Browser) Business Processing OWASP CSRFGuard Verify Token  Adds token to:  href attribute  src attribute  hidden field in all forms  Actions:  Log  Invalidate  Redirect

OWASP OWASP Live CD 18

OWASP OWASP Enterprise Security API 19 Before After

OWASP Want More OWASP?  OWASP.NET Project  OWASP ASDR Project  OWASP AntiSamy Project  OWASP AppSec FAQ Project  OWASP Application Security Assessment Standards Project  OWASP Application Security Metrics Project  OWASP Application Security Requirements Project  OWASP CAL9000 Project  OWASP CLASP Project  OWASP CSRFGuard Project  OWASP CSRFTester Project  OWASP Career Development Project  OWASP Certification Criteria Project  OWASP Certification Project  OWASP Code Review Project  OWASP Communications Project  OWASP DirBuster Project  OWASP Education Project  OWASP Encoding Project  OWASP Enterprise Security API  OWASP Flash Security Project  OWASP Guide Project  OWASP Honeycomb Project  OWASP Insecure Web App Project  OWASP Interceptor Project  OWASP JBroFuzz  OWASP Java Project  OWASP LAPSE Project  OWASP Legal Project  OWASP Live CD Project  OWASP Logging Project  OWASP Orizon Project  OWASP PHP Project  OWASP Pantera Web Assessment Studio Project  OWASP SASAP Project  OWASP SQLiX Project  OWASP SWAAT Project  OWASP Sprajax Project  OWASP Testing Project  OWASP Tools Project  OWASP Top Ten Project  OWASP Validation Project  OWASP WASS Project  OWASP WSFuzzer Project  OWASP Web Services Security Project  OWASP WebGoat Project  OWASP WebScarab Project  OWASP XML Security Gateway Evaluation Criteria Project  OWASP on the Move Project 20

OWASP OWASP Research Grants  We support the research that keeps your organization safe! 21

OWASP OWASP SoC2008 selection  OWASP Code review guide, V1.1  The Ruby on Rails Security Guide v2  OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool)  Internationalization Guidelines and OWASP-Spanish Project  OWASP Application Security Desk Reference (ASDR)  OWASP.NET Project Leader  OWASP Education Project  The OWASP Testing Guide v3  OWASP Application Security Verification Standard  Online code signing and integrity verification service for open source community (OpenSign Server)  Securing WebGoat using ModSecurity  OWASP Book Cover & Sleeve Design  OWASP Individual & Corporate Member Packs, Conference Attendee Packs Brief  OWASP Access Control Rules Tester  OpenPGP Extensions for HTTP - Enigform and mod_openpgp  OWASP-WeBekci Project  OWASP Backend Security Project 22  OWASP Application Security Tool Benchmarking Environment and Site Generator refresh  Teachable Static Analysis Workbench  OWASP Positive Security Project  GTK+ GUI for w3af project  OWASP Interceptor Project Update  Skavenger  SQL Injector Benchmarking Project (SQLiBENCH)  OWASP AppSensor - Detect and Respond to Attacks from Within the Application  Owasp Orizon Project  OWASP Corporate Application Security Rating Guide  OWASP AntiSamy.NET  Python Static Analysis  OWASP Classic ASP Security Project  OWASP Live CD 2008 Project

OWASP How Can You Help? 23  Join our community  Share and learn  Attend conferences  Push us to do better  Become a member!

OWASP Questions and Answers

OWASP 25

OWASP OWASP Projects Lifecycle  Define Criteria for Quality Levels  Alpha, Beta, Release  Encourage Increased Quality  Through Season of Code Funding and Support  Produce Professional OWASP books  Provide Support  Full time executive director (Kate Hartmann)  Full time project manager (Paulo Coimbra)  Half time technical editor (Kirsten Sitnick)  Half time financial support (Alison Shrader)  Looking to add programmers (Interns and professionals)

OWASP 27 OWASP Framework SDLC & OWASP Guidelines

OWASP 28 OWASP Projects Are Alive! …

OWASP Finances and Grants % OWASP Grants OWASP Foundation 55% 45%

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.