Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit The OWASP Foundation OWASP & WASC AppSec 2007 Conference San Jose – Nov Welcome to the OWASP & WASC AppSec 2007 Conference Dave Wichers OWASP Conferences Chair COO, Aspect Security

OWASP & WASC AppSec 2007 Conference – San Jose – Nov OWASP  Mission  Open source non-profit charitable foundation dedicated to enabling organizations develop, maintain, and acquire software they can trust  Principles  All OWASP products are free and open  Application security knowledge should be freely available  OWASP encourages awareness, discussion, and best practices  Making security visible is key to changing the software market  OWASP does not recommend any commercial products or services  OWASP will not discuss/disclose specific exploits

OWASP & WASC AppSec 2007 Conference – San Jose – Nov OWASP Body of Knowledge Core Application Security Knowledge Base Acquiring and Building Secure Applications Verifying Application Security Managing Application Security Application Security Tools AppSec Education and CBT Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures OWASP Foundation 501c3 OWASP Community Platform (wiki, forums, mailing lists) Projects ChaptersAppSec Conferences Guide to Building Secure Web Applications and Web Services Guide to Application Security Testing and Guide to Application Security Code Review Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security Guidance and Tools for Measuring and Managing Application Security Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax)

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Welcome to the OWASP AppSec Conference  This is the 7 th installment of the AppSec conference series (AND the first with WASC!!)  We normally have 2 each year, (the U.S. and Europe)  But … we also had OWASP day (Sept. 5-12) in 17 chapters around the world  and we just had a conference in Taiwan. A half day conference, with 600 attendees! Good job Wayne!  Next year’s (current) plans:  OWASP Australia: Gold Coast – March  OWASP Europe: Brussels in May  OWASP Israel: ??  OWASP Taiwan: ??  OWASP U.S.: New York City in Oct

OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Conferences Committee Members  OWASP Conferences Chair:  Dave Wichers – Aspect Security and OWASP Board  WASC Support:  Jeremiah Grossman, Anurag Agarwal, and others.  Web Services Security Track Chair:  Gunnar Peterson – Arctec Group  Tech Expo Chair:  Pravir Chandra – Cigital  Refereed Papers Track Chair:  Frank Piessens – KU Leuven  2008 Europe Conference Planning Committee Chair:  Sebastien Deleersnyder - Telindus, Belgacom ICT  2008 U.S. Conference Planning Committee Chair:  Tom Brennan – Access IT Group  THANKS FOR ALL THE HELP! And we need more. Volunteers? 5

OWASP & WASC AppSec 2007 Conference – San Jose – Nov AppSec Conference Schedule  Also: Tech Expo Upstairs today – From 11 AM to 6 PM  Similar structure tomorrow  Microsoft/Aspect Security cocktail party (tomorrow) Also at Holiday Inn.

OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Thank you to our Hosts! 7

OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Sponsors/Tech Expo  Thank you to all our sponsors  Please visit (most of) them at the TechExpo!  Future conferences will not be limited to product/managed services vendors only 8

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Your Conference Packet  Welcome Letter  From OWASP Chair Jeff Williams  Conference Agenda  Facility Information / Map  Directions to Nearby Hotels  Conference Eval Form (please fill in and drop off)  Collateral from All Our Sponsors  Please take a look

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Conference Logistics  Speakers  Please use your own laptop for your presentation  If you’d don’t have it here, let me know in advance so we can get a laptop with your presentation on it ready  Presentations may be Audio and Video Recorded  Speakers, please talk into the mic and repeat any questions so they will be picked up in the recording  Free Wireless Provided by Conference Center  All presentations should be online within two weeks!!

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Tonight’s OWASP Dinner  At Holiday Inn  1740 N. 1st St. San Jose  Almost half the attendees are registered so see you there  Almost sold out. If interested, see me.

OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Map to the Dinner  Its only 0.7 miles so you can walk  eBay to Holiday Inn 12

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit The OWASP Foundation OWASP & WASC AppSec 2007 Conference San Jose – Nov Conclusion: OWASP & WASC AppSec 2007 Conference Dave Wichers OWASP Conferences Chair COO, Aspect Security

OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Some OWASP Growth Stats  One year ago (Oct 2006), we had  about 75 local chapters  about 15 corporate sponsors  about 180K page views / month at OWASP.org  and finally a little bit of money. About $88K  Now (Nov 2007), we have  over 100 local chapters  over 30 corporate sponsors  about 360K page views / month at OWASP.org  prior to this conference we had about $300K  Of which $90K is pledged to the completion of the 2007 Spring of Code projects 14

OWASP & WASC AppSec 2007 Conference – San Jose – Nov

OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 And our First Employee  Alison McNamee  Starts Nov 26 th  Working in OWASP Foundation office in Columbia, MD  Perform Administrative Duties such as  Assist OWASP Members  Assist OWASP Project and Chapter Leads  Help organize and manage OWASP conferences  Manage OWASP corporate and individual memberships  OWASP financial management  OWASP correspondence  etc. 16

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Some OWASP Conference Stats  1 st OWASP AppSec Conference (2004 NY) - ~100 people on a weekend  2 nd OWASP AppSec Conference (2005 London) ~100 on a weekend  3 rd OWASP AppSec Conference (2005 D.C.) ~175 plus 40 in tutorials  4 th OWASP AppSec Conference (2006 Brussels) ~125 plus 40 in tutorials  5 th OWASP AppSec Conference (2006 Seattle) ~180 plus 115 in tutorials  6 th OWASP AppSec Conference (2007 Milan) ~140 plus 40 in tutorials  OWASP Taiwan Conference (2007 Taiwan)  About 600 attendees for half day free conference!!  2007 OWASP & WASC AppSec Conference (2007 San Jose)  About 260 attendees with 80 people in six 2-day tutorials  First Tech Expo: Sold out with 12 vendors participating  Result: Lots of great community interaction/awareness and many great presentations online for community use

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Plans for Next Year (2008)  2008 OWASP Australia AppSec Conference  Gold Coast – March – 1-day tutorials, 2-day conference  2008 OWASP AppSec Europe Conference  Brussels – May 19-22, 2008  Refereed papers track, Vendor Expo  Two day Tutorials – two day conference  2008 OWASP AppSec Israel Conference - ??  2008 OWASP AppSec Taiwan Conference - ??  2008 OWASP AppSec U.S. Conference  New York City, Oct  Refereed papers track, Vendor Expo, Lots of tutorials  Capture the flag event?

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Please Help OWASP Grow  As contributors  OWASP Chapter Leaders  OWASP Project Leaders and Participants  Season of Code Participants (paid projects!)  OWASP Conference Committee  Stub articles – wiki contributions  New technologies to analyze  As members  Corporate Members  Individual Members  Please join us and share what you know!

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Please Give Us Your Feedback  Tutorials?  More diversity?  What other topics are you interested in?  Quarterly regional OWASP training events?  Presentations?  More tracks?  Longer conference?  Panels?  Other Activities?  OWASP tool demo’s?  Capture the flag?  Product comparisons? (think UL testing/Consumer Reports)  Send to

OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Thanks again to our Hosts! 21  Caroline Wong from eBay – Facilitated getting eBay / PayPal to offer their facility to us

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Thank You to Our Organizers  Aspect Security  Conference Organization  Conference Logistics  Conference Registration  Financial Management  WASC  Local Conference Promotion  Facility Selection/Negotiation  Local Logistics, Event Support  Tech Expo: Pravir Chandra  Web Services Track: Gunnar Peterson

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Thanks Again to Our Sponsors

OWASP & WASC AppSec 2007 Conference – San Jose – Nov Thank You to Our Contributors and Members  I want to thank ALL the OWASP Project Leads and their teams for all their Hard Work  OWASP wouldn’t exist without them  And thank you to all our corporate & individual members

OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Reminder: Another Cocktail Party :-) 25