Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit The OWASP Foundation OWASP AppSec Seattle October OWASP 2.0 Enabling organizations to develop, maintain, and acquire applications they can trust Dinis Cruz OWASP

OWASP AppSec Seattle Mission  Enabling organizations to develop, maintain, and purchase applications that they can trust

OWASP AppSec Seattle OWASP Foundation  The OWASP Foundation is a 501c3 not-for- profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all.

OWASP AppSec Seattle History  2000: Mark Curphey and Microsoft Word  2001: OWASP Guide 1.0  Sep 2002: Many volunteers finish  Oct 2002: owasp-leaders created  Leaders from each project  This meritocracy still leads us today  2003: OWASP Foundation created  -> 2006: tons of new projects (see tomorrow)

OWASP AppSec Seattle It’s about community  Built on great foundations built by our contributors  Greater peer to peer participation  Emphasis on local community building  More support for your projects

OWASP AppSec Seattle

OWASP AppSec Seattle It’s about building a solid foundation  Transparency  Annual Report, financial details  Annual report (with financial details) starting 2006  Move to more formal structure in 2007 timeframe (à la Apache, NetBSD, Debian, etc)  Improve membership experience  Membership packages  Individual  Corporate  Sponsor  Starter chapter pack

OWASP AppSec Seattle Autumn of Code 2006 »The Open Web Application Security Project (OWASP) has recently launched a new project entitled "OWASP Autumn of Code 2006” that is aimed at financially sponsoring contributions to OWASP Projects.  On the 18th of September our call for entries ended and on the 25th of September we released our list of selected projects to be sponsored. OWASP has made the decision to sponsor 9 projects (5 at $3,500 USD and 4 at $5,000 USD) instead of our originally planned number of 8.

OWASP AppSec Seattle Autumn of Code Projects  WebScarab NG – Rogan Dawes  Live CD – Joshua Perrymon  CAL9000 – Chris Loomis  SiteGenerator and ORG – Mike de Libero  Pantera – Simon Roses  Web Goat – Sherif Koussa  Testing Guide – Matteo Meucci  OWASP.NET Tools – Boris Maletic  OWASP Website and Branding – Aaron M. Holmes

OWASP AppSec Seattle Current projects (see website)  Release Quality  Beta Status  Alpha Status  Technology, Research, and Guides

OWASP AppSec Seattle Funding model  Need to increase OWASP individual and corporate members  Current funding model  Conferences  Corporate and Individual Memberships (to be GNI adjusted)  Advertising  Sponsorships

OWASP AppSec Seattle OWASP Membership  An active voice in the development of OWASP Materials that are becoming widely accepted as an application security standard for all organizations.  A OWASP Commercial License to use the materials within your organization without the restrictions associated with the various open source licenses used by the OWASP projects.  Timely electronic notification of updates to the OWASP Materials.  Visibility for your organization's tangible commitment to application security through its inclusion in the members list on the OWASP website and promotional materials.  The right to use the OWASP name and membership mark to show that you are an OWASP Member. Note that the mark must not be used in any way that might indicate that OWASP supports a commercial product or service.  Collaboration with other highly skilled people from organizations around the world, both virtually and in person during periodic OWASP AppSec conferences and chapter meetings.  Discounted registration fees for OWASP AppSec conferences to all individual members and all employees of member organizations.

OWASP AppSec Seattle OWASP Membership cost

OWASP AppSec Seattle Local Chapters

OWASP AppSec Seattle Chapters!

OWASP AppSec Seattle Local chapters  Easily the most useful OWASP activity  Lots of chapters all around the world

OWASP AppSec Seattle Local chapter support  Use our Internet resources  Announce meetings well in advance  Have a schedule well in advance  Be consistent  Community: blogs, forum - in your local language  Present new stuff ... or borrow other chapter’s slides

OWASP AppSec Seattle Guidelines for chapters  Encourage membership in OWASP  Try to be easily found and a popular time  Always try to meet, if only for drinkies  Local sponsorship by vendors is fine  Try not to be 0wned by the vendors (of any type)  Protect yourself - insurance, talk choices, etc

OWASP AppSec Seattle Leadership Focus  Developing OWASP Foundation and infrastructure  Helping you deliver timely, useful projects  Keeping today’s flagship products fresh and relevant  Winter, Spring, and Summer of Code 2007

OWASP AppSec Seattle OWASP Brand  Our brand is important to us  Need something to help get rid of freeloaders  Many firms abusing OWASP Top 10 / Guide brand  Need a 'brand management' project

OWASP AppSec Seattle Project Incubators  Initiate any project you like  Each project will have its own space  Community: Link to team member blogs and forum  Resources: Samples, downloads, private workspace

OWASP AppSec Seattle Project Focus  Participate!  What do you want us to focus on?