Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP OWASP 2.0 Update Sebastien Deleersnyder CISSP, BE Chapter Leader Sep, 2006

OWASP 2 Agenda  Introduction  OWASP 2.0  Belgium Chapter  New OWASP Projects

OWASP 3 Agenda  Introduction  OWASP 2.0  Belgium Chapter  New OWASP Projects

OWASP 4  Sponsors this evening:  ING  Co-organized with ISSA  Call for additional sponsors  Chapter meeting places & catering  Support for local projects  OWASP cannot recommend the use of products, services, or recommend specific companies Introduction

OWASP 5 Program for this evening:  18h h45: Sebastien Deleersnyder, BE Chapter Leader OWASP 2.0 Update  18h h00: Toon Mordijck, ISSA ISSA Introduction  19h h55: Serge Moreno, ING Business Application Security through Information Risk Management  19h h05: Break  20h h00: Guy Crets, Apogado Secure and Reliable Web Services

OWASP 6 Agenda  Introduction  OWASP 2.0  Belgium Chapter  New OWASP Projects

OWASP 7 OWASP 2.0  Open Web Application Security Project  OWASP 2.0 New Manifesto: Enabling organizations to develop, maintain, and purchase applications that they can trust  Non-profit, volunteer driven organization  All members are volunteers  All work is donated by sponsors  OWASP 2.0  MediaWiki driven:  New OWASP Director: Andrew Van der Stock

OWASP 8 OWASP?  Provide free resources to the community  Publications, Articles, Standards, e.g.  OWASP Top 10  OWASP Guide  Testing Guide  Testing and Training Software, e.g.  WebGoat  WebScarab .NET Projects  Local Chapters, Mailing Lists & Conferences  Dual license model:  Open Source Licenses  Commercial License for Members

OWASP 9 OWASP Membership  Using OWASP material?  Join us and become member!  Enable OWASP to continue to provide unbiased:  Tools  Documentation  Conferences  Mailing Lists  …

OWASP 10 Agenda  Introduction  OWASP 2.0  Belgium Chapter  New OWASP Projects

OWASP 11 Belgium Chapter - What do we have to offer?  Quarterly Meetings  Mailing List  Presentations & Groups  Open forum for discussion  Meet fellow InfoSec professionals  Create (Web)AppSec awareness in Belgium  Local projects?

OWASP 12 Belgium Chapter – House Rules  Free & open to everyone  Language  English preferred  Native language: no problem!  No vendor pitches or $ales presentations  Respect for different opinions  No flaming (including M$ bashing)  1 CISSP CPE for each hour of OWASP chapter meeting  Sign Sheet & I’ll scan: you claim CPE credits

OWASP 13 OWASP Local Chapter Meetings 2006  Next Meetings:  Tuesday Nov Brussels  Program:  Short OWASP intro  Presentation on introduction topic  Panel, workshop, round-table, … on more advanced topic  Topics:  Call for input!

OWASP 14 Agenda  Introduction  OWASP 2.0  Belgium Chapter  New OWASP Projects

OWASP 15 New OWASP Projects  OWASP Autumn Of Code 2006  financially sponsoring contributions  focused on completing existent OWASP Projects  OWASP CLASP (Comprehensive, Lightweight Application Security Process) Project  OWASP AJAX Security Project

OWASP 16 Updating old favorites  OWASP Guide 3.0 PDF, book, and Wiki  Top Wiki Edition - need volunteers  Testing Guide 1.0 PDF and Wiki - need volunteers

OWASP 17 OWASP Conference  Next conference: OWASP AppSec Seattle 2006  Seattle, Washington, US  Training Day: October 16th  Main Conference: October  Keynote Michael Howard from Microsoft on "The Benefits of the SDL initiative to Microsoft and its Customers".

OWASP 18 That’s it…  Any Questions? Thank you!

OWASP 19 Subscribe to BE Chapter mailing list  Keep up to date!  Post your (Web)AppSec questions  Contribute to discussions!