Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Published byJaycee Frere Modified over 10 years ago

Similar presentations

Presentation on theme: "Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation."— Presentation transcript:

1 Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP AppSec Europe http://www.owasp.org/ May 2006 Keynote Day 1: OWASP 2.0 Dinis Cruz OWASP.Net Project Leader dinis.cruz@owasp.net

2 OWASP AppSec Europe 2006 2 New Manifesto / Vision Enabling organizations to develop, maintain, and purchase applications that they can trust Consolidate all OWASP Projects in one strong vision Focus OWASP efforts in one positive and focused target Create a package that companies will want to buy (i.e. join as members) Build on past sucessess

3 OWASP AppSec Europe 2006 3 OWASP is about a community who cares Built on great foundations built by our contributors Independent Focused on creating a better workd Great peer to peer participation Emphasis on local community building

4 OWASP AppSec Europe 2006 4 Objectives Organize OWASPs world Deliver quality products, of highest standard, usable by small and large companies Professionalize OWASP delivery More support for projects (both local and global) Maintain and Improve OWASPs brand Improve the quality of the web applications that we use everyday

5 OWASP AppSec Europe 2006 5 Today The current software / web development process is a mess No standards or Metrics Little understanding of the threats Small number of attacks create comfort zone Strong business model to reward Features and Performance Weak business model to reward security Server based code creates false sense of security due to very limited per-review Shoot the messenger practices (UKs Dan and US xyz guy) make it even worse

6 OWASP AppSec Europe 2006 6 Today II Strong awareness that something is wrong Weak awareness (and agreement) of what to do about it Security Industry is part of the problem (Snake Oil sellers and wild marketing claims) Too much money is being made today by security vendors (with the current insecure world) Market-Leaders are only marginally better than everybody else (or even less when adjusted for their market-share) Clients dont know what to ask for and how to commercially reward good vendors

7 OWASP AppSec Europe 2006 7 Today III Current Security Model is based on the: Lack of attackers (as in Quantity) Attackers skills Unsophisticated Malicious business Model (i.e. difficulty to monetize Digital Assets) Plenty of Low Hanging Fruit still available (Phishing, Spam, sale of Boot Nets, Identity Theft) Basically we are betting that the gradual security improvements that we are making everyday are bigger than the attacker's numbers, skills and business model

8 OWASP AppSec Europe 2006 8 Today IV What organizations need, is to be able to: develop, or maintain, or purchase applications that they can trust We need Assurance that Applications will: do what they are designed for are securely coded can be executed in secure Sandboxed environments will not dramatically increase the risk to our assets

9 OWASP AppSec Europe 2006 9 OWASPs new Vision Enabling organizations to develop, maintain, and purchase applications that they can trust Idea launched in OWASP AppSec Europe (May 2006) New wiki-based www.owasp.org website launched (May 2006) tons of new content (CLASP, old owasp.org website) much more to be added (Guide, etc..) Next steps will be to convert all OWASP Projects into this new vision Objective is to have all projects converted by next OWASP conference in the USA (Seattle-Oct 2006) Launch the OWASP member pack which contains everything that owasp has created to date (including special licenses for members)

10 OWASP AppSec Europe 2006 10 OWASPs world Documents / Guides OWASP Top Ten, OWASP Metrics, ISO 17799 Project, WASS Project, OWASP Process Project Practical Advice OWASP Guide, OWASP Testing Project Tools OWASP.Net stuff (SiteGenerator, ReportGenerator, ANBS, SAMSHE, DefApp, Beretta), WebGoat, WebScarab, Stinger Tons of Chapters around the world.... more about this tomorrow

11 OWASP AppSec Europe 2006 11 the next level... http://www.flickr.com/creativecommons/

12 OWASP AppSec Europe 2006 12 Dedicated Executive Director Andrew van der Stock OWASP Guide Project Leader Started Melbourne and Sydney chapters Sponsored by the National Australia Bank Will spend 12h (1,5 days) a week on OWASP projects Now OWASP Executive Director

13 OWASP AppSec Europe 2006 13 Andrews Responsibilities Helping projects and chapters succeed Helping projects and chapters succeed Membership & Funding Membership & Funding Assist with infrastructure (if required) Assist with infrastructure (if required) Future directions Future directions http://www.flickr.com/creativecommons/

14 OWASP AppSec Europe 2006 14 Andrews Key duties Implement decisions from owasp-leaders Help projects and chapters Continue to work on projects (Guide, etc) Defend OWASP Brand

15 OWASP AppSec Europe 2006 15 OWASP Infrastructure http://www.flickr.com/creativecommons/

16 OWASP AppSec Europe 2006 16 MediaWiki - new www.owasp.orgwww.owasp.org Its a Wiki Replaces current CMS Easier updates Scalable, relatively secure

17 OWASP AppSec Europe 2006 17 Blogs For all OWASP members WordPress 2.0

18 OWASP AppSec Europe 2006 18 Forums Existing forums dead UltimaBB Link from front page

19 OWASP AppSec Europe 2006 19 Downloads Finished products/versions moves to owasp.org Development remains at Sourceforge (supports CVS)

20 OWASP AppSec Europe 2006 20 Mail lists Two mail infrastructures: webappsec@securityfocus.com owasp-*@lists.sourceforge.net Need to bring this in house... eventually Will happen during 2006 / 2007

21 Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP AppSec Europe http://www.owasp.org/ May 2006 Questions

Download ppt "Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation."

Similar presentations

Time is of the Essence The Real Estate Industry has the opportunity to Take Back Its Future. Today, MLS is not the only way to gain exposure for listings.

Time is of the Essence The Real Estate Industry has the opportunity to Take Back Its Future. Today, MLS is not the only way to gain exposure for listings.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Enterprise and Industry Directorate-General Unit D1 Innovation Policy development European Commission Non-technological innovation and EU innovation policies.

Enterprise and Industry Directorate-General Unit D1 Innovation Policy development European Commission Non-technological innovation and EU innovation policies.
1 Leading the Learning Function September 14, 2009 Dr. Gretchen Van der Veer Director, Office of Leadership Development and Training Corporation for National.

1 Leading the Learning Function September 14, 2009 Dr. Gretchen Van der Veer Director, Office of Leadership Development and Training Corporation for National.
1 How To Research and Invest Online 8-5-10. 9 Investing Online The internet allows investors to access account information 24/7, initiate securities transactions.

1 How To Research and Invest Online Investing Online The internet allows investors to access account information 24/7, initiate securities transactions.
© 2006 Open Grid Forum INFOD-WG Status and Plans OGF21, Seattle, WA, USA

© 2006 Open Grid Forum INFOD-WG Status and Plans OGF21, Seattle, WA, USA
1 Understanding Web Project Management Build a better relationship with IT Christina Zeller InfoAction, Vancouver Public Library SLA NorthWest Regional.

1 Understanding Web Project Management Build a better relationship with IT Christina Zeller InfoAction, Vancouver Public Library SLA NorthWest Regional.
0 - 0.

0 - 0.
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
Addition Facts 1 - 20.

Addition Facts
Building a Mature Web 1 Foundation to Finishing Touches: Building a Mature Web from the Ground Up Dan Charles & Julie Wilson Tyson Foods, Inc.

Building a Mature Web 1 Foundation to Finishing Touches: Building a Mature Web from the Ground Up Dan Charles & Julie Wilson Tyson Foods, Inc.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Effective PR: the Power of Three Craig Coward Context Public Relations.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Effective PR: the Power of Three Craig Coward Context Public Relations.
Niagara Portal Introduction January 2007 Scott Muench - Technical Sales Manager.

Niagara Portal Introduction January 2007 Scott Muench - Technical Sales Manager.
Community Action Workshop Manual A Brief Tutorial Community Action Workshop Manual A Brief Tutorial Harmony Foundation of Canada.

Community Action Workshop Manual A Brief Tutorial Community Action Workshop Manual A Brief Tutorial Harmony Foundation of Canada.
Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.

Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.
© John Wallace 2013 1 Mobile and Online Banking Security John Wallace Consultant, Resources Global Professionals.

© John Wallace Mobile and Online Banking Security John Wallace Consultant, Resources Global Professionals.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© The Treasury 1 Better Business Cases “Investing for change” Overview.

© The Treasury 1 Better Business Cases “Investing for change” Overview.
OWASP Secure Coding Practices Quick Reference Guide

OWASP Secure Coding Practices Quick Reference Guide
Tools for Improving Competitiveness María De Los Ángeles Rivera, CPA – Partner, Kevane Grant Thornton Red de Mujeres Empresarias CCPR January 19, 2012.

Tools for Improving Competitiveness María De Los Ángeles Rivera, CPA – Partner, Kevane Grant Thornton Red de Mujeres Empresarias CCPR January 19, 2012.

Similar presentations

Ads by Google