Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2009 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Published byCorey Abby Modified over 10 years ago

Similar presentations

Presentation on theme: "Copyright © 2009 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation."— Presentation transcript:

1 Copyright © 2009 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation Antonio FONTES (antonio.fontes@owasp.org)antonio.fontes@owasp.org Chapter Leader - Geneva http://www.owasp.org OWASP Geneva – Spring 09 meeting April 23rd. 2009

2 2009 - A.Fontes / OWASP Who am I?  8 years developer experience  5 years infosec/appsec experience (CSSI 2004 ;)  Lead Application Security Program,  New Access SA, Geneva – Switzerland  OWASP Geneva chapter founder  CWE Top 25 Programming Errors contributor  Monblog.ch founder and architect  Free swiss community blogging platform  > 13mio. pageviews/monthly

3 2009 - A.Fontes / OWASP Agenda  OWASP Foundation  OWASP Projects  Tonight’s meeting

4 2009 - A.Fontes / OWASP The OWASP foundation  Open Web Application Security Project  International, non-profit organization  Funding:  Volunteers time  OWASP memberships and sponsors  OWASP conference fees  Participation and projects are free and open to everyone.

5 2009 - A.Fontes / OWASP OWASP Mission “Enabling organizations to develop, purchase, and maintain applications that can be trusted.”

6 2009 - A.Fontes / OWASP OWASP Community Documentation projects (wiki & books) Top 10, Code review, Testing, Building, Legal, … Code projects Defensive, offensive (testing) tools, Education, processes, … Chapters Over 130 chapters worldwide and growing Conferences Major and minor events around the world

7 2009 - A.Fontes / OWASP www.owasp.org

8 2009 - A.Fontes / OWASP 130+ Chapters worldwide

9 2009 - A.Fontes / OWASP OWASP Conferences NYC Sep 2008 NYC Sep 2008 San Jose? Sep 2009 San Jose? Sep 2009 Brussels May 2008 Brussels May 2008 Poland May 2009 Poland May 2009 Taiwan Oct 2008 Taiwan Oct 2008 Portugal Nov 2008 Portugal Nov 2008 Israel Sep 2008 Israel Sep 2008 India Aug 2008 India Aug 2008 Gold Coast Feb 2008 +2009 Gold Coast Feb 2008 +2009 Minnesot a Oct 2008 Minnesot a Oct 2008 Denver Spring 2009 Denver Spring 2009 Germany Nov 2008 Germany Nov 2008

10 2009 - A.Fontes / OWASP OWASP Conferences  Next:  11 th -14 th May 09: Krakow, Poland (Appsec Europe)  June 09: Dublin (Appsec)  Oct. 09: Washington D.C. (Appsec USA)

11 2009 - A.Fontes / OWASP OWASP EU Summit  2009 Focus  80+ application security experts from 20+ countries during one week  A fantastic and high standing SPA right at the beach!  New projects:  outreach program: technology vendors, framework providers, and standards bodies  educational program: new program to provide free one- day seminars at universities and developer conferences worldwide  new global committee structure: education, chapters, conferences, industry, projects and tools, membership  Actually, we didn't have time to go the beach...once in the week!  And...a new local chapter was created.

12 2009 - A.Fontes / OWASP Agenda  OWASP Foundation  OWASP Projects  Tonight’s meeting

13 2009 - A.Fontes / OWASP OWASP Top 10  The Ten Most Critical Web Application Security Vulnerabilities  Current: 2007 Release  2009 release in progress  A reference, but not a standard (yet?)

14 2009 - A.Fontes / OWASP Big 4 (not to be confused with…) Building Guide Code Review Guide Testing Guide Application Security Desk Reference (ASDR)

15 2009 - A.Fontes / OWASP Education: Webgoat

16 2009 - A.Fontes / OWASP Testing: Webscarab

17 2009 - A.Fontes / OWASP Custom Enterprise Web Application Enterprise Security API Authenticator User AccessController AccessReferenceMap Validator Encoder HTTPUtilities Encryptor EncryptedProperties Randomizer Exception Handling Logger IntrusionDetector SecurityConfiguration Reference libraries: OWASP ESAPI Existing Enterprise Security Services/Libraries

18 2009 - A.Fontes / OWASP Methods and processes: CLASP  Comprehensive, Lightweight Application Security Process  Centered around 7 AppSec Best Practices  Prescriptive and Proactive  Covers the entire software lifecycle (not just for developers)  Adaptable to any development process  CLASP defines roles across the SDLC  24 role-based process components  You can start small

19 2009 - A.Fontes / OWASP Quality and coaching: Seasons of Code

20 2009 - A.Fontes / OWASP Deliverables  OWASP.NET Project  OWASP ASDR Project  OWASP AntiSamy Project  OWASP AppSec FAQ Project  OWASP Application Security Assessment Standards Project  OWASP Application Security Metrics Project  OWASP Application Security Requirements Project  OWASP CAL9000 Project  OWASP CLASP Project  OWASP CSRFGuard Project  OWASP CSRFTester Project  OWASP Career Development Project  OWASP Certification Criteria Project  OWASP Certification Project  OWASP Code Review Project  OWASP Communications Project  OWASP DirBuster Project  OWASP Education Project  OWASP Encoding Project  OWASP Enterprise Security API  OWASP Flash Security Project  OWASP Guide Project  OWASP Honeycomb Project  OWASP Insecure Web App Project  OWASP Interceptor Project  OWASP JBroFuzz  OWASP Java Project  OWASP LAPSE Project  OWASP Legal Project  OWASP Live CD Project  OWASP Logging Project  OWASP Orizon Project  OWASP PHP Project  OWASP Pantera Web Assessment Studio Project  OWASP SASAP Project  OWASP SQLiX Project  OWASP SWAAT Project  OWASP Sprajax Project  OWASP Testing Project  OWASP Tools Project  OWASP Top Ten Project  OWASP Validation Project  OWASP WASS Project  OWASP WSFuzzer Project  OWASP Web Services Security Project  OWASP WebGoat Project  OWASP WebScarab Project  OWASP XML Security Gateway Evaluation Criteria Project  OWASP on the Move Project

21 2009 - A.Fontes / OWASP Agenda  OWASP Foundation  OWASP Projects  Tonight’s meeting

22 2009 - A.Fontes / OWASP Who is sitting (or standing) in this room?

23 2009 - A.Fontes / OWASP Audience (1/3)

24 2009 - A.Fontes / OWASP Audience (2/3)

25 2009 - A.Fontes / OWASP Audience 3/3

26 2009 - A.Fontes / OWASP Agenda  18h00: Accueil  18h15: OWASP Top 10 Sebastien Gioria, Chapter Leader - OWASP France  19h05: Pause (5 minutes)  19h10: La sécurité dans le cycle de vie développement d’une application web: de la théorie à la pratique Gilbert K. Agopome (CISSP, CSSI 2004, CISA)  20h00: Cocktail offert par HEC Genève  21h00: Fin de la manifestation

27 2009 - A.Fontes / OWASP Geneva’s Chapter and you  Next meeting: June 2009 (well, will try…)  Join the list!  Post your (Web)AppSec questions  Keep up to date  Contribute to discussions  Become an OWASP member!  Or even a sponsor (told you!)

28 2009 - A.Fontes / OWASP THANK YOU!  http://www.owasp.org http://www.owasp.org  http://www.owasp.org/index.php/Geneva antonio.fontes@owasp.org http://www.owasp.org/index.php/Geneva antonio.fontes@owasp.org Tonight’s sponsors:

29 2009 - A.Fontes / OWASP Copyright notice: Some pictures and content included in this presentation are copied from the document : « OWASP Germany 2008 Conference », by Sebastien Deleersnyder http://www.owasp.org/index.php/Image:Germany_2008_Conference_OWASP_Introduction_v1.pptx Other content and pictures included in this presentation are free for reuse except slide number 2 (my bio) : don’t change it or remove it, please. Thank you. - AF

Download ppt "Copyright © 2009 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation."

Similar presentations

Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
© 2011 - S.Gioria OWASP Training Paris – France 26 Avril 2011 Copyright © 2009 - The OWASP Foundation Permission is granted to copy, distribute and/or.

© S.Gioria OWASP Training Paris – France 26 Avril 2011 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or.
Summit 2011 Outcomes PRESENTED BY __________. About the Summit Over 180 application security experts from over 120 companies, 30 different countries,

Summit 2011 Outcomes PRESENTED BY __________. About the Summit Over 180 application security experts from over 120 companies, 30 different countries,
OWASP Overview Germany 2008 Conference

OWASP Overview Germany 2008 Conference
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2008 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2009 - The OWASP Foundation This work is available under the Creative Commons SA 3.0 license The OWASP Foundation OWASP

Copyright © The OWASP Foundation This work is available under the Creative Commons SA 3.0 license The OWASP Foundation OWASP
What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.

What is OWASP OWASP Live CD Live Demo Omar Sherin-OWASP Egypt.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Setting up a Secure Development Life Cycle with OWASP Seba Deleersnyder OWASP Foundation Board.

The OWASP Foundation Setting up a Secure Development Life Cycle with OWASP Seba Deleersnyder OWASP Foundation Board.
Copyright © 2010 - The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP BeNeLux 2010

Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP BeNeLux 2010
10 Steps To Agile Development Without Compromising Enterprise Security

10 Steps To Agile Development Without Compromising Enterprise Security
OWASP - Where we are… where we are going

OWASP - Where we are… where we are going
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Similar presentations

Ads by Google