1. Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org Chapter Briefing OWASP Summit & AppSec DC 2009 Ralph Durkee Rochester OWASP VP

2. OWASP 2 Rochester OWASP Leadership Changes for our Chapter  Andrea Cogliati replaces Ralph Durkee as President  Ralph Durkee is now serving as Vice President Reasons for Change  Prevent overload for Ralph  Ralph founded Rochester chapter in 2004; time for new leadership  Andrea has already been heavily involved in leading the Chapter and attended the 2008 Summit

3. OWASP 3 OWASP Summit 2009  Wash. DC Nov 11th  Meeting of OWASP Leadership  Board  Global Committee Members  Chapter Leaders  OWASP Members  Review 2009 & Decide directions for 2010  2nd Summit, 1 st was Nov 2008 in Portugal

4. OWASP Agenda  Opening Remarks  Accomplishment since 2008  Membership & Board Candidates  Presentation and Q&A by each committees

5. OWASP OWASP Board Board Members (original):  Jeff Williams  Dinis Cruz  Dave Wichers  Tom Brennan  Sebastien Deleersnyder Board Members (added Nov 2009):  Eoin Keary  Matt Tesauro

6. OWASP OWASP Global Committees Global Committees:  Membership Committee  Project Committee  Chapter Committee  Conferences Committee  Education Committee  Industry Committee  Connections Committee

7. OWASP OWASP Summit Highlights  Each committee presented followed by plenty of Q&A, discussion and debate  Size of the OWASP Board increased to 7  Board candidates presented and held Q&A  Lively debate on OWASP Certification  Plenty of encouragement to increase involvement in committees and projects  Great networking with other OWASP Leaders

8. OWASP DC AppSec 2009 Highlights Jeff Williams spoke briefly on the state of Software Security  Broken market? - cited “The Market for Lemons” by George Akerlof  If buyers can’t see the difference, then only lemons will be sold.  Need radical innovative ideas to fix the market.  Not going to “hack our way secure”.  The OWASP mission is to make application security visible.

9. OWASP DC AppSec 2009 Highlights 2 OWASP ESAPI Web Application Firewall ???  ESAPI is Enterprise Security API  How does ESAPI become a Web App Firewall?  Virtual patching - API providers wrappers for vulnerable calls to provide security  Add flags, headers, authentication calls etc.  ESAPI has better coverage of the vulnerabilities then most WAF  Better Performance and Intelligence at the application layer.  Very affordable since it’s Free

10. OWASP DC AppSec 2009 Highlights 3  2010 OWASP Top 10 RC announced  Dave Wichers presented  Slides and Video are on-line  More Information  Slides and Videos of some presentations are recently on-line (Video was lost and recovered)  http://www.owasp.org/index.php/OWASP_AppSec_ DC_2009_Schedule#tab=Talks_11.2F12 http://www.owasp.org/index.php/OWASP_AppSec_ DC_2009_Schedule#tab=Talks_11.2F12  NoScript users - Need to have Javascript enabled from yahoooapis.com for the tabs to work. 

11. OWASP 11 That’s it…  Any questions or comments?  Presentation will be online: Thank you!