Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Published byReginald Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike."— Presentation transcript:

1 Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/ The OWASP Foundation OWASP & WASC AppSec 2007 Conference San Jose – Nov 2007 http://www.owasp.org/ http://www.webappsec.org/ OWASP State of the Union Dinis Cruz Chief OWASP Evangelist Director of Advanced Technologies (Ounce Labs) dinis.cruz@owasp.net

2 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 2 OWASP Mission  Open source non-profit charitable foundation dedicated to enabling organizations so they can develop, maintain, and acquire software they can trust  Making Security Visible  Through…  Documentation  Top Ten, Dev. Guide, Design Guide, Testing Guide, …  Tools  WebGoat, WebScarab, Site Generator, Report Generator, ESAPI, CSRF Guard, CSRF Tester, Stinger, Pantera, …  Working Groups  Browser Security, Industry Sectors, Access Control (XACML), Education, Mobile Phone Security, Preventive Security, OWASP SDL, OWASP Governance, RIA  Security Community and Awareness  Local Chapters, Conferences, Tutorials, Mailing Lists

3 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Some OWASP Growth Stats  One year ago (Oct 2006), we had  about 75 local chapters  about 15 corporate sponsors  about 180K page views / month at OWASP.org  and finally a little bit of money. About $88K  Now (Nov 2007), we have  over 100 local chapters  over 30 corporate sponsors  about 360K page views / month at OWASP.org  prior to this conference we had about $298K  Of which $80K is pledged to the completion of the 2007 Spring of Code projects 3

4 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Chapters 4

5 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Wiki  Let’s deface it!  Anybody can edit it  Maximum empowerment  We DO monitor changes :)

6 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Board  OWASP Board members:  Jeff Williams: Chair, Wiki, Management  Dave Wichers: Conferences, Financials  Tom Brennan : OWASP Governance  Sebastien Deleersnyder : OWASP Chapters and Projects  Dinis Cruz: Firehose of Ideas and Money spender  OWASP Board ‘power’  OWASP Financials (where does the money goes to),  leadership assignment,  conferences locations,  WIKI home page,  bank account details :)  The rest is ‘soft power’  i.e. we have it until we screw up 6

7 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP our First Employee  Alison McNamee  Starts Nov 26 th  Working in OWASP Foundation office in Columbia, MD  Perform Administrative Duties such as  Assist OWASP Members  Assist OWASP Project and Chapter Leads  Help organize and manage OWASP conferences – Yeah!!  Manage OWASP corporate and individual memberships  OWASP financial management  OWASP correspondence  etc. 7

8 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 How OWASP Works  Q: Do you have a project on XYZ at OWASP?  A: Nope, do you want to do it?  Q: Why don’t you do XYZ at OWASP?  A: Nope, do you want to do it?  Q: Is there an OWASP chapter at XYZ?  A: Nope, do you want to do start one?  Q: The project/chapter XYZ is dead!!!  A: Ok, do you want to take over its leadership?  Q: What is the deal with the OWASP Band?  A: Apart from the lack of Venue & Instruments we have everything, so can you get us and Venue and some Instruments? 8

9 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Structure  OWASP Board  OWASP leaders (Tools, Chapters & Working Groups)  OWASP Members  Subscribers to mailing lists  Anonymous consumers 9

10 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Financials  See word doc 10

11 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 What has OWASP ever done for me?  Great community of like minded colleagues  Several good new friends  Knowledge  Place to ‘dump’ my research  Speaking slots at conferences  Generate 100% of my contract work for the past 3 years 11  Increase my ‘employability’ and daily rate  Allow me to have the following contracting model:  1 major contract for 20 days per month (with commitment of only 10 days per month (ABN AMRO, Ounce Labs)  Multiple smaller contracts (5 to 15 days) on very interesting and challenging projects

12 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 SpoC 007 - OWASP Spring of Code 2007  26 projects sponsored @ $125,000 USD  15 projects made strong to amazing deliveries  OWASP Education Project (PPTs for community use)  Code Review Guide  OWASP Top 10 - Ruby on Rails version  Attacks refresh (Wiki data consolidation)  OWASP Evaluation and Certification criteria  OWASP Scholastic Project (using OWASP at academia)  SpoC project management (we now know how to do it :) )  5 projects are in the final stages  6 projects were canceled  Final amount sponsored: $103,500 USD 12

13 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 WoC 08 - OWASP Winter of Code 2008  $100,000 initial budget (from OWASP)  $200,000 proposed target (all OWASP membership fees received from now till 10th of January will be added to this pot)  New members are invited to allocated their fees to projects, working groups or chapters they are interested in  Paulo Coimbra (Spoc project manager) will run it:  December 15: Request for proposals  January 15: Results announcement  30 may: WoC ends 13

14 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Books  We now have the ability to publish books from Pdfs :)  Thanks to lulu.com we got 10 books printed in time for this conference  See our store at http://stores.owasp.orghttp://stores.owasp.org  All books are provided with NO MARGIN for OWASP (i.e. at cost)  We ask everybody that buys a book to distribute it after reading it (these are VIRAL books) 14

15 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Working Groups  Browser Security: Robert R'Snake, Petkov Pdb  Industry Sectors: Tom Brennan  Access Control (XACML): Gunner peterson  Education: Sebastien Deleersnyder  Mobile Phone Security: Corey Benninger  Preventive Security: Dinis Cruz  OWASP SDL: Pravir Chandra  OWASP Governance: Tom Brennan  Some ideas for other OWASP working groups:  RIA Frameworks, Open Source solutions, Commercial vendors solutions, Evaluation & Certification, Privacy 15

16 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Membership  Apart from the ‘free’ OWASP Member packs, there is NOTHING that the member gets that it doesn’t already have (i.e. all OWASP materials and participation are available to everybody (members and non members))  Ability to allocate their membership fees to projects, working groups or chapters they are interested in  Ability to vote of specific OWASP governance issues (Tom to figure this out)  Makes a public statement of support to OWASP 16

17 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Member Pack  Members on the $100 - $2000 membership fee wil receive:  OWASP Member pack A (3-6 books, 1 shirt, DVD)  2 x DVDs with OWASP Conference proceedings  Members on the $3000 - $5000 membership fee wil receive:  OWASP Member pack B (10-20 books, 2 shirt, DVD, USB stick)  2 x DVDs with OWASP Conference proceedings  1 free training course and conference attendance  Members on the $3000 - $5000 membership fee wil receive:  OWASP Member pack B (10-20 books, 2 shirt, DVD, USB stick)  2 x DVDs with OWASP Conference procedings  2 free training course and conference attendance 17

18 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 18 OWASP Corporate Members

19 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Local Chapter Finances - OWASP Points  Every Chapter will receive $30 per local individual OWASP Member  This money can only be spent on ‘centrally’ defined items, currently: Books and OotM credits (OWASP on the Move)  Financial management system needed (Google Checkout?) 19

20 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP leader requirements  Identity is identified  Provides address and contact details  Agrees with OWASP Code of Conduct and values  Commits to action plan for the next 12 months  Becomes an OWASP Member (fee payment is optional) 20

21 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 21 Some OWASP Conference Stats  1 st OWASP AppSec Conference (2004 NY) - ~100 people on a weekend  2 nd OWASP AppSec Conference (2005 London) ~100 on a weekend  3 rd OWASP AppSec Conference (2005 D.C.)  About 175 Attendees plus 40 people in first tutorial  4 th OWASP AppSec Conference (2006 Brussels)  About 125 with 40 people in two tutorials plus refereed papers track  5 th OWASP AppSec Conference (2006 Seattle)  About 180 attendees with 115 in three tutorials!  6 th OWASP AppSec Conference (2007 Milan)  About 140 attendees, 40 people in 3 tutorials plus refereed papers track  OWASP Taiwan Conference (2007 Taiwan)  About 600 attendees for half day free conference!!  2007 OWASP & WASC AppSec Conference (2007 San Jose)  About 260 attendees with 80 people in six 2-day tutorials  First Tech Expo: Sold out with 10 vendors participating

22 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 22 Plans for Next Year (2008)  2008 OWASP Australia AppSec Conference  Gold Coast – March 29-31 – 1-day tutorials, 2-day conference  2008 OWASP AppSec Europe Conference  Brussels – May 19-22, 2008  Refereed papers track, Vendor Expo  Two day Tutorials – two day conference  2008 OWASP AppSec Taiwan Conference - ??  2008 OWASP AppSec U.S. Conference  New York City, Oct. 2007  Refereed papers track, Vendor Expo, Lots of tutorials  Capture the flag event?

23 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Rules of engagement for Conference Training  Application is open to everybody  Each trainer gets paid $2000 per training day + travel (minimum 5 students)  Rest of fees goes to OWASP  Class feedback to determine future deliveries  Next conferences are in Belgium and NYC 23

24 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP @ Other conferences  Namely developer conferences  OWASP will organize one ‘web security track’  Have a stand in the expo  Sell (or give away) books 24

25 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 OWASP Open Source project Sponsorship  ‘no strings attached’ $1000 USD to Open Source projects valuable to the OWASP community  Results  Nmap  Mod Security (Ivan)  Firebug  Burp Proxy  Nikto  Httrack  Tamperdata  WebDeveloper  ACEGI (for Spring Framework)  Find bugs 25

26 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Degree of 0wnage  If every one of these 10 apps has a backdoor, how many times will you (and your assets (and pentest results)) be 0wned?  Nmap  Mod Security (Ivan)  Firebug  Burp Proxy  Nikto  Httrack  Tamperdata  WebDeveloper  ACEGI (for Spring Framework)  Find bugs 26

27 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Coming soon to a printer closer to you The Blob of Trust!!!!!!! 27

28 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Results of ‘Questions to OWASP Leaders’ 1/2 1.A certifying and CBK type pseudo-company like (ISC)2? NO!!!! (just about everybody) ‘ OWASP is a huge success by any measure. I don't think the organizationis broken and don't think it makes sense to turn it into a 'certifying'organization. Think about that. OWASP would need fulltime employees topush paperwork? The current system of voluntary association has led tothe projects and chapters and success that OWASP is. Why fix what ain'tbroke? ’, Anam Munter 2.An open source project organized along the lines of Debian, Apache, or a similar group that owns a set of projects? ‘ YES ’, NYNJMetro chapter(and 90% of the answers) ‘ Apache Foundation is a good example but also we believe OWASP should not turn into a software development based organization. ’ Turkey chapter 3.Does OWASP want to certify apps, testers, both or none? (I've seen all POV advocated) ‘ Certify them as what? "Secure? ” ‘ Adam Munter 28

29 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Results of ‘Questions to OWASP Leaders’ 2/2 1.Who will be required to pay what kind of dues, if any? People who use OWASP materials should pay (i.e. become members) and active leaders should NOT be required to pay, daniel.cuthbert 2.How formal of an organization will OWASP become? Some increase in formality is perhaps needed to increase visibility. Independence and openess should be retained., Helsinki, Finland 3.Is the status quo preferable to the proposed change? While I like many of the ideas raised, I think that OWASP is doing well and progressing, so whatever we do change must be evolutionary rather than revolutionary ’, Ofer Shezaf 29

30 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Non Active Chapters (new leaders needed)  Brisbane  Panama  Sydney  Argentina  Manila  Austria  BostonFinancialDist  Charlotte  Chile  Denmark  Hyderabad  Kerala  Kolkata  Madison  Mexico_City  Ohio  Omaha  Pakistan  Pittsburgh  Riyadh  Tokyo  Winnipeg 30

31 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Non Active Projects  OWASP_Logging_Project  OWASP_Insecure_Web_App_Project  OWASP_CAL9000_Project  OWASP_Legal_Project  OWASP_Application_Security_Metrics_Project  OWASP_Career_Development_Project  OWASP_SQLiX_Project  OWASP_WASS_Project  OWASP_AppSec_FAQ_Project 31

32 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 32 Please Give Us Your Feedback  Tutorials?  More diversity?  What other topics are you interested in?  Quarterly regional OWASP training events?  Presentations?  More tracks?  Longer conference?  Panels?  Other Activities?  OWASP tool demo’s?  Capture the flag?  Product comparisons? (think UL testing/Consumer Reports)  Send to conferences@owasp.orgconferences@owasp.org

33 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 33 Please Help OWASP Grow  As contributors  OWASP Chapter Leaders  OWASP Project Leaders and Participants  Season of Code Participants (paid projects!)  OWASP Conference Committee  Stub articles – wiki contributions  New technologies to analyze  As members  Corporate Members  Individual Members  Please join us and share what you know!

34 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Final OWASP event: Golf tournament  Next Saturday 17th November  In San Jose  Winner gets an OWASP Sweat Shirt and public kudos  18 Holes  Let me know if you are interested 34

35 OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007 Thanks & Questions? 35

Download ppt "Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike."

Similar presentations

Orientation for New Regional Directors Official presentation of the Student National Medical Association Board-approved April 2006.

Orientation for New Regional Directors Official presentation of the Student National Medical Association Board-approved April 2006.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Student Experiences Fund Empowering extracurricular activities HASKAYNE SCHOOL OF BUSINESS.

Student Experiences Fund Empowering extracurricular activities HASKAYNE SCHOOL OF BUSINESS.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 Chapter Officer Roles & Responsibilities. 2 Chapter Officers/Leadership Team Serving on the Chapter Leadership Team is a privilege as well as a responsibility.

1 Chapter Officer Roles & Responsibilities. 2 Chapter Officers/Leadership Team Serving on the Chapter Leadership Team is a privilege as well as a responsibility.
COMPLIANCE & AWARDS MATRIX Robin Fenton, SCTE, Director of Chapter Support.

COMPLIANCE & AWARDS MATRIX Robin Fenton, SCTE, Director of Chapter Support.
November 2000 ©Max Haroon Slide 1 The Society of Internet Professional (SIP) Embrace opportunities for success Opening a Chapter in your City.

November 2000 ©Max Haroon Slide 1 The Society of Internet Professional (SIP) Embrace opportunities for success Opening a Chapter in your City.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Certification Benefits and Maintenance Presented To: APICS Chicago Chapter June 17, 2003 Presented By: Ron Althaus,CFPIM,CIRM,C.P.M.

Certification Benefits and Maintenance Presented To: APICS Chicago Chapter June 17, 2003 Presented By: Ron Althaus,CFPIM,CIRM,C.P.M.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
The OWASP Foundation AppSecEU11 Where we are.. Where we are going Tom Brennan, Eoin Keary, Seba Deleersnyder, Dave Wichers, Jeff Williams,

The OWASP Foundation AppSecEU11 Where we are.. Where we are going Tom Brennan, Eoin Keary, Seba Deleersnyder, Dave Wichers, Jeff Williams,
Copyright 2008 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2008 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Understanding the role of Congregational Coordinator Teams 2005 update and review.

Understanding the role of Congregational Coordinator Teams 2005 update and review.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Mission - To serve our members by delivering relevant technology and leadership education, research and information on current business and technology.

Mission - To serve our members by delivering relevant technology and leadership education, research and information on current business and technology.
WELCOME TO Volunteer Orientation Webinar. Webinar Agenda  TCHRA Member Benefits  TCHRA Volunteer Benefits  About TCHRA  Resources and Tools 2.

WELCOME TO Volunteer Orientation Webinar. Webinar Agenda  TCHRA Member Benefits  TCHRA Volunteer Benefits  About TCHRA  Resources and Tools 2.
The OWASP Foundation OWASP The Open Web Application Security Project Join the application security community for free, unbiased, open.

The OWASP Foundation OWASP The Open Web Application Security Project Join the application security community for free, unbiased, open.
Copyright © 2009 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Similar presentations

Ads by Google