Download presentation
Presentation is loading. Please wait.
1
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP AppSec June 2004 NYC http://www.owasp.org Welcome to AppSec2004 Mark Curphey, OWASP Founder Director of Software Security Foundstone mark.curphey@foundstone.com
2
OWASP AppSec 2004 2 House Rules and Logistics Be Interactive, Ask Questions Absolutely No Cell Phones, No Loud Talking Be Courteous Fire Exits Restrooms Catering Enjoy, Socialize and Learn!
3
OWASP AppSec 2004 3 Agenda House Rules and Logistics OWASP Yesterday, Today and Tomorrow Mission Impossible? The Way We Work The Good, the Bad and The Ugly Future Highlights Thanks Speaker Introductions Beer Tonight
4
OWASP AppSec 2004 4 OWASP Yesterday, Today and Tomorrow Yesterday Market Maturity, FUD, Lack of Information Concept and Initial Project No Formal Mission, No Resources, No Funding Volunteer Best Efforts Today 40 Active Participants Global Participation Increasing Respect and Interest OWASP Board of Advisors OWASP Foundation, New Chair, Organization Tomorrow Increased Corporate and Community Participation oPortal Conferences Outreach Chapters Quality not Quantity Holistic and Synergistic Projects Funding?
5
OWASP AppSec 2004 5 Mission Impossible? Balancing Corporate Security & The Open Source Community Balancing Accessibility & Capability Balancing Employers Needs & OWASP Needs
6
OWASP AppSec 2004 6 The Way We Work Licensing, Copyright and Ownership GPL and the Future Copyright (FSF) Meritocracy OWASP Leaders Board of Advisors Volunteer Best Efforts Community Collaboration Project Structure Project Leads OWASP Foundation Not for Profit
7
OWASP AppSec 2004 7 The Good the Bad and the Ugly Running an Open Source Project Utopian Dream? Great People (come and go) Priorities Differ Motivation Differ and Change People Want Free Stuff But Free Stuff Costs Money and Takes Time The CSO Who Was Running OWASP Vendor Sales Story Top Ten and the FTC Tech TV, CNN.com etc The Man Who Stole Our Servers OWASP Itself The Projects The Community Respect The Enthusiasm
8
OWASP AppSec 2004 8 Metrics and Measurement oPortal CMS Personalization Blogs Surveys ISO 17799 Guide Version 2.0 Testing Project Berretta Open Source Commercial Quality Web App Scanner C# ASP.NET New Development Model Future Highlights
9
OWASP AppSec 2004 9 High Level Architecture design Developer, Website administrator or PenTester Beretta administrator Discovery Engine Platform Vulnerabilities Dynamic Vulnerabilities Beretta Configuration GUI Session GUI Reporting Beretta_Kernel.DLL XML file access and Parsing Configuration Settings Timer and Scheduling..Task Assignment.Session Management RAW TCP/IP packet creation and management Exposed Classes Bereta_Execution Web Service INTERNET Web Application to test XML Database OASIS WAS
10
OWASP AppSec 2004 10 Thanks Attendees Those that Can’t Make It Adrian Wiessmann Ingo Struck David Endler Dennis Groves Steve Taylor Bill Hau OWASP Contributors Those That Are Here OWASP Leaders and Participants MVCO - Stan Guzik MVSE – Carric Dooley Sponsors Fidelity Teros NetScaler Imperva Yuval Ben-Itzak Stevens Institute
11
OWASP AppSec 2004 11 Speaker Introductions Denis Verdon - Fidelity National Financial Mark Curphey – Foundstone Jeff Williams – CEO, Aspect Security Jack Danahy – Ounce Labs Stan Guzik – Immediatech Bruce Mayhew – Aspect Security Dave Aitel – Immunity Security Dinis Cruz – DDPlus David Raphael / Ben Poweski – Citadel George Capehart – Capehart Associates Kartik Trivedi – Foundstone Andreas Fuchsberger – Royal Holloway, University of London
12
OWASP AppSec 2004 12 Beer Tonight Location Luna Park North end of Union Square Park (Flatiron/Gramercy/Union Square) 17th St. between Broadway and Park Ave. So. 212-475-8464 Time 8pm Onwards URL http://newyorkmetro.com/pages/details/420 9.htm http://newyorkmetro.com/pages/details/420 9.htm
Similar presentations
