9
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP http://www.owasp.org OWASP Overview Jeff Williams OWASP Chair [email protected]

OWASP Overview

Embed Size (px)

DESCRIPTION

OWASP Overview. Jeff Williams OWASP Chair [email protected]. Innocent Code. OWASP’s Mission. OWASP’s is dedicated to finding and fighting the causes of insecure software. The Market for Lemons. OWASP Goals. Widespread lack of understanding - PowerPoint PPT Presentation

Citation preview

Page 1: OWASP Overview

Copyright © 2004 - The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License.

The OWASP Foundation

OWASP

http://www.owasp.org

OWASP Overview

Jeff WilliamsOWASP [email protected]

Page 2: OWASP Overview

OWASP

Innocent Code

Page 3: OWASP Overview

OWASP

OWASP’s Mission

OWASP’s is dedicated to finding and fighting the causes of insecure software

Page 4: OWASP Overview

OWASP

The Market for Lemons

Page 5: OWASP Overview

OWASP

OWASP Goals

Widespread lack of understandingEstablish application security knowledgebase

Time lag for securing new technologiesConstructive security research

Assist companies to produce secure codeProcess, tools, guidance, standards

Page 6: OWASP Overview

OWASP

MediaWiki

Community platform Anyone can create an account and edit Strong review process

Page 7: OWASP Overview

OWASP

New Projects

Honeycomb project Java security project underway Ajax project – just starting with new leader Metrics project – new leader Validation project – new leader Testing guide II – alpha draft available Code review project – alpha draft available Summer of Code?

Page 8: OWASP Overview

OWASP

Project Honeycomb

Principle

ThreatVulnerability

Attack CountermeasureVulnerability

PrinciplePrinciple

CountermeasureCountermeasureCountermeasure

AttackAttackAttack

Page 9: OWASP Overview

OWASP

OWASP AppSec Conference Series

Mike Howard is going to do the keynote at OWASP AppSec Seattle 2006


OWASP Top 10 · OWASP Top 10 from a developer’s perspective John Wilander, OWASP/Omegapoint, IBWAS’10

OWASP Top 10 · OWASP Top 10 from a developer’s perspective John Wilander, OWASP/Omegapoint, IBWAS’10

Documents
OWASP (Membership) and new OWASP Projects · OWASP 7 OWASP

OWASP (Membership) and new OWASP Projects · OWASP 7 OWASP

Documents
The OWASP Foundation OWASP Chennai 2007 Phishing

The OWASP Foundation OWASP Chennai 2007 Phishing

Documents
OWASP Overview

OWASP Overview

Documents
OWASP Joomla! Vulnerability Scanner - OWASP-MY

OWASP Joomla! Vulnerability Scanner - OWASP-MY

Documents
OWASP BeLux 2007-05-10 OWASP Update · 2020-06-13 · OWASP 5 Program for this evening:

OWASP BeLux 2007-05-10 OWASP Update · 2020-06-13 · OWASP 5 Program for this evening:

Documents
Owasp Mosc2010 - Tour of Owasp Projects

Owasp Mosc2010 - Tour of Owasp Projects

Documents
Owasp Serbia overview

Owasp Serbia overview

Technology
Introduction to OWASP ZAP Overview ZAP.secure.expertsmind.com/attn_files/1357_Lab-Introduction_to_owasp_… · Introduction to OWASP ZAP Overview This lab walks you through using

Introduction to OWASP ZAP Overview ZAP.secure.expertsmind.com/attn_files/1357_Lab-Introduction_to_owasp_… · Introduction to OWASP ZAP Overview This lab walks you through using

Documents
The OWASP Foundation OWASP Belgium Chapter OWASP Update Sebastien Deleersnyder Foundation Board, Zenitel Belgium seba@owasp.org

The OWASP Foundation OWASP Belgium Chapter OWASP Update Sebastien Deleersnyder Foundation Board, Zenitel Belgium [email protected]

Documents
Getting benefits of OWASP ASVS at initial phases · •OWASP Testing Guide •OSSTMM •... OWASP ASVS •PCI DSS mapping •MITRE CWE •OWASP Top 10 •… 11 From PCI DSS to OWASP

Getting benefits of OWASP ASVS at initial phases · •OWASP Testing Guide •OSSTMM •... OWASP ASVS •PCI DSS mapping •MITRE CWE •OWASP Top 10 •… 11 From PCI DSS to OWASP

Documents
OWASP BeLux 2008-03-04 OWASP Update · 2020-05-18 · OWASP 5 Program for this evening:

OWASP BeLux 2008-03-04 OWASP Update · 2020-05-18 · OWASP 5 Program for this evening:

Documents
The OWASP Foundation OWASP Top 10 2010 Kuai Hinojosa Software Security Consultant at Cigital OWASP Global Education Committee OWASP

The OWASP Foundation OWASP Top 10 2010 Kuai Hinojosa Software Security Consultant at Cigital OWASP Global Education Committee OWASP

Documents
The OWASP Foundation OWASP Global Update Seba Deleersnyder OWASP Foundation Board Member

The OWASP Foundation OWASP Global Update Seba Deleersnyder OWASP Foundation Board Member

Documents
OWASP Broken Web Applications (OWASP BWA): Beyond 1.0

OWASP Broken Web Applications (OWASP BWA): Beyond 1.0

Documents
OWASP Day - OWASP Day - Lets secure!

OWASP Day - OWASP Day - Lets secure!

Internet
Owasp Top 10 - Owasp Pune Chapter - January 2008

Owasp Top 10 - Owasp Pune Chapter - January 2008

Technology
OWASP Belgium Chapter Meeting - Brussels - 8 May 2006 - 1 OWASP Update - Open … · 2006/5/8  · OWASP 8 OWASP?

OWASP Belgium Chapter Meeting - Brussels - 8 May 2006 - 1 OWASP Update - Open … · 2006/5/8  · OWASP 8 OWASP?

Documents
Web 2.0 and Web Services Security OWASP …...2007/06/05  · Web 2.0 and Web Services Security OWASP Houston June 5th, 2007 Overview • Introduction • Definition of Web 2.0 •

Web 2.0 and Web Services Security OWASP …...2007/06/05  · Web 2.0 and Web Services Security OWASP Houston June 5th, 2007 Overview • Introduction • Definition of Web 2.0 •

Documents
OWASP Product Requirement Recommendations Library Project Overview

OWASP Product Requirement Recommendations Library Project Overview

Technology
Nick Coblentz (Nick.Coblentz@gmail.com) OWASP CLASP Overview

Nick Coblentz ([email protected]) OWASP CLASP Overview

Documents
Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series

Proactive Web Application Defenses. Jim Manico @manicode – OWASP Volunteer Global OWASP Board Member Global OWASP Board Member OWASP Cheat-Sheet Series

Documents
OWASP TOP 10 vs OWASP ASVS - owasp-stl.orgowasp-stl.org/decks/Top10vsASVS.pdf · The OWASP Top Ten •The OWASP Top 10 provides a list of the 10 Most Critical Web Application Security

OWASP TOP 10 vs OWASP ASVS - owasp-stl.orgowasp-stl.org/decks/Top10vsASVS.pdf · The OWASP Top Ten •The OWASP Top 10 provides a list of the 10 Most Critical Web Application Security

Documents
What is OWASP OWASP Live CD Live Demo

What is OWASP OWASP Live CD Live Demo

Documents
OWASP Day IV•180 blog monitorati OWASP-Italy Day IV – 6th, Nov 09 OWASP 11 OWASP Top Ten

OWASP Day IV•180 blog monitorati OWASP-Italy Day IV – 6th, Nov 09 OWASP 11 OWASP Top Ten

Documents
Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid

Mobile security, OWASP Mobile Top 10, OWASP Seraphimdroid

Software
SAMM 2.0 - Changing the Role of App. Security...•Why OWASP SAMM? 4 •OWASP SAMM 2.0 Overview. Application Security Challenges • Software development experience is rare among information

SAMM 2.0 - Changing the Role of App. Security...•Why OWASP SAMM? 4 •OWASP SAMM 2.0 Overview. Application Security Challenges • Software development experience is rare among information

Documents
The OWASP Foundation OWASP AppSec Aguascalientes 2010 ¿Qué es OWASP? Miguel Pérez-Milicua Softtek Miembro de OWASP capítulo Aguacalientes

The OWASP Foundation OWASP AppSec Aguascalientes 2010 ¿Qué es OWASP? Miguel Pérez-Milicua Softtek Miembro de OWASP capítulo Aguacalientes

Documents
OWASP Testing Guide - OWASP Summit 2011

OWASP Testing Guide - OWASP Summit 2011

Documents
OWASP 2013 APPSEC USA Talk - OWASP ZAP

OWASP 2013 APPSEC USA Talk - OWASP ZAP

Technology