OWASP 2.0 Update · 9/14/2006 · ISSA Introduction
Transcript of OWASP 2.0 Update · 9/14/2006 · ISSA Introduction
Copyright © 2004 - The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License.
The OWASP Foundation
OWASP
http://www.owasp.org
OWASP 2.0 Update
Sebastien Deleersnyder
CISSP, BE Chapter Leader
Sep, 2006
OWASP 2
Agenda
<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects
OWASP 3
Agenda
<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects
OWASP 4
<Sponsors this evening:4 ING
<Co-organized with ISSA
<Call for additional sponsors4Chapter meeting places & catering4Support for local projects
<OWASP cannot recommend the use of products, services, or recommend specific companies
Introduction
OWASP 5
Program for this evening:
< 18h30 - 18h45: Sebastien Deleersnyder, BE Chapter LeaderOWASP 2.0 Update
< 18h45 - 19h00: Toon Mordijck, ISSAISSA Introduction
< 19h00 - 19h55: Serge Moreno, INGBusiness Application Security through Information Risk Management
< 19h55 - 20h05: Break
< 20h05 - 21h00:Guy Crets, ApogadoSecure and Reliable Web Services
OWASP 6
Agenda
<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects
OWASP 7
OWASP 2.0
<Open Web Application Security Project
<OWASP 2.0 New Manifesto:Enabling organizations to develop, maintain, and purchase applications that they can trust
<Non-profit, volunteer driven organization4All members are volunteers4All work is donated by sponsors
<OWASP 2.0 4MediaWiki driven: www.owasp.org4New OWASP Director: Andrew Van der Stock
OWASP 8
OWASP?
<Provide free resources to the community4Publications, Articles, Standards, e.g.
§ OWASP Top 10§ OWASP Guide§ Testing Guide
4Testing and Training Software, e.g.§ WebGoat§ WebScarab§ .NET Projects
4Local Chapters, Mailing Lists & Conferences<Dual license model:
4Open Source Licenses4Commercial License for Members
OWASP 9
OWASP Membership
<Using OWASP material?<Join us and become member!<Enable OWASP to continue to provide unbiased:
4Tools4Documentation4Conferences4Mailing Lists4…
www.owasp.org/about/membership.html
OWASP 10
Agenda
<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects
OWASP 11
Belgium Chapter - What do we have to offer?
<Quarterly Meetings<Mailing List<Presentations & Groups<Open forum for discussion<Meet fellow InfoSec professionals<Create (Web)AppSec awareness in Belgium<Local projects?
OWASP 12
Belgium Chapter – House Rules
<Free & open to everyone<Language
4English preferred4Native language: no problem!
<No vendor pitches or $ales presentations<Respect for different opinions<No flaming (including M$ bashing)
<1 CISSP CPE for each hour of OWASP chapter meeting<Sign Sheet & I’ll e-mail scan: you claim CPE credits
OWASP 13
OWASP Local Chapter Meetings 2006
<Next Meetings:
4Tuesday Nov 21 2006 - Brussels
<Program:
4Short OWASP intro
4Presentation on introduction topic
4Panel, workshop, round-table, … on more advanced
topic
<Topics:
4Call for input!
OWASP 14
Agenda
<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects
OWASP 15
New OWASP Projects
<OWASP Autumn Of Code 20064financially sponsoring contributions4focused on completing existent OWASP Projects
<OWASP CLASP (Comprehensive, Lightweight Application Security Process) Project
<OWASP AJAX Security Project
OWASP 16
Updating old favorites
< OWASP Guide 3.0 PDF, book, and Wiki< Top 10 2007 Wiki Edition - need volunteers< Testing Guide 1.0 PDF and Wiki - need
volunteers
OWASP 17
OWASP Conference
<Next conference: OWASP AppSec Seattle 20064Seattle, Washington, US4Training Day: October 16th 4Main Conference: October 17-18 4Keynote Michael Howard from Microsoft on "The
Benefits of the SDL initiative to Microsoft and its Customers".
OWASP 18
That’s it…
<Any Questions?
http://www.owasp.org/index.php/Belgium
Thank you!
OWASP 19
Subscribe to BE Chapter mailing list
<Keep up to date!<Post your (Web)AppSec questions<Contribute to discussions!