Copyright © 2004 - The OWASP Foundation

Permission is granted to copy, distribute and/or modify this document

under the terms of the GNU Free Documentation License.

The OWASP Foundation

OWASP

http://www.owasp.org

OWASP 2.0 Update

Sebastien Deleersnyder

CISSP, BE Chapter Leader

Sep, 2006

sdl@ascure.com

OWASP 2

Agenda

<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects

OWASP 3

Agenda

<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects

OWASP 4

<Sponsors this evening:4 ING

<Co-organized with ISSA

<Call for additional sponsors4Chapter meeting places & catering4Support for local projects

<OWASP cannot recommend the use of products, services, or recommend specific companies

Introduction

OWASP 5

Program for this evening:

< 18h30 - 18h45: Sebastien Deleersnyder, BE Chapter LeaderOWASP 2.0 Update

< 18h45 - 19h00: Toon Mordijck, ISSAISSA Introduction

< 19h00 - 19h55: Serge Moreno, INGBusiness Application Security through Information Risk Management

< 19h55 - 20h05: Break

< 20h05 - 21h00:Guy Crets, ApogadoSecure and Reliable Web Services

OWASP 6

Agenda

<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects

OWASP 7

OWASP 2.0

<Open Web Application Security Project

<OWASP 2.0 New Manifesto:Enabling organizations to develop, maintain, and purchase applications that they can trust

<Non-profit, volunteer driven organization4All members are volunteers4All work is donated by sponsors

<OWASP 2.0 4MediaWiki driven: www.owasp.org4New OWASP Director: Andrew Van der Stock

OWASP 8

OWASP?

<Provide free resources to the community4Publications, Articles, Standards, e.g.

§ OWASP Top 10§ OWASP Guide§ Testing Guide

4Testing and Training Software, e.g.§ WebGoat§ WebScarab§ .NET Projects

4Local Chapters, Mailing Lists & Conferences<Dual license model:

4Open Source Licenses4Commercial License for Members

OWASP 9

OWASP Membership

<Using OWASP material?<Join us and become member!<Enable OWASP to continue to provide unbiased:

4Tools4Documentation4Conferences4Mailing Lists4…

www.owasp.org/about/membership.html

OWASP 10

Agenda

<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects

OWASP 11

Belgium Chapter - What do we have to offer?

<Quarterly Meetings<Mailing List<Presentations & Groups<Open forum for discussion<Meet fellow InfoSec professionals<Create (Web)AppSec awareness in Belgium<Local projects?

OWASP 12

Belgium Chapter – House Rules

<Free & open to everyone<Language

4English preferred4Native language: no problem!

<No vendor pitches or $ales presentations<Respect for different opinions<No flaming (including M$ bashing)

<1 CISSP CPE for each hour of OWASP chapter meeting<Sign Sheet & I’ll e-mail scan: you claim CPE credits

OWASP 13

OWASP Local Chapter Meetings 2006

<Next Meetings:

4Tuesday Nov 21 2006 - Brussels

<Program:

4Short OWASP intro

4Presentation on introduction topic

4Panel, workshop, round-table, … on more advanced

topic

<Topics:

4Call for input!

OWASP 14

Agenda

<Introduction<OWASP 2.0<Belgium Chapter<New OWASP Projects

OWASP 15

New OWASP Projects

<OWASP Autumn Of Code 20064financially sponsoring contributions4focused on completing existent OWASP Projects

<OWASP CLASP (Comprehensive, Lightweight Application Security Process) Project

<OWASP AJAX Security Project

OWASP 16

Updating old favorites

< OWASP Guide 3.0 PDF, book, and Wiki< Top 10 2007 Wiki Edition - need volunteers< Testing Guide 1.0 PDF and Wiki - need

volunteers

OWASP 17

OWASP Conference

<Next conference: OWASP AppSec Seattle 20064Seattle, Washington, US4Training Day: October 16th 4Main Conference: October 17-18 4Keynote Michael Howard from Microsoft on "The

Benefits of the SDL initiative to Microsoft and its Customers".

OWASP 18

That’s it…

<Any Questions?

http://www.owasp.org/index.php/Belgium

sdl@ascure.com

Thank you!

OWASP 19

Subscribe to BE Chapter mailing list

<Keep up to date!<Post your (Web)AppSec questions<Contribute to discussions!