80 likes | 101 Views
OWASP Backend Security Project. Carlo Pelliccioni Backend Security Project leader carlo.pelliccioni@gmail.com. Who am I. OWASP Italy active member OWASP Testing Guide v2.0 contributor OWASP Backend Security Project leader Penetration Tester @ Symantec
E N D
OWASP Backend Security Project • Carlo Pelliccioni • Backend Security Project leader • carlo.pelliccioni@gmail.com
Who am I • OWASP Italy active member • OWASP Testing Guide v2.0 contributor • OWASP Backend Security Project leader • Penetration Tester @ Symantec • Web Application Security trainer
Overview OWASP Backend Security Project is an OWASP project entirely dedicated to the core of the Web Applications. Several contributors (developers, system integrators and security testers) have contributed to achieve this important aim consisting in a beta quality guide composed by three sections oriented to the security field: Development, Hardening and Testing.
Objectives (1/2) The aim of this OWASP project is to create a new guide that could allow developers, administrators and testers to comprehend any parts of the security process about back-end components that directly communicate with the web applications as well as databases, ldaps, etc.. In this version (v1.0 beta) we were focalized to create new topics and collect the information on the OWASP wiki to reach the objectives defined during the first phase of the Summer of Code 2008.
Objectives (2/2) Overview Create a section with an introduction about the project (high-level description) explaining the main goals. Development Include the writings already existent in OWASP wiki concerning PHP,JAVA and ASP.NET and extend the projects' sections with new contents. Hardening Create new guidelines about the dbms hardening Testing Include the writings already existent in OWASP wiki about security testing. Create new articles about security testing.
Status and Future Steps • Beta Quality v1.0 (Summer of Code 2008) • Security development (new articles) Java – PHP – .NET • Security hardening (only DBMS in this version / new articles) Oracle – SQL Server – DB2 – MySQL – PostgreSQL • Security testing (several articles from Testing Guide v3.0 / new articles) DBMS Fingerprinting – Oracle – MySQL – PostgreSQL – LDAP • Release Quality v2.0 (Winter of Code 2009?) • Improve the existent sections. • Add new topics... ...some ideas?
Closing Contributors: • Daniele Bellucci • Erik Sonnleitner • Francesco Perna • Giuseppe Gottardi • Guido Landi • Guido Pederzini • Maurizio Agazzini • Massimo Biagiotti • Pasquale de Rinaldis Reviewers: • Esteban Ribičić • Josh Sweeney