60 likes | 159 Views
OWASP. 77 WorldWide Chapters * Argentina * Atlanta * Austin * Austria * Bangalore * Belgium * Boston * Brazil * Brisbane * Buffalo * Charlotte * Chennai * Chicago * Chile * Cleveland * Colombia * Delhi * Denmark * Denver * Edmonton * Germany * Greece
E N D
OWASP 77 WorldWide Chapters * Argentina * Atlanta * Austin * Austria * Bangalore * Belgium * Boston * Brazil * Brisbane * Buffalo * Charlotte * Chennai * Chicago * Chile * Cleveland * Colombia * Delhi * Denmark * Denver * Edmonton * Germany * Greece * Hong Kong * Hyderabad * Ireland * Israel * Italy * Kansas City * Kerala * Kolkata * London * Luxemburg * Madison * Malaysia * Manila * Melbourne * Memphis * Mexico City * Miami Ft Flauderdale * Minneapolis St Paul * Montgomery * Mumbai * Nashville * Netherlands * New Jersey * New York * Ohio * Omaha * Ottawa * Pakistan * Panama * Philadelphia * Phoenix The Open Web Application Security Project * Pittsburgh * Riyadh * Rochester * Sacramento * Saint Louis * San Antonio * San Francisco * San Jose * Seattle * Singapore * SoCal * Spain * Switzerland * Sydney * Taiwan * Tokyo * Toronto * Turkey * Vancouver * Virginia * Washington DC * Winnipeg • Join the application security community for free, unbiased, open source tools, guidelines, forums, and local chapters! • We support developers and project managers with security guidance, tools, and materials throughout the software development lifecycle (SDLC): • Requirements and Use Cases • Architecture • Threat Modeling • Vulnerability Analysis • Scanning • Manual Penetration Testing • Code Review • Configuration Guides Free Tools * WebScarab Proxy * WebGoat Training * CAL9000 * LAPSE * Pantera * .NET and Java tools Projects * Web AppSec Guide * Testing Guide * Top Ten Vulnerabilities * AppSec FAQ * AppSec Metrics * AJAX * Code Review * Legal * PHP, J2EE, .NET Community * Local Chapters * AppSec Conferences * Mailing Lists * Forums * Portal Join Us Today! OWASP materials apply to all web platforms including J2EE, .NET, LAMP, Cold Fusion, Struts, Web Services, IIS, WebSphere, WebLogic, Tomcat, and much more The OWASP Foundation http://www.owasp.org
Majorinitiatives: Top 10 Guide Training CLASP Conferences Ajax WebGoat J2EE .NET Building our brand Yours! Chapters Project incubator Testing WebScarab Wiki portal Forums Validation Blogs Certification
Major Projects: • OWASP AJAX Security Project - investigating the security of AJAX enabled applications • OWASP Application Security Assessment Standards Project - establish a set of standards defining baseline approaches to conducting differing types of application security assessment • OWASP Application Security Metrics Project - identify and provide a set of App Sec metrics that have been found by contributors to be effective in measuring App Sec • OWASP AppSec FAQ Project - an FAQ covering many application security topics • OWASP CLASP Project - a project focused on defining process elements that reinforce application security • OWASP Code Review Project - a new project to capture best practices for reviewing code • OWASP Guide Project - a massive document covering all aspects of web application and web service security • OWASP Honeycomb Project - a comprehensive and integrated guide to the fundamental building blocks of application security • OWASP Legal Project - a project focused on contracting for secure software • OWASP Logging Project - a project to define best practices for logging and log management • OWASP Metrics Project - a project to define workable application security metrics • OWASP PHP, .NET and Java and Project - a project focused on helping PHP, .NET, and Java developers build secure applications • OWASP Risk Management Project - a new project focused on processes for managing application security risk • OWASP Testing Project - a project focused on application security testing procedures • OWASP Top Ten Project - an awareness document that describes the top ten web application security vulnerabilities • OWASP WASS Project - a standards project to develop more concrete criteria for secure applications
Free tools: • OWASP CAL9000 Project - a JavaScript based web application security testing suite • OWASP LAPSE Project - a project focused on developing an open source auditing tool for Java • OWASP .NET, Java Tools - a project focused on developing .NET and Java tools for web application security • OWASP Pantera Web Assessment Studio Project - a project focused on combining automated capabilities with complete manual testing to get the best results • OWASP SQLiX Project - a project focused on the development of SQLiX, a full perl-based SQL scanner • OWASP Validation Project - a project that provides guidance and tools related to validation. • OWASP WebGoat Project - an online training environment for hands-on learning about application security • OWASP WebScarab Project - a tool for performing all types of security testing on web applications and web services