250 likes | 433 Views
The Open Web Application Security Project. “Security is a process, not a product” -- Bruce Schneier. What if the software world was only…. 100 apps written by 100 developers at 100 companies. 83 apps have a serious vulnerability. 72 apps have Cross Site Scripting. 40
E N D
“Security is a process, not a product” -- Bruce Schneier
What if the software world was only… • 100 apps written by 100 developers at 100 companies
83 apps have a serious vulnerability
72 apps have Cross Site Scripting
40 apps have SQL injection
1 company has a responsible appsec program
1 developer has any security training
100 apps contain codeof unknown origin
90 apps use unpatched libraries with known flaws
5 apps have had a scan or pentest
1 app has had a manual security code review
0 apps provide any visibility into security
“Don’t hate the playa Hate the game” -- Ice T
The first rule of security is… …You do not talk about security
Our Mission: Visibility Architects Create Security Architecture Define Security Requirements Research Developers Monitor Threat Implement Controls AppSecVisibility Cycle Infosec Users Share Findings UnderstandStakeholders Business Understand Laws VerifyCompliance Audit Legal
OWASP Meritocracy • OWASP Leaders(Chapters and Project) • OWASP Members • OWASP Users and Participants
Ireland Sept 08-09 June 2011 Sweden June 2010 Minnesota Oct 08-11 Poland May 2009 Germany Oct 08-10 New York Nov 2008 Oct 2012 Brussels May 2008 China Oct 2010 Denver Spring 08-10 Greece June 2012 DC Sep 2009Nov 2010 Portugal Nov 2008 Israel Sep 07-08 Taiwan Oct 07-08 India Aug 2008 Nov 2009 Australia Feb 08-09 Brazil Oct 09-10 New Zealand July 09-10
Today • Getting Started with OWASP T10 and Guides • Building a Software Assurance Program • Using the OWASP Live CD =====LUNCH===== • OWASP Enterprise Security API (ESAPI) • OWASP O2 • The DISA AppSec STIG and OWASP Tools • Discussion
Jeff WilliamsAspect Security CEOOWASP Foundation Chair jeff.williams@owasp.orghttp://www.owasp.org twitter @planetlevel 410-707-1487 Join Us