1 / 36

OWASP State of the Union

OWASP State of the Union. Dave Wichers Sebastien Deleersnyder Dinis Cruz Foundation Board. Agenda. OWASP ? State of the union Season of Code 2009 OWASP near you !. Agenda. OWASP ? State of the union Season of Code 2009 OWASP near you !. OWASP. Open Web Application Security Project

mckenzie-kemp
Download Presentation

OWASP State of the Union

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP State of the Union Dave Wichers Sebastien Deleersnyder Dinis Cruz Foundation Board

  2. Agenda • OWASP ? • State of the union • Season of Code 2009 • OWASP near you !

  3. Agenda • OWASP ? • State of the union • Season of Code 2009 • OWASP near you !

  4. OWASP Open Web Application Security Project started 2001, OWASP Foundation Inc. established 2004 Participation in OWASP is free and open to all International not-for-profit charitable organization funded primarily by volunteers time, OWASP Memberships ($50 Individuals, $5k Supporters), and OWASP Conference fees Website: 6,464 registered users, 21,552,771 page views, and 55,941 page edits , 10k members on mailing lists 4

  5. What Is Unique about OWASP? • Everything we do is free and open…

  6. OWASP Vision & Mission Vision: a software market that produces code that’s secure enough to rely on.  Mission (to achieve that vision): to make security visible (or transparent) so that software buyers and sellers are on equal footing and market forces can work.  6

  7. www.owasp.org 7 7

  8. OWASP Principles • Free & Open • Governed by rough consensus & running code • Abide by a code of ethics: http://www.owasp.org/index.php/About_OWASP • Not-for-profit • Not driven by commercial interests • Risk based approach

  9. OWASP Resources and Community

  10. OWASP Foundation - Structure

  11. 150+ chapters

  12. OWASP Conferences (2008-2009) Sweden May 2010 Germany Nov 2008 Ireland Sep 2009 Brussels May 2008 Minnesota Oct 2008 Poland May 2009 NYC Sep 2008 Denver Mar 2009 DC Mar & Nov 2009 Portugal Summit Nov 2008 Israel Sep 2008/09 Taiwan Oct 2008 India Aug 2008 New Zealand July 2009 Brazil Oct 2009 Gold Coast Feb 2008/09

  13. Mailing Lists • 100+ Mailing Lists • Local Chapters • Projects • Regional/Global Committees • LinkedIn Group too… 2700+ members

  14. 2009 Organization Supporters

  15. 2009 Educational Supporters

  16. Agenda • OWASP ? • State of the union • Season of Code 2009 • OWASP near you !

  17. Summit Portugal - Nov 2008 • First time OWASP community got together • 80+ OWASP leaders under the same roof • 20+ countries • 12h/day workload (& lots of beer consumed)

  18. Summit Portugal Outcomes: • New Free Tools and Guidance (from SoC08) • New Global Committee Structure • Education, Chapter, Conferences, Industry, Projects, Membership (who will create the action plan for 2009) • New Outreach Program • technology vendors, framework providers, and standards bodies • new program to provide free one- day seminars at universities and developer conferences worldwide 18

  19. Global Committees – Established late 2008 http://www.owasp.org/index.php/About_OWASP

  20. Projects Committee • Organizing the next OWASP Season of Code • Drafting proposals for standardization and organization of OWASP Projects and Releases • Establishing a baseline assessment of all OWASP Projects and Releases • Survey all OWASP projects More about projects tomorrow!

  21. Industry Committee • Start outreach to critical infrastructures worldwide such as: • electricity generation, transmission and distribution; gas production, transport and distribution; • oil and oil products production, transport and distribution; • telecommunication; • water supply (drinking water, waste water/sewage, stemming of surface water (e.g. dikes and sluices)); • agriculture, food production and distribution; • heating (e.g. natural gas, fuel oil, district heating); • public health (hospitals, ambulances); • transportation systems (fuel supply, railway network, airports, harbors, inland shipping); • financial services (banking, clearing); • security services (police, military).

  22. Industry - Accomplishments • Has submitted RFC feedback for both British and US/NIST 800-53 rev 3 standards 2. Have been promoting supporter membership to raise awareness in industry verticals 3. Have established working relationships with ISSA & ISACA to assist with industry focused outreach and international insight

  23. Membership Committee • Increase individual membership 100% in 18 months (Individuals) • Increase organizational supporters 100% in 18 months (Supporters) • Increase university supporters 100% in 18 months 1. Has created and launched a new membership model 2. Has created and launched Membership drive to support our efforts 3. Has created video to promote/explain

  24. Education Committee The primary purpose of the Global Education Committee is: • to work with the OWASP Education Project • to provide educational materials for • both internal and external users, • develop liaisons with educational institutions worldwide.

  25. Current work • Categorize (Organization) of educational materials • Train the trainers (Teach the teachers) • Create an online assessment and training portal • Brazil – SoC09? • OWASP Boot Camp Project • OWASP CTF event • NY CTF based - SoC09 proposal - "OWASP Challenge Framework" • Speakers Bureau Project • Marketing efforts • Internationalization of the training materials • Education material (Projects) • Academic Educational Services

  26. Chapter Committee • To provide the support required at the local level to accomplish the overall mission and goals of the association • Define chapter and role in OWASP • Identify the health of Chapters - number of Chapters Vs active chapters • Define clear and transparent process of chapter Governance • Develop Chapter Handbook

  27. Progress

  28. Agenda • OWASP ? • State of the union • Season of Code 2009 • OWASP near you !

  29. SoC 09 (OWASP Season of Code) • 4th edition of OWASP Grant program • Pre-Lauched today here in Poland (see http://www.owasp.org/index.php/OWASP_Season_of_Code_2009) • Proposed focus on 4 areas: • OWASP Education Pack - managed by: Education Committee • Enterprise usability of OWASP projects - managed by: Projects Committee) • Additional Sources of Funding - managed by Membership & Chapters Committee) • Marketing & PR - managed by Industry & Conferences Committee • Initial budget of 90,000 USD

  30. Agenda • OWASP ? • State of the union • Season of Code 2009 • OWASP near you !

  31. OWASP Podcast Series • Launched Nov 21, 2008 • Episode 19 will be released May 13 • 13 Interviews, 2 Roundtables, 4 News Commentary Programs and counting • Produced and Hosted by Jim Manico of Aspect Security • News team consists of Arshan Dabirsiaghi, Andre Gironda and Jeff Williams • http://www.owasp.org/index.php/OWASP_Podcast

  32. www.owasp.tv 56 videos 40+ hrs

  33. Local Chapter Resources • Local Meetings • Regional Mailing List • Presentations • Forum for discussion • Meet fellow InfoSec professionals • Create (Web)AppSec awareness • Local projects • JOBS = http://www.owasp.org/index.php/OWASP_Jobs

  34. Upcoming Conferences • OWASP New Zealand Day 2009 - New Zealand • July 13th - 2 track conference, University of Auckland • OWASP AppSec Ireland 2009 • September 10th Conference at Trinity College in Dublin • OWASP AppSec Brazil 2009 • October 27th-30th Conference and tutorials at Câmara dos Deputados • OWASP AppSec US 2009 – November Washington, D.C.

  35. TTD • Visit www.owasp.org • Find your local chapter / conferences • Listen to PodCasts • Watch Videos • Read Materials • Post your (Web)AppSec questions • Spread the word, invite peers • Contribute to discussions • Become member!

  36. Get Involved WWW.OWASP.ORG

More Related