1 / 18

Les Standards OWASP Tunisia WebDays 2011

Les Standards OWASP Tunisia WebDays 2011. OWASP Tunisia Chapter. Semeh Arbi OWASP Tunisia Chapter Email : semeh.arbi@owasp.org. Décembre 2011. OWASP ??!!!!!. ( OWASP ) : O pen W eb A pplication S ecurity P roject * Organization internationale à but non-lucratif

tasya
Download Presentation

Les Standards OWASP Tunisia WebDays 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Les Standards OWASPTunisia WebDays 2011 OWASP Tunisia Chapter Semeh Arbi OWASP Tunisia Chapter Email : semeh.arbi@owasp.org Décembre 2011

  2. OWASP ??!!!!! • (OWASP) : Open Web Application Security Project • * Organization internationale à but non-lucratif • * Indépendante des fournisseurs et des gouvernements • * Sponsorisé par les membres ou par des entreprises • Mission Principale : • * Produire des documents , standards et outils dédiés à la sécurité des applications Web

  3. License • Approch == “OPEN” • * Toutes les documentations, standards et outils sont fournis sous une license open-source. • GFDL • GPL • BSD License • CreativeCommons

  4. Organisation

  5. Chapitres

  6. Support

  7. OWASP vs Compliance • * ISO • * SOX • * SAS70 • * PCI DSS

  8. Initiatives Top 10 Building Guide Training CLASP Conferences Ajax WebGoat Orizon CBT .NET, Java Chapters Testing Guide Project incubator WebScarab Wiki portal Validation Forums Certification Blogs

  9. 9% : Code 41% : Outils 50% : Documentation Catégories de projets OWASP: * Detect * Protect * Life Cycle 9% 41% 50%

  10. OWASP == ‘Secure SDLC’

  11. OWASP Avant Le Développement • Sensibilisation • * OWASP Top 10 • * OWASP Top 10 for .NET • * OWASP Application Security Desk • Reference Project • Guidelines • * OWASP .NET Project • * OWASP Java Project • * OWASP Ruby On Rails Project

  12. OWASP Avant Le Développement • Formation • Flawed Applications • * Broken Web Applications / Insecure Web App • * Mutillidae / SiteGenerator / Vicnum • * WebGoat • * WebGoat.NET • * iGoat

  13. OWASP Conception & Développement • * OWASP Development Guide • * OWASP Enterprise API (ESAPI)

  14. OWASP Conception & Développement • * OWASP Application Security Verification Standard • * OWASP Code Review Project

  15. OWASP Test & Maintenance • Tests • * OWASP Testing Guide • * OWASP Tools : LAPSE , Orizon • WebScarab , Zed Attack Proxy .. • Maintenance • * OWASP CSRFGuard • * OWASP ModSecurity Core Rule Set • * OWASP Appsensor

  16. OWASP Software Assurance • * OWASP CLASP (Comprehensive, Lightweight Application Security Process) • * OpenSAMM (Software Assurance Maturity Model )

  17. OWASP … • OWASP PCI Project • OWASP Mobile Security Project • OWASP Cloud Security

  18. Merci Pour Votre Attention OWASP Tunisie

More Related