1 / 11

Finding and Fighting the Causes of Insecure Applications

Finding and Fighting the Causes of Insecure Applications. Jeff Williams OWASP Chair jeff.williams@owasp.org New York/New Jersey Chapter Meeting June 12, 2007. Public Health Warning. XSS and CSRF have evolved Any website you visit could infect your browser

traci
Download Presentation

Finding and Fighting the Causes of Insecure Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Finding and Fighting the Causes of Insecure Applications Jeff Williams OWASP Chair jeff.williams@owasp.org New York/New Jersey Chapter Meeting June 12, 2007

  2. Public Health Warning • XSS and CSRF have evolved • Any website you visit could infect your browser • An infected browser can do anything you can do • An infected browser can scan, infect, spread • 70-90% of web applications are ‘carriers’

  3. Key Application Security Vulnerabilities http://www.owasp.org/index.php?title=Top_10_2007

  4. Tools – At Best 45% • MITRE found that all application security tool vendors’ claims put together cover only 45% of the known vulnerability types (over 600 in CWE) • They found very little overlap between tools, so to get 45% you need them all (assuming their claims are true)

  5. OWASP Knowledge and Tools Guide to Application Security Testing and Guide to Application Security Code Review Guidance and Tools for Measuring and Managing Application Security VerifyingApplicationSecurity ManagingApplicationSecurity Core Application SecurityKnowledge Base Guide to Building Secure Web Applications and Web Services Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues ApplicationSecurityTools Acquiring andBuildingSecureApplications AppSecEducation and CBT Research to Secure New Technologies Research Projects on Securing New Technologies (like Web Services & Ajax) Web Based Learning Environment and Education Project

  6. OWASP Community Platform VerifyingApplicationSecurity ManagingApplicationSecurity Core Application SecurityKnowledge Base ApplicationSecurityTools Acquiring andBuildingSecureApplications AppSecEducation and CBT Research to Secure New Technologies Chapters AppSec Conferences Projects (tools and documentation) OWASP Community Platform (wiki, forums, mailing lists, leaders) OWASP Foundation 501c3 (finances, legal, infrastructure, communications)

  7. OWASP Projects Are Alive! 2009 … 2007 2005 2003 2001

  8. www.owasp.org (our wiki)

  9. OWASP by the Numbers • 420,000 page views per month • 15,000 downloads per month (SF alone) • 10,000 members on mailing lists • 2,600 wiki users • 1,500 wiki updates per month • 89 chapters worldwide • 75 individual memberships • 38 tool and documentation projects • 28 corporate/educational memberships • 25 new projects funded through Spring of Code • 0 employees

  10. How Can You Help? • Update the wiki! • Share! • Push us to do better! • Become a member

  11. Thank You for Supporting OWASP!

More Related