Professional Documents
Culture Documents
Open Web Application Security Project: The OWASP Foundation
Open Web Application Security Project: The OWASP Foundation
Project
Ralf Durkee
Rochester OWASP Chapter Leader
Andrea Cogliati
OWASP Rochester OWASP Web and Communications
OWASP 2
What is OWASP?
OWASP 3
OWASP Principles
OWASP
OWASP Code of Ethics
OWASP
OWASP Organization
Global Board
Global Committees
Education
Chapters
Conferences
Industry
Projects & Tools
Membership
Employees
Volunteers
OWASP
OWASP membership
OWASP
OWASP Goals: Improve Quality and Support
Provide Support
Full time executive director (Kate Hartmann)
Full time project manager (Paulo Coimbra)
Half time technical editor (Kirsten Sitnick)
Half time financial support (Alison Shrader)
Looking to add programmers (Interns and Professionals)
OWASP
OWASP Resources and Community
OWASP
OWASP Conferences (2008-2009)
Brussels
Minnesota May 2008
NYC Poland
Oct 2008
May 2009
Sep 2008
Denver
Spring 2009
Portugal
San Jose Nov 2008 Israel
Sep 2009 Sep 2008 Taiwan
India Oct 2008
Aug 2008
Gold Coast
Feb 2008
OWASP 10
Rochester Security Summit
OWASP
Major initiatives:
Top 10
Guide
CLASP Training
Ajax Conferences
J2EE WebGoat
.NET Building our
brand
Yours!
Chapters
Testing Project
incubator
WebScarab Wiki portal
Validation Forums
Certification Blogs
OWASP
OWASP Publications
Major Publications
Top 10 Web Application Security Vulnerabilities
Guide to Building Secure Web Applications
Legal Project
Code Review Guide
Testing Guide
AppSec Faq
Software Assurance Maturity Model
Application Security Verification Standards
OWASP 13
Organizing the Big 4
Code
Building Testing
Review
Guide Guide
Guide
OWASP
OWASP Publications
Common Features
All OWASP publications are available free for
download from http://www.owasp.org
Publications are released under any approved free
licenses
Living Documents
Updating as needed
Ongoing Projects
OWASP Publications feature collaborative work in a
competitive field
OWASP 15
OWASP Publications – OWASP Top 10
OWASP 16
OWASP Publications - OWASP Top 10
OWASP 17
OWASP Publications - OWASP Guide
OWASP 18
OWASP Software
Common Features
All OWASP software are provided free for download
from http://www.owasp.org
Software is released under any approved free licenses
Active Projects
Updating as needed
Ongoing Projects
Many maintainers and contributors
OWASP Software is free for download and can be
used by individuals or businesses
OWASP 19
OWASP Software - WebGoat
WebGoat
Primarily a training application
Provides
An educational tool for learning about application security
A baseline to test security tools against (i.e. known issues)
What is it?
A J2EE web application arranged in “Security Lessons”
Based on Tomcat and JDK 1.5
Oriented to learning
– Easy to use
– Illustrates credible scenarios
– Teaches realistic attacks, and viable solutions
OWASP 20
OWASP Software - WebGoat
OWASP 21
OWASP Software - WebScarab
WebScarab
A framework for analyzing HTTP/HTTPS traffic
Web Proxy written in Java
Multiple Uses
Developer: Debug exchanges between client and server
Security Analyst: Analyze traffic to identify vulnerabilities
Technical Tool
Focused on software developers
Extensible plug-in architecture
Open source
Very powerful tool
Getting the Tool
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
OWASP 22
OWASP Software - WebScarab
Building Communities
Local Chapters provide opportunities for OWASP
members to share ideas and learn information
security
Open to all; any level of proficiency
Provide a forum to discuss issues, latest research,
and experiences
Provide venue for invited guests to present new ideas
and projects
OWASP 24
OWASP Rochester Chapter
Rochester Chapter
Chapter started 2004, by Ralph Durkee
Chapter Web site http://www.owasp.org/rochester
Current Board:
President: Ralf Durkee
Vice President: Chris Karr
Secretary and Treasurer: Steve Buck
Web and Communications: Andrea Cogliati
Monthly Meetings & Presentations
Mailing Lists
Vendor Neutral Environments
Open Forums for Discussion
OWASP 25
OWASP Rochester Chapter Meetings
OWASP 28
OWASP Local Chapters
OWASP 29
OWASP Local Chapters
Thank you!
OWASP 31