Scribd
Upload
24 views

Where We Are Where We Are Going: The OWASP Foundation

This document summarizes the 2011 German OWASP Day presentation by Seba Deleersnyder, an OWASP Foundation Board Member. It discusses the Open Web Application Security Project's (OWASP) mission of improving application security and making related risks visible. Over the past 10 years, OWASP has grown significantly, with over 2 million website hits, 15,000+ downloads, and 140+ projects covering various aspects of application security. Going forward, OWASP's strategic goals include expanding its global community, improving communication channels, building its platform, and achieving financial stability.

Uploaded by

Jose del Carmen Castro Vilarraga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views

Where We Are Where We Are Going: The OWASP Foundation

This document summarizes the 2011 German OWASP Day presentation by Seba Deleersnyder, an OWASP Foundation Board Member. It discusses the Open Web Application Security Project's (OWASP) mission of improving application security and making related risks visible. Over the past 10 years, OWASP has grown significantly, with over 2 million website hits, 15,000+ downloads, and 140+ projects covering various aspects of application security. Going forward, OWASP's strategic goals include expanding its global community, improving communication channels, building its platform, and achieving financial stability.

Uploaded by

Jose del Carmen Castro Vilarraga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 30

German OWASP Day 2011 The OWASP Foundation

http://www.owasp.org

Where we are
Where we are going
Seba Deleersnyder
[email protected]
OWASP Foundation Board Member
Core Mission
The Open Web Application Security Project (OWASP) is
a not-for-profit worldwide organization focused on
improving the security of application software.

Our mission is to make application security visible, so


that people and organizations can make informed
decisions about true application security risks.

Everyone is free to participate in OWASP and all of our


materials are available under a free and open software
license.
Core Values
OPEN Everything at OWASP is radically transparent from our
finances to our code

INNOVATION OWASP encourages and supports innovation /


experiments for solutions to software security challenges

GLOBAL Anyone around the world is encouraged to participate in


the OWASP community

INTEGRITY OWASP is an honest and truthful, vendor agnostic,


global community
Celebrating 10 years

http://web.archive.org Dec 2011

4
Numbers
OWASP tools and documentation:
~15,000 downloads (per month)
~30,000 unique visitors (per month)
~2 million website hits (per month)

OWASP community is blossoming worldwide


1500+ OWASP Members in active chapters worldwide
20,000+ participants

5
~140 Projects
PROTECT - These are tools and
documents that can be used to guard
against security-related design and
implementation flaws.

DETECT - These are tools and documents


that can be used to find security-related
design and implementation flaws.

LIFE CYCLE - These are tools and


documents that can be used to add
security-related activities into the
Software Development Life Cycle
(SDLC).
New projects – last months
Common Numbering Project German Language Project
HTTP Post Tool Mantra – Security Framework
Forward Exploit Tool Project Java HTML Sanitizer
Java XML Templates Project Java Encoder Project
ASIDE Project WebScarab NG Project
Secure Password Project Threat Modelling Project
Secure the Flag Competition Project Application Security Assessment Standards Project
Security Baseline Project Hackademic Challenges Project
ESAPI Objective – C Project Hatkit Proxy Project
Academy Portal Project Hatkit Datafiddler Project
Exams Project ESAPI Swingset Interactive Project
Portuguese Language Project ESAPI Swingset Demo Project
Browser Security ACID Tests Project Web Application Security Accessibility Project
Web Browser Testing System Project Cloud ‐ 10 Project
Java Project Web Testing Environment Project
Myth Breakers Project iGoat Project
LAPSE Project Opa
Software Security Assurance Process Mobile Security Project – Mobile Threat Model
Enhancing Security Options Framework Codes of Conduct
Spotlight

Zed Attack Proxy (ZAP):


•Intercepting Proxy
•Automated scanner
•Passive scanner
•Brute Force scanner
•Spider
•Fuzzer
•Port scanner
•Dynamic SSL certificates
•API
•Beanshell integration
•5 main coders, 15
contributors
•Fully internationalized
•Translated into 9 languages: Brazilian Portuguese, Chinese,
French, German, Greek, Indonesian, Japanese, Polish,
Spanish
Spotlight
OWASP Mobile Security:
•Security testing
•Development guidance
•Top 10 controls
•Mobile threat model
•GoatDroid
•Top 10 risks
220 Chapters ~ 100 active

1
Conferences

1
“I saw the „blossoming‟ of OWASP in Portugal‟s S
niche to widely relevant, from localized to global,

application‟s delivery and use, from


InfoSec to business process
relevance.”
– Colin Watson
Massive Outreach

• OWASP-Portugal Partnership

• OWASP Outreach to Educational Institutions

• OWASP Industry Outreach

• OWASP Browser Security Project

• OWASP-Apache Partnership

• OWASP Mobile Security Initiative

• OWASP Governance Expansion

• International Focus

• Application Security Programs


• Application Security Certification
Board Election
• OWASP Governance maturing – OWASP updated its Bylaws
and worked out procedures for the Board elections. These
governance updates support the dynamic and growing
OWASP community.

• Currently (5) board


members are
elected.
6 June 2011
• OWASP Europe non-profit established
• Global extension of organisation
• Legal &
financial support

1
Global Committees
OWASP Members
Strategic Goals
2012 Strategic Goals
Build the OWASP platform
Expand communication channels
Grow the OWASP community
Financial stability
OWASP Platform

Define the processes, resources, and tools


to enable volunteers to quickly join and
contribute to OWASP in the areas of
projects, chapters, education,
conferences and connections
Communication
Channels

Establish effective communication channels


into developer groups, universities, and
industry groups
OWASP Community

Build and grow the OWASP community


throughout the world by focusing on the
quality of chapters, conferences, and
social technologies
Financial Stability

Further build out a stable financial


foundation and create new sources of
income for the organisation to achieve the
goals of 2012 and future years.
Our Challenge
Application Security Is
Just Getting Started
• You can’t improve what you can’t measure
• We need to…
• Experiment
• Share what works
• Combine our efforts
• Expect another 10 years!

2
Call for action
• Start or join your OWASP chapter
• Start or join OWASP projects
• Translate material (documents, tool interfaces)
• Join as member
• Become active in OWASP organisation
(committees, board election 2013)
• Together we will achieve our mission!

2
Enjoy German OWASP Day 2011

You might also like