1 / 23

Feb 25th, 2010

Welcome to OWASP Bay Area Application Security Summit February 25th, 2010. Mandeep Khera OWASP Bay Area Chapter Leader mkhera@owasp.org mandeep@cenzic.com Phone: 408-200-0712. Feb 25th, 2010. Agenda. 1.15 – 1.30 - Welcome, Overview – Mandeep Khera

amela-harrell
Download Presentation

Feb 25th, 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to OWASP Bay Area Application Security Summit February 25th, 2010 Mandeep Khera OWASP Bay Area Chapter Leader mkhera@owasp.org mandeep@cenzic.com Phone: 408-200-0712 Feb 25th, 2010

  2. Agenda 1.15 – 1.30 - Welcome, Overview – Mandeep Khera 1.30 – 2.15 – Keynote, Kaj Van Da Loo, Sr. VP, Platforms and OnDemand, SAP 2.15 – 3.00 – WebBlaze: New Techniques and Tools – Prof. Dawn Song, UC Berkeley 3.00 – 3.30 - Networking Break 3.30 – 4.00 – State of the Art: Automated Black-Box Testing: Prof. Mitchell, Stanford University, Jason Bau 4.00 – 4.30 – Controlling Data in the Cloud: Outsourcing Computation Without Outsourcing Control – Richard Chow, PARC 4.30 – 4.45 – Mini-Break 4.45 – 6.00 – Panel – App Security Issues – Cloud, Inertia, Future 6.00 – 8.00 – Networking Reception – Food and Drinks 2 2

  3. Thanks to our sponsors!! 3

  4. Web Vulnerabilities Trend Source: Cenzic Trends Report

  5. Internet Usage Continues to Grow 5

  6. Trends for the next few years… • Cyber War will accelerate • More countries will take offensive actions • Social Networking sites will continue to be the targets • Too big, too many users, too vulnerable • Cloud computing security issues • Moving to the cloud but what about security? • Regulations • Payment Card Industry (PCI) continues to drive the need for app security; other new regulations also coming • Mobile Apps • Computing moving to mobile, more attacks likey

  7. Sophistication of Hackers.. 7

  8. OWASP World OWASP is a worldwidefree and open community focused on improving the security of application software. Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.

  9. 2009 OWASP Supporters

  10. OWASP Worldwide Community Membership Individual: 750 Organizations: 27 Chapters 158 around world Participants 1,470 Wiki accounts +20,000 users 10

  11. OWASP Dashboard Worldwide Users Most New Visitors 29,748,796 page views 11

  12. OWASP Conferences (2008-2009) Germany Nov 2008 Brussels May 2008 Minnesota Oct 2008 Poland May 2009 NYC Sep 2008 Denver Spring 2009 Ireland 2009 DC Sep 2009 Portugal Summit Nov 2008 Israel Sep 2008 Taiwan Oct 2008 India Aug 2008 Brazil Oct 2009 Gold Coast Feb 2008 +2009 12

  13. OWASP KnowledgeBase • 9,421 total articles • 427 presentations • 200 updates per day • +300 mailing lists • 180 blogs monitored • 19 deface attempts • 2,962 uploaded files

  14. OWASP AppSec News and Intelligence 14 • Moderated AppSec News Feed • http://www.google.com/reader/public/atom/user/16712724397688793161/state/com.google/broadcast • OWASP Podcast • http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 • OWASP TV • http://www.owasp.tv

  15. OWASP AppSec Job Board 15

  16. OWASP Top 10 Critical Vulnerabilities - 2010 www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 16

  17. Lot more than OWASP Top 10 OWASP .NET Project OWASP ASDR Project OWASP AntiSamy Project OWASP AppSec FAQ Project OWASP Application Security Assessment Standards Project OWASP Application Security Metrics Project OWASP Application Security Requirements Project OWASP CAL9000 Project OWASP CLASP Project OWASP CSRFGuard Project OWASP CSRFTester Project OWASP Career Development Project OWASP Certification Criteria Project OWASP Certification Project OWASP Code Review Project OWASP Communications Project OWASP DirBuster Project OWASP Education Project OWASP Encoding Project OWASP Enterprise Security API OWASP Flash Security Project OWASP Guide Project OWASP Honeycomb Project OWASP Insecure Web App Project OWASP Interceptor Project OWASP JBroFuzz OWASP Java Project OWASP LAPSE Project OWASP Legal Project OWASP Live CD Project OWASP Logging Project OWASP Orizon Project OWASP PHP Project OWASP Pantera Web Assessment Studio Project OWASP SASAP Project OWASP SQLiX Project OWASP SWAAT Project OWASP Sprajax Project OWASP Testing Project OWASP Tools Project OWASP Top Ten Project OWASP Validation Project OWASP WASS Project OWASP WSFuzzer Project OWASP Web Services Security Project OWASP WebGoat Project OWASP WebScarab Project OWASP XML Security Gateway Evaluation Criteria Project OWASP on the Move Project 17

  18. Finances and Grants OWASP Foundation 100% OWASP Grants 55% 45% 18

  19. What Does Membership Do For OWASP? • Funds OWASP Speakers via OWASP On the Move • Funds Season of Code projects • Helps Support Local Chapters • A portion of your membership fees helps fund your local chapter 19

  20. Membership Benefits Individual Members Organizational Supporters University Supporters 20

  21. Individual Members • Cost: $50/year • First Time Members Get A Membership Pack: • Membership card and certificate • OWASP DVD • Attractive OWASP t-shirt • OWASP tote bag • Pen • 10% discount on OWASP conferences 21

  22. Organizational Supporters Cost: $5000/year Logo on OWASP website Online job postings on OWASP website Invitation to special OWASP events such as Industry Outreach Two complimentary attendees to OWASP annual Summit Employees get 10% discount on OWASP conferences Onsite OWASP briefing 22

  23. University Supporters No cost (!) – Universities must agree to provide meeting space twice per year and to include OWASP in their curriculum Must be an accredited University Logo on OWASP website OWASP briefings for University – students and staff 23

More Related