1 / 17

OWASP Membership Plan

OWASP Membership Plan. Jeff Williams Chair – The OWASP Foundation CEO – Aspect Security jeff.williams@owasp.org. Thank You. Thank You. Mission. OWASP is dedicated to finding and fighting the causes of insecure software. What causes? Immediate causes – vulnerabilities themselves

jerry-ellison
Download Presentation

OWASP Membership Plan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Membership Plan Jeff Williams Chair – The OWASP FoundationCEO – Aspect Securityjeff.williams@owasp.org

  2. Thank You Thank You

  3. Mission OWASP is dedicated to finding and fightingthe causes of insecure software • What causes? • Immediate causes – vulnerabilities themselves • Developers and operators • Organizational structure, development process, supporting technology • Increasing connectivity and complexity • Legal and regulatory environment • Asymmetric information in the software market

  4. Application Security Is Just Getting Started • You can’t improve what you can’t measure • We need to… • Experiment • Share what works • Combine our efforts • Expect 10 years

  5. Approach == “Open” • Open means everything is $free • Open means rough consensus and running code • Open means free to use and modify • Open means independent • Open means open information sharing • Open means wider audience and participation

  6. Our Successes • OWASP Tools and Documentation • ~15,000 downloads (per month) • ~30,000 unique visitors (per month) • ~2 million website hits (per month) • OWASP Chapters are blossoming worldwide • 1674 members in 56 chapters (~4 new chapters per month) • OWASP AppSec Conferences • New York, London, Washington D.C, more… • Distributed content portal • 90 authors for tools, projects, and chapters

  7. Community Local Chapters Translations Conferences Mailing Lists Papers and more… All free and open source Documentation Guide Top Ten Testing Legal AppSec FAQ and more… Tools WebGoat WebScarab Stinger DotNet and more… Some of What You’ll Find at OWASP

  8. Our Failures • OWASP currently isn’t good at… • Managing projects • Establishing a great community infrastructure • Recruiting contributors • Setting a clear roadmap • Direct result of part-time leadership • We are correcting this with a three part plan

  9. Part 1 – Establish The OWASP Foundation The OWASP Foundation TechnicalInfrastructure Foundation Mgmt Project Mgmt Tech. Editors Members Contributors

  10. Part 2 – Create the Membership Plan • Newly Unveiled Plan • Dual License Approach • Membership Fees • Open! • Not like SANS, CSI, OASIS, or anything else • Membership Drive Soon • Small number of companies have already joined, even before any membership drive, including VISA

  11. Dual License Approach • Open Source License • Anyone can use OWASP Materials according to the terms of the open source license associated with each OWASP project. - OR - • Commercial License • Members get a Commercial License that allows all employees to use the OWASP Materials without having to consider open source license.

  12. Plan Details

  13. How to Become a Member Step 1 Step 2 http://www.owasp.org/about/membership.html

  14. Part 3 – Find a Full-Time Director • OWASP is looking for a candidate for director • Responsibilities will include: • Developing a relationship with OWASP users • Fund-raising and publicity • Coordinating projects and chapters • Overseeing and coordinating infrastructure • Working with: • Security experts • Industry representatives • Press and media

  15. Imagine… • The OWASP Application Security Academy • Developers, AppSec Specialists, Management • OWASP Certified Application Security Professional • OWASP Independent Testing Labs • Applications, Products, Libraries, Evaluation Methodology • OWASP Open Static Analysis Project • OWASP Application Security Workbench • Tools, Findings, STRIDE/DREAD, Report Generation • OWASP Standards • OWASP Metrics • OWASP Legal • Legislation, RFP Language, Defense Fund

  16. Software Facts Expected Number of Users 15 Typical Roles per Instance 4 Modules 155 Modules from Libraries 120 % Vulnerability* 65% Cross Site Scripting 22 Reflected 12 Stored 10 SQL Injection 2 Buffer Overflow 5 95% Ingredients: Sun Java 1.5 runtime, Sun J2EE 1.2.2, Jakarta log4j 1.5, Jakarta Commons 2.1, Jakarta Struts 2.0, Harold XOM 1.1rc4, Hunter JDOMv1 Total Security Mechanisms 3 Modularity .035 Cyclomatic Complexity 323 Encryption 3 Authentication 15 Access Control 3 Input Validation 233 Logging 33 * % Vulnerability values are based on typical use scenarios for this product. Your Vulnerability Values may be higher or lower depending on your software security needs: Usage Intranet Internet Cross Site Scripting Less Than 10 5 Reflected Less Than 10 5 Stored Less Than 10 5 SQL Injection Less Than 20 2 Buffer Overflow Less Than 20 2 Security Mechanisms 10 14 Encryption 3 15

  17. Q & Q U E S T I O N S A N S W E R S www.owasp.org A

More Related