Les standards owasp tunisia webdays 2011
Download
1 / 18

Les Standards OWASP Tunisia WebDays 2011 - PowerPoint PPT Presentation


  • 177 Views
  • Uploaded on

Les Standards OWASP Tunisia WebDays 2011. OWASP Tunisia Chapter. Semeh Arbi OWASP Tunisia Chapter Email : [email protected] Décembre 2011. OWASP ??!!!!!. ( OWASP ) : O pen W eb A pplication S ecurity P roject * Organization internationale à but non-lucratif

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Les Standards OWASP Tunisia WebDays 2011' - tasya


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Les standards owasp tunisia webdays 2011
Les Standards OWASPTunisia WebDays 2011

OWASP Tunisia Chapter

Semeh Arbi

OWASP Tunisia Chapter

Email : [email protected]

Décembre 2011


Owasp
OWASP ??!!!!!

  • (OWASP) : Open Web Application Security Project

  • * Organization internationale à but non-lucratif

  • * Indépendante des fournisseurs et des gouvernements

  • * Sponsorisé par les membres ou par des entreprises

  • Mission Principale :

  • * Produire des documents , standards et outils dédiés à la sécurité des applications Web


License
License

  • Approch == “OPEN”

  • * Toutes les documentations, standards et outils sont fournis sous une license open-source.

  • GFDL

  • GPL

  • BSD License

  • CreativeCommons





Owasp vs compliance
OWASP vs Compliance

  • * ISO

  • * SOX

  • * SAS70

  • * PCI DSS


Initiatives
Initiatives

Top 10

Building Guide

Training

CLASP

Conferences

Ajax

WebGoat

Orizon

CBT

.NET, Java

Chapters

Testing Guide

Project incubator

WebScarab

Wiki portal

Validation

Forums

Certification

Blogs


9% : Code

41% : Outils

50% : Documentation

Catégories de projets OWASP:

* Detect

* Protect

* Life Cycle

9%

41%

50%



Owasp avant le d veloppement
OWASP Avant Le Développement

  • Sensibilisation

  • * OWASP Top 10

  • * OWASP Top 10 for .NET

  • * OWASP Application Security Desk

  • Reference Project

  • Guidelines

  • * OWASP .NET Project

  • * OWASP Java Project

  • * OWASP Ruby On Rails Project


Owasp avant le d veloppement1
OWASP Avant Le Développement

  • Formation

  • Flawed Applications

  • * Broken Web Applications / Insecure Web App

  • * Mutillidae / SiteGenerator / Vicnum

  • * WebGoat

  • * WebGoat.NET

  • * iGoat


Owasp conception d veloppement
OWASP Conception & Développement

  • * OWASP Development Guide

  • * OWASP Enterprise API (ESAPI)


Owasp conception d veloppement1
OWASP Conception & Développement

  • * OWASP Application Security Verification Standard

  • * OWASP Code Review Project


Owasp test maintenance
OWASP Test & Maintenance

  • Tests

  • * OWASP Testing Guide

  • * OWASP Tools : LAPSE , Orizon

  • WebScarab , Zed Attack Proxy ..

  • Maintenance

  • * OWASP CSRFGuard

  • * OWASP ModSecurity Core Rule Set

  • * OWASP Appsensor


Owasp software assurance
OWASP Software Assurance

  • * OWASP CLASP (Comprehensive, Lightweight Application Security Process)

  • * OpenSAMM (Software Assurance Maturity Model )


Owasp1
OWASP

  • OWASP PCI Project

  • OWASP Mobile Security Project

  • OWASP Cloud Security



ad