1 / 10

OWASP Projects Portal Launch!

OWASP Projects Portal Launch!. About the. Jason Li Global Projects Committee jason.li@owasp.org. AppSec USA 2011. The Prologue. OWASP Projects are: Open Source Freely Available Anyone Can Start Anyone Can Contribute Anyone Can Use Documentation, Tools, Code

elizabetht
Download Presentation

OWASP Projects Portal Launch!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Projects Portal Launch! About the Jason Li Global Projects Committee jason.li@owasp.org AppSec USA 2011

  2. The Prologue • OWASP Projects are: • Open Source • Freely Available • Anyone Can Start • Anyone Can Contribute • Anyone Can Use • Documentation, Tools, Code • Hugely successful - over 140 projects!!

  3. The Problem Over 140 projects! OWASP AntiSamy Project OWASP Application Security Verification Standard Project OWASP Book Cover & Sleeve Design OWASP Code Review Guide Project OWASP Codes of Conduct OWASP CSRFGuard Project OWASP Development Guide Project OWASP Enterprise Security API OWASP ModSecurity Core Rule Set Project OWASP Secure Coding Practices - Quick Reference Guide OWASP Software Assurance Maturity Model (SAMM) OWASP Testing Guide Project OWASP Top Ten Project OWASP Web Testing Environment Project OWASP WebGoat Project OWASP Zed Attack Proxy JBroFuzz OWASP AIR Security Project OWASP AppSec Tutorial Series OWASP AppSensor Project OWASP Broken Web Applications Project OWASP Cloud ‐ 10 Project OWASP CSRFTester Project OWASP CTF Project OWASP EnDe Project OWASP Fiddler Addons for Security Testing Project OWASP Forward Exploit Tool Project OWASP Fuzzing Code Database OWASP Hackademic Challenges Project OWASP HatkitDatafiddler Project OWASP Hatkit Proxy Project OWASP HTTP POST Tool OWASP Java XML Templates Project OWASP JavaScript Sandboxes Project OWASP Joomla Vulnerability Scanner Project OWASP LAPSE Project OWASP Legal Project OWASP Mantra Security Framework OWASP Mutillidae Project OWASP O2 Platform OWASP Orizon Project OWASP Podcast Project OWASP Scrubbr OWASP Secure Web Application Framework Manifesto OWASP Security Assurance Testing of Virtual Worlds Project OWASP SWAAT Project OWASP Vicnum Project OWASP Wapiti Project OWASP Web Browser Testing System Project OWASP WebScarab Project OWASP Webslayer Project OWASP WSFuzzer Project OWASP Yasca Project Virtual Patching Best Practices OWASP Access Control Rules Tester Project OWASP Application Security Metrics Project OWASP AppSec FAQ Project OWASP ASDR Project OWASP Backend Security Project OWASP Best Practices: Use of Web Application Firewalls OWASP CAL9000 Project OWASP CLASP Project OWASP CodeCrawler Project OWASP Content Validation using Java Annotations Project OWASP DirBuster Project OWASP Encoding Project OWASP Google Hacking Project OWASP Insecure Web App Project OWASP Interceptor Project OWASP JSP Testing Tool Project OWASP LiveCD Education Project OWASP Logging Guide OWASP NetBouncer Project OWASP Open Review Project OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project OWASP OpenSign Server Project OWASP Pantera Web Assessment Studio Project OWASP PHP Project OWASP Report Generator OWASP Ruby on Rails Security Guide V2 OWASP Scholastic Application Security Assessment Project OWASP Security Analysis of Core J2EE Design Patterns Project OWASP Security Spending Benchmarks Project OWASP Site Generator Project OWASP Skavenger Project OWASP Source Code Flaws Top 10 Project OWASP Source Code Review for OWASP-Projects Project OWASP Sprajax Project OWASP Sqlibench Project OWASP sqliX Project OWASP Stinger Project OWASP Teachable Static Analysis Workbench Project OWASP Tiger OWASP Tools Project OWASP Uniform Reporting Guidelines OWASP Validation Project OWASP Webekci Project OWASP Common Numbering Project OWASP Application Security Requirements Project OWASP Favicon Database Project OPA OWASP Academy Portal Project OWASP AJAX Security Project OWASP Alchemist Project OWASP Application Security Assessment Standards Project OWASP Application Security Program for Managers OWASP Application Security Skills Assessment OWASP ASIDE Project OWASP Browser Security ACID Test Project OWASP Browser Security Project OWASP Computer Based Training Project (OWASP CBT Project) OWASP Enterprise Application Security Project OWASP ESOP Framework OWASP Exams Project OWASP GoatDroid Project OWASP iGoat Project OWASP Java Encoder Project OWASP Java HTML Sanitizer Project OWASP Mobile Security Project OWASP Myth Breakers Project OWASP Project Partnership Model OWASP Proxy Project OWASP Request For Proposal OWASP Secure Password Project OWASP Secure the Flag Project OWASP Security Baseline Project OWASP Security Ecosystems Project OWASP Software Security Assurance Process OWASP Threat Modeling Project OWASP WhatTheFuzz Project OWASP Web Application Security Accessibility Project OWASP ESAPI C++ Project OWASP ESAPI C Project OWASP Data Exchange Format Project OWASP Cheat Sheets Project OWASP Security Tools for Developers Project OWASP SIMBA Project OWASP VFW Project

  4. The Vision • Provide a way to enable: • Consumers to find projects of value and relevance • Community members to provide feedback to leaders • Contributors to be recognized for work • GPC to support and promote projects

  5. The Path • Partnered w/ Geeknet (creators of SourceForge) • OWASP Neighborhood to house metadata about projects • SourceForge infrastructure will be available to OWASP Projects by

  6. The Reason • Summary Page • (Enables users to find projects of value and relevance) • Reviews feature • (Enables community members to provide feedback to leaders) • Tracking / Plugins • (Enables contributors to be recognized for work) • Metadata Repository • (GPC to support and promote projects) CONCEPT

  7. The Cool Stuff • Incubator, Labs, Flagship, Archive • Enables users to distinguish developing projects from mature ones • Entirely Community Driven • Open review system drives: • Elevation process • Benefits for projects (e.g. graphic design, code signing, etc) • Promotion and visibility

  8. The Timeline September 2011 OOPS! Launch Day!

  9. The Timeline • September 23rd, 2011 (AppSec USA) • Call for volunteers (five projects so far!) • January 1st 2012 (New Year’s) • Current projects inventory metadata migrated • First batch of volunteer projects go live • July 13th, 2012 (AppSec EU) • All new projects go automatically through portal • General Availability

  10. The End projects@owasp.org

More Related