owasp in favor of a more secure world n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
OWASP in favor of a more secure world PowerPoint Presentation
Download Presentation
OWASP in favor of a more secure world

Loading in 2 Seconds...

play fullscreen
1 / 33
tracey

OWASP in favor of a more secure world - PowerPoint PPT Presentation

154 Views
Download Presentation
OWASP in favor of a more secure world
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. OWASP Porto Alegre Chapter OWASPin favor of a more secure world • L. GUSTAVO. C. BARBATO, Ph.D. • lgbarbato@owasp.org • Chapter Leader, OWASP Porto Alegre / BrazilMember, Global Chapter Committee • Porto Alegre Chapter Meeting • 03/31/2011 • UNISINOS –São Leopoldo

  2. Introduction

  3. OWASP(Open Web Application Security Project) • OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world • OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted • All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security http://www.owasp.org/index.php/About_OWASP

  4. Knowledge base 2009 2011 2007 2005 2003 2001 http://www.owasp.org

  5. History • OWASP was started on September 9, 2001 By Mark Curphey and Dennis Groves • Since late 2003, Jeff Williams has served as the volunteer Chair of OWASP • The OWASP Foundation, a 501(c)(3) organization (in the USA) was established in 2004 • Thounds of individual members, nowadays • OWASP Foundation has over 80 ActiveLocal Chapters • and only 3 employees http://en.wikipedia.org/wiki/OWASP

  6. Ecosystem • Volunteers • Knowledge sharing • People/Project Leadership • Events presentations • Administration • Sustainedby • Conferences • Individual supporters, annually • Banner advertisements • Corporate sponsors http://www.owasp.org/images/0/0d/OWASP_ByLaws.pdf

  7. Structure

  8. OWASP Board • Jeff Williams- USA jeff.williams@owasp.org • Sebastien Deleersnyder - Belgium seba@owasp.org • Tom Brennan - USA tomb@owasp.org • Eoin Keary - Ireland Eoin.Keary@owasp.org • Dave Wichers - USA dave.wichers@owasp.org • Matt Tesauro - USA Matt.Tesauro@owasp.org http://www.owasp.org/index.php/Contact

  9. Global Committees http://www.owasp.org/index.php/Global_Committee_Pages

  10. Local Chapters • Hundreds of Local Chapters but only around 80 are Active • http://www.owasp.org/index.php/Category:Brasil • Porto Alegre • Curitiba • São Paulo • Campinas • Brasília • Goiania • Recife • Paraíba http://www.owasp.org/index.php/Category:OWASP_Chapter

  11. Organization Supporters http://www.owasp.org/index.php/Membership

  12. Projects

  13. Resources http://www.owasp.org/index.php/Category:OWASP_Project

  14. OWASP Top Ten 2010 http://www.owasp.org/index.php/Top_10

  15. Your Existing Enterprise Services or Libraries ESAPI(Enterprise Security API) • http://www.owasp.org/index.php/ESAPI

  16. SAMM(Software Assurance Maturity Model) http://www.owasp.org/index.php/Software_Assurance_Maturity_Model

  17. CLASP(Comprehensive, Lightweight, Application Security Process) http://www.owasp.org/index.php/OWASP_CLASP_Project

  18. ASVS(Application Security Verification Standard) http://www.owasp.org/index.php/ASVS

  19. OWASP Testing Guide http://www.owasp.org/index.php/OWASP_Testing_Project

  20. WebScarab http://www.owasp.org/index.php/OWASP_WebScarab

  21. WebGoat http://www.owasp.org/index.php/OWASP_WebGoat_Project

  22. OWASP Live CD http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

  23. ModSecurity Core Rules Set Project Supports any type of parameters, POST , GET or any other SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer \ "(?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length|count|top)\b.{1,100}?\bfrom|from\b.{1,100}?\bwhere)|.*?\b(?:d(?:ump\b.*\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebtask)|ql_(?:… … … \ “capture,log,deny,t:replaceComments, t:urlDecodeUni, t:htmlEntityDecode, t:lowercase,msg:'SQL Injection Attack. Matched signature <%{TX.0}>',id:'950001',severity:'2'“ Every SQL injection related keyword is checked Common evasiontechniques are mitigated SQL comments are compensated for http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

  24. Books http://stores.lulu.com/owasp

  25. Conferences

  26. Global AppSec Europe (June 6, 2011 - June 10, 2011) http://www.owasp.org/index.php/AppSecEU2011

  27. Global AppSec North America(Sept. 20, 2011 - Sept. 23, 2011) http://www.appsecusa.org

  28. Global AppSecAsia(Nov. 3, 2011 - Nov. 5, 2011) http://www.owasp.org/index.php/China_AppSec_2011

  29. Global AppSec Latin America(Oct. 4, 2011 - Oct. 7, 2011) http://www.appseclatam.org

  30. How to participate?

  31. How to participate? • http://www.owasp.org/index.php/Porto_Alegre • Papers, wiki • Mailing lists • Projects • Proposing new ones, testing existents, feedbacks • Translations • Presentations • Contributing annually (US$ 50) http://www.regonline.com/owasp_membership

  32. Questions ???

  33. References • Decks used to create this one: http://www.owasp.org/images/b/b4/OWASP-Intro-2008-pt-br.ppt https://owasptop10.googlecode.com/files/OWASP_Top_10_-_2010%20Presentation.pptx http://owasp-esapi-java.googlecode.com/files/OWASP%20ESAPI.ppt http://www.owasp.org/images/7/71/About_OWASP_ASVS.ppt https://www.owasp.org/images/8/88/OWASP_EU_Summit_2008_WebScarab_treasures.ppt http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt http://www.owasp.org/images/a/ac/CLASPOverviewPresentation20080807NickCoblentz.ppt http://www.owasp.org/images/4/46/AppSecEU09_OWASP_Live_CD-mtesauro.ppt http://www.owasp.org/images/2/21/OWASPAppSec2007Milan_ModSecurityCoreRuleSet.ppt