OWASP Presentation

Download Report

Transcript OWASP Presentation

OWASP
77 WorldWide Chapters
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
Argentina * Pittsburgh
Atlanta
* Riyadh
Austin
* Rochester
Austria
* Sacramento
Bangalore * Saint Louis
Belgium * San Antonio
Boston
* San Francisco
Brazil
* San Jose
Brisbane * Seattle
Buffalo
* Singapore
Charlotte * SoCal
Chennai * Spain
Chicago * Switzerland
Chile
* Sydney
Cleveland * Taiwan
Colombia * Tokyo
Delhi
* Toronto
Denmark * Turkey
Denver
* Vancouver
Edmonton * Virginia
Germany * Washington DC
Greece
* Winnipeg
Hong Kong
Hyderabad
Ireland
Israel
Italy
Kansas City
Kerala
Kolkata
London
Luxemburg
Madison
Malaysia
Manila
Melbourne
Memphis
Mexico City
Miami Ft Flauderdale
Minneapolis St Paul
Montgomery
Mumbai
Nashville
Netherlands
New Jersey
New York
Ohio
Omaha
Ottawa
Pakistan
Panama
Philadelphia
Phoenix
The Open Web Application Security Project
Join the application security community for
free, unbiased, open source tools, guidelines,
forums, and local chapters!
We support developers and project
managers with security guidance, tools, and
materials throughout the software
development lifecycle (SDLC):








Requirements and Use Cases
Architecture
Threat Modeling
Vulnerability Analysis
Scanning
Manual Penetration Testing
Code Review
Configuration Guides
OWASP materials apply to all web platforms
including J2EE, .NET, LAMP, Cold Fusion, Struts,
Web Services, IIS, WebSphere, WebLogic, Tomcat,
and much more
Free Tools
*
*
*
*
*
*
WebScarab Proxy
WebGoat Training
CAL9000
LAPSE
Pantera
.NET and Java tools
Projects
*
*
*
*
*
*
*
*
*
Web AppSec Guide
Testing Guide
Top Ten Vulnerabilities
AppSec FAQ
AppSec Metrics
AJAX
Code Review
Legal
PHP, J2EE, .NET
Community
*
*
*
*
*
Local Chapters
AppSec Conferences
Mailing Lists
Forums
Portal
Join Us Today!
The OWASP Foundation
http://www.owasp.org
Major initiatives:
Guide
CLASP
Ajax
Top 10
Training
Conferences
WebGoat
J2EE
.NET
Building our
brand
Yours!
Chapters
Project
incubator
Testing
WebScarab
Validation
Certification
Wiki portal
Forums
Blogs
OWASP
Major Projects:

OWASP AJAX Security Project - investigating the security of AJAX enabled applications

OWASP Application Security Assessment Standards Project - establish a set of

OWASP Application Security Metrics Project - identify and provide a set of App Sec

OWASP AppSec FAQ Project - an FAQ covering many application security topics

OWASP CLASP Project - a project focused on defining process elements that reinforce

OWASP Code Review Project - a new project to capture best practices for reviewing code

OWASP Guide Project - a massive document covering all aspects of web application and web

OWASP Honeycomb Project - a comprehensive and integrated guide to the fundamental

OWASP Legal Project - a project focused on contracting for secure software

OWASP Logging Project - a project to define best practices for logging and log management

OWASP Metrics Project - a project to define workable application security metrics

OWASP PHP, .NET and Java and Project - a project focused on helping PHP, .NET, and

OWASP Risk Management Project - a new project focused on processes for managing

OWASP Testing Project - a project focused on application security testing procedures

OWASP Top Ten Project - an awareness document that describes the top ten web application

OWASP WASS Project - a standards project to develop more concrete criteria for
standards defining baseline approaches to conducting differing types of application security assessment
metrics that have been found by contributors to be effective in measuring App Sec
application security
service security
building blocks of application security
Java developers build secure applications
application security risk
security vulnerabilities
secure applications
OWASP
Free tools:

OWASP CAL9000 Project - a JavaScript based web application security testing
suite

OWASP LAPSE Project - a project focused on developing an open source
auditing tool for Java

OWASP .NET, Java Tools - a project focused on developing .NET and Java tools
for web application security

OWASP Pantera Web Assessment Studio Project - a project focused on
combining automated capabilities with complete manual testing to get the best
results

OWASP SQLiX Project - a project focused on the development of SQLiX, a full
perl-based SQL scanner

OWASP Validation Project - a project that provides guidance and tools related
to validation.

OWASP WebGoat Project - an online training environment for hands-on learning
about application security

OWASP WebScarab Project - a tool for performing all types of security testing
on web applications and web services
OWASP