• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
628
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
17
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. The OWASP Foundation OWASP http://www.owasp.org The Open Web Application Security Project
    • Join the application security community for free , unbiased, open source tools, guidelines, forums, and local chapters!
    • We support developers and project managers with security guidance, tools, and materials throughout the software development lifecycle ( SDLC ):
      • Requirements and Use Cases
      • Architecture
      • Threat Modeling
      • Vulnerability Analysis
      • Scanning
      • Manual Penetration Testing
      • Code Review
      • Configuration Guides
    Free Tools * WebScarab Proxy * WebGoat Training * CAL9000 * LAPSE * Pantera * .NET and Java tools Projects * Web AppSec Guide * Testing Guide * Top Ten Vulnerabilities * AppSec FAQ * AppSec Metrics * AJAX * Code Review * Legal * PHP, J2EE, .NET Community * Local Chapters * AppSec Conferences * Mailing Lists * Forums * Portal Join Us Today! 77 WorldWide Chapters * Argentina * Atlanta * Austin * Austria * Bangalore * Belgium * Boston * Brazil * Brisbane * Buffalo * Charlotte * Chennai * Chicago * Chile * Cleveland * Colombia * Delhi * Denmark * Denver * Edmonton * Germany * Greece * Hong Kong * Hyderabad * Ireland * Israel * Italy * Kansas City * Kerala * Kolkata * London * Luxemburg * Madison * Malaysia * Manila * Melbourne * Memphis * Mexico City * Miami Ft Flauderdale * Minneapolis St Paul * Montgomery * Mumbai * Nashville * Netherlands * New Jersey * New York * Ohio * Omaha * Ottawa * Pakistan * Panama * Philadelphia * Phoenix OWASP materials apply to all web platforms including J2EE, .NET, LAMP, Cold Fusion, Struts, Web Services, IIS, WebSphere, WebLogic, Tomcat, and much more * Pittsburgh * Riyadh * Rochester * Sacramento * Saint Louis * San Antonio * San Francisco * San Jose * Seattle * Singapore * SoCal * Spain * Switzerland * Sydney * Taiwan * Tokyo * Toronto * Turkey * Vancouver * Virginia * Washington DC * Winnipeg
  • 2. Major initiatives: Training CLASP Testing Project incubator Wiki portal Forums Blogs Top 10 Conferences WebScarab WebGoat Ajax J2EE .NET Yours! Validation Chapters Building our brand Certification Guide
  • 3.
    • Major Projects:
    • OWASP AJAX Security Project - investigating the security of AJAX enabled applications
    • OWASP Application Security Assessment Standards Project - establish a set of standards defining baseline approaches to conducting differing types of application security assessment
    • OWASP Application Security Metrics Project - identify and provide a set of App Sec metrics that have been found by contributors to be effective in measuring App Sec
    • OWASP AppSec FAQ Project - an FAQ covering many application security topics
    • OWASP CLASP Project - a project focused on defining process elements that reinforce application security
    • OWASP Code Review Project - a new project to capture best practices for reviewing code
    • OWASP Guide Project - a massive document covering all aspects of web application and web service security
    • OWASP Honeycomb Project - a comprehensive and integrated guide to the fundamental building blocks of application security
    • OWASP Legal Project - a project focused on contracting for secure software
    • OWASP Logging Project - a project to define best practices for logging and log management
    • OWASP Metrics Project - a project to define workable application security metrics
    • OWASP PHP, .NET and Java and Project - a project focused on helping PHP, .NET, and Java developers build secure applications
    • OWASP Risk Management Project - a new project focused on processes for managing application security risk
    • OWASP Testing Project - a project focused on application security testing procedures
    • OWASP Top Ten Project - an awareness document that describes the top ten web application security vulnerabilities
    • OWASP WASS Project - a standards project to develop more concrete criteria for secure applications
  • 4.
    • Free tools:
    • OWASP CAL9000 Project - a JavaScript based web application security testing suite
    • OWASP LAPSE Project - a project focused on developing an open source auditing tool for Java
    • OWASP .NET, Java Tools - a project focused on developing .NET and Java tools for web application security
    • OWASP Pantera Web Assessment Studio Project - a project focused on combining automated capabilities with complete manual testing to get the best results
    • OWASP SQLiX Project - a project focused on the development of SQLiX, a full perl-based SQL scanner
    • OWASP Validation Project - a project that provides guidance and tools related to validation.
    • OWASP WebGoat Project - an online training environment for hands-on learning about application security
    • OWASP WebScarab Project - a tool for performing all types of security testing on web applications and web services