View Dave Wichers's SLIDES Here


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Everything people need to understand and practice application security
  • View Dave Wichers's SLIDES Here

    1. 1. Welcome to the OWASP & WASC AppSec 2007 Conference Dave Wichers OWASP Conferences Chair COO, Aspect Security [email_address] 301-604-4882
    2. 2. OWASP <ul><li>Mission </li></ul><ul><ul><li>Open source non-profit charitable foundation dedicated to enabling organizations develop, maintain, and acquire software they can trust </li></ul></ul><ul><li>Principles </li></ul><ul><ul><li>All OWASP products are free and open </li></ul></ul><ul><ul><li>Application security knowledge should be freely available </li></ul></ul><ul><ul><li>OWASP encourages awareness, discussion, and best practices </li></ul></ul><ul><ul><li>Making security visible is key to changing the software market </li></ul></ul><ul><ul><li>OWASP does not recommend any commercial products or services </li></ul></ul><ul><ul><li>OWASP will not discuss/disclose specific exploits </li></ul></ul>
    3. 3. OWASP Body of Knowledge Core Application Security Knowledge Base Acquiring and Building Secure Applications Verifying Application Security Managing Application Security Application Security Tools AppSec Education and CBT Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures OWASP Foundation 501c3 OWASP Community Platform (wiki, forums, mailing lists) Projects Chapters AppSec Conferences Guide to Building Secure Web Applications and Web Services Guide to Application Security Testing and Guide to Application Security Code Review Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security Guidance and Tools for Measuring and Managing Application Security Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax)
    4. 4. Welcome to the OWASP AppSec Conference <ul><li>This is the 7 th installment of the AppSec conference series (AND the first with WASC!!) </li></ul><ul><ul><li>We normally have 2 each year, (the U.S. and Europe) </li></ul></ul><ul><ul><li>But … we also had OWASP day (Sept. 5-12) in 17 chapters around the world </li></ul></ul><ul><ul><li>and we just had a conference in Taiwan. A half day conference, with 600 attendees! Good job Wayne! </li></ul></ul><ul><ul><li>Next year’s (current) plans: </li></ul></ul><ul><ul><ul><li>OWASP Australia: Gold Coast – March 29-31 </li></ul></ul></ul><ul><ul><ul><li>OWASP Europe: Brussels in May </li></ul></ul></ul><ul><ul><ul><li>OWASP Israel: ?? </li></ul></ul></ul><ul><ul><ul><li>OWASP Taiwan: ?? </li></ul></ul></ul><ul><ul><ul><li>OWASP U.S.: New York City in Oct </li></ul></ul></ul>
    5. 5. OWASP Conferences Committee Members <ul><li>OWASP Conferences Chair: </li></ul><ul><ul><li>Dave Wichers – Aspect Security and OWASP Board </li></ul></ul><ul><li>WASC Support: </li></ul><ul><ul><li>Jeremiah Grossman, Anurag Agarwal, and others. </li></ul></ul><ul><li>Web Services Security Track Chair: </li></ul><ul><ul><li>Gunnar Peterson – Arctec Group </li></ul></ul><ul><li>Tech Expo Chair: </li></ul><ul><ul><li>Pravir Chandra – Cigital </li></ul></ul><ul><li>Refereed Papers Track Chair: </li></ul><ul><ul><li>Frank Piessens – KU Leuven </li></ul></ul><ul><li>2008 Europe Conference Planning Committee Chair: </li></ul><ul><ul><li>Sebastien Deleersnyder - Telindus, Belgacom ICT </li></ul></ul><ul><li>2008 U.S. Conference Planning Committee Chair: </li></ul><ul><ul><li>Tom Brennan – Access IT Group </li></ul></ul><ul><li>THANKS FOR ALL THE HELP! And we need more. Volunteers? </li></ul>
    6. 6. AppSec Conference Schedule <ul><li>Also: Tech Expo Upstairs today – From 11 AM to 6 PM </li></ul><ul><ul><li>Similar structure tomorrow </li></ul></ul><ul><ul><li>Microsoft/Aspect Security cocktail party (tomorrow) Also at Holiday Inn. </li></ul></ul>
    7. 7. Thank you to our Hosts!
    8. 8. Sponsors/Tech Expo <ul><li>Thank you to all our sponsors </li></ul><ul><li>Please visit (most of) them at the TechExpo! </li></ul><ul><li>Future conferences will not be limited to product/managed services vendors only </li></ul>
    9. 9. Your Conference Packet <ul><li>Welcome Letter </li></ul><ul><ul><li>From OWASP Chair Jeff Williams </li></ul></ul><ul><li>Conference Agenda </li></ul><ul><li>Facility Information / Map </li></ul><ul><li>Directions to Nearby Hotels </li></ul><ul><li>Conference Eval Form (please fill in and drop off) </li></ul><ul><li>Collateral from All Our Sponsors </li></ul><ul><ul><li>Please take a look </li></ul></ul>
    10. 10. Conference Logistics <ul><li>Speakers </li></ul><ul><ul><li>Please use your own laptop for your presentation </li></ul></ul><ul><ul><li>If you’d don’t have it here, let me know in advance so we can get a laptop with your presentation on it ready </li></ul></ul><ul><li>Presentations may be Audio and Video Recorded </li></ul><ul><ul><li>Speakers, please talk into the mic and repeat any questions so they will be picked up in the recording </li></ul></ul><ul><li>Free Wireless Provided by Conference Center </li></ul><ul><li>All presentations should be online within two weeks!! </li></ul>
    11. 11. Tonight’s OWASP Dinner <ul><li>At Holiday Inn </li></ul><ul><ul><li>1740 N. 1st St. San Jose </li></ul></ul><ul><ul><li>Almost half the attendees are registered so see you there  </li></ul></ul><ul><ul><li>Almost sold out. If interested, see me. </li></ul></ul>
    12. 12. Map to the Dinner <ul><li>Its only 0.7 miles so you can walk  </li></ul><ul><ul><li>eBay to Holiday Inn </li></ul></ul>
    13. 13. Conclusion: OWASP & WASC AppSec 2007 Conference Dave Wichers OWASP Conferences Chair COO, Aspect Security [email_address] 301-604-4882
    14. 14. Some OWASP Growth Stats <ul><li>One year ago (Oct 2006), we had </li></ul><ul><ul><li>about 75 local chapters </li></ul></ul><ul><ul><li>about 15 corporate sponsors </li></ul></ul><ul><ul><li>about 180K page views / month at </li></ul></ul><ul><ul><li>and finally a little bit of money  . About $88K </li></ul></ul><ul><li>Now (Nov 2007), we have </li></ul><ul><ul><li>over 100 local chapters </li></ul></ul><ul><ul><li>over 30 corporate sponsors </li></ul></ul><ul><ul><li>about 360K page views / month at </li></ul></ul><ul><ul><li>prior to this conference we had about $300K </li></ul></ul><ul><ul><ul><li>Of which $90K is pledged to the completion of the 2007 Spring of Code projects </li></ul></ul></ul>
    15. 15.
    16. 16. And our First Employee <ul><li>Alison McNamee </li></ul><ul><ul><li>Starts Nov 26 th </li></ul></ul><ul><ul><li>Working in OWASP Foundation office in Columbia, MD </li></ul></ul><ul><ul><li>Perform Administrative Duties such as </li></ul></ul><ul><ul><ul><li>Assist OWASP Members </li></ul></ul></ul><ul><ul><ul><li>Assist OWASP Project and Chapter Leads </li></ul></ul></ul><ul><ul><ul><li>Help organize and manage OWASP conferences </li></ul></ul></ul><ul><ul><ul><li>Manage OWASP corporate and individual memberships </li></ul></ul></ul><ul><ul><ul><li>OWASP financial management </li></ul></ul></ul><ul><ul><ul><li>OWASP correspondence </li></ul></ul></ul><ul><ul><ul><li>etc. </li></ul></ul></ul><ul><ul><ul><li>etc. </li></ul></ul></ul>
    17. 17. Some OWASP Conference Stats <ul><li>1 st OWASP AppSec Conference (2004 NY) - ~100 people on a weekend </li></ul><ul><li>2 nd OWASP AppSec Conference (2005 London) ~100 on a weekend </li></ul><ul><li>3 rd OWASP AppSec Conference (2005 D.C.) ~175 plus 40 in tutorials </li></ul><ul><li>4 th OWASP AppSec Conference (2006 Brussels) ~125 plus 40 in tutorials </li></ul><ul><li>5 th OWASP AppSec Conference (2006 Seattle) ~180 plus 115 in tutorials </li></ul><ul><li>6 th OWASP AppSec Conference (2007 Milan) ~140 plus 40 in tutorials </li></ul><ul><li>OWASP Taiwan Conference (2007 Taiwan) </li></ul><ul><ul><li>About 600 attendees for half day free conference!! </li></ul></ul><ul><li>2007 OWASP & WASC AppSec Conference (2007 San Jose) </li></ul><ul><ul><li>About 260 attendees with 80 people in six 2-day tutorials </li></ul></ul><ul><ul><li>First Tech Expo: Sold out with 12 vendors participating </li></ul></ul><ul><li>Result: Lots of great community interaction/awareness and many great presentations online for community use </li></ul>
    18. 18. Plans for Next Year (2008) <ul><li>2008 OWASP Australia AppSec Conference </li></ul><ul><ul><li>Gold Coast – March 29-31 – 1-day tutorials, 2-day conference </li></ul></ul><ul><li>2008 OWASP AppSec Europe Conference </li></ul><ul><ul><li>Brussels – May 19-22, 2008 </li></ul></ul><ul><ul><li>Refereed papers track, Vendor Expo </li></ul></ul><ul><ul><li>Two day Tutorials – two day conference </li></ul></ul><ul><li>2008 OWASP AppSec Israel Conference - ?? </li></ul><ul><li>2008 OWASP AppSec Taiwan Conference - ?? </li></ul><ul><li>2008 OWASP AppSec U.S. Conference </li></ul><ul><ul><li>New York City, Oct. 2007 </li></ul></ul><ul><ul><li>Refereed papers track, Vendor Expo, Lots of tutorials </li></ul></ul><ul><ul><li>Capture the flag event? </li></ul></ul>
    19. 19. Please Help OWASP Grow <ul><li>As contributors </li></ul><ul><ul><li>OWASP Chapter Leaders </li></ul></ul><ul><ul><li>OWASP Project Leaders and Participants </li></ul></ul><ul><ul><li>Season of Code Participants (paid projects!) </li></ul></ul><ul><ul><li>OWASP Conference Committee </li></ul></ul><ul><ul><li>Stub articles – wiki contributions </li></ul></ul><ul><ul><li>New technologies to analyze </li></ul></ul><ul><li>As members </li></ul><ul><ul><li>Corporate Members </li></ul></ul><ul><ul><li>Individual Members </li></ul></ul><ul><li>Please join us and share what you know! </li></ul>
    20. 20. Please Give Us Your Feedback <ul><li>Tutorials? </li></ul><ul><ul><li>More diversity? </li></ul></ul><ul><ul><li>What other topics are you interested in? </li></ul></ul><ul><ul><li>Quarterly regional OWASP training events? </li></ul></ul><ul><li>Presentations? </li></ul><ul><ul><li>More tracks? </li></ul></ul><ul><ul><li>Longer conference? </li></ul></ul><ul><ul><li>Panels? </li></ul></ul><ul><li>Other Activities? </li></ul><ul><ul><li>OWASP tool demo’s? </li></ul></ul><ul><ul><li>Capture the flag? </li></ul></ul><ul><ul><li>Product comparisons? (think UL testing/Consumer Reports) </li></ul></ul><ul><li>Send to [email_address] </li></ul>
    21. 21. Thanks again to our Hosts! <ul><li>Caroline Wong from eBay – Facilitated getting eBay / PayPal to offer their facility to us </li></ul>
    22. 22. Thank You to Our Organizers <ul><li>Aspect Security </li></ul><ul><ul><li>Conference Organization </li></ul></ul><ul><ul><li>Conference Logistics </li></ul></ul><ul><ul><li>Conference Registration </li></ul></ul><ul><ul><li>Financial Management </li></ul></ul><ul><li>WASC </li></ul><ul><ul><li>Local Conference Promotion </li></ul></ul><ul><ul><li>Facility Selection/Negotiation </li></ul></ul><ul><ul><li>Local Logistics, Event Support </li></ul></ul><ul><li>Tech Expo: Pravir Chandra </li></ul><ul><li>Web Services Track: Gunnar Peterson </li></ul>
    23. 23. Thanks Again to Our Sponsors
    24. 24. Thank You to Our Contributors and Members <ul><li>I want to thank ALL the OWASP Project Leads and their teams for all their Hard Work </li></ul><ul><ul><li>OWASP wouldn’t exist without them </li></ul></ul><ul><li>And thank you to all our corporate & individual members </li></ul>
    25. 25. Reminder: Another Cocktail Party :-)