Your SlideShare is downloading. ×
0
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Owasp Serbia overview
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Owasp Serbia overview

1,123

Published on

Presentation held 09.04.2012. in Belgrade. Overview of OWASP and OWASP Serbia Local Chapter.

Presentation held 09.04.2012. in Belgrade. Overview of OWASP and OWASP Serbia Local Chapter.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,123
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OWASP Serbia Overview Nikola Milošević OWASP Serbia Local Chapter Leader P3 Communications nikola.milosevic@owasp.orgOWASP9.4.2012. Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
  • 2. What is OWASPProfessional organizationProfessionals, students, companies, universitiesAwarnessStandardsToolsDistributed, global peers OWASP 2
  • 3. Mission Make application security visible so that people and organizations can make informed decisions about true application security risk What causes? • Immediate causes – vulnerabilities themselves • Developers and operators • Organizational structure, development process, supporting technology • Increasing connectivity and complexity • Legal and regulatory environment • Asymmetric information in the software market OWASP 3
  • 4. OWASP Core Values OPEN Everything at OWASP is radically transparent from our finances to our code. INNOVATION OWASP encourages and supports innovation/experiments for solutions to software security challenges. GLOBAL Anyone around the world is encouraged to participate in the OWASP community. INTEGRITY OWASP is an honest and truthful, vendor agnostic, global community OWASP 4
  • 5. OWASP Code of Ethics Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles; Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities; To communicate openly and honestly; Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association; To maintain and affirm our objectivity and independence; To reject inappropriate pressure from industry or others; OWASP 5
  • 6. Why should I care about security? OWASP 6
  • 7. Why should I care about security?Increased fraquency of attacksComplexity of malwareHacktivismOnline crimeInternet warfareTechnological espionageCrackingEtc... OWASP 7
  • 8. OWASP Projects - General3 groups: Protect – Tools and docs used to protect Detect – Tools and docs used to find Life Cycle – Tools and docs used to add security related activities in Software Developement LifecycleEveryone can start project, after review and acceptance from Global Committee OWASP 8
  • 9. OWASP Projects – OWASP Top 10 OWASP 9
  • 10. OWASP Projects – OWASP ApplicationSecurity Verification StandardOWASP StandardizationThe first internationally-recognized standard for conducting application security assessments.Security testing and code review techniquesCovers both automated and manual approaches for assessingWeb application – releasedWeb services – in progress OWASP 10
  • 11. OWASP Projects – OWASP Live CDContent OWASP 11
  • 12. OWASP Projects – OWASP FrameworksOWASP AntySami Project (Java,.NET) API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacksOWASP Enterprise Security API (ESAPI) Free and open collection of all the security methods that a developer needs to build a secure web application.OWASP Mod Security Rule Set Project web application firewall engine generic protection from unknown vulnerabilities often found in web applications OWASP 12
  • 13. OWASP Projects – OWASP GuidesOWASP Development GuideOWASP .NET ProjectOWASP Ruby on Rails Security GuideOWASP Secure Coding Practices – Quick ReferenceOWASP Code Review GuideOWASP Testing GuideOWASP Legal Project OWASP 13
  • 14. OWASP Projects – OWASP ToolsOWASP JBroFuzz Project JBroFuzz is a web application fuzzer for requests being made over HTTP or HTTPSOWASP Web Scarab Project Tool for performing all types of security testing on web applications and web servicesOWASP Zed Attack Proxy penetration testing tool for finding vulnerabilities in web applications. used by people with a wide range of security experience Toolsmith tool of the year 2011 OWASP 14
  • 15. OWASP Projects – OWASP Web GoatEducational projectWant to learn how to test security on web app?Try Web Goat!Learn to perform OWASP Top 10Other Goat projects: GoatDroid iGoat OWASP 15
  • 16. OWASP Local chapters - Overview94 Countries288 Local Chapters OWASP 16
  • 17. OWASP Local chapters - OverviewLocal communitiesWorking on rising awareness of IT Security Management level Developer level Ordinary peopleKnowledge sharingLocal chapters contribute on OWASP projectsGuided by Local Chapter Handbook OWASP 17
  • 18. AppSec conferences OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security.Started in 2004. in USA, 2005. in EuropeGlobal AppSec conferences AppSec Asia-Pacific 11. – 14. April, Sydney, Australia Global AppSec Research 10 – 13 July, Athens, Greece AppSec North America 22 – 26 Oct, Austin,TX AppSec Latin America 14 – 16 Nov, Buenos Aires, Argentina OWASP 18
  • 19. AppSec conferencesRegional and Local AppSec ConferencesOWASP Day – usualy one day conferenceOne or more days OWASP 19
  • 20. Academic partners OWASP 20
  • 21. SponsorsContent OWASP 21
  • 22. Google Summer of Code 2012OWASP is officialy selected as GSoC mentoring organization  1) Think of a good idea – For reference see GSoC 2012 Ideas  2) Do some research yourself based on the idea, write up a proposal draft  3) Post it to the mailing list at gsoc@lists.owasp.org for initial discussions with OWASP mentors.  4) Based on feedback, write a full proposal – See template below:https://www.owasp.org/index.php/GSoC_SAT  5) Submit your proposal to Google from March 26–April 6, 2012.April – August coding OWASP 22
  • 23. Local Chapter SerbiaLocal chapter meetings – every monthSpreading the avareness, do the PROWASP day – hopefulyCompetitionWorking groups – PR, FR, IT...Contribute on global projectsAny other ideas? OWASP 23
  • 24. Questions and Discussion OWASP 24

×