Your SlideShare is downloading. ×
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture

563
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
563
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OWASP Plan - Strawman Georgi Geshev OWASP Bulgaria LeaderOWASP georgi.geshev@owasp.org03.04.10 +359-884-237-207 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
  • 2. AgendaPart 1: Introduction -Who are we? • What is this project all about? • Would you like to join the OWASP community?Part 2: Real world stories • Care to know about the OWASP Top 10 project? • How’s the web down there in Wonderland? OWASP 2
  • 3. IntroductionWho Am I?(1) Free and Open Source Software Evangelist OWASP 3
  • 4. IntroductionWho Am I?(1) Free and Open Source Software Evangelist(2) Enthusiastic Infosec Ninja OWASP 4
  • 5. IntroductionWho Am I?(1) Free and Open Source Software Evangelist(2) Enthusiastic Infosec Ninja ① + ②= ? OWASP 5
  • 6. IntroductionWho Am I?(1) Free and Open Source Software Evangelist(2) Enthusiastic Infosec Ninja ① + ②= ?Here’s the OWASP formula.. FOSS + WEB × APP × SEC = OWASP OWASP 6
  • 7. The Open Web Application Security ProjectThe Open Web Application Security Project (OWASP) is a 501c3not-for-profit worldwide charitable organization focused onimproving the security of application software. Our mission is tomake application security visible, so that people and organizationscan make informed decisions about true application security risks.Everyone is free to participate in OWASP and all of our materialsare available under a free and open software license.http://www.owasp.org/index.php OWASP 7
  • 8. The Open Web Application Security Project The Local Chapters Over 150 local chapters worldwide.. OWASP 8
  • 9. The Open Web Application Security Project OWASP Bulgaria• This local chapter was founded in late 2010• Less than 10 mailing list members • Please consider joining the local chapter mailing list• Regular chapter meetings • Welcome to the first one of ‘em! • For submissions, suggestions, offers and questions.. • Forward your message to the mailing list • Contact me via email OWASP 9
  • 10. The Open Web Application Security Project Organization Supporters OWASP 10
  • 11. OWASP 11
  • 12. The Open Web Application Security Project Show Your SupportConsider…• Donating• Becoming an OWASP (local chapter) member• Attending the local chapter regular meetings• Attending an OWASP AppSec series conference • Global AppSec Europe - June 6th-11th 2011 @Dublin, Ireland• Contributing to an OWASP project • Developers, beta testers, etc. OWASP 12
  • 13. The Open Web Application Security Project Affiliation and MembershipCategories of Membership and Supporters • Individual Supporters • Single Meeting Supporter • Organization Supporters • Accredited University Supporters OWASP 13
  • 14. The Open Web Application Security Project MembershipWhy Become a Supporting Member?• Ethics and principals of OWASP Foundation• Underscore your awareness of web application software security• Attend OWASP conferences at a discount• Expand your personal network of contacts• Support a local chapter of your choice• Get your @owasp.org email address• Have individual vote in electionshttp://www.owasp.org/index.php/Membership OWASP 14
  • 15. The Open Web Application Security Project OWASP ProjectsTools and documents are organized into the following categories:• Protect – These are tools and documents that can be used to guard against security-related design and implementation flaws.• Detect – These are tools and documents that can be used to find security-related design and implementation flaws.• Life Cycle – These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC). OWASP 15
  • 16. The Open Web Application Security Project The OWASP Top 10 ProjectProject details..• The OWASP Top Ten provides a powerful awareness document for web application security.• The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.• Its latest (stable) release dates from April 2010.• Creative Commons Attribution Share Alike 3.0 License ;)http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP 16
  • 17. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection OWASP 17
  • 18. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) OWASP 18
  • 19. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management OWASP 19
  • 20. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References OWASP 20
  • 21. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) OWASP 21
  • 22. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration OWASP 22
  • 23. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage OWASP 23
  • 24. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access OWASP 24
  • 25. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection OWASP 25
  • 26. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection OWASP 26 A10: Unvalidated Redirects and Forwards
  • 27. The Open Web Application Security Project The OWASP Top 10 Project OWASP 27
  • 28. The Open Web Application Security Project The OWASP Top 10 Project OWASP 28
  • 29. The Open Web Application Security Project The OWASP Top 10 Project “Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these paths represents a risk that may, or may not, be serious enough to warrant attention.”http://www.owasp.org/index.php/Top_10_2010-Main OWASP 29
  • 30. The Open Web Application Security Project The OWASP Top 10 ProjectCompanies, vendors and others (officially) profiting from The OWASP Top 10.. OWASP 30
  • 31. The Open Web Application Security Project OWASP Guides Don’t stop at The OWASP Top 10!Because The OWASP Top 10 project is simply not enough..• OWASP Development Guide (Developer’s Guide)• OWASP Testing Project (Testing Guide)• OWASP Code Review Project (Code Review Guide) OWASP 31
  • 32. The Open Web Application Security Project В страната на чудесата ;) OWASP 32
  • 33. The Open Web Application Security Project В страната на чудесата ;) “Здравословното” състояние на българския уеб.. OWASP 33
  • 34. The Open Web Application Security Project В страната на чудесата ;) OWASP 34
  • 35. Shout outs go to …• Kate Hartmann (Operations Director at OWASP)• Tom Brennan (Global Board Member at OWASP)All of these folks and a few more.. • P. Stefanov • Y. Kolev • M. Soler ..for kindly recommending and helping me set up this chapter!• Thank you to all of you for attending this very first meeting ;) OWASP 35
  • 36. Thank you for your attention!Please forward any questions, comments and suggestions to: georgi.geshev@owasp.org OWASP 36

×