SlideShare a Scribd company logo
1 of 47
Download to read offline
Text




Saturday, September 24, 11
Saturday, September 24, 11
Saturday, September 24, 11
Saturday, September 24, 11
Saturday, September 24, 11
Saturday, September 24, 11
Saturday, September 24, 11
Saturday, September 24, 11
=



Saturday, September 24, 11
Family




                                                 Started OWASP

                     Internet   Charles Schwab    Watchfire    Foundstone               Microsoft
                     Security
Work                 Systems




                  Atlanta       San Francisco                Boston        France UK     Seattle
Living




Saturday, September 24, 11
3/02/2003 - Space Shuttle Disintegrates


                   24/10/2002 - Snipers in DC



       9/11/2001 - Twin Towers                                 04/11/2008 - President Obama, first black president


                   10/03/2003 - Bombing Starts in Iraq



                                        29/08/2005 - Hurricane Katrina


                       26/12/2004 - Indonesia Tsunami          29/09/2008 - Dow falls 788 points




                                                                                      2011 - Arab Spring




Saturday, September 24, 11
07/2004 - Ruby on Rails released


          15/01/2001 - Wikipedia Launched                         2003 - First Web 2.0 conference


         23/10/2001 - iPod unveiled
                                                08/2/2005 - Term Ajax coined by Jesse James Garret


                                                23/04/2005 - First video uploaded to YouTube


                                        2/2004 - FaceBook created            3/2009 - FourSquare launched at SXSW


                                                        26/3/2006 - Twitter created


                                                                         02/10/2008 - Chrome Browser released


                                                                    09/01/2007 - iPhone unvieled




      2001 - 0.5 billion with internet access                                         2011 ~2 billion with internet access


Saturday, September 24, 11
2004 - SDL mandatory at Microsoft




                               2011 - Lulzsec




Saturday, September 24, 11
How will OWASP be even better in 2021 ?
                             (The Hit List | The Watch List | The Wish List)




Saturday, September 24, 11
The Hit List



Saturday, September 24, 11
Open Source (FOSS) as a Model for
              Trusted Participation
Saturday, September 24, 11
1. No Golden Rules
                             2. Rules Don’t Seem to Help
Saturday, September 24, 11
Communities are Like Gardens
Saturday, September 24, 11
Community Tools Matter




Saturday, September 24, 11
Data
                                  Information




                   Presentation   Knowledge


   There Are Recipes for Project Success
Saturday, September 24, 11
It’s Not What You Say You Are Going To Do, But
                 What You Actually Do That’s Important




Saturday, September 24, 11
YOU DON’T NEED
                             AN ORGANIZATION
                             TO BE ORGANIZED




Saturday, September 24, 11
Connecting People In Person
  Together is Critical




                             OWASP Spain Chapter Meeting - May 2009, Madrid

Saturday, September 24, 11
Saturday, September 24, 11
Like-Minded People Connect
Saturday, September 24, 11
OWASP Charity Run
Saturday, September 24, 11
Saturday, September 24, 11
80% of the effects come
     from 20% of the causes
     “Pareto Principle”




Saturday, September 24, 11
The Cream Always Rises to
                    the Top
Saturday, September 24, 11
Saturday, September 24, 11
Communities are Organic
Saturday, September 24, 11
It Doesn’t Matter How Fast You Are Running If
          You Are Moving In The Wrong Direction




Saturday, September 24, 11
Personal Recognition of Some
           Exceptional People




Saturday, September 24, 11
The Watch List



Saturday, September 24, 11
Saturday, September 24, 11
What Are the Hipsters Building With ?

                  Test Driven Development
                                                       Continuous Integration & Delivery
              Big Data & Map Reduce

                                                Behaviour Driven Development
                  JQuery
                                  Node.js
                                                    HTML5 + CSS3 + JavaScript

           Agile
                             Django         NoSQL          JSON         CoffeScript

           Rails               Clojure
                                               oAuth 2.0          FB Connect



Saturday, September 24, 11
Embracing Agile
                     Complexity




                                          Ag ft
                                                                     Complex


                                            So
                                            ile wa
                                                                     Chaotic



                                                Sw e S
                                                  ee ec
                                                   r

                                                     t S ur
                                                        po ity
                                                          t Sw
                                                               ee
                                                              tS
                                                                po
                                  Predictable

                                                                    t
                                  Simple

                                                                     Certainty


                                  “The Ralph Stacey Diagram”


Saturday, September 24, 11
Security People   Developers   Operations




   As seen by
   Security People




     As seen by
     Developers




     As seen by
     Operations




Saturday, September 24, 11
Everyones Unique



                         Everyones Unique




Saturday, September 24, 11
Being Unique Is Generally
             Not A Good Thing
Saturday, September 24, 11
When You Are The Odd One Out
         It’s Tough to Influence




Saturday, September 24, 11
For Most Developers


         Security < Performance < Features

         So OWASP Must Be As Easy As
             Ordering a Sandwich

         1. Choose Your Bread      1. Choose Your Frameworks
         2. Choose Your Fillings   2. Choose Your Languages
         3. Your Choose Toppings   3. Choose Your Scenarios
         4. Eat Your Sandwich      4. Get Your Knowledge & Tools




Saturday, September 24, 11
Builders        Breakers            Defenders




          Developers         QA / Testers         Operations
          Architects         + Security Testers



            It’s Time to Move on From A
          Vulnerability Centric Project View

Saturday, September 24, 11
The Wish List



Saturday, September 24, 11
My Wish List for OWASP 2011 to 2021
                                                      All About People
   1. It has a CFO - Chief Finance Officer
               (better funding & partnerships)
   2. It has a CTO - Chief Technology Officer
               (product & engineering management)
   3. It has a CKO - Chief Knowledge Officer
   4. It has a Head Teacher (CEO title didn’t work!)
   5. It has a CPO - Chief People Officer
               (make life great for volunteers)


   6. It has a ‘hack house’
               (free lodging + food in a nice place for
               volunteers & interns)




Saturday, September 24, 11
OWASP Security Tools for Developers
                 Project

    Mini-summit / kick-off tonight
    (Probably in a bar somewhere)
    All welcome (really good Java
    developers welcome even more
    than all) ;-)
    @curphey on Twitter this
    afternoon #owasp
Saturday, September 24, 11
mark@curphey.com | @curphey




                             That’s All Folks!
Saturday, September 24, 11

More Related Content

Viewers also liked

Social Media Brand Strategy: The Four Districts Approach
Social Media Brand Strategy: The Four Districts ApproachSocial Media Brand Strategy: The Four Districts Approach
Social Media Brand Strategy: The Four Districts ApproachDiamond Marketing
 
The Economist Brand Strategy Presentation
The Economist Brand Strategy PresentationThe Economist Brand Strategy Presentation
The Economist Brand Strategy PresentationGaurav Venkateswar
 
Brand Positioning Pbm
Brand Positioning PbmBrand Positioning Pbm
Brand Positioning PbmGOEL'S WORLD
 
Kfc brand strategy pyramid
Kfc brand strategy pyramidKfc brand strategy pyramid
Kfc brand strategy pyramidPraveen Paul
 
The Brand Strategy Canvas: a One-Page Strategy for Startups
The Brand Strategy Canvas: a One-Page Strategy for StartupsThe Brand Strategy Canvas: a One-Page Strategy for Startups
The Brand Strategy Canvas: a One-Page Strategy for Startupspatrickjwoods
 
Perceptual mapping
Perceptual mappingPerceptual mapping
Perceptual mappinganuragsoni21
 
Positioning and differentiation by using brand personality attributes
Positioning and differentiation by using brand personality attributesPositioning and differentiation by using brand personality attributes
Positioning and differentiation by using brand personality attributesAbdallah Alhroub
 
A process framework to capture tacit knowledge using storytelling
A process framework to  capture tacit knowledge using storytellingA process framework to  capture tacit knowledge using storytelling
A process framework to capture tacit knowledge using storytellingAbdallah Alhroub
 
Toys "R" Us Marketing Plan
Toys "R" Us Marketing PlanToys "R" Us Marketing Plan
Toys "R" Us Marketing PlanAri Ratner
 
Brand Strategy Toolkit
Brand Strategy ToolkitBrand Strategy Toolkit
Brand Strategy Toolkitmails2yamini
 
Chapter 16 Consumer Buying Decision
Chapter 16  Consumer Buying DecisionChapter 16  Consumer Buying Decision
Chapter 16 Consumer Buying DecisionAvinash Kumar
 
Brand Positioning
Brand PositioningBrand Positioning
Brand PositioningCiti bank
 
Understanding text-structure-powerpoint
Understanding text-structure-powerpointUnderstanding text-structure-powerpoint
Understanding text-structure-powerpointaelowans
 

Viewers also liked (19)

positioning map of beer
positioning map of beer positioning map of beer
positioning map of beer
 
The Brand Canvas
The Brand CanvasThe Brand Canvas
The Brand Canvas
 
Social Media Brand Strategy: The Four Districts Approach
Social Media Brand Strategy: The Four Districts ApproachSocial Media Brand Strategy: The Four Districts Approach
Social Media Brand Strategy: The Four Districts Approach
 
E Marketing Ch9 Differentiation Positioning
E Marketing Ch9 Differentiation PositioningE Marketing Ch9 Differentiation Positioning
E Marketing Ch9 Differentiation Positioning
 
Kate Spade Brand Strategy
Kate Spade Brand StrategyKate Spade Brand Strategy
Kate Spade Brand Strategy
 
The Economist Brand Strategy Presentation
The Economist Brand Strategy PresentationThe Economist Brand Strategy Presentation
The Economist Brand Strategy Presentation
 
Brand Positioning Pbm
Brand Positioning PbmBrand Positioning Pbm
Brand Positioning Pbm
 
Product and Brand
Product and BrandProduct and Brand
Product and Brand
 
Kfc brand strategy pyramid
Kfc brand strategy pyramidKfc brand strategy pyramid
Kfc brand strategy pyramid
 
The Brand Strategy Canvas: a One-Page Strategy for Startups
The Brand Strategy Canvas: a One-Page Strategy for StartupsThe Brand Strategy Canvas: a One-Page Strategy for Startups
The Brand Strategy Canvas: a One-Page Strategy for Startups
 
Perceptual mapping
Perceptual mappingPerceptual mapping
Perceptual mapping
 
Positioning and differentiation by using brand personality attributes
Positioning and differentiation by using brand personality attributesPositioning and differentiation by using brand personality attributes
Positioning and differentiation by using brand personality attributes
 
A process framework to capture tacit knowledge using storytelling
A process framework to  capture tacit knowledge using storytellingA process framework to  capture tacit knowledge using storytelling
A process framework to capture tacit knowledge using storytelling
 
Toys "R" Us Marketing Plan
Toys "R" Us Marketing PlanToys "R" Us Marketing Plan
Toys "R" Us Marketing Plan
 
Brand Strategy Toolkit
Brand Strategy ToolkitBrand Strategy Toolkit
Brand Strategy Toolkit
 
Developing a Brand Strategy
Developing a Brand StrategyDeveloping a Brand Strategy
Developing a Brand Strategy
 
Chapter 16 Consumer Buying Decision
Chapter 16  Consumer Buying DecisionChapter 16  Consumer Buying Decision
Chapter 16 Consumer Buying Decision
 
Brand Positioning
Brand PositioningBrand Positioning
Brand Positioning
 
Understanding text-structure-powerpoint
Understanding text-structure-powerpointUnderstanding text-structure-powerpoint
Understanding text-structure-powerpoint
 

More from Mark Curphey

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real WorldMark Curphey
 
Product Definition
Product DefinitionProduct Definition
Product DefinitionMark Curphey
 
Marketing Introduction
Marketing IntroductionMarketing Introduction
Marketing IntroductionMark Curphey
 
Advertising Theory
Advertising TheoryAdvertising Theory
Advertising TheoryMark Curphey
 
Innovators Dilemma Slides
Innovators Dilemma SlidesInnovators Dilemma Slides
Innovators Dilemma SlidesMark Curphey
 
Managing Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial InstitutionsManaging Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial InstitutionsMark Curphey
 
Hack in the Box Keynote 2006
Hack in the Box Keynote 2006Hack in the Box Keynote 2006
Hack in the Box Keynote 2006Mark Curphey
 

More from Mark Curphey (10)

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
Research
ResearchResearch
Research
 
Product Definition
Product DefinitionProduct Definition
Product Definition
 
New product Offer
New product OfferNew product Offer
New product Offer
 
Marketing Introduction
Marketing IntroductionMarketing Introduction
Marketing Introduction
 
Advertising Theory
Advertising TheoryAdvertising Theory
Advertising Theory
 
Innovators Dilemma Slides
Innovators Dilemma SlidesInnovators Dilemma Slides
Innovators Dilemma Slides
 
Managing Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial InstitutionsManaging Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial Institutions
 
Hack in the Box Keynote 2006
Hack in the Box Keynote 2006Hack in the Box Keynote 2006
Hack in the Box Keynote 2006
 
Naked Security
Naked SecurityNaked Security
Naked Security
 

Recently uploaded

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesSanjay Willie
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Curphey AppSecUSA - Community The Killer Application

  • 10. Family Started OWASP Internet Charles Schwab Watchfire Foundstone Microsoft Security Work Systems Atlanta San Francisco Boston France UK Seattle Living Saturday, September 24, 11
  • 11. 3/02/2003 - Space Shuttle Disintegrates 24/10/2002 - Snipers in DC 9/11/2001 - Twin Towers 04/11/2008 - President Obama, first black president 10/03/2003 - Bombing Starts in Iraq 29/08/2005 - Hurricane Katrina 26/12/2004 - Indonesia Tsunami 29/09/2008 - Dow falls 788 points 2011 - Arab Spring Saturday, September 24, 11
  • 12. 07/2004 - Ruby on Rails released 15/01/2001 - Wikipedia Launched 2003 - First Web 2.0 conference 23/10/2001 - iPod unveiled 08/2/2005 - Term Ajax coined by Jesse James Garret 23/04/2005 - First video uploaded to YouTube 2/2004 - FaceBook created 3/2009 - FourSquare launched at SXSW 26/3/2006 - Twitter created 02/10/2008 - Chrome Browser released 09/01/2007 - iPhone unvieled 2001 - 0.5 billion with internet access 2011 ~2 billion with internet access Saturday, September 24, 11
  • 13. 2004 - SDL mandatory at Microsoft 2011 - Lulzsec Saturday, September 24, 11
  • 14. How will OWASP be even better in 2021 ? (The Hit List | The Watch List | The Wish List) Saturday, September 24, 11
  • 15. The Hit List Saturday, September 24, 11
  • 16. Open Source (FOSS) as a Model for Trusted Participation Saturday, September 24, 11
  • 17. 1. No Golden Rules 2. Rules Don’t Seem to Help Saturday, September 24, 11
  • 18. Communities are Like Gardens Saturday, September 24, 11
  • 20. Data Information Presentation Knowledge There Are Recipes for Project Success Saturday, September 24, 11
  • 21. It’s Not What You Say You Are Going To Do, But What You Actually Do That’s Important Saturday, September 24, 11
  • 22. YOU DON’T NEED AN ORGANIZATION TO BE ORGANIZED Saturday, September 24, 11
  • 23. Connecting People In Person Together is Critical OWASP Spain Chapter Meeting - May 2009, Madrid Saturday, September 24, 11
  • 26. OWASP Charity Run Saturday, September 24, 11
  • 28. 80% of the effects come from 20% of the causes “Pareto Principle” Saturday, September 24, 11
  • 29. The Cream Always Rises to the Top Saturday, September 24, 11
  • 32. It Doesn’t Matter How Fast You Are Running If You Are Moving In The Wrong Direction Saturday, September 24, 11
  • 33. Personal Recognition of Some Exceptional People Saturday, September 24, 11
  • 34. The Watch List Saturday, September 24, 11
  • 36. What Are the Hipsters Building With ? Test Driven Development Continuous Integration & Delivery Big Data & Map Reduce Behaviour Driven Development JQuery Node.js HTML5 + CSS3 + JavaScript Agile Django NoSQL JSON CoffeScript Rails Clojure oAuth 2.0 FB Connect Saturday, September 24, 11
  • 37. Embracing Agile Complexity Ag ft Complex So ile wa Chaotic Sw e S ee ec r t S ur po ity t Sw ee tS po Predictable t Simple Certainty “The Ralph Stacey Diagram” Saturday, September 24, 11
  • 38. Security People Developers Operations As seen by Security People As seen by Developers As seen by Operations Saturday, September 24, 11
  • 39. Everyones Unique Everyones Unique Saturday, September 24, 11
  • 40. Being Unique Is Generally Not A Good Thing Saturday, September 24, 11
  • 41. When You Are The Odd One Out It’s Tough to Influence Saturday, September 24, 11
  • 42. For Most Developers Security < Performance < Features So OWASP Must Be As Easy As Ordering a Sandwich 1. Choose Your Bread 1. Choose Your Frameworks 2. Choose Your Fillings 2. Choose Your Languages 3. Your Choose Toppings 3. Choose Your Scenarios 4. Eat Your Sandwich 4. Get Your Knowledge & Tools Saturday, September 24, 11
  • 43. Builders Breakers Defenders Developers QA / Testers Operations Architects + Security Testers It’s Time to Move on From A Vulnerability Centric Project View Saturday, September 24, 11
  • 44. The Wish List Saturday, September 24, 11
  • 45. My Wish List for OWASP 2011 to 2021 All About People 1. It has a CFO - Chief Finance Officer (better funding & partnerships) 2. It has a CTO - Chief Technology Officer (product & engineering management) 3. It has a CKO - Chief Knowledge Officer 4. It has a Head Teacher (CEO title didn’t work!) 5. It has a CPO - Chief People Officer (make life great for volunteers) 6. It has a ‘hack house’ (free lodging + food in a nice place for volunteers & interns) Saturday, September 24, 11
  • 46. OWASP Security Tools for Developers Project Mini-summit / kick-off tonight (Probably in a bar somewhere) All welcome (really good Java developers welcome even more than all) ;-) @curphey on Twitter this afternoon #owasp Saturday, September 24, 11
  • 47. mark@curphey.com | @curphey That’s All Folks! Saturday, September 24, 11