Curphey AppSecUSA - Community The Killer Application

2,365 views

Published on

OWASP AppSec USA keynote speech

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,365
On SlideShare
0
From Embeds
0
Number of Embeds
883
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Curphey AppSecUSA - Community The Killer Application

  1. 1. TextSaturday, September 24, 11
  2. 2. Saturday, September 24, 11
  3. 3. Saturday, September 24, 11
  4. 4. Saturday, September 24, 11
  5. 5. Saturday, September 24, 11
  6. 6. Saturday, September 24, 11
  7. 7. Saturday, September 24, 11
  8. 8. Saturday, September 24, 11
  9. 9. =Saturday, September 24, 11
  10. 10. Family Started OWASP Internet Charles Schwab Watchfire Foundstone Microsoft SecurityWork Systems Atlanta San Francisco Boston France UK SeattleLivingSaturday, September 24, 11
  11. 11. 3/02/2003 - Space Shuttle Disintegrates 24/10/2002 - Snipers in DC 9/11/2001 - Twin Towers 04/11/2008 - President Obama, first black president 10/03/2003 - Bombing Starts in Iraq 29/08/2005 - Hurricane Katrina 26/12/2004 - Indonesia Tsunami 29/09/2008 - Dow falls 788 points 2011 - Arab SpringSaturday, September 24, 11
  12. 12. 07/2004 - Ruby on Rails released 15/01/2001 - Wikipedia Launched 2003 - First Web 2.0 conference 23/10/2001 - iPod unveiled 08/2/2005 - Term Ajax coined by Jesse James Garret 23/04/2005 - First video uploaded to YouTube 2/2004 - FaceBook created 3/2009 - FourSquare launched at SXSW 26/3/2006 - Twitter created 02/10/2008 - Chrome Browser released 09/01/2007 - iPhone unvieled 2001 - 0.5 billion with internet access 2011 ~2 billion with internet accessSaturday, September 24, 11
  13. 13. 2004 - SDL mandatory at Microsoft 2011 - LulzsecSaturday, September 24, 11
  14. 14. How will OWASP be even better in 2021 ? (The Hit List | The Watch List | The Wish List)Saturday, September 24, 11
  15. 15. The Hit ListSaturday, September 24, 11
  16. 16. Open Source (FOSS) as a Model for Trusted ParticipationSaturday, September 24, 11
  17. 17. 1. No Golden Rules 2. Rules Don’t Seem to HelpSaturday, September 24, 11
  18. 18. Communities are Like GardensSaturday, September 24, 11
  19. 19. Community Tools MatterSaturday, September 24, 11
  20. 20. Data Information Presentation Knowledge There Are Recipes for Project SuccessSaturday, September 24, 11
  21. 21. It’s Not What You Say You Are Going To Do, But What You Actually Do That’s ImportantSaturday, September 24, 11
  22. 22. YOU DON’T NEED AN ORGANIZATION TO BE ORGANIZEDSaturday, September 24, 11
  23. 23. Connecting People In Person Together is Critical OWASP Spain Chapter Meeting - May 2009, MadridSaturday, September 24, 11
  24. 24. Saturday, September 24, 11
  25. 25. Like-Minded People ConnectSaturday, September 24, 11
  26. 26. OWASP Charity RunSaturday, September 24, 11
  27. 27. Saturday, September 24, 11
  28. 28. 80% of the effects come from 20% of the causes “Pareto Principle”Saturday, September 24, 11
  29. 29. The Cream Always Rises to the TopSaturday, September 24, 11
  30. 30. Saturday, September 24, 11
  31. 31. Communities are OrganicSaturday, September 24, 11
  32. 32. It Doesn’t Matter How Fast You Are Running If You Are Moving In The Wrong DirectionSaturday, September 24, 11
  33. 33. Personal Recognition of Some Exceptional PeopleSaturday, September 24, 11
  34. 34. The Watch ListSaturday, September 24, 11
  35. 35. Saturday, September 24, 11
  36. 36. What Are the Hipsters Building With ? Test Driven Development Continuous Integration & Delivery Big Data & Map Reduce Behaviour Driven Development JQuery Node.js HTML5 + CSS3 + JavaScript Agile Django NoSQL JSON CoffeScript Rails Clojure oAuth 2.0 FB ConnectSaturday, September 24, 11
  37. 37. Embracing Agile Complexity Ag ft Complex So ile wa Chaotic Sw e S ee ec r t S ur po ity t Sw ee tS po Predictable t Simple Certainty “The Ralph Stacey Diagram”Saturday, September 24, 11
  38. 38. Security People Developers Operations As seen by Security People As seen by Developers As seen by OperationsSaturday, September 24, 11
  39. 39. Everyones Unique Everyones UniqueSaturday, September 24, 11
  40. 40. Being Unique Is Generally Not A Good ThingSaturday, September 24, 11
  41. 41. When You Are The Odd One Out It’s Tough to InfluenceSaturday, September 24, 11
  42. 42. For Most Developers Security < Performance < Features So OWASP Must Be As Easy As Ordering a Sandwich 1. Choose Your Bread 1. Choose Your Frameworks 2. Choose Your Fillings 2. Choose Your Languages 3. Your Choose Toppings 3. Choose Your Scenarios 4. Eat Your Sandwich 4. Get Your Knowledge & ToolsSaturday, September 24, 11
  43. 43. Builders Breakers Defenders Developers QA / Testers Operations Architects + Security Testers It’s Time to Move on From A Vulnerability Centric Project ViewSaturday, September 24, 11
  44. 44. The Wish ListSaturday, September 24, 11
  45. 45. My Wish List for OWASP 2011 to 2021 All About People 1. It has a CFO - Chief Finance Officer (better funding & partnerships) 2. It has a CTO - Chief Technology Officer (product & engineering management) 3. It has a CKO - Chief Knowledge Officer 4. It has a Head Teacher (CEO title didn’t work!) 5. It has a CPO - Chief People Officer (make life great for volunteers) 6. It has a ‘hack house’ (free lodging + food in a nice place for volunteers & interns)Saturday, September 24, 11
  46. 46. OWASP Security Tools for Developers Project Mini-summit / kick-off tonight (Probably in a bar somewhere) All welcome (really good Java developers welcome even more than all) ;-) @curphey on Twitter this afternoon #owaspSaturday, September 24, 11
  47. 47. mark@curphey.com | @curphey That’s All Folks!Saturday, September 24, 11

×