Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
OWASP Serbia Overview                    Nikola Milošević                    OWASP Serbia Local Chapter Leader            ...
What is OWASPProfessional organizationProfessionals, students, companies, universitiesAwarnessStandardsToolsDistribu...
Mission Make application security visible so that people and  organizations can make informed decisions about true  appli...
OWASP Core Values OPEN Everything at OWASP is radically transparent from our  finances to our code. INNOVATION OWASP enc...
OWASP Code of Ethics Perform all professional activities and duties in accordance with all  applicable laws and the highe...
Why should I care about security?                                    OWASP   6
Why should I care about security?Increased fraquency of attacksComplexity of malwareHacktivismOnline crimeInternet wa...
OWASP Projects - General3 groups:  Protect – Tools and docs used to protect  Detect – Tools and docs used to find  Lif...
OWASP Projects – OWASP Top 10                                OWASP   9
OWASP Projects – OWASP ApplicationSecurity Verification StandardOWASP StandardizationThe first internationally-recognize...
OWASP Projects – OWASP Live CDContent                                 OWASP   11
OWASP Projects – OWASP FrameworksOWASP AntySami Project (Java,.NET)  API for validating rich HTML/CSS input from users  ...
OWASP Projects – OWASP GuidesOWASP Development GuideOWASP .NET ProjectOWASP Ruby on Rails Security GuideOWASP Secure C...
OWASP Projects – OWASP ToolsOWASP JBroFuzz Project  JBroFuzz is a web application fuzzer for requests   being made over ...
OWASP Projects – OWASP Web GoatEducational projectWant to learn how to test security on web app?Try Web Goat!Learn to ...
OWASP Local chapters - Overview94 Countries288 Local Chapters                                  OWASP   16
OWASP Local chapters - OverviewLocal communitiesWorking on rising awareness of IT Security  Management level  Develope...
AppSec conferences OWASP AppSec conferences bring together industry,  government, security researchers, and practitioners...
AppSec conferencesRegional and Local AppSec ConferencesOWASP Day – usualy one day conferenceOne or more days           ...
Academic partners                    OWASP   20
SponsorsContent           OWASP   21
Google Summer of Code 2012OWASP is officialy selected as GSoC mentoring organization   1) Think of a good idea – For ref...
Local Chapter SerbiaLocal chapter meetings – every monthSpreading the avareness, do the PROWASP day – hopefulyCompetit...
Questions and Discussion                           OWASP   24
Upcoming SlideShare
Loading in …5
×

Owasp Serbia overview

1,464 views

Published on

Presentation held 09.04.2012. in Belgrade. Overview of OWASP and OWASP Serbia Local Chapter.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Owasp Serbia overview

  1. 1. OWASP Serbia Overview Nikola Milošević OWASP Serbia Local Chapter Leader P3 Communications nikola.milosevic@owasp.orgOWASP9.4.2012. Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
  2. 2. What is OWASPProfessional organizationProfessionals, students, companies, universitiesAwarnessStandardsToolsDistributed, global peers OWASP 2
  3. 3. Mission Make application security visible so that people and organizations can make informed decisions about true application security risk What causes? • Immediate causes – vulnerabilities themselves • Developers and operators • Organizational structure, development process, supporting technology • Increasing connectivity and complexity • Legal and regulatory environment • Asymmetric information in the software market OWASP 3
  4. 4. OWASP Core Values OPEN Everything at OWASP is radically transparent from our finances to our code. INNOVATION OWASP encourages and supports innovation/experiments for solutions to software security challenges. GLOBAL Anyone around the world is encouraged to participate in the OWASP community. INTEGRITY OWASP is an honest and truthful, vendor agnostic, global community OWASP 4
  5. 5. OWASP Code of Ethics Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles; Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities; To communicate openly and honestly; Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association; To maintain and affirm our objectivity and independence; To reject inappropriate pressure from industry or others; OWASP 5
  6. 6. Why should I care about security? OWASP 6
  7. 7. Why should I care about security?Increased fraquency of attacksComplexity of malwareHacktivismOnline crimeInternet warfareTechnological espionageCrackingEtc... OWASP 7
  8. 8. OWASP Projects - General3 groups: Protect – Tools and docs used to protect Detect – Tools and docs used to find Life Cycle – Tools and docs used to add security related activities in Software Developement LifecycleEveryone can start project, after review and acceptance from Global Committee OWASP 8
  9. 9. OWASP Projects – OWASP Top 10 OWASP 9
  10. 10. OWASP Projects – OWASP ApplicationSecurity Verification StandardOWASP StandardizationThe first internationally-recognized standard for conducting application security assessments.Security testing and code review techniquesCovers both automated and manual approaches for assessingWeb application – releasedWeb services – in progress OWASP 10
  11. 11. OWASP Projects – OWASP Live CDContent OWASP 11
  12. 12. OWASP Projects – OWASP FrameworksOWASP AntySami Project (Java,.NET) API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacksOWASP Enterprise Security API (ESAPI) Free and open collection of all the security methods that a developer needs to build a secure web application.OWASP Mod Security Rule Set Project web application firewall engine generic protection from unknown vulnerabilities often found in web applications OWASP 12
  13. 13. OWASP Projects – OWASP GuidesOWASP Development GuideOWASP .NET ProjectOWASP Ruby on Rails Security GuideOWASP Secure Coding Practices – Quick ReferenceOWASP Code Review GuideOWASP Testing GuideOWASP Legal Project OWASP 13
  14. 14. OWASP Projects – OWASP ToolsOWASP JBroFuzz Project JBroFuzz is a web application fuzzer for requests being made over HTTP or HTTPSOWASP Web Scarab Project Tool for performing all types of security testing on web applications and web servicesOWASP Zed Attack Proxy penetration testing tool for finding vulnerabilities in web applications. used by people with a wide range of security experience Toolsmith tool of the year 2011 OWASP 14
  15. 15. OWASP Projects – OWASP Web GoatEducational projectWant to learn how to test security on web app?Try Web Goat!Learn to perform OWASP Top 10Other Goat projects: GoatDroid iGoat OWASP 15
  16. 16. OWASP Local chapters - Overview94 Countries288 Local Chapters OWASP 16
  17. 17. OWASP Local chapters - OverviewLocal communitiesWorking on rising awareness of IT Security Management level Developer level Ordinary peopleKnowledge sharingLocal chapters contribute on OWASP projectsGuided by Local Chapter Handbook OWASP 17
  18. 18. AppSec conferences OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security.Started in 2004. in USA, 2005. in EuropeGlobal AppSec conferences AppSec Asia-Pacific 11. – 14. April, Sydney, Australia Global AppSec Research 10 – 13 July, Athens, Greece AppSec North America 22 – 26 Oct, Austin,TX AppSec Latin America 14 – 16 Nov, Buenos Aires, Argentina OWASP 18
  19. 19. AppSec conferencesRegional and Local AppSec ConferencesOWASP Day – usualy one day conferenceOne or more days OWASP 19
  20. 20. Academic partners OWASP 20
  21. 21. SponsorsContent OWASP 21
  22. 22. Google Summer of Code 2012OWASP is officialy selected as GSoC mentoring organization  1) Think of a good idea – For reference see GSoC 2012 Ideas  2) Do some research yourself based on the idea, write up a proposal draft  3) Post it to the mailing list at gsoc@lists.owasp.org for initial discussions with OWASP mentors.  4) Based on feedback, write a full proposal – See template below:https://www.owasp.org/index.php/GSoC_SAT  5) Submit your proposal to Google from March 26–April 6, 2012.April – August coding OWASP 22
  23. 23. Local Chapter SerbiaLocal chapter meetings – every monthSpreading the avareness, do the PROWASP day – hopefulyCompetitionWorking groups – PR, FR, IT...Contribute on global projectsAny other ideas? OWASP 23
  24. 24. Questions and Discussion OWASP 24

×