[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture

847 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
847
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture

  1. 1. OWASP Plan - Strawman Georgi Geshev OWASP Bulgaria LeaderOWASP georgi.geshev@owasp.org03.04.10 +359-884-237-207 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
  2. 2. AgendaPart 1: Introduction -Who are we? • What is this project all about? • Would you like to join the OWASP community?Part 2: Real world stories • Care to know about the OWASP Top 10 project? • How’s the web down there in Wonderland? OWASP 2
  3. 3. IntroductionWho Am I?(1) Free and Open Source Software Evangelist OWASP 3
  4. 4. IntroductionWho Am I?(1) Free and Open Source Software Evangelist(2) Enthusiastic Infosec Ninja OWASP 4
  5. 5. IntroductionWho Am I?(1) Free and Open Source Software Evangelist(2) Enthusiastic Infosec Ninja ① + ②= ? OWASP 5
  6. 6. IntroductionWho Am I?(1) Free and Open Source Software Evangelist(2) Enthusiastic Infosec Ninja ① + ②= ?Here’s the OWASP formula.. FOSS + WEB × APP × SEC = OWASP OWASP 6
  7. 7. The Open Web Application Security ProjectThe Open Web Application Security Project (OWASP) is a 501c3not-for-profit worldwide charitable organization focused onimproving the security of application software. Our mission is tomake application security visible, so that people and organizationscan make informed decisions about true application security risks.Everyone is free to participate in OWASP and all of our materialsare available under a free and open software license.http://www.owasp.org/index.php OWASP 7
  8. 8. The Open Web Application Security Project The Local Chapters Over 150 local chapters worldwide.. OWASP 8
  9. 9. The Open Web Application Security Project OWASP Bulgaria• This local chapter was founded in late 2010• Less than 10 mailing list members • Please consider joining the local chapter mailing list• Regular chapter meetings • Welcome to the first one of ‘em! • For submissions, suggestions, offers and questions.. • Forward your message to the mailing list • Contact me via email OWASP 9
  10. 10. The Open Web Application Security Project Organization Supporters OWASP 10
  11. 11. OWASP 11
  12. 12. The Open Web Application Security Project Show Your SupportConsider…• Donating• Becoming an OWASP (local chapter) member• Attending the local chapter regular meetings• Attending an OWASP AppSec series conference • Global AppSec Europe - June 6th-11th 2011 @Dublin, Ireland• Contributing to an OWASP project • Developers, beta testers, etc. OWASP 12
  13. 13. The Open Web Application Security Project Affiliation and MembershipCategories of Membership and Supporters • Individual Supporters • Single Meeting Supporter • Organization Supporters • Accredited University Supporters OWASP 13
  14. 14. The Open Web Application Security Project MembershipWhy Become a Supporting Member?• Ethics and principals of OWASP Foundation• Underscore your awareness of web application software security• Attend OWASP conferences at a discount• Expand your personal network of contacts• Support a local chapter of your choice• Get your @owasp.org email address• Have individual vote in electionshttp://www.owasp.org/index.php/Membership OWASP 14
  15. 15. The Open Web Application Security Project OWASP ProjectsTools and documents are organized into the following categories:• Protect – These are tools and documents that can be used to guard against security-related design and implementation flaws.• Detect – These are tools and documents that can be used to find security-related design and implementation flaws.• Life Cycle – These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC). OWASP 15
  16. 16. The Open Web Application Security Project The OWASP Top 10 ProjectProject details..• The OWASP Top Ten provides a powerful awareness document for web application security.• The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.• Its latest (stable) release dates from April 2010.• Creative Commons Attribution Share Alike 3.0 License ;)http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP 16
  17. 17. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection OWASP 17
  18. 18. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) OWASP 18
  19. 19. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management OWASP 19
  20. 20. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References OWASP 20
  21. 21. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) OWASP 21
  22. 22. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration OWASP 22
  23. 23. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage OWASP 23
  24. 24. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access OWASP 24
  25. 25. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection OWASP 25
  26. 26. The Open Web Application Security Project The OWASP Top 10 ProjectThe OWASP Top 10 Web Application Security Risks - A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection OWASP 26 A10: Unvalidated Redirects and Forwards
  27. 27. The Open Web Application Security Project The OWASP Top 10 Project OWASP 27
  28. 28. The Open Web Application Security Project The OWASP Top 10 Project OWASP 28
  29. 29. The Open Web Application Security Project The OWASP Top 10 Project “Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these paths represents a risk that may, or may not, be serious enough to warrant attention.”http://www.owasp.org/index.php/Top_10_2010-Main OWASP 29
  30. 30. The Open Web Application Security Project The OWASP Top 10 ProjectCompanies, vendors and others (officially) profiting from The OWASP Top 10.. OWASP 30
  31. 31. The Open Web Application Security Project OWASP Guides Don’t stop at The OWASP Top 10!Because The OWASP Top 10 project is simply not enough..• OWASP Development Guide (Developer’s Guide)• OWASP Testing Project (Testing Guide)• OWASP Code Review Project (Code Review Guide) OWASP 31
  32. 32. The Open Web Application Security Project В страната на чудесата ;) OWASP 32
  33. 33. The Open Web Application Security Project В страната на чудесата ;) “Здравословното” състояние на българския уеб.. OWASP 33
  34. 34. The Open Web Application Security Project В страната на чудесата ;) OWASP 34
  35. 35. Shout outs go to …• Kate Hartmann (Operations Director at OWASP)• Tom Brennan (Global Board Member at OWASP)All of these folks and a few more.. • P. Stefanov • Y. Kolev • M. Soler ..for kindly recommending and helping me set up this chapter!• Thank you to all of you for attending this very first meeting ;) OWASP 35
  36. 36. Thank you for your attention!Please forward any questions, comments and suggestions to: georgi.geshev@owasp.org OWASP 36

×