Download to read offline
Uploaded byMark Curphey
Curphey AppSecUSA - Community The Killer Application
This document appears to be notes from a presentation given by Mark Curphey on September 24, 2011 about the future of OWASP (Open Web Application Security Project) and security. It contains ideas for how OWASP can improve by 2021, including developing a more structured organization with defined leadership roles, offering resources like housing for volunteers, and creating security tools specifically for developers. The presentation also discusses challenges like different perspectives between security, development and operations teams and ideas for bridging those gaps.
More Related Content
Similar to Curphey AppSecUSA - Community The Killer Application
Curphey AppSecUSA - Community The Killer Application
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10. Family Started OWASP Internet Charles Schwab Watchfire Foundstone Microsoft Security Work Systems Atlanta San Francisco Boston France UK Seattle Living Saturday, September 24, 11
- 11. 3/02/2003 - SpaceShuttle Disintegrates 24/10/2002 - Snipers in DC 9/11/2001 - Twin Towers 04/11/2008 - President Obama, first black president 10/03/2003 - Bombing Starts in Iraq 29/08/2005 - Hurricane Katrina 26/12/2004 - Indonesia Tsunami 29/09/2008 - Dow falls 788 points 2011 - Arab Spring Saturday, September 24, 11
- 12. 07/2004 - Rubyon Rails released 15/01/2001 - Wikipedia Launched 2003 - First Web 2.0 conference 23/10/2001 - iPod unveiled 08/2/2005 - Term Ajax coined by Jesse James Garret 23/04/2005 - First video uploaded to YouTube 2/2004 - FaceBook created 3/2009 - FourSquare launched at SXSW 26/3/2006 - Twitter created 02/10/2008 - Chrome Browser released 09/01/2007 - iPhone unvieled 2001 - 0.5 billion with internet access 2011 ~2 billion with internet access Saturday, September 24, 11
- 13. 2004 - SDLmandatory at Microsoft 2011 - Lulzsec Saturday, September 24, 11
- 14. How will OWASPbe even better in 2021 ? (The Hit List | The Watch List | The Wish List) Saturday, September 24, 11
- 15. The Hit List Saturday,September 24, 11
- 16. Open Source (FOSS)as a Model for Trusted Participation Saturday, September 24, 11
- 17. 1. No GoldenRules 2. Rules Don’t Seem to Help Saturday, September 24, 11
- 18. Communities are LikeGardens Saturday, September 24, 11
- 19. Community Tools Matter Saturday,September 24, 11
- 20. Data Information Presentation Knowledge There Are Recipes for Project Success Saturday, September 24, 11
- 21. It’s Not WhatYou Say You Are Going To Do, But What You Actually Do That’s Important Saturday, September 24, 11
- 22. YOU DON’T NEED AN ORGANIZATION TO BE ORGANIZED Saturday, September 24, 11
- 23. Connecting People InPerson Together is Critical OWASP Spain Chapter Meeting - May 2009, Madrid Saturday, September 24, 11
- 24.
- 25. Like-Minded People Connect Saturday,September 24, 11
- 26. OWASP Charity Run Saturday,September 24, 11
- 27.
- 28. 80% of theeffects come from 20% of the causes “Pareto Principle” Saturday, September 24, 11
- 29. The Cream AlwaysRises to the Top Saturday, September 24, 11
- 30.
- 31. Communities are Organic Saturday,September 24, 11
- 32. It Doesn’t MatterHow Fast You Are Running If You Are Moving In The Wrong Direction Saturday, September 24, 11
- 33. Personal Recognition ofSome Exceptional People Saturday, September 24, 11
- 34. The Watch List Saturday,September 24, 11
- 35.
- 36. What Are theHipsters Building With ? Test Driven Development Continuous Integration & Delivery Big Data & Map Reduce Behaviour Driven Development JQuery Node.js HTML5 + CSS3 + JavaScript Agile Django NoSQL JSON CoffeScript Rails Clojure oAuth 2.0 FB Connect Saturday, September 24, 11
- 37. Embracing Agile Complexity Ag ft Complex So ile wa Chaotic Sw e S ee ec r t S ur po ity t Sw ee tS po Predictable t Simple Certainty “The Ralph Stacey Diagram” Saturday, September 24, 11
- 38. Security People Developers Operations As seen by Security People As seen by Developers As seen by Operations Saturday, September 24, 11
- 39. Everyones Unique Everyones Unique Saturday, September 24, 11
- 40. Being Unique IsGenerally Not A Good Thing Saturday, September 24, 11
- 41. When You AreThe Odd One Out It’s Tough to Influence Saturday, September 24, 11
- 42. For Most Developers Security < Performance < Features So OWASP Must Be As Easy As Ordering a Sandwich 1. Choose Your Bread 1. Choose Your Frameworks 2. Choose Your Fillings 2. Choose Your Languages 3. Your Choose Toppings 3. Choose Your Scenarios 4. Eat Your Sandwich 4. Get Your Knowledge & Tools Saturday, September 24, 11
- 43. Builders Breakers Defenders Developers QA / Testers Operations Architects + Security Testers It’s Time to Move on From A Vulnerability Centric Project View Saturday, September 24, 11
- 44. The Wish List Saturday,September 24, 11
- 45. My Wish Listfor OWASP 2011 to 2021 All About People 1. It has a CFO - Chief Finance Officer (better funding & partnerships) 2. It has a CTO - Chief Technology Officer (product & engineering management) 3. It has a CKO - Chief Knowledge Officer 4. It has a Head Teacher (CEO title didn’t work!) 5. It has a CPO - Chief People Officer (make life great for volunteers) 6. It has a ‘hack house’ (free lodging + food in a nice place for volunteers & interns) Saturday, September 24, 11
- 46. OWASP Security Toolsfor Developers Project Mini-summit / kick-off tonight (Probably in a bar somewhere) All welcome (really good Java developers welcome even more than all) ;-) @curphey on Twitter this afternoon #owasp Saturday, September 24, 11
- 47. mark@curphey.com | @curphey That’s All Folks! Saturday, September 24, 11