View
38
Download
0
Category
Preview:
DESCRIPTION
Dinis Cruz OWASP dinis.cruz@owasp.net. OWASP 2.0 Enabling organizations to develop, maintain, and acquire applications they can trust. Mission. Enabling organizations to develop, maintain, and purchase applications that they can trust. OWASP Foundation. - PowerPoint PPT Presentation
Citation preview
Copyright © 2006 - The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/
The OWASP Foundation
OWASP
AppSec
Seattle
October 2006
http://www.owasp.org/
OWASP 2.0Enabling organizations to develop, maintain, and acquire applications they can trust
Dinis CruzOWASP
dinis.cruz@owasp.net
2OWASP AppSec Seattle 2006
Mission
Enabling organizations to develop, maintain, and purchase applications that they can trust
3OWASP AppSec Seattle 2006
OWASP Foundation
The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all.
4OWASP AppSec Seattle 2006
History
2000: Mark Curphey and Microsoft Word 2001: OWASP Guide 1.0 Sep 2002: Many volunteers finish 1.1.1 Oct 2002: owasp-leaders created
Leaders from each project This meritocracy still leads us today
2003: OWASP Foundation created -> 2006: tons of new projects (see
tomorrow)
5OWASP AppSec Seattle 2006
It’s about community
Built on great foundations built by our contributors
Greater peer to peer participation Emphasis on local community building More support for your projects
6OWASP AppSec Seattle 2006
www.owasp.org
7OWASP AppSec Seattle 2006
It’s about building a solid foundation
Transparency Annual Report, financial detailsAnnual report (with financial details) starting
2006Move to more formal structure in 2007
timeframe (à la Apache, NetBSD, Debian, etc)
Improve membership experienceMembership packages
Individual Corporate Sponsor
Starter chapter pack
8OWASP AppSec Seattle 2006
Autumn of Code 2006
»The Open Web Application Security Project (OWASP) has recently launched a new project entitled "OWASP Autumn of Code 2006” that is aimed at financially sponsoring contributions to OWASP Projects.
On the 18th of September our call for entries ended and on the 25th of September we released our list of selected projects to be sponsored. OWASP has made the decision to sponsor 9 projects (5 at $3,500 USD and 4 at $5,000 USD) instead of our originally planned number of 8.
9OWASP AppSec Seattle 2006
Autumn of Code 2006 - Projects
WebScarab NG – Rogan Dawes Live CD – Joshua Perrymon CAL9000 – Chris Loomis SiteGenerator and ORG – Mike de Libero Pantera – Simon Roses Web Goat – Sherif Koussa Testing Guide – Matteo Meucci OWASP .NET Tools – Boris Maletic OWASP Website and Branding – Aaron M.
Holmes
10OWASP AppSec Seattle 2006
Current projects (see website)
Release QualityBeta Status Alpha StatusTechnology, Research, and Guides
11OWASP AppSec Seattle 2006
Funding model
Need to increase OWASP individual and corporate members
Current funding model Conferences Corporate and Individual Memberships (to
be GNI adjusted) Advertising Sponsorships
12OWASP AppSec Seattle 2006
OWASP Membership An active voice in the development of OWASP Materials that are
becoming widely accepted as an application security standard for all organizations.
A OWASP Commercial License to use the materials within your organization without the restrictions associated with the various open source licenses used by the OWASP projects.
Timely electronic notification of updates to the OWASP Materials. Visibility for your organization's tangible commitment to application
security through its inclusion in the members list on the OWASP website and promotional materials.
The right to use the OWASP name and membership mark to show that you are an OWASP Member. Note that the mark must not be used in any way that might indicate that OWASP supports a commercial product or service.
Collaboration with other highly skilled people from organizations around the world, both virtually and in person during periodic OWASP AppSec conferences and chapter meetings.
Discounted registration fees for OWASP AppSec conferences to all individual members and all employees of member organizations.
13OWASP AppSec Seattle 2006
OWASP Membership cost
14OWASP AppSec Seattle 2006Local Chapters
15OWASP AppSec Seattle 2006
Chapters!
16OWASP AppSec Seattle 2006
Local chapters
Easily the most useful OWASP activity Lots of chapters all around the world
17OWASP AppSec Seattle 2006
Local chapter support
Use our Internet resources Announce meetings well in advance Have a schedule well in advance Be consistent Community: blogs, forum - in your local
language
Present new stuff... or borrow other chapter’s slides
18OWASP AppSec Seattle 2006
Guidelines for chapters
Encourage membership in OWASP
Try to be easily found and a popular time Always try to meet, if only for drinkies Local sponsorship by vendors is fine
Try not to be 0wned by the vendors (of any type)
Protect yourself - insurance, talk choices, etc
19OWASP AppSec Seattle 2006
Leadership Focus
Developing OWASP Foundation and infrastructure
Helping you deliver timely, useful projects
Keeping today’s flagship products fresh and relevant
Winter, Spring, and Summer of Code 2007
20OWASP AppSec Seattle 2006
OWASP Brand
Our brand is important to us
Need something to help get rid of freeloaders
Many firms abusing OWASP Top 10 / Guide brand
Need a 'brand management' project
21OWASP AppSec Seattle 2006
Project Incubators
Initiate any project you like
Each project will have its own space Community: Link to team member blogs
and forum Resources: Samples, downloads, private
workspace
22OWASP AppSec Seattle 2006
Project Focus
Participate!
What do you want us to focus on?
Recommended