Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASPEU09 Poland
http://www.owasp.org
OWASP State of the Union
Dave WichersSebastien DeleersnyderDinis CruzFoundation Board
OWASP AppSecEU09 Poland
Agenda
OWASP ? State of the union Season of Code 2009 OWASP near you !
2
OWASP AppSecEU09 Poland
Agenda
OWASP ? State of the union Season of Code 2009 OWASP near you !
3
OWASP AppSecEU09 Poland 4
OWASP
Open Web Application Security Project started 2001, OWASP Foundation Inc. established 2004
Participation in OWASP is free and open to all
International not-for-profit charitable organization funded primarily by volunteers time, OWASP Memberships ($50 Individuals, $5k Supporters), and OWASP Conference fees
Website: 6,464 registered users, 21,552,771 page views, and 55,941 page edits , 10k members on mailing lists
OWASP AppSecEU09 Poland
What Is Unique about OWASP?
Everything we do is free and open…
OWASP AppSecEU09 Poland 6
OWASP Vision & Mission
Vision: a software market that produces code that’s secure enough to rely on.
Mission (to achieve that vision): to make security visible (or transparent) so that software buyers and sellers are on equal footing and market forces can work.
OWASP AppSecEU09 Poland 77
www.owasp.org
OWASP AppSecEU09 Poland
OWASP Principles
Free & Open
Governed by rough consensus & running code
Abide by a code of ethics: http://www.owasp.org/index.php/About_OWASP
Not-for-profit
Not driven by commercial interests
Risk based approach 8
OWASP AppSecEU09 Poland
OWASP Resources and Community
OWASP AppSecEU09 Poland
OWASP Foundation - Structure
OWASP AppSecEU09 Poland
150+ chapters
11
OWASP AppSecEU09 Poland
OWASP Conferences (2008-2009)
12
NYCSep 2008
NYCSep 2008
DCMar & Nov 2009
DCMar & Nov 2009
BrusselsMay 2008Brussels
May 2008 PolandMay 2009
PolandMay 2009
TaiwanOct 2008Taiwan
Oct 2008
PortugalSummit
Nov 2008
PortugalSummit
Nov 2008
IsraelSep 2008/09
IsraelSep 2008/09
IndiaAug 2008
IndiaAug 2008
Gold CoastFeb 2008/09Gold Coast
Feb 2008/09
MinnesotaOct 2008MinnesotaOct 2008
DenverMar 2009Denver
Mar 2009
GermanyNov 2008GermanyNov 2008Ireland
Sep 2009
Ireland Sep
2009
SwedenMay 2010Sweden
May 2010
New ZealandJuly 2009
New ZealandJuly 2009
BrazilOct 2009
BrazilOct 2009
OWASP AppSecEU09 Poland
Mailing Lists
100+ Mailing Lists Local Chapters Projects Regional/Global Committees
LinkedIn Group too… 2700+ members
13
OWASP AppSecEU09 Poland
2009 Organization Supporters
OWASP AppSecEU09 Poland
2009 Educational Supporters
15
OWASP AppSecEU09 Poland
Agenda
OWASP ? State of the union Season of Code 2009 OWASP near you !
16
OWASP AppSecEU09 Poland
Summit Portugal - Nov 2008
First time OWASP community got together80+ OWASP leaders under the same roof20+ countries12h/day workload (& lots of beer consumed)
17
OWASP AppSecEU09 Poland
Summit Portugal
Outcomes: New Free Tools and Guidance (from SoC08) New Global Committee Structure
Education, Chapter, Conferences, Industry, Projects, Membership (who will create the action plan for 2009)
New Outreach Program technology vendors, framework providers, and
standards bodiesnew program to provide free one- day seminars at
universities and developer conferences worldwide
18
OWASP AppSecEU09 Poland
Global Committees – Established late 2008
http://www.owasp.org/index.php/About_OWASP
OWASP AppSecEU09 Poland
Projects Committee
1. Organizing the next OWASP Season of Code
2. Drafting proposals for standardization and organization of OWASP Projects and Releases
3. Establishing a baseline assessment of all OWASP Projects and Releases
4. Survey all OWASP projects
More about projects tomorrow!20
OWASP AppSecEU09 Poland
Industry Committee Start outreach to critical infrastructures worldwide such as:
electricity generation, transmission and distribution; gas production, transport and distribution;
oil and oil products production, transport and distribution;
telecommunication; water supply (drinking water, waste water/sewage,
stemming of surface water (e.g. dikes and sluices)); agriculture, food production and distribution; heating (e.g. natural gas, fuel oil, district heating); public health (hospitals, ambulances); transportation systems (fuel supply, railway network,
airports, harbors, inland shipping); financial services (banking, clearing); security services (police, military).
21
OWASP AppSecEU09 Poland
Industry - Accomplishments
1. Has submitted RFC feedback for both British and US/NIST 800-53 rev 3 standards
2. Have been promoting supporter membership to raise awareness in industry verticals
3. Have established working relationships with ISSA & ISACA to assist with industry focused outreach and international insight
22
OWASP AppSecEU09 Poland
Membership Committee
Increase individual membership 100% in 18 months (Individuals)
Increase organizational supporters 100% in 18 months (Supporters)
Increase university supporters 100% in 18 months
1. Has created and launched a new membership model
2. Has created and launched Membership drive to support our efforts
3. Has created video to promote/explain23
OWASP AppSecEU09 Poland 24
Education Committee
The primary purpose of the Global Education Committee is:
to work with the OWASP Education Project to provide educational materials for both internal and external users, develop liaisons with educational
institutions worldwide.
OWASP AppSecEU09 Poland
Current work
Categorize (Organization) of educational materials Train the trainers (Teach the teachers) Create an online assessment and training portal
Brazil – SoC09? OWASP Boot Camp Project OWASP CTF event
NY CTF based - SoC09 proposal - "OWASP Challenge Framework"
Speakers Bureau Project Marketing efforts Internationalization of the training materials Education material (Projects) Academic Educational Services
25
OWASP AppSecEU09 Poland
Chapter Committee
To provide the support required at the local level to accomplish the overall mission and goals of the association
Define chapter and role in OWASP Identify the health of Chapters - number of
Chapters Vs active chaptersDefine clear and transparent process of
chapter GovernanceDevelop Chapter Handbook
26
OWASP AppSecEU09 Poland
Progress
27
OWASP AppSecEU09 Poland
Agenda
OWASP ? State of the union Season of Code 2009 OWASP near you !
28
OWASP AppSecEU09 Poland
SoC 09 (OWASP Season of Code)
4th edition of OWASP Grant program Pre-Lauched today here in Poland
(see http://www.owasp.org/index.php/OWASP_Season_of_Code_2009)
Proposed focus on 4 areas: OWASP Education Pack - managed by: Education
Committee Enterprise usability of OWASP projects - managed by:
Projects Committee) Additional Sources of Funding - managed by Membership
& Chapters Committee) Marketing & PR - managed by Industry & Conferences
Committee
Initial budget of 90,000 USD29
OWASP AppSecEU09 Poland
Agenda
OWASP ? State of the union Season of Code 2009 OWASP near you !
30
OWASP AppSecEU09 Poland 31
OWASP Podcast Series
Launched Nov 21, 2008 Episode 19 will be released May 13 13 Interviews, 2 Roundtables, 4 News
Commentary Programs and counting Produced and Hosted by Jim Manico of
Aspect Security News team consists of Arshan
Dabirsiaghi, Andre Gironda and Jeff Williams
http://www.owasp.org/index.php/OWASP_Podcast
OWASP AppSecEU09 Poland
www.owasp.tv56 videos
40+ hrs
32
OWASP AppSecEU09 Poland
Local Chapter Resources
Local Meetings Regional Mailing List Presentations Forum for discussion Meet fellow InfoSec professionals Create (Web)AppSec awareness Local projects JOBS = http://www.owasp.org/index.php/OWASP_Jobs
OWASP AppSecEU09 Poland
Upcoming Conferences
OWASP New Zealand Day 2009 - New Zealand July 13th - 2 track conference, University of Auckland
OWASP AppSec Ireland 2009 September 10th Conference at Trinity College in Dublin
OWASP AppSec Brazil 2009 October 27th-30th Conference and tutorials at Câmara
dos Deputados
OWASP AppSec US 2009 – November Washington, D.C.
34
OWASP AppSecEU09 Poland 35
TTD
Visit www.owasp.org Find your local chapter / conferences Listen to PodCasts Watch Videos Read Materials Post your (Web)AppSec questions Spread the word, invite peers Contribute to discussions Become member!
OWASP AppSecEU09 Poland 36
Get Involved
WWW.OWASP.ORG