Upload
takanori-nakanowatari
View
196
Download
1
Embed Size (px)
DESCRIPTION
Presentation slide of OWASP Night 13th(Local chapter meeting). About OWASP Projects.
Citation preview
OWASP Projects
Takanori Nakanowatari
About Me
• About Me • 某OA機器メーカー勤務 • OWASP Japanのお手伝い • 数年毎に1ヶ月程度、昼夜逆転
OWASP と言えば –Local Chapter –AppSec Conference –Cheat Sheet –プロジェクトその他、多数
OWASP プロジェクト
プロジェクトを段階により区別 –フラグシップ –ラボ –インキュベータ –インアクティブ
https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Incubator_Projects
4
フラグシップ
• 現在、アップデート中。これまでのフラグシップは以下のプロジェクト – Tools • OWASP Zed Attack Proxy • OWASP Web Testing Environment Project
– Code • OWASP CSRFGuard Project
5
ラボ
– Tools • OWASP OWTF • OWASP Broken Web Applications Project • OWASP EnDe Project • OWASP Hackademic Challenges Project • OWASP Mantra Security Framework • OWASP O2 Platform • OWASP OWTF • OWASP Web Testing Environment Project • OWASP WebGoat Project • OWASP Zed Attack Proxy • OWASP Vicnum Project
6
ラボ
– Documentation – OWASP AppSec Tutorial Series – OWASP AppSensor Project – OWASP CTF Project – OWASP Legal Project – OWASP Podcast Project – Virtual Patching Best Practices – OWASP Application Security Verification Standard Project – OWASP Code Review Guide Project – OWASP Codes of Conduct – OWASP Development Guide Project – OWASP Secure Coding Practices - Quick Reference Guide – OWASP Software Assurance Maturity Model (SAMM) – OWASP Testing Guide Project – OWASP Top Ten Project
7
ラボ
– Code –OWASP Enterprise Security API –OWASP ModSecurity Core Rule Set
Project –OWASP CSRFGuard Project
8
ラボの評価
• ステイタス確認https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report
9
新着プロジェクト紹介
• OWASP Code Pulse 2.0https://www.owasp.org/index.php/OWASP_Code_Pulse_Project#tab=Mainhttp://code-pulse.com
• OWASP PHP Security Training Project • OWASP Hardened Phalcon Project • OWASP iOSForensic • OWASP Secure Development Training • OWASP JSEC CVE Details Project
10
プロジェクト事始め
1. Project Name, 2. Project purpose / overview, 3. Project Roadmap, 4. Project links (if any) to external sites, 5. Project Leader name, 6. Project Leader email address, 7. Project Leader wiki account - the username (you'll need this to edit the
wiki), 8. Project Contributor(s) (if any) - name email and wiki account (if
any), 9. Project Main Links (if any).
https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project
11
INACTIVE
例えば、 • OWASP Secure Password Project 復活の呪文あり。
12
Cheat Sheet
• https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
13
Cheat Sheet
• https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#WebSockets
14