1 / 22

OWASP 2.0 Enabling organizations to develop, maintain, and acquire applications they can trust

Dinis Cruz OWASP dinis.cruz@owasp.net. OWASP 2.0 Enabling organizations to develop, maintain, and acquire applications they can trust. Mission. Enabling organizations to develop, maintain, and purchase applications that they can trust. OWASP Foundation.

avedis
Télécharger la présentation

OWASP 2.0 Enabling organizations to develop, maintain, and acquire applications they can trust

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dinis Cruz OWASP dinis.cruz@owasp.net OWASP 2.0Enabling organizations to develop, maintain, and acquire applications they can trust

  2. Mission • Enabling organizations to develop, maintain, and purchase applications that they can trust

  3. OWASP Foundation • The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all.

  4. History • 2000: Mark Curphey and Microsoft Word • 2001: OWASP Guide 1.0 • Sep 2002: Many volunteers finish 1.1.1 • Oct 2002: owasp-leaders created • Leaders from each project • This meritocracy still leads us today • 2003: OWASP Foundation created • -> 2006: tons of new projects (see tomorrow)

  5. It’s about community • Built on great foundations built by our contributors • Greater peer to peer participation • Emphasis on local community building • More support for your projects

  6. www.owasp.org

  7. It’s about building a solid foundation • Transparency • Annual Report, financial details • Annual report (with financial details) starting 2006 • Move to more formal structure in 2007 timeframe (à la Apache, NetBSD, Debian, etc) • Improve membership experience • Membership packages • Individual • Corporate • Sponsor • Starter chapter pack

  8. Autumn of Code 2006 • The Open Web Application Security Project (OWASP) has recently launched a new project entitled "OWASP Autumn of Code 2006” that is aimed at financially sponsoring contributions to OWASP Projects. • On the 18th of September our call for entries ended and on the 25th of September we released our list of selected projects to be sponsored. OWASP has made the decision to sponsor 9 projects (5 at $3,500 USD and 4 at $5,000 USD) instead of our originally planned number of 8.

  9. Autumn of Code 2006 - Projects • WebScarab NG – Rogan Dawes • Live CD – Joshua Perrymon • CAL9000 – Chris Loomis • SiteGenerator and ORG – Mike de Libero • Pantera – Simon Roses • Web Goat – Sherif Koussa • Testing Guide – Matteo Meucci • OWASP .NET Tools – Boris Maletic • OWASP Website and Branding – Aaron M. Holmes

  10. Current projects (see website) • Release Quality • Beta Status • Alpha Status • Technology, Research, and Guides

  11. Funding model • Need to increase OWASP individual and corporate members • Current funding model • Conferences • Corporate and Individual Memberships (to be GNI adjusted) • Advertising • Sponsorships

  12. OWASP Membership • An active voice in the development of OWASP Materials that are becoming widely accepted as an application security standard for all organizations. • A OWASP Commercial License to use the materials within your organization without the restrictions associated with the various open source licenses used by the OWASP projects. • Timely electronic notification of updates to the OWASP Materials. • Visibility for your organization's tangible commitment to application security through its inclusion in the members list on the OWASP website and promotional materials. • The right to use the OWASP name and membership mark to show that you are an OWASP Member. Note that the mark must not be used in any way that might indicate that OWASP supports a commercial product or service. • Collaboration with other highly skilled people from organizations around the world, both virtually and in person during periodic OWASP AppSec conferences and chapter meetings. • Discounted registration fees for OWASP AppSec conferences to all individual members and all employees of member organizations.

  13. OWASP Membership cost

  14. Local Chapters

  15. Chapters!

  16. Local chapters • Easily the most useful OWASP activity • Lots of chapters all around the world

  17. Local chapter support • Use our Internet resources • Announce meetings well in advance • Have a schedule well in advance • Be consistent • Community: blogs, forum - in your local language • Present new stuff • ... or borrow other chapter’s slides

  18. Guidelines for chapters • Encourage membership in OWASP • Try to be easily found and a popular time • Always try to meet, if only for drinkies • Local sponsorship by vendors is fine • Try not to be 0wned by the vendors (of any type) • Protect yourself - insurance, talk choices, etc

  19. Leadership Focus • Developing OWASP Foundation and infrastructure • Helping you deliver timely, useful projects • Keeping today’s flagship products fresh and relevant • Winter, Spring, and Summer of Code 2007

  20. OWASP Brand • Our brand is important to us • Need something to help get rid of freeloaders • Many firms abusing OWASP Top 10 / Guide brand • Need a 'brand management' project

  21. Project Incubators • Initiate any project you like • Each project will have its own space • Community: Link to team member blogs and forum • Resources: Samples, downloads, private workspace

  22. Project Focus • Participate! • What do you want us to focus on?

More Related