1 / 24

The Open Web Application Security Project

The Open Web Application Security Project. “Security is a process, not a product” -- Bruce Schneier. What if the software world was only…. 100 apps written by 100 developers at 100 companies. 83 apps have a serious vulnerability. 72 apps have Cross Site Scripting. 40

kaye-ball
Télécharger la présentation

The Open Web Application Security Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Open Web Application Security Project

  2. “Security is a process, not a product” -- Bruce Schneier

  3. What if the software world was only… • 100 apps written by 100 developers at 100 companies

  4. 83 apps have a serious vulnerability

  5. 72 apps have Cross Site Scripting

  6. 40 apps have SQL injection

  7. 1 company has a responsible appsec program

  8. 1 developer has any security training

  9. 100 apps contain codeof unknown origin

  10. 90 apps use unpatched libraries with known flaws

  11. 5 apps have had a scan or pentest

  12. 1 app has had a manual security code review

  13. 0 apps provide any visibility into security

  14. Why?

  15. “Don’t hate the playa Hate the game” -- Ice T

  16. The first rule of security is… …You do not talk about security

  17. Toxic?

  18. Our Mission: Visibility Architects Create Security Architecture Define Security Requirements Research Developers Monitor Threat Implement Controls AppSecVisibility Cycle Infosec Users Share Findings UnderstandStakeholders Business Understand Laws VerifyCompliance Audit Legal

  19. Growing Ecosystems

  20. OWASP Meritocracy • OWASP Leaders(Chapters and Project) • OWASP Members • OWASP Users and Participants

  21. Ireland Sept 08-09 June 2011 Sweden June 2010 Minnesota Oct 08-11 Poland May 2009 Germany Oct 08-10 New York Nov 2008 Oct 2012 Brussels May 2008 China Oct 2010 Denver Spring 08-10 Greece June 2012 DC Sep 2009Nov 2010 Portugal Nov 2008 Israel Sep 07-08 Taiwan Oct 07-08 India Aug 2008 Nov 2009 Australia Feb 08-09 Brazil Oct 09-10 New Zealand July 09-10

  22. Today • Getting Started with OWASP T10 and Guides • Building a Software Assurance Program • Using the OWASP Live CD =====LUNCH===== • OWASP Enterprise Security API (ESAPI) • OWASP O2 • The DISA AppSec STIG and OWASP Tools • Discussion

  23. Jeff WilliamsAspect Security CEOOWASP Foundation Chair jeff.williams@owasp.orghttp://www.owasp.org twitter @planetlevel 410-707-1487 Join Us

More Related