110 likes | 247 Vues
Chapter Briefing OWASP Summit & AppSec DC 2009. Ralph Durkee Rochester OWASP VP. Rochester OWASP Leadership. Changes for our Chapter Andrea Cogliati replaces Ralph Durkee as President Ralph Durkee is now serving as Vice President Reasons for Change Prevent overload for Ralph
E N D
Chapter BriefingOWASP Summit &AppSec DC 2009 Ralph Durkee Rochester OWASP VP
Rochester OWASP Leadership Changes for our Chapter • Andrea Cogliati replaces Ralph Durkee as President • Ralph Durkee is now serving as Vice President Reasons for Change • Prevent overload for Ralph • Ralph founded Rochester chapter in 2004; time for new leadership • Andrea has already been heavily involved in leading the Chapter and attended the 2008 Summit
OWASP Summit 2009 • Wash. DC Nov 11th • Meeting of OWASP Leadership • Board • Global Committee Members • Chapter Leaders • OWASP Members • Review 2009 & Decide directions for 2010 • 2nd Summit, 1st was Nov 2008 in Portugal
Agenda • Opening Remarks • Accomplishment since 2008 • Membership & Board Candidates • Presentation and Q&A by each committees
OWASP Board Board Members (original): • Jeff Williams • Dinis Cruz • Dave Wichers • Tom Brennan • SebastienDeleersnyder Board Members (added Nov 2009): • EoinKeary • Matt Tesauro
OWASP Global Committees Global Committees: • Membership Committee • Project Committee • Chapter Committee • Conferences Committee • Education Committee • Industry Committee • Connections Committee
OWASP Summit Highlights • Each committee presented followed by plenty of Q&A, discussion and debate • Size of the OWASP Board increased to 7 • Board candidates presented and held Q&A • Lively debate on OWASP Certification • Plenty of encouragement to increase involvement in committees and projects • Great networking with other OWASP Leaders
DC AppSec 2009 Highlights Jeff Williams spoke briefly on the state of Software Security • Broken market? - cited “The Market for Lemons” by George Akerlof • If buyers can’t see the difference, then only lemons will be sold. • Need radical innovative ideas to fix the market. • Not going to “hack our way secure”. • The OWASP mission is to make application security visible.
DC AppSec 2009 Highlights 2 OWASP ESAPI Web Application Firewall ??? • ESAPI is Enterprise Security API • How does ESAPI become a Web App Firewall? • Virtual patching - API providers wrappers for vulnerable calls to provide security • Add flags, headers, authentication calls etc. • ESAPI has better coverage of the vulnerabilities then most WAF • Better Performance and Intelligence at the application layer. • Very affordable since it’s Free
DC AppSec 2009 Highlights 3 • 2010 OWASP Top 10 RC announced • Dave Wichers presented • Slides and Video are on-line • More Information • Slides and Videos of some presentations are recently on-line (Video was lost and recovered) • http://www.owasp.org/index.php/OWASP_AppSec_DC_2009_Schedule#tab=Talks_11.2F12 • NoScript users - Need to have Javascript enabled from yahoooapis.com for the tabs to work.
That’s it… • Any questions or comments? • Presentation will be online: Thank you!