OWASP Presentation

1
OWASP
77 WorldWide Chapters Argentina Atlanta
Austin Austria Bangalore Belgium
Boston Brazil Brisbane Buffalo
Charlotte Chennai Chicago Chile
Cleveland Colombia Delhi Denmark
Denver Edmonton Germany Greece Hong
Kong Hyderabad Ireland Israel Italy
Kansas City Kerala Kolkata London
Luxemburg Madison Malaysia Manila
Melbourne Memphis Mexico City Miami Ft
Flauderdale Minneapolis St Paul Montgomery
Mumbai Nashville Netherlands New
Jersey New York Ohio Omaha Ottawa
Pakistan Panama Philadelphia Phoenix
The Open Web Application Security Project
Pittsburgh Riyadh Rochester
Sacramento Saint Louis San Antonio
San Francisco San Jose Seattle
Singapore SoCal Spain
Switzerland Sydney Taiwan
Tokyo Toronto Turkey Vancouver
Virginia Washington DC Winnipeg

• Join the application security community for free,
  unbiased, open source tools, guidelines, forums,
  and local chapters!
• We support developers and project managers with
  security guidance, tools, and materials
  throughout the software development lifecycle
  (SDLC)
• Requirements and Use Cases
• Architecture
• Threat Modeling
• Vulnerability Analysis
• Scanning
• Manual Penetration Testing
• Code Review
• Configuration Guides

Free Tools WebScarab Proxy WebGoat
Training CAL9000 LAPSE Pantera
.NET and Java tools Projects Web
AppSec Guide Testing Guide Top Ten
Vulnerabilities AppSec FAQ AppSec
Metrics AJAX Code Review Legal
PHP, J2EE, .NET Community Local
Chapters AppSec Conferences Mailing
Lists Forums Portal Join Us Today!

• OWASP materials apply to all web platforms
  including J2EE, .NET, LAMP, Cold Fusion, Struts,
  Web Services, IIS, WebSphere, WebLogic, Tomcat,
  and much more

The OWASP Foundation
http//www.owasp.org
2
Major initiatives
Top 10
Guide
Training
CLASP
Conferences
Ajax
WebGoat
J2EE
.NET
Building our brand
Yours!
Chapters
Project incubator
Testing
Wiki portal
WebScarab
Forums
Validation
Blogs
Certification
3

• Major Projects
• OWASP AJAX Security Project - investigating the
  security of AJAX enabled applications
• OWASP Application Security Assessment Standards
  Project - establish a set of standards defining
  baseline approaches to conducting differing types
  of application security assessment
• OWASP Application Security Metrics Project -
  identify and provide a set of App Sec metrics
  that have been found by contributors to be
  effective in measuring App Sec
• OWASP AppSec FAQ Project - an FAQ covering many
  application security topics
• OWASP CLASP Project - a project focused on
  defining process elements that reinforce
  application security
• OWASP Code Review Project - a new project to
  capture best practices for reviewing code
• OWASP Guide Project - a massive document covering
  all aspects of web application and web service
  security
• OWASP Honeycomb Project - a comprehensive and
  integrated guide to the fundamental building
  blocks of application security
• OWASP Legal Project - a project focused on
  contracting for secure software

4

• Free tools
• OWASP CAL9000 Project - a JavaScript based web
  application security testing suite
• OWASP LAPSE Project - a project focused on
  developing an open source auditing tool for Java
• OWASP .NET, Java Tools - a project focused on
  developing .NET and Java tools for web
  application security
• OWASP Pantera Web Assessment Studio Project - a
  project focused on combining automated
  capabilities with complete manual testing to get
  the best results
• OWASP SQLiX Project - a project focused on the
  development of SQLiX, a full perl-based SQL
  scanner
• OWASP Validation Project - a project that
  provides guidance and tools related to
  validation.
• OWASP WebGoat Project - an online training
  environment for hands-on learning about
  application security
• OWASP WebScarab Project - a tool for performing
  all types of security testing on web applications
  and web services