Scribd Logo
Upload

Welcome to Scribd!

  • 55 views

    Owasp 2.0 Membrs: Owas P Appse C Europ E

    Uploaded by

    api-27294532

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Owasp 2.0 Membrs: Owas P Appse C Europ E

    Uploaded by

    api-27294532
    55 views29 pages

    Original Title

    OWASPAppSecEU2006_Day1Keynote-OWASP2.0

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views29 pages

    Owasp 2.0 Membrs: Owas P Appse C Europ E

    Uploaded by

    api-27294532

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    OWASP 2.

    0
    membrs

    Andrew van der Stock


    OWASP Executive Director
    vanderaj@owasp.org

    OWAS
    P
    AppSe
    c
    Copyright © 2006 - The OWASP Foundation
    Permission is granted to copy, distribute and/or modify this
    document under the terms of the GNU Free Documentation
    Europ License.

    e The OWASP
    May 2006 http://www.owasp.org/
    Foundation
    Where are weOWASP
    going?
    AppSec Europe 2006 2
    Manifesto

    Enabling organizations to
    develop, maintain, and
    purchase applications that
    they can trust

    OWASP AppSec Europe 2006 3


    It’s about community

     Built on great foundations built by our


    contributors

     Greater peer to peer participation


     Emphasis on local community building
     More support for your projects

    OWASP AppSec Europe 2006 4


    It’s about building a solid foundation

     Transparency

     Improve membership experience


     Membership packages
     Individual
     Corporate
     Sponsor
     Starter chapter pack
     Key projects
     Projects

    OWASP AppSec Europe 2006 5


    It’s about delivery

     We have delivered some really cool stuff


    recently

     We have a very full year ahead


     Volunteer burn out happens
     We’re here to help you

    OWASP AppSec Europe 2006 6


    Major initiatives
    Top 10
    Guide
    Training
    CLASP
    Ajax Conferences
    J2EE WebGoat

    .NET Building our brand

    Yours!

    Local chapters
    Testing Guide
    Project incubator
    WebScarab
    Wiki
    Validation
    Forums
    Certification
    Blogs

    OWASP AppSec Europe 2006 7


    OWASP Foundation
    OWASP AppSec Europe 2006 8
    History

     2000: Mark Curphey and Microsoft Word


     2001: OWASP Guide 1.0
     Sep 2002: Many volunteers finish 1.1.1
     Oct 2002: owasp-leaders created

     Leaders from each project


     This meritocracy still leads us today

    OWASP AppSec Europe 2006 9


    History

     2003: OWASP Foundation created

     Chair: Jeff Williams


     Conferences Chair: Dave Wichers
     OWASP Leaders (about 30 odd people)
     OWASP Members
     OWASP Users

    OWASP AppSec Europe 2006 10


    OWASP Foundation

     Key activity: self-sustaining this financial


    year

     Currently earning a bit of cash


     Not enough to pay for a full time employee
     How to spend the money?
     and still do the stuff we want?

    OWASP AppSec Europe 2006 11


    Transparency

     Need your input on our executive


    leadership model

     Publish finances at least once per year


     Sponsorship schedule (inc. in kind)
     Propose move to member-only elections
    in 2007 timeframe (à la NetBSD, Debian,
    etc)
     Support? (Show of hands!)

    OWASP AppSec Europe 2006 12


    Funding model

     Need to increase OWASP individual


    members

     Current funding model is broken


     We will fix the model, but we need your input

     Funds for local development


     Some money for room booking fees, pizza, etc
     Money to build global organization

    OWASP AppSec Europe 2006 13


    Local Chapters
    OWASP AppSec Europe 2006 14
    Let’s meet!

     We want you to meet your peers


     Find your local chapter via our website

    OWASP AppSec Europe 2006 15


    Chapters!

    OWASP AppSec Europe 2006 16


    Local chapters

     Easily the most useful OWASP activity


     Lots of chapters all around the world

     We want more!
     Chapter Starter Pack

    OWASP AppSec Europe 2006 17


    Local chapter support

     Use our Internet resources


     Announce meetings well in advance
     Have a schedule well in advance
     Be consistent
     Community: blogs, forum - in your local
    language

     Present new stuff


    ... or borrow other chapter’s slides

    OWASP AppSec Europe 2006 18


    Guidelines for chapters

     Encourage membership in OWASP

     Try to be easily found and a popular time


     Always try to meet, if only for drinkies
     Local sponsorship by vendors is fine
     Try not to be 0wned by the vendors (of any
    type)

     Protect yourself - insurance, talk choices,


    etc
    OWASP AppSec Europe 2006 19
    Membership drive

     We need you to join


    ... once we have worked out the funding
    model

     $100 USD

     Members get to vote and lead


     Renewing members will get our
    membership pack
     What do you want to see?
    OWASP AppSec Europe 2006 20
    Projects
    OWASP AppSec Europe 2006 21
    Leadership focus

     Developing OWASP Foundation and


    infrastructure
     Helping you deliver timely, useful
    projects
     Keeping today’s flagship products fresh
    and relevant

    OWASP AppSec Europe 2006 22


    Updating old favorites

     OWASP Guide 3.0 PDF, book, and Wiki


     Top 10 2007 Wiki Edition - need
    volunteers
     Testing Guide 1.0 PDF and Wiki - need
    volunteers

    OWASP AppSec Europe 2006 23


    Standards

     Top 10 is an awareness product, not a


    standard
     Need a standard
     Relevant, useful and practical
     Long lived and stable
     Not particularly verbose or long
     Must take input from key users (PCI,
    DHS,etc)

    OWASP AppSec Europe 2006 24


    Certification

     Our brand is important to us

     Need something to help get rid of


    freeloaders
     Do we really want to run a certification
    lab?
     Need a certification project

    OWASP AppSec Europe 2006 25


    Training

     Many firms using OWASP Top 10 / Guide without


    permission

     We need a training project


     Top 10 1/2 day (Business types)
     Architects 1 Day
     Developer 3 Day

     Certify trainers? Train the trainer?


     How to ensure we don’t get ripped off or brand
    sullied? Or destroy friendly businesses?

    OWASP AppSec Europe 2006 26


    Project Focus

    Participate!

    What do you want us to focus on?

    OWASP AppSec Europe 2006 27


    Project incubators

     Initiate any project you like

     Each project will have its own space


     Community: Link to team member blogs
    and forum
     Resources: Samples, downloads, private
    workspace

    OWASP AppSec Europe 2006 28


    Questions

    Royalty free images from

    Stock*Exchange (http://www.sxc.hu)

    OWAS Used with permission


    P
    AppSe
    c
    Copyright © 2006 - The OWASP Foundation
    Permission is granted to copy, distribute and/or modify this
    document under the terms of the GNU Free Documentation
    Europ License.

    e The OWASP
    May 2006 http://www.owasp.org/
    Foundation

    You might also like