OWASP State of the Union

Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

The OWASP Foundation

OWASPEU09 Poland

http://www.owasp.org

OWASP State of the Union

Dave WichersSebastien DeleersnyderDinis CruzFoundation Board

OWASP AppSecEU09 Poland

Agenda

OWASP ? State of the union Season of Code 2009 OWASP near you !

2


Agenda


3

OWASP AppSecEU09 Poland 4

OWASP

Open Web Application Security Project started 2001, OWASP Foundation Inc. established 2004

Participation in OWASP is free and open to all

International not-for-profit charitable organization funded primarily by volunteers time, OWASP Memberships ($50 Individuals, $5k Supporters), and OWASP Conference fees

Website: 6,464 registered users, 21,552,771 page views, and 55,941 page edits , 10k members on mailing lists


What Is Unique about OWASP?

Everything we do is free and open…


OWASP Vision & Mission

Vision: a software market that produces code that’s secure enough to rely on.

Mission (to achieve that vision): to make security visible (or transparent) so that software buyers and sellers are on equal footing and market forces can work.


www.owasp.org


OWASP Principles

Free & Open

Governed by rough consensus & running code

Abide by a code of ethics: http://www.owasp.org/index.php/About_OWASP

Not-for-profit

Not driven by commercial interests

Risk based approach 8


OWASP Resources and Community


OWASP Foundation - Structure


150+ chapters

11


OWASP Conferences (2008-2009)

12

NYCSep 2008

NYCSep 2008

DCMar & Nov 2009

DCMar & Nov 2009

BrusselsMay 2008Brussels

May 2008 PolandMay 2009

PolandMay 2009

TaiwanOct 2008Taiwan

Oct 2008

PortugalSummit

Nov 2008

PortugalSummit

Nov 2008

IsraelSep 2008/09

IsraelSep 2008/09

IndiaAug 2008

IndiaAug 2008

Gold CoastFeb 2008/09Gold Coast

Feb 2008/09

MinnesotaOct 2008MinnesotaOct 2008

DenverMar 2009Denver

Mar 2009

GermanyNov 2008GermanyNov 2008Ireland

Sep 2009

Ireland Sep

2009

SwedenMay 2010Sweden

May 2010

New ZealandJuly 2009

New ZealandJuly 2009

BrazilOct 2009

BrazilOct 2009


Mailing Lists

100+ Mailing Lists Local Chapters Projects Regional/Global Committees

LinkedIn Group too… 2700+ members

13


2009 Organization Supporters


2009 Educational Supporters

15


Agenda


16


Summit Portugal - Nov 2008

First time OWASP community got together80+ OWASP leaders under the same roof20+ countries12h/day workload (& lots of beer consumed)

17


Summit Portugal

Outcomes: New Free Tools and Guidance (from SoC08) New Global Committee Structure

Education, Chapter, Conferences, Industry, Projects, Membership (who will create the action plan for 2009)

New Outreach Program technology vendors, framework providers, and

standards bodiesnew program to provide free one- day seminars at

universities and developer conferences worldwide

18


Global Committees – Established late 2008

http://www.owasp.org/index.php/About_OWASP


Projects Committee

1. Organizing the next OWASP Season of Code

2. Drafting proposals for standardization and organization of OWASP Projects and Releases

3. Establishing a baseline assessment of all OWASP Projects and Releases

4. Survey all OWASP projects

More about projects tomorrow!20


Industry Committee Start outreach to critical infrastructures worldwide such as:

electricity generation, transmission and distribution; gas production, transport and distribution;

oil and oil products production, transport and distribution;

telecommunication; water supply (drinking water, waste water/sewage,

stemming of surface water (e.g. dikes and sluices)); agriculture, food production and distribution; heating (e.g. natural gas, fuel oil, district heating); public health (hospitals, ambulances); transportation systems (fuel supply, railway network,

airports, harbors, inland shipping); financial services (banking, clearing); security services (police, military).

21


Industry - Accomplishments

1. Has submitted RFC feedback for both British and US/NIST 800-53 rev 3 standards

2. Have been promoting supporter membership to raise awareness in industry verticals

3. Have established working relationships with ISSA & ISACA to assist with industry focused outreach and international insight

22


Membership Committee

Increase individual membership 100% in 18 months (Individuals)

Increase organizational supporters 100% in 18 months (Supporters)

Increase university supporters 100% in 18 months

1. Has created and launched a new membership model

2. Has created and launched Membership drive to support our efforts

3. Has created video to promote/explain23


Education Committee

The primary purpose of the Global Education Committee is:

to work with the OWASP Education Project to provide educational materials for both internal and external users, develop liaisons with educational

institutions worldwide.


Current work

Categorize (Organization) of educational materials Train the trainers (Teach the teachers) Create an online assessment and training portal

Brazil – SoC09? OWASP Boot Camp Project OWASP CTF event

NY CTF based - SoC09 proposal - "OWASP Challenge Framework"

Speakers Bureau Project Marketing efforts Internationalization of the training materials Education material (Projects) Academic Educational Services

25


Chapter Committee

To provide the support required at the local level to accomplish the overall mission and goals of the association

Define chapter and role in OWASP Identify the health of Chapters - number of

Chapters Vs active chaptersDefine clear and transparent process of

chapter GovernanceDevelop Chapter Handbook

26


Progress

27


Agenda


28


SoC 09 (OWASP Season of Code)

4th edition of OWASP Grant program Pre-Lauched today here in Poland

(see http://www.owasp.org/index.php/OWASP_Season_of_Code_2009)

Proposed focus on 4 areas: OWASP Education Pack - managed by: Education

Committee Enterprise usability of OWASP projects - managed by:

Projects Committee) Additional Sources of Funding - managed by Membership

& Chapters Committee) Marketing & PR - managed by Industry & Conferences

Committee

Initial budget of 90,000 USD29


Agenda


30


OWASP Podcast Series

Launched Nov 21, 2008 Episode 19 will be released May 13 13 Interviews, 2 Roundtables, 4 News

Commentary Programs and counting Produced and Hosted by Jim Manico of

Aspect Security News team consists of Arshan

Dabirsiaghi, Andre Gironda and Jeff Williams

http://www.owasp.org/index.php/OWASP_Podcast


www.owasp.tv56 videos

40+ hrs

32


Local Chapter Resources

Local Meetings Regional Mailing List Presentations Forum for discussion Meet fellow InfoSec professionals Create (Web)AppSec awareness Local projects JOBS = http://www.owasp.org/index.php/OWASP_Jobs


Upcoming Conferences

OWASP New Zealand Day 2009 - New Zealand July 13th - 2 track conference, University of Auckland

OWASP AppSec Ireland 2009 September 10th Conference at Trinity College in Dublin

OWASP AppSec Brazil 2009 October 27th-30th Conference and tutorials at Câmara

dos Deputados

OWASP AppSec US 2009 – November Washington, D.C.

34


TTD

Visit www.owasp.org Find your local chapter / conferences Listen to PodCasts Watch Videos Read Materials Post your (Web)AppSec questions Spread the word, invite peers Contribute to discussions Become member!


Get Involved

WWW.OWASP.ORG

Documents

OWASP State of the Union