chapter briefing owasp summit & appsec dc 2009
DESCRIPTION
Chapter Briefing OWASP Summit & AppSec DC 2009. Ralph Durkee Rochester OWASP VP. Rochester OWASP Leadership. Changes for our Chapter Andrea Cogliati replaces Ralph Durkee as President Ralph Durkee is now serving as Vice President Reasons for Change Prevent overload for Ralph - PowerPoint PPT PresentationTRANSCRIPT
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Chapter BriefingOWASP Summit &AppSec DC 2009
Ralph DurkeeRochester OWASP VP
OWASP 2
Rochester OWASP Leadership
Changes for our Chapter Andrea Cogliati replaces Ralph Durkee as
President Ralph Durkee is now serving as Vice President
Reasons for Change Prevent overload for Ralph Ralph founded Rochester chapter in 2004;
time for new leadership Andrea has already been heavily involved in
leading the Chapter and attended the 2008 Summit
OWASP 3
OWASP Summit 2009
Wash. DC Nov 11th Meeting of OWASP Leadership
Board Global Committee Members Chapter Leaders OWASP Members
Review 2009 & Decide directions for 2010 2nd Summit, 1st was Nov 2008 in Portugal
OWASP
Agenda Opening Remarks Accomplishment since 2008 Membership & Board Candidates Presentation and Q&A by each committees
OWASP
OWASP Board
Board Members (original): Jeff Williams Dinis Cruz Dave Wichers Tom Brennan Sebastien Deleersnyder
Board Members (added Nov 2009): Eoin Keary Matt Tesauro
OWASP
OWASP Global Committees
Global Committees: Membership Committee Project Committee Chapter Committee Conferences Committee Education Committee Industry Committee Connections Committee
OWASP
OWASP Summit Highlights
Each committee presented followed by plenty of Q&A, discussion and debate
Size of the OWASP Board increased to 7 Board candidates presented and held
Q&A Lively debate on OWASP Certification Plenty of encouragement to increase
involvement in committees and projects Great networking with other OWASP
Leaders
OWASP
DC AppSec 2009 Highlights
Jeff Williams spoke briefly on the state of Software Security
Broken market? - cited “The Market for Lemons” by George Akerlof
If buyers can’t see the difference, then only lemons will be sold.
Need radical innovative ideas to fix the market. Not going to “hack our way secure”. The OWASP mission is to make application
security visible.
OWASP
DC AppSec 2009 Highlights 2
OWASP ESAPI Web Application Firewall ???
ESAPI is Enterprise Security API How does ESAPI become a Web App Firewall?
Virtual patching - API providers wrappers for vulnerable calls to provide security
Add flags, headers, authentication calls etc.
ESAPI has better coverage of the vulnerabilities then most WAF
Better Performance and Intelligence at the application layer.
Very affordable since it’s Free
OWASP
DC AppSec 2009 Highlights 3
2010 OWASP Top 10 RC announced Dave Wichers presented Slides and Video are on-line
More Information Slides and Videos of some presentations are
recently on-line (Video was lost and recovered)
http://www.owasp.org/index.php/OWASP_AppSec_DC_2009_Schedule#tab=Talks_11.2F12
NoScript users - Need to have Javascript enabled from yahoooapis.com for the tabs to work.
OWASP 11
That’s it…
Any questions or comments?
Presentation will be online:
Thank you!