![Page 1: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/1.jpg)
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Chapter BriefingOWASP Summit &AppSec DC 2009
Ralph DurkeeRochester OWASP VP
![Page 2: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/2.jpg)
OWASP 2
Rochester OWASP Leadership
Changes for our Chapter Andrea Cogliati replaces Ralph Durkee as
President Ralph Durkee is now serving as Vice President
Reasons for Change Prevent overload for Ralph Ralph founded Rochester chapter in 2004;
time for new leadership Andrea has already been heavily involved in
leading the Chapter and attended the 2008 Summit
![Page 3: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/3.jpg)
OWASP 3
OWASP Summit 2009
Wash. DC Nov 11th Meeting of OWASP Leadership
Board Global Committee Members Chapter Leaders OWASP Members
Review 2009 & Decide directions for 2010 2nd Summit, 1st was Nov 2008 in Portugal
![Page 4: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/4.jpg)
OWASP
Agenda Opening Remarks Accomplishment since 2008 Membership & Board Candidates Presentation and Q&A by each committees
![Page 5: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/5.jpg)
OWASP
OWASP Board
Board Members (original): Jeff Williams Dinis Cruz Dave Wichers Tom Brennan Sebastien Deleersnyder
Board Members (added Nov 2009): Eoin Keary Matt Tesauro
![Page 6: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/6.jpg)
OWASP
OWASP Global Committees
Global Committees: Membership Committee Project Committee Chapter Committee Conferences Committee Education Committee Industry Committee Connections Committee
![Page 7: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/7.jpg)
OWASP
OWASP Summit Highlights
Each committee presented followed by plenty of Q&A, discussion and debate
Size of the OWASP Board increased to 7 Board candidates presented and held
Q&A Lively debate on OWASP Certification Plenty of encouragement to increase
involvement in committees and projects Great networking with other OWASP
Leaders
![Page 8: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/8.jpg)
OWASP
DC AppSec 2009 Highlights
Jeff Williams spoke briefly on the state of Software Security
Broken market? - cited “The Market for Lemons” by George Akerlof
If buyers can’t see the difference, then only lemons will be sold.
Need radical innovative ideas to fix the market. Not going to “hack our way secure”. The OWASP mission is to make application
security visible.
![Page 9: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/9.jpg)
OWASP
DC AppSec 2009 Highlights 2
OWASP ESAPI Web Application Firewall ???
ESAPI is Enterprise Security API How does ESAPI become a Web App Firewall?
Virtual patching - API providers wrappers for vulnerable calls to provide security
Add flags, headers, authentication calls etc.
ESAPI has better coverage of the vulnerabilities then most WAF
Better Performance and Intelligence at the application layer.
Very affordable since it’s Free
![Page 10: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/10.jpg)
OWASP
DC AppSec 2009 Highlights 3
2010 OWASP Top 10 RC announced Dave Wichers presented Slides and Video are on-line
More Information Slides and Videos of some presentations are
recently on-line (Video was lost and recovered)
http://www.owasp.org/index.php/OWASP_AppSec_DC_2009_Schedule#tab=Talks_11.2F12
NoScript users - Need to have Javascript enabled from yahoooapis.com for the tabs to work.
![Page 11: Chapter Briefing OWASP Summit & AppSec DC 2009](https://reader036.vdocuments.us/reader036/viewer/2022083006/56813c02550346895da56227/html5/thumbnails/11.jpg)
OWASP 11
That’s it…
Any questions or comments?
Presentation will be online:
Thank you!