owasp bulgaria
DESCRIPTION
OWASP FoundationTRANSCRIPT
![Page 1: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/1.jpg)
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
OWASP Plan - Strawman
Georgi GeshevOWASP Bulgaria [email protected]+359-884-237-20703.04.10
![Page 2: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/2.jpg)
OWASP 2
Agenda
Part 1: Introduction -Who are we?•What is this project all about?•Would you like to join the OWASP community?
Part 2: Real world stories• Care to know about the OWASP Top 10 project?• How’s the web down there in Wonderland?
![Page 3: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/3.jpg)
OWASP 3
Introduction
Who Am I?(1) Free and Open Source Software Evangelist
![Page 4: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/4.jpg)
OWASP 4
Introduction
Who Am I?(1) Free and Open Source Software Evangelist
(2) Enthusiastic Infosec Ninja
![Page 5: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/5.jpg)
OWASP 5
Introduction
Who Am I?(1) Free and Open Source Software Evangelist
(2) Enthusiastic Infosec Ninja① + ②= ?
![Page 6: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/6.jpg)
OWASP 6
Introduction
Who Am I?(1) Free and Open Source Software Evangelist
(2) Enthusiastic Infosec Ninja① + ②= ?
Here’s the OWASP formula..FOSS + WEB × APP × SEC = OWASP
![Page 7: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/7.jpg)
OWASP 7
The Open Web Application Security Project
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
http://www.owasp.org/index.php
![Page 8: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/8.jpg)
OWASP 8
The Open Web Application Security ProjectThe Local Chapters
Over 150 local chapters worldwide..
![Page 9: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/9.jpg)
OWASP 9
The Open Web Application Security ProjectOWASP Bulgaria
• This local chapter was founded in late 2010• Less than 10 mailing list members• Please consider joining the local chapter mailing list
• Regular chapter meetings• Welcome to the first one of ‘em!
• For submissions, suggestions, offers and questions..• Forward your message to the mailing list• Contact me via email
![Page 10: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/10.jpg)
OWASP 10
The Open Web Application Security ProjectOrganization Supporters
![Page 11: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/11.jpg)
OWASP 11
![Page 12: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/12.jpg)
OWASP 12
The Open Web Application Security ProjectShow Your Support
Consider…• Donating• Becoming an OWASP (local chapter) member• Attending the local chapter regular meetings• Attending an OWASP AppSec series conference• Global AppSec Europe - June 6th-11th 2011 @Dublin, Ireland
• Contributing to an OWASP project• Developers, beta testers, etc.
![Page 13: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/13.jpg)
OWASP 13
The Open Web Application Security ProjectAffiliation and Membership
Categories of Membership and Supporters• Individual Supporters• Single Meeting Supporter• Organization Supporters• Accredited University Supporters
![Page 14: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/14.jpg)
OWASP 14
The Open Web Application Security ProjectMembership
Why Become a Supporting Member?• Ethics and principals of OWASP Foundation• Underscore your awareness of web application software security• Attend OWASP conferences at a discount• Expand your personal network of contacts• Support a local chapter of your choice• Get your @owasp.org email address• Have individual vote in electionshttp://www.owasp.org/index.php/Membership
![Page 15: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/15.jpg)
OWASP 15
The Open Web Application Security ProjectOWASP Projects
Tools and documents are organized into the following categories:
• Protect – These are tools and documents that can be used to guard against security-related design and implementation flaws.
• Detect – These are tools and documents that can be used to find security-related design and implementation flaws.
• Life Cycle – These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
![Page 16: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/16.jpg)
OWASP 16
The Open Web Application Security ProjectThe OWASP Top 10 Project
Project details..• The OWASP Top Ten provides a powerful awareness
document for web application security. • The OWASP Top Ten represents a broad consensus about
what the most critical web application security flaws are.• Its latest (stable) release dates from April 2010.• Creative Commons Attribution Share Alike 3.0 License ;)http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
![Page 17: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/17.jpg)
OWASP 17
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: Injection
![Page 18: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/18.jpg)
OWASP 18
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)
![Page 19: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/19.jpg)
OWASP 19
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session Management
![Page 20: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/20.jpg)
OWASP 20
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object References
![Page 21: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/21.jpg)
OWASP 21
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)
![Page 22: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/22.jpg)
OWASP 22
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security Misconfiguration
![Page 23: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/23.jpg)
OWASP 23
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic Storage
![Page 24: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/24.jpg)
OWASP 24
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL Access
![Page 25: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/25.jpg)
OWASP 25
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer Protection
![Page 26: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/26.jpg)
OWASP 26
The Open Web Application Security ProjectThe OWASP Top 10 Project
The OWASP Top 10 Web Application Security Risks
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Unvalidated Redirects and Forwards
![Page 27: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/27.jpg)
OWASP 27
The Open Web Application Security ProjectThe OWASP Top 10 Project
![Page 28: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/28.jpg)
OWASP 28
The Open Web Application Security ProjectThe OWASP Top 10 Project
![Page 29: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/29.jpg)
OWASP 29
The Open Web Application Security ProjectThe OWASP Top 10 Project
“Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these paths represents a risk that may, or may not, be serious enough to warrant attention.”
http://www.owasp.org/index.php/Top_10_2010-Main
![Page 30: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/30.jpg)
OWASP 30
The Open Web Application Security ProjectThe OWASP Top 10 Project
Companies, vendors and others (officially) profiting from The OWASP Top 10
![Page 31: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/31.jpg)
OWASP 31
The Open Web Application Security ProjectOWASP Guides
Don’t stop at The OWASP Top 10!Because The OWASP Top 10 project is simply not enough..• OWASP Development Guide (Developer’s Guide)• OWASP Testing Project (Testing Guide)• OWASP Code Review Project (Code Review Guide)
![Page 32: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/32.jpg)
OWASP 32
The Open Web Application Security ProjectВ страната на чудесата ;)
![Page 33: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/33.jpg)
OWASP 33
The Open Web Application Security ProjectВ страната на чудесата ;)
“Здравословното” състояние на българския уеб..
![Page 34: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/34.jpg)
OWASP 34
The Open Web Application Security ProjectВ страната на чудесата ;)
![Page 35: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/35.jpg)
OWASP 35
The Open Web Application Security ProjectВ страната на чудесата ;)
Дискусия?
![Page 36: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/36.jpg)
OWASP 36
The Open Web Application Security ProjectВ страната на чудесата ;)
Дискусия?Бира?
![Page 37: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/37.jpg)
OWASP 37
Shout outs go to …
• Kate Hartmann (Operations Director at OWASP)• Tom Brennan (Global Board Member at OWASP)
All of these folks and a few more..• P. Stefanov• Y. Kolev• M. Soler
..for kindly recommending and helping me set up this chapter!• Thank you to all of you for attending this very first meeting ;)
![Page 38: OWASP Bulgaria](https://reader034.vdocuments.us/reader034/viewer/2022052522/554ba30bb4c905b8618b4c5e/html5/thumbnails/38.jpg)
OWASP 38
Thank you for your attention!
Please forward any questions, comments and suggestions to: [email protected]