view dave wichers's slides here
TRANSCRIPT
Copyright © 2007 - The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/
The OWASP Foundation
OWASP & WASC
AppSec 2007
ConferenceSan Jose – Nov
2007
http://www.owasp.org/http://www.webappsec.org/
Welcome to the OWASP & WASC AppSec 2007 Conference
Dave WichersOWASP Conferences ChairCOO, Aspect [email protected]
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
2
OWASP
Mission Open source non-profit charitable foundation dedicated to
enabling organizations develop, maintain, and acquire software they can trust
Principles All OWASP products are free and open Application security knowledge should be freely available OWASP encourages awareness, discussion, and best
practices Making security visible is key to changing the software
market OWASP does not recommend any commercial products or
services OWASP will not discuss/disclose specific exploits
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
3
OWASP Body of Knowledge
Core Application SecurityKnowledge Base
Acquiring andBuildingSecureApplications
VerifyingApplicationSecurity
ManagingApplicationSecurity
ApplicationSecurityTools
AppSecEducation andCBT
Research toSecure NewTechnologies
PrinciplesThreat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures
PrinciplesThreat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures
OWASP Foundation 501c3
OWASP Community Platform(wiki, forums, mailing lists)
Pro
ject
s
Cha
pter
s
App
Sec
Con
fere
nces
Guide to Building Secure Web Applications and Web Services
Guide to Building Secure Web Applications and Web Services
Guide to Application Security Testing and Guide to Application Security Code Review
Guide to Application Security Testing and Guide to Application Security Code Review
Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues
Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues
Web Based Learning Environment and Guide for Learning Application Security
Web Based Learning Environment and Guide for Learning Application Security
Guidance and Tools for Measuring and Managing Application Security
Guidance and Tools for Measuring and Managing Application Security
Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax)
Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax)
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
4
Welcome to the OWASP AppSec Conference This is the 7th installment of the AppSec
conference series (AND the first with WASC!!)We normally have 2 each year, (the U.S. and
Europe)But … we also had OWASP day (Sept. 5-12) in 17
chapters around the worldand we just had a conference in Taiwan. A half day
conference, with 600 attendees! Good job Wayne!
Next year’s (current) plans: OWASP Australia: Gold Coast – March 29-31 OWASP Europe: Brussels in May OWASP Israel: ?? OWASP Taiwan: ?? OWASP U.S.: New York City in Oct
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
OWASP Conferences Committee Members OWASP Conferences Chair:
Dave Wichers – Aspect Security and OWASP Board WASC Support:
Jeremiah Grossman, Anurag Agarwal, and others. Web Services Security Track Chair:
Gunnar Peterson – Arctec Group Tech Expo Chair:
Pravir Chandra – Cigital Refereed Papers Track Chair:
Frank Piessens – KU Leuven 2008 Europe Conference Planning Committee Chair:
Sebastien Deleersnyder - Telindus, Belgacom ICT
2008 U.S. Conference Planning Committee Chair: Tom Brennan – Access IT Group
THANKS FOR ALL THE HELP! And we need more. Volunteers?
5
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
6
AppSec Conference Schedule
Also: Tech Expo Upstairs today – From 11 AM to 6 PM Similar structure tomorrow Microsoft/Aspect Security cocktail party (tomorrow) Also at Holiday Inn.
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
Thank you to our Hosts!
7
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
Sponsors/Tech Expo
Thank you to all our sponsors
Please visit (most of) them at the TechExpo!
Future conferences will not be limited to product/managed services vendors only
8
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
9
Your Conference Packet
Welcome LetterFrom OWASP Chair Jeff Williams
Conference Agenda Facility Information / Map Directions to Nearby Hotels Conference Eval Form (please fill in and drop
off)
Collateral from All Our SponsorsPlease take a look
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
10
Conference Logistics
Speakers Please use your own laptop for your presentation If you’d don’t have it here, let me know in advance so
we can get a laptop with your presentation on it ready
Presentations may be Audio and Video Recorded Speakers, please talk into the mic and repeat any
questions so they will be picked up in the recording
Free Wireless Provided by Conference Center
All presentations should be online within two weeks!!
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
11
Tonight’s OWASP Dinner
At Holiday Inn1740 N. 1st St. San JoseAlmost half the attendees are registered so see
you there Almost sold out. If interested, see me.
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
Map to the Dinner
Its only 0.7 miles so you can walk eBay to Holiday Inn
12
Copyright © 2007 - The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/
The OWASP Foundation
OWASP & WASC
AppSec 2007
ConferenceSan Jose – Nov
2007
http://www.owasp.org/http://www.webappsec.org/
Conclusion:OWASP & WASC AppSec 2007 Conference
Dave WichersOWASP Conferences ChairCOO, Aspect [email protected]
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
Some OWASP Growth Stats
One year ago (Oct 2006), we had about 75 local chapters about 15 corporate sponsors about 180K page views / month at OWASP.org and finally a little bit of money . About $88K
Now (Nov 2007), we have over 100 local chapters over 30 corporate sponsors about 360K page views / month at OWASP.org prior to this conference we had about $300K
Of which $90K is pledged to the completion of the 2007 Spring of Code projects
14
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
15
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
And our First Employee
Alison McNameeStarts Nov 26th
Working in OWASP Foundation office in Columbia, MD
Perform Administrative Duties such as Assist OWASP Members Assist OWASP Project and Chapter Leads Help organize and manage OWASP conferences Manage OWASP corporate and individual memberships OWASP financial management OWASP correspondence etc. etc.
16
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
17
Some OWASP Conference Stats 1st OWASP AppSec Conference (2004 NY) - ~100 people on a weekend 2nd OWASP AppSec Conference (2005 London) ~100 on a weekend 3rd OWASP AppSec Conference (2005 D.C.) ~175 plus 40 in tutorials 4th OWASP AppSec Conference (2006 Brussels) ~125 plus 40 in tutorials 5th OWASP AppSec Conference (2006 Seattle) ~180 plus 115 in tutorials 6th OWASP AppSec Conference (2007 Milan) ~140 plus 40 in tutorials OWASP Taiwan Conference (2007 Taiwan)
About 600 attendees for half day free conference!! 2007 OWASP & WASC AppSec Conference (2007 San Jose)
About 260 attendees with 80 people in six 2-day tutorials First Tech Expo: Sold out with 12 vendors participating
Result: Lots of great community interaction/awareness and many great presentations online for community use
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
18
Plans for Next Year (2008)
2008 OWASP Australia AppSec Conference Gold Coast – March 29-31 – 1-day tutorials, 2-day conference
2008 OWASP AppSec Europe Conference Brussels – May 19-22, 2008 Refereed papers track, Vendor Expo Two day Tutorials – two day conference
2008 OWASP AppSec Israel Conference - ?? 2008 OWASP AppSec Taiwan Conference - ?? 2008 OWASP AppSec U.S. Conference
New York City, Oct. 2007 Refereed papers track, Vendor Expo, Lots of tutorials Capture the flag event?
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
19
Please Help OWASP Grow
As contributorsOWASP Chapter LeadersOWASP Project Leaders and ParticipantsSeason of Code Participants (paid projects!)OWASP Conference CommitteeStub articles – wiki contributionsNew technologies to analyze
As membersCorporate Members Individual Members
Please join us and share what you know!
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
20
Please Give Us Your Feedback
Tutorials? More diversity? What other topics are you interested in? Quarterly regional OWASP training events?
Presentations? More tracks? Longer conference? Panels?
Other Activities? OWASP tool demo’s? Capture the flag? Product comparisons? (think UL testing/Consumer Reports)
Send to [email protected]
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
Thanks again to our Hosts!
21
Caroline Wong from eBay – Facilitated getting eBay / PayPal to offer their facility to us
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
22
Thank You to Our Organizers
Aspect SecurityConference OrganizationConference LogisticsConference RegistrationFinancial Management
WASCLocal Conference PromotionFacility Selection/NegotiationLocal Logistics, Event Support
Tech Expo: Pravir Chandra Web Services Track: Gunnar Peterson
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
23
Thanks Again to Our Sponsors
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
24
Thank You to Our Contributors and Members I want to thank ALL the OWASP Project Leads and
their teams for all their Hard Work OWASP wouldn’t exist without them
And thank you to all our corporate & individual members
OWASP & WASC AppSec 2007 Conference – San Jose – Nov 2007
Reminder: Another Cocktail Party :-)
25