OWASP The Timeline - An application security / web security ...

gayheadtibburInternet και Εφαρμογές Web

5 Φεβ 2013 (πριν από 4 χρόνια και 9 μήνες)

537 εμφανίσεις

Copyright © The OWASP Foundation

Permission is granted to copy, distribute and/or modify this document
under the terms of the OWASP License.

The OWASP Foundation

OWASP

http://www.owasp.org


OWASP
Projects Portal Launch!

Jason Li

Global Projects Committee

jason.li@owasp.org

AppSec

USA 2011

OWASP

The Prologue


OWASP Projects are:


Open Source


Freely Available


Anyone Can Start


Anyone Can Contribute


Anyone Can Use



Documentation, Tools, Code



Hugely successful
-

over 140 projects!!

2

OWASP

3

The Problem

OWASP
AntiSamy

Project

OWASP Application Security Verification Standard Project

OWASP Book Cover & Sleeve Design

OWASP Code Review Guide Project

OWASP Codes of Conduct

OWASP
CSRFGuard

Project

OWASP Development Guide Project

OWASP Enterprise Security API

OWASP
ModSecurity

Core Rule Set Project

OWASP Secure Coding Practices
-

Quick Reference Guide

OWASP Software Assurance Maturity Model (SAMM)

OWASP Testing Guide Project

OWASP Top Ten Project

OWASP Web Testing Environment Project

OWASP
WebGoat

Project

OWASP Zed Attack Proxy

JBroFuzz

OWASP AIR Security Project

OWASP
AppSec

Tutorial Series

OWASP
AppSensor

Project

OWASP Broken Web Applications Project

OWASP Cloud


10 Project

OWASP
CSRFTester

Project

OWASP CTF Project

OWASP
EnDe

Project

OWASP Fiddler
Addons

for Security Testing Project

OWASP Forward Exploit Tool Project

OWASP
Fuzzing

Code Database

OWASP
Hackademic

Challenges Project

OWASP
Hatkit

Datafiddler

Project

OWASP
Hatkit

Proxy Project

OWASP HTTP POST Tool

OWASP Java XML Templates Project

OWASP JavaScript Sandboxes Project

OWASP
Joomla

Vulnerability Scanner Project

OWASP LAPSE Project

OWASP Legal Project

OWASP Mantra Security Framework

OWASP
Mutillidae

Project

OWASP O2 Platform

OWASP
Orizon

Project

OWASP Podcast Project

OWASP
Scrubbr

OWASP Secure Web Application Framework Manifesto

OWASP Security Assurance Testing of Virtual Worlds Project

OWASP SWAAT Project

OWASP
Vicnum

Project

OWASP Wapiti Project

OWASP Web Browser Testing System Project

OWASP
WebScarab

Project

OWASP
Webslayer

Project

OWASP
WSFuzzer

Project

OWASP
Yasca

Project

Virtual Patching Best Practices

OWASP Access Control Rules Tester Project

OWASP Application Security Metrics Project

OWASP
AppSec

FAQ Project

OWASP ASDR Project

OWASP Backend Security Project

OWASP Best Practices: Use of Web Application Firewalls

OWASP CAL9000 Project

OWASP CLASP Project

OWASP
CodeCrawler

Project

OWASP Content Validation using Java Annotations Project

OWASP
DirBuster

Project

OWASP Encoding Project

OWASP Google Hacking Project

OWASP Insecure Web App Project

OWASP Interceptor Project

OWASP JSP Testing Tool Project

OWASP
LiveCD

Education Project

OWASP Logging Guide

OWASP
NetBouncer

Project

OWASP Open Review Project

OWASP
OpenPGP

Extensions for HTTP
-

Enigform

and
mod_openpgp

Project

OWASP
OpenSign

Server Project

OWASP
Pantera

Web Assessment Studio Project

OWASP PHP Project

OWASP Report Generator

OWASP Ruby on Rails Security Guide V2

OWASP Scholastic Application Security Assessment Project

OWASP Security Analysis of Core J2EE Design Patterns Project

OWASP Security Spending Benchmarks Project

OWASP Site Generator Project

OWASP
Skavenger

Project

OWASP Source Code Flaws Top 10 Project

OWASP Source Code Review for OWASP
-
Projects Project

OWASP
Sprajax

Project

OWASP
Sqlibench

Project

OWASP
sqliX

Project

OWASP Stinger Project

OWASP Teachable Static Analysis Workbench Project

OWASP Tiger

OWASP Tools Project

OWASP Uniform Reporting Guidelines

OWASP Validation Project

OWASP
Webekci

Project

OWASP Common Numbering Project

OWASP Application Security Requirements Project

OWASP
Favicon

Database Project

OPA

OWASP Academy Portal Project

OWASP AJAX Security Project

OWASP Alchemist Project

OWASP Application Security Assessment Standards Project

OWASP Application Security Program for Managers

OWASP Application Security Skills Assessment

OWASP ASIDE Project

OWASP Browser Security ACID Test Project

OWASP Browser Security Project

OWASP Computer Based Training Project (OWASP CBT Project)

OWASP Enterprise Application Security Project

OWASP ESOP Framework

OWASP Exams Project

OWASP
GoatDroid

Project

OWASP
iGoat

Project

OWASP Java Encoder Project

OWASP Java HTML Sanitizer Project

OWASP Mobile Security Project

OWASP Myth Breakers Project

OWASP Project Partnership Model

OWASP Proxy Project

OWASP Request For Proposal

OWASP Secure Password Project

OWASP Secure the Flag Project

OWASP Security Baseline Project

OWASP Security Ecosystems Project

OWASP Software Security Assurance Process

OWASP Threat Modeling Project

OWASP
WhatTheFuzz

Project

OWASP Web Application Security Accessibility Project

OWASP ESAPI C++ Project

OWASP ESAPI C Project

OWASP Data Exchange Format Project

OWASP Cheat Sheets Project

OWASP Security Tools for Developers Project

OWASP SIMBA Project

OWASP VFW Project

OWASP

The Vision


Provide a way to
enable
:


Consumers to
find

projects of value and
relevance


Community members
to
provide feedback

to
leaders


Contributors to be
recognized
for work


GPC to
support

and
promote
projects



4

Find

Feedback

Fame

Foundation

OWASP

The Path


Partnered w/
Geeknet

(creators of
SourceForge
)





OWASP Neighborhood to house metadata about
projects



SourceForge

infrastructure will be
available
to
OWASP Projects

5

by

OWASP

The Reason


Summary Page


(Enables users to
find

projects of
value and relevance)


Reviews feature


(Enables community members to
provide feedback

to leaders)


Tracking /
Plugins


(Enables contributors to be
recognized
for work)


Metadata Repository


(GPC to
support

and
promote
projects)

6

OWASP

The Cool Stuff


Incubator, Labs, Flagship, Archive


Enables users to distinguish developing projects from
mature ones



Entirely Community Driven


Open review system drives:


Elevation process


Benefits for projects (e.g. graphic design, code signing, etc)


Promotion and visibility



7

OWASP

The Timeline

8

Launch Day!

September 2011

OWASP

The Timeline


September 23
rd
, 2011 (
AppSec

USA)


Call for volunteers (five projects so far!)



January 1
st

2012 (New Year’s)


Current projects inventory metadata migrated


First batch of volunteer projects go live



July 13
th
, 2012 (
AppSec

EU)


All new projects go automatically through portal


General Availability


9

OWASP

The End

10