1 / 8

OWASP Backend Security Project

OWASP Backend Security Project. Carlo Pelliccioni Backend Security Project leader carlo.pelliccioni@gmail.com. Who am I. OWASP Italy active member OWASP Testing Guide v2.0 contributor OWASP Backend Security Project leader Penetration Tester @ Symantec

csisco
Download Presentation

OWASP Backend Security Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Backend Security Project • Carlo Pelliccioni • Backend Security Project leader • carlo.pelliccioni@gmail.com

  2. Who am I • OWASP Italy active member • OWASP Testing Guide v2.0 contributor • OWASP Backend Security Project leader • Penetration Tester @ Symantec • Web Application Security trainer

  3. Overview

  4. Overview OWASP Backend Security Project is an OWASP project entirely dedicated to the core of the Web Applications. Several contributors (developers, system integrators and security testers) have contributed to achieve this important aim consisting in a beta quality guide composed by three sections oriented to the security field: Development, Hardening and Testing.

  5. Objectives (1/2) The aim of this OWASP project is to create a new guide that could allow developers, administrators and testers to comprehend any parts of the security process about back-end components that directly communicate with the web applications as well as databases, ldaps, etc.. In this version (v1.0 beta) we were focalized to create new topics and collect the information on the OWASP wiki to reach the objectives defined during the first phase of the Summer of Code 2008.

  6. Objectives (2/2) Overview Create a section with an introduction about the project (high-level description) explaining the main goals. Development Include the writings already existent in OWASP wiki concerning PHP,JAVA and ASP.NET and extend the projects' sections with new contents. Hardening Create new guidelines about the dbms hardening Testing Include the writings already existent in OWASP wiki about security testing. Create new articles about security testing.

  7. Status and Future Steps • Beta Quality v1.0 (Summer of Code 2008) • Security development (new articles) Java – PHP – .NET • Security hardening (only DBMS in this version / new articles) Oracle – SQL Server – DB2 – MySQL – PostgreSQL • Security testing (several articles from Testing Guide v3.0 / new articles) DBMS Fingerprinting – Oracle – MySQL – PostgreSQL – LDAP • Release Quality v2.0 (Winter of Code 2009?) • Improve the existent sections. • Add new topics... ...some ideas? 

  8. Closing Contributors: • Daniele Bellucci • Erik Sonnleitner • Francesco Perna • Giuseppe Gottardi • Guido Landi • Guido Pederzini • Maurizio Agazzini • Massimo Biagiotti • Pasquale de Rinaldis Reviewers: • Esteban Ribičić • Josh Sweeney

More Related