1 / 18

OWASP - India Roadmap

OWASP - India Roadmap. Dhruv Soi & Puneet Mehta OWASP Delhi Chapter. Why India is important?. Global Outsourcing hub Emerging market Domestic IT consumption is increasing day-by-day Markets are not solely dependent on exports now Tons of Software development companies

etenia
Download Presentation

OWASP - India Roadmap

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP - India Roadmap Dhruv Soi & Puneet Mehta OWASP Delhi Chapter

  2. Why India is important? • Global Outsourcing hub • Emerging market • Domestic IT consumption is increasing day-by-day • Markets are not solely dependent on exports now • Tons of Software development companies • Network Security is bit matured, AppSec is badly missing • Organization wide security practices are still evolving • Very low trained AppSec man power • Huge gap between developers and security professionals

  3. OWASP India - History • Very less awareness about OWASP in software development community • Almost Dead Chapters • Missing personality & professional profiling of Chapter Leaders • OWASP was kept conservative and available to very few professionals • Missing promotional/marketing efforts by Chapter Leaders • OWASP Foundation - OWASP India Chapters, Cross Cultural gaps, Less/No regular Communication • Lack of monitoring and controlling by OWASP Foundation

  4. OWASP AppSec India Conference Challenges • Very less awareness about OWASP in India • Being very first conference, hard time to find sponsors • Huge marketing efforts made even in region of active chapters due to those being conservative • No team spirit/contribution from other Indian chapters • Unavailability of funds to kick-off the event

  5. OWASP AppSec India Conference 2008 • Paid Participation from top 80 companies • Participation from TCS, Infosys, Satyam, Wipro, Qualys, Symantec, Cisco, CapGemini, CSC, GE, HSBC, Fidelity, Max NewYork, ABN Amro, and many more… • Overwhelming response • Participation from Neighboring Countries • 327 participants attended Conference • 221 participants in trainings • Diamond Sponsor - HP Software

  6. Event Statistics

  7. Event Statistics- Participant Satisfaction survey

  8. Conference Watch List • Dr. Kamlesh Bajaj – CEO, Data Security Council of India (NASSCOM) – Key Note • Dr. Gulshan Rai – Director, CERT-IN – Key Note (Couldn’t make it though) • 20 key participants from National Informatics Center, Ministry of IT & Communications, Govt. of India • Participation from NTRO (National Technology Research Organization, the strategic national body attached to Prime Minister’s Office) • Top Companies from BFSI and IT sectors • Participation from neighboring countries such as Hong Kong, Middle east, Srilanka, Malaysia etc. • Media Attention

  9. Top reasons for Conference success • Think-Tank team of entrepreneurs • Strong presence and visibility in Government & Corporate sectors • Solid Marketing Efforts • Quality Professional Contacts • Non-conservative approach • Dedication towards the goal • Excellent Team Work

  10. Live Event!! Conference Stage 8AM – Registration Area 8:30AM – Registration Area Crowd at conference Crowd at tea

  11. What Next? • Expedite OWASP promotion at India level • Conduct regular chapter meetings • Organize regular big OWASP Events in India (We have already announced next OWASP AppSec India conference 2009 with focus on APAC) • Team Work required between different Chapters • Close Monitoring and Controlling of Chapters at national level • Include potential and capable Leaders in OWASP India

  12. How? • Promoting Delhi Chapter to monitor and control activities happening at other chapters • Sparing National/APAC Wide events with Delhi Chapter as official organizers. • Turning OWASP events to big scale events like BlackHat/ DefCon/ HITB/MISTI etc. • OWASP Foundation floating some seed funds to help in taking initiatives for planning big events • Increased participation of OWASP Foundation members into India based events • Launching new projects in India and working closely with Apex national bodies towards this common MISSION

  13. Why Delhi Chapter? • Delhi – Capital of India • Nation wide decision making happens from Delhi • Ministry offices, CERT-IN, CII, NASSCOM operates from Delhi • Initiative taken by Delhi Chapter towards OWASP promotion – both within corporate & Government sectors. • Delhi Chapter is already experienced in organizing flawless big events • Delhi Chapter – Most Capable chapter as per board’s profile and achievements. • No Cultural gaps while managing other chapters • Easy/low cost regular communication between different chapters if managed from Delhi rather USA • Lesser Domestic travel cost to attend India based chapter meetings than international traveling

  14. OWASP: SWOT… STRENGTHS • Fully Matured in AppSec domain • Big International Presence • Unique entity in the area of expertise • Globally Recognized body • Industry Recognized Board Members • High-Tech Skilled Projects • Free and Open Source Resources • Open contribution

  15. OWASP: SWOT… WEAKNESS • Chapters works independently • Lack of Chapter Level Monitoring • Lesser Motivation to promote chapters • Lack of Initial Funds to take initiatives • No Profiling of Chapter Leaders

  16. OWASP: SWOT… OPPORTUNITIES • With Network Security getting saturated and increasing awareness of application layer threats OWASP can emerge as a top leader in its space • Trainings, Certifications, Consulting (through OWASP accreditation / Certification Process) and keeping Resources/Tools as free and open source, the way they are at present • Increase presence in every region and initiate strategic alliance / ventures with apex Govt. bodies of different countries. This will enable recognition of OWASP projects as Gold standards just like ISO / BS

  17. OWASP: SWOT… THREATS • Other Bodies like ISC2, SANS might completely acquire Indian markets on trainings, certifications with no space left to OWASP • BlackHat, DefCon, HITB are already well established Internationally and their launch in India might reduce down future value of OWASP Conferences. BlackHat is already in talks with some Indian IT body to launch its conferences and trainings in 2010. • Indian bodies like CII, NASSCOM are planning to get collaborated by international bodies like SANS, ISC2 to capture further InfoSec market

  18. Summary • OWASP AppSec India 2008 launched as a successful and well accepted application Security Conference • Next OWASP AppSec India conference to be held in September 2009. Location and Dates yet to be finalized • There is a great potential to promote OWASP amongst Indian Industry – both Govt. & Corporate. Increased participation from Government should be leveraged to strengthen relationship and promote OWASP as a Gold standard in application security space. • Increase participation from OWASP foundation requested in the upcoming India Conferences. • Financial support requested by Foundation towards ongoing promotional activities.

More Related