1 / 11

Chapter Briefing OWASP Summit & AppSec DC 2009

Chapter Briefing OWASP Summit & AppSec DC 2009. Ralph Durkee Rochester OWASP VP. Rochester OWASP Leadership. Changes for our Chapter Andrea Cogliati replaces Ralph Durkee as President Ralph Durkee is now serving as Vice President Reasons for Change Prevent overload for Ralph

nami
Download Presentation

Chapter Briefing OWASP Summit & AppSec DC 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter BriefingOWASP Summit &AppSec DC 2009 Ralph Durkee Rochester OWASP VP

  2. Rochester OWASP Leadership Changes for our Chapter • Andrea Cogliati replaces Ralph Durkee as President • Ralph Durkee is now serving as Vice President Reasons for Change • Prevent overload for Ralph • Ralph founded Rochester chapter in 2004; time for new leadership • Andrea has already been heavily involved in leading the Chapter and attended the 2008 Summit

  3. OWASP Summit 2009 • Wash. DC Nov 11th • Meeting of OWASP Leadership • Board • Global Committee Members • Chapter Leaders • OWASP Members • Review 2009 & Decide directions for 2010 • 2nd Summit, 1st was Nov 2008 in Portugal

  4. Agenda • Opening Remarks • Accomplishment since 2008 • Membership & Board Candidates • Presentation and Q&A by each committees

  5. OWASP Board Board Members (original): • Jeff Williams • Dinis Cruz • Dave Wichers • Tom Brennan • SebastienDeleersnyder Board Members (added Nov 2009): • EoinKeary • Matt Tesauro

  6. OWASP Global Committees Global Committees: • Membership Committee • Project Committee • Chapter Committee • Conferences Committee • Education Committee • Industry Committee • Connections Committee

  7. OWASP Summit Highlights • Each committee presented followed by plenty of Q&A, discussion and debate • Size of the OWASP Board increased to 7 • Board candidates presented and held Q&A • Lively debate on OWASP Certification • Plenty of encouragement to increase involvement in committees and projects • Great networking with other OWASP Leaders

  8. DC AppSec 2009 Highlights Jeff Williams spoke briefly on the state of Software Security • Broken market? - cited “The Market for Lemons” by George Akerlof • If buyers can’t see the difference, then only lemons will be sold. • Need radical innovative ideas to fix the market. • Not going to “hack our way secure”. • The OWASP mission is to make application security visible.

  9. DC AppSec 2009 Highlights 2 OWASP ESAPI Web Application Firewall ??? • ESAPI is Enterprise Security API • How does ESAPI become a Web App Firewall? • Virtual patching - API providers wrappers for vulnerable calls to provide security • Add flags, headers, authentication calls etc. • ESAPI has better coverage of the vulnerabilities then most WAF • Better Performance and Intelligence at the application layer. • Very affordable since it’s Free

  10. DC AppSec 2009 Highlights 3 • 2010 OWASP Top 10 RC announced • Dave Wichers presented • Slides and Video are on-line • More Information • Slides and Videos of some presentations are recently on-line (Video was lost and recovered) • http://www.owasp.org/index.php/OWASP_AppSec_DC_2009_Schedule#tab=Talks_11.2F12 • NoScript users - Need to have Javascript enabled from yahoooapis.com for the tabs to work. 

  11. That’s it… • Any questions or comments? • Presentation will be online: Thank you!

More Related