SlideShare une entreprise Scribd logo

OWASP Bulgaria

Zero Science Lab
Zero Science Lab

This document provides an overview of the Open Web Application Security Project (OWASP) Bulgaria chapter. It introduces the chapter leader and discusses OWASP's mission to improve software security. The document outlines membership benefits and encourages participation in OWASP projects and events. It also summarizes the OWASP Top 10 project, which identifies the most critical web application security risks.

Formation
1  sur  38
Télécharger pour lire hors ligne
OWASP Plan - Strawman Georgi Geshev OWASP Bulgaria Leader OWASP georgi.geshev@owasp.org 03.04.10 +359-884-237-207 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
Agenda Part 1: Introduction -Who are we? • What is this project all about? • Would you like to join the OWASP community? Part 2: Real world stories • Care to know about the OWASP Top 10 project? • How’s the web down there in Wonderland? OWASP 2
Introduction Who Am I? (1) Free and Open Source Software Evangelist OWASP 3
Introduction Who Am I? (1) Free and Open Source Software Evangelist (2) Enthusiastic Infosec Ninja OWASP 4
Introduction Who Am I? (1) Free and Open Source Software Evangelist (2) Enthusiastic Infosec Ninja ① + ②= ? OWASP 5
Introduction Who Am I? (1) Free and Open Source Software Evangelist (2) Enthusiastic Infosec Ninja ① + ②= ? Here’s the OWASP formula.. FOSS + WEB × APP × SEC = OWASP OWASP 6
The Open Web Application Security Project The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. http://www.owasp.org/index.php OWASP 7
The Open Web Application Security Project The Local Chapters Over 150 local chapters worldwide.. OWASP 8
The Open Web Application Security Project OWASP Bulgaria • This local chapter was founded in late 2010 • Less than 10 mailing list members • Please consider joining the local chapter mailing list • Regular chapter meetings • Welcome to the first one of ‘em!  • For submissions, suggestions, offers and questions.. • Forward your message to the mailing list • Contact me via email OWASP 9
The Open Web Application Security Project Organization Supporters OWASP 10
OWASP 11
The Open Web Application Security Project Show Your Support Consider… • Donating • Becoming an OWASP (local chapter) member • Attending the local chapter regular meetings • Attending an OWASP AppSec series conference • Global AppSec Europe - June 6th-11th 2011 @Dublin, Ireland • Contributing to an OWASP project • Developers, beta testers, etc. OWASP 12
The Open Web Application Security Project Affiliation and Membership Categories of Membership and Supporters • Individual Supporters • Single Meeting Supporter • Organization Supporters • Accredited University Supporters OWASP 13
The Open Web Application Security Project Membership Why Become a Supporting Member? • Ethics and principals of OWASP Foundation • Underscore your awareness of web application software security • Attend OWASP conferences at a discount • Expand your personal network of contacts • Support a local chapter of your choice • Get your @owasp.org email address • Have individual vote in elections http://www.owasp.org/index.php/Membership OWASP 14
The Open Web Application Security Project OWASP Projects Tools and documents are organized into the following categories: • Protect – These are tools and documents that can be used to guard against security-related design and implementation flaws. • Detect – These are tools and documents that can be used to find security-related design and implementation flaws. • Life Cycle – These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC). OWASP 15
The Open Web Application Security Project The OWASP Top 10 Project Project details.. • The OWASP Top Ten provides a powerful awareness document for web application security. • The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. • Its latest (stable) release dates from April 2010. • Creative Commons Attribution Share Alike 3.0 License ;) http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP 16
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection OWASP 17
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) OWASP 18
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management OWASP 19
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References OWASP 20
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) OWASP 21
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration OWASP 22
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage OWASP 23
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access OWASP 24
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection OWASP 25
The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection OWASP 26 A10: Unvalidated Redirects and Forwards
The Open Web Application Security Project The OWASP Top 10 Project OWASP 27
The Open Web Application Security Project The OWASP Top 10 Project OWASP 28
The Open Web Application Security Project The OWASP Top 10 Project “Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these paths represents a risk that may, or may not, be serious enough to warrant attention.” http://www.owasp.org/index.php/Top_10_2010-Main OWASP 29
The Open Web Application Security Project The OWASP Top 10 Project Companies, vendors and others (officially) profiting from The OWASP Top 10 OWASP 30
The Open Web Application Security Project OWASP Guides Don’t stop at The OWASP Top 10! Because The OWASP Top 10 project is simply not enough.. • OWASP Development Guide (Developer’s Guide) • OWASP Testing Project (Testing Guide) • OWASP Code Review Project (Code Review Guide) OWASP 31
The Open Web Application Security Project В страната на чудесата ;) OWASP 32
The Open Web Application Security Project В страната на чудесата ;) “Здравословното” състояние на българския уеб.. OWASP 33
The Open Web Application Security Project В страната на чудесата ;) OWASP 34
The Open Web Application Security Project В страната на чудесата ;) Дискусия? OWASP 35
The Open Web Application Security Project В страната на чудесата ;) Дискусия? Бира? OWASP 36
Shout outs go to … • Kate Hartmann (Operations Director at OWASP) • Tom Brennan (Global Board Member at OWASP) All of these folks and a few more.. • P. Stefanov • Y. Kolev • M. Soler ..for kindly recommending and helping me set up this chapter! • Thank you to all of you for attending this very first meeting ;) OWASP 37
Thank you for your attention! Please forward any questions, comments and suggestions to: georgi.geshev@owasp.org OWASP 38

Recommandé

[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
[OWASP-Bulgaria] G. Geshev - Chapter Introductory LectureG. Geshev
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLudovic Petit
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014Sebastien Gioria
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
Cyber Security and Open Source
Cyber Security and Open SourceCyber Security and Open Source
Cyber Security and Open SourcePOSSCON
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universeSebastien Gioria
 

Recommandé

[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
[OWASP-Bulgaria] G. Geshev - Chapter Introductory LectureG. Geshev
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLudovic Petit
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014Sebastien Gioria
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
Cyber Security and Open Source
Cyber Security and Open SourceCyber Security and Open Source
Cyber Security and Open SourcePOSSCON
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universeSebastien Gioria
 
Owasp tunisia web day 2011
Owasp tunisia web day 2011Owasp tunisia web day 2011
Owasp tunisia web day 2011OWASPTunisia
 
42 minutes to secure your code....
42 minutes to secure your code....42 minutes to secure your code....
42 minutes to secure your code....Sebastien Gioria
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTrivadis
 
[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automationOWASP
 
State of Web App Security 2012
State of Web App Security 2012State of Web App Security 2012
State of Web App Security 2012Robert Rowley
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?OWASP
 
Mobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGMobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGRomuald SZKUDLAREK
 
Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Philippe De Ryck
 
Recoleccion de Informacion con Google (OWASP Argentina)
Recoleccion de Informacion con Google (OWASP Argentina)Recoleccion de Informacion con Google (OWASP Argentina)
Recoleccion de Informacion con Google (OWASP Argentina)Maximiliano Soler
 
Grsecurity - Theoretical and Practical Application
Grsecurity - Theoretical and Practical ApplicationGrsecurity - Theoretical and Practical Application
Grsecurity - Theoretical and Practical ApplicationZero Science Lab
 
Информациско безбедносна проценка на веб апликации (изучување на случај)
Информациско безбедносна проценка на веб апликации (изучување на случај)Информациско безбедносна проценка на веб апликации (изучување на случај)
Информациско безбедносна проценка на веб апликации (изучување на случај)Zero Science Lab
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2Zero Science Lab
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityZero Science Lab
 
Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overviewNikola Milosevic
 
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxOWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxgerardkortney
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pjSébastien GIORIA
 
OISF - AppSec Presentation
OISF - AppSec PresentationOISF - AppSec Presentation
OISF - AppSec PresentationCiNPA Security SIG
 
Chirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita Ionel
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)PrashantDhakol
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfSamSepiolRhodes
 

Contenu connexe

Tendances

Owasp tunisia web day 2011
Owasp tunisia web day 2011Owasp tunisia web day 2011
Owasp tunisia web day 2011OWASPTunisia
 
42 minutes to secure your code....
42 minutes to secure your code....42 minutes to secure your code....
42 minutes to secure your code....Sebastien Gioria
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTrivadis
 
[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automationOWASP
 
State of Web App Security 2012
State of Web App Security 2012State of Web App Security 2012
State of Web App Security 2012Robert Rowley
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?OWASP
 
Mobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGMobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGRomuald SZKUDLAREK
 
Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Philippe De Ryck
 

Tendances (9)

Owasp tunisia web day 2011
Owasp tunisia web day 2011Owasp tunisia web day 2011
Owasp tunisia web day 2011
 
42 minutes to secure your code....
42 minutes to secure your code....42 minutes to secure your code....
42 minutes to secure your code....
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
 
[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation
 
State of Web App Security 2012
State of Web App Security 2012State of Web App Security 2012
State of Web App Security 2012
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?
 
Mobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTGMobile Security at OWASP - MASVS and MSTG
Mobile Security at OWASP - MASVS and MSTG
 
Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)Are you botching the security of your AngularJS applications? (DevFest 2016)
Are you botching the security of your AngularJS applications? (DevFest 2016)
 

En vedette

Recoleccion de Informacion con Google (OWASP Argentina)
Recoleccion de Informacion con Google (OWASP Argentina)Recoleccion de Informacion con Google (OWASP Argentina)
Recoleccion de Informacion con Google (OWASP Argentina)Maximiliano Soler
 
Grsecurity - Theoretical and Practical Application
Grsecurity - Theoretical and Practical ApplicationGrsecurity - Theoretical and Practical Application
Grsecurity - Theoretical and Practical ApplicationZero Science Lab
 
Информациско безбедносна проценка на веб апликации (изучување на случај)
Информациско безбедносна проценка на веб апликации (изучување на случај)Информациско безбедносна проценка на веб апликации (изучување на случај)
Информациско безбедносна проценка на веб апликации (изучување на случај)Zero Science Lab
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2Zero Science Lab
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityZero Science Lab
 

En vedette (6)

Recoleccion de Informacion con Google (OWASP Argentina)
Recoleccion de Informacion con Google (OWASP Argentina)Recoleccion de Informacion con Google (OWASP Argentina)
Recoleccion de Informacion con Google (OWASP Argentina)
 
Grsecurity - Theoretical and Practical Application
Grsecurity - Theoretical and Practical ApplicationGrsecurity - Theoretical and Practical Application
Grsecurity - Theoretical and Practical Application
 
Информациско безбедносна проценка на веб апликации (изучување на случај)
Информациско безбедносна проценка на веб апликации (изучување на случај)Информациско безбедносна проценка на веб апликации (изучување на случај)
Информациско безбедносна проценка на веб апликации (изучување на случај)
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With Google
 
CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurity
 

Similaire à OWASP Bulgaria

OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxOWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxgerardkortney
 
Chirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita Ionel
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)PrashantDhakol
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfSamSepiolRhodes
 
Owasp top 10-2017
Owasp top 10-2017Owasp top 10-2017
Owasp top 10-2017malvvv
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Websec México, S.C.
 
Ofer Maor - OWASP Top 10
Ofer Maor - OWASP Top 10Ofer Maor - OWASP Top 10
Ofer Maor - OWASP Top 10CSAIsrael
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageVandana Verma
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareAditya K Sood
 

Similaire à OWASP Bulgaria (20)

Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overview
 
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxOWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
 
OISF - AppSec Presentation
OISF - AppSec PresentationOISF - AppSec Presentation
OISF - AppSec Presentation
 
Chirita ionel owasp europe tour
Chirita ionel owasp europe tourChirita ionel owasp europe tour
Chirita ionel owasp europe tour
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdf
 
Owasp top 10-2017
Owasp top 10-2017Owasp top 10-2017
Owasp top 10-2017
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10
 
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
 
Ofer Maor - OWASP Top 10
Ofer Maor - OWASP Top 10Ofer Maor - OWASP Top 10
Ofer Maor - OWASP Top 10
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 
OWASP overview 2017
OWASP overview 2017OWASP overview 2017
OWASP overview 2017
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec Presentation
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec Village
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
 
Owasp o
Owasp oOwasp o
Owasp o
 
OWASP -Top 5 Jagjit
OWASP -Top 5 JagjitOWASP -Top 5 Jagjit
OWASP -Top 5 Jagjit
 

Plus de Zero Science Lab

Broadcast Signal Intrusion - Hacking Radio Stations
Broadcast Signal Intrusion - Hacking Radio StationsBroadcast Signal Intrusion - Hacking Radio Stations
Broadcast Signal Intrusion - Hacking Radio StationsZero Science Lab
 
Безбедност: МК сајбер простор и инфраструктура - Отстранување на национална с...
Безбедност: МК сајбер простор и инфраструктура - Отстранување на национална с...Безбедност: МК сајбер простор и инфраструктура - Отстранување на национална с...
Безбедност: МК сајбер простор и инфраструктура - Отстранување на национална с...Zero Science Lab
 
Пенетрациско тестирање на биометриски систем за контрола на пристап - Кратка ...
Пенетрациско тестирање на биометриски систем за контрола на пристап - Кратка ...Пенетрациско тестирање на биометриски систем за контрола на пристап - Кратка ...
Пенетрациско тестирање на биометриски систем за контрола на пристап - Кратка ...Zero Science Lab
 
Digital Signage Systems - The Modern Hacker's Outreach
Digital Signage Systems - The Modern Hacker's OutreachDigital Signage Systems - The Modern Hacker's Outreach
Digital Signage Systems - The Modern Hacker's OutreachZero Science Lab
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Анализа на оддалечена експлоатациjа во Linux кернел
Анализа на оддалечена експлоатациjа во Linux кернелАнализа на оддалечена експлоатациjа во Linux кернел
Анализа на оддалечена експлоатациjа во Linux кернелZero Science Lab
 
Изучување на случај: Иницијална безбедносна анализа на изворен код кај систем...
Изучување на случај: Иницијална безбедносна анализа на изворен код кај систем...Изучување на случај: Иницијална безбедносна анализа на изворен код кај систем...
Изучување на случај: Иницијална безбедносна анализа на изворен код кај систем...Zero Science Lab
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsZero Science Lab
 
Web Vulnerabilities And Exploitation - Compromising The Web
Web Vulnerabilities And Exploitation - Compromising The WebWeb Vulnerabilities And Exploitation - Compromising The Web
Web Vulnerabilities And Exploitation - Compromising The WebZero Science Lab
 
Преоптоварување на баферот и безбедносни механизми на меморијата PPT
Преоптоварување на баферот и безбедносни механизми на меморијата PPTПреоптоварување на баферот и безбедносни механизми на меморијата PPT
Преоптоварување на баферот и безбедносни механизми на меморијата PPTZero Science Lab
 
Преоптоварување на баферот и безбедносни механизми на меморијата
Преоптоварување на баферот и безбедносни механизми на меморијатаПреоптоварување на баферот и безбедносни механизми на меморијата
Преоптоварување на баферот и безбедносни механизми на меморијатаZero Science Lab
 
Vulnerability Discovery (MK)
Vulnerability Discovery (MK)Vulnerability Discovery (MK)
Vulnerability Discovery (MK)Zero Science Lab
 
The Metasploit Framework (MK)
The Metasploit Framework (MK)The Metasploit Framework (MK)
The Metasploit Framework (MK)Zero Science Lab
 
IDS - Intrusion Detection Systems (MK)
IDS - Intrusion Detection Systems (MK)IDS - Intrusion Detection Systems (MK)
IDS - Intrusion Detection Systems (MK)Zero Science Lab
 

Plus de Zero Science Lab (15)

Broadcast Signal Intrusion - Hacking Radio Stations
Broadcast Signal Intrusion - Hacking Radio StationsBroadcast Signal Intrusion - Hacking Radio Stations
Broadcast Signal Intrusion - Hacking Radio Stations
 
Безбедност: МК сајбер простор и инфраструктура - Отстранување на национална с...
Безбедност: МК сајбер простор и инфраструктура - Отстранување на национална с...Безбедност: МК сајбер простор и инфраструктура - Отстранување на национална с...
Безбедност: МК сајбер простор и инфраструктура - Отстранување на национална с...
 
Пенетрациско тестирање на биометриски систем за контрола на пристап - Кратка ...
Пенетрациско тестирање на биометриски систем за контрола на пристап - Кратка ...Пенетрациско тестирање на биометриски систем за контрола на пристап - Кратка ...
Пенетрациско тестирање на биометриски систем за контрола на пристап - Кратка ...
 
Digital Signage Systems - The Modern Hacker's Outreach
Digital Signage Systems - The Modern Hacker's OutreachDigital Signage Systems - The Modern Hacker's Outreach
Digital Signage Systems - The Modern Hacker's Outreach
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
Анализа на оддалечена експлоатациjа во Linux кернел
Анализа на оддалечена експлоатациjа во Linux кернелАнализа на оддалечена експлоатациjа во Linux кернел
Анализа на оддалечена експлоатациjа во Linux кернел
 
Изучување на случај: Иницијална безбедносна анализа на изворен код кај систем...
Изучување на случај: Иницијална безбедносна анализа на изворен код кај систем...Изучување на случај: Иницијална безбедносна анализа на изворен код кај систем...
Изучување на случај: Иницијална безбедносна анализа на изворен код кај систем...
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systems
 
Web Vulnerabilities And Exploitation - Compromising The Web
Web Vulnerabilities And Exploitation - Compromising The WebWeb Vulnerabilities And Exploitation - Compromising The Web
Web Vulnerabilities And Exploitation - Compromising The Web
 
Преоптоварување на баферот и безбедносни механизми на меморијата PPT
Преоптоварување на баферот и безбедносни механизми на меморијата PPTПреоптоварување на баферот и безбедносни механизми на меморијата PPT
Преоптоварување на баферот и безбедносни механизми на меморијата PPT
 
Преоптоварување на баферот и безбедносни механизми на меморијата
Преоптоварување на баферот и безбедносни механизми на меморијатаПреоптоварување на баферот и безбедносни механизми на меморијата
Преоптоварување на баферот и безбедносни механизми на меморијата
 
Vulnerability Discovery (MK)
Vulnerability Discovery (MK)Vulnerability Discovery (MK)
Vulnerability Discovery (MK)
 
M3t4splo1t
M3t4splo1tM3t4splo1t
M3t4splo1t
 
The Metasploit Framework (MK)
The Metasploit Framework (MK)The Metasploit Framework (MK)
The Metasploit Framework (MK)
 
IDS - Intrusion Detection Systems (MK)
IDS - Intrusion Detection Systems (MK)IDS - Intrusion Detection Systems (MK)
IDS - Intrusion Detection Systems (MK)
 

Dernier

Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 

Dernier (20)

Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 

OWASP Bulgaria

  • 1. OWASP Plan - Strawman Georgi Geshev OWASP Bulgaria Leader OWASP georgi.geshev@owasp.org 03.04.10 +359-884-237-207 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
  • 2. Agenda Part 1: Introduction -Who are we? • What is this project all about? • Would you like to join the OWASP community? Part 2: Real world stories • Care to know about the OWASP Top 10 project? • How’s the web down there in Wonderland? OWASP 2
  • 3. Introduction Who Am I? (1) Free and Open Source Software Evangelist OWASP 3
  • 4. Introduction Who Am I? (1) Free and Open Source Software Evangelist (2) Enthusiastic Infosec Ninja OWASP 4
  • 5. Introduction Who Am I? (1) Free and Open Source Software Evangelist (2) Enthusiastic Infosec Ninja ① + ②= ? OWASP 5
  • 6. Introduction Who Am I? (1) Free and Open Source Software Evangelist (2) Enthusiastic Infosec Ninja ① + ②= ? Here’s the OWASP formula.. FOSS + WEB × APP × SEC = OWASP OWASP 6
  • 7. The Open Web Application Security Project The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. http://www.owasp.org/index.php OWASP 7
  • 8. The Open Web Application Security Project The Local Chapters Over 150 local chapters worldwide.. OWASP 8
  • 9. The Open Web Application Security Project OWASP Bulgaria • This local chapter was founded in late 2010 • Less than 10 mailing list members • Please consider joining the local chapter mailing list • Regular chapter meetings • Welcome to the first one of ‘em!  • For submissions, suggestions, offers and questions.. • Forward your message to the mailing list • Contact me via email OWASP 9
  • 10. The Open Web Application Security Project Organization Supporters OWASP 10
  • 11. OWASP 11
  • 12. The Open Web Application Security Project Show Your Support Consider… • Donating • Becoming an OWASP (local chapter) member • Attending the local chapter regular meetings • Attending an OWASP AppSec series conference • Global AppSec Europe - June 6th-11th 2011 @Dublin, Ireland • Contributing to an OWASP project • Developers, beta testers, etc. OWASP 12
  • 13. The Open Web Application Security Project Affiliation and Membership Categories of Membership and Supporters • Individual Supporters • Single Meeting Supporter • Organization Supporters • Accredited University Supporters OWASP 13
  • 14. The Open Web Application Security Project Membership Why Become a Supporting Member? • Ethics and principals of OWASP Foundation • Underscore your awareness of web application software security • Attend OWASP conferences at a discount • Expand your personal network of contacts • Support a local chapter of your choice • Get your @owasp.org email address • Have individual vote in elections http://www.owasp.org/index.php/Membership OWASP 14
  • 15. The Open Web Application Security Project OWASP Projects Tools and documents are organized into the following categories: • Protect – These are tools and documents that can be used to guard against security-related design and implementation flaws. • Detect – These are tools and documents that can be used to find security-related design and implementation flaws. • Life Cycle – These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC). OWASP 15
  • 16. The Open Web Application Security Project The OWASP Top 10 Project Project details.. • The OWASP Top Ten provides a powerful awareness document for web application security. • The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. • Its latest (stable) release dates from April 2010. • Creative Commons Attribution Share Alike 3.0 License ;) http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP 16
  • 17. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection OWASP 17
  • 18. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) OWASP 18
  • 19. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management OWASP 19
  • 20. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References OWASP 20
  • 21. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) OWASP 21
  • 22. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration OWASP 22
  • 23. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage OWASP 23
  • 24. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access OWASP 24
  • 25. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection OWASP 25
  • 26. The Open Web Application Security Project The OWASP Top 10 Project The OWASP Top 10 Web Application Security Risks A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection OWASP 26 A10: Unvalidated Redirects and Forwards
  • 27. The Open Web Application Security Project The OWASP Top 10 Project OWASP 27
  • 28. The Open Web Application Security Project The OWASP Top 10 Project OWASP 28
  • 29. The Open Web Application Security Project The OWASP Top 10 Project “Attackers can potentially use many different paths through your application to do harm to your business or organization. Each of these paths represents a risk that may, or may not, be serious enough to warrant attention.” http://www.owasp.org/index.php/Top_10_2010-Main OWASP 29
  • 30. The Open Web Application Security Project The OWASP Top 10 Project Companies, vendors and others (officially) profiting from The OWASP Top 10 OWASP 30
  • 31. The Open Web Application Security Project OWASP Guides Don’t stop at The OWASP Top 10! Because The OWASP Top 10 project is simply not enough.. • OWASP Development Guide (Developer’s Guide) • OWASP Testing Project (Testing Guide) • OWASP Code Review Project (Code Review Guide) OWASP 31
  • 32. The Open Web Application Security Project В страната на чудесата ;) OWASP 32
  • 33. The Open Web Application Security Project В страната на чудесата ;) “Здравословното” състояние на българския уеб.. OWASP 33
  • 34. The Open Web Application Security Project В страната на чудесата ;) OWASP 34
  • 35. The Open Web Application Security Project В страната на чудесата ;) Дискусия? OWASP 35
  • 36. The Open Web Application Security Project В страната на чудесата ;) Дискусия? Бира? OWASP 36
  • 37. Shout outs go to … • Kate Hartmann (Operations Director at OWASP) • Tom Brennan (Global Board Member at OWASP) All of these folks and a few more.. • P. Stefanov • Y. Kolev • M. Soler ..for kindly recommending and helping me set up this chapter! • Thank you to all of you for attending this very first meeting ;) OWASP 37
  • 38. Thank you for your attention! Please forward any questions, comments and suggestions to: georgi.geshev@owasp.org OWASP 38