Welcome to the OWASP WASC App Sec

Welcome to the OWASP & WASC App. Sec 2007 Conference San Jose – Nov 2007 http: //www. webappsec. org/ Dave Wichers OWASP Conferences Chair COO, Aspect Security dave. wichers@owasp. org 301 -604 -4882 Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-Share. Alike 2. 5 License. To view this license, visit http: //creativecommons. org/licenses/by-sa/2. 5/ The OWASP Foundation http: //www. owasp. org/

OWASP < Mission 4 Open source non-profit charitable foundation dedicated to enabling organizations develop, maintain, and acquire software they can trust < Principles 4 All OWASP products are free and open 4 Application security knowledge should be freely available 4 OWASP encourages awareness, discussion, and best practices 4 Making security visible is key to changing the software market 4 OWASP does not recommend any commercial products or services 4 OWASP will not discuss/disclose specific exploits OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 2

OWASP Body of Knowledge Guidance and Tools for Measuring and Managing Application Security Guide to Application Security Testing and Guide to Application Security Code Review Verifying Application Security App. Sec Conferences Chapters Projects Guide to Building Secure Web Applications and Web Services OWASP Community Platform (wiki, forums, mailing lists) OWASP Foundation 501 c 3 Acquiring and Building Secure Applications Research Projects to Figure Out How to Secure the Use of New Technologies (like Ajax) Managing Application Security Core Application Security Knowledge Base Research to Secure New Technologies Principles Threat Agents, Attacks, Vulnerabilities, Impacts, and Countermeasures Application Security Tools App. Sec Education and CBT Tools for Scanning, Testing, Simulating, and Reporting Web Application Security Issues Web Based Learning Environment and Guide for Learning Application Security OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 3

Welcome to the OWASP App. Sec Conference

OWASP Conferences Committee Members < OWASP Conferences Chair: 4 Dave Wichers – Aspect Security and OWASP Board < WASC Support: 4 Jeremiah Grossman, Anurag Agarwal, and others. < Web Services Security Track Chair: 4 Gunnar Peterson – Arctec Group < Tech Expo Chair: 4 Pravir Chandra – Cigital < Refereed Papers Track Chair: 4 Frank Piessens – KU Leuven < 2008 Europe Conference Planning Committee Chair: 4 Sebastien Deleersnyder - Telindus, Belgacom ICT < 2008 U. S. Conference Planning Committee Chair: 4 Tom Brennan – Access IT Group < THANKS FOR ALL THE HELP! And we need more. Volunteers? OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 5

App. Sec Conference Schedule < Also: Tech Expo Upstairs today – From 11 AM to 6 PM 4 Similar structure tomorrow 4 Microsoft/Aspect Security cocktail party (tomorrow) Also at Holiday Inn. OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 6

Thank you to our Hosts! OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 7

Sponsors/Tech Expo

Your Conference Packet

Conference Logistics < Speakers 4 Please use your own laptop for your presentation 4 If you’d don’t have it here, let me know in advance so we can get a laptop with your presentation on it ready < Presentations may be Audio and Video Recorded 4 Speakers, please talk into the mic and repeat any questions so they will be picked up in the recording < Free Wireless Provided by Conference Center < All presentations should be online within two weeks!! OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 10

Tonight’s OWASP Dinner

Map to the Dinner

Conclusion: OWASP & WASC App. Sec 2007 Conference San Jose – Nov 2007 http: //www. webappsec. org/ Dave Wichers OWASP Conferences Chair COO, Aspect Security dave. wichers@owasp. org 301 -604 -4882 Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-Share. Alike 2. 5 License. To view this license, visit http: //creativecommons. org/licenses/by-sa/2. 5/ The OWASP Foundation http: //www. owasp. org/

Some OWASP Growth Stats < One year ago (Oct 2006), we had 4 about 75 local chapters 4 about 15 corporate sponsors 4 about 180 K page views / month at OWASP. org 4 and finally a little bit of money . About $88 K < Now (Nov 2007), we have 4 over 100 local chapters 4 over 30 corporate sponsors 4 about 360 K page views / month at OWASP. org 4 prior to this conference we had about $300 K § Of which $90 K is pledged to the completion of the 2007 Spring of Code projects OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 14

OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 15

And our First Employee

Some OWASP Conference Stats < < < < 1 st OWASP App. Sec Conference (2004 NY) - ~100 people on a weekend 2 nd OWASP App. Sec Conference (2005 London) ~100 on a weekend 3 rd OWASP App. Sec Conference (2005 D. C. ) ~175 plus 40 in tutorials 4 th OWASP App. Sec Conference (2006 Brussels) ~125 plus 40 in tutorials 5 th OWASP App. Sec Conference (2006 Seattle) ~180 plus 115 in tutorials 6 th OWASP App. Sec Conference (2007 Milan) ~140 plus 40 in tutorials OWASP Taiwan Conference (2007 Taiwan) 4 About 600 attendees for half day free conference!! < 2007 OWASP & WASC App. Sec Conference (2007 San Jose) 4 About 260 attendees with 80 people in six 2 -day tutorials 4 First Tech Expo: Sold out with 12 vendors participating < Result: Lots of great community interaction/awareness and many great presentations online for community use OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 17

Plans for Next Year (2008) < 2008 OWASP Australia App. Sec Conference 4 Gold Coast – March 29 -31 – 1 -day tutorials, 2 -day conference < 2008 OWASP App. Sec Europe Conference 4 Brussels – May 19 -22, 2008 4 Refereed papers track, Vendor Expo 4 Two day Tutorials – two day conference < 2008 OWASP App. Sec Israel Conference - ? ? < 2008 OWASP App. Sec Taiwan Conference - ? ? < 2008 OWASP App. Sec U. S. Conference 4 New York City, Oct. 2007 4 Refereed papers track, Vendor Expo, Lots of tutorials 4 Capture the flag event? OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 18

Please Help OWASP Grow

Please Give Us Your Feedback < Tutorials? 4 More diversity? 4 What other topics are you interested in? 4 Quarterly regional OWASP training events? < Presentations? 4 More tracks? 4 Longer conference? 4 Panels? < Other Activities? 4 OWASP tool demo’s? 4 Capture the flag? 4 Product comparisons? (think UL testing/Consumer Reports) < Send to conferences@owasp. org OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 20

Thanks again to our Hosts!

Thank You to Our Organizers

Thanks Again to Our Sponsors OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 23

Thank You to Our Contributors and Members < I want to thank ALL the OWASP Project Leads and their teams for all their Hard Work 4 OWASP wouldn’t exist without them < And thank you to all our corporate & individual members OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 24

Reminder: Another Cocktail Party : -) OWASP & WASC App. Sec 2007 Conference – San Jose – Nov 2007 25