owasp 2.0 enabling organizations to develop, maintain, and acquire applications they can trust

Copyright © 2006 - The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this license, visit http://creativecommons.org/licenses/by-sa/2.5/

The OWASP Foundation

OWASP

AppSec

Seattle

October 2006

http://www.owasp.org/

OWASP 2.0Enabling organizations to develop, maintain, and acquire applications they can trust

Dinis CruzOWASP

[email protected]

2OWASP AppSec Seattle 2006

Mission

Enabling organizations to develop, maintain, and purchase applications that they can trust


OWASP Foundation

The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all.


History

2000: Mark Curphey and Microsoft Word 2001: OWASP Guide 1.0 Sep 2002: Many volunteers finish 1.1.1 Oct 2002: owasp-leaders created

Leaders from each project This meritocracy still leads us today

2003: OWASP Foundation created -> 2006: tons of new projects (see

tomorrow)


It’s about community

Built on great foundations built by our contributors

Greater peer to peer participation Emphasis on local community building More support for your projects


www.owasp.org


It’s about building a solid foundation

Transparency Annual Report, financial detailsAnnual report (with financial details) starting

2006Move to more formal structure in 2007

timeframe (à la Apache, NetBSD, Debian, etc)

Improve membership experienceMembership packages

Individual Corporate Sponsor

Starter chapter pack


Autumn of Code 2006

»The Open Web Application Security Project (OWASP) has recently launched a new project entitled "OWASP Autumn of Code 2006” that is aimed at financially sponsoring contributions to OWASP Projects.

On the 18th of September our call for entries ended and on the 25th of September we released our list of selected projects to be sponsored. OWASP has made the decision to sponsor 9 projects (5 at $3,500 USD and 4 at $5,000 USD) instead of our originally planned number of 8.


Autumn of Code 2006 - Projects

WebScarab NG – Rogan Dawes Live CD – Joshua Perrymon CAL9000 – Chris Loomis SiteGenerator and ORG – Mike de Libero Pantera – Simon Roses Web Goat – Sherif Koussa Testing Guide – Matteo Meucci OWASP .NET Tools – Boris Maletic OWASP Website and Branding – Aaron M.

Holmes


Current projects (see website)

Release QualityBeta Status Alpha StatusTechnology, Research, and Guides


Funding model

Need to increase OWASP individual and corporate members

Current funding model Conferences Corporate and Individual Memberships (to

be GNI adjusted) Advertising Sponsorships


OWASP Membership An active voice in the development of OWASP Materials that are

becoming widely accepted as an application security standard for all organizations.

A OWASP Commercial License to use the materials within your organization without the restrictions associated with the various open source licenses used by the OWASP projects.

Timely electronic notification of updates to the OWASP Materials. Visibility for your organization's tangible commitment to application

security through its inclusion in the members list on the OWASP website and promotional materials.

The right to use the OWASP name and membership mark to show that you are an OWASP Member. Note that the mark must not be used in any way that might indicate that OWASP supports a commercial product or service.

Collaboration with other highly skilled people from organizations around the world, both virtually and in person during periodic OWASP AppSec conferences and chapter meetings.

Discounted registration fees for OWASP AppSec conferences to all individual members and all employees of member organizations.


OWASP Membership cost

14OWASP AppSec Seattle 2006Local Chapters


Chapters!


Local chapters

Easily the most useful OWASP activity Lots of chapters all around the world


Local chapter support

Use our Internet resources Announce meetings well in advance Have a schedule well in advance Be consistent Community: blogs, forum - in your local

language

Present new stuff... or borrow other chapter’s slides


Guidelines for chapters

Encourage membership in OWASP

Try to be easily found and a popular time Always try to meet, if only for drinkies Local sponsorship by vendors is fine

Try not to be 0wned by the vendors (of any type)

Protect yourself - insurance, talk choices, etc


Leadership Focus

Developing OWASP Foundation and infrastructure

Helping you deliver timely, useful projects

Keeping today’s flagship products fresh and relevant

Winter, Spring, and Summer of Code 2007


OWASP Brand

Our brand is important to us

Need something to help get rid of freeloaders

Many firms abusing OWASP Top 10 / Guide brand

Need a 'brand management' project


Project Incubators

Initiate any project you like

Each project will have its own space Community: Link to team member blogs

and forum Resources: Samples, downloads, private

workspace


Project Focus

Participate!

What do you want us to focus on?

owasp 2.0 enabling organizations to develop, maintain, and acquire applications they can trust

Documents