OWASP ESAPI AppSecDC - Revision history

Jeff Williams at 20:40, 11 November 2009

2009-11-11T20:40:17Z

Jeff Williams at 20:39, 11 November 2009

2009-11-11T20:39:48Z

Leeannehart at 15:17, 20 October 2009

2009-10-20T15:17:04Z

Mark.bristow: /* The speaker */

2009-08-21T00:48:58Z

‎The speaker

Mark.bristow: /* The speaker */

2009-08-21T00:43:11Z

‎The speaker

Mark.bristow: /* The speaker */

2009-08-04T19:13:32Z

‎The speaker

Mark.bristow: /* The presentation */

2009-08-04T19:12:11Z

‎The presentation

Mark.bristow: Created page with '== The presentation == right OWASP ESAPI Update == The speaker == Jeff has specialized in information security since 1989 and has published nume…'

2009-08-04T14:41:27Z

Created page with '== The presentation == right OWASP ESAPI Update == The speaker == Jeff has specialized in information security since 1989 and has published nume…'

New page

== The presentation ==

[[Image:Owasp_logo_normal.jpg|right]]
OWASP ESAPI Update

== The speaker ==
Jeff has specialized in information security since 1989 and has published numerous papers focused on practical risk and assurance techniques. Jeff has been writing code for 25 years in many different environments but has focused primarily on Java and J2EE security for the past 10 years. Jeff is a primary author of the OWASP Top 10 Web Application Security Vulnerabilities and the OWASP Secure Software Development Contract Annex, and he leads several OWASP projects. He also chaired the group responsible for creating ISO 21827, the Systems Security Engineering Capability Maturity Model (SSE-CMM).

[[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]

← Older revision		Revision as of 20:40, 11 November 2009
Line 2:		Line 2:

	[[Image:JeffWilliams2.jpg\|200px\|thumb\|right\|Jeff Williams]]		[[Image:JeffWilliams2.jpg\|200px\|thumb\|right\|Jeff Williams]]
−	Application security is arguably the most difficult IT challenge facing organizations today. Chasing the 700 types of common weaknesses with scanners and static analysis is a losing proposition. Rather than chasing after these vulnerabilities, developers can address almost all of these problems with a set of 10 to 12 strong centralized security controls. To make it easier for developers to establish these controls, the Open Web Application Security Project (OWASP) Enterprise Security API (ESAPI) project has created a clean, intuitive, and open-source set of security controls across the most popular web platforms, including Java, .NET, PHP, Python, Cold Fusion, and ASP.NET. In this talk, Jeff will show you how to create an ESAPI for your organization that will solve the OWASP Top Ten vulnerabilities, increase assurance, and dramatically development and verification cut costs all at the same time.	+	Application security is arguably the most difficult IT challenge facing organizations today. Chasing the 700 types of common weaknesses with scanners and static analysis alone is a losing proposition. Rather than chasing after these vulnerabilities, developers can address almost all of these problems with a set of 10 to 12 strong centralized security controls. To make it easier for developers to establish these controls, the Open Web Application Security Project (OWASP) Enterprise Security API (ESAPI) project has created a clean, intuitive, and open-source set of security controls across the most popular web platforms, including Java, .NET, PHP, Python, Cold Fusion, and ASP.NET. In this talk, Jeff will show you how to create an ESAPI for your organization that will solve the OWASP Top Ten vulnerabilities, increase assurance, and dramatically development and verification cut costs all at the same time.

@@ Line 2: / Line 2: @@
 [[Image:JeffWilliams2.jpg|200px|thumb|right|Jeff Williams]]
-In an enterprise with hundreds or thousands of applications, securing one at a time is too expensive and takes too long. The goal of this session is to identify the strategies that most cost-effectively reduce risk over time. How do we craft an effective application security program using a combination of tools, standard controls, consultants, in-house teams, testers and auditors, and training. How can we manage the cost and risk over time – what metrics have proven to be effective in practice?
+Application security is arguably the most difficult IT challenge facing organizations today. Chasing the 700 types of common weaknesses with scanners and static analysis is a losing proposition. Rather than chasing after these vulnerabilities, developers can address almost all of these problems with a set of 10 to 12 strong centralized security controls. To make it easier for developers to establish these controls, the Open Web Application Security Project (OWASP) Enterprise Security API (ESAPI) project has created a clean, intuitive, and open-source set of security controls across the most popular web platforms, including Java, .NET, PHP, Python, Cold Fusion, and ASP.NET. In this talk, Jeff will show you how to create an ESAPI for your organization that will solve the OWASP Top Ten vulnerabilities, increase assurance, and dramatically development and verification cut costs all at the same time.
 == The speaker ==
-Jeff Williams is the founder and CEO of [http://www.aspectsecurity.com/ Aspect Security], specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the [http://www.owasp.org/ Open Web Application Security Project (OWASP)]. He has made extensive contributions to the application security community through OWASP, including writing the [[topten|Top Ten]], [[WebGoat]], [[legal|Secure Software Contract Annex]], [[ESAPI|Enterprise Security API]], [[OWASP Risk Rating Methodology]], and starting the worldwide [[chapters|local chapters program]]. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.
+Jeff Williams ([[User:Jeff Williams|full bio]]) is the founder and CEO of [http://www.aspectsecurity.com/ Aspect Security], specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the [http://www.owasp.org/ Open Web Application Security Project (OWASP)]. He has made extensive contributions to the application security community through OWASP, including writing the [[topten|Top Ten]], [[WebGoat]], [[legal|Secure Software Contract Annex]], [[ESAPI|Enterprise Security API]], [[OWASP Risk Rating Methodology]], and starting the worldwide [[chapters|local chapters program]]. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.
 [[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]

@@ Line 1: / Line 1: @@
 == The presentation ==
-[[Image:Owasp_logo_normal.jpg|right]]
+[[Image:JeffWilliams2.jpg|200px|thumb|right|Jeff Williams]]
 In an enterprise with hundreds or thousands of applications, securing one at a time is too expensive and takes too long. The goal of this session is to identify the strategies that most cost-effectively reduce risk over time. How do we craft an effective application security program using a combination of tools, standard controls, consultants, in-house teams, testers and auditors, and training. How can we manage the cost and risk over time – what metrics have proven to be effective in practice?

@@ Line 5: / Line 5: @@
 == The speaker ==
-Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). He has made extensive contributions to the application security community through OWASP, including writing the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, OWASP Risk Rating Methodology, and starting the worldwide local chapters program. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.
+Jeff Williams is the founder and CEO of [http://www.aspectsecurity.com/ Aspect Security], specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the [http://www.owasp.org/ Open Web Application Security Project (OWASP)]. He has made extensive contributions to the application security community through OWASP, including writing the [[topten|Top Ten]], [[WebGoat]], [[legal|Secure Software Contract Annex]], [[ESAPI|Enterprise Security API]], [[OWASP Risk Rating Methodology]], and starting the worldwide [[chapters|local chapters program]]. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.
 [[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]

@@ Line 5: / Line 5: @@
 == The speaker ==
-Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security risk management services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). Jeff has made extensive contributions to the application security community through OWASP, including the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, Risk Rating Methodology, several smaller security tools, and the worldwide local chapters program. Jeff has degrees in psychology, computer science, and human factors, and law.
+Jeff Williams is the founder and CEO of Aspect Security, specializing exclusively in application security professional services. Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP). He has made extensive contributions to the application security community through OWASP, including writing the Top Ten, WebGoat, Secure Software Contract Annex, Enterprise Security API, OWASP Risk Rating Methodology, and starting the worldwide local chapters program. If nothing else, Jeff is probably the tallest application security expert in the world and likes nothing better than discussing new ideas for changing the way we build software.
 [[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]