This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Turkey"
Line 21: | Line 21: | ||
Q1. | Q1. | ||
What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? | What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)? | ||
+ | |||
A1. | A1. | ||
During the meeting an effort was made to clarify the meaning of the privacy; | During the meeting an effort was made to clarify the meaning of the privacy; | ||
Line 34: | Line 35: | ||
Q2. | Q2. | ||
Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it? | Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it? | ||
+ | |||
A2. | A2. | ||
About a law stating to protect the information, most of the participants agreed that a law is a necessity. | About a law stating to protect the information, most of the participants agreed that a law is a necessity. | ||
Line 47: | Line 49: | ||
Q3. | Q3. | ||
Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy? | Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy? | ||
+ | |||
A3. | A3. | ||
As a first step there should be an "agreement page" presented to the user by the application side. | As a first step there should be an "agreement page" presented to the user by the application side. | ||
Line 57: | Line 60: | ||
Q4. | Q4. | ||
What should OWASP be focusing on? | What should OWASP be focusing on? | ||
+ | |||
A4. | A4. | ||
As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui | As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui | ||
Line 63: | Line 67: | ||
Q5. | Q5. | ||
What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects) | What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects) | ||
+ | |||
A5. | A5. | ||
Some suggestions; | Some suggestions; | ||
Line 71: | Line 76: | ||
Q6. | Q6. | ||
Should OWASP organize such 'OWASP Weeks' every quarter? | Should OWASP organize such 'OWASP Weeks' every quarter? | ||
+ | |||
A6. | A6. | ||
OWASP should organize these events every 6 months or so :) | OWASP should organize these events every 6 months or so :) |
Revision as of 13:18, 11 September 2007
- 1 OWASP Turkey
- 2 Participation
- 3 Sponsorship/Membership
- 4 Local News
- 5 Sponsors
- 6 Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007)
- 7 Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007)
- 8 Last Event - 1st Web Security Days - July 14 (Turkey 2007)
- 9 Last Meetings
OWASP Turkey
Welcome to the Turkey chapter homepage. The chapter leader is Bunyamin Demir, Ferruh Mavituna
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Local News
Ceviri projesine yardim etmek isteyen arkadaslar lutfen iletisime geciniz.
Sponsors
Artifacts - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007)
Presentations:
- OWASP2007_KamudaPrivacy.ppt
- Secure Web Application Development (available upon retrevial)
Discussion Answers:
Q1. What is the current state of Privacy on Web Application Security? Does it really matter? Is privacy what will drive radical changes in web application's security (ala PCI)?
A1. During the meeting an effort was made to clarify the meaning of the privacy;
- what are the key items that builds up to "privacy"? - are we talking about the privacy of real people or should we also include the privacy of legal entities? - is there really a solid line (or even a vague line) between confidentiality and privacy?
We defined privacy as confidentiality of the data; be it of a real person or a legal entity. But the key part is that privacy is "the ability to control the flow of one's own data". And which brings another corner stone when defining privacy: "need to know". Privacy is directly related to an individual or an organization. Confidentiality, however, is directly related to "information"... Privacy is a "result" and confidentiality is a tenet or a security mechanism.
Enough of these convulsions; The answer to the first question was a definite "YES". Participants were all agreed that "privacy" plays and will play the most important role in web security and its future.
Q2. Application side: what the data owner should be doing to protect the user's privacy? Should there be a law that states how to protect this information? What can we do to improve it?
A2. About a law stating to protect the information, most of the participants agreed that a law is a necessity. But, maybe, more important thing is to raise the awareness of the customers. Here we also had a discussion on the current status of the law on privacy? There are mainly three documents/places on privacy in Turkish law;
* a directive on privacy in telecommunications, which happened to be inadequate (an assertion of a lawyer) * a draft law on privacy from Department of Justice, which is still in process of approval * a recent (May 2007) law on siber crimes which happens to be similiar to the "Directive 2006/24/EC of the European Parliament and of the Council" on the data retention. This law, however, still needs a few directives, which are about to published.
Q3. Client side: what is the client's perception of privacy? How can a user trust a site about his own data treatment? Is the client nowadays safeguarded about a possible loss of privacy?
A3. As a first step there should be an "agreement page" presented to the user by the application side. This wouldn't be enough so there should be regular inspection (a third eye) on these services. About "is the client nowadays safeguarded about a possible loss of privacy?" question, the answer was a definite "NO". Especially with the banks. Yes, there are a few cases of trials where the courts dictated a bank to compansate the loss of victim, however, mostly this is not the case. Even there is a domain serving, founded by the victims of online banking crimes in Turkey.
Q4. What should OWASP be focusing on?
A4. As a suggestion, OWASP may provide a "web security tips" page, which can include a searchable gui on small programming tips to avoid security holes in web applications.
Q5. What would OWASP spend it's grant money? (note that new OWASP members can allocate some or all of their membership fees to specific projects)
A5. Some suggestions; . Printed booklets of Guide and Testing Guide. . OWASP CD with shiny labels . I'm afraid to say t-shirts
Q6. Should OWASP organize such 'OWASP Weeks' every quarter?
A6. OWASP should organize these events every 6 months or so :)
Next Event - OWASP DAY: on the topic of "Privacy in the 21st Century" - September 8 (Turkey 2007)
As a part of the Global Security Week, OWASP Turkey chapter will be holding a humble meeting on Saturday, 8 September 2007. Less technical and time taking compared to last event (Web Security Days) we will be focusing on the current snapshot of the privacy related issues in the govermental/quasi-governmental and private institutions of Turkey.
Here's the "still in process" agenda:
- 14:00 - 14:10 Prelude. Introduction of OWASP DAY and OWASP Turkey projects
A small introduction to OWASP Day meeting and its goals, plus explanation of some of the lightweight projects of OWASP Turkey.
Bedirhan URGUN, Bunyamin Demir
- 14:20 - 14:50 Privacy in Governmental Insitutions - A Current State Analysis
Presentation will discuss the understanding of the privacy concept settled in governmental institutions and deliberate on general information security problems related with privacy issues.
Getting off with general privacy problems, in specific, information about the privacy issues related to web applications will be given. Moreover, concrete suggestions on providing a solid privacy in these institutions will be presented.
Hayrettin BAHŞİ Chief Researcher CC Lab-UEKAE TUBITAK
- 15:00 - 15:50 Secure Web Application Development
Korhan Gurler Researcher PRO-G
- 15:00 - 16:00 A Panel on Privacy in Turkey
OWASP-Turkey Members
Last Event - 1st Web Security Days - July 14 (Turkey 2007)
First of the Web Security Days has been realized by Owasp-Turkey chapter on 14th of July 2007 in İstanbul. With a ~70 registered attendees, it was great to have a pack of web security oriented people for a five hours of mostly technical presentations.
Last Meetings
Sunday 6 May 2007
Time: 11:15-12:30
Address to the meeting are:
Middle East Technical University
Ankara-Turkey
Presentation
Web Application Security with ModSecurity and OWASP