This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Education Presentation
This page provide a commented overview of the OWASP presentations available.
Please use the last line of the tables as template.
Presentions can be tracked through:
- the OWASP Presentations Category
- Past OWASP Conference agenda's
- From the chapter pages
Everybody is encouraged to link the presentations and add their findings on this page ! There are currently hundreds of presentations all over the OWASP web site. If you search google with “site:owasp.org filetype:ppt” there are 166 hits. “site:owasp.org filetype:pdf” returns 76. Feel free to “mine” them and add them to the overview.
OWASP Education Presentations
Title | Comment | Level | Date (2015-07-04) |
---|---|---|---|
Free Developer Training | Developer AppSec Course by Eoin Keary and Jim Manico | Intermediate | 2014-04-04 |
OWASP Overview Winter 2009 | Updated overview of OWASP | Novice | 2009-12-08 |
Programa de Educacion OWASP | Una introduccion a OWASP para Universidades y Centros Educativos por Fabio Cerullo | Novice | 2009-03-20 |
OWASP Educational Programme | An introduction to OWASP for Universities & Educational Institutions by Fabio Cerullo | Novice | 2009-03-20 |
OWASP Overview Summer 2009 | Recent overview of OWASP by Jeff Williams | Novice | 2009-08-25 |
Why WebAppSec Matters | This module explains why security should be considered when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
OWASP Intro 2008 Portuguese | Este módulo é uma intrudução sobre o projeto OWASP. | Novice | 2008-07-06 |
OWASP Top 10 Introduction and Remedies | This module explains the OWASP Top 10 web application vulnerabilities as part of the Education Project | Novice | 2007-11-01 |
Embed within SDLC | This module explains the complete approach of Web Application Security when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
Good Secure Development Practices | This module explains some good secure development practices when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
Testing for Vulnerabilities | This module explains application security testing when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
Good WebAppSec Resources | This module points you to some good web application security resources when developping or deploying web applications as part of the Education Project | Novice | 2007-11-01 |
[[ (https://www.owasp.org/index.php/User_talk:Briechenstein_Software_Studio) | OWASP Education Presentation | Intermediate | 2015-07-04 |
,
OWASP Project Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
OWASP Introduction | OWASP Overview presentation covering OWASP, project parade and OWASP near you. Given by Seba during the Germany 2008 Conference | Novice | 2008-11-25 |
India08 Keynote - Part 1 | OWASP Overview presentation. Part 1 of 2. Given by Dinis and Jason during the India08 Conference | Novice | 2008-08-16 |
India08 Keynote - Part 2 | OWASP Overview presentation. Part 2 of 2. Given by Dinis and Jason during the India08 Conference | Novice | 2008-08-16 |
Tour of OWASP’s projects | Given by Dinis and Jason during the India08 Conference | Novice | 2008-08-16 |
OWASP @ RISK08 (Norway) | OWASP introduction at Norway RISK2008 conference by Seba | Novice | 2008-04-23 |
OWASP NY Keynote by Jeff also available in French | OWASP Overview presentation with slide "OWASP by the numbers" and slide with the sorry state of Tools (at best 45%) which caused some controverse | Novice | 2007-06-12 |
The OWASP Testing Guide (Jeff Williams) | Overview of the OWASP Testing Guide | Novice | 2007-01-23 |
The OWASP Testing Guide v2 EUSecWest07 (Matteo Meucci, Alberto Revelli) | Presentation at EUSecWest07 | Intermediate | 2007-03-01 |
OWASP Project Overview | High level overview of projects and how OWASP works | Novice | 2006-09-19 |
The OWASP Application Security Metrics Project (Bob Austin) | Presentation on the Application Security Metrics project | Novice | 2006-10-17 |
OWASP CLASP Project (Pravir Chandra) | OWASP CLASP project presentation given at the 2006 European AppSec conference | Novice | 2006-05-30 |
Sprajax (Dan Cornell) | OWASP Sprajax presentation given at the 2006 Seattle AppSec conference | Intermediate | 2006-10-17 |
OWASP Conference Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
Mod Security Core Rule Set (Ofer Shezaf) | Ofer Shezaf's presentation on the Core Ruleset for the latest version of ModSecurity presented at 6th OWASP AppSec conference in Milan, Italy, in May 2007. | Intermediate | 2007-05-16 |
OWASP Testing Guide v2.1 (Matteo Meucci) | Matteo Meucci's presentation on the OWASP Testing Guide v2 at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
CLASP (Pravir Chandra) | Pravir Chandra's presentation on the upcoming 2007 update to CLASP presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Advanced Web Hacking (PDP) | PDPs presentation at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
XML Security Gateway Evaluation Criteria (Gunnar Peterson) | Gunnar Peterson's presentation about the new XML Security Gateway Evaluation Criteria project at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Testing Flash Applications (Stephano Di Paolo) | Stephano Di Paolo's presentation on how to test Flash applications presented at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
Overtaking Google Desktop (Yair Amit) | Yair Amit's presentation on XSS Flaws in Google Desktop that can be exploited through google.com presented at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Expert | 2007-05-16 |
ACE Team Application Security from the Core (Simon Roses Femerling) | Simon Roses Femerling's presentation on the Microsoft ACE team's application security process at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Pantera (Simon Roses Femerling) | Simon Roses Femerling's presentation on the new OWASP tool Pantera at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Protecting Web applications from universal PDF XSS (Ivan Ristic) | Ivan Ristic's Universal XSS PDF presentation at 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
Software Security (Rudolph Araujo) | Rudolph Araujo's presentation on Application Security best practices at the 6th OWASP AppSec conference in Milan Italy, May 2007. | Intermediate | 2007-05-16 |
WebGoat v5 (Dave Wichers) | WebGoat v5 presentation by Dave Wichers at the 6th OWASP AppSec Conference in Milan, Italy, May 2007. | Intermediate | 2007-05-16 |
WebScarab NG (Dave Wichers) | Description of the new WebScarab-NG efforts presented by Dave Wichers at the 6th OWASP AppSec conference in Milan, Italy in May 2007. | Intermediate | 2007-05-16 |
SANS SPSA Initiative (Dave Wichers) | Description of the SANS Secure Coding Exam Initiative presented by Dave Wichers at the 6th OWASP AppSec conference in Milan Italy, May 2007. | Novice | 2007-05-16 |
OWASP Italy Activities (Raoul Chiesa) | Raoul Chiesa's keynote for day 2 of the 6th OWASP AppSec conference on the state of application security in Italy including OWASP's activities in that country. | Novice | 2007-05-16 |
Security engineering in Vista (Alex Lucas) | Alex Lucas' from Microsoft's keynote presentation for Day 1 of the 6th OWASP AppSec conference in Milan on the benefits of Microsoft's SDL to the security of Vista. | Intermediate | 2007-05-16 |
How the Security Development Lifecycle(SDL) Improved Windows Vista (Michael Howard) | Michael Howard's talk on SDL from the OWASP Seattle AppSec Conference in 2006 | Intermediate | 2006-10-18 |
Bootstrapping the Application Assurance Process (Sebastien Deleersnyder) | Presentation given during the European 2006 AppSec conference on the application assurance process | Novice | 2006-05-30 |
Inline Approach for Secure SOAP Requests and Early Validation (Mohammad Ashiqur Rahaman, Maartin Rits and Andreas Schaad SAP Research, Sophia Antipolis, France) | Presentation given at the European 2006 AppSec conference about security and soap message structure issues | Intermediate | 2006-05-31 |
Web Application Firewalls:When Are They Useful? (Ivan Ristic) | Presentation about Web Application Firewalls | Novice | 2006-05-31 |
HTTP Message Splitting, Smuggling and Other Animals (Amit Klein) | A presentation about Message splitting other attacks around the HTTP protocol | Intermediate | 2006-05-31 |
Web Application Incident Response & Forensics: A Whole New Ball Game! (Rohyt Belani & Chuck Willis) | Talk about Web Application Security incident handling and forensics given at the OWASP 2006 Seattle AppSec conference | Intermediate | 2006-10-18 |
Can (Automated) Testing Tools Really Find the OWASP Top 10? (Erwin Geirnaert) | A talk about how automated testing tools stack up against the OWASP top 10 | Intermediate | 2006-05-30 |
RequestRodeo: Client Side Protection against Session Riding (Martin Johns / Justus Winter) | Presentation given about how Sessions can be hi-jacked, etc... | Novice | 2006-05-31 |
Security Testing through Automated Software Tests (Stephen de Vries) | Presentation given at the 2006 EuSec conference | Intermediate | 2006-05-31 |
In the Line of Fire: Defending Highly Visible Targets (Jeremy Poteet) | Conference given at the 2005 DC AppSec conference | Novice | 2005-10-1 |
Google Hacking and Web Application Worms (Matt Fisher) | Talk given at the 2005 DC AppSec conference | Novice | 2005-10-01 |
Establishing an Enterprise Application Security Program (Tony Canike) | Talk given at the 2005 DC AppSec Conference | Novice | 2005-10-01 |
Why AJAX Applications Are Far More Likely To Be Insecure (And What To Do About It) (Dave Wichers) | Dave's talk on AJAX given at the Seattle 2006 AppSec conference | Intermediate | 2006-10-01 |
[[ (https://www.owasp.org/index.php/User_talk:Briechenstein_Software_Studio) | Security Analyst | Intermediate | 2015-07-04 |
Web Application Security Presentations
Title | Comment | Level | Date (yyyy-mm-dd) |
---|---|---|---|
Universal PDF XSS by Ivan Ristic | Protecting Web Applications from Universal PDF XSS | Intermediate | 2007-06-28 |
Identity Management Basics (Derek Brown) | Identity Management Basics | Novice | 2007-05-09 |
[Advanced SQL Injection (Victor Chapela) | Detailed methodology for analyzing applications for SQL injection vulnerabilities | Expert | 2005-11-04 |
[Advanced Topics on SQL Injection Protection (Sam NG) | 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. | Intermediate | 2006-02-27 |
[Attacking Web Services (Alex Stamos) | Web Services Introduction and Attacks | Intermediate | 2005-10-11 |
MMS Spoofing (Matteo Meucci) | A Case-study of a vulnerable web application | Intermediate | |
Ajax Security (Andrew van der Stock) | Presentation on Ajax security for OWASP AppSec Europe 2006 | Intermediate | 2006-05-30 |
Advanced Web Services Security & Hacking (Justin Derry) | Presentation given on Webservice security at the Seattle 2006 AppSec conference | Intermediate | 2006-10-18 |
Integration into the SDLC (Eoin Keary) | A presentation about why and how to integrate the SDLC. | Novice | 2005-04-09 |
[[ (https://www.owasp.org/index.php/User_talk:Briechenstein_Software_Studio | Intermediate | 2015-07-04 |
Chapter Presentations
Title | Comment | Level | Month (Mon-yyyy) | Chapter |
---|---|---|---|---|
Common Application Flaws (Brett Moore) | OWASP New Zealand chapter presentation on Common Application Flaws | Novice/Intermediate | November 2008 | New Zealand |
Time Based SQL Injections (Muhaimin Dzulfakar) | OWASP New Zealand chapter presentation on Time Based SQL Injections | Intermediate | September 2008 | New Zealand |
Browser Security (Roberto Suggi Liverani) | OWASP New Zealand chapter presentation on Browser Security | Intermediate | September 2008 | New Zealand |
7/7/2008 SQL Injection (Columbus, OH) | SQL Injection Presentation given at the Columbus, OH OWASP Chapter Meeting. Powerpoint, derby DB, and applicable java code. | Novice / Intermediate | July 2008 | Columbus |
Detecting Web Application Vulnerabilities Using Open Source Means (Konstantinos Papapanagiotou) | OWASP Greek Chapter presentation given at the Open Source Software (FLOSS) Conference in Athens | Novice | May 2008 | Greece |
Hacking The World With Flash (Paul Craig) | OWASP New Zealand chapter presentation on Flash security | Intermediate | April 2008 | New Zealand |
Web Spam Techniques (Roberto Suggi Liverani) | OWASP New Zealand chapter presentation on Web Spam Techniques | Intermediate | April 2008 | New Zealand |
Xpath Injection Overview (Roberto Suggi Liverani) | OWASP New Zealand chapter presentation on Xpath Injection | Intermediate | February 2008 | New Zealand |
Dependability for Java Mobile Code (Pierre Parrend) | OWASP Swiss chapter presentation on Mobile Java Security | Expert | July 2007 | Switzerland |
Trust, Security and Usability (Roger Carhuatocto) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Tratamiento seguro de datos en aplicaciones in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Ataques DoS en aplicaciones Web (Jaime Blasco Bermejo) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Seguridad en entornos financierosPedro (Pedro Sánchez) in Spanish | OWASP Spain chapter meeting (July'07) | Intermediate | July 2007 | Spain |
Brian Chess from Fortify shared what's going on with the Java Open Source review project at the June NoVA OWASP meeting | Java Open Review | Intermediate | June 2007 | Virginia (Northern Virginia) |
Brian Chess from Fortify, presentation to NoVA OWASP chapter in June 2007. | Bytecode injection | Expert | June 2007 | Virginia (Northern Virginia) |
Security at the VMM Layer by Ted Winograd | Security at the VMM Layer | Expert | June 2007 | Virginia (Northern Virginia) |
Evaluating and Tuning Web Application Firewalls (Barry Archer) | Presentation given at Kansas City June 2007 chapter meeting | Intermediate | June 2007 | Kansas City |
Microsoft Security Development Lifecycle for IT (Rob Labbé) | Presentation by Rob Labbe at Ottawa OWASP Chapter | Novice | May 2007 | Ottawa |
Application Denial of Service (Shaayy Cheen) | Is it Really That Easy? Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Fuzzing in Microsoft and FuzzGuru framework (John Neystadt) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Application Security, not just development (David Lewis) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Overtaking Google Desktop, Leveraging XSS to Raise Havoc (Yair Amit) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Unregister Attack in SIP (Anat Bremler-Barr, Ronit Halachmi-Bekel and Jussi Kangasharju) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
Positive Security Model for Web Applications, Challenges and Promise (Ofer Shezaf) | Presentation given at the Israel Mini Conference in May 2007 | Intermediate | May 2007 | Israel |
.NET Reverse Engineering (Erez Metula) | Presentation given at the Israel Mini Conference in May 2007 | Expert | May 2007 | Israel |
OWASP introduction (Ofer Shezaf) | 2nd OWASP IL mini conference at the Interdisciplinary Center (IDC) Herzliya | Intermediate | May 2007 | Israel |
Update on Internet Attack Statistics for Belgium in 2006 by Hilar Leoste (Zone-H) | Update on Internet Attack Statistics for Belgium in 2006 | Novice | May 2007 | Belgium |
Securing Web Services using XML Security Gateways by Tim Bond | Securing Web Services using XML Security Gateways | Intermediate | May 2007 | Virginia (Northern Virginia) |
Software Assurance in the Acquisition Process by Stan Wisseman | Software Assurance in the Acquisition Process | Intermediate | May 2007 | Virginia (Northern Virginia) |
Legal Aspects of (Web) Application Security by Jos Dumortier | Legal Aspects of (Web) Application Security | Intermediate | May 2007 | Belgium |
AppSec Research (University Leuven Belgium) | Formal absence of implementation bugs in web applications: a case study on indirect data sharing by Lieven Desmet | Expert | May 2007 | Belgium |
A Scanner Sparkly | A Scanner Sparkly, taken from the Phoenix OWASP presentations on Application Security Tools, May 2007 | Intermediate | May 2007 | Phoenix |
Grey Box Assessment Lessons Learned | "Grey Box Assessment Lessons Learned", taken from the Phoenix OWASP presentations, Application Security Tools, May 2007 | Intermediate | May 2007 | Phoenix |
OWASP Update and OWASP BeLux Board Presentation (Seba) | OWASP Update and OWASP BeLux Board Presentation | Novice | May 2007 | Belgium |
Metics- What can we measure (Zed Abbadi) | 19 April NoVa chapter meeting presentation on Security Metrics | Novice | April 2007 | Virginia (Northern Virginia) |
Web Services Hacking and Hardening (Adam Vincent) | 3/8/07 NoVA chapter meeting, Adam Vincent from Layer7 | Expert | March 2007 | Virginia (Northern Virginia) |
OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
XSS Worms (Sven Vetsch) | XSS Worms | Intermediate | Feb 2007 | Switzerland |
OWASP Update (Seba) | OWASP Update | Novice | Jan 2007 | Belgium |
WebGoat and Pantera presentation (Philippe Bogaerts) | WebGoat and Pantera presentation | Novice | Jan 2007 | Belgium |
Security implications of AOP for secure software (Bart De Win) | Security implications of AOP for secure software | Expert | Jan 2007 | Belgium |
testing for common security flaws (David Byrne) | testing for common security flaws | Intermediate | Nov 2006 | Denver |
40-ish slides on analyzing threats (Olli) | Analyzing Threats | Novice | Dec 2006 | Helsinki |
Attacking the Application (Dave Ferguson) | Vulnerabilities, attacks and coding suggestions | Intermediate | Dec 2006 | Kansas City |
Ajax Security Concerns (Rohini Sulatycki) | Ajax Security Concerns | Intermediate | Dec 2006 | Kansas City |
Anatomy of 2 Web Application Testing (Matteo Meucci) | Anatomy of 2 Web Application Testing | Intermediate | Mar 2006 | Italy |
Testing From the Cloud: Is the Sky Falling? | WTE Cloud-based Testing | Intermediate | Feb 2012 | Austin |
(https://www.owasp.org/index.php/User_talk:Briechenstein_Software_Studio) | Open Web application Security Project | Intermediate | 2015-07-04 |
Chapter 4 Specification Language This formal specification by language example presents cybersecurity studies (of over 10 projects) of how successful OWASP educational presentations test develop design and deliver cybersecurity software efficiently supporting formal methods as mathematically based techniquesthat are needed to assist in the design and implementation of reliable cybersecurity software. Specification by language example is a must read for anyone serious about delivering translated cybersecurity language software that matters It is the result of a research on how teams internationally specify test develop design and deliver the right cybersecurity software without defects in very short computational delivery cycles With cybersecurity case studies and real examples this presentation helps you understand how successful teams implement mathematical cybersecurity by example denoting acceptable testing and behavior driven development to bridge the communication gap between committees stakeholders and contributing teams build quality into cybersecurity from the start by testing developing designing and delivering supported languagfor syntax highlighting purposes It presents the collective knowledge of about 50 cybersecurity projects ranging from high traffic websites to virtual back office cybersecurity systems implemented by teams as diverse as small startups to groups spread across different continents working in a range of processes including Extreme programming Kanban Scrum and similar processes often bundled together under the names Lean and Agile This protocol is for testers software developers business analysts and project managers working on Syntax and Agile projects or teams moving to an Agile development method that want to improve quality reduce correction of defective cybersecurity software and collaborate better with the OWASP committee. Smith
For the last past decade computer systems have become increasingly more powerful as a result becoming more impactful to society Established engineering disciplines use mathematical analysis as the foundation of creating and validating product design Formal language specifications are one im such a way for achievement in software engineering as reliability once predicted Other methods such as testing are more commonly used to enhance code quality Usability given as such a specification it is possible to use formal verification techniques to demonstrate that a system design is correct with respect to its specification This allows incorrect system designs to be revised before any major investments have been made into an actual implementation Another approach is to use provably correct refinement steps to transform a specification into a design which is ultimately transformed into an implementation that is correct by construction.
Limitations A design (or implementation) cannot ever be declared “correct” on its own. It can only ever be “corrected with respect to a given specification Whether the formal specification correctly describes the problem to be solved is a separate issue It is also a difficult issue to address since it ultimately concerns the problem constructing abstracted formal representations of an informal concrete problem domain and such an abstraction step is not amenable to formal proof. However, it is possible to validate a specification by proving “challenge” theorems concerning properties that the specification is expected to exhibit.o_O If correct Olloclip In these theorems reinforce the specifier's understanding of the specification and its relationship with the underlying problem domain If not the specification probably needs to be changed to better reflect the domain understanding of those involved with producing (and implementing) the specification.
Formal specification techniques have existed in various domains and on various scales for quite some time Implementations of formal specifications will differ depending on what kind of system they are attempting to model how they are applied and at what point in the software life cycle they have been introduced These types of models can be categorized into the following specification paradigms:
behavior based system histories assertions are interpreted over time State-based Specification behavior based on system states series of sequential steps (e.g. a financial transaction) languages such as Z, VDM or B rely on this paradigm+ Transition-based specification behavior based on transitions from state-to-state of the system best used with a reactive system languages such as Statecharts PROMELA STeP-SPL RSML or SCR rely on this paradigm Functional specification specify a system as a structure of mathematical functions OBJ, ASL, PLUSS, LARCH, HOL or PVS rely on this paradigm Operational Specification early languages such as Paisley GIST Petri nets or process algebras rely on this paradigm In addition to the above paradigms there are ways to apply certain heuristics to help improve the creation of these specifications The protocol referenced here best discusses heuristics to use when designing a specification.Heuristics= a rule or method that helps you solve problems faster than you would if you did all the computing
Resources: Algebraic specification= Providing a mathematical software engineering technique
Best Wishes, Brenda Smith [email protected] |