This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Presentations"

From OWASP
Jump to: navigation, search
(Submitting a Presentation)
 
(25 intermediate revisions by 8 users not shown)
Line 1: Line 1:
== Modelo de Auditoría de sistemas:  ==
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 +
= Welcome to the OWASP Presentations Program =
  
Éste es un modelo universal para securizar en un alto grado de seguridad al sistema operativo.  
+
In an effort to promote more in-depth work in application security, the OWASP Presentations program is always accepting presentation submissions. Presentations submitted to the OWASP Presentations program will be reviewed by a team of senior application security experts. These reviewers will provide constructive feedback on submissions in the hopes of achieving a publishable quality paper. Papers that are approved by the review team will be published on the OWASP website and will be candidates for presentation at the next OWASP AppSec conference.
  
#Sistema de cifrado congelado: Mantiene en secreto la ubicación del archivo del sistema, previniendo ataques de tipo monitoreo de redes.
+
== Submitting a Presentation ==
#OpenVAS: Línea de comandos para cifrar- descifrar el protocolo TCP/Ip
 
#Filtro Web: Previene intrusiones a través de puertos inseguros
 
#Clam Antivirus: Previene, detecta y corrige virus informático
 
  
<br>
+
To submit a presentation, please use the templates bellow for presentations. You can create a wiki account and upload it yourself or contact your local chapter leader.  For more information [https://owasporg.atlassian.net/servicedesk/customer/portal/7/group/18/create/72 Contact Us]
  
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
== OWASP Presentation Template  ==
|-
+
 
| Clam Antivirus
+
[https://www.owasp.org/images/3/3f/PPT_2015_Toolbox.zip 2015 PPT Template Toolbox] (file size: 4.09 MB, MIME type: application/zip) - optimized for 16:9 screen resolution (HDTV, widescreen)<br />
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
[https://www.owasp.org/images/5/5d/PPT_2013_Toolbox.zip 2013 PPT Template Toolbox] (file size: 1.38 MB, MIME type: application/zip) - optimized for 4:3 screen resolution (standard TV)<br />
 +
[[Media:OWASP_Presentatiion_Template.zip | 2012 OWASP Presentation template]] (file size: 4.28 MB, MIME type: application/zip) - Microsoft PowerPoint, Keynote and Open Office format for 4:3 screen resolution
 +
 
 +
===PowerPoint 1===
 +
{|
 
|-
 
|-
| Filtro Web
+
! width="500" align="center" | <br>
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
! width="300" align="center" | <br>
 
|-
 
|-
| OpenVAS
+
| align="center" |
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
[[File:Owasp ppt 1 page1 image1.jpg|650px]]
|-
+
[https://www.owasp.org/images/0/06/Owasp_ppt_1.pdf PDF]
| Sistema de Cifrado Congelado
+
| align="center" |  
|}
 
  
 
|}
 
|}
  
|}
+
===PowerPoint 2===
 +
{|
 +
|-
 +
! width="500" align="center" | <br>
 +
! width="300" align="center" | <br>
 +
|-
 +
| align="center" |
 +
[[File:Owasp ppt 2 page1 image1.jpg|650px]]
 +
[https://www.owasp.org/images/0/02/Owasp_ppt_2.pdf PDF]
 +
| align="center" |  
  
 
|}
 
|}
  
== Descripción softwares de auditoría  ==
 
  
*El sistema de cifrado http://truecrypt.org cifra el núcleo del sistema operativo y los discos lógicos impidiendo ataques espía.
+
===PowerPoint 3===
 +
{|
 +
|-
 +
! width="500" align="center" | <br>
 +
! width="300" align="center" | <br>
 +
|-
 +
| align="center" |
 +
[[File:Owasp ppt 3 page1 image1.jpg|650px]]
 +
[https://www.owasp.org/images/e/e2/Owasp_ppt_3.pdf PDF]
 +
| align="center" |
  
*Los comandos shell http://openvas.org sirven para analizar protocolos de red, detección de virus y cifrado del protocolo IpV4-6
+
|}
 
 
*El filtro web http://freenetproject.org es una técnica que reemplaza al Firewall, discriminando puertos inseguros, ahorrando tiempo de procesamiento en el núcleo del sistema.
 
 
 
*Clamwin.com es un software de código abierto, no usa computación en la nube y tiene una GUI que detecta virus en línea http://sourceforge.net/projects/clamsentinel
 
 
 
== Macroinformática  ==
 
 
 
La macroinformática comprende eficiencia, seguridad y naturaleza. La eficacia de un sistema operativo se mide por la interacción hombre-máquina, sintetizando aplicaciones minimalistas y ejecutándolas nuestro sistema operativo procesará los datos eficientemente, ejemplos:
 
 
 
*Transmisión cifrada: Cliente e-mail con GnuPG
 
 
 
http://fellowship.fsfe.org
 
 
 
*Sistema de cifrado: Cifra y descifra texto plano, imágenes, etc..
 
 
 
#ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe
 
#http://cryptophane.googlecode.com/files/cryptophane-0.7.0.exe
 
 
 
*Ruby: Lenguaje de programación experimental
 
 
 
http://ruby-lang.org
 
 
 
*J2re1.3.1_20: Ejecutable de objetos interactivos o applets
 
 
 
http://java.sun.com/products/archive/j2se/1.3.1_20/index.html
 
 
 
*Escritorio: Gestor de ventanas X11
 
 
 
http://windowmaker.info
 
 
 
*Gnuzilla: Navegador seguro y de uso libre
 
 
 
http://code.google.com/p/iceweaselwindows/downloads/list
 
 
 
*Gnupdf: Visor de formato de texto universal pdf
 
 
 
http://blog.kowalczyk.info/software/sumatrapdf
 
 
 
*Gnuflash: Jugador alternativo a flash player
 
 
 
http://gnu.org/software/gnash
 
 
 
*Zinf: Reproductor de audio
 
 
 
http://zinf.org
 
 
 
*Informática forense: Análisis de datos ocultos en el disco duro
 
 
 
http://sleuthkit.org
 
 
 
*Compresor: Comprime datos sobreescribiendo bytes repetidos
 
 
 
http://peazip.sourceforge.net
 
 
 
*Ftp: Gestor de descarga de archivos
 
 
 
http://dfast.sourceforge.net
 
 
 
*AntiKeylogger: Neutraliza el seguimiento de escritorios remotos (Monitoring)
 
 
 
http://psmantikeyloger.sourceforge.net
 
 
 
*Password manager: Gestión de contraseñas
 
 
 
http://passwordsafe.sourceforge.net
 
 
 
*Limpiador de disco: Borra archivos innecesrios del sistema
 
 
 
http://bleachbit.sourceforge.net
 
 
 
*Desfragmentador: Reordena los archivos del disco duro, generando espacio virtual
 
 
 
http://kessels.com/jkdefrag
 
 
 
*X11: Gestor de ventanas, reemplazo de escritorio Xwindow's
 
 
 
http://bb4win.org
 
 
 
*Open Hardware: Hardware construído por la comunidad Linux
 
 
 
http://open-pc.com
 
 
 
*Open WRT: Firmware libre para configurar transmisión de Internet
 
  
http://openwrt.org
+
= OWASP Education Presentation Guidelines =
 +
Some guidelines:
 +
* Use any of the templates from the PPT templates listed above
 +
* Provide a summary next to the slides
 +
* Add a descriptive summary and expectations on knowledge
 +
* Only include necessary data
 +
* Slide contents should be self evident
 +
* One slide should cover only one specific topic, avoid overly dense slides
 +
* Max seven words per line, seven lines per slide
 +
* Present information graphically: an image can say more than thousand words
 +
* Don't use all capital letters
 +
* limit your presentation to less than 50 slides - better less than 30 slides (a good presentation will be max. 90 minutes and typical time per slide is 2 minutes). If you need more, split the presentation in parts.
 +
* Support each slide with notes (the part below the slide in PowerPoint). These notes should provide the presenter with enough material (including references) to prepare the presentation without much extra research.
  
*Gnu- Linux: Sistema operativo universal
+
= Recent Papers =
  
http://gnewsense.org
+
<!--
 +
; [http://link Title] (Author)
 +
: Brief description
 +
-->
  
== Biocriptoseguridad ==: Es la unión de la biología, criptografía y hacking ético para formar una defensa stándar contra virus complejos.  
+
;[https://www.owasp.org/images/c/c4/APPSEC2013-Welcome.pptx AppSec 2013 Welcome]
 +
: The slides used for the welcoming at AppSec USA 2013 in NYC.
  
Implementación de la biocriptoseguridad informática:  
+
;[https://www.owasp.org/images/f/f5/BELNET_Belgium_Presentation_-_Why_hackers_dont_care_about_your_firewall_-_seba.pptx Why Hackers Don't Care About Your Firewall] (Seba Deleersnyer)
 +
: Presentation done at Belnet conference 2011 in Belgium by Seba. While network and ICT infrastructure are important, the current risks have evolved beyond perimeter security. Hackers are attacking the weak spots and going after the easy targets, such as the holes in browsers and vulnerable applications. This presentation will explain the OWASP Top Ten with real life examples; it provides a powerful awareness tool for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.
  
#Amplificar la banda ancha
 
#Optimizar (limpiar- modificar) el sistema operativo
 
#Desfragmentar los discos lógicos
 
#Ocultar el sistema operativo
 
#Configurar antivirus
 
#Limpiar y desfragmentar
 
#Congelar
 
  
*Sistema inmune._ Defensa biológica natural contra infecciones como virus http://immunet.com
+
=2001 to 2009 Papers=
 +
; [http://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt Advanced SQL Injection] (Victor Chapela)
 +
: Detailed methodology for analyzing applications for SQL injection vulnerabilities.
  
*Criptografía._ Método de escritura oculta por caractes, números y letras:—{H}/gJa¢K¡Ng÷752%\*)A>¡#(W|a— http://diskcryptor.net
+
;[https://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt Advanced SQL Injection] (Eric Sheridan)
 +
: 2006
  
*Hacking ético._ Auditoría de sistemas informáticos que preserva la integridad de los datos.
+
;[https://www.owasp.org/images/7/7d/Advanced_Topics_on_SQL_Injection_Protection.ppt Advanced Topics on SQL Injection Protection]
 +
: 7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. From 2006.
  
Congelador: Mantiene el equilibrio en la integridad de los datos, el sistema operativo, red , memoria ram, ciclos de CPU, espacio en disco duro e incidencias de malware
+
;[https://www.owasp.org/images/8/89/AppSec2005DC-Alex_Smolen-OWASP_WebServices_Project.ppt OWASP Web Services Project] (Alex Smolen)
 +
: AppSec DC 2005
  
*http://code.google.com/p/hzr312001/downloads/detail?name=Deep%20systemze%20Standard%20Version%206.51.020.2725.rar&amp;can=2&amp;q= (para Window's)  
+
;[https://www.owasp.org/images/d/d1/AppSec2005DC-Alex_Stamos-Attacking_Web_Services.ppt Attacking Web Services] (Alex Stamos)
*http://sourceforge.net/projects/lethe (para GNU/Linux)
+
: AppSec DC 2005
  
<br>Auditoría de virus cifrado._ Un criptovirus se oculta tras un algoritmo de criptografía, generalmente es híbrido simétrico-asimétrico con una extensión de 1700bit's, burla los escáneres antivirus con la aleatoriedad de cifrado, facilitando la expansión de las botnet's. La solución es crear un sistema operativo transparente, anonimizarlo y usar herramientas de cifrado stándar de uso libre:  
+
;[https://www.owasp.org/images/0/05/AppSec2005DC-Anthony_Canike-Enterprise_AppSec_Program.ppt Enterprise AppSec Program] (Anthony Canike)
 +
: AppSec DC 2005
  
*Gnupg: Sirve para cifrar mensajes de correo electrónico http://gpg4win.org/download.html
+
;[https://www.owasp.org/images/c/ca/AppSec2005DC-Dan_Cuthbert-Evolution_of_App_Pen_Testing.ppt Evolution of App Pen Testing] (Dan Cuthbert)
 +
: AppSec DC 2005
  
*Open Secure Shell: Ofuscador TcpIp, protege el túnel de comunicación digital cifrando la Ip. http://openvas.org
+
;[https://www.owasp.org/images/5/5c/AppSec2005DC-Danny_Allan-Identity_Theft_Phishing_and_Pharming.ppt Identity Theft, Phishing and Pharming] (Danny Allan)
 +
: AppSec DC 2005
  
*Red protegida: DNS libre http://namespace.org/switch
 
  
*Criptosistema simétrico: Encapsula el disco duro, incluyendo el sistema operativo,usando algoritmo Twofish http://truecrypt.org/downloads.php
 
  
*Proxy cifrado: Autenticación de usuario anónimo http://torproject.org
+
<headertabs / >
  
Energías renovables._ Son energías adquiridas por medios naturales: hidrógeno, aire, sol que disminuyen la toxicidad de las emisiones de Co2 en el medio ambiente, impulsando políticas ecologistas contribuímos a preservar el ecosistema. Ejm: Usando paneles solares fotovoltaicos.
+
----

Latest revision as of 04:13, 15 March 2019

OWASP Project Header.jpg

Welcome to the OWASP Presentations Program

In an effort to promote more in-depth work in application security, the OWASP Presentations program is always accepting presentation submissions. Presentations submitted to the OWASP Presentations program will be reviewed by a team of senior application security experts. These reviewers will provide constructive feedback on submissions in the hopes of achieving a publishable quality paper. Papers that are approved by the review team will be published on the OWASP website and will be candidates for presentation at the next OWASP AppSec conference.

Submitting a Presentation

To submit a presentation, please use the templates bellow for presentations. You can create a wiki account and upload it yourself or contact your local chapter leader. For more information Contact Us

OWASP Presentation Template

2015 PPT Template Toolbox (file size: 4.09 MB, MIME type: application/zip) - optimized for 16:9 screen resolution (HDTV, widescreen)
2013 PPT Template Toolbox (file size: 1.38 MB, MIME type: application/zip) - optimized for 4:3 screen resolution (standard TV)
2012 OWASP Presentation template (file size: 4.28 MB, MIME type: application/zip) - Microsoft PowerPoint, Keynote and Open Office format for 4:3 screen resolution

PowerPoint 1

Owasp ppt 1 page1 image1.jpg PDF

PowerPoint 2

Owasp ppt 2 page1 image1.jpg PDF


PowerPoint 3

Owasp ppt 3 page1 image1.jpg PDF

OWASP Education Presentation Guidelines

Some guidelines:

  • Use any of the templates from the PPT templates listed above
  • Provide a summary next to the slides
  • Add a descriptive summary and expectations on knowledge
  • Only include necessary data
  • Slide contents should be self evident
  • One slide should cover only one specific topic, avoid overly dense slides
  • Max seven words per line, seven lines per slide
  • Present information graphically: an image can say more than thousand words
  • Don't use all capital letters
  • limit your presentation to less than 50 slides - better less than 30 slides (a good presentation will be max. 90 minutes and typical time per slide is 2 minutes). If you need more, split the presentation in parts.
  • Support each slide with notes (the part below the slide in PowerPoint). These notes should provide the presenter with enough material (including references) to prepare the presentation without much extra research.

Recent Papers

AppSec 2013 Welcome
The slides used for the welcoming at AppSec USA 2013 in NYC.
Why Hackers Don't Care About Your Firewall (Seba Deleersnyer)
Presentation done at Belnet conference 2011 in Belgium by Seba. While network and ICT infrastructure are important, the current risks have evolved beyond perimeter security. Hackers are attacking the weak spots and going after the easy targets, such as the holes in browsers and vulnerable applications. This presentation will explain the OWASP Top Ten with real life examples; it provides a powerful awareness tool for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.


2001 to 2009 Papers

Advanced SQL Injection (Victor Chapela)
Detailed methodology for analyzing applications for SQL injection vulnerabilities.
Advanced SQL Injection (Eric Sheridan)
2006
Advanced Topics on SQL Injection Protection
7 methods to prevent SQL injection attacks correctly and in a more integrated approach. Methods 1 to 3 are applicable during design or development life cycle. Method 4 is mainly from QA’s perspective. Methods 5 and 6 can be applied to production environment and are applicable even if you do not have access to or if you cannot change the source code. Other non-main stream technology are discussed in Method 7. From 2006.
OWASP Web Services Project (Alex Smolen)
AppSec DC 2005
Attacking Web Services (Alex Stamos)
AppSec DC 2005
Enterprise AppSec Program (Anthony Canike)
AppSec DC 2005
Evolution of App Pen Testing (Dan Cuthbert)
AppSec DC 2005
Identity Theft, Phishing and Pharming (Danny Allan)
AppSec DC 2005


<headertabs / >

Pages in category "OWASP Presentations"

The following 3 pages are in this category, out of 3 total.

A

C

O

Media in category "OWASP Presentations"

The following 70 files are in this category, out of 70 total.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Presentations&oldid=248828"