This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Test2test"

From OWASP

Jump to: navigation, search

Revision as of 20:32, 20 September 2012

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:

PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).

Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any of them on the OWASP Project Mailing Lists page.

A list of Projects that have been identified as orphaned ones has been set up. Please glance at it and see you find interest in leading any of them.

A summary of recent project releases (amongst other things) is available on the OWASP Updates page.

Who Should Start an OWASP Project:

Application Developers
Software Architects
Information Security Authors
Those who would like the support of a community to develop or test an idea
Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer

If you have any questions, please do not hesitate to contact the
OWASP Project Manager, Samantha Groves .

Visit the OWASP Zed Attack Proxy Project Blog to find regular updates on the project's status!

@zaproxy (follow us on Twitter!) <twitter>262394051</twitter>

How to Start a New Project

Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.

To get your project started, fill out the new project form. We'll review the information and get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!

Here are some of the guidelines for running a successful OWASP project:

The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.

You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

Creating a New Project

Get the following information together:

A - PROJECT

Project Name,
Project purpose / overview,
Project Roadmap,
Project links (if any) to external sites,
Project License,
Project Leader name,
Project Leader email address,
Project Leader wiki account - the username (you'll need this to edit the wiki),
Project Contributor(s) (if any) - name email and wiki account (if any),
Project Main Links (if any).

Project Release

As your project reaches a point that you'd like OWASP to assist in its promotion, the OWASP Global Projects Committee will need the following to help spread the word about your project:

If possible, get also the following information together:

B – FIRST RELEASE

Release Name,
Release Description,
Release Downloadable file link
Release Leader,
Release Contributor(s),
Release Reviewer,
Release Sponsor(s) (if any),
Release Notes
Release Main Links (if any),

Questions?

Please contact us at Samantha.Groves@owasp.org with any questions!

Jerry Hoff


	"Building Security Into Frameworks: Who is doing it right": In this talk, Jerry Hoff, VP of the Static Code Analysis Division at WhiteHat Security, will discuss the importance of security controls in mobile and web frameworks. The talk features a tour through a spectrum of languages and frameworks. A tip of the hat will be given to frameworks and security controls that demonstrably mitigate vulnerabilities, resulting in more secure code. A wag of the finger will be given to frameworks that either lack essential security controls, or implement them improperly. Many of the OWASP Top 10 vulnerabilities and their corresponding security controls will be discussed. Participants will walk away with a better understanding of the security libraries available across a wide array of popular web technologies. Jerry Hoff is the VP of the Static Code Analysis Division at WhiteHat Security. Prior to joining WhiteHat, he was a co-founder and managing partner at Infrared Security. Jerry has worked at a number of fortune ten financial firms, along with years of hands-on security consulting, where he specialized in manual code review, web application penetration testing, and architecture reviews. Jerry also has years of development and teaching experience. He taught for over seven years at Washington University's CAIT program, and the microcomputer program at University of Missouri in St. Louis. Jerry is the writer/producer of the popular OWASP Appsec Tutorial Series and the lead developer for the WebGoat.NET project.

"Building Security Into Frameworks: Who is doing it right": In this talk, Jerry Hoff, VP of the Static Code Analysis Division at WhiteHat Security, will discuss the importance of security controls in mobile and web frameworks. The talk features a tour through a spectrum of languages and frameworks. A tip of the hat will be given to frameworks and security controls that demonstrably mitigate vulnerabilities, resulting in more secure code. A wag of the finger will be given to frameworks that either lack essential security controls, or implement them improperly.

Many of the OWASP Top 10 vulnerabilities and their corresponding security controls will be discussed. Participants will walk away with a better understanding of the security libraries available across a wide array of popular web technologies.

Jerry Hoff is the VP of the Static Code Analysis Division at WhiteHat Security. Prior to joining WhiteHat, he was a co-founder and managing partner at Infrared Security. Jerry has worked at a number of fortune ten financial firms, along with years of hands-on security consulting, where he specialized in manual code review, web application penetration testing, and architecture reviews. Jerry also has years of development and teaching experience. He taught for over seven years at Washington University's CAIT program, and the microcomputer program at University of Missouri in St. Louis. Jerry is the writer/producer of the popular OWASP Appsec Tutorial Series and the lead developer for the WebGoat.NET project.

Pravir Chandra


	Everything you know about Injection Attack is wrong: This casual talk will take a look at several mundane vulnerabilities that we all know about and ask a few deeper questions. What are the underlying mechanisms? Does our advice on preventing them actually work? Is there a better way when you think of software design patterns? By the end, we’ll challenge the audience to think past the surface of these code vulnerabilities and hopefully learn a little about how the right abstraction model can save tons of security headaches. Pravir Chandra is a veteran in the security space and a long-time OWASP contributor, including his role as the creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project. Currently as security architect for the CTO of Bloomberg, he drives proactive security initiatives that demonstrate concrete value for the firm. Prior to this, Pravir was Director of Strategic Services at HP/Fortify where he lead software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.

Everything you know about Injection Attack is wrong: This casual talk will take a look at several mundane vulnerabilities that we all know about and ask a few deeper questions. What are the underlying mechanisms? Does our advice on preventing them *actually* work? Is there a better way when you think of software design patterns? By the end, we’ll challenge the audience to think past the surface of these code vulnerabilities and hopefully learn a little about how the right abstraction model can save tons of security headaches.

Pravir Chandra is a veteran in the security space and a long-time OWASP contributor, including his role as the creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project. Currently as security architect for the CTO of Bloomberg, he drives proactive security initiatives that demonstrate concrete value for the firm. Prior to this, Pravir was Director of Strategic Services at HP/Fortify where he lead software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.

Cristian Borghello


	Cristian F. Borghello, es Licenciado en Sistemas, desarrollador, Certified Information Systems Security Professional (CISSP) y Microsoft MVP Security (Most Valuable Professional). Actualmente es Director de Segu-Info y se desempeña como consultor independiente en Seguridad de la Información. Escribe para diversos medios especializados e investiga en forma independiente sobre Seguridad Informática y de la Información. Ha disertado se congresos y seminarios nacionales e internacionales sobre la temática. El interés por la Seguridad Informática y su investigación lo ha llevado a mantener este sitio: http://www.segu-info.com.ar/

Cristian F. Borghello, es Licenciado en Sistemas, desarrollador, Certified Information Systems Security Professional (CISSP) y Microsoft MVP Security (Most Valuable Professional).

Actualmente es Director de Segu-Info y se desempeña como consultor independiente en Seguridad de la Información. Escribe para diversos medios especializados e investiga en forma independiente sobre Seguridad Informática y de la Información. Ha disertado se congresos y seminarios nacionales e internacionales sobre la temática. El interés por la Seguridad Informática y su investigación lo ha llevado a mantener este sitio: http://www.segu-info.com.ar/

Hernán M. Racciatti


	Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security. Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field. Among his contributions to the community, should be noted: active participation as a collaborator in some ISECOM´s project (OSSTMM-Open Source Security Testing Methodology Manual and Hacker High School), OISSG (ISSAF – Information Systems Security Assessment Framework), the development of small tools designed to secure information systems and several papers, articles and technical documents written for digital and print publications whit national and international circulation. During last year, he found and reported vulnerability in major commercial products. Hernan Marcelo Racciatti is member of the Core Team at ISECOM (Institute for Security and Open Methodologies), ISSAF Key Contributor at OISSG (Open Information System Security Group), President of CSA (Cloud Security Alliance) Argentina Chapter, Executive Committee Member of the ONG Argentina Cibersegura, ISSA (Information Systems Security Association) and OWASP (Open Web Application Security Project) Buenos Aires Chapter Member. Learn more about Hernan at http://www.hernanracciatti.com.ar/

Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security.

Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field.

Among his contributions to the community, should be noted: active participation as a collaborator in some ISECOM´s project (OSSTMM-Open Source Security Testing Methodology Manual and Hacker High School), OISSG (ISSAF – Information Systems Security Assessment Framework), the development of small tools designed to secure information systems and several papers, articles and technical documents written for digital and print publications whit national and international circulation.

During last year, he found and reported vulnerability in major commercial products.

Hernan Marcelo Racciatti is member of the Core Team at ISECOM (Institute for Security and Open Methodologies), ISSAF Key Contributor at OISSG (Open Information System Security Group), President of CSA (Cloud Security Alliance) Argentina Chapter, Executive Committee Member of the ONG Argentina Cibersegura, ISSA (Information Systems Security Association) and OWASP (Open Web Application Security Project) Buenos Aires Chapter Member.

Learn more about Hernan at http://www.hernanracciatti.com.ar/

Jason Li


	Jason has led security architecture reviews, application security code reviews, penetration tests and provided web application security training services for a variety of commercial, financial, and government customers. He is also actively involved in the Open Web Application Security Project (OWASP), serving on the OWASP Global Projects Committee and as a co-author of the OWASP AntiSamy Project (Java version). Jason earned his Post-Master's degree in Computer Science with a concentration in Information Assurance from Johns Hopkins University. He earned his Master's degree in Computer Science from Cornell University, where he also earned his Bachelor's degree, double majoring in Computer Science and Operations Research. Past conference presentations include: DISA's Application Security and Development STIG: How OWASP Can Help You - OWASP AppSec DC 2009 Agile and Secure: Can We Do Both? - Jazoon 2008 The OWASP AntiSamy Project - ShmooCon 2009 OWASP JSP Testing Tool - OWASP EU Summit 2008 OWASP Keynote Introduction, Validating Rich User Content - OWASP AppSec India 2008 The OWASP AntiSamy Project - OWASP AppSec Belgium 2008

Jason has led security architecture reviews, application security code reviews, penetration tests and provided web application security training services for a variety of commercial, financial, and government customers. He is also actively involved in the Open Web Application Security Project (OWASP), serving on the OWASP Global Projects Committee and as a co-author of the OWASP AntiSamy Project (Java version). Jason earned his Post-Master's degree in Computer Science with a concentration in Information Assurance from Johns Hopkins University. He earned his Master's degree in Computer Science from Cornell University, where he also earned his Bachelor's degree, double majoring in Computer Science and Operations Research.

Past conference presentations include:

DISA's Application Security and Development STIG: How OWASP Can Help You - OWASP AppSec DC 2009
Agile and Secure: Can We Do Both? - Jazoon 2008
The OWASP AntiSamy Project - ShmooCon 2009
OWASP JSP Testing Tool - OWASP EU Summit 2008
OWASP Keynote Introduction, Validating Rich User Content - OWASP AppSec India 2008
The OWASP AntiSamy Project - OWASP AppSec Belgium 2008

Justin Searle


	Everything you know about Injection Attack is wrong: This casual talk will take a look at several mundane vulnerabilities that we all know about and ask a few deeper questions. What are the underlying mechanisms? Does our advice on preventing them actually work? Is there a better way when you think of software design patterns? By the end, we’ll challenge the audience to think past the surface of these code vulnerabilities and hopefully learn a little about how the right abstraction model can save tons of security headaches.

Keith Turpin


	Cristian F. Borghello, es Licenciado en Sistemas, desarrollador, Certified Information Systems Security Professional (CISSP) y Microsoft MVP Security (Most Valuable Professional). Actualmente es Director de Segu-Info y se desempeña como consultor independiente en Seguridad de la Información. Escribe para diversos medios especializados e investiga en forma independiente sobre Seguridad Informática y de la Información. Ha disertado se congresos y seminarios nacionales e internacionales sobre la temática. El interés por la Seguridad Informática y su investigación lo ha llevado a mantener este sitio: http://www.segu-info.com.ar/

Cristian F. Borghello, es Licenciado en Sistemas, desarrollador, Certified Information Systems Security Professional (CISSP) y Microsoft MVP Security (Most Valuable Professional).

Nishi Kumar


	Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security. Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field. Learn more about Hernan at http://www.hernanracciatti.com.ar/

Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security.

Learn more about Hernan at http://www.hernanracciatti.com.ar/

Brad Causey


	Brad Causey is a Web Application Security, Forensics, and Phishing specialist working in the financial sector. He frequently contributes to various open source projects, and participates in training and lectures at various educational facilities. Brad Causey is also an OWASP GPC member, the President of the OWASP AL Chapter, and the President of the AL IISFA Chapter. Brad Causey's Email Contact and Wiki Contributions.

Brad Causey is a Web Application Security, Forensics, and Phishing specialist working in the financial sector. He frequently contributes to various open source projects, and participates in training and lectures at various educational facilities.

Brad Causey is also an OWASP GPC member, the President of the OWASP AL Chapter, and the President of the AL IISFA Chapter.

Brad Causey's Email Contact and Wiki Contributions.

Chris Schmidt


	Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security. Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field. Learn more about Hernan at http://www.hernanracciatti.com.ar/

Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security.

Learn more about Hernan at http://www.hernanracciatti.com.ar/

Venue Sponsor

Gold Sponsor
Silver Sponsors
Conference Room Sponsor
Venue Sponsor
Academic Supporters
Organizational Supporters

Languages:

English

Retrieved from "https://wiki.owasp.org/index.php?title=Test2test&oldid=136243"

Category:

OWASP AppSec Conference

@@ Line 368: / Line 368: @@
 |-
 | align="center" | [[Image:PlaceholderImage.jpg|100px]]
-| align="justify" |Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security.
+| align="justify" |Brad Causey is a Web Application Security, Forensics, and Phishing specialist working in the financial sector. He frequently contributes to various open source projects, and participates in training and lectures at various educational facilities.
-Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field.
+Brad Causey is also an OWASP GPC member, the President of the OWASP AL Chapter, and the President of the AL IISFA Chapter.
-Learn more about Hernan at [http://www.hernanracciatti.com.ar/ http://www.hernanracciatti.com.ar/]
+* Brad Causey's [mailto:bradcausey@owasp.org Email Contact] and [[:Special:Contributions/Bradcausey|Wiki Contributions]].
 |}
 <br>

Difference between revisions of "Test2test"

Revision as of 20:32, 20 September 2012

Gold Sponsor

Silver Sponsors

Conference Room Sponsor

Venue Sponsor

Academic Supporters

Organizational Supporters

Navigation menu

Search