This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Test2test"
Line 216: | Line 216: | ||
* [https://www.owasp.org/index.php/Project_Information:template_Yasca_Project OWASP Yasca Project] | * [https://www.owasp.org/index.php/Project_Information:template_Yasca_Project OWASP Yasca Project] | ||
* [https://www.owasp.org/index.php/Virtual_Patching_Best_Practices Virtual Patching Best Practices] | * [https://www.owasp.org/index.php/Virtual_Patching_Best_Practices Virtual Patching Best Practices] | ||
− | |||
'''Incubator Projects | '''Incubator Projects | ||
''' | ''' | ||
+ | * [https://www.owasp.org/index.php/OWASP_Secure_Password_Project OWASP Secure Password Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project OWASP Secure the Flag Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Security_Baseline_Project OWASP Security Baseline Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Software_Security_Assurance_Process OWASP Software Security Assurance Process] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Threat_Modelling_Project OWASP Threat Modeling Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_WhatTheFuzz_Project#tab=Project_About OWASP WhatTheFuzz Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Web_Application_Security_Accessibility_Project#tab=Project_About OWASP Web Application Security Accessibility Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Data_Exchange_Format_Project OWASP Data Exchange Format Project] | ||
+ | * [https://www.owasp.org/index.php/Cheat_Sheets OWASP Cheat Sheets Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Security_Tools_for_Developers_Project OWASP Security Tools for Developers Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_SIMBA_Project OWASP SIMBA Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_VFW_Project OWASP VFW Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_OVAL_Content_Project OWASP OVAL Content Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_WAF_Project OWASP WAF Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_NAXSI_Project OWASP NAXSI Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Passw3rd_Project OWASP Passw3rd Project] | ||
+ | * [https://www.owasp.org/index.php/OWASP_Passw3rd_Project OWASP Passw3rd Project] | ||
+ | |||
+ | |||
+ | |||
==Inactive Projects== | ==Inactive Projects== |
Revision as of 19:37, 25 September 2012
|
|
---|---|
- Welcome
- Starting a New Project
- Project Assessment
- Project Database
- Marketing Materials
- Projects Terminology
- Sponsorships and Donations
- Global Project Committee
- Contact US
|
|
How to Start a New Project
Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.
To get your project started, fill out the new project form. We'll review the information and get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!
Here are some of the guidelines for running a successful OWASP project:
- The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
- You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
- You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
- You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!
Creating a New Project
- Get the following information together:
A - PROJECT
- Project Name,
- Project purpose / overview,
- Project Roadmap,
- Project links (if any) to external sites,
- Project License,
- Project Leader name,
- Project Leader email address,
- Project Leader wiki account - the username (you'll need this to edit the wiki),
- Project Contributor(s) (if any) - name email and wiki account (if any),
- Project Main Links (if any).
Project Release
- As your project reaches a point that you'd like OWASP to assist in its promotion, the OWASP Global Projects Committee will need the following to help spread the word about your project:
- Conference style presentation that describes the tool/document in at least 3 slides,
- Project Flyer/Pamphlet (PDF file),
- If possible, get also the following information together:
B – FIRST RELEASE
- Release Name,
- Release Description,
- Release Downloadable file link
- Release Leader,
- Release Contributor(s),
- Release Reviewer,
- Release Sponsor(s) (if any),
- Release Notes
- Release Main Links (if any),
Questions?
Please contact us at [email protected] with any questions!
Call for Papers
Submit your Talk Proposal here: Call for Papers Submission Form
Please carefully fill out the CFP form to submit your talk for consideration at OWASP AppSec Latam 2012 in Montevideo, Uruguay.
The talks will be held November 20th and 21st, 2012 at the ANTEL National Telco Company located in downtown Montevideo (training is November 18th and 19th). Talks will be 50 minutes each. We will post your Display Name, Biography, Talk Title, and Talk Abstract to the appseclatam.org site if your talk is selected. If you provide a URL or Twitter handle, we will post that if your talk is selected, too.
The deadline for this Call for Papers is August 31, 2011. If your talk is selected, we will contact you to confirm, and we will expect that your slides and other material will be sent to us no later than November 16, 2011 for our peer review. We peer review slides and other material for inclusion on the conference website (post-conference) and to verify general conformance to OWASP conference presentation guidelines.
If you would like to submit multiple presentations, please make multiple separate form submissions.
Speakers will receive free admission (nontransferable) to the conference in return for delivering a 50 minute talk.
Speaker Agreement
By submitting your proposal for a talk/paper through our CFP, you are consenting to stay within the guidelines of the speaker agreement: https://www.owasp.org/index.php/Speaker_Agreement
Questions?
Please contact us at [email protected] with any questions!
Active Projects
Flagship Projects
- OWASP AntiSamy Project
- OWASP Application Security Verification Standard Project
- OWASP Code Review Guide Project
- OWASP Codes of Conduct
- OWASP CSRFGuard Project
- OWASP Development Guide Project
- OWASP Enterprise Security API
- OWASP ModSecurity Core Rule Set Project
- OWASP Secure Coding Practices - Quick Reference Guide
- OWASP Software Assurance Maturity Model (SAMM)
- OWASP Testing Guide Project
- OWASP Top Ten Project
- OWASP Web Testing Environment Project
- OWASP WebGoat Project
- OWASP Zed Attack Proxy
Labs Projects
- OWASP AppSec Tutorial Series
- OWASP AppSensor Project
- OWASP Broken Web Applications Project
- OWASP Cloud ‐ 10 Project
- OWASP CSRFTester Project
- OWASP CTF Project
- OWASP EnDe Project
- OWASP Fiddler Addons for Security Testing Project
- OWASP Forward Exploit Tool Project
- OWASP Fuzzing Code Database
- OWASP Hackademic Challenges Project
- OWASP Hatkit Datafiddler Project
- OWASP HTTP POST Tool
- OWASP Java XML Templates Project
- OWASP JavaScript Sandboxes Project
- OWASP Joomla Vulnerability Scanner Project
- OWASP LAPSE Project
- OWASP Legal Project
- OWASP Mantra Security Framework
- OWASP Mutillidae Project
- OWASP O2 Platform
- OWASP Orizon Project
- OWASP Podcast Project
- OWASP Scrubbr
- OWASP Secure Web Application Framework Manifesto
- OWASP Security Assurance Testing of Virtual Worlds Project
- OWASP SWAAT Project
- OWASP Vicnum Project
- OWASP Wapiti Project
- OWASP Web Browser Testing System Project
- OWASP WebScarab Project
- OWASP Webslayer Project
- OWASP WSFuzzer Project
- OWASP Yasca Project
- Virtual Patching Best Practices
Incubator Projects
- OWASP Secure Password Project
- OWASP Secure the Flag Project
- OWASP Security Baseline Project
- OWASP Software Security Assurance Process
- OWASP Threat Modeling Project
- OWASP WhatTheFuzz Project
- OWASP Web Application Security Accessibility Project
- OWASP Data Exchange Format Project
- OWASP Cheat Sheets Project
- OWASP Security Tools for Developers Project
- OWASP SIMBA Project
- OWASP VFW Project
- OWASP OVAL Content Project
- OWASP WAF Project
- OWASP NAXSI Project
- OWASP Passw3rd Project
- OWASP Passw3rd Project
Inactive Projects
- Jason Li: Acting Committee Chair
Merged Projects
- Jason Li: Acting Committee Chair
Philosophy
OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. OWASP's philosophy is that achieving security involves all parts of an organization, including people, process, and technology. We support the use of our brand consistent with this philosophy. However, we cannot allow the use of our brand when it implies something inconsistent with OWASP's comprehensive and balanced approach to application security. Therefore, we have defined these brand usage rules to clarify appropriate and inappropriate uses of the OWASP brand, including our name, domain, logos, project names, and other trademarks.
Rules
The following rules make reference to the OWASP Materials, meaning any tools, documentation, or other content from OWASP. The rules also make reference to "OWASP Published Standards" which are currently in the process of being developed and released. Currently there are no OWASP Published Standards.
- The OWASP Brand may be used to direct people to the OWASP website for information about application security.
- The OWASP Brand may be used in commentary about the materials found on the OWASP website.
- The OWASP Brand may be used by OWASP Members in good standing to promote a person or company's involvement in OWASP.
- The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
- The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
- The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials other than an OWASP Published Standard.
- The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials other than an OWASP Published Standard.
- The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control category.
- The OWASP Brand may be used by special arrangement with The OWASP Foundation.
Resources
Download our OWASP Image Toolbox. This includes all of OWASP's branding images.
Logos
Download our OWASP Image Toolbox. This includes all of OWASP's branding images.
Business Card Templates
OWASP Business Card Template Front: https://www.owasp.org/index.php/File:OWASPBusinessCardTemplateFront.psd
OWASP Business Card Template Back: https://www.owasp.org/index.php/File:OWASPBusinessCardTemplateBack.psd
Ads/Flyers
2012 Print Ad
https://www.owasp.org/images/4/49/OWASP_Brochure_-_Global.pdf
2012 Print Ad "One Byte at a Time"
Powerpoint Version: https://www.owasp.org/images/2/24/OWASP-AD-V3-FINAL.ppt
Standard .PDF - https://www.owasp.org/images/a/ac/OWASP-AD-V3-FINAL.pdf
A4 Print ready - https://www.owasp.org/images/2/2d/OWASP-AD-V3-FINAL-A4.pdf
A4-2 Print ready - https://www.owasp.org/images/1/1f/OWASP-AD-V3-FINAL-A42.pdf
Banners
Pictures of the banners and links to the dropbox files also appear here
Presentation
Slides presented at Global AppSec Conferences by the Global Board to provide a high level overview of OWASP and to highlight some of the key initiatives at a Global level. This can be presented in its current form at OWASP Chapter meetings to enable a clarification of the mission and purpose of the local chapter. This can also be used or sent to the press/media when looking for a "overview of owasp"
2012 Where we are, Where we are going..
2011 Where we are, Where we are going..
Questions
If you have any questions or concerns, please contact Samantha Groves, the OWASP Project Manager.
Conference Fees
Access to conference:
- Before Sept 30th: 3200.00 UYU (approx. 150.00 USD)
- Before Oct 31st: 4250.00 UYU (approx. 200.00 USD)
- After Nov 1st: 5300.00 UYU (approx. 250.00 USD)
Trainings
- One day: 8500.00 UYU (approx. 400.00 USD)
- Two days: 17000.00 UYU (approx. 800.00 USD)
Discounts
- OWASP Member: 50.00 USD (Note: This discount is equal to the cost of becoming an OWASP paid Member.)
- Student: 1600.00 UYU (approx. 75.00 USD). Note: student ID or other proof of current student status is required.
- Special discounts available for groups registrations. Please send inquiries to [email protected].
Online Registration
Registration is not yet available for this event. Check back the beginning of September for registration details.
2012 AppSec Latam Conference Volunteer Team
- Mateo Martinez
- Mauro Flores
- Martin Tartarelli
- Fabio Cerullo
OWASP Staff Support
- Sarah Baso
- Kate Hartmann
Jason Li
|
|
---|---|
Jason has led security architecture reviews, application security code reviews, penetration tests and provided web application security training services for a variety of commercial, financial, and government customers. He is also actively involved in the Open Web Application Security Project (OWASP), serving on the OWASP Global Projects Committee and as a co-author of the OWASP AntiSamy Project (Java version). Jason earned his Post-Master's degree in Computer Science with a concentration in Information Assurance from Johns Hopkins University. He earned his Master's degree in Computer Science from Cornell University, where he also earned his Bachelor's degree, double majoring in Computer Science and Operations Research.
Past conference presentations include:
|
Justin Searle
|
|
---|---|
Everything you know about Injection Attack is wrong: This casual talk will take a look at several mundane vulnerabilities that we all know about and ask a few deeper questions. What are the underlying mechanisms? Does our advice on preventing them *actually* work? Is there a better way when you think of software design patterns? By the end, we’ll challenge the audience to think past the surface of these code vulnerabilities and hopefully learn a little about how the right abstraction model can save tons of security headaches. |
Keith Turpin
|
|
---|---|
Cristian F. Borghello, es Licenciado en Sistemas, desarrollador, Certified Information Systems Security Professional (CISSP) y Microsoft MVP Security (Most Valuable Professional).
Actualmente es Director de Segu-Info y se desempeña como consultor independiente en Seguridad de la Información. Escribe para diversos medios especializados e investiga en forma independiente sobre Seguridad Informática y de la Información. Ha disertado se congresos y seminarios nacionales e internacionales sobre la temática. El interés por la Seguridad Informática y su investigación lo ha llevado a mantener este sitio: http://www.segu-info.com.ar/ |
Nishi Kumar
Brad Causey
|
|
---|---|
Brad Causey is a Web Application Security, Forensics, and Phishing specialist working in the financial sector. He frequently contributes to various open source projects, and participates in training and lectures at various educational facilities.
Brad Causey is also an OWASP GPC member, the President of the OWASP AL Chapter, and the President of the AL IISFA Chapter.
|
Chris Schmidt
|
|
---|---|
Hernan M. Racciatti has 20 years of experience in Information Technology, having dedicated most of his careers in areas related to Information Security.
Currently serves as Director of Security at SIClabs, advising private companies and public agencies, leading Penetration Test, Security Application Assessment, Code Source Review, pursuing researches about information security, teaching and offering seminars and technical lectures at conferences of national and international level related to his field. Learn more about Hernan at http://www.hernanracciatti.com.ar/ |
Venue Sponsor
OWASP Staff Support
- Samantha Groves: OWASP Project Manager
Global Project Committee Members
- Jason Li: Acting Committee Chair
- Brad Causey: Committee Member
- Chris Schmidt: Committee Member
- Justin Searle: Committee Member
- Nishi Kumar: Committee Member
- Keith Turpin: Committee Member
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact us at [email protected].
Gold Sponsor |
|
Silver Sponsors |
|
Conference Room Sponsor |
|
Venue Sponsor |
|
Academic Supporters |
|
Organizational Supporters |
Languages: |
English |