Difference between revisions of "Test2test"

Philosophy

OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. OWASP's philosophy is that achieving security involves all parts of an organization, including people, process, and technology. We support the use of our brand consistent with this philosophy. However, we cannot allow the use of our brand when it implies something inconsistent with OWASP's comprehensive and balanced approach to application security. Therefore, we have defined these brand usage rules to clarify appropriate and inappropriate uses of the OWASP brand, including our name, domain, logos, project names, and other trademarks.

Rules

The following rules make reference to the OWASP Materials, meaning any tools, documentation, or other content from OWASP. The rules also make reference to "OWASP Published Standards" which are currently in the process of being developed and released. Currently there are no OWASP Published Standards.

1. The OWASP Brand may be used to direct people to the OWASP website for information about application security.
2. The OWASP Brand may be used in commentary about the materials found on the OWASP website.
3. The OWASP Brand may be used by OWASP Members in good standing to promote a person or company's involvement in OWASP.
4. The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
5. The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
6. The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials other than an OWASP Published Standard.
7. The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials other than an OWASP Published Standard.
8. The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control category.
9. The OWASP Brand may be used by special arrangement with The OWASP Foundation.

Resources

Download our OWASP Image Toolbox. This includes all of OWASP's branding images.

Logos

-

Download our OWASP Image Toolbox. This includes all of OWASP's branding images.

Business Card Templates

OWASP Business Card Template Front: https://www.owasp.org/index.php/File:OWASPBusinessCardTemplateFront.psd

OWASP Business Card Template Back: https://www.owasp.org/index.php/File:OWASPBusinessCardTemplateBack.psd

Ads/Flyers

2012 Print Ad

https://www.owasp.org/images/4/49/OWASP_Brochure_-_Global.pdf

2012 Print Ad "One Byte at a Time"

Powerpoint Version: https://www.owasp.org/images/2/24/OWASP-AD-V3-FINAL.ppt

Standard .PDF - https://www.owasp.org/images/a/ac/OWASP-AD-V3-FINAL.pdf

A4 Print ready - https://www.owasp.org/images/2/2d/OWASP-AD-V3-FINAL-A4.pdf

A4-2 Print ready - https://www.owasp.org/images/1/1f/OWASP-AD-V3-FINAL-A42.pdf

Banners

Pictures of the banners and links to the dropbox files also appear here

Cog wheel banner

Honeycomb banner

Presentation

Slides presented at Global AppSec Conferences by the Global Board to provide a high level overview of OWASP and to highlight some of the key initiatives at a Global level. This can be presented in its current form at OWASP Chapter meetings to enable a clarification of the mission and purpose of the local chapter. This can also be used or sent to the press/media when looking for a "overview of owasp"

2012 Where we are, Where we are going..

2011 Where we are, Where we are going..

Questions

If you have any questions or concerns, please contact the OWASP Project Manager, Samantha Groves

Conference Fees

Access to conference:

• Before Sept 30th: 3200.00 UYU (approx. 150.00 USD)
• Before Oct 31st: 4250.00 UYU (approx. 200.00 USD)
• After Nov 1st: 5300.00 UYU (approx. 250.00 USD)

Trainings

• One day: 8500.00 UYU (approx. 400.00 USD)
• Two days: 17000.00 UYU (approx. 800.00 USD)

Discounts

• OWASP Member: 50.00 USD (Note: This discount is equal to the cost of becoming an OWASP paid Member.)
• Student: 1600.00 UYU (approx. 75.00 USD). Note: student ID or other proof of current student status is required.
• Special discounts available for groups registrations. Please send inquiries to [email protected].

Online Registration

Registration is not yet available for this event. Check back the beginning of September for registration details.

Donate to OWASP Projects Division

OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

This is how your money can help:

• $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
• $100 could help fund OWASP project demos at major conferences.
• $250 could help get our volunteer Project Leaders to speaking engagements.

OWASP Project Sponsors

• Name, Link and Logo with sort description of what they donated.

Jason Li

Jason has led security architecture reviews, application security code reviews, penetration tests and provided web application security training services for a variety of commercial, financial, and government customers. He is also actively involved in the Open Web Application Security Project (OWASP), serving on the OWASP Global Projects Committee and as a co-author of the OWASP AntiSamy Project (Java version). Jason earned his Post-Master's degree in Computer Science with a concentration in Information Assurance from Johns Hopkins University. He earned his Master's degree in Computer Science from Cornell University, where he also earned his Bachelor's degree, double majoring in Computer Science and Operations Research. Past conference presentations include: DISA's Application Security and Development STIG: How OWASP Can Help You - OWASP AppSec DC 2009 Agile and Secure: Can We Do Both? - Jazoon 2008 The OWASP AntiSamy Project - ShmooCon 2009 OWASP JSP Testing Tool - OWASP EU Summit 2008 OWASP Keynote Introduction, Validating Rich User Content - OWASP AppSec India 2008 The OWASP AntiSamy Project - OWASP AppSec Belgium 2008

Justin Searle

Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Keith Turpin

Over the years Keith has held a number of positions at The Boeing Company including: Application Security Assessments team leader, Team Leader for IT Security International Operations, Team Leader for Information and Supply Chain Security Assessments, engineering systems integrator, software developer and senior manufacturing engineer on the 747 airplane program. He represented Boeing on the International Committee for Information Technology Standard's cyber security technical committee and served as a U.S. delegate to the ISO/IEC sub-committee on cyber security. He is a member of the (ISC)2 Application Security Advisory Board, and the Director of the HPPV Northwest regional engineering competition. You can see his OWASP project on secure coding practices here: http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide The presentation on his OWASP project at AppSec USA 2010 can be found here: http://vimeo.com/17018329 You can see the video of his AppSec USA 2009 presentation on Building Security Assessment Teams here: http://vimeo.com/8989378

Nishi Kumar

Nishi Kumar IT Architect Specialist, FIS Nishi Kumar is an Architect with 20 years of broad industry experience. She is part of OWASP Global Industry Committee and project lead for OWASP CBT (Computer based training) project. She is a committed contributor of OWASP. She has spearheaded Secure Code Initiative program in FIS Electronics Payment division. As part of that program, she has delivered OWASP based training to management and development teams to various groups in FIS. She has been involved with PA-DSS certification of several applications in FIS. Since joining FIS in 2004 she has worked as an architect and team lead for several financial payment and fraud applications. She has hands-on accomplishments in design, development and deployment of complex software systems on a variety of platforms. Prior to joining FIS Nishi Kumar has worked for Pavilion, HNC, Fair Isaac, Trajecta, Nationwide Insurance and Data Junction as Senior Software Engineer, Architect and in Project Management roles. Nishi can be reached at: nishi787(at)hotmail.com

Brad Causey

Brad Causey is a Web Application Security, Forensics, and Phishing specialist working in the financial sector. He frequently contributes to various open source projects, and participates in training and lectures at various educational facilities. Brad Causey is also an OWASP GPC member, the President of the OWASP AL Chapter, and the President of the AL IISFA Chapter. Brad Causey's Email Contact and Wiki Contributions.

Chris Schmidt

Chris is currently the Project Leader for the OWASP ESAPI Projects and also serves on the OWASP Global Projects Committee. He has been involved with OWASP for 4 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership discussions amongst the organization. During the day, Chris is an Application Security Engineer and Senior Software Engineer for Aspect Security where he has been since fall 2010. Prior to joining the team at Aspect Security he spent 5 years as 'Black Ops Beef' for ServiceMagic Inc with the official title of Software Engineer. Before getting involved in software professionally, Chris worked in hardware as a Senior Field Service Engineer providing hardware and software support for PC’s, Servers, Midrange Systems and Peripherals for 9 years. In addition to his professional career he is also a musician with several ongoing projects and enjoys cold beer and long walks in the park. Links: Blog: Yet Another Developer's Blog Twitter: Carne LinkedIn: Chris Schmidt

Samantha Groves: OWASP Project Manager

Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioural research projects, competitor analysis, event organisation and management, volunteer engagement projects, staff recruitment and training, and marketing department organisation and strategy implementation projects for a variety of commercial and not-for-profit organisations. She is eager to begin her work at OWASP and help the organisation reach its project completion goals. Samantha earned her MBA in International Management with a concentration in sustainability from Royal Holloway, University of London. She earned her Bachelor's degree majoring in Multimedia from The University of Advancing Technology in Mesa, Arizona, and she earned her Associate's degree from Scottsdale Community College in Scottsdale, Arizona. Additionally, Samantha recently attained her Prince2 (Foundation) project management certification.

OWASP Representation

• Samantha Groves: OWASP Project Manager

Global Project Committee Members

• Jason Li: Acting Committee Chair
• Brad Causey: Committee Member
• Chris Schmidt: Committee Member
• Justin Searle: Committee Member
• Nishi Kumar: Committee Member
• Keith Turpin: Committee Member