OWASP San Antonio

Inaugural Meeting
September 22, 2004
John Dickson and Dan Cornell
Plan

z Meet and Greet

z What is OWASP?
z What does OWASP provide?
z Example: OWASP Top 10
z How can I help?
z What Can OWASP San Antonio Do?
z Conclusions
Meet and Greet

z Who are you?

z Employment?
z Interest in application security?
What is OWASP?

z Founded by Mark Curphey, new chair is Jeff

Williams
z Dedicated to web application security
z Vendor neutral
z All-volunteer
z Produces free, professional quality, open
source documentation, tools, and standards
What does OWASP Provide?

z 3 Types of Projects:
1. Documentation
2. Software
3. Standards
z Mailing lists
z Website
z (Annual?) Conference
Documentation Projects

z Guide
z Top Ten
z Metrics
z Testing
z Web Services
z FAQ
Standards Project(s)

z ISO 17799
Software Projects

z .NET
z oPortal
z oLabs
z WebGoat
z WebScarab
z Stinger
Mailing Lists

z Mailing lists for each chapter and major

projects
z To sign up:
http://sourceforge.net/mail/?group_id=64424
z Or just go to:
http://sourceforge.net/projects/owasp/
Example: OWASP Top 10

z Top 10 Critical Web Application Vulnerabilities

– Unvalidated Parameters
– Broken Access Controls
– Broken Account and Session Management
– Cross-site Scripting Flaws
– Buffer Overflows
– Command Injection Flaws
– Error Handling Problems
– Insecure Use of Cryptography
– Remote Administration Flaws
– Web and Application Server Misconfiguration
How Can I Help?

z Join/contribute to the mailing lists

z Work on a project
z Contribute money
z Be active in the San Antonio chapter
What Can OWASP San Antonio Do?

z Feedback – what do you all want OWASP

San Antonio to do?
z Volunteers?
Conclusions

z Questions?

www.owasp.org

dan@denimgroup.com
(210) 572-4400