SlideShare una empresa de Scribd logo

Owasp Community in Lviv

Descargar como PPTX, PDF
T
Tjylen Veselyj

The document discusses the OWASP organization, its goals of independence, innovation, integrity, and education. It has over 140 projects and 30,000 subscribers worldwide. Projects include tools like WebScarab, Zed Attack Proxy, and code analysis projects like GoatDroid and Mantra. OWASP creates application security standards, guides for code review, testing, and development.

1 de 17
OWASP Community Lviv Organization, Methodology, Projects and Tools Nazar Tymoshyk, Security Consultant, R&D Team, SoftServe August, 2012
About me Security consultant @ Security certified: Security interests: PenTest, SE, WebSec Researches: VMI,Honeynets, IDS Member: Personal interests: Researching, Skiing and Rock Climbing
Standard for Application security 3
Over 140 Projects
Over 30,000 Subscribers 5
World wide Events InfoSec Conference AppSec Conference
Goals of organization Independence Common standard for application Innovative security Integrity App excellence Education Linked to Life
DETECT PROTECT ECOSYSTEM 8
Tools DETECT PROTECT WebScarab AntiSamy .NET/Java Zed Attack Proxy ModSecurity CRS Live CD Enterprise Security API Code Crawler
Perspective projects GoatDroid Mobile Security iGoat Wapiti Mantra WAF AppSensor NAXSI
TOP 10 11
Application Security Verification Standard 12
Code Review Guide 13
Testing Guide 14
Development Guide 15
Software Assurance Maturity Model (SAMM) …for next session.
Owasp Community in Lviv

Recomendados

Infosec for web apps 2014_18november2014
Infosec for web apps 2014_18november2014Infosec for web apps 2014_18november2014
Infosec for web apps 2014_18november2014
Directorate of Information Security | Ditjen Aptika
 
VGTU Intro to Threats 2015
VGTU Intro to Threats 2015VGTU Intro to Threats 2015
VGTU Intro to Threats 2015
slicklash
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Ludovic Petit
 
This World of Ours
This World of OursThis World of Ours
This World of Ours
slicklash
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Cristian Garcia G.
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
slicklash
 
Owasp and friends
Owasp and friendsOwasp and friends
Owasp and friends
Mažvydas Skuodas
 

Recomendados

Infosec for web apps 2014_18november2014
Infosec for web apps 2014_18november2014Infosec for web apps 2014_18november2014
Infosec for web apps 2014_18november2014
Directorate of Information Security | Ditjen Aptika
 
VGTU Intro to Threats 2015
VGTU Intro to Threats 2015VGTU Intro to Threats 2015
VGTU Intro to Threats 2015
slicklash
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security ExcellenceLooking Forward… and Beyond - Distinctiveness Through Security Excellence
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Ludovic Petit
 
This World of Ours
This World of OursThis World of Ours
This World of Ours
slicklash
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Cristian Garcia G.
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
slicklash
 
Owasp and friends
Owasp and friendsOwasp and friends
Owasp and friends
Mažvydas Skuodas
 
Internship brochure
Internship brochureInternship brochure
Internship brochure
FixNix Inc.,
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
Global Business Events
 
Secure Coding 2013
Secure Coding 2013 Secure Coding 2013
Secure Coding 2013
The eCore Group
 
Atelier Technique - F5 - #ACSS2019
Atelier Technique - F5 - #ACSS2019Atelier Technique - F5 - #ACSS2019
Atelier Technique - F5 - #ACSS2019
African Cyber Security Summit
 
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIEROSécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
TelecomValley
 
security in development lifecycle
security in development lifecyclesecurity in development lifecycle
security in development lifecycle
TelecomValley
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
TelecomValley
 
Anatomy Of Web App
Anatomy Of Web AppAnatomy Of Web App
Anatomy Of Web App
Aung Khant
 
개발자가 알아야 할 보안
개발자가 알아야 할 보안개발자가 알아야 할 보안
개발자가 알아야 할 보안
Johnny Cho
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security Challenges
Cisco Security
 
Dotnetsecurecodingpractices
DotnetsecurecodingpracticesDotnetsecurecodingpractices
Dotnetsecurecodingpractices
Aung Khant
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Codero
 
3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall
Cisco Security
 
Application Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testersApplication Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testers
Gustavo Nieves Arreaza
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practices
Potato
 
Infographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersInfographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service Providers
Cisco Security
 
Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?
S&T Consulting Hungary
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017
Satheesh Kumar V
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021
Archana Joshi
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
Cisco Security
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
baoyin
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
 

Más contenido relacionado

La actualidad más candente

Anatomy Of Web App
Anatomy Of Web AppAnatomy Of Web App
Anatomy Of Web App
Aung Khant
 
Dotnetsecurecodingpractices
DotnetsecurecodingpracticesDotnetsecurecodingpractices
Dotnetsecurecodingpractices
Aung Khant
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Codero
 

La actualidad más candente (20)

Internship brochure
Internship brochureInternship brochure
Internship brochure
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
Secure Coding 2013
Secure Coding 2013 Secure Coding 2013
Secure Coding 2013
 
Atelier Technique - F5 - #ACSS2019
Atelier Technique - F5 - #ACSS2019Atelier Technique - F5 - #ACSS2019
Atelier Technique - F5 - #ACSS2019
 
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIEROSécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
Sécurité by design + Cloud = Infrastructure as Code par Sergio LOURIERO
 
security in development lifecycle
security in development lifecyclesecurity in development lifecycle
security in development lifecycle
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
 
Anatomy Of Web App
Anatomy Of Web AppAnatomy Of Web App
Anatomy Of Web App
 
개발자가 알아야 할 보안
개발자가 알아야 할 보안개발자가 알아야 할 보안
개발자가 알아야 할 보안
 
Data Center Security Challenges
Data Center Security ChallengesData Center Security Challenges
Data Center Security Challenges
 
Dotnetsecurecodingpractices
DotnetsecurecodingpracticesDotnetsecurecodingpractices
Dotnetsecurecodingpractices
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall3 Tips for Choosing a Next Generation Firewall
3 Tips for Choosing a Next Generation Firewall
 
Application Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testersApplication Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testers
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practices
 
Infographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service ProvidersInfographic: Security for Mobile Service Providers
Infographic: Security for Mobile Service Providers
 
Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?Miben nyújt többet a Cisco ASA + FirePOWER Services?
Miben nyújt többet a Cisco ASA + FirePOWER Services?
 
Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017Introduction to Android Application Security Testing - 2nd Sep 2017
Introduction to Android Application Security Testing - 2nd Sep 2017
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 

Similar a Owasp Community in Lviv

六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
baoyin
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
IBM Security
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
Black Duck by Synopsys
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
Bryan Fendley
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
DefCamp
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
tswong
 
Software Security Initiative And Capability Maturity Models
Software Security Initiative And Capability Maturity ModelsSoftware Security Initiative And Capability Maturity Models
Software Security Initiative And Capability Maturity Models
Marco Morana
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
Synopsys Software Integrity Group
 

Similar a Owasp Community in Lviv (20)

六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!
 
Setting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyderSetting up a secure development life cycle with OWASP - seba deleersnyder
Setting up a secure development life cycle with OWASP - seba deleersnyder
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023
 
The DevSecOps Advantage: A Comprehensive Guide
The DevSecOps Advantage: A Comprehensive Guide The DevSecOps Advantage: A Comprehensive Guide
The DevSecOps Advantage: A Comprehensive Guide
 
Managed security services
Managed security servicesManaged security services
Managed security services
 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
 
Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
Software Security Initiative And Capability Maturity Models
Software Security Initiative And Capability Maturity ModelsSoftware Security Initiative And Capability Maturity Models
Software Security Initiative And Capability Maturity Models
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
 

Más de Tjylen Veselyj

Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
Tjylen Veselyj
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
Tjylen Veselyj
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
Tjylen Veselyj
 
Mobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final PublicMobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final Public
Tjylen Veselyj
 

Más de Tjylen Veselyj (10)

Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
 
Welcome to the world of hacking
Welcome to the world of hackingWelcome to the world of hacking
Welcome to the world of hacking
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
iOS Forensics
iOS Forensics iOS Forensics
iOS Forensics
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
 
Sh#3 incident forensics
Sh#3 incident forensicsSh#3 incident forensics
Sh#3 incident forensics
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2
 
Mobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final PublicMobilination Ntymoshyk Personal Mobile Security Final Public
Mobilination Ntymoshyk Personal Mobile Security Final Public
 

Owasp Community in Lviv

Notas del editor

  1. АналогAntiSamyдля .NET є Microsoft AntiXSS. Розроблявся Aspect SecurityWebScarabFragments - extracts Scripts and HTML comments from HTML pages as they are seen via the proxy, or other plugins Beanshell 
  2. Code Crawler