owasp tunisia web day 2011
DESCRIPTION
Presentation of OWASP Tunisia during the Tunisia Webdays 2011TRANSCRIPT
![Page 1: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/1.jpg)
The OWASP Foundationhttp://www.owasp.org
Les Standards OWASP Tunisia WebDays 2011
OWASP Tunisia Chapter
Semeh ArbiOWASP Tunisia ChapterEmail : [email protected]
Décembre 2011
![Page 2: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/2.jpg)
OWASP ??!!!!!
(OWASP) : Open Web Application Security Project
* Organization internationale à but non-lucratif
* Indépendante des fournisseurs et des gouvernements
* Sponsorisé par les membres ou par des entreprises
Mission Principale :
* Produire des documents , standards et outils dédiés à la sécurité des applications Web
![Page 3: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/3.jpg)
License
Approch == “OPEN”
* Toutes les documentations, standards et outils sont fournis sous une license open-source.
GFDL
GPL
BSD License
Creative Commons
![Page 4: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/4.jpg)
Organisation
OWASP
OWASP Conferences
OWASPWiki
OWASP Tools
OWASPLists
OWASP Books
OWASP Community
OWASP Governance
OWASP Chapter Leaders
OWASP Project Leaders
OWASP Foundation (501c3)
Board of Directors
Board of Advisors
Operation
DirectorTechnical Director
![Page 5: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/5.jpg)
Chapitres
![Page 6: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/6.jpg)
Support
![Page 7: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/7.jpg)
OWASP vs Compliance
* ISO
* SOX
* SAS70
* PCI DSS
![Page 8: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/8.jpg)
Initiatives
TrainingCLASP
Testing GuideProject incubator
Wiki portal
Forums
Blogs
Top 10
Conferences
WebScarab
WebGoat
Ajax
Orizon
.NET, Java
Validation
Chapters
CBT
Certification
Building Guide
![Page 9: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/9.jpg)
50%
9%41%
9% : Code41% : Outils50% : Documentation
Catégories de projets OWASP:
* Detect* Protect* Life Cycle
![Page 10: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/10.jpg)
OWASP == ‘Secure SDLC’
![Page 11: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/11.jpg)
OWASP Avant Le Développement
Sensibilisation
* OWASP Top 10
* OWASP Top 10 for .NET
* OWASP Application Security Desk
Reference Project
Guidelines
* OWASP .NET Project
* OWASP Java Project
* OWASP Ruby On Rails Project
![Page 12: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/12.jpg)
OWASP Avant Le Développement
Formation
Flawed Applications
* Broken Web Applications / Insecure Web App
* Mutillidae / SiteGenerator / Vicnum
* WebGoat
* WebGoat.NET
* iGoat
![Page 13: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/13.jpg)
OWASP Conception & Développement
* OWASP Development Guide
* OWASP Enterprise API (ESAPI)
![Page 14: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/14.jpg)
OWASP Conception & Développement
* OWASP Application Security Verification Standard
* OWASP Code Review Project
![Page 15: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/15.jpg)
OWASP Test & Maintenance
Tests
* OWASP Testing Guide
* OWASP Tools : LAPSE , Orizon
WebScarab , Zed Attack Proxy ..
Maintenance
* OWASP CSRFGuard
* OWASP ModSecurity Core Rule Set
* OWASP Appsensor
![Page 16: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/16.jpg)
OWASP Software Assurance
* OWASP CLASP (Comprehensive, Lightweight Application Security Process)
* OpenSAMM (Software Assurance Maturity Model )
![Page 17: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/17.jpg)
OWASP …
OWASP PCI Project
OWASP Mobile Security Project
OWASP Cloud Security
![Page 18: Owasp tunisia web day 2011](https://reader035.vdocuments.net/reader035/viewer/2022062307/55625aadd8b42aed7d8b4569/html5/thumbnails/18.jpg)
Merci Pour Votre Attention
OWASP Tunisie