Page 1
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
OWASP Nederland
Implementation of Security by DesignMartin KnoblochSogeti Nederland [email protected] +31-(0)6 52 32 76 79
2007-01-11
Page 2
2OWASP
Presentation Objectives
What is…? Awareness! Task Force! Join Forces! Education! Get known! Finish line?
Page 3
3OWASP
What is…?
What is…?Security By Design A Secure Application
Awareness! Task Force! Join Forces! Education! Get known! Finish line?
Page 4
4OWASP
What is…
Security by DesignSecure Software
Development Initiative Applications designed to be
secure Design how to develop
secure applicationsEverything about
designing, developing, testing and implementing secure applications!
Page 5
5OWASP
What is…
A Secure Application?How to design, develop a secure
application?How secure has an application to
be?How to prove the application meets
the customer expectations and needs of security?
50 current OWAP Projects 6 Release Quality Projects 15 Beta Status Projects 15 Alpha Status Projects
Page 6
6OWASP
What is…?
Secure Development Life Cycle
Page 7
7OWASP
What is…
A Secure Application..An application is secure if
the applications behaves as expected at all times!
Page 8
8OWASP
Awareness!
What is… ? Awareness!
Who?Why?How?
Task Force! Join Forces! Education! Get known! Finish line?
Page 9
9OWASP
Awareness!
Who?Colleagues
Development Staff– Architects / Designers– Developers– Tester
Sales / Business Management
Customer Architects Administrators Users
…each and everyone!
Page 10
10OWASP
Awareness!
Why?Colleagues
Development Staff Sales / Business Management
Customer Architects Administrators Users
Page 11
11OWASP
Awareness!
How?By recognition of their
interests, understanding and knowledge of security! Communicate on the level of their
knowledge Communicate in the scope of their
understanding Communicate in the context of
their interests
Page 12
12OWASP
Awareness!
Page 13
13OWASP
Task Force!
What is…? Awareness! Task Force!
It’s not a one-man-show
Join Forces! Education! Get known! Finish line?
Page 14
14OWASP
Task Force!
It’s not a one-man-show JavaMicrosoftOracleSAPCMSC++UnifacePHP…Software Control
Page 15
15OWASP
Task Force!
Proactive Security Strategy (PaSS)
Page 16
16OWASP
Join Forces!
What is…? Awareness! Task Force! Join Forces!
Who else is busy with security?
Education! Get known! Finish line?
Page 17
17OWASP
Join Forces!
Business Process
Networking
System Administration
Application Administration
Page 18
18OWASP
Join Forces!
Company wide security initiatives
Page 19
19OWASP
Educate!
What is…? Awareness! Task Force! Join Forces! Educate!
EducationCertification
Get known! Finish line?
Page 20
20OWASP
Educate!
Presentations, Courses, Technical meetingsTo create awareness!
About Security Threats About Security Standards About Best Practices About Standards About …
Page 21
21OWASP
Educate!
CertificationsGet certified
CISSP Symantec – SCSP MSCE Cisco ISS RSA
»OWASP Top Ten certification?!
Page 22
22OWASP
Get known!
What is…? Awareness! Task Force! Join Forces! Education! Get known!
Make yourself heard!
Finish line?
Page 23
23OWASP
Get known!
Write! Papers Newsletters Blogs
Talk! Presentations Meetings Lunch
Bother! Whenever there is a change!
Page 24
24OWASP
Get known!
Make yourself notorious!
Page 25
25OWASP
Finish line?
What is…? Awareness! Task Force! Join Forces! Get known! Education! Finish line?
When is the job done?
Page 26
26OWASP
Finish line?
When is the job done?
…NEVER!