OWASP Projects Takanori Nakanowatari
OWASP Projects
May 27, 2015
Presentation slide of OWASP Night 13th(Local chapter meeting).
About OWASP Projects.
About OWASP Projects.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
OWASP Projects
Takanori Nakanowatari
About Me
• About Me • 某OA機器メーカー勤務 • OWASP Japanのお手伝い • 数年毎に1ヶ月程度、昼夜逆転
OWASP と言えば –Local Chapter –AppSec Conference –Cheat Sheet –プロジェクトその他、多数
OWASP プロジェクト
プロジェクトを段階により区別 –フラグシップ –ラボ –インキュベータ –インアクティブ
https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Incubator_Projects
4
フラグシップ
• 現在、アップデート中。これまでのフラグシップは以下のプロジェクト – Tools • OWASP Zed Attack Proxy • OWASP Web Testing Environment Project
– Code • OWASP CSRFGuard Project
5
ラボ
– Tools • OWASP OWTF • OWASP Broken Web Applications Project • OWASP EnDe Project • OWASP Hackademic Challenges Project • OWASP Mantra Security Framework • OWASP O2 Platform • OWASP OWTF • OWASP Web Testing Environment Project • OWASP WebGoat Project • OWASP Zed Attack Proxy • OWASP Vicnum Project
6
ラボ
– Documentation – OWASP AppSec Tutorial Series – OWASP AppSensor Project – OWASP CTF Project – OWASP Legal Project – OWASP Podcast Project – Virtual Patching Best Practices – OWASP Application Security Verification Standard Project – OWASP Code Review Guide Project – OWASP Codes of Conduct – OWASP Development Guide Project – OWASP Secure Coding Practices - Quick Reference Guide – OWASP Software Assurance Maturity Model (SAMM) – OWASP Testing Guide Project – OWASP Top Ten Project
7
ラボ
– Code –OWASP Enterprise Security API –OWASP ModSecurity Core Rule Set
Project –OWASP CSRFGuard Project
8
ラボの評価
• ステイタス確認https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report
9
新着プロジェクト紹介
• OWASP Code Pulse 2.0https://www.owasp.org/index.php/OWASP_Code_Pulse_Project#tab=Mainhttp://code-pulse.com
• OWASP PHP Security Training Project • OWASP Hardened Phalcon Project • OWASP iOSForensic • OWASP Secure Development Training • OWASP JSEC CVE Details Project
10
プロジェクト事始め
1. Project Name, 2. Project purpose / overview, 3. Project Roadmap, 4. Project links (if any) to external sites, 5. Project Leader name, 6. Project Leader email address, 7. Project Leader wiki account - the username (you'll need this to edit the
wiki), 8. Project Contributor(s) (if any) - name email and wiki account (if
any), 9. Project Main Links (if any).
https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project
11
INACTIVE
例えば、 • OWASP Secure Password Project 復活の呪文あり。
12
Cheat Sheet
• https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
13
Cheat Sheet
• https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#WebSockets
14
Related Documents
