OWASP 2.0 Membrs

8/14/2019 OWASP 2.0 Membrs

http://slidepdf.com/reader/full/owasp-20-membrs 1/29

Copyright © 2006 - The OWASP FoundationPermission is granted to copy, distribute and/or modify thisdocument under the terms of the GNU Free DocumentationLicense.

The OWASPFoundation

OWAS

PAppSec

Europe

May 2006 http://www.owasp.org/

OWASP 2.0membrs

Andrew van der Stock

OWASP Executive Director

[email protected]

mailto:[email protected]?subject=

mailto:[email protected]?subject=



2OWASP AppSec Europe 2006

Where are we going?




Manifesto

Enabling organizations to

develop, maintain, andpurchase applications thatthey can trust




It’s about community

Built on great foundations built by ourcontributors

Greater peer to peer participation Emphasis on local community building

More support for your projects




It’s about building a solid foundation

Transparency

Improve membership experience

Membership packages Individual

Corporate

Sponsor

Starter chapter pack

Key projects

Projects




It’s about delivery

We have delivered some really cool stuff recently

We have a very full year ahead Volunteer burn out happens

We’re here to help you




Major initiatives

Guide

TrainingCLASP

Testing GuideProject incubator

Wiki

Forums

Blogs

Top 10

Conferences

WebScarab

WebGoat

Ajax

J2EE

.NET

Yours!

Validation

Local chapters

Building our brand

Certification



8OWASP AppSec Europe 2006OWASP Foundation




History

2000: Mark Curphey and Microsoft Word 2001: OWASP Guide 1.0

Sep 2002: Many volunteers finish 1.1.1

Oct 2002: owasp-leaders created

Leaders from each project

This meritocracy still leads us today




History

2003: OWASP Foundation created

Chair: Jeff Williams

Conferences Chair: Dave Wichers

OWASP Leaders (about 30 odd people)

OWASP Members

OWASP Users




OWASP Foundation

Key activity: self-sustaining this financialyear

Currently earning a bit of cash Not enough to pay for a full time employee

How to spend the money? and still do the stuff we want?




Transparency

Need your input on our executiveleadership model

Publish finances at least once per year

Sponsorship schedule (inc. in kind)

Propose move to member-only electionsin 2007 timeframe (à la NetBSD, Debian,

etc) Support? (Show of hands!)




Funding model

Need to increase OWASP individualmembers

Current funding model is broken We will fix the model, but we need your input

Funds for local development

Some money for room booking fees, pizza, etc Money to build global organization



14OWASP AppSec Europe 2006Local Chapters




Let’s meet!

We want you to meet your peers Find your local chapter via our website




Chapters!




Local chapters

Easily the most useful OWASP activity Lots of chapters all around the world

We want more!

Chapter Starter Pack




Local chapter support

Use our Internet resources Announce meetings well in advance

Have a schedule well in advance

Be consistent

Community: blogs, forum - in your locallanguage

Present new stuff ... or borrow other chapter’s slides




Guidelines for chapters

Encourage membership in OWASP

Try to be easily found and a popular time

Always try to meet, if only for drinkies Local sponsorship by vendors is fine

Try not to be 0wned by the vendors (of anytype)

Protect yourself - insurance, talk choices,etc




Membership drive

We need you to join... once we have worked out the fundingmodel

$100 USD

Members get to vote and lead

Renewing members will get ourmembership pack

What do you want to see?




Projects




Leadership focus

Developing OWASP Foundation andinfrastructure

Helping you deliver timely, usefulprojects

Keeping today’s flagship products freshand relevant




Standards

Top 10 is an awareness product, not astandard

Need a standard Relevant, useful and practical

Long lived and stable

Not particularly verbose or long

Must take input from key users (PCI,DHS,etc)




Certification

Our brand is important to us

Need something to help get rid of freeloaders

Do we really want to run a certificationlab?

Need a certification project




Training

Many firms using OWASP Top 10 / Guide withoutpermission

We need a training project

Top 10 1/2 day (Business types) Architects 1 Day

Developer 3 Day

Certify trainers? Train the trainer? How to ensure we don’t get ripped off or brand

sullied? Or destroy friendly businesses?




Project Focus

Participate!

What do you want us to focus on?




Project incubators

Initiate any project you like

Each project will have its own space

Community: Link to team member blogsand forum

Resources: Samples, downloads, privateworkspace



Copyright © 2006 - The OWASP FoundationPermission is granted to copy, distribute and/or modify thisdocument under the terms of the GNU Free DocumentationLicense.

The OWASPFoundation

OWAS

PAppSec

Europe

May 2006 http://www owasp org/

Questions

Royalty free images from

Stock*Exchange (http://www.sxc.hu)

Used with permission

http://www.sxc.hu/

http://www.sxc.hu/

http://www.sxc.hu/

http://www.sxc.hu/

OWASP 2.0 Membrs

Documents

Transcript of OWASP 2.0 Membrs