OWASP Flyer Sep06

Document Sample
OWASP Flyer Sep06 Powered By Docstoc
77 WorldWide Chapters
    Argentina * Pittsburgh
    Atlanta    * Riyadh
                                 The Open Web Application Security Project
*   Austin     * Rochester
*   Austria    * Sacramento      Join the application security community for
*   Bangalore * Saint Louis
*   Belgium * San Antonio        free, unbiased, open source tools, guidelines,     Free Tools
*   Boston     * San Francisco   forums, and local chapters!
*   Brazil     * San Jose                                                             *   WebScarab Proxy
*   Brisbane * Seattle                                                                *   WebGoat Training
*   Buffalo    * Singapore
*   Charlotte * SoCal            We support developers and project                    *   CAL9000
*   Chennai * Spain                                                                   *   LAPSE
*   Chicago    * Switzerland     managers with security guidance, tools, and          *   Pantera
*   Chile
               * Sydney
    Cleveland * Taiwan           materials throughout the software                    *   .NET and Java tools
    Colombia * Tokyo
                                 development lifecycle (SDLC):                      Projects
               * Toronto
*   Denmark * Turkey
*   Denver     * Vancouver                                                            *   Web AppSec Guide
*   Edmonton * Virginia             Requirements and Use Cases                       *   Testing Guide
*   Germany * Washington DC
*   Greece     * Winnipeg
                                    Architecture                                     *   Top Ten Vulnerabilities
                                                                                      *   AppSec FAQ
    Hong Kong
                                    Threat Modeling                                  *   AppSec Metrics
*   Ireland                         Vulnerability Analysis                           *   AJAX
*   Israel                                                                            *   Code Review
*   Italy                           Scanning                                         *   Legal
*   Kansas City
*   Kerala                          Manual Penetration Testing                       *   PHP, J2EE, .NET
                                    Code Review                                    Community
*   Luxemburg                       Configuration Guides
*   Madison                                                                           *   Local Chapters
*   Malaysia
*   Manila                                                                            *   AppSec Conferences
*   Melbourne                    OWASP materials apply to all web platforms           *   Mailing Lists
    Mexico City
                                 including J2EE, .NET, LAMP, Cold Fusion, Struts,     *   Forums
                                                                                      *   Portal
*   Miami Ft Flauderdale         Web Services, IIS, WebSphere, WebLogic, Tomcat,
*   Minneapolis St Paul
*   Montgomery                   and much more                                            Join Us Today!
*   Mumbai
*   Nashville
*   Netherlands
*   New Jersey
*   New York
*   Ohio
*   Omaha
*   Ottawa
*   Pakistan
*   Panama
*   Philadelphia
*   Phoenix

                                 The OWASP Foundation
Major initiatives:

                                Top 10
                CLASP                    Training

           Ajax                              Conferences

      J2EE                                          WebGoat

    .NET                                               Building our


Testing                                                Project

WebScarab                                            Wiki portal

   Validation                                   Forums

       Certification                       Blogs

Major Projects:
   OWASP AJAX Security Project - investigating the security of AJAX enabled applications

   OWASP Application Security Assessment Standards Project - establish a set of
    standards defining baseline approaches to conducting differing types of application security assessment

   OWASP Application Security Metrics Project - identify and provide a set of App Sec
    metrics that have been found by contributors to be effective in measuring App Sec

   OWASP AppSec FAQ Project - an FAQ covering many application security topics

   OWASP CLASP Project - a project focused on defining process elements that reinforce
    application security

   OWASP Code Review Project - a new project to capture best practices for reviewing code

   OWASP Guide Project - a massive document covering all aspects of web application and web
    service security

   OWASP Honeycomb Project - a comprehensive and integrated guide to the fundamental
    building blocks of application security

   OWASP Legal Project - a project focused on contracting for secure software

   OWASP Logging Project - a project to define best practices for logging and log management

   OWASP Metrics Project - a project to define workable application security metrics

   OWASP PHP, .NET and Java and Project - a project focused on helping PHP, .NET, and
    Java developers build secure applications

   OWASP Risk Management Project - a new project focused on processes for managing
    application security risk

   OWASP Testing Project - a project focused on application security testing procedures

   OWASP Top Ten Project - an awareness document that describes the top ten web application
    security vulnerabilities

   OWASP WASS Project - a standards project to develop more concrete criteria for
    secure applications
Free tools:
   OWASP CAL9000 Project - a JavaScript based web application security testing

   OWASP LAPSE Project - a project focused on developing an open source
    auditing tool for Java

   OWASP .NET, Java Tools - a project focused on developing .NET and Java tools
    for web application security

   OWASP Pantera Web Assessment Studio Project - a project focused on
    combining automated capabilities with complete manual testing to get the best

   OWASP SQLiX Project - a project focused on the development of SQLiX, a full
    perl-based SQL scanner

   OWASP Validation Project - a project that provides guidance and tools related
    to validation.

   OWASP WebGoat Project - an online training environment for hands-on learning
    about application security

   OWASP WebScarab Project - a tool for performing all types of security testing
    on web applications and web services


Tags: security
burmesepentester burmesepentester YGN Ethical Hacker