OWASP 2.

0
membrs

Andrew van der Stock

OWASP Executive Director
vanderaj@owasp.org
OWASP
AppSec
Europe Copyright © 2006 - The OWASP Foundation
Permission is granted to copy, distribute and/or modify this
May 2006 document under the terms of the GNU Free Documentation
License.

The OWASP Foundation

http://www.owasp.org/
Where are we OWASP
going?AppSec Europe 2006
 Manifesto

Enabling organizations
to develop, maintain,
and purchase
applications that they
can trust

OWASP AppSec Europe 2006

It’s about community

Built on great foundations built by our

contributors

Greater peer to peer participation

Emphasis on local community building
More support for your projects

OWASP AppSec Europe 2006

It’s about building a solid foundation

Transparency

Improve membership experience

Membership packages
 Individual
 Corporate
 Sponsor
Starter chapter pack
Key projects
Projects

OWASP AppSec Europe 2006

It’s about delivery

We have delivered some really cool stuff

recently

We have a very full year ahead

Volunteer burn out happens
We’re here to help you

OWASP AppSec Europe 2006

Major initiatives
Top 10
Guide
Training
CLASP
Ajax Conferences

J2EE WebGoat

.NET Building our brand

Yours!

Local chapters
Testing Guide
Project incubator
WebScarab
Wiki
Validation
Forums
Certification
Blogs

OWASP AppSec Europe 2006

OWASP Foundation
OWASP AppSec Europe 2006
History

2000: Mark Curphey and Microsoft Word

2001: OWASP Guide 1.0
Sep 2002: Many volunteers finish 1.1.1
Oct 2002: owasp-leaders created

Leaders from each project

This meritocracy still leads us today

OWASP AppSec Europe 2006

History

2003: OWASP Foundation created

Chair: Jeff Williams

Conferences Chair: Dave Wichers
OWASP Leaders (about 30 odd people)
OWASP Members
OWASP Users

OWASP AppSec Europe 2006

OWASP Foundation

Key activity: self-sustaining this financial

year

Currently earning a bit of cash

Not enough to pay for a full time employee
How to spend the money?
and still do the stuff we want?

OWASP AppSec Europe 2006

Transparency

Need your input on our executive leadership

model

Publish finances at least once per year

Sponsorship schedule (inc. in kind)
Propose move to member-only elections in
2007 timeframe (à la NetBSD, Debian, etc)
Support? (Show of hands!)

OWASP AppSec Europe 2006

Funding model

Need to increase OWASP individual

members

Current funding model is broken

We will fix the model, but we need your input

Funds for local development

Some money for room booking fees, pizza, etc
Money to build global organization

OWASP AppSec Europe 2006

Local Chapters
OWASP AppSec Europe 2006
Let’s meet!

We want you to meet your peers

Find your local chapter via our website

OWASP AppSec Europe 2006

Chapters!

OWASP AppSec Europe 2006

Local chapters

Easily the most useful OWASP activity

Lots of chapters all around the world

We want more!

Chapter Starter Pack

OWASP AppSec Europe 2006

Local chapter support

Use our Internet resources

Announce meetings well in advance
Have a schedule well in advance
Be consistent
Community: blogs, forum - in your local
language

Present new stuff

... or borrow other chapter’s slides

OWASP AppSec Europe 2006

Guidelines for chapters

Encourage membership in OWASP

Try to be easily found and a popular time

Always try to meet, if only for drinkies
Local sponsorship by vendors is fine
Try not to be 0wned by the vendors (of any
type)

Protect yourself - insurance, talk choices, etc

OWASP AppSec Europe 2006

Membership drive

We need you to join

... once we have worked out the funding model

$100 USD

Members get to vote and lead

Renewing members will get our membership
pack
What do you want to see?

OWASP AppSec Europe 2006

ProjectsOWASP AppSec Europe 2006
Leadership focus

Developing OWASP Foundation and

infrastructure
Helping you deliver timely, useful projects
Keeping today’s flagship products fresh and
relevant

OWASP AppSec Europe 2006

Updating old favorites

OWASP Guide 3.0 PDF, book, and Wiki

Top 10 2007 Wiki Edition - need volunteers
Testing Guide 1.0 PDF and Wiki - need
volunteers

OWASP AppSec Europe 2006

Standards

Top 10 is an awareness product, not a

standard
Need a standard
Relevant, useful and practical
Long lived and stable
Not particularly verbose or long
Must take input from key users (PCI, DHS,etc)

OWASP AppSec Europe 2006

Certification

Our brand is important to us

Need something to help get rid of

freeloaders
Do we really want to run a certification lab?
Need a certification project

OWASP AppSec Europe 2006

Training

Many firms using OWASP Top 10 / Guide

without permission

We need a training project

Top 10 1/2 day (Business types)
Architects 1 Day
Developer 3 Day

Certify trainers? Train the trainer?

How to ensure we don’t get ripped off or
brand sullied? Or destroy friendly
OWASP AppSec Europe 2006
businesses?
Project Focus

Participate!

What do you want us to focus on?

OWASP AppSec Europe 2006

Project incubators

Initiate any project you like

Each project will have its own space

Community: Link to team member blogs and
forum
Resources: Samples, downloads, private
workspace

OWASP AppSec Europe 2006

 Questions

Royalty free images from

Stock*Exchange (http://www.sxc.hu)
OWASP Used with permission
AppSec
Europe Copyright © 2006 - The OWASP Foundation
Permission is granted to copy, distribute and/or modify this
May 2006 document under the terms of the GNU Free Documentation
License.

The OWASP Foundation

http://www.owasp.org/