OWASP Projects

Takanori Nakanowatari

About Me

• About Me • 某OA機器メーカー勤務 • OWASP Japanのお手伝い • 数年毎に1ヶ月程度、昼夜逆転

OWASP と言えば –Local Chapter –AppSec Conference –Cheat Sheet –プロジェクトその他、多数

OWASP プロジェクト

プロジェクトを段階により区別 –フラグシップ –ラボ –インキュベータ –インアクティブ

https://www.owasp.org/index.php/OWASP_Project_Inventory#tab=Incubator_Projects

4

フラグシップ

• 現在、アップデート中。これまでのフラグシップは以下のプロジェクト – Tools • OWASP Zed Attack Proxy • OWASP Web Testing Environment Project

– Code • OWASP CSRFGuard Project

5

ラボ

– Tools • OWASP OWTF • OWASP Broken Web Applications Project • OWASP EnDe Project • OWASP Hackademic Challenges Project • OWASP Mantra Security Framework • OWASP O2 Platform • OWASP OWTF • OWASP Web Testing Environment Project • OWASP WebGoat Project • OWASP Zed Attack Proxy • OWASP Vicnum Project

6

ラボ

– Documentation – OWASP AppSec Tutorial Series – OWASP AppSensor Project – OWASP CTF Project – OWASP Legal Project – OWASP Podcast Project – Virtual Patching Best Practices – OWASP Application Security Verification Standard Project – OWASP Code Review Guide Project – OWASP Codes of Conduct – OWASP Development Guide Project – OWASP Secure Coding Practices - Quick Reference Guide – OWASP Software Assurance Maturity Model (SAMM) – OWASP Testing Guide Project – OWASP Top Ten Project

7

ラボ

– Code –OWASP Enterprise Security API –OWASP ModSecurity Core Rule Set

Project –OWASP CSRFGuard Project

8

ラボの評価

• ステイタス確認https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report

9

新着プロジェクト紹介

• OWASP Code Pulse 2.0https://www.owasp.org/index.php/OWASP_Code_Pulse_Project#tab=Mainhttp://code-pulse.com

• OWASP PHP Security Training Project • OWASP Hardened Phalcon Project • OWASP iOSForensic • OWASP Secure Development Training • OWASP JSEC CVE Details Project

10

プロジェクト事始め

1. Project Name, 2. Project purpose / overview, 3. Project Roadmap, 4. Project links (if any) to external sites, 5. Project Leader name, 6. Project Leader email address, 7. Project Leader wiki account - the username (you'll need this to edit the

wiki), 8. Project Contributor(s) (if any) - name email and wiki account (if

any), 9. Project Main Links (if any).

https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project

11

INACTIVE

例えば、 • OWASP Secure Password Project 復活の呪文あり。

12

Cheat Sheet

• https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series

13

Cheat Sheet

• https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#WebSockets

14

Thank you!

@ope

Takanori.Nakanowatari _at_ owasp.org

15