8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 1/29
Copyright © 2006 - The OWASP FoundationPermission is granted to copy, distribute and/or modify thisdocument under the terms of the GNU Free DocumentationLicense.
The OWASPFoundation
OWAS
PAppSec
Europe
May 2006 http://www.owasp.org/
OWASP 2.0membrs
Andrew van der Stock
OWASP Executive Director
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 2/29
2OWASP AppSec Europe 2006
Where are we going?
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 3/29
3OWASP AppSec Europe 2006
Manifesto
Enabling organizations to
develop, maintain, andpurchase applications thatthey can trust
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 4/29
4OWASP AppSec Europe 2006
It’s about community
Built on great foundations built by ourcontributors
Greater peer to peer participation Emphasis on local community building
More support for your projects
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 5/29
5OWASP AppSec Europe 2006
It’s about building a solid foundation
Transparency
Improve membership experience
Membership packages Individual
Corporate
Sponsor
Starter chapter pack
Key projects
Projects
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 6/29
6OWASP AppSec Europe 2006
It’s about delivery
We have delivered some really cool stuff recently
We have a very full year ahead Volunteer burn out happens
We’re here to help you
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 7/29
7OWASP AppSec Europe 2006
Major initiatives
Guide
TrainingCLASP
Testing GuideProject incubator
Wiki
Forums
Blogs
Top 10
Conferences
WebScarab
WebGoat
Ajax
J2EE
.NET
Yours!
Validation
Local chapters
Building our brand
Certification
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 8/29
8OWASP AppSec Europe 2006OWASP Foundation
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 9/29
9OWASP AppSec Europe 2006
History
2000: Mark Curphey and Microsoft Word 2001: OWASP Guide 1.0
Sep 2002: Many volunteers finish 1.1.1
Oct 2002: owasp-leaders created
Leaders from each project
This meritocracy still leads us today
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 10/29
10OWASP AppSec Europe 2006
History
2003: OWASP Foundation created
Chair: Jeff Williams
Conferences Chair: Dave Wichers
OWASP Leaders (about 30 odd people)
OWASP Members
OWASP Users
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 11/29
11OWASP AppSec Europe 2006
OWASP Foundation
Key activity: self-sustaining this financialyear
Currently earning a bit of cash Not enough to pay for a full time employee
How to spend the money? and still do the stuff we want?
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 12/29
12OWASP AppSec Europe 2006
Transparency
Need your input on our executiveleadership model
Publish finances at least once per year
Sponsorship schedule (inc. in kind)
Propose move to member-only electionsin 2007 timeframe (à la NetBSD, Debian,
etc) Support? (Show of hands!)
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 13/29
13OWASP AppSec Europe 2006
Funding model
Need to increase OWASP individualmembers
Current funding model is broken We will fix the model, but we need your input
Funds for local development
Some money for room booking fees, pizza, etc Money to build global organization
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 14/29
14OWASP AppSec Europe 2006Local Chapters
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 15/29
15OWASP AppSec Europe 2006
Let’s meet!
We want you to meet your peers Find your local chapter via our website
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 16/29
16OWASP AppSec Europe 2006
Chapters!
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 17/29
17OWASP AppSec Europe 2006
Local chapters
Easily the most useful OWASP activity Lots of chapters all around the world
We want more!
Chapter Starter Pack
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 18/29
18OWASP AppSec Europe 2006
Local chapter support
Use our Internet resources Announce meetings well in advance
Have a schedule well in advance
Be consistent
Community: blogs, forum - in your locallanguage
Present new stuff ... or borrow other chapter’s slides
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 19/29
19OWASP AppSec Europe 2006
Guidelines for chapters
Encourage membership in OWASP
Try to be easily found and a popular time
Always try to meet, if only for drinkies Local sponsorship by vendors is fine
Try not to be 0wned by the vendors (of anytype)
Protect yourself - insurance, talk choices,etc
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 20/29
20OWASP AppSec Europe 2006
Membership drive
We need you to join... once we have worked out the fundingmodel
$100 USD
Members get to vote and lead
Renewing members will get ourmembership pack
What do you want to see?
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 21/29
21OWASP AppSec Europe 2006
Projects
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 22/29
22OWASP AppSec Europe 2006
Leadership focus
Developing OWASP Foundation andinfrastructure
Helping you deliver timely, usefulprojects
Keeping today’s flagship products freshand relevant
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 23/29
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 24/29
24OWASP AppSec Europe 2006
Standards
Top 10 is an awareness product, not astandard
Need a standard Relevant, useful and practical
Long lived and stable
Not particularly verbose or long
Must take input from key users (PCI,DHS,etc)
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 25/29
25OWASP AppSec Europe 2006
Certification
Our brand is important to us
Need something to help get rid of freeloaders
Do we really want to run a certificationlab?
Need a certification project
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 26/29
26OWASP AppSec Europe 2006
Training
Many firms using OWASP Top 10 / Guide withoutpermission
We need a training project
Top 10 1/2 day (Business types) Architects 1 Day
Developer 3 Day
Certify trainers? Train the trainer? How to ensure we don’t get ripped off or brand
sullied? Or destroy friendly businesses?
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 27/29
27OWASP AppSec Europe 2006
Project Focus
Participate!
What do you want us to focus on?
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 28/29
28OWASP AppSec Europe 2006
Project incubators
Initiate any project you like
Each project will have its own space
Community: Link to team member blogsand forum
Resources: Samples, downloads, privateworkspace
8/14/2019 OWASP 2.0 Membrs
http://slidepdf.com/reader/full/owasp-20-membrs 29/29
Copyright © 2006 - The OWASP FoundationPermission is granted to copy, distribute and/or modify thisdocument under the terms of the GNU Free DocumentationLicense.
The OWASPFoundation
OWAS
PAppSec
Europe
May 2006 http://www owasp org/
Questions
Royalty free images from
Stock*Exchange (http://www.sxc.hu)
Used with permission