SlideShare uma empresa Scribd logo

Owasp tunisia web day 2011

Transferir como PPTX, PDF
O
OWASPTunisia

Presentation of OWASP Tunisia during the Tunisia Webdays 2011

Tecnologia
1 de 18
OWASP Tunisia Chapter The OWASP Foundation http://www.owasp.org Les Standards OWASP Tunisia WebDays 2011 Semeh Arbi OWASP Tunisia Chapter Email : semeh.arbi@owasp.org Décembre 2011
OWASP ??!!!!! (OWASP) : Open Web Application Security Project * Organization internationale à but non-lucratif * Indépendante des fournisseurs et des gouvernements * Sponsorisé par les membres ou par des entreprises Mission Principale : * Produire des documents , standards et outils dédiés à la sécurité des applications Web
License Approch == “OPEN” * Toutes les documentations, standards et outils sont fournis sous une license open-source. GFDL GPL BSD License Creative Commons
Organisation OWASP OWASP Conferences OWASP Governance OWASP Wiki OWASP OWASP Tools Chapter OWASP Foundation (501c3) OWASP Leaders Lists OWASP OWASP Board of Board of Operation Technical Books Project Directors Advisors Director Director Leaders OWASP Community
Chapitres
Support
OWASP vs Compliance * ISO * SOX * SAS70 * PCI DSS
Initiatives Building Guide Top 10 Training CLASP Conferences Ajax WebGoat Orizon CBT .NET, Java Chapters Testing Guide Project incubator WebScarab Wiki portal Validation Forums Certification Blogs
9% : Code 41% : Outils 50% : Documentation Catégories de projets 41% 9% OWASP: 50% * Detect * Protect * Life Cycle
OWASP == „Secure SDLC‟
OWASP Avant Le Développement Sensibilisation * OWASP Top 10 * OWASP Top 10 for .NET * OWASP Application Security Desk Reference Project Guidelines * OWASP .NET Project * OWASP Java Project * OWASP Ruby On Rails Project
OWASP Avant Le Développement Formation Flawed Applications * Broken Web Applications / Insecure Web App * Mutillidae / SiteGenerator / Vicnum * WebGoat * WebGoat.NET * iGoat
OWASP Conception & Développement * OWASP Development Guide * OWASP Enterprise API (ESAPI)
OWASP Conception & Développement * OWASP Application Security Verification Standard * OWASP Code Review Project
OWASP Test & Maintenance Tests * OWASP Testing Guide * OWASP Tools : LAPSE , Orizon WebScarab , Zed Attack Proxy .. Maintenance * OWASP CSRFGuard * OWASP ModSecurity Core Rule Set * OWASP Appsensor
OWASP Software Assurance * OWASP CLASP (Comprehensive, Lightweight Application Security Process) * OpenSAMM (Software Assurance Maturity Model )
OWASP … OWASP PCI Project OWASP Mobile Security Project OWASP Cloud Security
Merci Pour Votre Attention OWASP Tunisie

Recomendados

Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014Sebastien Gioria
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universeSebastien Gioria
 
Load & Performance TESTING
Load & Performance TESTINGLoad & Performance TESTING
Load & Performance TESTINGGuido Serra
 
OWASP Bulgaria
OWASP BulgariaOWASP Bulgaria
OWASP BulgariaZero Science Lab
 
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
[OWASP-Bulgaria] G. Geshev - Chapter Introductory LectureG. Geshev
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
Uop ntc 324 week 5 individual lab challenge new
Uop ntc 324 week 5 individual lab challenge newUop ntc 324 week 5 individual lab challenge new
Uop ntc 324 week 5 individual lab challenge newolivergeorg
 

Recomendados

Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014CLUSIR INFONORD OWASP iot 2014
CLUSIR INFONORD OWASP iot 2014Sebastien Gioria
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universeSebastien Gioria
 
Load & Performance TESTING
Load & Performance TESTINGLoad & Performance TESTING
Load & Performance TESTINGGuido Serra
 
OWASP Bulgaria
OWASP BulgariaOWASP Bulgaria
OWASP BulgariaZero Science Lab
 
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
[OWASP-Bulgaria] G. Geshev - Chapter Introductory LectureG. Geshev
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
Uop ntc 324 week 5 individual lab challenge new
Uop ntc 324 week 5 individual lab challenge newUop ntc 324 week 5 individual lab challenge new
Uop ntc 324 week 5 individual lab challenge newolivergeorg
 
Pk 1
Pk 1Pk 1
Pk 1Mahmoud Masmoudi
 
Tunisia
TunisiaTunisia
TunisiaMarcus McGowan
 
Tunisia crossroads of cultures
Tunisia crossroads of culturesTunisia crossroads of cultures
Tunisia crossroads of culturesMajdi Fal
 
Tunisia
TunisiaTunisia
Tunisiamsjinx
 
Presentation eng
Presentation engPresentation eng
Presentation engMahmoud Masmoudi
 
Tunisia
TunisiaTunisia
TunisiaEmerito Razon
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 
Owasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaOwasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaNikola Milosevic
 
Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overviewNikola Milosevic
 
Meucci OWASP Pci Milan 09
Meucci OWASP Pci Milan 09Meucci OWASP Pci Milan 09
Meucci OWASP Pci Milan 09Matteo Meucci
 
Owasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo MeucciOwasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo MeucciMatteo Meucci
 
SARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalSARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalVandana Verma
 
OWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security SanityOWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security SanityMatt Tesauro
 
Building Secure Mashups With OpenAjax
Building Secure Mashups With OpenAjaxBuilding Secure Mashups With OpenAjax
Building Secure Mashups With OpenAjaxelliando dias
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction alessiomarziali
 
Locust Fear
Locust FearLocust Fear
Locust FearAlan Lepofsky
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Christian Frichot
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2
 
WSO2 AppDev platform
WSO2 AppDev platformWSO2 AppDev platform
WSO2 AppDev platformSagara Gunathunga
 
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and BeyondPriyanka Aash
 
Kick Start your Application Development and Management Strategy
Kick Start your Application Development and Management Strategy Kick Start your Application Development and Management Strategy
Kick Start your Application Development and Management Strategy WSO2
 

Mais conteúdo relacionado

Destaque

Tunisia crossroads of cultures
Tunisia crossroads of culturesTunisia crossroads of cultures
Tunisia crossroads of culturesMajdi Fal
 
Tunisia
TunisiaTunisia
Tunisiamsjinx
 

Destaque (6)

Pk 1
Pk 1Pk 1
Pk 1
 
Tunisia
TunisiaTunisia
Tunisia
 
Tunisia crossroads of cultures
Tunisia crossroads of culturesTunisia crossroads of cultures
Tunisia crossroads of cultures
 
Tunisia
TunisiaTunisia
Tunisia
 
Presentation eng
Presentation engPresentation eng
Presentation eng
 
Tunisia
TunisiaTunisia
Tunisia
 

Semelhante a Owasp tunisia web day 2011

[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 
Owasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaOwasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaNikola Milosevic
 
Meucci OWASP Pci Milan 09
Meucci OWASP Pci Milan 09Meucci OWASP Pci Milan 09
Meucci OWASP Pci Milan 09Matteo Meucci
 
Owasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo MeucciOwasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo MeucciMatteo Meucci
 
SARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalSARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalVandana Verma
 
OWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security SanityOWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security SanityMatt Tesauro
 
Building Secure Mashups With OpenAjax
Building Secure Mashups With OpenAjaxBuilding Secure Mashups With OpenAjax
Building Secure Mashups With OpenAjaxelliando dias
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Christian Frichot
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2
 
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and BeyondPriyanka Aash
 
Kick Start your Application Development and Management Strategy
Kick Start your Application Development and Management Strategy Kick Start your Application Development and Management Strategy
Kick Start your Application Development and Management Strategy WSO2
 
LF_APIStrat17_Keep Your Swagger On
LF_APIStrat17_Keep Your Swagger OnLF_APIStrat17_Keep Your Swagger On
LF_APIStrat17_Keep Your Swagger OnLF_APIStrat
 
ocejwsd 6 preparation guide
ocejwsd 6 preparation guideocejwsd 6 preparation guide
ocejwsd 6 preparation guideGanesh P
 

Semelhante a Owasp tunisia web day 2011 (20)

[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
 
Owasp tools - OWASP Serbia
Owasp tools - OWASP SerbiaOwasp tools - OWASP Serbia
Owasp tools - OWASP Serbia
 
Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overview
 
Meucci OWASP Pci Milan 09
Meucci OWASP Pci Milan 09Meucci OWASP Pci Milan 09
Meucci OWASP Pci Milan 09
 
Owasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo MeucciOwasp london training course 2010 - Matteo Meucci
Owasp london training course 2010 - Matteo Meucci
 
SARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalSARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma Sehgal
 
OWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security SanityOWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security Sanity
 
Building Secure Mashups With OpenAjax
Building Secure Mashups With OpenAjaxBuilding Secure Mashups With OpenAjax
Building Secure Mashups With OpenAjax
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 
Locust Fear
Locust FearLocust Fear
Locust Fear
 
Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012Shake Hooves With BeEF - OWASP AppSec APAC 2012
Shake Hooves With BeEF - OWASP AppSec APAC 2012
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
 
WSO2 AppDev platform
WSO2 AppDev platformWSO2 AppDev platform
WSO2 AppDev platform
 
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
 
Kick Start your Application Development and Management Strategy
Kick Start your Application Development and Management Strategy Kick Start your Application Development and Management Strategy
Kick Start your Application Development and Management Strategy
 
LF_APIStrat17_Keep Your Swagger On
LF_APIStrat17_Keep Your Swagger OnLF_APIStrat17_Keep Your Swagger On
LF_APIStrat17_Keep Your Swagger On
 
2014 09-04-pj
2014 09-04-pj2014 09-04-pj
2014 09-04-pj
 
Web Application Defences
Web Application DefencesWeb Application Defences
Web Application Defences
 
ocejwsd 6 preparation guide
ocejwsd 6 preparation guideocejwsd 6 preparation guide
ocejwsd 6 preparation guide
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Owasp tunisia web day 2011

  • 1. OWASP Tunisia Chapter The OWASP Foundation http://www.owasp.org Les Standards OWASP Tunisia WebDays 2011 Semeh Arbi OWASP Tunisia Chapter Email : semeh.arbi@owasp.org Décembre 2011
  • 2. OWASP ??!!!!! (OWASP) : Open Web Application Security Project * Organization internationale à but non-lucratif * Indépendante des fournisseurs et des gouvernements * Sponsorisé par les membres ou par des entreprises Mission Principale : * Produire des documents , standards et outils dédiés à la sécurité des applications Web
  • 3. License Approch == “OPEN” * Toutes les documentations, standards et outils sont fournis sous une license open-source. GFDL GPL BSD License Creative Commons
  • 4. Organisation OWASP OWASP Conferences OWASP Governance OWASP Wiki OWASP OWASP Tools Chapter OWASP Foundation (501c3) OWASP Leaders Lists OWASP OWASP Board of Board of Operation Technical Books Project Directors Advisors Director Director Leaders OWASP Community
  • 7. OWASP vs Compliance * ISO * SOX * SAS70 * PCI DSS
  • 8. Initiatives Building Guide Top 10 Training CLASP Conferences Ajax WebGoat Orizon CBT .NET, Java Chapters Testing Guide Project incubator WebScarab Wiki portal Validation Forums Certification Blogs
  • 9. 9% : Code 41% : Outils 50% : Documentation Catégories de projets 41% 9% OWASP: 50% * Detect * Protect * Life Cycle
  • 11. OWASP Avant Le Développement Sensibilisation * OWASP Top 10 * OWASP Top 10 for .NET * OWASP Application Security Desk Reference Project Guidelines * OWASP .NET Project * OWASP Java Project * OWASP Ruby On Rails Project
  • 12. OWASP Avant Le Développement Formation Flawed Applications * Broken Web Applications / Insecure Web App * Mutillidae / SiteGenerator / Vicnum * WebGoat * WebGoat.NET * iGoat
  • 13. OWASP Conception & Développement * OWASP Development Guide * OWASP Enterprise API (ESAPI)
  • 14. OWASP Conception & Développement * OWASP Application Security Verification Standard * OWASP Code Review Project
  • 15. OWASP Test & Maintenance Tests * OWASP Testing Guide * OWASP Tools : LAPSE , Orizon WebScarab , Zed Attack Proxy .. Maintenance * OWASP CSRFGuard * OWASP ModSecurity Core Rule Set * OWASP Appsensor
  • 16. OWASP Software Assurance * OWASP CLASP (Comprehensive, Lightweight Application Security Process) * OpenSAMM (Software Assurance Maturity Model )
  • 17. OWASP … OWASP PCI Project OWASP Mobile Security Project OWASP Cloud Security
  • 18. Merci Pour Votre Attention OWASP Tunisie

Notas do Editor

  1. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  2. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  3. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  4. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  5. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  6. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  7. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  8. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  9. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  10. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  11. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  12. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  13. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  14. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  15. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  16. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way.Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.