[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-washington
Subject: Dinis on OWASP
From: "Dinis Cruz" <dinis () ddplus ! net>
Date: 2007-03-06 20:28:48
Message-ID: 701fd6b60703061228u1306251wb014ad8a63f93467 () mail ! gmail ! com
[Download RAW message or body]
Hello everybody,
I try to limit the number of global posts such as this one (which go to
everybody subscribed to an OWASP mailing list) to a minimum, but I recently
wrote a guest blog entry for the gnucitizen blog (http://www.gnucitizen.org=
/)
which I think some of you might be very interested in (since it gives a goo=
d
overview of what OWASP is and how it works).
The blog post is here http://www.gnucitizen.org/blog/owasp and I included a
copy of it at the end of this email for your convenience.
Looking forward to your feedback.
Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org
---------------------------------------------------------------------------=
-----------------------------------------------------------------------
Hello, on this guest blog post (thanks pdp) I would like to talk something
that is very important to me (I will write about .NET's partial trust next
time :))
OWASP is the Open Web Application Security Project
<http://www.owasp.org/>which is an worldwide open community of
like-minded security professionals
focused on improving the current state of Web Application Security.
At OWASP I take the role of Chief OWASP Evangelist, and although I don't
like the title it gives me a good excuse to talk about OWASP , to promote
its projects and to speak at OWASP conferences and chapters. I am also part
of the OWASP board (together with Jeff Williams, Andrew van der Stock and
Dave Wichers), lead the .Net
Project<http://www.owasp.org/index.php/Category:OWASP_.NET_Project>(help
needed) and organize the London
Chapter meetings <http://www.owasp.org/index.php/London>.
Professionally I have been generously rewarded for my contributions to
OWASP. In addition to the learning, meeting new people and conferences
participations, I can say that for the past 18 months every single paid
project that I was contracted to do, originated from contacts that I meet
via OWASP. So I have authority to say that actively participating in OWASP
can be very beneficial to your career (even if you don't care about the
great kudos and karma that will come with that participation).
At the OWASP projects
page<http://www.owasp.org/index.php/Category:OWASP_Project>you will
find numerous projects some of which I am sure you will find very
interesting:
- OWASP Top Ten
2004<http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project>and
the new (still in consultation mode) OWASP
T10 207 RC1 <http://www.owasp.org/index.php/Top_10_2007>
- OWASP Testing
Guide<http://www.owasp.org/index.php/Category:OWASP_Testing_Project>-
newly release document about application security testing procedures
and
checklists
- Web Goat<http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project=
>-
an online training environment for hands-on learning about application
security
- WebScarab<http://www.owasp.org/index.php/Category:OWASP_WebScarab_Proj=
ect>a
tool for performing all types of security testing on web applications
and
web services (check out the new version: WebScarab
NG<http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project>
)
- CLASP <http://www.owasp.org/index.php/Category:OWASP_CLASP_Project>(Co=
mprehensive,
Lightweight Application Security Process) - a project
focused on defining process elements that reinforce application security
- Live CD<http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project>=
-
a Linux based Live CD containing ready to use versions of OWASP tools
and
documents
- Other tools projects: Site
Generator<http://www.owasp.org/index.php/Owasp_SiteGenerator>,
Report Generator<http://www.owasp.org/index.php/ORG_%2528Owasp_Report_Ge=
nerator%2529>,
CAL 9000<http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project>,
Encoding Project<http://www.owasp.org/index.php/Category:OWASP_LAPSE_Pro=
ject>,
Pantera<http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assess=
ment_Studio_Project>,
LAPSE <http://www.owasp.org/index.php/Category:OWASP_LAPSE_Project>,
Sprajax<http://www.owasp.org/index.php/Category:OWASP_Sprajax_Project>,
SQLiX <http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project>,
WSFuzzer<http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project>=
,
JBroFuzz <http://www.owasp.org/index.php/Category:OWASP_JBroFuzz>,
Interceptor<http://www.owasp.org/index.php/Category:OWASP_Interceptor_Pr=
oject>,
Stinger<http://www.owasp.org/index.php/Category:OWASP_Stinger_Project>,
Orizon <http://www.owasp.org/index.php/Category:OWASP_Orizon_Project>
- Other documentation projects: Code
Review<http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project>,
App Sec FAQ<http://www.owasp.org/index.php/Category:OWASP_AppSec_FAQ_Pro=
ject>,
Guide Project<http://www.owasp.org/index.php/Category:OWASP_Guide_Projec=
t>,
Legal Project<http://www.owasp.org/index.php/Category:OWASP_Legal_Projec=
t>,
AJAX Security
Guide<http://www.owasp.org/index.php/Category:OWASP_AJAX_Security_Project>,
Application Security Assessment
Standards<http://www.owasp.org/index.php/Category:OWASP_Application_Securit=
y_Assessment_Standards_Project>,
Application Security
Metrics<http://www.owasp.org/index.php/Category:OWASP_Application_Security_=
Metrics_Project>,
Carrer Development<http://www.owasp.org/index.php/Category:OWASP_Career_=
Development_Project>,
HoneyComb<http://www.owasp.org/index.php/Category:OWASP_Honeycomb_Projec=
t>,
Logging<http://www.owasp.org/index.php/Category:OWASP_Logging_Project>,
Validation<http://www.owasp.org/index.php/Category:OWASP_Validation_Proj=
ect>,
WASS (Web Application Security Standards)
Guide<http://www.owasp.org/index.php/Category:OWASP_WASS_Project>,
XML Security Gateway Evaluation
Criteria<http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway=
_Evaluation_Criteria_Project>,
Education<http://www.owasp.org/index.php/Category:OWASP_Education_Projec=
t>
- Technological specific projects:
Java<http://www.owasp.org/index.php/Category:OWASP_Java_Project>,
.Net <http://www.owasp.org/index.php/Category:OWASP_.NET_Project> and
PhP <http://www.owasp.org/index.php/Category:OWASP_PHP_Project>
OWASP Foundation is a USA based 501c3 not-for-profit charitable organizatio=
n
where all money made (from conferences, memberships and website
advertisement) goes back into OWASP. For example last year OWASP gave
sponsorships worth 35,000 USD under the OWASP Autumn of Code (AoC) activity
to 9 individuals (from around the world) to improve 9 OWASP projects. The
AoC was so successful that we are about to launch the SpoC (Spring of Code)
which will sponsor a larger number of projects (and hopefully take OWASP to
the next level).
Speaking from personal experience, the more you put in OWASP the more you
get out of it. Due to its openness and 'no-vendor-bullshit-here-please'
attitude (thanks Mark for that) OWASP tends to attract highly intelligent,
interesting and professional individuals (I am always humbled by the talent
that I meet at our conferences and chapter meetings). So if you haven't
already, please join us and make us better.
The first place to start should be a local OWASP chapter. As you can see in
the OWASP Chapter
page<http://www.owasp.org/index.php/Category:OWASP_Chapter>there are
currently 85 chapters around the world so you have plenty to chose
from (Argentina, Atlanta, Austin, Austria (Vienna), Bangalore, Barcelona,
Belgium, Boston, Boston, Brazil, Brisbane, Australia, Buffalo, Charlotte,
Chennai, Chicago, Chile, Cleveland, Colombia, Columbus, Delhi, Denmark,
Denver, Edmonton, Canada, France, Ft Lauderdale, Germany, Greece, Helsinki,
Hong Kong, Houston, Hyderabad, Israel, Italy, Kansas City, Kerala, Kolkata,
Kuwait, London, Long Island, Los Angeles, Luxembourg, Madison, Malaysia,
Manila, Melbourne, Memphis, Mexico City, Minneapolis/St. Paul, Mumbai,
Nashville, Netherlands, New York City, New Zealand, Northern New Jersey,
Omaha, Ottawa, Pakistan, Panama, Philadelphia, Phoenix, Pittsburgh, Riyadh,
Rochester, Sacramento, Saint Louis, San Antonio, San Francisco, San Jose,
Seattle, Singapore, South Korea, Switzerland, Sydney, Tainan, Tokyo,
Toronto, Turkey, Vancouver, Washington (Maryland), Washington (Virginia),
Winnipeg Manitoba). And if you are not close to one, check out the Chapter
Leader Handbook <http://www.owasp.org/index.php/Chapter_Leader_Handbook> an=
d
start one.
Since everything at OWASP is (and always will be) open and free (as in beer
and speech) you (and your companies) DON'T have to become OWASP members to
benefit from it (and to edit our WIKI based website). BUT, if you (and your
companies) benefit from OWASP, you should join as a member mainly for two
reasons: 1) publicly associate yourself with OWASP's goals and 2)
financially support the projects that you use (starting this year we are
asking new members to indicate which OWASP projects they would like their
membership fees to be used on).
And for the sceptics amongst you that are now asking, humm=85. what is the
catch? there must be a catch? there always is a catch!!!, I think I will
disappoint you when I say that there is no *catch*. OWASP is an open
community, and we are just trying to make our online world safer and more
secure.
Just a final word to say that I am here to help, so feel free to contact me
on *dinis.cruz at owasp dot net* (and if I don't reply in a couple days,
just keep re-sending that email :))
Thanks for reading.
[Attachment #3 (text/html)]
Hello everybody, <br><br>I try to limit the number of global posts such as this \
one (which go to everybody subscribed to an OWASP mailing list) to a minimum, but I \
recently wrote a guest blog entry for the gnucitizen blog ( <a \
href="http://www.gnucitizen.org/">http://www.gnucitizen.org/</a>) which I think some \
of you might be very interested in (since it gives a good overview of what OWASP is \
and how it works).<br><br>The blog post is here <a \
href="http://www.gnucitizen.org/blog/owasp"> http://www.gnucitizen.org/blog/owasp</a> \
and I included a copy of it at the end of this email for your \
convenience.<br><br>Looking forward to your feedback.<br clear="all"><br>Dinis \
Cruz<br>Chief OWASP Evangelist<br><a href="http://www.owasp.org"> \
http://www.owasp.org</a><br><br>------------------------------------------------------ \
--------------------------------------------------------------------------------------------<p>Hello, \
on this guest blog post (thanks pdp) I would like to talk something that is very \
important to me (I will write about .NET's partial trust next time :))</p>
<p>OWASP is the <a href="http://www.owasp.org/">Open Web Application Security \
Project</a> which is an worldwide open community of like-minded security
professionals focused on improving the current state of Web Application
Security.</p>
<p>At OWASP I take the role of Chief OWASP Evangelist, and although I
don't like the title it gives me a good excuse to talk about OWASP , to
promote its projects and to speak at OWASP conferences and chapters. I
am also part of the OWASP board (together with Jeff Williams, Andrew
van der Stock and Dave Wichers), lead the <a \
href="http://www.owasp.org/index.php/Category:OWASP_.NET_Project">.Net Project</a> \
(help needed) and organize the <a href="http://www.owasp.org/index.php/London">London \
Chapter meetings </a>.</p>
<p>Professionally I have been generously rewarded for my contributions
to OWASP. In addition to the learning, meeting new people and
conferences participations, I can say that for the past 18 months every
single paid project that I was contracted to do, originated from
contacts that I meet via OWASP. So I have authority to say that
actively participating in OWASP can be very beneficial to your career
(even if you don't care about the great kudos and karma that will come
with that participation).</p>
<p>At the <a href="http://www.owasp.org/index.php/Category:OWASP_Project">OWASP \
projects page</a> you will find numerous projects some of which I am sure you will \
find very interesting:</p>
<ul><li><a href="http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">OWASP \
Top Ten 2004</a> and the new (still in consultation mode) <a \
href="http://www.owasp.org/index.php/Top_10_2007">OWASP T10 207 RC1</a></li> <li><a \
href="http://www.owasp.org/index.php/Category:OWASP_Testing_Project">OWASP Testing \
Guide</a> - newly release document about application security testing procedures and \
checklists</li><li><a \
href="http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project"> Web Goat</a> - \
an online training environment for hands-on learning about application \
security</li><li><a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab</a> \
a tool for performing all types of security testing on web applications and web \
services (check out the new version: <a \
href="http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project">WebScarab \
NG</a>)</li><li><a href="http://www.owasp.org/index.php/Category:OWASP_CLASP_Project">CLASP</a>
(Comprehensive, Lightweight Application Security Process) - a project
focused on defining process elements that reinforce application security</li><li><a \
href="http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project">Live CD</a> - a \
Linux based Live CD containing ready to use versions of OWASP tools and documents \
</li><li>Other tools projects: <a \
href="http://www.owasp.org/index.php/Owasp_SiteGenerator">Site Generator</a>, <a \
href="http://www.owasp.org/index.php/ORG_%2528Owasp_Report_Generator%2529">Report \
Generator</a>, <a href="http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project">
CAL 9000</a>, <a href="http://www.owasp.org/index.php/Category:OWASP_LAPSE_Project">Encoding \
Project</a>, <a href="http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project">Pantera</a>, \
<a href="http://www.owasp.org/index.php/Category:OWASP_LAPSE_Project"> LAPSE</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_Sprajax_Project">Sprajax</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project">SQLiX</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project"> WSFuzzer</a>, \
<a href="http://www.owasp.org/index.php/Category:OWASP_JBroFuzz">JBroFuzz</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_Interceptor_Project">Interceptor</a>, \
<a href="http://www.owasp.org/index.php/Category:OWASP_Stinger_Project"> Stinger</a>, \
<a href="http://www.owasp.org/index.php/Category:OWASP_Orizon_Project">Orizon</a></li><li>Other \
documentation projects: <a \
href="http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project">Code \
Review</a> , <a href="http://www.owasp.org/index.php/Category:OWASP_AppSec_FAQ_Project">App \
Sec FAQ</a>, <a href="http://www.owasp.org/index.php/Category:OWASP_Guide_Project">Guide \
Project</a>, <a href="http://www.owasp.org/index.php/Category:OWASP_Legal_Project"> \
Legal Project</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_AJAX_Security_Project">AJAX \
Security Guide</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_Application_Security_Assessment_Standards_Project">
Application Security Assessment Standards</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_Application_Security_Metrics_Project">Application \
Security Metrics</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_Career_Development_Project"> \
Carrer Development</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_Honeycomb_Project">HoneyComb</a>, \
<a href="http://www.owasp.org/index.php/Category:OWASP_Logging_Project">Logging</a>, \
<a href="http://www.owasp.org/index.php/Category:OWASP_Validation_Project"> \
Validation</a>, <a href="http://www.owasp.org/index.php/Category:OWASP_WASS_Project">WASS \
(Web Application Security Standards) Guide</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_XML_Security_Gateway_Evaluation_Criteria_Project">
XML Security Gateway Evaluation Criteria</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_Education_Project">Education</a></li><li>Technological \
specific projects: <a \
href="http://www.owasp.org/index.php/Category:OWASP_Java_Project"> Java</a>, <a \
href="http://www.owasp.org/index.php/Category:OWASP_.NET_Project">.Net</a> and <a \
href="http://www.owasp.org/index.php/Category:OWASP_PHP_Project">PhP</a></li></ul>
<p>OWASP Foundation is a USA based 501c3 not-for-profit charitable
organization where all money made (from conferences, memberships and
website advertisement) goes back into OWASP. For example last year
OWASP gave sponsorships worth 35,000 USD under the OWASP Autumn of Code
(AoC) activity to 9 individuals (from around the world) to improve 9
OWASP projects. The AoC was so successful that we are about to launch
the SpoC (Spring of Code) which will sponsor a larger number of
projects (and hopefully take OWASP to the next level).</p>Speaking from personal \
experience, the more you put in OWASP the more you get out of it. Due to its openness \
and 'no-vendor-bullshit-here-please' attitude (thanks Mark for that) OWASP
tends to attract highly intelligent, interesting and professional
individuals (I am always humbled by the talent that I meet at our
conferences and chapter meetings). So if you haven't already, please
join us and make us better.
<p>The first place to start should be a local OWASP chapter. As you can see in the <a \
href="http://www.owasp.org/index.php/Category:OWASP_Chapter">OWASP Chapter page</a> \
there are currently 85 chapters around the world so you have plenty to chose from \
(Argentina, Atlanta, Austin, Austria (Vienna), Bangalore, Barcelona, Belgium, Boston, \
Boston, Brazil, Brisbane, Australia, Buffalo, Charlotte, Chennai, Chicago, Chile, \
Cleveland, Colombia, Columbus, Delhi, Denmark, Denver, Edmonton, Canada, France, Ft
Lauderdale, Germany, Greece, Helsinki, Hong Kong, Houston, Hyderabad,
Israel, Italy, Kansas City, Kerala, Kolkata, Kuwait, London, Long
Island, Los Angeles, Luxembourg, Madison, Malaysia, Manila, Melbourne,
Memphis, Mexico City, Minneapolis/St. Paul, Mumbai, Nashville,
Netherlands, New York City, New Zealand, Northern New Jersey, Omaha,
Ottawa, Pakistan, Panama, Philadelphia, Phoenix, Pittsburgh, Riyadh,
Rochester, Sacramento, Saint Louis, San Antonio, San Francisco, San
Jose, Seattle, Singapore, South Korea, Switzerland, Sydney, Tainan,
Tokyo, Toronto, Turkey, Vancouver, Washington (Maryland), Washington
(Virginia), Winnipeg Manitoba). And if you are not close to one, check
out the <a href="http://www.owasp.org/index.php/Chapter_Leader_Handbook">Chapter \
Leader Handbook</a> and start one.</p>
<p>Since everything at OWASP is (and always will be) open and free (as
in beer and speech) you (and your companies) DON'T have to become OWASP
members to benefit from it (and to edit our WIKI based website). BUT,
if you (and your companies) benefit from OWASP, you should join as a
member mainly for two reasons: 1) publicly associate yourself with
OWASP's goals and 2) financially support the projects that you use
(starting this year we are asking new members to indicate which OWASP
projects they would like their membership fees to be used on).</p>
<p>And for the sceptics amongst you that are now asking, <q>humm…. what is the catch? \
there must be a catch? there always is a catch!!!</q>, I think I will disappoint you \
when I say that there is no <strong>catch</strong>
. OWASP is an open community, and we are just trying to make our online world safer \
and more secure.</p>
<p>Just a final word to say that I am here to help, so feel free to contact me on \
<strong>dinis.cruz at owasp dot net</strong> (and if I don't reply in a couple days, \
just keep re-sending that email :))</p>
<p>Thanks for reading.</p><br>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic