Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to improve software security with OWASP open source initiatives

oxdef
September 15, 2021

How to improve software security with OWASP open source initiatives

Samsung Open Source Conference Russia 2021

oxdef

September 15, 2021
Tweet

More Decks by oxdef

Other Decks in Programming

Transcript

  1. SOSCON Russia 2021
    Ozon
    How to improve software
    security with OWASP
    open-source initiatives
    TARAS IVASCHENKO

    View full-size slide

  2. SOSCON Russia 2021
    /about

    Product security team leader at Ozon

    OWASP Moscow chapter team leader

    Free and open-source software evangelist

    Fedora GNU/Linux user
    2

    View full-size slide

  3. SOSCON Russia 2021
    Is it possible to use open-source
    solutions to improve software security?
    3

    View full-size slide

  4. SOSCON Russia 2021
    The Open Web Application Security Project
    OWASP works to improve the
    security
    of software through:

    community-led open-source
    software projects

    hundreds of chapters worldwide

    tens of thousands of members

    by hosting local and global
    conferences
    4

    View full-size slide

  5. SOSCON Russia 2021
    Documentation Projects

    Top 10 Web Application Security Risks

    Proactive controls

    SAMM (Software Assurance Maturity Model)

    Cheat Sheet Series

    Application Security Verification Standard
    5

    View full-size slide

  6. SOSCON Russia 2021
    Zed Attack Proxy

    Web application security
    scanner and proxy

    Free and open-source

    Actively maintained

    Cross platform and CI/CD
    friendly
    6

    View full-size slide

  7. SOSCON Russia 2021
    Dependency Track

    Component Analysis platform

    Allows organizations to identify and reduce risk in the
    software supply chain

    Monitors component usage across all versions of every
    application in its portfolio in order to proactively identify
    risk across an organization

    API-first design and is ideal for use in CI/CD environments
    7

    View full-size slide

  8. SOSCON Russia 2021
    8

    View full-size slide

  9. SOSCON Russia 2021
    Key Takeaways

    You can use open source solutions to build S-SDLC
    processes and controls

    OWASP (www.owasp.org) will help you with it!
    9

    View full-size slide

  10. SOSCON Russia 2021
    Thanks! Questions?

    View full-size slide