How to improve software security with OWASP open source initiatives

Transcript

1. SOSCON Russia 2021 Ozon How to improve software security with

   OWASP open-source initiatives TARAS IVASCHENKO

2. SOSCON Russia 2021 /about  Product security team leader at

   Ozon  OWASP Moscow chapter team leader  Free and open-source software evangelist  Fedora GNU/Linux user 2

3. SOSCON Russia 2021 Is it possible to use open-source solutions

   to improve software security? 3

4. SOSCON Russia 2021 The Open Web Application Security Project OWASP

   works to improve the security of software through:  community-led open-source software projects  hundreds of chapters worldwide  tens of thousands of members  by hosting local and global conferences 4

5. SOSCON Russia 2021 Documentation Projects  Top 10 Web Application

   Security Risks  Proactive controls  SAMM (Software Assurance Maturity Model)  Cheat Sheet Series  Application Security Verification Standard 5

6. SOSCON Russia 2021 Zed Attack Proxy  Web application security

   scanner and proxy  Free and open-source  Actively maintained  Cross platform and CI/CD friendly 6

7. SOSCON Russia 2021 Dependency Track  Component Analysis platform 

   Allows organizations to identify and reduce risk in the software supply chain  Monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization  API-first design and is ideal for use in CI/CD environments 7

8. SOSCON Russia 2021 8

9. SOSCON Russia 2021 Key Takeaways  You can use open

   source solutions to build S-SDLC processes and controls  OWASP (www.owasp.org) will help you with it! 9

10. SOSCON Russia 2021 Thanks! Questions?