Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to improve software security with OWASP open source initiatives

September 15, 2021

How to improve software security with OWASP open source initiatives

Samsung Open Source Conference Russia 2021


September 15, 2021

More Decks by oxdef

Other Decks in Programming


  1. SOSCON Russia 2021 Ozon How to improve software security with

    OWASP open-source initiatives TARAS IVASCHENKO
  2. SOSCON Russia 2021 /about  Product security team leader at

    Ozon  OWASP Moscow chapter team leader  Free and open-source software evangelist  Fedora GNU/Linux user 2
  3. SOSCON Russia 2021 The Open Web Application Security Project OWASP

    works to improve the security of software through:  community-led open-source software projects  hundreds of chapters worldwide  tens of thousands of members  by hosting local and global conferences 4
  4. SOSCON Russia 2021 Documentation Projects  Top 10 Web Application

    Security Risks  Proactive controls  SAMM (Software Assurance Maturity Model)  Cheat Sheet Series  Application Security Verification Standard 5
  5. SOSCON Russia 2021 Zed Attack Proxy  Web application security

    scanner and proxy  Free and open-source  Actively maintained  Cross platform and CI/CD friendly 6
  6. SOSCON Russia 2021 Dependency Track  Component Analysis platform 

    Allows organizations to identify and reduce risk in the software supply chain  Monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization  API-first design and is ideal for use in CI/CD environments 7
  7. SOSCON Russia 2021 Key Takeaways  You can use open

    source solutions to build S-SDLC processes and controls  OWASP (www.owasp.org) will help you with it! 9