SOSCON Russia 2021 Ozon How to improve software security with OWASP open-source initiatives TARAS IVASCHENKO 

SOSCON Russia 2021 /about  Product security team leader at Ozon  OWASP Moscow chapter team leader  Free and open-source software evangelist  Fedora GNU/Linux user 2 

SOSCON Russia 2021 Is it possible to use open-source solutions to improve software security? 3 

SOSCON Russia 2021 The Open Web Application Security Project OWASP works to improve the security of software through:  community-led open-source software projects  hundreds of chapters worldwide  tens of thousands of members  by hosting local and global conferences 4 

SOSCON Russia 2021 Documentation Projects  Top 10 Web Application Security Risks  Proactive controls  SAMM (Software Assurance Maturity Model)  Cheat Sheet Series  Application Security Verification Standard 5 

SOSCON Russia 2021 Zed Attack Proxy  Web application security scanner and proxy  Free and open-source  Actively maintained  Cross platform and CI/CD friendly 6 

SOSCON Russia 2021 Dependency Track  Component Analysis platform  Allows organizations to identify and reduce risk in the software supply chain  Monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization  API-first design and is ideal for use in CI/CD environments 7 

SOSCON Russia 2021 8 

SOSCON Russia 2021 Key Takeaways  You can use open source solutions to build S-SDLC processes and controls  OWASP (www.owasp.org) will help you with it! 9 

SOSCON Russia 2021 Thanks! Questions?