logo
allArticlesConferencesPresentations

20:20 - The History and Future of OWASP

Conference:  OWASP 20th Anniversary Event

2021-09-24

Authors:   Mark Curphey

Summary

The speaker discusses the future of application security and the role of OWASP in securing critical open source libraries and frameworks.
  • The speaker suggests that the future of application security lies in securing critical open source libraries and frameworks.
  • OWASP should focus on curating and fixing critical open source libraries and frameworks to make them more usable for developers.
  • OWASP should become a SAS provider and distribute secure open source libraries.
  • The speaker emphasizes the need for a world security team to fix and secure open source projects.
  • The speaker suggests that OWASP should partner with big open source projects to teach threat modeling and fix vulnerabilities.
The speaker mentions that when installing a package in Node, it may require downloading 3000 packages, which can be frightening. He also mentions that there are about a quarter of a million vulnerabilities in open source libraries. The speaker suggests that OWASP can step up and address this mass problem.

Abstract

20 years ago I was moderating the webappsec mailing list on securityfocus and had just started a new job running application security at Charles Schwab, when the CIO came running down the hall demanding to speak to the new guy. He wanted to know why we were in the Wall Street Journal and what I was going to do about it. I felt like I had been framed. After fending off ambulance chasers and wading through marketing “bull shiitake” from vendors, I realized there was a gap that needed to be filled. OWASP was born. No real plan, no real goal, armed with just a belief that the world needed better information I sent out a call to action for like-minded people to get involved. The rest as they say is history. Looking back it’s been an amazing success story of a community that has had a significant positive impact on the world during a time when development technology and the threat landscape has changed beyond recognition. What was critical to OWASPs success and how should it evolve over the next 20 years? We will take a walk down memory lane, stargaze into the future and leave with an updated call to action for the next twenty years.
Materials:
Tags:
Application Security
CIO
Wall Street Journal
OWASP
community

Post a comment

Related work

Keynote: Black Hat at 25: Where Do We Go from Here?

Conference:  Black Hat USA 2022
Authors:
2022-08-10

How we recovered $XXX,000 in Bitcoin from an encrypted zip file

Conference:  Defcon 28
Authors:
2020-08-01

Scaling Databases at Activision

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Vladimir Kovacik, Greg Smith
2023-04-20

More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes

Conference:  Defcon 27
Authors:
2019-08-01

Lessons Learned From Etcd the Data Inconsistency Issues

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Marek Siarkowicz, Benjamin Wang
2022-10-26

Unsung Hero Of the Cloud Native Revolution: Container Linux Then And Now

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Vincent Batts
2022-10-28