[Global_industry_committee] Security for Managers and Executives..

Nishi Kumar nishi.kumar at owasp.org
Sun Apr 24 15:55:32 EDT 2011


Hi All,

I have made following updates on Industry Outreach Presentation and have an
updated version of the presentation in the google code site.

https://www.owasp.org/index.php/Global_Industry_Committee

Security For Managers And Executives - Industry Outreach Presentation
<http://code.google.com/p/owasp-cbt-project/downloads/list>

 Get *Security For Managers And Executives.ppt* from the Google code

   - Removed the reference of OWASP Top 10 for 2007. It is now 2010. Changed
   the verbiage from vulnerability to Risk since OWASP Top 10 for 2010 is all
   about risk
   - Updated the sponsors to match the current list of sponsors. Added an
   additional screen with Educational sponsors.
   - Updated the slide which mapped OWASP Top 10 to ESAPI. Now it is OWASP
   Top 10 for 2010 and ESAPI 2.0
   - Added new slides on "Secure Coding Practices" "Training and Education"
   slides
   -  Re-titled Live CD to "Live CD Components" instead of "OWASP Tools"
   since not all the tools on the CD are OWASP projects.
   - Send an email to Matt to point me to latest list for Live CD. Once I
   get that I will update the slide

For Application Security Overview if we can add few latest high profile
incident which highlights how the system can be compromised for different
verticals I think it will set a tone why we need to worry about application
security. If somebody can send me links of latest attack it will be very
good addition. These are the verticals I am targeting:

1. Financial Services
2. Government & Public Sector
3. Health
4. Media and Telecommunications
5. Power, Energy, Utilities, and Natural Resources
6. Professional Firms, Software, and Services
7. Goods & Trade - Wholesale & Retail
8. Transportation systems (fuel supply, railway network, airports, harbours,
inland shipping)

I would also request committee members to provide feedback on the
presentation.

Thanks
Nishi Kumar
OWASP Industry Committee


On Sat, Mar 26, 2011 at 4:42 PM, Nishi Kumar <nishi.kumar at owasp.org> wrote:

>
> Thanks Sherif
>
>
> On Thu, Mar 10, 2011 at 8:31 AM, Sherif Koussa <sherif.koussa at owasp.org>
wrote:
>
>>
>> Nishi,
>>
>> This is an excellent. Thanks for sharing.
>>
>> Regards,
>> Sherif
>>
>>
>> On Wed, Mar 9, 2011 at 11:13 PM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>
>>>
>>> Here is Nishi's presentation....
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Nishi Kumar <nishi.kumar at owasp.org>
>>> Date: Wed, Mar 9, 2011 at 4:52 PM
>>> Subject: Security for Managers and Executives..
>>> To: Sarah Baso <sarah.baso at owasp.org>
>>>
>>>
>>> Hi All,
>>>
>>> As we discussed in the last Industry Committee meeting I am including
the presentation I went through with the management. I have re branded it
for OWASP and have generalized it. The goal of the presentation was to bring
awareness about application security issues and introduce OWASP. I tried to
focus on things that was relevant for our organization. The presentation
starts with showing fishing and identity Theft. Then it shows what would be
the average fine if there is a data breach. That sure did bring every one's
attention. Then I showed a typical way somebody can attack and an actual
demo of cross-site scripting.  In the presentation I have changed it use
WebGoat but in the demo I showed a more convincing example sprinkled with
some interesting stories. Then introduced OWASP and all its major projects.
On page 39 of the presentation I have SDLC process which I got from one of
Jeff's presentation but in the demo I had the security mapped to our actual
SDLC process. That I think was by far the most effective slide since
everybody was able to immediately relate to it.
>>>
>>> Please feel free to change/modify the presentation since we are now
trying to target bigger audience and more verticals. If you like I can also
make the revisions in the presentation. Please let me know if I can help in
anything else.
>>>
>>> Thanks
>>> Nishi Kumar
>>> OWASP CBT Project Lead
>>>
>>>
>>>
>>>
>>> --
>>> OWASP Global Industry Committee - Operational Support
>>> OWASP MSP: Host to OWASP AppSec USA 2011
>>> September 20-23 Training, Talks, CTF, and Showroom
>>> www.appsecusa.org
>>> @appsecusa, @owaspmsp @OWASPSummit
>>>
>>>
>>> Dir: 651-233-6334
>>> skype: sarah.baso
>>> sarah.baso at owasp.org
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110424/039b787a/attachment.html 


More information about the Global_industry_committee mailing list