[OCC] Topics for IBSIG presentation

Wed Feb 24 10:52:27 EST 2010

	Sorry I couldn't make the call last night.  Technical difficulties with upgrading my phone, and then got stuck on another call immediately afterwards.  Anyway, the last five might be the live CD - which contains a set of all the OWASP testing tools plus a lot more.  All free, of course.

Robert Hansen, CISSP
CEO -- SecTheory Ltd
Cell: (530) 521-2542
FAX: (512) 628-6299

-----Original Message-----
From: owasp-connections-committee-bounces at lists.owasp.org [mailto:owasp-connections-committee-bounces at lists.owasp.org] On Behalf Of Justin Clarke
Sent: Wednesday, February 24, 2010 6:02 AM
To: owasp-connections-committee at lists.owasp.org
Subject: [OCC] Topics for IBSIG presentation

All,

As mentioned, I'm giving a presentation to the London IBSIG, which is an industry group attended by senior IT Risk and CISO's from across the large Investment Banks in London. The agreed topic was something similar to "The five best/top things that OWASP has/provides/released/projects you may not know about".  Essentially the drive is to point out the things that may be very interesting to this vertical (and especially this very influential, but not necessarily involved in the detail or technical audience) that they probably aren't aware OWASP has done/released.

My initial ideas are :-

*	OpenSAMM - maturity assessment, useful framework for visualising progress etc etc
*	ESAPI - potential basis for an internal "Secure API"
*	Education committee outputs - a lot of material that could form a useful basis for internal security training
*	OWASP Guides - secure dev, code review, testing

Any others I should especially mention? I'm not wedded to 5, but I don't want to present any more than that. Also, the ecosystems push that is kicking off is very interesting, but is vapourware at the moment - I'd like anything I mention to be something that is already substantial.

Cheers

Justin