18 February 2011

BCS London Central and OWASP

Last night I gave a talk at the London Central branch of the BCS. It coincided with an announcement by the Cabinet Office of the scale of cyber crime in the UK, which then appeared in this morning's newspapers.

Photograph of a newspaper today with the headline 'The £27bn cost of cyber crime'

Whilst much of cyber crime is not accomplished through software applications, it is a useful reminder of the risks. The important thing to note in the report, compiled by the Office of Cyber Security & Information Assurance, is that the figures are likely to be an underestimate due to under reporting. And, more importantly, three-quarters of the total annual cost relates directly to business losses — mainly due to intellectual property theft and espionage. Online fraud "only" accounted for £1bn. Do read the report, as it contains some excellent analysis.

So a discussion on security was as topical as ever. For my presentation last night, I had been asked to talk about the Open Web Application Security Project (OWASP) which is not necessarily that well known by IT professionals, let alone in other professions. My aim was to raise awareness, and hopefully provide everyone in the audience with information about something they, or their colleagues, could use immediately in their roles.

After an overview of OWASP, its values, mission, principles, ethics and structure, I provided a brief introduction to seven documentation-type, and seven tool-type projects, to demonstrate the range of outputs helping build security into all stages of the software development life cycle.

Then I discussed in much more detail the AppSensor project, which I have contributed most effort towards within OWASP, other than as being a member of its Global Industry Committee. I explained the problem with traditional application "defences" and why real defences need to be built into the application itself to deal with targetted attacks by highly skilled, motivated and well-financed attackers.

Following the hour-long presentation, a further 20 minutes were spent discussing and answering questions form the knowledgeable audience. The branch had funded the purchase of some at-cost OWASP printed books which were given to some of the people asking questions. All the materials are free to download from the OWASP web site. I also took along to give away a couple of copies of the OWASP Podcast Series 1 on CD.

The slides and a list of resources will be available on the BCS London Central web site.

Posted on: 18 February 2011 at 08:42 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
BCS London Central and OWASP
http://www.clerkendweller.com/2011/2/18/BCS-London-Central-and-OWASP
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2011/2/18/BCS-London-Central-and-OWASP
Requested by 38.107.179.224 on Thursday, 17 May 2012 at 22:47 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2011-2012 clerkendweller.com