Difference between revisions of "Summit 2011"

From OWASP
Jump to: navigation, search
(Undo revision 127510 by Dinis.cruz (talk))
 
(22 intermediate revisions by 6 users not shown)
Line 1: Line 1:
== Modelo de Auditoría de sistemas:  ==
+
{|
 
+
Éste es un modelo universal para securizar en un alto grado de seguridad al sistema operativo.
+
 
+
#Sistema de cifrado congelado: Mantiene en secreto la ubicación del archivo del sistema, previniendo ataques de tipo monitoreo de redes.
+
#OpenVAS: Línea de comandos para cifrar- descifrar el protocolo TCP/Ip
+
#Filtro Web: Previene intrusiones a través de puertos inseguros
+
#Clam Antivirus: Previene, detecta y corrige virus informático
+
 
+
<br>
+
 
+
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
 
|-
 
|-
| Clam Antivirus
+
! width="600" align="center" |
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
! width="600" align="center" |
 
|-
 
|-
| Filtro Web
+
| align="center" | [[Image:Final summit logo half.jpg|link=https://www.owasp.org/index.php/Summit_2011_Logo_Explained]] <br/>
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
| align="center" | [[Image:Summit_Report_Title.JPG|link=http://sl.owasp.org/summit2011_finalreport]] <br/> [http://sl.owasp.org/summit2011_finalreport Click here to view the report!]<br/>[[:Summit_2011_Outcomes| Click here to view all Summit documentation including session notes and presentations.]]<br/>
|-
+
| OpenVAS
+
{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
+
|-
+
| Sistema de Cifrado Congelado
+
|}
+
  
 
|}
 
|}
  
|}
+
====Summit Links====
 
+
*[https://picasaweb.google.com/owaspphotos/OWASPSummit# Summit Pictures]
|}
+
*[[Summit 2011/Open letter to WebAppSec Tool and Services vendors: Release your schemas and allow automation|Open letter to WebAppSec Tool and Services vendors]]
 
+
*[https://www.twitter.com/OWASPSummit http://twitter-badges.s3.amazonaws.com/twitter-a.png]<br>
== Descripción softwares de auditoría  ==
+
*[[Summit 2011/Media|PRESS RELEASES & Media Mentions]]<br/>
 
+
*[[Summit 2011 Attendee|Who is going?]]<br/>
*El sistema de cifrado http://truecrypt.org cifra el núcleo del sistema operativo y los discos lógicos impidiendo ataques espía.
+
*[[Summit 2011/Venue|Where is the venue?]]<br/>
 
+
*[[Summit_2011_Reservations|Tickets/Reservations]]<br/>
*Los comandos shell http://openvas.org sirven para analizar protocolos de red, detección de virus y cifrado del protocolo IpV4-6
+
*[[Summit_2011_Corporate_Sponsorship|How can I become a corporate sponsor?]]<br/>
 
+
*[[Summit_2011_FAQ|Other Frequently Asked Questions]]<br/>
*El filtro web http://freenetproject.org es una técnica que reemplaza al Firewall, discriminando puertos inseguros, ahorrando tiempo de procesamiento en el núcleo del sistema.
+
*[[Summit_2011/Emails_To_Attendees|Emails to Attendees]]<br/>
 
+
*[[:Category:Summit 2011 Tracks|Summit 2011 Working Sessions]]<br/>
*Clamwin.com es un software de código abierto, no usa computación en la nube y tiene una GUI que detecta virus en línea http://sourceforge.net/projects/clamsentinel
+
*[https://spreadsheets.google.com/viewform?formkey=dEptc1BoTVJSQkxBSDhhNHdSaEN1Y3c6MQ If you can't attend in person, register here for remote participation]
 
+
*[https://www.owasp.org/index.php/Summit_2011/Remote_Participants#Remote_Participants Video Broadcast Channels]
== Macroinformática  ==
+
<paypal>Summit</paypal> 
 
+
*[[Summit_2011_Archived|Summit 2011 Archived]]<br/>
La macroinformática comprende eficiencia, seguridad y naturaleza. La eficacia de un sistema operativo se mide por la interacción hombre-máquina, sintetizando aplicaciones minimalistas y ejecutándolas nuestro sistema operativo procesará los datos eficientemente, ejemplos:
+
*[[Summit 2011 Internals|Summit 2011 Internals]]
 
+
*Transmisión cifrada: Cliente e-mail con GnuPG
+
 
+
http://fellowship.fsfe.org
+
 
+
*Sistema de cifrado: Cifra y descifra texto plano, imágenes, etc..
+
 
+
#ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe
+
#http://cryptophane.googlecode.com/files/cryptophane-0.7.0.exe
+
 
+
*Ruby: Lenguaje de programación experimental
+
 
+
http://ruby-lang.org
+
 
+
*J2re1.3.1_20: Ejecutable de objetos interactivos o applets
+
 
+
http://java.sun.com/products/archive/j2se/1.3.1_20/index.html
+
 
+
*Escritorio: Gestor de ventanas X11
+
 
+
http://windowmaker.info
+
 
+
*Gnuzilla: Navegador seguro y de uso libre
+
 
+
http://code.google.com/p/iceweaselwindows/downloads/list
+
 
+
*Gnupdf: Visor de formato de texto universal pdf
+
 
+
http://blog.kowalczyk.info/software/sumatrapdf
+
 
+
*Gnuflash: Jugador alternativo a flash player
+
 
+
http://gnu.org/software/gnash
+
 
+
*Zinf: Reproductor de audio
+
 
+
http://zinf.org
+
 
+
*Informática forense: Análisis de datos ocultos en el disco duro
+
 
+
http://sleuthkit.org
+
 
+
*Compresor: Comprime datos sobreescribiendo bytes repetidos
+
 
+
http://peazip.sourceforge.net
+
 
+
*Ftp: Gestor de descarga de archivos
+
 
+
http://dfast.sourceforge.net
+
 
+
*AntiKeylogger: Neutraliza el seguimiento de escritorios remotos (Monitoring)
+
 
+
http://psmantikeyloger.sourceforge.net
+
 
+
*Password manager: Gestión de contraseñas
+
 
+
http://passwordsafe.sourceforge.net
+
 
+
*Limpiador de disco: Borra archivos innecesrios del sistema
+
 
+
http://bleachbit.sourceforge.net
+
 
+
*Desfragmentador: Reordena los archivos del disco duro, generando espacio virtual
+
 
+
http://kessels.com/jkdefrag
+
 
+
*X11: Gestor de ventanas, reemplazo de escritorio Xwindow's
+
 
+
http://bb4win.org
+
 
+
*Open Hardware: Hardware construído por la comunidad Linux
+
 
+
http://open-pc.com
+
  
*Open WRT: Firmware libre para configurar transmisión de Internet
 
  
http://openwrt.org
 
  
*Gnu- Linux: Sistema operativo universal
 
  
http://gnewsense.org
+
==== Video of Summit ====
  
== Biocriptoseguridad ==: Es la unión de la biología, criptografía y hacking ético para formar una defensa stándar contra virus complejos.
+
=== Vimeo ===
  
Implementación de la biocriptoseguridad informática:  
+
[http://vimeo.com/channels/owaspsummit http://vimeo.com/channels/owaspsummit]
  
#Amplificar la banda ancha
+
=== YouTube Intro ===
#Optimizar (limpiar- modificar) el sistema operativo
+
{{#ev:youtube|Yc7Jo8yeh0g}}
#Desfragmentar los discos lógicos
+
#Ocultar el sistema operativo
+
#Configurar antivirus
+
#Limpiar y desfragmentar
+
#Congelar
+
  
*Sistema inmune._ Defensa biológica natural contra infecciones como virus http://immunet.com
 
  
*Criptografía._ Método de escritura oculta por caractes, números y letras:—{H}/gJa¢K¡Ng÷752%\*)A>¡#(W|a— http://diskcryptor.net
 
  
*Hacking ético._ Auditoría de sistemas informáticos que preserva la integridad de los datos.
+
[https://picasaweb.google.com/owaspphotos/OWASPSummit# Summit Pictures]
  
Congelador: Mantiene el equilibrio en la integridad de los datos, el sistema operativo, red , memoria ram, ciclos de CPU, espacio en disco duro e incidencias de malware
+
==== Creating OWASP 4.0! ====
  
*http://code.google.com/p/hzr312001/downloads/detail?name=Deep%20systemze%20Standard%20Version%206.51.020.2725.rar&amp;can=2&amp;q= (para Window's)
+
{{:Summit_2011_Creating_OWASP_4dotOh}}
*http://sourceforge.net/projects/lethe (para GNU/Linux)
+
  
<br>Auditoría de virus cifrado._ Un criptovirus se oculta tras un algoritmo de criptografía, generalmente es híbrido simétrico-asimétrico con una extensión de 1700bit's, burla los escáneres antivirus con la aleatoriedad de cifrado, facilitando la expansión de las botnet's. La solución es crear un sistema operativo transparente, anonimizarlo y usar herramientas de cifrado stándar de uso libre:  
+
==== Fixed Schedule  ====
 +
[[:Summit_2011_Schedule|Click HERE to view the entire summit fixed schedule. This is just a sample.<br/>]]
 +
[[Image:Agenda Unvarying 2.jpg|link=Summit_2011_Schedule]]
  
*Gnupg: Sirve para cifrar mensajes de correo electrónico http://gpg4win.org/download.html
+
==== Dynamic Schedule ====
 +
[[:Summit_2011_Schedule_Dynamic|Click HERE to view the entire summit dynamic schedule. This is just a sample<br/>]]
 +
[[Image:Agenda Dynamic 2.JPG|link=Summit 2011 Schedule Dynamic]]
  
*Open Secure Shell: Ofuscador TcpIp, protege el túnel de comunicación digital cifrando la Ip. http://openvas.org
 
  
*Red protegida: DNS libre http://namespace.org/switch
+
==== Remote Participants ====
 +
<br/>
 +
[[:Summit_2011/Remote_Participants|Details on how to participate remotely are HERE.]]
  
*Criptosistema simétrico: Encapsula el disco duro, incluyendo el sistema operativo,usando algoritmo Twofish http://truecrypt.org/downloads.php
 
  
*Proxy cifrado: Autenticación de usuario anónimo http://torproject.org
 
  
Energías renovables._ Son energías adquiridas por medios naturales: hidrógeno, aire, sol que disminuyen la toxicidad de las emisiones de Co2 en el medio ambiente, impulsando políticas ecologistas contribuímos a preservar el ecosistema. Ejm: Usando paneles solares fotovoltaicos.
+
__NOTOC__
 +
<headertabs />
 +
Contact [mailto:sarah.baso@owasp.org| Sarah Baso] with questions related to Summit outcomes or results<br/>
 +
[[Summit 2011 Committee|Summit 2011 Committee]]<br/>
 +
[[Category:Summit_2011]]

Latest revision as of 05:53, 6 April 2012

Final summit logo half.jpg
Summit Report Title.JPG
Click here to view the report!
Click here to view all Summit documentation including session notes and presentations.

Summit Links

funds to OWASP earmarked for Summit.



Video of Summit

Vimeo

http://vimeo.com/channels/owaspsummit

YouTube Intro


Summit Pictures

Creating OWASP 4.0!

Call to action by Jeff Williams / OWASP Board Chair

Hi everyone,

In my mind, OWASP 1.0 was pre-wiki with lots of great work and a less great infrastructure. OWASP 2.0 was establishing the 501c3, putting in the wiki, and getting lots of great projects started. OWASP 3.0 started with the Summit in Portugal when we created the new committees and has focused on creating thriving projects instead of standalone tools. Thank you for all of your efforts growing a fun, civil, productive community.

I reach out to you now to ask you to take some time and think about what OWASP should become. The time has come to measure our success not by the number of members, projects, and conferences, but by whether we are succeeding at making the world’s software more secure. It’s time to get our message and strategy to the next level.

Help design OWASP in Portugal at the Summit!

If you consider yourself an OWASP Leader, won’t you take a few minutes of quiet time and propose a few ideas for how OWASP can retool, reorganize, refocus, and revamp itself to really achieve our mission? We will rip, mix, and burn these ideas into a new strategy for OWASP at the Portugal Summit. I encourage you to check out the resort and all the plans happening right now at https://www.owasp.org/index.php/Summit_2011.

Here are some ideas to get you started.

  • We bootstrap several application security ecosystems around key technologies like mobile, cloud, REST
  • We reach out to governments around the world to help them push for application security
  • We raise money to fund real security enhancements to tools, browsers, protocols (e.g. OpenSSL)
  • We make the OWASP materials more usable by providing a “user” site and keep the wiki for development
  • We invest in marketing AppSec – How do we scale David Rice and the “greening” of AppSec
  • We continue our education initiative – academies, college chapters, videos, curriculum
  • We continue our browser initiative and do whatever it takes to get the browsers and frameworks talking
  • We invest in getting in front of new technologies like HTML5
  • We launch a no-holds barred XSS eradication campaign
  • We create a set of objective AppSec *market* metrics that quantify the state of our art
  • We continue to push on creating standards
  •  ???


We need your ideas NOW. Get yourself on the Attendee list!

In one week of thinking, arguing, coding, hacking, and writing we are going to accomplish more than the rest of the world’s appsec efforts combined. We’ll see you in Portugal ready to rock. Thanks!

--Jeff

OWASP Foundation Board Chair

Summit 2011 About

The OWASP Global Summit is the place where application security experts meet to discuss plans, projects and solutions for the future of application security. The Summit is not a conference - there are no talks or training seminars - this is an opportunity to do actual work to further the field of application security. Participants will stay in shared accommodations and collaborate to produce tangible progress towards influencing standards, establishing roadmaps, and setting the tone for OWASP and application security for the coming years.

The Summit will consist of working sessions across a variety of topics set by our community. Participants are free to attend any working session, but we encourage everyone to select working sessions for topics where they have the most to contribute.

Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, see the promotional materials page.

Last Summit

This OWASP Global Summit is following the same model used at the OWASP EU Summit 08 which also took place in Portugal and gathered over 80 application security experts from over 20 countries. A smaller Summit 2009 was organized together with the AppSec US conference.



Fixed Schedule

Click HERE to view the entire summit fixed schedule. This is just a sample.
Agenda Unvarying 2.jpg

Dynamic Schedule

Click HERE to view the entire summit dynamic schedule. This is just a sample
Agenda Dynamic 2.JPG


Remote Participants


Details on how to participate remotely are HERE.



Contact Sarah Baso with questions related to Summit outcomes or results
Summit 2011 Committee