Thursday, August 25, 2016

Results of the 2016 WASPY Awards



Thank you to everyone who voted in the 2016 WASPY Awards!  The voting for the 2016 WASPY Awards has closed. The winners have been notified, and the results are posted here

Congratulations to all of the individuals who were nominated, and a special Congratulations to our winners: 

Jeremy Long Open/Leading Category
Eoin Keary Integrity/Learning Category
Owen Pendlebury Innovation/Sharing Category
Kathy Thaxton Global/Growing Category

The award ceremony will be held at the AppSecUSA 2016 conference in Washington, DC. More specific details will be posted to the conference site, so please check back frequently. 

As always, thank you for your support!

Friday, August 19, 2016

Summer is a HOT time for OWASP!  Check out these active CFPs:

OWASP Cyber Security Conference in Morocco
The first OWASP regional conference in Africa, this two day conference in No includes a day of training and will take place in Marrakesh. Submissions are due by September 17th.

They encourage and prioritize submissions covering research and new work impacting:
  • Secure Engineering: secure coding, static analysis, intelligent application threat modelling with real use case, web frameworks security, countermeasures, SDLC, DevOps, etc.
  • Cognitive Security (Machine Learning and Big Data applied to find cyber security threats with high accuracy precision)
  • Mobile security: Development and/or testing devices and the mobile web
  • Cloud security: Offensive and defensive considerations for cloud-based web applications
  • Infrastructure security: Database security, VoIP, hardware, identity management
  • Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
  • Emerging web technologies and associated security considerations
  • Applied Cryptography: Relevant research, new models, algorithm usage, interesting attacks, and other applications.
  • Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
  • OWASP tools and projects in practice
  • Policy and legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.
  • Cool hacks and other fun stuff: cryptography, social engineering, etc.

To submit a proposal, please submit an abstract of your intended presentation (500 to 4000 characters), a brief biography (150 to 800 characters), a head shot, and a signed copy of the speaker agreement. Talks without all required information may not be considered. Your planned presentation time is limited to a maximum of 15 minutes (excluding ~5 minutes for discussion and change of speaker). Feel free to attach a preliminary version of your presentation if available. Any proposal submitted is subject to a democratic vote by the program committee. Keep in mind: The better your description of the talk, the better picture the program committee will have to review your submission. Please proofread your submission; after approval your abstract, biography, and head shot will be published verbatim into the program and website.

OWASP Bucharest AppSec Conference 2016
This annual one day security and hacking conference is FREE.  It takes place on October 6th at the Sheridan Bucharest hotel.  You can register and submit your presentation here.  

Their audience includes:
  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals interested in improving IT Security
  • Anyone interested in learning about or promoting Web Application Security

Rugged DevOps
The CFP for Rugged DevOps closed on the 18th, but their presentations will be hosted as part of AppSecUSA 2016 in Washington DC.   If you are a security practitioner interested in working with DevOps automation concepts and methodologies as part of the software development lifecycle this event is for you!                                                        Washington DC, October 11 - 14

ARMSec
OWASP Armenia is hosting their annual conference September 16- 17th in Yerevan at the American University of Armenia.  You can apply to their CFP here they are accepting talks from 20 min to 1 hour as well as 2 or 4 hour trainings.

BeNeLux OWASP Day
The annual event will host trainings on the 24th, and the conference on the 25th of November in Leuven, Belgium. Submissions close September 11th and can be made here. Topics should focus on the technical and social aspects of security, they will encourage and prioritize submissions covering research and new work impacting:

  • Secure development of web applications.
  • Security testing of web applications.
  • Security of DevOps processes, architectures, and tools.
  • Security of applications designed for mobile devices.
  • Security of Internet of Things devices and platforms.
  • Cloud platform security
  • Browser security
  • HTML5 security
  • OWASP tools or projects in practice

To submit a proposal, please submit an abstract of your intended presentation (500 to 4000 characters), a brief biography (150 to 800 characters) and a head shot (combine multiple files in one zip file). Your planned presentation time is 40 minutes (excluding ~5 minutes for discussion and change of speaker). Feel free to attach a preliminary version of your presentation if available. Any proposal submitted is subject to a democratic vote by the program committee. Keep in mind: The better your description of the talk, the better picture the program committee will have to review your submission.

ASC Mobile & IoT Security Summit 2016
The OWASP China Chapter is co-hosting the  ASC Mobile & IoT Security Summit 2016 October 25th-26th, 2016 in Shenzhen, China.  Submissions close Aug. 31st.  The event will have three focus areas:
Part One-- Mobile & IoT Security Forum
  • Mobile device & Mobile connectivity platform Security Technology
  • Mobile, Web and Cloud Security
  • Application Security Testing and Latest Attacks and Protection
  • Privacy Protection in web based apps
  • Chip Security
Part Two-- Incident Response Sub Forum
  • Incident Response Tools and Procedures
  • Data Protection
  • Vulnerabilities Handing Solutions
  • Incident Response System Building
  • Automatic Security Operation
Part Three—S-SDLC Sub Forum
  • S-SDLC processes, architectures, and tools
  • Security assessment in S-SDLC (Code review, penetration testing, etc.)
  • Security development processes
  • S-SDLC in Agile Development

Events Looking for OWASP Presentations:

HackFest∞
OWASP Quebec and OWASP Montreal will be hosting a booth at the annual HackFest∞ November 1st through 5th.  They are looking for a speaker to talk about OWASP.  You can apply to HackFest∞ here.

Rochester Security Summit
A general InfoSec conference taking place October 5th and 6th. RSS features a keynote by Jeremiah Grossman and a dedicated OWASP Track.  They are looking for great OWASP AppSec presentations  The CFP has been extended, you can follow up here.

Friday, August 12, 2016

Dear OWASP Members,

Wednesday we sent out the ballots for the 2016 WASPY Awards to all members who were current prior to June 20, 2016.  Some of you received a ballot addressed with an incorrect first name.

During the process of collecting and uploading the individual contact information into the voting platform, there was a mail merge glitch when the de-dupe function was triggered. This resulted in some members receiving an email which was not addressed to them. Immediate action was taken to corrected the issue.

The incorrect names did not affect your ballot as ballots are associated with the member’s email address not their name. None of the votes have been compromised and members only received one email with a link to their ballot. The link to the ballot is a unique link specifically generated for each individual and is NOT to be shared with anyone.

On behalf of the OWASP Foundation we apologize for any inconvenience this may have caused you.  

Sincerely, OWASP Staff

Wednesday, August 10, 2016

Your 2016 Global Board Candidates have been Announced!





Dear OWASP Board, Leaders and Community Members,

Please visit the official 2016 election page for a complete list of the 11 individuals that have chosen to run in this years 2016 OWASP Global Board of Directors election.  https://www.owasp.org/index.php/2016_Global_Board_of_Directors_Election#The_2016_Candidates_Are...  To learn more about each candidate, their bio's and "why me" can be found by clicking on the specific candidates name. 

Candidate interviews will begin next week, and the recorded interviews will be publicly posted by September 15, 2016. Voting will begin October 7, 2016 and will close October 28, 2016.

Thursday, July 28, 2016

WELCOME to Matt Tesauro, OWASP’s New Senior Project Engineer!




We are thrilled to announce that Matt Tesauro has joined the OWASP Foundation staff as our Senior Project Engineer.  Matt has been involved in InfoSec for more than 15 years and a volunteer with OWASP since 2008 when he created the OWASP Live CD Project for the first OWASP Summer of Code.  He evolved this project into the OWASP WTE flagship project which he still runs.  Additionally, Matt also co-leads the OWASP AppSec Pipeline project and is a  former OWASP Foundation Board member.


The primary focus of his new role is to reinvigorate the OWASP Projects and bring automation and workflow improvements based on Agile and DevOps principles.  Matt will be splitting his time 60/40 between proactive process improvements and operational items. As part of his interview process, Matt was asked to provide his preliminary thoughts on improving OWASP projects; check out his Vision for Change. The end goal is a healthy stable of projects which are simple for project leaders to contribute to and easy for the AppSec community at large to use.

Matt comes to us from Pearson where as a Senior Software Security Engineer he improved his team’s throughput 5x by implementing DevOps and agile principles to increase automation and improve workflow. Matt carved a career that straddles operations and development since the early aughts. Often, his role was to be the AppSec department as well as run security operations, which meant that Matt adopted DevOps while DevOps principles were still being solidified. This perspective allowed him to see both the run and write of application development providing a comprehensive view of Secure SDLCs. His focus on improving security workflows throughout his career so endeared him to developers that upon leaving Rackspace his dev team abandoned traditional biases against security and mourned his absence.

In addition to growing agile AppSec departments, Matt honed his skills teaching at conferences and universities including Texas A&M and University of Texas at Austin, where he was a professor in the undergraduate and graduate departments. (You can learn how to create your own AppSec Pipeline from him at AppSecUSA!)

You can follow Matt on Linkedin or Twitter, collaborate with him on GitHub, and learn from him on Slide Share. If you are a project leader, a user of OWASP projects, or someone who wants to see AppSec progress, drop comment below.  

Monday, July 25, 2016

Deadlines are approaching this week!

Deadlines are quickly approaching!  


2016 WASPY Awards
  • Call for Nominees - The deadline to submit your nominees is July 28, 2016.  Each year there are many individuals who do amazing work, dedicating countless hours to share, improve, and strengthen the OWASP mission. Some of these individuals are well known to the community while others are not. The purpose of these awards is to bring recognition to those who "FLY UNDER THE RADAR". These are the individuals who are passionate about OWASP, who contribute hours of their own free time to the organization to help improve the cyber-security world, yet seem to go unrecognized. We all know these people, so why not recognize them today!  Please take a few minutes to nominate who you feel best fits the purpose of these awards.  SUBMIT YOUR NOMINEES HERE

2016 Global BoD Election
https://www.owasp.org/index.php/2016_Global_Board_of_Directors_Election

  • Call for Candidates - The deadline to submit your candidacy is July 31, 2016If you are interested in helping lead a global community that strives on making the world a safer place, then please consider running for a seat on the OWASP Global Board of Directors. .https://www.owasp.org/index.php/2016_Global_Board_of_Directors_Election#Eligibility_Requirements_for_Board_Candidates
  • Call for Questions - The deadline to submit your questions is July 31, 2016.  In mid-August all of the individuals who submitted a candidaicy will be interviewed, and asked a series of questions about why they fell they should be elected. The questions they are asked come from you! We will take the top 5-6 questions and those will be the questions used during the candidate interviews. Now is the time to SUBMIT YOUR QUESTIONS! You may submit your own question(s) and/or give a "thumbs up" to any existing question previously submitted by your fellow community members.



Tuesday, July 12, 2016

Volunteer Opportunities at B-Sides and BlackHat

If you will be in the Las Vegas area Tuesday, August 2 - Thursday, August 4 and want to donate some time at the OWASP expo areas, we would love your help!  

BSides - if you donate a total of 8 hours over the two days at the OWASP BSides booth you will receive a complimentary Supporting Charity Badge to BSides.  Badges are limited and are on a first come first serve basis.  Sign up here!

BlackHat - if you donate a total of 9 hours over the two days at the OWASP BlackHat booth you will receive a complimentary conference pass.  Passes are limited and are on a fist come first serve basis.  Sign up here!  

-OR-  
you can donate a total of 6 hours over the two days at the OWASP BlcakHat booth and receive a complimentary expo pass. Passes are limited and are on a fist come first serve basis.  Sign up here!