Friday, February 27, 2015

OWASP Community Manager News Flash – February 2015

OWASP Community Manager News Flash #2 – February 2015

Latest News – Updated Branding Guidelines

Whats New?We have completed a review of the Branding Guidelines and posted updates to the wiki and a new downloadable PDF. The main changes were to include clear links to downloadable content, including information about file type and size and to add some clarification to identity customizations. Some of the downloadable content, particularly brochures, did not include the high-resolution version of the download, and some of this content needs to be updated. We have located and provided links to this content where possible and are working on updated versions of some materials. Keep your eye out for those.

Can I Customize the OWASP logo for my Chapter or Project?We also added an OWASP brand use case for events and conferences, which had not been included previously. In addition, we have expanded information regarding “allowable customization” of the OWASP logo for event promotion, chapter pages and social media. While the original marketing recommendations strictly limited customization to changes in color, many current customizations, including the addition of a country flag in the background and similar modifications add personality and local color to the chapter and project identity without obscuring the overall OWASP brand.

Here are examples of some customizations we liked:

Inline image 1Chapter: OWASP Atlanta
Inline image 2Chapter: OWASP Argentina
Inline image 3Events: AppSecUSA

We aren't going to post examples that don’t meet guidelines, but do ask that each chapter and project review their current social media avatars and wiki page logos and make an honest evaluation of whether your images meet the guidelines.

Please read these new branding rules carefully, and let me know if you have any comments, suggestions or questions.


OWASP On the Move - Recent Chapter Activity

Congratulations to John Patrick Lita and the OWASP Manilla Chapter. Manila hosted 900 attendees at Bulacan State University and is planning a workshop for 60 students and faculty members in March. Manila’s school tour continues on February 27 with San Sebastian College in Ca vite City. John Patrick was recently invited by DZIQ 990AM Radyo Inquirer to discuss how @OWASP can help the Philippine Government promote awareness about cyber security.

OWASP Lucknow reported hosting the biggest OWASP / DEFCON Security Meet ever held in India successfully with a record 379 Attendees! Congrats!
New Chapter OWASP Brooklyn launched on February 3rd at a maker lab in Williamsburg. Their next event will be held on Saturday, February 28th at NYU Poly and will feature Technology Transfer: Creating Cultures of Innovation. Speakers from USCENTCOM innovation office.

OWASP Cluj, another new chapter in Romania, launched on January 29 with over 100 in attendance and many interested in contributing further!


New Chapters

This month, we launched new chapters in Dehradun and Jaipur, India, Sharjah, UAE, and Sheffield, UK, as well as a student chapter in Busan, South Korea. For information or to join these communities, please visit their chapter wiki pages:



TIP: Add Your Meetings to the OWASP Event Calendar

We have noticed that the OWASP Event Calendar has been pretty quiet. Please be sure to post your events to this calendar so all can see what is going on. Visithttp://calendar.google.com. All leaders should have a shared copy available. Just click the checkbox next to “OWASP Event Calendar” under “My Calendars” in the left column. Let me know if you are having trouble adding it to your Google Calendar.


Academic Supporters

Universities are wonderful resources for local chapters. Our Academic Supporter program allows universities to support OWASP by providing space for chapters to meet and promotion and development of OWASP education materials. If you have connections with local universities and faculty members in your area, reach out to them and encourage them to join OWASP as an Academic Supporter.

We have launched a new Academic Supporter application process. The application form is now available online at http://www.tfaforms.com/338407. Do let your local universities know that this opportunity exists.


2015 Strategic Goals

Thanks to all who participated in our 2015 Strategic Goals Survey. We are tabulating responses and will continue that discussion soon. Stay tuned!


Other Resources



Academic Supporter Information and Application
https://www.owasp.org/index.php/Academic_Supporter
http://www.tfaforms.com/338407 (application)


Contact Me

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.

Noreen Whysel
Community Manager

OWASP Foundation

Wednesday, February 11, 2015

OWASP Connector, February 11, 2015


OWASP Global Connector
February 11, 2015 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
Communications

OWASP Project Coordinator Position

Election Working Group Forming

membership

Corporate Members

Individual Members

Conference

CodeMash: OWASP reaches nearly 1000 developers

Global AppSec Events in 2014

Upcoming Regional Events

Partner and Promotional Events

chapters

New OWASP Chapters

Chapter Activities

projects

Google Summer of Code 2015

AppSensor 2.0.0 Released

OWASP Global Translation

Social Media

OWASP Foundation Social Media

#AppSecGuruSaid



Communications
OWASP Communications

OWASP Project Coordinator - Open for applications

Are you interested in working for OWASP and supporting volunteer efforts around the world? Or, do you know someone who is looking for a job like this?
We encourage you to consider applying for our Project Coordinator Position.
Full Time, Salaried
The OWASP Project Coordinator is responsible for the oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enables OWASPs Project Leaders and contributors to successfully run their open source software projects.
This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.
Details about the position and how to apply: https://www.owasp.org/index.php/OWASP_Jobs
Please help us spread the word about the position by posting to your chapter/project lists, adding to applicable job boards, or forwarding to any individuals that you think would be interested.

Election Procedure Working Group

It may seem early, but we have just begun our planning for the 2015 Board of Director election process and we would like Community participation.
We realize that many community members had expressed strong opinions about the past Global Board of Directors election and the platform the election followed.
To help strengthen and improve our election process, an "election working group" will be forming. The working group will consist of community members that have a strong focus on improving our election procedure for this coming year.
The group will meet bi-weekly on Tuesdays at 11amET starting on Feb 17. If you are interested in joining the call please contact Kelly Santalucia
As a reminder, in past elections we provided the following steps, and we look to your suggested improvements.
  • 90 Day window for Call for Candidates
  • 90 Day window for Community questions to be submitted to Candidates
  • Vetting of candidates to ensure eligibility
  • Broad communication of Candidates after window closes via OWASP Connector and Social Media
  • Audio recordings of Candidate statements and recommendations for Community review
  • Live teleconference with candidates to handle Community Questions
  • Multiple email reminders (3-5) to 'paid members' to ensure renewal & eligibility to vote.
  • Multiple email reminders (4-6) to voting members to ensure maximum voting participation
Return To Top

Membership
OWASP Membership

Renewed Corporate Members

1933 Individual Members

  • 1216 Individual One Year Members
  • 335 Individual Two Year Members
  • 228 Regional One Year Members
  • 68 Honorary Members
  • 64 Lifetime Members
Return To Top

Conference
OWASP Conferences

OWASP reaches nearly 1000 Developers

by Bill Sempf, Columbus, Ohio Chapter Leader

The time is the dead of winter, the first week of January 2015. The place, a waterpark in Cleveland Ohio. The scene is 2200 developers from all over the world, wearing shorts and sandals, talking about everything from programming drones to enterprise cloud deployment. This is where OWASP brought 24 hours of security content, with a total impressions approaching 950 developers. This is a success story of remarkable proportions.
Building on the 2013 and 2014 CodeMash events, Jim Manico, Wolfgang Goelrich, Eric Lawrence, and a star studded cast of security speakers brought in 12 hours of training and 12 hours of sessions to developers hanging on every word. The feedback was universally positive and next year's security track is on pace to be even bigger!
If OWASP's primary mission is to 'make software visible' then events like CodeMash are one of the linchpins upon which this mission succeeds.
Encourage your local or regional conferences to start a security track. Offer to proctor that track. Submit security talks to developer conferences.
Get involved outside of the security sounding chamber, and get the developers involved. If CodeMash 2015 showed us anything, it was that developers no longer are dismissive of application security. At OWASP, we should stand up to the thirst for knowledge, and get involved!

Global AppSec Events

LATAM

LATAM Tour 2015

    Agenda
  • Santiago, Chile: April 8-9, 2015
  • Patagonia, Argentina: April 10, 2015
  • Bucaramanga, Colombia: April 14, 2015
  • Montevideo, Uruguay: April 15-16, 2015
  • Lima, Peru: April 17-18, 2015
  • Santa Cruz, Bolivia: April 17-18, 2015
  • San Jose, Costa Rica: April 21, 2015
  • Guatemala, Guatemala: April 21-22, 2015
  • Buenos Aires, Argentina: April 23-24, 2015
  • Caracas, Venezuela: April 23-24, 2015
EU

AppSec EU/Research 2015 (May 19 - 22, 2015, Amsterdam, NL)

Limited Sponsorships are available. Please contact Kelly Santalucia today to make sure your company is represented!
Call For research. Submission deadline extended to Feburary 15, 2015
Registration is open! Early Bird pricing expires February 28. CLICK HERE to register today.
USA 2015

AppSec USA 2015 (September 22 - 25, 2015, San Francisco, CA)

Only a few sponsorships are available for this event. CLICK HERE to see the available sposnorships for this event as well as other events.
Tickets Sales Now Open! CLICK HERE to register!

Upcoming Local and Regional Events

OWASP New Zealand Day (February 26-27, 2015, New Zealand)
HackNY
NYC OWASP HACKNYC 2015 (March 18 - 19, 2015, NYC, NY)
LASCON 2015 (October 19 - 22, 2015, Austin, TX)
AppSec Rio de la Plata 2015 (November 17-20, 2015, Montevideo, Uruguay)

Partner and Promotional Events

SecAppDev 2015 (February 23-27, 2015) Lueven, Belgium
SC Congress London (March 3, 2015) London, UK
Financial Services Cyber Security Summit Middle East & North Africa (March 9-10, 2015) Mena, Dubai
BlackHat Asia 2015 (March 24027, 2015) Singapore
Cyber Security Summit Europe - Financial Sector (April 14-15, 2015) Prague, Czech Republic
Cloud Security World 2015 (May 19-21, 2015) New Orleans, LA
Hack In the Box (May 26-29, 2015) OWASP members receive 20% off by using discount code OWASP-HITB2015AMS
SC Congress Toronto (June 10 - 12, 2015) Toronto, Canada
axiom bh europe contrast january coalfire
CLICK HERE for information on advertising in the next connector
Return To Top

chapters
OWASP Chapters

New Chapters

Kyushu, Japan - Chapter Leader - Yuichi Hattori
Sheffield, UK - Chapter Leader - Yousif Hussin

Chapter Activity

OWASP Cluj held it's initial Meeting January 29th.
OWASP Manila is working together on the OWASP Online Academy Project and would like community support and input. To get involved, please contact the chapter leader John Patrick Lita
Share your chapter's successes! Submit your stories here
Return To Top

projects
OWASP Projects

GSoC 2015

Google is now accepting applications for mentoring organizations for GSoC 2015.
For those of you that have participated in the program, this is the time of the year to start outlining your ideas for projects here: https://www.owasp.org/index.php/GSoC2015_Ideas.
For the rest of you the Google Summer of Code is an amazing opportunity to get some work done on your project.
Last year we got 16 slots for 7 OWASP projects. This year we are looking forward to having even more OWASP projects participating in the program.
For more information, please contact Konstantinos Papapanagiotou.

AppSensor 2.0.0 released

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into applications.
The project offers 1) a comprehensive guide and 2) a reference implementation. These resources can be used by architects, developers, security analyst and system administrators to plan, implement and monitor an AppSensor system.
This is a code release, which comes after a recent (Summer 2014) release of version 2 of the AppSensor book.
For more informaiton on the release and to get your copy of the AppSensor Book, please visit the AppSensor project page. Congratulations to John Melton and his team!
Return To Top

Social Media
OWASP Foundation Social Media

#AppSecGuruSaid

We've all had our moments when we've been on the giving or receiving end of application security advice, and sometimes, you could say, that advice was a bit "off the mark."
Share the funniest/craziest advice you've ever heard by using the following hashtag: #AppSecGuruSaid
We will gather the comments and post a selection of them in the next issue of the Connector

OWASP Social Media Sites

Return To Top


Thursday, January 29, 2015

Chapter Leader News Flash #1 January 2015

OWASP Chapters News Flash

Welcome and Introduction

Happy New Year from your new Community Manager!

Here’s to 2015! I am thrilled to join this amazing community and am ready to help you all make the best of your local chapters. I am based in New York City (currently under a lot of snow!) and have attended OWASP chapter meetings since early last year after being introduced to OWASP by a friend. I have to say what a great group of people. Thanks for making me feel so welcome!

I have a long history of formally and informally managing and engaging with online tech communities, from online groups and listservs (yes, pre-www, too) to established professional associations and international working groups. I have a few ideas from my past experiences, but your experiences and ideas are what count the most. While I am getting myself accustomed to the OWASP systems and processes, please feel free to reach out to me.

I’d love to know about your chapter’s interests, activities and plans for 2015, and am hoping to feature some of you in an upcoming issue of the OWASPChapter Leader News Flash.

All the best,
Noreen Whysel


Latest News

In September 2014, the board approved changes to the profit sharing model that allows chapters to keep 90% of profits from local and regional, non-AppSec events beginning in 2015. The approval removed the $5000 cap, meaning that 90% of all funds you raise for local and regional, non-AppSec events are allocated to the chapter account. We are updating the wiki to reflect this change.

Please keep in mind that this applies to special events and conferences. General chapter meetings should be free. Check the Donation Scoreboard for your chapter’s current available funds, and the Chapter Leader Handbook and How to Host a Conference site for more ideas.


Chapter Communication

We are reviewing options for conducting online meetings for chapter and project events. You all should know that we have a GoToMeeting account, but it only has a capacity of 25 persons on a call. Are you finding this sufficient for online sessions? Do you ever reach capacity? Do you use other OWASP channels like this mailing list or OWASP's IRC channels? Are there other services like Google Hangouts, Skype or Facetime that work for you? Any you would recommend or our younger & new chapters just starting out?

If you would like to try out GotoMeeting, OWASP has an account available forchapter leaders (paid by the Foundation and provided for free for the chapters). If you would like to set up a meeting or need the GotoMeeting login credentials, contact us at http://www.tfaforms.com/308703.


2015 Strategic Goals

We recently sent out a broad communication about the 2015 Strategic Goals for OWASP Foundation. If you have not had a chance to fill out the 2015 Strategic Goals survey, please do so. We are leaving the collector open until February 2, so there is still time:



Resources

Chapter Leader Handbook: 

How to Host a Conference: 

Donation Scoreboard (what’s in your chapter’s wallet?):

OWASP IRC Channels:


Contact Me

We have a lot in store for 2015, including trainings, updated chapter leaderhandbook, revised branding guidelines and more. Please let us know how I can help you!

Noreen Whysel
Community Manager
OWASP Foundation
noreen.whysel@owasp.org

Wednesday, January 28, 2015

OWASP Foundation Connector


OWASP Global Connector
January 28, 2015 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
Communications

OWASP Foundation 2015 Strategic Goals

Updated Profit Sharing Model for Events

membership

Corporate Members

Individual Members

Conference

Global AppSec Events in 2014

Upcoming Regional Events

Partner and Promotional Events

chapters

New OWASP Chapters

Chapter Activities

projects

2015 Project Summit

ToolsWatch Top 10 Security tools of 2014

OWASP Global Translation

Social Media

OWASP Foundation Social Media



Communications
OWASP Communications

OWASP Foundation 2015 Strategic Goals

Our leadership team has been working on the OWASP Strategic Goals for 2015 and we would love to have your input. OWASP is Community supported and volunteer-driven so it is important that your input is included in our planning.
Our draft strategic goals are outlined in a brief survey. We encourage you to give us your thoughts on how valuable each goal statement is to you and the community. You may also suggest new goals.
Lets get started! Please follow this link and take our survey:
Strategic Goals Survey

Updated Profit Sharing Model for Events

2015 is going to be a great year to host an event! Did you know that as of 2015, the profit share for all non-AppSec local and events is now 10/90 with no cap? That means when you host a chapter event, chapters can keep 90% of profits regardless of the total revenue. This change was approved by the Board during the September meeting.
Events are a great way to raise funds for your chapter. Let us know how we can help. Visit the Chapter Leader Handbook and the How to Host a Conference page for ideas.
Return To Top

Membership
OWASP Membership

New Corporate Members

Renewed Corporate Members

1933 Individual Members

  • 1190 Individual One Year Members
  • 324 Individual Two Year Members
  • 270 Regional One Year Members
  • 66 Honorary Members
  • 64 Lifetime Members
Return To Top

Conference
OWASP Conferences

Global AppSec Events

LATAM

LATAM Tour 2015

    Agenda
  • Santiago, Chile: April 8-9, 2015
  • Patagonia, Argentina: April 10, 2015
  • Bucaramanga, Colombia: April 14, 2015
  • Montevideo, Uruguay: April 15-16, 2015
  • Lima, Peru: April 17-18, 2015
  • Santa Cruz, Bolivia: April 17-18, 2015
  • San Jose, Costa Rica: April 21, 2015
  • Guatemala, Guatemala: April 21-22, 2015
  • Buenos Aires, Argentina: April 23-24, 2015
  • Caracas, Venezuela: April 23-24, 2015
    Additional Information
  • Call for Papers AND Training are now open. Submission deadline February 15, 2015
  • Sponsorship Opportunities are Available
EU

AppSec EU/Research 2015 (May 18 - 21, 2015, Amsterdam, NL)


Call For research. Submission deadline extended to Feburary 15, 2015
Please check the respective calls for prerequisites and submission instructions.
USA 2015 AppSec USA 2015 (September 22 - 25, 2015, San Francisco, CA)

Upcoming Local and Regional Events

OWASP London Cyber Security Week (January 26-30, 2015, London, UK)
OWASP New Zealand Day (February 26-27, 2015, New Zealand)

NYC OWASP HACKNYC 2015 (March 18 - 19, 2015, NYC, NY)
LASCON 2015 (October 19 - 22, 2015, Austin, TX)
AppSec Rio de la Plata 2015 (November 17-20, 2015, Montevideo, Uruguay)

Partner and Promotional Events

SecAppDev 2015 (February 23-27, 2015) Lueven, Belgium
SC Congress London (March 3, 2015) London, UK
Financial Services Cyber Security Summit Middle East & North Africa (March 9-10, 2015) Mena, Dubai
BlackHat Asia 2015 (March 24027, 2015) Singapore
Cyber Security Summit Europe - Financial Sector (April 14-15, 2015) Prague, Czech Republic
Cloud Security World 2015 (May 19-21, 2015) New Orleans, LA
Hack In the Box (May 26-29, 2015) OWASP members receive 20% off by using discount code OWASP-HITB2015AMS
SC Congress Toronto (June 10 - 12, 2015) Toronto, Canada
bh europe contrast january intel environ axiom

CLICK HERE for information on advertising in the next connector
Return To Top


chapters
OWASP Chapters

New Chapters

OWASP Brooklyn - OWASP Brooklyn will be hosting its inaugural meeting on February 3, 2014. Chapter Leaders - Bev Corwin and Donald Gooden

Chapter Activity

OWASP London - hosts a Cyber Startup Summit
This event which is being held January 28-30 helps to promote, highlight, and bring spotlight to cyber security innovation and new cyber startups in the UK. Some of the planned activities include:

  • Secure Startup Event - talks and workshops to help startups understand how to develop and secure existing and new products
  • Cyber Innovation Event - talks and interactive workshops on the critical role new cyber startups play in new security innovation
  • Hackathon Event - a two day hackathon for developers, students, and the community focusing on innovative security concepts.
For more information and to get your FREE ticket, please view the event's website.
Share your chapter's successes! Submit your stories here
Return To Top

projects
OWASP Project Summit

Project Summit

This is where application security experts meet to discuss plans, projects and solutions for the future of application security. The Summit is not a conference - there are no talks or training seminars - this is an opportunity to do actual work to further the field of application security. We are holding the summit as part of our AppSec EU 2015 conference, but it is a separate activity from the conference itself. Participants will collaborate to produce tangible progress towards influencing standards, establishing roadmaps, and setting the tone for OWASP and application security for the coming years. The Summit will consist of Summit Working Sessions with a variety of topics set by our community. Participants are free to attend any working session, but we encourage everyone to select working sessions for topics where they have the most to contribute. Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, contact Johanna Curiel.

Project Leader Information

Participant Information

    Where - Amsterdam RAI
  • When - May 20-22, 2015
  • Who - Open to anyone
  • Why? - Contribute to the future road map for Application Security
For more information check out the Summit Wiki Pages or contact a member of the organizational team:

ToolsWatch Top 10 Security tools of 2014 published

3 OWASP Tools are included in the ToolsWatch Top 10 Security tools of 2014! Congratulations to the projects and to the project leaders!<.

OWASP Global Translations

Since it's release in June 2013, The OWASP Top 10 has been translated into 12 different languages.
Visit the Top Ten Project Page to view all of the available translations.
There are other projects in need of translators and proofreaders, including The OWASP Testing Guide 4.0. Please help us in keeping OWASP a truly international organization!
Return To Top

Social Media
OWASP Foundation Social Media
Return To Top