Wednesday, February 22, 2012

Approval of LASCON Exception


From The OWASP Board (Michael Coates michael.coates@owasp.org)

We wanted to thank everyone for the open, honest, and respectful discussion of the Lascon exception issue.  The board has considered the information provided by all parties as well as the principles and mission of OWASP.  After discussion and deliberation we've reached the following decision:

The OWASP Board has voted to approve the following:

Approve LASCON Exception per current chapter & committee rules with the recommendation that LASCON considers the objectives provided by the Board for the new policy. Further, this is the second and final exception for LASCON.

The updated chapter/conference policy must be approved within 45 days or LASCON exception is revoked.

Recommendations for the New Policy

The OWASP board would like the conferences and chapters committees to work together to jointly draft and approve an update to the policies governing chapters and conference events. We appreciate all the hard work that the committees have put forth to grow our chapters and conferences to its current state.  We've accomplished some great things and this is another situation where we have to review and adjust as a result of our continued growth and success as an organization (a good problem to have).

As global committee members you are in the best place to determine the specifics of this policy; however, we would like to set an overall direction that will be worked towards and we’ve outlined the following objectives that should be considered for the updated chapter and conference policies.  

We encourage the committees to review these guiding objectives and work to build a structure that will encourage the growth of OWASP and our mission.  
  • Guiding Objectives
    • We would like to see chapter empowerment through a profit sharing model that is in line with our core value of Innovation
    • We have concerns over the use of profit caps on gains from specific events
    • We would like some sort of annual review, requirements, or rules to address the issue of stale chapter funds in excessive amounts
    • We would like some periodic recap on funds spent by chapters to help ensure funds are appointed on items aligned with the “OWASP Mission”.
    • We recognize there could be concerns over conflicting large chapter events and our core global conferences. Controls should be added to prevent this conflict (perhaps CFP blackout periods in regions within X months of a global event)
    • We would like a dedicated committee with continual and significant control over the core OWASP global events (i.e. conference committee
    • Foundation has resources that can be are being provided to local chapter events but we need these costs to be accounted for in the chapter's event planning
    • Controls are needed to prevent chapters from over-committing on financial costs
    • Final policy and structure created by the committees should ensure, as much as is possible, that there is no incentive for chapters to form legal entities in their own countries.  Any such activity has significant implications for the foundation and must be discussed and coordinated  with the Foundation Board.
  • Infrastructure
    • Chapters must use established technology methods (such as regonline) any time money is handled
    • CFPs need to use established OWASP procedures
    • A single “source of truth” is needed for all events so that OWASP employees can best assist all events.  These include events under either  committee’s purview.
  • Branding
    • Naming standard enforced for all events (e.g. OWASP X)
    • Logo standards that includes OWASP on all logos, event sites, collateral, etc
Thanks for the significant efforts that have been made thus far and we look forward to the updated policy/policies that can take OWASP and our growing member and chapter base to the next level.
Lastly, Kate will update the official vote record to reflect our vote and capture the above guiding objectives on the wiki.

-The OWASP Board

Michael Coates
michael.coates@owasp.org

Monday, February 20, 2012

AppSec DC, and why you should be there

Posted by Doug Wilson 

When we first held AppSec DC in 2009, I had just come back from a two-year jaunt (job-wise) away from the world of information security. I’d long been a proponent of the fact Washington DC should have the best Information Security community in the world. I didn’t want to lose touch with either the DC or the greater InfoSec community while I was dabbling in online collaboration and presence, so I made a point of focusing on participating in community outside of work, and became active in a variety of meet-ups and organizations across different technology sectors. AppSec DC was a chance to try to cross boundaries, and get people from many different communities talking in the same conversation about Application Security.

One of the important missions that the OWASP board charged us with for the first AppSec DC was to reach out to the federal government, to try to establish channels for dialog, and put forth all that OWASP has to offer. Even though it is based in the DC locale, the US Government has national and global implications in everything it does, so that’s not an insignificant mission. In working with our team putting the conference together, I realized two things: That although reaching out to the government would be a long term project, it was absolutely imperative in the emerging threat environment -– but also that there are a lot of people in DC outside of the federal government who also are having an amazing impact on technology, with much further reaches than just the surrounding area, and that we should include them as well.

AppSec DC is now in its third iteration, and over the past three years, we have tried to make inroads to many parties in DC and beyond who should be involved in this dialog. We’ve solidified reaching out to the government, but we’ve also worked on reaching out to the startup and web community in DC. The Washington DC Metropolitan area has been a tech leader since the first dotcom boom, and even with hard economic times, the area is generating startups, new companies, and talent at an astonishing rate. To reflect that in our content, Dan Geer, CTO of In-Q-Tel, a government incubator for innovative research and development will be keynoting our conference this year. Ken Johnson and Matt Ahrens from Living Social will be discussing how they implemented an Application Security in an environment with 1500% growth in less than two years, and Neil Matatall from Twitter talking about an OWASP project he leads that helps developers write more secure code. Mobile applications are driving a lot of the next generation of the Internet. We will also have Jeff Six, O’Reilly author of “Application Security for the Android Platform,” as well as an entire track on Mobile Application Security, and training on a variety of topics that assist developer in all environments, be it how to develop secure mobile app, assess apps, or just how to code securely in general.

This year, we are also trying to recognize a change that is happening inside of OWASP. In the past year, a need for an ampersand between the “Web” and “Application” has been made blatantly obvious. OWASP has long been generating content where 95% of it applies to all fields of application security, but some have dismissed it because of the word “Web” in the title. In an effort to support getting our message out to all application security practitioners, this year AppSec DC has expanded our offerings to include the world of Critical Infrastructure & Control Systems.  We’ll be featuring presentations on how Application Security affects Smart Grid/AMI, ICS, and other pieces of Critical Infrastructure.

While the scope of the conversation and its impact is increasing, we can’t really grow that dialog without more participants. We would like you to bring your voice to the table. As a non-profit, OWASP provides the training and conference at a fraction of comparable industry events, with ease of access at a state of the art facility in downtown DC. We hope that you will be able to join us this year, and for many years to come.

Website: http://appsecdc.org

Tuesday, February 7, 2012

Call for Papers for the OWASP Track at Global AppSec Research/EU

(posted by Mark Bristow mark.bristow@owasp.org )

OWASP Leaders,

The Call for Papers for the OWASP Track at Global AppSec Research/EU (July 10th through 13th 2012 in Athens, Greece) is now open.  OWASP leaders with interesting projects/activities can submit here: https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGJEYlFsQi1xamx5c2kyTTdGcmZCZkE6MA#gid=0.  The CFP for will close on April 15th 2012.

Submissions must:
  • Be about active OWASP Projects or activities
  • Be in a 50 Minute or 15 Minute format (final schedule will be determined in conjunction with the event)
  • Authors must agree to the OWASP Speaker Agreement
  • Comply to the applicable Global Conference Committee Policies (related to all events & speakers)
  • Be OWASP branded, no company templates (presenters must limit mention of their employer to a company logo on the concluding slide of their presentation)
Recommendations:
  • Presentations that provide a link to a recording of previous presenter performance will be scored significantly higher
  • Presentations on active projects will be scored higher
  • Some projects will be determined as once OWASP wants to highlight so new project leaders should not be discouraged if they have great presentation skills
The OWASP Track initiative, jointly led by the Global Conferences Committee and the Global Projects Committee, is a new effort to help OWASP promote our projects and activities at our own major conferences. The goal of this track is to highlight and promote OWASP and offer our leaders a chance to showcase their activities. As such this is a different CFP than one typically issued, submissions should highlight a particular OWASP project or activity that is important to the community at large. The joint GCC/GPC program committee will be judging these submissions on a variety of factors, including project/activity maturity, strategic value to OWASP, relevance to the event audience, and past presentation performance. We intend to highlight brand new projects and activities along with established ones, so new project leaders should not be discouraged from applying! Keep in mind though that we are looking for polished presentations so it will help your submission if you can demonstrate that your project/activity has made recent strides in improving quality.    There are limited OWASP funds to support travel for selected presenters, we will ask that presenters first solicit funding from their employers for travel to the event.

Presenters that perform well in their OWASP Track talk will be invited to join the OWASP Speakers Group.
Regards,
Global Conferences Committee, Mark Bristow, Chair
Global Projects Committee, Jason Li, Chair

--
Mark Bristow
(703) 596-5175
mark.bristow@owasp.org

OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
AppSec DC Organizer - https://www.appsecdc.org

Monday, February 6, 2012

OWASP Mailing Lists Subscriber Count

OWASP Mailing Lists Subscribers

Total number of mailinglists is: 480 <----- WOW
Total number of mailinglists with more than 150 subscribers is: 81 <--- WOW

Total non-unique mailinglist subscribers is: 41,800
Total unique mailinglist subscribers is: 30,603  <------- WOW
  • ajax_crawling_tool: 4
  • appsec_brazil: 36
  • appsec_eu_2010: 203
  • appsec_germany: 99
  • appsec_us_09: 75
  • appseceu2012: 10
  • asiapac: 23
  • brazilian_summit_delegation: 9
  • charlottesville_leaders: 11
  • china-conference: 10
  • committees-chairs: 26
  • developer-outreach: 66
  • esapi-dev: 191
  • esapi-dev-dotnet: 19
  • esapi-php: 162
  • esapi-python: 31
  • esapi-summit: 19
  • esapi-user: 194
  • esapi-user-dotnet: 8
  • global-projects-committee: 71
  • global_chapter_committee: 49
  • global_committee_list: 12
  • global_conference_committee: 49
  • global_education_committee: 51
  • global_industry_committee: 50
  • global_membership_committee: 46
  • global_tools_and_project_committee: 27
  • governance: 13
  • gpc: 4
  • huntsville_alabama: 32
  • java-project: 426
  • netherlands-board: 4
  • opa: 113
  • open-review-project: 38
  • owasp: 2
  • owasp-academies: 36
  • owasp-academy-portal-project: 20
  • owasp-access-control-rules-tester-project: 35
  • owasp-accessibility-project: 10
  • owasp-adv-testing: 27
  • owasp-aguascalientes_mexico: 29
  • owasp-ahmedabad: 53
  • owasp-ajax: 195
  • owasp-alabama: 56
  • owasp-alaska: 8
  • owasp-albany: 23
  • owasp-alchemist-project: 8
  • owasp-algeria: 4
  • owasp-and-portuguese-public-and-private-organizations: 8
  • owasp-andalucia: 22
  • owasp-anti-malware: 54
  • owasp-antisamy: 151
  • owasp-appcec-tool-benchmarking-project: 40
  • owasp-application-security-program-for-manager: 20
  • owasp-application-security-verification-standard: 250
  • owasp-appsec-faq: 19
  • owasp-appsec-requirements: 138
  • owasp-appsec-standards: 97
  • owasp-appsensor-dev: 11
  • owasp-appsensor-project: 83
  • owasp-argentina: 192
  • owasp-armenia: 2
  • owasp-asdr-project: 20
  • owasp-assa: 5
  • owasp-atlanta: 298
  • owasp-austin: 321
  • owasp-australia: 266
  • owasp-austria: 5
  • owasp-awards: 10
  • owasp-backend-security: 87
  • owasp-bahrain: 21
  • owasp-bangalore: 438
  • owasp-bangladesh: 54
  • owasp-bayarea: 514
  • owasp-belgium: 408
  • owasp-belo_horizonte: 13
  • owasp-bhubaneswar: 32
  • owasp-birmingham: 19
  • owasp-board: 18
  • owasp-boise: 15
  • owasp-bolivia: 4
  • owasp-boston: 431
  • owasp-bostonfinancialdist: 42
  • owasp-boulder: 156
  • owasp-brasilia: 46
  • owasp-brazilian: 325
  • owasp-brazilian-leaders: 19
  • owasp-brisbane: 113
  • owasp-browser-security-acid-tests: 12
  • owasp-browser-security-project: 18
  • owasp-browser-security-wg: 21
  • owasp-buffalo: 66
  • owasp-bulgaria: 17
  • owasp-bwa: 17
  • owasp-cal9000: 54
  • owasp-campinas: 15
  • owasp-careers: 67
  • owasp-cbt: 17
  • owasp-cert: 231
  • owasp-chapters: 365
  • owasp-charlotte: 106
  • owasp-charlottesville: 67
  • owasp-cheat-sheets: 8
  • owasp-chennai: 294
  • owasp-chhattisgarh: 4
  • owasp-chicago: 317
  • owasp-chile: 104
  • owasp-china-mainland: 295
  • owasp-chinese: 29
  • owasp-cincinnati: 154
  • owasp-clasp: 109
  • owasp-classic-asp-security-project: 46
  • owasp-cleveland: 117
  • owasp-cloud-10: 58
  • owasp-cmm: 67
  • owasp-code-crawler: 43
  • owasp-codereview: 339
  • owasp-codes-of-conduct: 10
  • owasp-college-chapters-program: 9
  • owasp-colombia: 99
  • owasp-columbus: 95
  • owasp-common-numbering: 15
  • owasp-common-vulnerability-list: 30
  • owasp-connections-committee: 22
  • owasp-corporate-application-security-rating-guide: 27
  • owasp-costa_rica: 27
  • owasp-crm-project: 11
  • owasp-croatia: 31
  • owasp-csrfguard: 71
  • owasp-csrftester: 8
  • owasp-ctf: 18
  • owasp-curitiba: 16
  • owasp-cyprus: 5
  • owasp-czech_republic: 34
  • owasp-dallas: 208
  • owasp-data-exchange-format: 14
  • owasp-defenders: 29
  • owasp-delaware: 9
  • owasp-deleward: 3
  • owasp-delhi: 552
  • owasp-denmark: 142
  • owasp-denver: 340
  • owasp-detroit: 10
  • owasp-dirbuster: 48
  • owasp-documentation-projects: 13
  • owasp-dom-xss: 13
  • owasp-dotnet: 473
  • owasp-dubai: 45
  • owasp-eas: 8
  • owasp-ecuador: 37
  • owasp-edmonton: 44
  • owasp-edmonton-discuss: 21
  • owasp-education: 95
  • owasp-egypt: 36
  • owasp-encoding: 35
  • owasp-ende-project: 9
  • owasp-enigform-and-mod-openpgp: 12
  • OWASP-ESAPI : 0
  • owasp-esapi-c: 3
  • owasp-esapi-c++: 14
  • owasp-esapi-perl: 4
  • owasp-esapi-ruby: 29
  • owasp-esapi-swingset: 14
  • owasp-esop-framework: 4
  • owasp-eugene: 44
  • owasp-exams: 7
  • owasp-fast-project: 5
  • owasp-favicon-database: 8
  • owasp-file-hash-repository: 7
  • owasp-firewalls-project: 45
  • owasp-flash-security: 25
  • owasp-florida: 143
  • owasp-fortaleza: 16
  • owasp-forward-exploit-tool-project: 7
  • owasp-france: 259
  • owasp-fuzzing-code-database: 23
  • owasp-geneva: 104
  • owasp-german-language-project: 17
  • owasp-germany: 293
  • owasp-gibraltar: 4
  • owasp-goiania: 30
  • owasp-google-hacking: 94
  • owasp-gothenburg: 2
  • owasp-greece: 244
  • owasp-guadalajara: 2
  • owasp-guatemala: 26
  • owasp-guide: 400
  • owasp-hackademic-challenges: 22
  • owasp-hartford: 445
  • owasp-hatkit-datafiddler-project: 5
  • owasp-hatkit-proxy-project: 10
  • owasp-hawaii: 19
  • owasp-helsinki: 183
  • owasp-honduras: 1
  • owasp-honeycomb: 21
  • owasp-hongkong: 87
  • owasp-houston: 193
  • owasp-http-post-tool: 6
  • owasp-hungarian-translation: 3
  • owasp-hungary: 21
  • owasp-hyderabad: 225
  • owasp-ibwas09: 15
  • owasp-ibwas10: 24
  • owasp-igoat-project: 18
  • owasp-india: 173
  • owasp-india-advisory-board: 13
  • owasp-indianapolis: 64
  • owasp-indonesia: 77
  • owasp-infrastructure: 15
  • owasp-interceptor-project: 14
  • owasp-internationalization-guidelines: 22
  • owasp-intra-governmental-affairs: 13
  • owasp-iran: 29
  • owasp-ireland: 274
  • owasp-ireland-limerick: 46
  • owasp-islamabad: 1
  • owasp-israel: 662
  • owasp-iswg-web-application-framework-security: 22
  • owasp-italy: 341
  • owasp-j2ee: 134
  • owasp-jacksonville: 13
  • owasp-japan: 103
  • owasp-java-encoder-project: 6
  • owasp-java-html-sanitizer: 6
  • owasp-java-xml-templates: 4
  • owasp-jbrofuzz: 50
  • owasp-jobs-project: 19
  • owasp-joomla-vulnerability-scanner: 73
  • owasp-jordan: 16
  • owasp-jsp-testing-tool-project: 26
  • owasp-jsreg-project: 3
  • owasp-kansascity: 184
  • owasp-karachi: 1
  • owasp-kenya: 25
  • owasp-kerala: 111
  • owasp-key_west: 3
  • owasp-kitchener-waterloo: 14
  • owasp-kolkata: 64
  • owasp-kuwait: 24
  • owasp-lahore: 2
  • owasp-lapse: 26
  • owasp-latam-leaders: 43
  • owasp-latvia: 11
  • owasp-leaders: 552
  • owasp-learn-about-encoding: 12
  • owasp-leeds_uk: 118
  • owasp-legal: 52
  • owasp-lethbridge_canada: 4
  • owasp-live-cd-2008-project: 84
  • owasp-live-cd-education: 20
  • owasp-logging: 32
  • owasp-london: 493
  • owasp-longisland: 63
  • owasp-losangeles: 228
  • owasp-louisville: 65
  • owasp-luxemburg: 33
  • owasp-madison: 39
  • owasp-maine: 10
  • owasp-malaysia: 449
  • owasp-manaus: 2
  • owasp-manchester: 53
  • owasp-manila: 103
  • owasp-mansoura: 1
  • owasp-mantra: 9
  • owasp-mansoura : 0
  • owasp-mcallen: 2
  • owasp-melbourne: 294
  • owasp-memphis: 38
  • owasp-metrics: 145
  • owasp-mexicocity: 166
  • owasp-milwaukee: 41
  • owasp-mobile: 5
  • owasp-mobile-project: 36
  • owasp-mobile-security-project: 291
  • owasp-modsecurity-core-rule-set: 396
  • owasp-montgomery: 22
  • owasp-montreal: 122
  • owasp-morocco: 38
  • owasp-mumbai: 414
  • owasp-mutillidae: 9
  • owasp-myanmar: 7
  • owasp-myth-breakers: 20
  • owasp-nairobi: 3
  • owasp-namibia: 4
  • owasp-nashville: 58
  • owasp-natal: 29
  • OWASP-NAXSI-Project : 0
  • owasp-nepal: 5
  • owasp-netbouncer-project: 8
  • owasp-netherlands: 214
  • owasp-newbrunswick: 7
  • owasp-newzealand: 226
  • owasp-niagra: 2
  • owasp-nigeria: 25
  • owasp-norway: 183
  • owasp-nynjmetro: 1776
  • owasp-o2-platform: 114
  • owasp-ohio: 48
  • owasp-okanagan: 6
  • owasp-oklahoma_city: 11
  • owasp-omaha: 55
  • owasp-on-the-move: 12
  • owasp-opa-project: 3
  • owasp-opensign-server-project: 12
  • owasp-orange_county: 91
  • owasp-org: 8
  • owasp-orizon: 61
  • owasp-orlando: 23
  • owasp-ottawa: 130
  • Owasp-oval-content : 0
  • owasp-pakistan: 43
  • owasp-panama: 26
  • owasp-pantera: 104
  • owasp-paraiba: 121
  • owasp-passw3rd-project: 1
  • owasp-pci-project: 174
  • owasp-penang_state_malaysia: 3
  • owasp-peoria: 13
  • owasp-perth: 46
  • owasp-peru: 116
  • owasp-philadelphia: 200
  • owasp-phishing_framework: 10
  • owasp-phoenix: 210
  • owasp-php: 100
  • owasp-pittsburgh: 76
  • owasp-poa: 79
  • owasp-podcast: 61
  • owasp-poland: 168
  • owasp-portland: 86
  • owasp-portuguese: 101
  • owasp-portuguese-project: 14
  • owasp-positive-security-project: 16
  • owasp-prague: 18
  • owasp-proxy-project: 16
  • owasp-puerto_rico: 15
  • owasp-pune: 208
  • owasp-python-static-analysis: 20
  • owasp-qatar: 34
  • owasp-quebeccity: 27
  • owasp-raleigh: 79
  • owasp-recife: 103
  • owasp-related-commercial-services: 6
  • owasp-release-quality-leaders: 4
  • owasp-rfp-criteria: 5
  • owasp-rio_de_janeiro: 20
  • owasp-riyadh: 24
  • owasp-rochester-announce: 115
  • owasp-romania: 55
  • owasp-rostov: 4
  • owasp-ruby-on-rails-v2: 37
  • owasp-russia: 14
  • owasp-sa: 47
  • owasp-sacramento: 120
  • owasp-salt_lake: 100
  • owasp-sanantonio: 139
  • owasp-sandiego: 172
  • owasp-sanfran: 154
  • owasp-sanjose: 211
  • owasp-santa_barbara: 1
  • owasp-sao-luis: 4
  • owasp-sao_paulo: 75
  • owasp-satvirtualworlds: 6
  • owasp-scode-review-owasp-projects: 44
  • owasp-scotland: 105
  • owasp-scrubbr: 5
  • owasp-scrubbr-devel: 3
  • owasp-seattle: 324
  • owasp-secure-coding-practices: 38
  • owasp-secure-password-project: 23
  • owasp-secure-the-flag-competition: 5
  • owasp-security-baseline-project: 10
  • Owasp-simba-project : 0
  • owasp-singapore: 136
  • owasp-skavenger: 2
  • owasp-slovakia: 28
  • owasp-slovenia: 162
  • owasp-soc-authors-reviewers: 79
  • owasp-socal: 73
  • owasp-software-security-assurance-process: 3
  • owasp-source-code-flaws-top-10: 85
  • owasp-south_dakota: 28
  • owasp-southafrica: 77
  • owasp-southern_ontario: 6
  • owasp-southkorea: 138
  • owasp-southwestflorida: 9
  • owasp-spain: 435
  • owasp-spanish: 154
  • owasp-spoc007: 6
  • owasp-sprajax: 25
  • owasp-sqlibench-project: 26
  • owasp-sqlix: 40
  • owasp-sri_lanka: 10
  • owasp-standards: 108
  • owasp-std: 31
  • owasp-stinger: 82
  • owasp-stlouis: 124
  • owasp-student-chapters-program: 12
  • owasp-summer-of-code-2008: 45
  • owasp-summer-of-code-2008-reviewers: 58
  • owasp-summit-2011: 55
  • owasp-summit-2013: 1
  • owasp-summit-eu-portugal-2008-sponsorships: 10
  • owasp-summit-europe-2008: 28
  • owasp-suncoast: 48
  • owasp-swaf-manifesto: 12
  • owasp-sweden: 718
  • owasp-sweden-discuss: 71
  • owasp-switzerland: 147
  • owasp-sydney: 170
  • owasp-syria: 6
  • owasp-taiwan: 55
  • owasp-tampa: 72
  • owasp-teachable-static-analysis-workbench: 17
  • owasp-testing: 617
  • owasp-thailand: 53
  • owasp-threat-modelling-project: 42
  • owasp-tokyo: 98
  • owasp-tools-project: 32
  • owasp-tools-projects: 25
  • owasp-topten: 407
  • owasp-toronto: 281
  • owasp-training: 31
  • owasp-tunisia: 6
  • owasp-turkey: 496
  • owasp-twincities: 1190
  • owasp-uganda: 3
  • owasp-ukraine: 13
  • owasp-urg: 6
  • owasp-uruguay: 67
  • owasp-venezuela: 46
  • owasp-vermont: 5
  • owasp-vfw-project: 10
  • owasp-vicnum-project: 7
  • owasp-vienna: 24
  • owasp-vietnam: 89
  • owasp-waf: 1
  • owasp-wapiti-project: 6
  • owasp-wash_dc_va: 425
  • owasp-washington: 352
  • owasp-wbts: 3
  • owasp-web-app-scanner-specification-project: 34
  • owasp-web-application-security-metric: 44
  • owasp-web-services: 38
  • owasp-web20: 37
  • owasp-webekci: 11
  • owasp-webgoat: 420
  • owasp-webgoat-using-modsecurity: 46
  • owasp-webscarab: 593
  • owasp-webservices: 97
  • owasp-website: 22
  • owasp-webslayer-project: 38
  • owasp-whatthefuzz-project: 3
  • owasp-winnipeg: 25
  • owasp-winter-of-code-2009: 12
  • owasp-wsfuzzer: 55
  • owasp-xsgec: 35
  • owasp-yasca-project: 17
  • owasp-ypsilanti: 4
  • owasp-zed-attack-proxy: 13
  • owasp_antisamy_python: 10
  • owasp_appsec_tutorial_series: 5
  • owasp_chapter_leader_list: 17
  • owasp_cryttr_encrypted_twitter: 6
  • owasp_cvuja_project: 8
  • owasp_encrypted_syndication: 3
  • owasp_pr_project: 19
  • owasp_sdl: 11
  • owasp_security_analysis_j2ee: 28
  • owaspnyc2008: 9
  • pc_appsec_us_2010: 12
  • samm: 252
  • security101: 4
  • summit2011: 152
  • summit2011-scheduledynamic: 8
  • test: 3
  • web-testing-environment: 12
  • webappsec: 1031
  • ws-arca-metrics-vulnerabilities: 14
  • ws-owasp-web: 24
  • ws-strategic-planning: 28
Join your favorite mailing list today @ https://lists.owasp.org/mailman/listinfo