Thursday, August 30, 2012

CFP and CFT extended for OWASP AppSec Latam

We are pleased to announce that the OWASP Uruguay Chapter will host the OWASP AppSec Latam 2012 conference in Montevideo, Uruguay at ANTEL National Telco Company. The event will be composed of 2 days of training (November 18-19), followed by 2 days of conference talks (November 20-21). 4 great keynote speakers are already confirmed for our conference talks on Nov. 20-21: Jerry Hoff, Pravir Chandra, Cristian Borghello, anHernan M. Racciatti and we have extended the deadline for both training submissions and talk submissions to Friday, September 7... So don't delay and submit your proposals right away!

OWASP Project Leaders -
We would love to have you come to the conference and present on your OWASP Project and event have special funds available to help cover the travel for OWASP Project Leaders. If you are interested in presenting, please submit through our Call for Papers and send an email requesting funding

OWASP Chapter Leaders - 
As part of AppSec Latam 2012, a free chapter leaders workshop will be held the afternoon of Monday, Nov. 19th (the day before the conference). Details on the workshop can be found on the conference website: under the "Chapters Workshop" tab.

Sponsorship funds are also available for Latam chapter leaders who want to attend the workshop and conference. If you need financial assistance to attend the Chapter Leader Workshops please submit a request to via the Contact Us Form by September 17, 2012.
  • Priority of sponsorships will be given to those not covered by a sponsorship to attend a previous workshop. Additionally, we are looking for new or struggling chapter leaders who need assistance kick starting their chapter.
  • When you apply for funding, please let us know *why we should sponsor you*. While we prefer that chapter leaders use their own chapter's funds before requesting a sponsorship, this is not a requirement for application.
  • If your chapter has fund but will not be using them to sponsor your attendance, please include why you will not be using the funds for this purpose (i.e. what are the other plans for those funds?).

Learn more and submit your information at:

Thanks and Best Regards,
AppSec Latam 2012 Planning Team

Monday, August 27, 2012

The AppSec USA 2012 conference organizers, in conjunction with the
Global Projects Committee, is pleased to announce a Call for Entries for
the OWASP Open Source Showcase 2012.

We are offering a limited number of FREE booth spaces to open source
projects this year, and we would like to invite ANY open source projects
to apply.

OWASP OSS 2012 is not just for OWASP projects. All open source projects
are encouraged to apply for a booth at this showcase, to demo, and to promote
their project. Showcase participants need to be ticketed attendees, and will be
responsible for manning their booth.

Learn more about this initiative, including how to submit projects for
consideration, by visiting our OSS 2012 Applications Page.

Applications are due Friday, September 14th 2012 and are considered on a
rolling basis - so get moving!

Contact if you have any questions.

The OWASP Foundation
OWASP AppSec USA 2012
October 23-26 2012: Training, Talks, CTF, Showroom and more!

Sunday, August 26, 2012

AppSec USA – Register Now!

What:       AppSec USA 2012
Where:     Austin, TX
When:      October 23-26, 2012

AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. The conference features talks and sessions in the Application Security space including development, web application security, cloud security, DevOps, Open Source and OWASP tools given by the top speakers in the industry.

AppSec USA 2012 Training:
One-Day Training: Tuesday, October 23
One-Day Trainings: Wednesday, October 24
Two-Day Trainings: Tuesday-Wednesday  (October 23-24)

AppSec USA 2012 Keynote Speakers:
  • Douglas Crockford (JavaScript Developer and Inventor of JSON)
  • Michael Howard (Sr. Security Program Manager at Microsoft)
  • Gene Kim (Researcher, TripWire Founder)

AppSec USA 2012 Speakers:
  • HD Moore
  • Richard Bejtlich
  • Michael Coates
  • Josh Corman
  • Brendan Eich
  • Chris Evans
  • Jeremiah Grossman
  • Phillip Hallam Baker
  • David Kennedy
  • Bob Lord
  • Adam Mein
  • Chris Nickerson
  • Alex Rice
  •  Alex Russell
  • Amichai Shulman

Please visit to learn more or register for the event. 

Also, AppSecUSA has a special rate of $189/night with the conference hotel.  Reservations at this rate end on September 25th and the Hyatt will not hold rooms for OWASP meaning that if you reserve too late, you will not be able to stay at the conference hotel.  Don’t let that happen to you, reserve your room now.

We look forward to seeing you in Austin this October!

Best Regards,
The AppSec USA 2012 Planning Team

Wednesday, August 15, 2012

Membership deadline for this year's election

From Helen Gao, OWASP Global Membership Committee Chair
Dear OWASP leaders,

I was asked this question many times, "why should someone become an OWASP member?" The answer to the question will be loud and clear in October. Members, and only members can vote in the election which will take place from October 12 to 19, 2012.

OWASP board makes large and small decisions from what the membership fee should be, which projects to fund, whether volunteers should be paid, and if there will an OWASP summit this year. Half of the 6 seats will be determined by less than 2,000 members in the whole world.

If you receive this message then you are one of the OWASP leaders who care about the direction OWASP is going. What better way to let your voice be heard by exercising your vote in the election? If you are not current member yet then what better time to become one or renew ?

248 individuals joined OWASP in July, and 55 renewed their membership. Don't be left behind. Act today!

Click here for details of the election including candidates and timeline.


Helen Gao, CISSP
Global Membership Committee Chair
Senior Architect of TIBCO Software Inc.

Monday, August 13, 2012


WASPY Awards

Attention: All Chapter/Project Leaders

Every year a group of individuals including researchers, developers, security professionals and others work to ensure the security of web applications. Some of these individuals are featured in news stories or at conferences as recognized experts. But there are many other ‘unsung heroes’ that work every day to improve web application security and yet are rarely recognized.

This year OWASP will initiate the first annual Web Application Security Person of the Year (WASPY) award. There will be awards for WASPY winners at the chapter or project, finalist and global levels.

Each Chapter or Project who participates will have the opportunity to nominate 1 WASPY candidate from their Chapter or Project to represent them in the final vote. The OWASP board will review the profiles of the chapter/project level winners and will then select 5 Global finalists. The Global WASPY winner will be announced at the Global AppSec North America conference in Austin, TX in October. Winners at each level will be recognized on the OWASP website and receive a gift in addition to the award.

Guidelines that will be used to select WASPY winners are:

Individuals should be involved in web application security in some meaningful way, ie: they may be involved in projects or supporting the chapter or involved in volunteering time for awareness campaigns. Individuals should be well known for supporting local OWASP or other web application security efforts. Individuals that not only support local efforts but also contribute time to OWASP projects or other national/international efforts to improve web application security should be given additional consideration/credit. Individuals should not be well-known AppSec pundits or speakers. While these are important individuals, they already get a lot of attention and the purpose of the WASPYs is to give more recognition to lesser known but just as important AppSec supporters.

Here is how the process will work:

All Chapters/Projects that would like to participate in the WASPY Award, must contact Kelly Santalucia via by September 1, 2012.
Only Chapters/Projects who have contacted Kelly by September 1, 2012 will be able to nominate 1 candidate to represent their chapter/project. It is up to the Chapter/Project to determine how they would like to select their candidate. Please reference our Chapter Handbook for suggestions on Chapter Elections, and refer to the guidelines listed above which will be used for the selection of the winners.
Once the Chapter/Project has selected a candidate, they must contact Kelly Santalucia with the candidates name, his/her accomplishments and provide an explanation as to why this person was chosen. Chapters/Projects have until September 15 to submit this information.

**Each Chapter/Project must submit a candidate in order for the chapter/project to be eligible to share in a percentage of any funds raised beyond those used to support the awards.**

September 22, the OWASP Board will vote for the top 5 candidates.
October 25 winners will be announced live at AppSec USA in Austin, TX

OWASP corporate supporters will sponsor the WASPY awards. In order to participate Chapters/Projects must contact Kelly Santalucia by September 1, 2012 AND submit a candidate by September 15, 2012. Chapters/Projects who do not respond by September 1, 2012 will not be eligible to participate in 2012 but will be eligible in future years. Chapters/Projects that submit a candidate will be eligible to share in a percentage of any funds raised beyond those used to support the awards. More information will be provided to the participating chapters/projects on the awards, gifts and recognition for winners at each level. 

OWASP Xelenium: Security Unit Tests

(from V.Vasanth)

Hello OWASP Friends,

Warm Greetings!!

Today, I would like to introduce you all to my humble effort called ‘OWASP Xelenium’, which helps the user in identifying the security testing threats present in the web applications.

Xelenium is an automated security testing tool that uses Selenium, leading open source test automation tool, as its engine. Xelenium accepts very limited inputs from user and tests the application using the predefined automation procedure.

Current version of Xelenium identifies the Cross Site Scripting threats present in the web application. In subsequent versions, Xelenium will be enhanced to identify other leading security threats.

First version of Xelenium was published on June 22nd, 2012, and second version was published on 6th August, 2012. Till now, around 4000 downloads were happened.

You can find more info here:

In the next version, I am planning to enhance the UI of Xelenium from Java Swing to Java FX. Also, I am looking at the possibility of introducing the enhancements to handle DOM Based XSS.

I would encourage you to use this solution and pass on your comments about it.
Hope this solution helps you in some way. Looking forward for your comments!!!

Thank you!!

Wednesday, August 8, 2012

AppSec Ireland 2012 - Register Now!

OWASP Leaders -

In a little less than a month (Sept. 4th-6th) the OWASP AppSec Ireland Conference 2012 will be held at Trinity College, Dublin. This conference, in its 4th consecutive year, is a premier gathering for Information Security leaders, executives from Fortune 500 firms along with technical thought leaders, security architects and lead developers to share cutting-edge ideas, initiatives and technology advancements. OWASP events attract a worldwide audience interested in “what’s next”. 

A few of the conference highlights:
  • 2 days - Secure Coding Competition (Sept 4th-5th): Get a team together and code your way to victory!
  • 1 day training - Hackery Tactics: Breaking weak applications and building Strong ones (Eoin Keary and Jim Manico) (Sept. 4)
  • 1 day training - Metasploit - from vulnerability to exploit module (Patrick Fitzgerald) (Sept. 5)
  • 2 days training - Mobile Security - Pen Testing Android and iOS Applications (Doug Logan) (Sept. 4th-5th)
  • 2 days training - Tactical Defense with ModSecurity (Christian Bockermann) (Sept. 4th-5th)
  • Kartcon Ireland - Evening of Sept. 5th
Last but not least, our amazing line up of speakers: 

Jeremiah Grossman
Reeny Sondhi
Rafal Los
David Rook
Tyler Shields
Mark Goodwin
Simon Bennetts
Fred Donovan
David Stubley
Juan Galiana Lara
Máirtín O’Sullivan

A reminder to OWASP Chapter & Project Leaders - current OWASP Leaders are eligible for complimentary admission to the conference and 2 complimentary spots in each of the training classes are reserved for OWASP Leaders (available on a first come first serve basis).  If you are an OWASP Leader and want to get into the conference or training for free, email for a discount code.

Please visit  to learn more or register for the event.  We look forward to seeing you next month in Dublin!

The AppSec Ireland Planning Team