Tuesday, March 26, 2013

OWASP Connector March 26, 2013



OWASP Connector March 26, 2013

   Standard OWASP Banner
                                         


imageproject



NEW OWASP PROJECTS

OWASP Droid Fusion - Droid Fusion is a platform for android mobile for doing malware analysis, development, application pen-testing, and forensics.  You can use it in any mobile security research, and if you have Droid Fusion, you don't need to worry about finding tools.  There are more than 60 tools and scripts and it is free.

OWASP iSABEL Proxy Server - The idea of the OWASP iSABEL Proxy Server Project is to gain a deeper knowledge about securing web applications from different threats and attacks coming from external sources.  This can be achieved by developing intermediary software that runs between the client and the server.  This intermediary software will be based on a proxy server that will be implemented on layer 7 (Application) of the OSE model (Open Systems Interconnection), and its function is to accept network traffic from different client's trying to access resources from the web server.  Once the client successfully established a connection, the proxy will inspect all incoming network packets coming from the clients for malicious parameter, and files such as viruses, worms, trojans.  


PROJECT ANNOUNCEMENTS

Authors Needed for the OWASP Code Review Guide!
We are currently recruiting authors that can assist with section development, writing, and editing of the Code Review Guide.  This is an excellent opportunity to work on a high profile OWASP Flagship project.  Applicants are encouraged to choose either a section or the entire chapter to contribute to.  Authors should be knowledgable about the sections they choose.  For more information on the OWASP Code Review Guide, Please visit the Project Webpage.

Mohammed Aldoub, the OWASP Kuwait Chapter Leader, is representing OWASP at the 2013 Cyber Security Summit in Prague.  He will be speaking about mitigations that system administrations can use to patch up and secure their systems.  The talk will focus on open source tools, especially OWASP Projects, such as the OWASP ModSecurity CRS.  His talk is scheduled on the 11th of April.  To learn more about Mohammed's talk, please visit the Cyber Security Summit Website.

SMALL_INDUSTRY_BANNER


CISO SURVEY STILL OPEN


Are you a CISO or an Information Security Manager?
If YES, please take a few moments to complete the Industry CISO Survey!
take the survey here
Pass the invitation on to your contacts:
pass the invitation

OWASP Foundation



OWASP Blog


Do you have some news?  Submit your item to appear in the next connector HERE


































imagemembership

Thank you to the following Companies who have renewed their memberships:  

HP

IBM


imageconference


AppSec Research 2013

798px-Logo_AppSecEU2013-Nr3backg50

The deadline for the Call For Papers is approaching:  This is your opportunity to present your research, findings, or best practices to an audience of over 400 international developers, software security professionals, and managers.  Sponsorship opportunities are still available as well.

CALL FOR PAPERS
SPONSORSHIP INFORMATION

UPCOMING PARTNER EVENTS:



OWASP is pleased to announce our upcoming Partner Events:

HITB Amsterdam 2013
 (Amsterdam, Netherlands) April 10-11, 2013

2013 Cyber Security Summit (Prague, Czech Republic) - April 11-12, 2013

Information Security Summit (Warrensville Heights, OH) - April 17-18, 2013

BSides Boston (Cambridge, MA) May 18, 2013

National Collegiate Cyber Defense Competition (San Antonio, TX) - April 19-20, 2013
Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)


ATTENTION EUROPEAN CHAPTER LEADERS!

Following the success of the LATAM TOUR, 2013 OWASP will be initiating and promoting a similar tour across European chapters.  To participate in this EUROPEAN tour, please join us for a webinar on April 2 at 9am EDT to outline the details including dates, sponsorships, content, and training

register
                                     OWASP Social Media


Did you know that your individual, paid OWASP membership ...
  • directly support our local chapters and our projects
  • gets you a significant discount at all OWASP events
  • entitles you to partner event discounts several times each year
  • gives you a voice in the OWASP Global Elections
  • entitles you to communicate professionally via an owasp.org email address
  • can be a matching donation allocation through your US employer














imageglobas
MARCH 28th GLOBAL WEBINARS SCHEDULED
Topic:
OWASP Chapters:  
If you are a current chapter leader, have been considering becoming a chapter leader, or if you have any great suggestions for how OWASP Chapters and Chapter Leaders can collaborate Globally to support the OWASP Mission, please plan on attending
MARCH 28, 2013 at 10am EDT  

register

MARCH 28, 2013 at 9pm EDT
(GMT -5)

register
 Links to the recordings of previous meetings can be found on the Initiatives Page


The process works well - so don't hesitate to submit your request for assistance




imageglobas
Global Initiatives - Chapter


A Message from Tom Brennan, Global Board Member and Chapter Leader

As we complete Q1, 2013 I wanted to shine a light on the over 200 active chatpers in the US, Canada, Latin America, Europe, Asia Pacific, Middle East, and Africa and say,
Thank you!!!
Your active volunteerism with local chapters is a core community aspect of the OWASP Foundation.  Many other fine professional associations are available for you to invest your time in, however you have selected the OWASP Community.

As an active chapter leader, OWASP expects that you have read the current chapter leader handbook.

This announcement is a formal request to pull together those experienced and new chapter leaders as well as your members to contribute to the 3.0 version of the best practices and requirements that will govern local chapters

Sign up to participate in this task force







Monday, March 18, 2013

OWASP at Black Hat EU 2013

OWASP was well represented in Amsterdam this past week at Black Hat EU. Members from the UK, Portugal, and from across the Netherlands volunteered their time at the conference. We would also like to thank the OWASP Netherlands Chapter for inviting our volunteers to the local chapter meeting, and we would like to extend a special thanks to Colin Watson and Georgia Weidman for speaking that evening. We would also like to thank Martin Knobloch, Anil Pazwant, and Dennis Groves for managing our booth at Black Hat. To view more of our event images, please visit the OWASP Flickr page.  














Thursday, March 7, 2013

OWASP Connector March 6, 2013


OWASP Connector March 6, 2013

   Standard OWASP Banner
                                         


imageproject



NEW OWASP PROJECTS

OWASP Scada Security Project - The primary aim of OWASP SCADA Security project is to gather information about different ICS/SCADA security threats related to WEB-applications and their environments, starting from econnaissance ("footprinting") stage to vulnerabilities exploitation.

PROJECT ANNOUNCEMENTS

OWASP Periodic Table of Vulnerabilities Project:  Working Group Forming
A working group is now forming under the leadership of James Landis to produce the 1.0 draft of the OWASP Periodic Table of Vulnerabilities.
The goal of this project is to identify the ideal solution target for known web application vulnerability classes as a first step toward eliminating many classes of vulnerabilities altogether.  If you would like to have a hand in shaping the future of web application technologies toward solving vulnerabilities like cross-site scripting and SQL injection forever, your contributions would be greatly appreciated!  Click here to sign up for this task force.

OWASP iGoat Project V.w.0 Released!
The OWASP iGoat tool is a stand-alone iOS app (distributed solely in source code) designed to introduce iOS developers to many of the security pitfalls that plague poorly-written apps.  Like it's namesake, OWASP's WebGoat tool, iGoat is intended to teach software developers about these issues by stepping them through a series of exercises, each of which focuses on a single aspect of iOS security
OWASP iGoat is an ideal tool to use in a classroom setting to teach iOS developers (and technically minded IT Security staff with at least some exposure to object oriented programming).  We invite the OWASP community to download and try iGoat, and we welcome your suggestions for improvements.  We're always looking for willing participants to contribute to the project as well!
DOWNLOAD OWASP iGOAT 2.0


SMALL_INDUSTRY_BANNER

CISO SURVEY LAUNCHED

Are you a CISO or an Information Security Manager?
If YES, then we need your participation in this indursty survey that will report current trends in Application and Information Security, provide new insights across industries, and help OWASP align our projects for maximum impact for the end user and developer community.
take the survey here
Pass the invitation on to your contacts:
pass the invitation

OWASP Foundation



OWASP Blog


Do you have some news?  Submit your item to appear in the next connector HERE


imageconference

UPCOMING EVENTS:

Front Range OWASP Conference (SnowFroc)

The Colorado OWASP chapters are proud to present the 5th annual SnowFroc.  Join 300 other developers, business owners, and security professionals for a day-and-a-half of presentations, training and Birds-of-a-Feather (BoaF) sessions.

The conference will begin on Thursday, March 28th and will feature four primary tracks:



  • High-Level Technical
  • Deep-Dive/Hands-on Technical
  • Management
  • Legal
Additional activities include a CTF competition, a moderated panel discussion featuring top industry leaders, and a FREE (yes, FREE) secure coding course

REGISTER NOW TO RESERVE YOUR SEAT

UPCOMING PARTNER EVENTS:

Cloud Matters (Alberta, Canada) March 11-12, 2013
BlackHat EU (Amsterdam, Netherlands) - April 10-11, 2013
HITB Amsterdam 2013 (Amsterdam, Netherlands) April 10-11, 2013
2013 Cyber Security Summit (Prague, Czech Republic) - April 11-12, 2013
Security B-Sides, Orlando (Orlando, Florida, USA) - April 13-14, 2013


appsec-horizontal-logo

Just a reminder to mark you calendar for the 2013 North American AppSec Conference in New York City November 18th-21st at the Marriott Marquis in the heart of Times Square.  We have a fantastic event shaping up and sponsorships are selling fast.  If you are interested in sponsoring, please complete this request for information

Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)


LATAM 2013
The 2013 LATAM Tour is scheduled for training and plenary sessions visiting 9 different chapters in the Region!

A EUROPEAN Tour is being planned for the end of May - Stay tuned for More Information on that - If your chapter would be interested in participating in this tour LET US KNOW
                                     OWASP Social Media




imageglobas
MARCH GLOBAL WEBINARS SCHEDULED
Topic:
OWASP Marketing Initiative
Sisterworks Publishing will be presenting their phase one research on OWASP background material to be used in marketing and brand strategy for the organization
MARCH 14, 2013 at 9am EST  
Please Note the 9am time change for this call
(GMT -5)

register

MARCH 14, 2013 at 9pm EST
(GMT -5)

register
 Links to the recordings of previous meetings can be found on the Initiatives Page
    The Number of Individual, Unique Volunteers who have signed up for a posted Initiative is now over 250!
number of volunteers
This is what volunteers have signed up for!
volunteer campaign stats
The process works well - so don't hesitate to submit your request for assistance





imagemembership


Thank you to the following Companies who have renewed their memberships:  

Adobe
PwC Technology
Rakuten, Inc

Did you know that your individual, paid OWASP membership ...
  • directly support our local chapters and our projects
  • gets you a significant discount at all OWASP events
  • entitles you to partner event discounts several times each year
  • gives you a voice in the OWASP Global Elections
  • entitles you to communicate professionally via an owasp.org email address
  • can be a matching donation allocation through your US employer