. OWASP Connector June 4, 2013                                               FEATURED OWASP PROJECT OWASP Xenotix XSS Exploit Framework Project The OWASP Xenotix XSS Exploit Framework Project is a penetration testing tool that detects and exploits XSS vulnerabilities in Web Applications.  It is basically a payload list based XSS Scanner and XSS Exploitation kit.  The exploitation framework will help penetration testers create proof of concept attacks on vulnerable web applications. For more information, please visit the OWASP Xenotix XSS Exploit Framework Project wiki page. NEW OWASP PROJECTS OWASP VaultDB Project Project Leader:  Maxime Labelle VaultDB is a secure NoSQL database management system (DBMS) for modern applications.  It supports multi-recipient encryption, table-level encryption, group encryption and comes loaded with a strong cryptosystem. VaultDB adds automatic transparent encryption to your application's data at the table/document level.  Instead of using it's own internal storage engine, VaultDB stores the encrypted data inside your preferred DBMS for storage.  OWASP WS-Amplification DoS Project Project Leader:  Thomas Vissers This project aims to explore the threat of an Amplification DoS attack that utilizes web services.  Currently, DNS servers are widely misused to amplify DoS traffic.  This is called a DNS Amplification or Reflective attack.  It appears that SOAP web services that implement WS-Addressing might be vulnerable to similar abuse, as stated in this paper.  The aim of the project is to develop tools to test this vulnerability and determine the threat magnitude on a global scale.  OWASP Mutillidae 2 Project Project Leader:  Jeremy Druin NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.  NOWASP (Mutillidae) can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a web server.   OWASP Global Board Elections The call for candidates is OPEN! Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS) Do you have some news?  Submit your item to appear in the next connector HERE                                 Thank you to Ping Identity, Riverbed Technology, and Sonatype, our newest Corporate Members Thank you to Imperva and UPS for their Corporate Membership Renewals THE Q2 2013 MEMBERSHIP DRIVE HAS BEGUN!!!!!!! Now is the time to make sure your membership is current and up to date!  Join or renew between now and June 10th and be eligible to receive one of 22 Cool Prizes!                               Effective June 1st, you can now join for a 2 year membership or become a LIFETIME Member Click the icon for all the details Apply for an Honorary Membership Get the Details and the Link to the form Big announcements are coming soon!  Training sessions and talk schedule will be posted by June 14th.  Be sure to visit the website often for updates on sponsorship opportunities, conference activities, and more! Registration is opening very soon!  Thanks to all for patiently waiting!  Check the AppSec Research site for details on the training sessions, talks, and link to registration within the next couple of days. OWASP is pleased to announce our upcoming Partner Events: Blackhat 2013 - OWASP Members receive $200 off using discount code:  Uurtcw0 SecAppDev - OWASP members receive 10% off using discount promo code:  owasp)  This code will need to be entered in the comments box to receive the 10% discount EC Council - Use discount code TDCSTLOWASP for $99 conference passes Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)                                                                   JUNE 6 GLOBAL WEBINARS SCHEDULED Analyzing and Fixing Password Protection Schemes - John Steven (Recorded at AppSec USA 2012 in Austin, TX) June 6, 2013 at 10am EDT   June 6, 2013 at 9pm EDT (GMT -5) Links to the recordings of previous meetings can be found on the Initiatives Page To review All of the opportunities, Visit the Initiaives page 2013 WASPY (Web Application Security People of the Year) Awards We all know someone who has made a difference in our industry.  Now is your chance to nominate them to be GLOBALLY recognized!  The 2013 categories are: Best Chapter Leader Best Project Leader Best community supporter - contributor to chapter, project or initiative Best Mission Outreach - grow the OWASP community Best Innovator - willingness to try new ideas NOMINATIONS ARE OPEN CLICK HERE TO ACCESS THE FORM! OWASP would like to thank for stepping up to be a Platinum Sponsor for these awards in 2013!  Additional sponsorship opportunities are available Here OWASP Foundation www.owasp.org Contact Us OWASP Blog