Friday, April 26, 2013

OWASP Connector April 23, 2013


OWASP Connector April 23, 2013

   Standard OWASP Banner



OWASP Web Application Security Quick Reference Guide Project - Project Leader:  Marek Zmyslowski - This will be a simple checklist for Web Application.  The unique feature of this project is that all checks will be simple and can be checked by particular testcase.  It is simple but can be very informative and useful for testers and coders.

OWASP Application Fuzzing Framework Project - Project Leader:  Marek Zmyslowski.  The framework will be used to fuzz applications in the Windows environment.  It will have a couple of modules.  Two main modules will be for ile fuzzing and dll fuzzing.  A very wide configuration will allow for many fuzzing possibilities.

OWASP Security JDIs Project - Project Leader:  Edwin Aldridge.  This project aims to build a library of concise, actionable, technology specific instructions detailing good practice on avoiding or closing specific vulnerabilities.  This will be a Security HOWTOs for people who may not have time to study a problem in depth but need to secure their application.  

OWASP Top 10 Fuer Entwickler 
- Project Leader:  Torsten Gigler  The Top 10 Fuer Entwickler (Top 10 Developer Edition in German) The objectives of the project is to add Good Practices (like the Cheat Sheets) to the OWASP Top 10.  Its aim is to bridge the gap between awareness and theoretical knowledge, to effective know-how for the purpose of building good programs.  It is written in German to amke it easier for German developers to use it.  We will take care to make a migration to other languages easy.

OWASP Rails Goat Project - Project Leader:  Ken Johnson  This is a Rails application which is vulnerable to the OWASP Top 10.  It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each.


OWASP Code Review Table of Contents is now live!
We are currently still recruiting authors that can assist with section development, writing, and editing of the Code Review Guide.  This is an excellent opportunity to work on a high profile OWASP Flagship project.  Applicants are encouraged to choose to contribute to either a section or the entire chapter.  Authors should be knowledgeable about the sections they choose.  For more information on the OWASP Code Review Guide, please visit the Project Webpage.


Thank you to the following Companies who have renewed their memberships:  

Booz Allen Hamilton

OWASP Foundation


Do you have some news?  Submit your item to appear in the next connector HERE


AppSec USA 2013 will be OWASP's biggest event and fundraiser ever!  Join 2000+ attendees for over 50 sessions across 3 tracks to learn about the latest and greatest in software security in the heart of NYC.

Register now and save 50%

The first 200 tickets are available until May 15th for the low price of $445.  Visit to register for the event and save on your early hotel reservation.  this is an extraordinary rate to experience an amazing OWASP and NYC event.  In addition to the conference talks, you will have opportunities to practice lockpicking, compete in the CTF, discuss OWASP Projects, look for a new career opportunity, and shop around with all the latest and greatest security vendors.

Want to share your knowledge with the world?

Call for Training and Call for Papers is now open!  Learn more about our selection committee and submit your proposals at 

AppSec Research 2013


Call for research papers - deadline may 15th-

training icon

Two Day Trainings

  • Shannon Ross, Dave Wichers: Securing Mobile Devices and Applications
  • Christian Bockermann: Tactical Defense with ModSecurity
  • Hemil Shah: Mobile Application Hacking and Security — OWASP Top 10 Way

One Day Training, Tuesday, August 20th

  • Jim Manico: Web Application, Web Service and Mobile Secure Coding
  • Frederik Weidemann: SAP ABAP Penetration Testing
  • Tiago Teles: Defensive Programming for JavaScript & HTML5

One Day Training, Wednesday, August 21st

  • Paco Hope: Defensive Programming in PHP
  • Christian Schneider: Java Web Hacking & Hardening
  • Tobias Gondrom: CISO training – Managing Web & Application Security – OWASP for senior managers

Registration opening soon - visit for details


OWASP is pleased to announce our upcoming Partner Events:

Central Ohio ISSA Infosec Summit (Columbus, Ohio) May 2, 2013 - May 3, 2013
BSides Boston (Cambridge, MA) May 18, 2013
EC Council (Multiple Locations and Dates)


Presentation by Design Foundry and Sisterworks to review the OWASP Marketing Plan - Phase II  

April 25, 2013 at 10am EDT  


April 25, 2013 at 9pm EDT
(GMT -5)


May 9, 2013 Webinar topic:
the 2013 WASPY awards and the 2013 Global Election
Register for the 10:00am webinar
Register for the 9:00pm webinar

Links to the recordings of previous meetings can be found on the Initiatives Page

The world celebrates volunteers!

The OWASP Foundation would not exist without the thousands of volunteers who donate their time, talent, and treasure to support our mission!  We join with countries around the world to recognize and say thank you to our many volunteers

National Volunteer week USA:  April 21-27

National Volunteer week Canada:  April 21-27

National Volunteer week Australia:  May 13-19

Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)

Friday, April 12, 2013

OWASP's New Executive Director

The OWASP Board is proud to announce OWASP’s new Executive Director, Sarah Baso.

The OWASP board had many different directions to consider for which type of candidate would be best suited for the new executive director role. Ultimately we felt that an individual with a passion for OWASP, demonstrated excellence, strong leadership and a desire for the mission and community was the best choice. To take OWASP to the next level we need an individual that can execute, seek out new opportunities for OWASP to grow and strategically leverage our resources. The fit for this role was one someone we already knew and trusted

Sarah has been part of the OWASP operations team for the past two and a half years. She has played a pivotal role in coordinating global AppSec conferences, worked within the Global Industry, Chapter, and Conference Committees, and also was part of the 2011 Global Summit planning team. Sarah's educational background includes a Juris Doctor degree in law and she leverages this knowledge in many ways working for OWASP including contract negotiation and risk assessment.  

Prior to joining OWASP, Sarah worked as a practicing attorney, focusing on electronic discovery in large class action lawsuits. She also has worked as a volunteer English and computer skills teacher for English language learners assimilating into the United States.

Michael Coates

Monday, April 8, 2013

OWASP Creates Executive Director Position

OWASP is driven by volunteers and the contributions of thousands all over the world. Behind the scenes there is also a group of dedicated paid staff that focus on critical operations to ensure the OWASP engine keeps running strong. This team has grown organically over the years as OWASP has recognized the need for dedicated full time individuals to focus on specific task items. In each of these areas we've seen great successes from our staff.

As OWASP continues to grow we must also ensure our structure and supporting operations team grows too. The next step in that growth is the creation of the OWASP Executive Director role. The individual in this role will lead the focus and resourcing of our operations team to ensure we execute on our strategic goals each year. This individual will ultimately be responsible for leading the operations team to success and will report directly to the OWASP board. This role will maximize the value our operations team provides to our community, projects and the world. 

This is an exciting step forward for OWASP and a demonstration of the continued growth of our community.

Michael Coates

Monday, April 1, 2013

Call for Papers, Trainers & Early Bird Tickets