Webinar Opportunity for OWASP Project Leaders

Hello Project Leaders,

We are happy to announce a new monthly webinar series for Project Leaders to showcase their projects. 

The webinar will be held every third (3) Wednesday of every month at 10am EST. Below are the dates when each webinar will be held, and you can indicate the month if you are interested:

• February 19

• March 19

• April 16

• May 21

• June 18

• July 16

• August 20

• September 17

• October 15

• November 19

• December 17

Please reach out to Samantha Groves (Samantha.Groves@owasp.org) if you are interested in giving a 45 minute webinar on your OWASP Project.

Training and Conference Program

Remind to REGISTER !

TRAINING SESSISONS

Monday and Tuesday, March 17th - 18th

• Mobile Security: Securing Mobile Devices & Applications. Dave Wichers [ENGLISH] 

Monday, March 17th

• Secure Web Development. Jerry Hoff  [ENGLISH]

• Hands on Simple method of the penetration testing using OWASP ZAP. Minoru Sakai [JAPANESE]

Tuesday, March 18th

• CISO training: Managing Web & Application Security – OWASP for senior managers. Tobias Gondrom [ENGLISH]

• Developer Security Training. Jim Manico [ENGLISH] *free training*

CONFERENCE SESSIONS

All conference sessions will be translated into English or Japanese.

Wednesday, March 19th

PLENARY SESSIONS:

• Welcome Address and Openening Remarks. Riotaro Okada & Tobais Gondrom
•  KEYNOTE. Suguru Yamaguchi
•  KEYNOTE. Dave Wichers

TRACK A:

• The OWASP Proactive Controls. Jim Manico
• OWASP documents for every people. Chia-Lung Albert Hsieh
• 12 Case Studies for the Access Controls of Web Application. Takashi Honda
• Get Ready for the Next Big Wave of Attacks: Hacking of Leading CMS Systems. Helen Bravo, Sanjay Agnani

TRACK B:

• Why OWASP AppSensor is the future of Application Security, and why you should be using it. Dennis Groves
• Inside Story of the first SaaS type WAF Service. Kana Toko
• The Art and Science of Configuring SSL. Nick Galbreath
• Bad Web Apps are Good – The Broken Web Application Project. Mordecai Kraushar

TRACK C:

• Women in AppSec
• OWASP Japan
• The fact report of attack traffic on the Internet. Makoto Niimura
• The investigation of Web Application Vulnerabilities in Japan. Koki Takahashi

Thursday, March 20th

PLENARY SESSIONS:

• 1 user, 10 places, 100 seconds. Matias Madou
• DevOps. Dave Wichers
• KEYNOTE  Michael Coates
• Closing Remarks. Tobias Gondrom & Riotaro Okada

TRACK A:

• eXtend Security on Xcode. Tokuji Akamine, Raymund Pedraita
• Getting a handle on mobile security. Jerry Hoff
• Preinstalled Android application poisoning. Yoshitaka Kato

TRACK B:

• HTML 5 Security for Web Application Development. Yoshinori Matsumoto
• XSS Allstars from Japan. Yosuke Hasegawa, Masato Kinugawa, Mala
• Secure Escaping method for the age of HTML 5. Yoshinori Takesako

TRACK C:

• Management for Security Life Cycle. Shoji Ito
• How to choose (or write) your own source code scanner. Yu-Lu “Chris” Liu
• Open Mic Session

We are looking forward to seeing you in Tokyo!

Not Making a Statement is a Statement in its Own Right [AUDIO]

Earlier this week, OWASP released a statement after an internal debate regarding recent allegations that RSA had weakened its encryption while receiving $10 million dollars from the NSA. There was heated discussion about whether or not to publish a statement. Would it be perceived as political? What is OWASP’s responsibility when it comes to defending the trustworthiness of software?

As part of the OWASP 24/7 Podcast Series, I spoke with Tobias Gondrom and Eoin Keary about that debate. Their premise is that this is not a political statement, but a clarification to keep OWASP focused on its original mission.

Listen to the interview: Not Making a Statement is a Statement in its Own Right

OWASP Global Connector

January 28, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation Featured OWASP Project OWASP O - Saft Project O - Saft is an easy to use tool that shows information about SSL connections and the provided SSL Certificates. It's designed to be used by penetration testers, security auditors, or server administrators. The idea is to show the important information, or the special checks, with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people. For more information, please contact the Project Leader, Achim. New OWASP Project OWASP Internet of Things Top 10 Project The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them. For more information, please contact the Project Leader, Daniel Miessler. Project Announcements Project Review Assistance Required! The OWASP Technical Advisors and the OWASP PM are in the process of reviewing our projects, and we would like to ask for your assistance with this assessment. We would like to ask that you take a bit of time to fill in a short survey that we will use to assess the Usability and Value of each project to its users and the community. You can find the assessment survey here: Project Usability and Value Assessment For more detailed instructions on how to submit your comments, please contact Samantha Groves. New Project Adoptions This past week, several of our OWASP Projects were adopted by a handful of Leaders. The projects were in the process of being labeled inactive if they did not get adopted by mid-February. Thankfully, our Leaders have agreed to move the projects forward. Below, you will find a list of the adopted projects, and the Leaders that have decided to manage each project. OWASP Academy Portal Project Danny Harris Felipe Lacerda OWASP Education Project Konstantinos Papapanagiotou Vasileios Vlachos OWASP Hacking Lab Project Ivan Buetler Mateo Martinez OWASP Student Chapter Project Mateo Martinez OWASP Speakers Project Mateo Martinez OWASP University Challenge Project Ivan Buetler Mateo Martinez OWASP Global Board Releases Statement on the Security of the Internet Read the entire statement and post here Are You Ready? The OWASP Global platform is being reinforced with steel! The Operations team is working upgrading and consolidating the systems that support YOUR work. More information will be provided in upcoming issues. Just for Fun In case you need another excuse to take a break from the keyboard, try to figure out this riddle. Send your answers to our comment desk for a chance to win a really cheezy prize. Winners will be announced in the next connector. Alice and Bob ran a race of 100 yards and Alice won by 5 yards. "It doesn't seem fair," said Bob. "What if I gave you a head start next time?" suggested Alice. Alice started the next race five yards behind the starting line. Both Alice and Bob ran the second race at exactly the same speed as before. What was the result? - Brought to you by Lewis Carroll (Adapted Puzzle) Thank you to our newest Corporate Member: Monitorapp Global AppSec Events in 2014 AppSec APAC 2014 (March 17 - 20, Tokyo Japan) English Website Japanese Website Training March 17-18, Conference March 19-20 Conference Training and Talks have been posted Early Registration deadline is February 1 AppSec LATAM 2014 - LATAM Tour (April 21 - May 12) In 2014, instead of holding an AppSec LATAM Conference, we are working on organizing a LATAM Tour. Building on the success of 2012 and 2013, the tour will empower the entire LATAM region to collaborate and to raise software security awareness in their region. This year's tour will be held between April 21st and May 9th. Please find additional information regarding the tour and on the scheduled stops by visiting the Tour Wiki Page. AppSec EU 2014 (June 23 - 26, Cambridge, UK) Training - June 23-24, Conference - June , 25-26 Sponsorship details are now available Call for papers - Coming Soon AppSec USA 2014 (September 16 - 19, Denver, CO) Save the date for Training - September 16-17, Conference - September 18-19 More information on the call for papers and training - Coming Soon Upcoming Regional Events Primeiro Encontro do Capitulo OWASP RJ (January 30, 2014, Rio de Janeiro, Brazil) LASCON 2014 (October 21 - 24, Austin, TX) Partner and Promotional Events OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us Nullcon (February 12 - 15, Goa, India)OWASP Members receive a 20% discount off of the general event registration fee by using Security, Management, Audit Forum 2014 (February 19 - 20, Poland) InfoSec World Conference & Expo 2014, April 7-9, 2014. OWASP Members receive a 10% discount off the standard conference registration fee by using discount code: OS14/OWASP Cyber Security Summit, April 9-10, 2014. Prague, Czech Republic. OWASP Members receive a 20% discount off of the general event registration fee by using THIS LINK The OWASP Hacking-Lab project has made the "OWASP WebGoat challenges" available on the OWASP Hacking-Lab wiki This is the third free OWASP Challenge made available by Hacking-Lab OWASP Global Initiatives Global List of Opportunities Team OWASP OWASP is looking to create a learning environment where security meets developer. Leveraging the functionality of "The Hive" the goal is to establish a global arena to not only perform secure testing of code, but development and testing of solutions. OWASP Global Webinar Wednesday, February 5th Jonathan Marcil, project leader and chapter leader will demonstrate the functionality of the OWASP Media platform.. Jonathan will show how to use existing tools and connect them to the existing framework to support the OWASP mission. Register for the 10 am EST Presentation Register for the 9 pm EST Presentation OWASP Member Spotlight As an organization driven by it's membership community, it's high time we dedicate some space to recognizing YOU! Jason Johnson decided to "get involved" in January 2013 by taking leadership of the Oklahoma City chapter. Jason also started "The HIVE" project and is leading the adaptation of this platform to support the new "Team OWASP" initiative. Jason's "elevator pitch:" I work as an Application Performance professional for the government. (no I did not test healthcare.gov) This line of work fuels my love for OWASP because application security is one of the most overlooked key elements in developers code. I am currently in school for computer forensics. I started the OKC Chapter here in Oklahoma and its slowly getting off the ground. The HIVE project started as a secure-ISH solution for projects of all kinds. I really want to push this into education; if students can learn to store things in a crazy secure way even learn to test code or even build up a Pen Testing\Code endorsing secure heap of goodness with the hive I think it will show them the endless possibilities in secure code and spark new ideas. provides. OWASP Foundation Social Media LinkedIn Twitter Google + Facebook Ning StackOverflow

OWASP Statement on the Security of the Internet

The OWASP (Open Web Application Security Project, www.owasp.org) community cares deeply about how much people can trust commonly used Internet services and the applications that provide and use these services. The reports about large-scale intelligence activities targeting Internet communication and applications and possible attempts to undermine cryptographic algorithms leave us deeply concerned. We knew about the interception of targeted individuals and other monitoring activities, however, the scale of recently reported activities and the possibility of active undermining of the security of deployed applications are alarming.

Of course, it is hard to know for sure from current reports which attack techniques may be in use and which secret agreements may be in place. As such, it is not so easy to comment on the specifics from an OWASP perspective. OWASP has long-standing general principles that we can talk about, and address some of the actions we are taking.

Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks.

• We strongly believe trustworthy secure software and applications are an important cornerstone of human society and interactions of all people around the world.
• We strongly believe that people, companies and governments must protect software security and must not intentionally weaken software security, security standards, or undermine the security of cryptographic algorithms.
• We strongly believe that people, companies and governments must not intentionally introduce defects or vulnerabilities (or secret back-doors) compromising the security, trust and integrity of software and applications.

We think it is also important to point out that if vulnerabilities are introduced by people, governments or corporations to enable monitoring, this will not only have adverse effects on freedom and trust within human society, but sooner or later these vulnerabilities and weaknesses will also be found and exploited by malicious actors and criminals. Furthermore, the general population and companies will then be left without protection against these actors, undermining the very foundations of many software applications that support our daily lives, and with potentially world-wide catastrophic consequences.

The OWASP community wants to help build secure and deployable systems for all Internet users. Addressing security and new vulnerabilities has been the key strength of the OWASP community for more than a decade and technology alone is not the only factor. Education, operational practices, laws, and other similar factors also matter. We see the recent news and developments as a challenge, inspiring us to stand by our principles and work harder and do more to make the web and applications more secure. Eoin Keary, OWASP board member, pointed out: "OWASP cannot stand by and let the erosion of security occur; it is against our mission." We are confident that the OWASP community can do its part and we believe that OWASP security recommendations and tools, if used more widely, can help.

We should seize this opportunity to take a look at what we can do better going forward; not only think about all this just in light of the recent revelations. The security and privacy of the Internet in general is still a major challenge, even ignoring recent intelligence activities. Lessons can be drawn from the above that will be generally useful in many ways for years to come. And Tobias Gondrom, OWASP board member, voiced the hope, that “perhaps this year’s discussions can be the inspiring spark to motivate the world to become more security aware, address open issues and move from “insecure by default” to “secure by default”.”

Publicity and motivation are important, too. There is plenty to do for all of us, from users enabling additional security features to security experts, companies and governments ensuring that their users, products, services and applications are secure. OWASP is an open community and we invite everyone interested in working on this area to rise to this challenge and contribute to the analysis and develop ideas in this area together for our common future.

OWASP + TrustyCON + BSidesSF / IATC

********BEGIN TRANSMISSION******

Technology should not only be Secure, it should be Trustworthy.
Raise Visibility for the community: https://www.thunderclap.it/projects/8350-the-cavalry-isn-t-coming

If you follow the OWASP Top 10  A2, A4, A5, A6, A9 is why you should join the discussion with your peers -- read on 

o()xxxx[{:::::::::::::::::::::>

OWASP  ** BSIDESSF ** TrustyCON

Background
As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA

 
News Report
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220

Technical primer
http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/

The Cavalry Isn't Coming  It falls to us. Be a voice of reason. Drive cyber security for public good and public safety - have the discussion and learn about the impact.

o()xxxx[{:::::::::::::::::::::>

TrustyCON
Join us for the first Trustworthy Technology Conference, to be held on 27 February 2014 at the AMC Metreon Theatre in San Francisco, California. We welcome all security researchers, practitioners and citizens who are interested in discussing the technical, legal and ethical underpinnings of a stronger social contract between users and technology.

https://trustycon.org/

o()xxxx[{:::::::::::::::::::::>

BSIDESSF

BSides are about extending conversations in an open environment, not imposing a single point of view on anyone

This year's conference season has begun with controversy; we encourage everyone to speak, attend, and participate in events as they feel personally appropriate.
When: Sunday and Monday, February 23-24, 2014 Where: DNA Lounge (375 Eleventh Street, San Francisco, CA 94103) Times: 9am - 6pm

http://www.securitybsides.com/w/page/70849271/BSidesSF2014

o()xxxx[{:::::::::::::::::::::>

OWASP

The Open Web Application Security Project (OWASP), the premier global not-for-profit devoted to improving software security, is hosting a special security boot camp open to the public for FREE

WHAT:
The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.

WHEN:
Monday, Feb. 24, 2014 2pm-5pm

WHERE:
Jillian's Billiards Club of San Francisco
175 Fourth Street, San Francisco, CA 94103

(Across the street from Moscone Center where the RSA Conference is being held.) The boot camp will be followed by an open Happy Hour sponsored by the Bay Area OWASP Chapter from 5pm-7pm, also at Jillian's.

COST:
The training is a FREE service of OWASP, open to anyone interested in securing their code.

Pre-registration is recommended to guarantee a spot in the training, but we will accept walk-ins based on available space. The Happy Hour is open to the public and no registration is required. To register for training, visit: http://www.eventbrite.com/e/free-owasp-training-tickets-10302967453

About OWASP Foundation

The Open Web Application Security Project (OWASP) is dedicated to making application security visible by empowering individuals and organizations to make informed decisions about true software security risks. As a 501(c)(3) not-for-profit worldwide charitable organization, OWASP does not endorse or recommend commercial products or services. Instead, we allow our community to remain vendor-neutral with the collective wisdom of the best individual minds in software security worldwide.


https://www.owasp.org/index.php/OWASP_Statement_on_the_Security_of_the_Internet_2014


o()xxxx[{:::::::::::::::::::::>

The Cavalry Isn't Coming
It falls to us.
Be a voice of reason.
Drive cyber security for public good and public safety.
http://www.iamthecavalry.org/

Technology should not only be Secure, it should be Trustworthy.
Raise Visibility for the community https://www.thunderclap.it/projects/8350-the-cavalry-isn-t-coming

***END TRANSMISSION*********

Free OWASP Training and Meet Up in San Francisco - Feb 24th

Free OWASP Security Developer Training 

OWASP is hosting a special security boot camp for all conference-goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers. The training is recommended for developers who want to learn more about securing their code as well as security professionals who want to become acquainted with the latest web vulnerabilities.  

WHAT: 

Presented by Jim Manico and Eoin Keary, this intensive boot camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.  

WHEN: 

Monday, Feb. 24, 2014

2pm-5pm

WHERE: 

Jillian's Billiards Club of San Francisco

175 Fourth Street, San Francisco, CA 94103
(Across the street from Moscone Center where RSA is being held.)

The boot camp will be followed by an open Happy Hour sponsored by the Bay Area OWASP Chapter from 5pm-7pm, also at Jillian's.

COST: 

The training is a FREE service of OWASP, open to to the public -- all conference goers: RSA Conference, Bsides SF, and TrustyCon as well as local developers and anyone interested in securing their code. 

Pre-registration is recommended to guarantee a spot in the Free Training, but we will accept walk ins based on available space. The Happy Hour is open to the public and no registration is required. To register for training, visit: http://www.eventbrite.com/e/free-owasp-training-tickets-10302967453

OWASP Project Leaders Wanted!

Dear Leaders,

We are looking for Leaders to take over the management of a handful of very important OWASP Projects. The projects are below. 

- Academy Portal: https://www.owasp.org/index.php/Projects/OWASP_Academy_Portal_Project

- EDU https://www.owasp.org/index.php/EDU
- Education Project: https://www.owasp.org/index.php/Category:OWASP_Education_Project
- Hacking-Lab Project:  https://www.owasp.org/index.php/OWASP_Hacking_Lab
- Student Chapter Program: https://www.owasp.org/index.php/OWASP_Student_Chapters_Program
- Speakers Project: https://www.owasp.org/index.php/Category:OWASP_Speakers_Project
- University Challenge: https://www.owasp.org/index.php/OWASP_University_Challenge

Martin Knobloch, Project Leader of the projects above, will not be able to continue to manage them all due to increased responsibility both within and outside of OWASP. He would like to make sure these project are not left abandoned, and that they are managed by capable and dedicated Leaders wishing to move the projects forward. If you are interested in taking on one or a few of these project on, please contact Samantha Groves (Samantha.Groves@owasp.org). 

Thank you, Leaders.

Sam G. 

OWASP Security Labeling System Poll

Hello Leaders,

Luis Enriquez, our OWASP Security Labeling System Project Leader, has put together a quick poll that will help him start his work with the project

We would like to ask that you take a few moments to fill it out for him. It is only 5 questions long. If you need more information, please visit the wiki page or e-mail Luis directly.

Security Labeling System Poll

Thank you very much for your help, Leaders.

Sam G.

OWASP Global Connector January 14, 2014

January 14, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation Featured OWASP Project OWASP Xenotix XSS Exploit Framework The OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world's 2nd largest XSS Payloads of about 1500 + distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation For more information, please contact the Project Leader, Ajin Abraham. New OWASP Project OWASP Reverse Engineering and Code Modification Prevention Project For more information, please contact the Project Leader, Jonathan Carter. Project Announcements OWASP Projects voted Top Security Tools by ToolsWatch.org Readers Three OWASP tool projects were voted as the top security tools of 2013 by users and readers of ToolsWatch.org. OWASP ZAP ranked number one on the top ten list with OWASP Xenotix XSS Exploit Framework ranking number 5 and OWASP O-Saft SSL Advanced Forensic Tool ranking number 10. Congratulations to the project leaders and all of the contributors that helped make these OWASP tools so amazing. OWASP ZAP OWASP Xenotix XSS Exploit Framework OWASP O-Saft Message from Project Leader, Mark Miller. We just released a new OWASP podcast episode: AppSec USA 2013 - Larry Conklin and the Code Review Book Project Visit the OWASP 24/7 Podcast series wiki page for more information, or contact Project Leader Mark Miller directly OWASP OWTF 0.45.0 "Winter Blizzard" Released! This release contains many features such as the continued integrated work from the 4 OWASP OWTF Google Summer of Code projects (including post - GSoC improvements), and the initial work of "OWTF bonnet mode" a BruCon 5X5 project by Marios Kourtesis. Please contact Project Leader Abraham Aranguren for more information OWASP ESAPI Hackathon Update! There are only 7 days left until the OWASP ESAPI Hackathon Contest closes. Contribute for a chance to win some great prizes. The ESAPI team is in need of more contributors. Spread the word or add some content yourself. Visit our OWASP blog page for more information on what and how to contribute. Project Review Assistance Required! The OWASP Technical Advisors and the OWASP PM are in the process of reviewing our projects and we would like to ask for your assistance with this assessment. We would like to ask that you take a bit of time to fill in a short survey that we will use to assess the Usability and Value of each project to its users and to the community You can find the assessment survey here: Project Usability and Value Assessment. For more detailed instructions on how to submit your comments, please contact Samantha Groves Thank you to our newest Corporate Member: Ipswitch, Inc. Thank you to NetSPI, SCSK Corporation, and Twitter for continuing to support the OWASP Foundation Global AppSec Events in 2014 AppSec APAC 2014 (March 17 - 20, Tokyo Japan) English Website Japanese Website Training March 17-18, Conference March 19-20 Conference Training and Talks have been posted Early Registration deadline is February 1 AppSec LATAM 2014 - LATAM Tour (April 21 - May 12) In 2014, instead of holding an AppSec LATAM Conference, we are working on organizing a LATAM Tour. Building on the success of 2012 and 2013, the tour will empower the entire LATAM region to collaborate and to raise software security awareness in their region. This year's tour will be held between April 21st and May 9th. Please find additional information regarding the tour and on the scheduled stops by visiting the Tour Wiki Page. AppSec EU 2014 (June 23 - 26, Cambridge, UK) Training - June 23-24, Conference - June , 25-26 Sponsorship details are now available Call for papers - Coming Soon AppSec USA 2014 (September 16 - 19, Denver, CO) Save the date for Training - September 16-17, Conference - September 18-19 More information on the call for papers and training - Coming Soon Upcoming Regional Events AppSec California 2014 (January 27 - 28, Santa Monica, CA) There is still time to register! LASCON 2014 (October 21 - 24, Austin, TX) Partner and Promotional Events OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us Nullcon (February 12 - 15, Goa, India)OWASP Members receive a 20% discount off of the general event registration fee by using Security, Management, Audit Forum 2014 (February 19 - 20, Poland) InfoSec World Conference & Expo 2014, April 7-9, 2014. OWASP Members receive a 10% discount off the standard conference registration fee by using discount code: OS14/OWASP Cyber Security Summit, April 9-10, 2014. Prague, Czech Republic. OWASP Members receive a 20% discount off of the general event registration fee by using THIS LINK Upcoming for 2014 2013 is behind us and 2014 lies ahead. Our collective accomplishments in 2013 are just a hint of what we will achieve as an organization in the coming year. We would like to give you a peek at a couple of new opportunities on the road map for the beginning of the year. Global Volunteer Opportunities Cybersecurity Center of Excellence Proposal (NCCoE): Contributors Wanted A volunteer is needed to assist and determine the level of the foundation's involvement with the National Cybersecurity Center of Excellence regarding a recent call for public comments. A few dedicated individuals are needed to lead the foundation's involvement in this initiative. For more information, please contact Bev Corwin 2014 Operational Goals for OWASP Projects These goals have been put together based on Leader requests, and the need to continue work on other optional tasks from the previous year. They will be the goals and milestones for 2014. Please visit our OWASP Blog for a detailed list of the goals and milestones. Global Training Initiative The goal of this initiative is to set the roadmap for an OWASP Training Program. Objectives include baseline knowledge, increasingly challenging courses, various educational tools, costs, revenue, and application for available grant or sponsorship funding.This initiative will begin in February. Estimated planning period will require a 60 day commitment. The initiative will transition to an implementation phase in Q2. Quarterly Research Journal The Foundation would like to create a professionally designed and published Journal on a Quarterly Basis. The content of this journal will focus on research and new solutions to software security challenges. A team will be needed to review the paper submissions for content and applicability. OWASP Site The Foundation is exploring the web capabilities that exist within the Salesforce Platform: specifically around the creation of communities and web presence using site.com. Individuals who have knowledge of site.com and Salesforce communities are invited to share their knowledge and assist with the creation of the collaboration platform. OWASP Foundation Social Media LinkedIn Twitter Google + Facebook Ning StackOverflow