Monday, March 31, 2014

Check out the incredible roster of international speakers and topics for Suits and Spooks Monterey, CA April 17-18, 2014 http://spooks.wpengine.com/monterey.

Wednesday, March 26, 2014

2014 OWASP Summit: Seeking Session Ideas











The 2014 OWASP Project Summit will be taking place during AppSec EU 2014 in Cambridge, UK, and we need your help to make it our best Project Summit yet. We are calling on all OWASP Project Leaders to submit your project to participate in this year’s Summit. The Project Summit is a great opportunity to reach project milestones, as well as receive feedback from the OWASP community by enlisting new volunteers to your project.

Help shape the 2014 Project Summit by submitting to lead a working session. We would also, like your feedback on what tracks and session you would like to see at the Summit. The planning team would like your input on ideas to creating a productive event this year. The Summit team will take your ideas, and develop a comprehensive schedule that suits the needs of our Project Leaders and community.

To get an idea of what we are looking for in a working session, take a look at the Tracks and Session from the 2013 Project Summit.

Help make the 2014 Project Summit in Cambridge a great success for OWASP Projects. Submit your ideas for tracks and sessions to Samantha Groves (Samantha.Groves@owasp.org) and Kait Disney-Leugers (Kait.Disney.Leugers@owasp.org).

See you in Cambridge!

Tuesday, March 25, 2014

Women in AppSec Program Seeking Sponsors

This year’s Women in AppSec Program kicked off successfully at its AppSec APAC debut earlier this month. Originally, the Women in AppSec team planned to send one woman to AppSec APAC, instead they were able to send two women to the conference, where they each gave a 10-minute presentation.

To continue the trend of success, the Women in AppSec 2014 team is looking to send 1 to 2 women to AppSec EU this June in Cambridge. The aim of the Women in Application Security Program is to support and enhance programs that increase the participation of women in the field of application security. To fulfill this aim, the OWASP Foundation is currently seeking funds to sponsor women from the European region to attend OWASP AppSec EU 2014. The committee is seeking to raise $3,000 for at least one recipient to cover her conference fee, training fee, travel and at least one in-depth training session.

The benefits of sponsoring the Women in AppSec Program are:  the sponsor will have a mention in the AppSec EU program, and the logo, company name, and link to company website on the AppSec EU website on the Sponsors Page. For more information about sponsoring the Women in AppSec Program please see this year’s sponsorship document.

The winner will be participating at AppSec EU June 23-26, 2014. Please contact Samantha Groves (Samantha.Groves@owasp.org) for more information.

Monday, March 24, 2014

OWASP Community Engagement Funding

OWASP Community Members -

In an effort to simplify and broaden availability of funds for everything from chapter speakers (previously OWASP on the move), OWASP outreach (speaking, merchandise, etc), Projects, and initiatives - we have created general fund buckets for community engagement.

The full program details are listed here: https://www.owasp.org/index.php/Funding  along with a sampling of possible requests.  If there is a situation you think should be covered not on the list, please just let us know.  I will be working on adding FAQ as well as more examples to the bottom of the page as they come up.

The most important pieces of information is that all funding request must be pre-approved by submitting request to support@owasp.org or through our contact us form: http://sl.owasp.org/contactus. We will make every effort to get back to you with in 48 hours. 

For full transparency, we will be tracking payments here: https://www.owasp.org/index.php/Community_Engagement_-_Payments

We hope that this will incentivize those of you to spend money on chapter meetings, projects, and outreach where you maybe thought this wasn't possible before because you didn't have a budget (or know how to request money).

Looking forward to feedback and engagement!

Regards,
Sarah Baso

Women in AppSec Scholarships, AppSecEU 2014


The OWASP foundation cordially invites our Chapter Leaders to support the Women in AppSec Scholarship initiative. By supporting this program, your chapter or your respective company will be ensuring the participation of more women in the Web Application Security community. When funded, two women, local to the event, will be provided with scholarships of $3000 each, to attend AppSecEU. These funds are to cover travel, lodging, conference admission and training.

Please see our flyer for more information and our Women in AppSec page to see how your local chapter or regional conference can incorporate the program in to future events in your area.

Donation levels start at $500US for Chapter support and $1000US for corporate sponsorship. See the above mentioned flyer for details on RIO.

Please help us spread the word and bring this important initiative up for discussion during Chapter business, at your next local meeting.

Those interested should contact Samantha Groves <samantha.groves@owasp.org > for more information, or to make payment arrangements.

Best,

-= GK Southwick

Community Manager
OWASP Foundation



Google Summer of Code and OWASP


Dear OWASP Members,

As some of you are likely aware, OWASP has partnered with Google Summer of Code (GSoC), to offer Mentor services to their approved applicants, on current OWASP projects. GSoC FAQ blog post (for more reference). We currently have 88 student applicants and only 20 mentors signed-up. As a general rule, Google assigns two mentors to each student, to allow for scheduling flexibility and timing issues.

Last year, we had 11 students based on 22 Mentors through OWASP. This year, we'd like to see that number at least double. Please put out a Call for Mentors to your chapter members. Time is of the essence. The application process has closed and Google is waiting to hear back from us, as to how many mentors we have to offer them.

Dr. Konstantinos Papapanagiotou <Konstantinos@owasp.org> is heading up this project, so if you have members that are of the mind to mentor, please put them directly in contact with him and he can get them set-up with more information and instructions on how to proceed from here.

Cheers and Happy Mentoring!

-= GK Southwick

Community Manager
OWASP Foundation


Reflections on AppSec AsiaPac 2014

Hello OWASP leaders,

The Appsec Asia Pac 2014 is over, and it enters the pantheon of unforgettable OWASP conferences.  I wanted to give the leaders list an update of the highlights, and mention some of the great successes of the event.

As to be expected, the event was meticulously organized in a welcoming venue in the heart of Tokyo. The organizers and the OWASP staff did an amazing job of pulling it all together, which can only be described as "sprezzatura" - cheerfully accomplishing extremely difficult tasks while making it appear effortless.


A few key points from my perspective to success:


1. The conference smashed through the language barrier
 
- Every conference session had amazing, United Nations quality translators.  The translators were so good and so fast, even jokes were being translated in real time (was amazing to see a joke/pun being made in English, followed by near simultaneous laughter from both the English-speaking and Japanese-speaking audience).  These super high quality translators eliminated the seemingly insurmountable language barrier.  The fact they were able to do this translation with even these very technical topics and industry-specific terms was nothing short of amazing.

- The paid technical training classes (my class and Dave Wichers’ class) had volunteer translators who did great fantastic work.  The participants in my class took copious notes and we had many in-depth discussions, thanks to the real-time translation efforts of the volunteers.  Little to nothing was "lost in translation".



2. The OWASP community in Japan is very vibrant and growing rapidly

- It was clear OWASP is growing very rapidly in Japan.  Participants from many regional chapters made an appearance at the event, from various areas and representing luminary companies.  I have a strong feeling we will be seeing continued growth in high-quality OWASP projects originating out of the Japanese OWASP community.  

- The OWASP members and organizers went far above and beyond taking care of all the attendees from overseas.  The hospitality that I and the other overseas participants experienced was unforgettable.  We had multiple dinners, a trip to the top of the tallest tower in the world (Sky Tree), a tour of Tokyo including an excursion in a spaceship looking futuristic riverboat designed by a famous Manga artist and of course a multilingual Karaoke night.



3. Skyrocketing global-level interest in application security

- The conference had an auspicious 404 attendees, and drew in representatives from all over Japan, the region and the world. Clearly significant bridges were built between so many geographically dispersed people. This is one of the great benefits from the live events - face to face communication especially those that transcend language and national delineations.

- Events like this substantially strengthen OWASP globally.  As a shameless self-serving example, I personally received commitments from Japanese members to help translate the OWASP Appsec Tutorial Series, making this OWASP outreach effort available new millions of potential OWASP members.  



So with deep gratitude I want to again recognize Riotaro Okada, Sen Ueno, Robert Dracea and all the numerous other event organizers who put in extreme effort and dedication to this event, along with the indefatigable Samantha Groves and Laura Grau.  Also, a round of applause for ALL past and present event organizers globally.  It is your continued efforts unshackle OWASP out of the virtual and allow it to thrive in the real world.  


ありがとうみなさん!


Jerry Hoff

Tuesday, March 18, 2014

OWASP Connector March 18


OWASP Global Connector
March 18, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
owasp projects

Featured OWASP Project

OWASP Passfault
When setting a password, OWASP Passfault examines the password, looking for common patterns. It than measures the size of the patterns and combinations of patterns. The end result is a more academic and accurate measurement of password strength. When setting a password policy, OWASP Passfault simplifies configuration to one simple meaningful measurement: the number of passwords found in the password patterns. This measurement is made more intuitive and meaningful with an estimated time to crack.
For more information, please contact the Project Leader, Cam Morris

New OWASP Projects

OWASP ISO Project
The project aims to gather participants to improve the ISO standards about application security and secure coding. The ISO Project is currently seeking expert participants to create working groups that would contribute to the ISO guidances within the ISO Project.
For more information, please contact the Project Leader, Sebastian Gioria.
OWASP Top 10 Privacy Risks Project
OWASP Top 10 Privacy Risks Project aims to develop a top 10 list for privacy risks in web applications because currently there is no such catalog available. The list will cover technological and organizational aspects like missing data encryption or the lack of transparency.
For more information, please contact the Project Leader, Florian Stahl.
OWASP WASC Web Hacking Instances Database Project
The OWASP WASC Web Hacking Incidents Database Project is a project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability.
For more information, please contact the Project Leader, Ryan Barnett.
OWASP Security Frameworks Project
The OWASP Security Frameworks Project is a series of design patterns that can be used by language designers and architects to create secure frameworks for developers, thereby relieving developers of the work of implementing security themselves. The ultimate goal is to have as much security as possible built into the programming environment so that developer mistakes and omissions are less likely to lead to security vulnerabilities.
For more information, please contact the Project Leader, Ari Elias-Bachrach
OWASP WASC Distributed Web Honeypots Project
The goal of the OWASP WASC Distributed Web Honeypots Project is to identify emerging attacks against web applications and report them to the community including automated scanning activity, probes, as well as, targeted attacks against specific web apps. The scope of this project has recently been expanded to include deployment of both standard web application honeypots and/or open proxy honeypots.
For more information, please contact the Project Leader, Ryan Barnett.
OWASP Click Me Project
The OWASP Click Me Project is aimed at having a simple GUI which helps to create a test page for Clickjacking attacks.This is an attack which targets the clickable content on a website. OWASP Click Me tool will help you to test whether your site is vulnerable to this attack by creating a html page that will try to load your web site from a frame.
For more information, please contact the Project Leader, Arun Kumar
OWASP Secure TDD Project
The OWASP Secure TDD Project allows organizations to integrate security into the Test Driven Development (TDD) lifecycle. The OWASP Secure TDD Project contains an open source tool written for .NET developers in order to allow generation of the most common tests out of the box and enable developers to consciously improve the project by developing additional tests or extensions.
For more information, please contact the Project Leader, Arun Kumar

Adopted Projects

OWASP LAPSE Project adopted by Greg Disney Leugers
OWASP Orizon Project adopted by Greg Disney Leugers
OWASP SQLiX project adopted by Anirudh Anand
owasp communication

The OWASP Platform is getting a facelift

Coming soon, we will be unveiling the initial phases of a new, consolidated Community Platform.
Gone are the days of complicated membership registration, and tedious event registrations. Imagine, being able to manage your membership, any events, donations, and update your information in ONE location!
Additional Features like community resources, OWASP FAQ, and collaborative groups with community polls, are just some of the enhancements that will be released during 2014.
We will be providing detailed information and instructions in the coming weeks.
conferences

Global AppSec Events in 2014

AppSec LATAM 2014 - LATAM Tour (April 21 - May 12)
Registration is now open! Please refer to the tour pages for the location you want to register for.
In 2014, instead of holding an AppSec LATAM Conference, we organizing a LATAM Tour which we hope will bering together LATAM community members together to spread the OWASP mission. Here are the sheduled stops for the tour:

  • April 21-22, Costa Rica (San Jose)
  • April 22-23, Chile (Santiago)
  • April 23-24 Ecuador (Quito & Guayaquil)
  • April 25-26 Peru (Lima)
  • April 28-29 Panama (Panama)
  • April 29-30 Uruguay (Montevideo)
  • May 5-6 Venezuela (Caracas)
  • May 6-7 Colombia (Bogota)
  • May 8-9 Argentina (Buenos Aires)
Sponsorship Opportunities are available as well. Please find further information on the Tour Wiki Page.
AppSec EU 2014 (June 23 - 26, Cambridge, UK)
Registration is now OPEN

AppSec USA 2014 (September 16 - 19, Denver, CO)

  • Training - September 16-17, Conference - September 18-19
  • Sponsorship packages are now available.
  • More information on the call for papers and training - Coming Soon

Upcoming Regional Events

LASCON 2014 (October 21 - 24, Austin, TX)

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
InfoSec World Conference & Expo 2014, April 7-9, 2014. OWASP Members receive a 10% discount off the standard conference registration fee by using discount code: OS14/OWASP
Cyber Security Summit, April 9-10, 2014. Prague, Czech Republic. OWASP Members receive a 20% discount off of the general event registration fee by using THIS LINK
THOTCON - Chicago's Hacking Conference, April 25, 2014, Chicago IL. Tickets
owasp projects

Project Announcements

Project Summit 2014
The 2014 OWASP Summit is currently in the planning process. We have managed to acquire a great space at Anglia Ruskin University thanks to the AppSec EU 2014 planning team. We are currently looking for summit track and session and ideas and would like the imput of our project leaders to help us design the 2014 Project Summit. What projects, topics, working sessions, and tracks you would like to see or participate in at this year's summit? Submit your ideas to Samantha Groves. and help us create our best Project Summit yet!
OWASP Yasca Needs an Interim Leader
The OWASP Yasca Project is currently in need of an interim project leader for a 2014 tools based, in-person, working session that will potentially be funded. Those interested in this opportunity should familiarize themselves with the OWASP Yasca Project:
For more information about taking up the post as interim leader for the OWASP Yasca Project, please contactSamantha Groves
OWASP Projects on Ohloh

Recently, OWASP joined Ohloh, which is an Open Source platform that allows viewers to get more information on open source projects. The aim of this repository transition is to make it easier to track project progress and to offer better review results to leaders. We are asking that project leaders create an Ohloh account for their project, to create easy access to repositories for OWASP projects, and to better assist in project reviews. Account creation takes just a few minutes and Ohloh allows you to link as many repositories as you like, from Github, to SourceForge.
social media

OWASP Foundation Social Media

LinkedIn
Twitter
Google +
Facebook
Ning
StackOverflow
membership

Thank you to our renewed Corporate Members:


  • Aspect Security
  • Denim Group
  • MStar Semiconductor, Inc.
  • PwC Technology
  • Rakuten
  • Trustwave SpiderLabs
communication

OWASP is Growing!

We are pleased to announce the newest member of the OWASP Staff, our new Community Manager, Genevieve (GK) Southwick.
About GK: GK Southwick has been working in the Event Planning space for over 20 years. Starting with Physical Security in 1990, she eventually moved on to roles in Operations, Production, Facilities and Technical Direction, with an emphasis on personnel management. Active as a volunteer in the InfoSec space, she is Producer and President of the Board at Security BSides Las Vegas, is second in command of Physical Safety and Security at DerbyCon, afternoon Stage Manager and volunteer coordinator for DEFCON SkyTalks, and until moving to Denver in 2013, was head of Safety and Security and Volunteer coordinator at Security BSides San Francisco. She now volunteers with BSidesDenver, where she's currrently running Registration. She has also run Safety and Security for BruCon in Belgium and at BSidesATL, as well as helping out wherever necessary at SOURCEBoston.

GK is excited to bring her extensive volunteer management experience to OWASP, as she takes on the role of Community Manager. She's looking forward to the challenges and opportunities ahead of her while expanding the volunteer base within the organization, and working closely with the Chapter Leaders, to help them fulfill the OWASP Mission and assist them with their operational needs.
GK has a secondary diploma in Homeland Security from Bryman College, San Jose, where she graduated in 2004 With Honors.
GK's Community Management Role with OWASP: GK will be helping OWASP to continue building a platform to encourage volunteer participation the OWASP community. She will also be working with the chapters to support their efforts and help them grow OWASP's presence around the world GK has a passion for this community and mission as well as invaluable experience in organizing and motivating people.

Just for Fun

We would like to congratulate Michael Conlon for submitting the first correct response to last issue's puzzle. Thank you to everyone who submitted your response. If you missed the question, you can find it on the OWASP Blog
The Blue Knight, assuming that she did not drink too much to impede her ability to walk, would take 2.5 hours to make the journey between the World's End Pub and the castle on foot.
This issue's challenge
Mr. Slow, Mr. Medium, Mr. Fast, and Mr. Speed must cross a rickety rope bridge in 17 minutes. The bridge can carry at most two people at a time. Furthermore, it's dark, and there is only one flashlight; any single person or pair of people crossing the bridge must have the flashlight with them. (The bridge is too wide for the flashlight to be thrown; it must be carried across.) Each man walks at a different speed. A pair travelling together must walk at the rate of the slower man. Mr. Slow can cross the bridge in at most 10 minutes; Mr. Medium can cross in 5 minutes; Mr. Fast can cross in 2 minutes; Mr. Speed can cross in 1 minute. How do all four men get across in the bridge in 17 minutes?
Please submit your answers HERE
Membership

OWASP Member Spotlight - Lee Cambria, Pittsburgh, PA, USA

As an organization driven by it's membership community, it's high time we dedicate some space to recognizing YOU!

Lee Cambria got involved in OWASP when she took over the defunct Pittsburgh, PA Chapter.
Lee says: "I am Lee Cambria and have been in the Information Technology field for over 20 years. I have spent the last 8 years of my career focused on information security. My last two positions have been with major financial institutions where there is a heightened awareness for all aspects of security. Over the years I constantly find myself referring to the works of OWASP and promoting the value it brings to the security community.
The reason I was initially drawn to OWASP years ago was the caliber of security minded people that I knew who supported and actively participated in OWASP. In addition to this OWASP is a recognized leader in application security among ethical hackers and application programmers alike. It provides a risk based approach and encourages innovated thinking and free exchange of ideas."


Monday, March 17, 2014

OWASP's New Community Manager

I am pleased to announce the newest member of the OWASP Staff, our new Community Manager,  Genevieve (GK) Southwick.

About GK:
GK Southwick has been working in the Event Planning space for over 20 years. Starting with Physical Security in 1990, she eventually moved on to roles in Operations, Production, Facilities and Technical Direction, with an emphasis on personnel management. Active as a volunteer in the InfoSec space, she is Producer and President of the Board at Security BSides Las Vegas, is second in command of Physical Safety and Security at DerbyCon, afternoon Stage Manager and volunteer coordinator for DEFCON SkyTalks, and until moving to Denver in 2013, was head of Safety and Security and Volunteer coordinator at Security BSides San Francisco. She now volunteers with BSidesDenver, where she's currrently running Registration. She has also run Safety and Security for BruCon in Belgium and at BSidesATL, as well as helping out wherever necessary at SOURCEBoston.

GK is excited to bring her extensive volunteer management experience to OWASP, as she takes on the role of Community Manager. She's looking forward to the challenges and opportunities ahead of her while expanding the volunteer base within the organization, and working closely with the Chapter Leaders, to help them fulfill the OWASP Mission and assist them with their operational needs.

GK has a secondary diploma in Homeland Security from Bryman College, San Jose, where she graduated in 2004 With Honors.


GK's Community Management Role with OWASP:


GK will be helping OWASP to continue building a platform to encourage volunteer participation the OWASP community. She will also be working with the chapters to support their efforts and help them grow OWASP's presence around the world   GK has a passion for this community and mission as well as invaluable experience in organizing and motivating people.  I look forward to seeing the great things she will bring to the team and community.


GK started today and I encourage you all to reach out to her and congratulate her on the new gig!

Connect with GK: 
gksouthwick@owasp.org
@gksouthwick
http://www.linkedin.com/in/gksouthwick

Process: Hiring a Community Manager for the OWASP Foundation

OWASP Community Members –

We have hired someone for the new OWASP Community Manager Position (as some of you on social media may have already seen) and details about this person will be in the next post.  Here is some additional information about the hiring process and candidate pool.

The Event Manager job description was drafted by me and reviewed by the OWASP staff before posting.  The job description was posted to the wiki along with background requirements, desired skills, and starting salary. The job was promoted through OWASP channels: OWASP Blog, OWASP Connector (email to owasp-all and posted to blog),  OWASP Leader’s List, OWASP Foundation Linkedin Group, @OWASP Twitter Account, OWASP Group on Facebook, and OWASP Community Page on Google+. Externally, the job was also posted to Indeed, Smart Recruiters, Learn4Good, Zip Recruiters, and NYC Craig's List.


Applications
The Event Manager job was posted on February 11, 2014 and applications were accepted via email through February 25, 2015 (15 days).  We received exactly 99 applications and here is a breakdown of the sources of the applications as well as by geographic region where the applicants resided:


Interviews
From the 90 applications received, we asked 5 candidates for a bit more information about their experience with volunteer management over email, offered interviews to 11 candidates (roughly the top 10%).  The interviews were offered to the most qualified candidates based on required background and desired skills posted in the job description. Particular focus for this position was on whether the candidate had a minimum of 1 year of experience with community engagement initiatives (or volunteer management) as well experience working with a remote team and a commitment to the organization's goals and values.

Final Selection
Our final candidate went through 2 interviews as well as demonstrating an ability to motivate the community to voice their support of her in this role.  We received a wide variety of applicants (including more from outside the US than we have in the past).  Many applicants were quite qualified in the area of application security or IT, but did not have the amount of experience working with volunteers that this job requires.  We are really fortunate to have found a candidate that not only met, but exceeded our expectations in her wealth of previous experience.

Please read on to the next post for an introduction of out new staff member.

Friday, March 14, 2014

AppSecEU 2014 Call for Trainers / Call for Papers

AppSecEU 2014 CFT/CFP Closes March 21, 2014. Submit your presentations here.

OWASP selected as an official Google Summer of Code mentoring organization! 




This year OWASP has been selected as an official Google Summer of Code (“GSoC”)
mentoring organization! Open source software is changing the world and creating the future. Want to help shaping it?  We’re looking for students to join us in making 2014 the best Summer of Code yet!

OWASP is an open community dedicated to enabling organizations to conceive, develop,
acquire, operate, and maintain applications that can be trusted. All students currently enrolled in an accredited institution are welcome to participate in the Google Summer of Code 2014 program along with the OWASP Foundation.

What is GSoC? 

The Google Summer of Code program (“GSoC”) is designed to encourage student participation
in open source development. Through GSoC, accepted student applicants will be paired with  OWASP mentors from participating organizations.

Benefits to students include: 

• Gaining exposure to real ­world software development scenarios,
• An opportunity for employment in areas related to their academic pursuits and
• Google will be offering successful student contributors a 5,500 USD stipend, enabling them to
focus on their coding projects for three months.

This program is done completely online. Students and mentors from more than 100 countries
have participated in past years. For a detailed timeline and FAQ about the GSoC program:
http://www.google­melange.com/gsoc/document/show/gsoc_program/google/gsoc2014/help_pa
ge

GSoC + OWASP: Call for Student Proposals 

Are you a student and want to code for an OWASP project? Here are the steps and some tips on getting started:

1) Think of a good idea – For reference see
https://www.owasp.org/index.php/GSoC2014_Ideas 

2) Do some research yourself based on the idea, write up a proposal draft

3) Post it to the OWASP GSOC group
https://groups.google.com/d/forum/owasp-gsoc for initial discussions with OWASP
mentors.

4) Based on feedback, write a full proposal – See template below:
https://www.owasp.org/index.php/GSoC_SAT 

5) Submit your proposal to Google Melange from March 10th–March 21st, 2014.

Students wishing to participate in GSoC must realize this is a formal commitment to produce
code for the selected OWASP Project during three months. You will also take some resources
from OWASP project leaders, who will dedicate a portion of their time to mentor you. Therefore,
we'd like to have candidates who are committed to helping OWASP mission. You don't have to
be a proven developer ­­ in fact, this whole program is meant to facilitate joining OWASP and
other Open Source communities. However, experience in coding and applications are welcome.

Full details and requirements for participating:

https://www.owasp.org/index.php/GSoC

We wish you the best of luck,
OWASP GSOC Team

Thursday, March 6, 2014

OWASP Wins SC Magazine 2014 Editor's Choice Award


On Tuesday, February 25th OWASP was awarded the 2014 SC Magazine Editor’s Choice award. This was the final award of the evening and presented directly from Illena Armstrong, VP, editorial, SC Magazine.

From the 2014 SC Magazine Awards announcement:
For its ongoing support of the development and maintenance of secure web applications, we are calling out the achievements of the OWASP (OpenWeb Application Security Project). Its efforts in offering tools and education materials to developers and other security professionals has greatly aided in furthering the advancement of web application security. The nonprofit group does not endorse or recommend commercial products or services. This enables its open network to remain vendor neutral and synergize the collaborative efforts of the leading lights in software security worldwide. It’s all about trust, and information security professionals have come to rely on the group’s annual Top 10 project– ongoing since 2003 – which delineates the most common flaws present in web apps, thus increasing awareness in the security community of some of the most critical risks facing organizations. As well, the “Bug Bash,” held for three nights in November during the AppSec Conference, is considered one of the biggest application security bug searches in recent time. The event, sponsored by OWASP, gathered security researchers from 30 countries who collaborated to discern security gaps in software that runs the internet and some of the planet’s most commonly used applications. For its advocacy, out reach and teaching, we are delighted to recognize OWASP with this year’s Editor’s Choice Award
As a volunteer driven, non-profit organization our contributors donate their time and expertise for the betterment of all. It is exciting and rewarding for the entire community to be recognized for our continued efforts to increase application security!

Four board members from the OWASP foundation were present to receive the the SC magazine award.
 Eoin Keary, Michael Coates, Tom Brennan, Jim Manico
This award goes out to all of you – the OWASP community. Keep fighting the good fight!

Tuesday, March 4, 2014

Last Chance to Apply for the Women in AppSec Program for AppSec APAC!

The deadline to apply for the Women in AppSec Program for AppSec APAC taking place in Tokyo, Japan this year has been extended until March 7th, 2014. I encourage you to take advantage of this opportunity by applying as soon as possible if you are a woman either in the software security industry, or interested in learning more about the software security industry.


OWASP’s current program objective is to encourage female students at both the undergraduate and graduate levels, instructors, and professional working-women who are dedicated to a career in information security and/or application development, to expand their skills and pursue application security. 

Attendance for one woman to the OWASP AppSec APAC 2014 conference, and at least one of the in-depth training sessions, will be the award for this year’s winner. The Women in AppSec Program was successfully launched at AppSec USA in 2011 and this year’s event hopes to build on that trend and further engage women in the community.

If you are interested please use the Application Form to send us your details.

If you have questions, please contact Samantha Groves (Samantha.Groves@owasp.org).
  

OWASP YASCA Project in need of an interim Project Leader

The OWASP Yasca Project is currently in need of an interim project leader for a 2014 tools based, in-person, working session that will potentially be funded. Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, RATS, and Pixy to scan specific file types, and also contains many custom scanners developed just for Yasca. It is a command-line tool that generates reports in HTML, CSV, XML, SQLite, and other formats. Yasca is easily extensible via a plugin-based architecture, so scanning any particular file is as simple as coming up with the rules or integrating external tools. Yasca also features a simple regular-expression plugin that allows new rules to be written in less than a minute.
Those interested in this opportunity should familiarize themselves with the OWASP Yasca Project: https://www.owasp.org/index.php/Project_Information:template_Yasca_Project.

For more information about taking up the post as interim leader for the OWASP Yasca Project, contact Samantha Groves (Samantha.Groves@owasp.org.

Top nine reasons to join OWASP Latam Tour 2014

With the fastest growing Internet population in the world, the world's eyes are on Latin America.


Reson # 1. Nine stops, nine conference and nine training days:
* April, 21-22: San Jose, Costa Rica
* April, 22-23: Santiago, Chile
* April, 23-25: Quito & Guayaquil, Ecuador
* April, 25-26: Lima, Peru
* April, 28-29: Guatemala, Guatemala
* April, 29-30: Montevideo, Uruguay
* May, 5-6: Caracas, Venezuela
* May, 6-7: Bogota, Colombia
* May, 8-9: Buenos Aires, Argentina

Reason # 2. A bright future.
Last year consumers in Latin America spent an average of 10 hours per month on social networking sites, and five of the world's top 10 most socially engaged online markets are now located in Latin America. Overall Internet usage is also exploding in the region, as well as the prevalence of smartphones — estimates from earlier this year gauge that there are 140 to 200 million smartphones in Latin America. And brands are sitting up and taking notice.

Reason # 3. Plenty of networking opportunities.
Through institutions such as Mercosur and Unasur, South American nations are now more than ever looking to work as an integrated union, lending and borrowing with each other and sharing technical expertise in an effort to form even closer links. This can only be a positive thing for the visitor looking to work across the continent.

Reason # 4. Affordable.
In South America, the dollar is still strong, and you can enjoy a relaxed tour without worrying about money. OWASP conference sessions are free. Training sessions only cost $250 USD. Register at the OWASP Latam Tour 2014 wiki page.

Reason # 5. Popular. Look who is already there.
Companies focused on tech and mobile know the value of the Latin American audience — or at least they should. As successful businesses look to expand, the rise of the Latin American digital consumer deserves strong consideration. Huge tech companies, social networking sites and mobile apps, such as Pinterest, Shazam, Waze and Airbnb, have announced expansion efforts, targeted ad campaigns, Spanish-language services and more, specifically appealing to the Latin American market.
Reason # 6.  1,300+ attendees from around the world; one common language.
This is the case for OWASP Latam Tour. A common language makes working on a transnational basis immensely more straightforward, reducing the need for myriad translators as in other areas of the world.

Reason #7. Connectivity growth. AppSec is needed.
The development and growth of Latin America has come a long way in the past decade. This rapid expansion of information and communications technology in Latin America caught many of the industry leaders and commentators off-guard.

Reason # 8. Discount on OWASP membership fee.
As part of the OWASP Latam Tour, you can become an OWASP Member by only paying $20 USD. Show your support and become an OWASP member online today.

Reason #9. All in one.
Exotic, mysterious, enormous and diverse, the Latin America region has always held a certain charm for visitors from everywhere in the world. Sights such as Machu Picchu, the Amazon rainforest and the glaciers of Patagonia have ensured that, for many years, travelers and tourists have been flocking to the region.
In the 21st century, however, a different type of movement is being spotted. Businesses and investors from overseas have identified South America as an increasingly important economic region, and as a result are more willing than ever to get involved with local ventures, teaming up with companies from Costa Rica to Argentina in the hopes of a fruitful partnership.