October 2015 Community News Flash

October 2015 Community News Flash

In this Issue:

• FEATURE: Leadership Workshops
• ANNUAL REPORT: The 2014 Annual Report Has Been Released
• ELECTION: Voting Opens October 7 for the Global Board of Directors!
• NEW INITIATIVE: Research Initiative
• PROJECT UPDATES: New Projects, Announcements
• CHAPTER ACTIVITY: New Chapters, Leader Transitions
• EVENTS: Upcoming Local and Regional Events
• RESOURCES: List of Resources in this Issue

FEATURE: Leadership Workshops

We had an excellent and productive turnout for our Chapter Leader Workshop last month at AppSecUSA. Community Manager, Noreen Whysel, presented four one-hour workshops covering topics on community engagement, successful meeting formats, available tools and a tutorial on the OWASP wiki. Attendance ranged from ten to 15 people per session, predominantly chapter leaders with a few project leaders representing.

Some suggestions for chapter level activities included hosting Hackathons to encourage attendance by developers, organized study groups like the Austin Study Group on Ning, "Adopt-a-Project" and project workshops, as well as partnering on events with related professional associations.

SUGGESTED CHAPTER ACTIVITY:

October is National Cyber Security Awareness Month in the U.S. Activities aligned with public awareness and online safety would make a great theme for chapter events.

We organized our discussion on a Chapter Leader Workshop Trello board. Feel free to add or comment on items posted to the board. Session recordings are available for download at the OWASP Google Drive. Thursday sessions were audio only. Friday sessions include slides and sound.

Thursday Sessions (combined MP4 file):

People & Capital - The Fire & Fuel for Chapter Activities
I'm a Leader. Now What? - Basic Information for Jump Starting a Chapter (70.5MB .MP4)

Friday Sessions:

What's in Your Toolbox? - Resources for Engagement (167MB .MP4)
If You Build It, They Will Come - The OWASP Wiki Edit-a-Thon (265MB .MP4)

While we didn't get deep into wiki training beyond the OWASP.org, we do have a informational MoPad at OWASP: Application Security in Wikipedia, if you are interested in making application security visible on Wikipedia.

Download the full Chapter Leader Workshop slidedeck from Google Drive.


ANNUAL REPORT: The 2014 Annual Report Has Been Released

The OWASP 2014 Annual Report now available on the wiki at https://www.owasp.org/images/7/7e/2014_OWASP_Annual_Report_Final.pdf.

EXCERPT from the OWASP 2014 Annual Report:

2014 was an active year and our local community presence grew to more than 200 active chapters worldwide. Our Global AppSec Conferences and numerous Regional events directly engaged with over 5,000 developers and security professionals.

The technical prowess and experience in our community are demonstrated by the continued growth and publications of our 150 open source projects and technical materials. OWASP promotes innovation and learning via our projects. Our project lifecycle starts with an incubator or "startup" process, evolves through "Lab" activities and finally culminates in Flagship projects of strategic value to academia, industry, governments and security experts around the world.

Our organization is entirely funded through the generous donations of our supporters, corporate and individual members and the proceeds of our conference events. We'd like to personally thank you for your contribution and support of OWASP. Your continued support allows OWASP to grow the application security community around the world, share our knowledge freely and learn from each other. Through this community we will continue to provide tools, resources and education that are free and open in support of our mission of improving application security for everyone.


ELECTION: Voting Opens October 7 for the Global Board of Directors!

All OWASP members in good standing as of September 30, 2015 will receive a ballot for the Global Board of Directors election. Voting begins October 7 and will remain open until October 23. Four seats are open. Candidate interviews are posted to the OWASP Podcast site.


NEW INITIATIVE: OWASP Research

OWASP Research is an initiative to start developing OWASP projects in the field of innovative research,specifically new ways to protect web applications by applying out of the box concepts and technological developments. Contact Johanna Curiel for details or visit https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus#tab=Research


PROJECT UPDATES 

Several OWASP Projects participated in the AppSecUSA Project Summit. A lot of good feedback, Github updates and new documentation served to level up all participating projects.



Visit the project pages for updates or contact the leaders to find out how you can get involved:

OWASP Security Shepherd Project
Mark Denihan, Pol McCana, Philip Payne, Ryan Foushee
https://www.owasp.org/index.php/OWASP_Security_Shepherd

OWASP Code Review
Gary Robinson, Larry Coklin
https://www.owasp.org/index.php/Code_review

OWASP Cheatsheet Series & Proactive Controls
Jim Manico & Andrew Van Der Stock
https://www.owasp.org/index.php/Cheat_Sheets
https://www.owasp.org/index.php/OWASP_Proactive_Controls

OWASP Python Security
Enrico Branca
https://www.owasp.org/index.php/OWASP_Python_Security_Project

OWASP Security Knowledge Framework
Glenn Tate Cate
https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework

OWASP WAFEC
Tony Turner, Rafael Chiles
https://www.owasp.org/index.php/WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project

OWASP O2 Platform
Michael Hidalgo
https://www.owasp.org/index.php/O2_Platform

OWASP PodCasts created by Mark Miller offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.

More Project News 

ZAP Scripting Competition results are now available at https://www.owasp.org/index.php/2015-08-ZAP-ScriptingCompetition. Do you have questions about @owasp ZAP? Ask Simon Bennetts (@psiinon) in the first online ZAP Q&A Session - Tuesday 13th October: http://zaproxy.blogspot.co.uk/2015/10/zap-q-session-tuesday-13th-octobr-2015.html


CHAPTER ACTIVITY 

New Chapters

Spotsylvania, VA, USA: Arnold Webster leader, arnold.webster@owasp.org
https://www.owasp.org/index.php/Spotsylvania

Chapter Restarts 

Nigeria: Leaders Abdullahi Arabo abdullahi.arabo@owasp.org and Idara Akpan idara.akpan@owasp.org
https:www.owasp.org/index.php/Nigeria 

Suffolk, UK: Leader, David Pitt, david.pitt@owasp.org
https://www.owasp.org/index.php/Suffolk 


If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:

https://docs.google.com/spreadsheets/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html


EVENTS: Upcoming Local and Regional Events

OWASP Eastern European Event

The OWASP Eastern European Event is ongoing this week at multiple locations. Livestreaming is available on YouTube. The nextOWASP EEEpresentation will be this Thursday, October 8, at OWASP Cluj (Transylvania/Romania) and will be streamed live on YouTube at: https://www.youtube.com/channel/UCzpfaWiZaT9_msL3jdY_FDw Mark your calendar!

18:45-19:15EEST (GMT+3) Ovidiu Cical - Turn SSL ON: Your Own Certificate Authority - Or simply use Let's Encrypt

More Upcoming Events

OWASP EEE, Oct. 4-10, 2015, Bucharest, Romania (Participating chapters: Austria, Armenia, Poland, Romania, Hungary, Lithuania, Russia) 

AppSec IL 2015, Oct. 13, 2015, Israel

New York Metro Joint Cyber-Security Conference 2015, Oct. 14, 2015, New York, NY, USA

LASCON 2015, Oct. 19-22, 2015, Austin, TX, USA

AppSec Rio de la Plata 2015, NEW DATE: Dec. 2-3, 2015, Montevideo, Uruguay

Devoxx Morocco Nov. 16-18, 2015, Casablanca, Morocco (OWASP Morocco is curating the "Arch. & Security" track)

AppSec Cali 2016, Jan. 25-27, 2016 Santa Monica, CA, USA

AppSecEU 2016, Jun. 27 - Jul. 1, 2016, Rome, Italy


RESOURCES
Chapter Leader Workshop Recordings:
People & Capital - The Fire & Fuel for Chapter Activities
I'm a Leader. Now What? - Basic Information for Jump Starting a Chapter (70.5MB .MP4)
What's in Your Toolbox? - Resources for Engagement (167MB .MP4)
If You Build It, They Will Come - The OWASP Wiki Edit-a-Thon (265MB .MP4)

OWASP: Application Security in Wikipedia MoPad:
OWASP: Application Security in Wikipedia

2015 Global Board of Directors Election
https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election

Chapter Leader Workshop Trello Board:
https://trello.com/b/sudN9qd2/chapter-leader-workshop-appsecusa-2015

Global Research Initiative:
https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus#tab=Research

Chapter Leader Handbook:
https://www.owasp.org/index.php/Chapter_Leader_Handbook

Funding Resources:
https://www.owasp.org/index.php/Funding

Donation Scoreboard - Current Chapter Funding Allocation:
https://docs.google.com/spreadsheets/u/2/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html


CONTACT ME 

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.

Noreen Whysel
Community Manager
OWASP Foundation

Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.
https://owasp.slack.com/messages/askthecm/