OWASP Connector Newsletter - March 31, 2016
Virtual Training Platform AvailableYou ask and OWASP delivers!We're excited to announce that The OWASP Foundation has added the GoToTraining platform to our arsenal of virtual tools. GoToTraining lets you take advantage of an interactive learning environment where you can post materials (pre course materials, videos, images, class resources), give tests, take polls, and execute small group activities. Classes can be limited in the number of attendees or host as many as 50 students. We would like to begin to schedule training sessions for delivery as early as April. Do you have a 1 to 4 hour class you would like to present? Popular Topics for OWASP Training are (in no particular order)
For Q2, all trainings will be recorded and made available through the OWASP YouTube Channel and links to the recordings will be posted on the relevant pages on the wiki. If you are a trainer in a non English speaking country and would like to host a training in another language, that would be fantastic! Any interested trainers, please CONTACT US or reach out to Kate Hartmann directly. As always, thank you for all you do! Annual Report Call for ContentThe OWASP Foundation is looking for exciting and illustrative success stories from YOU, the community for inclusion in our 2015 Annual Report. This yearss theme is simply: Growing, Learning, Sharing, Leading.Tell us how you and your team worked to spread the OWASP mission in 2015. Here are some ideas but feel free to be creative!
Submit your content - articles, pictures, ideas by April 14, 2015. This is your opportunity to share with the world why you participate. We want everyone to contribute! Everyone's story is important to the Foundation. Become globally famous by submitting your picture and/or brief bio so we can be sure to give you credit for your contribution. Of course, you may also request to remain anonymous if you prefer. Act Now to Qualify for an Honorary Membership in 2016Purchase or renew your OWASP Individual Membership for a chance to win!Anyone who purchases a new individual membership, renews their existing individual membership or submits & are approved for an Honorary* Membership between April 1, 2016 and June 20, 2016 will be entered into a raffle to win a prize! Join or Renew today! The raffle will be held June 22, 2016. Winners will be notified and results posted the same day. Prizes include and will be raffled off in this order: One (1) Amazon gift card (value $50/USD) One (1) AppSecEU 2016 conference ticket (value 600€) One (1) AppSecUSA 2016 conference ticket (value $995) *Honorary Membership is now available year round starting April 1, 2016! To learn more about Honorary Membership and to see if you are eligible, please visit our Honorary Membership page here. Submissions will be reviewed and verified by OWASP. OWASP in the NEWS!How to Hack an App: 8 Best Practices for Pen Testing Mobile Apps - Tech Beacon 3/21/2016OWASP Releases Software Assurance Maturity Model (SAMM) - PR Newswire 3/16/2016 Black Duck's Open Source 'Rookies of the Year' 2015 - ComputerWeekly 3/16/2016 mHealth App Security is a Myth, New Survey Finds - mHealth Intelligence 3/14/2016 Google offers app to help companies assess their vendors' security - Networks Asia 3/11/2016 OWASP PodcastsOWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.Active Deception as a Methodology for Cybersecurity w/ Lawrence Pingree from Gartner DevOps, Security and Engineering at Slack with Slack's Senior Staff Security Engineers Leigh Honeywell And Ari Rubenstein Security War Games with Sam Guckenheimer at Rugged DevOps RSAC 2016 Guns, Germs and Steel at RSAC 2016 with John Willis Equal Respect: Women in Technology with Chenxi Wang |
Google Summer of Code Needs MentorsWe are calling out for more mentors to get involved. We have 81 Proposals and need your participation.Become a Mentor: Do you want to become a mentor for a student? Choose a participating OWASP project from the wiki page listed below preferably the one you are most familiar with. Link: https://www.owasp.org/index.php/GSOC2016_Ideas Touch base with the project leader and ask one of the org admins (Claudia, Kostas or Fabio) to send you an invitation and get you started today. Please let us know if you need help or supporting material. Thank you in advance for your time and look forward to your participation. Konstantinos Papapanagiotou Initiative Leader Fabio Cerullo Initiative Leader Claudia Aviles-Casanovas Project Coordinator Phone:973-288-1697 OWASP Security Knowledge Framework is Black Duck's Rookie of the YearWe are thrilled, excited and really happy to announce that the OWASP Security Knowledge Framework has won the Rookie of the Year awards and honorable mention from Black Duck! We want to thank everybody that helped us achieving this award especially the contributors and OWASP. More information about the BlackDuck award can be found here: https://info.blackducksoftware.com/OpenSourceRookies2015.html. This is a great milestone for OWASP and the SKF team! PyconPYCON 2016 is coming to the Rose City in Portland, Oregon on May 28th - June 5th!OWASP Developer Survey ranked PyCon #2 Opportunities to attend in behalf of OWASP Sign-up Today! PyCon 2016 has offered us the option to participate and contribute to their Open Spaces and Sprints. Open Spaces Open spaces are a way for people to come together to talk about topics, ideas, or whatever they like. They offer groups the ability to self-gather, self-define, and self-organize in a way that often doesn't happen anywhere else at PyCon. Any subject that two or more attendees would like to talk about is a candidate for an Open Space. How Do I Participate In An Open Space? It's pretty easy: Just show up :) During PyCon, there will be Open Spaces boards somewhere near the registration desk. The boards acts as a time table for all the Open Spaces, so you know where and when to go for the Open Spaces you're interested in. If a topic is not listed yet, find an open time slot and add it! Open Spaces topic cards are included in the goodie bag you receive at registration. What Open Spaces Are There? There are Open Spaces on many subjects a bunch of PyCon attendees would like to discuss. Since the PyCon attendees are a diverse bunch, so are the Open Spaces. In past years, we've had a mani/pedi party, a feminist hacking space, an AcroYoga space, and a board games room. There's also plenty of the usual suspects of technical subjects, from computer security to your favorite Python project to professional occupations like DevOps. Where And When Are The Open Spaces? The Open Spaces are in a set of of dedicated rooms during all three of the conference days (Monday 5/30, Tuesday 5/31, Wednesday 6/1). The rooms may be needed for other events during portions of some days; please consult the Open Spaces boards for the final word on what's going on where. How Do I Host An Open Space? For PyCon 2016, we will be using the Open Space cards that were re-introduced a few years back. These are small postcard sized cards with a short explanation of what Open Spaces are. The back side of that card is for hosting Open Spaces. Just fill in the name and a short description of your Open Space, and then pin your card on the Open Space board in the room and time slot you want. It's also a great idea to add your Twitter handle to the card in case anyone interested in attending your Open Space has a question or would like to contact you about it. The cards will be made available in the goodie bag which you will receive at registration. Extra cards will be available at the Open Spaces boards. In order to promote your Open Space we encourage you to tweet about it and use the hashtag #PyConOpenSpaces to make sure people see your tweets. Planned Open Spaces If you have an idea for an Open Space, and a time when you want to meet, list it here on this page. It's also useful to add an approximate time slot if you have any preferences, so that attendees know where to look for your Open Space on the Open Spaces boards. Development Sprints Thursday, June 2nd 2016 - Sunday, June 5th 2016 Development sprints are a key part of PyCon, and a chance for the contributors to open-source projects to get together face-to-face for up to four days of intensive learning, development and camaraderie. Newbies sit with gurus, go out for lunch and dinner together, and have a great time while advancing their project. What's New with the Sprints by Naomi Ceder What are development sprints & why you should attend! by Kushal Das What's so special about Sprints? by Naomi Ceder What's A Sprint? Come for PyCon, stay for the sprints! PyCon Development Sprints are four days of intensive learning and development on an open source project of your choice, in a team environment. It's a time to come together with colleagues, old and new, to share what you've learned and apply it to an open source project. In the crucible of a sprint room, teaming with both focus and humor, it's a time to test, fix bugs, add new features, and improve documentation. And it's a time to network, make friends, and build relationships that go beyond the conference. PyCon provides the space and infrastructure (network, power, tables & chairs); you bring your skills, humanity, and brainpower (oh! and don't forget your computer). Please sign up on the PyCon 2016 Sign Up Sheet. If you are interested in attending in behalf of OWASP. XML External Entities Resources CleanupA great deal of work has gone into cleaning up and updating the OWASP Wiki XXE ( XML External Entities) resources. Here are the two main updated resources.XXE Prevention Cheatsheet https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Prevention_Cheat_Sheet XXE Vulnerability page https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing Thank you to Dave Wichers for leading the charge on XEE as well as John Passki and Xiaoran Wang for their work in this area. Project Releases: Code Review Guide 2.0 Alpha and Dependency Check v.1.3.5Code Review Guide 2.0 Alpha ReleasedThe alpha release for the Code Review Guide 2.0 has been released. Please see the project page for more details. plus a shout out to the Long Island OWASP group for helping with a working session. https://www.owasp.org/index.php/Code_review OWASP Dependency Check v.1.3.5 Released The OWASP dependency-check team is pleased to announce the release of version 1.3.5! Thanks to all those who have used the tool and provided feedback via the discussion group and issues in github. A special thanks goes out to those that have submitted pull requests! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Gradle Plugin, Jenkins Plugin). https://www.owasp.org/index.php/OWASP_Dependency_Check
|