Connector April 2017

FOLLOW US

COMMUNICATIONS |  PROJECTS |  EVENTS |  CHAPTERS |  MEMBERSHIP

Mon, April 24, 2017 OWASP CONNECTOR

OWASP in the News Cloud WAF Service data sheet IT Web Apps, March 27, 2017 Jenkins users can shore up software security with plugins IT World, March 31, 2017 Microsoft Adds Web Application Firewall to Azure Application Gateway Redmond Magazine, March 31, 2017 How to securely deploy medical devicesCSO, April 7, 2017 Bad-bots and CNP fraudComputerWeekly.com, April 7, 2017 OWASP Top 10 Update: Long Overdue Or Same-Old, Same-Old? Dark Reading, April 11, 2017 OWASP Top 10 Web Application Security Update SecPlicity, April 12, 2017 OWASP SAMM v1.5 Helps Organizations Improve Their Security Posture Yahoo! Finance, April 13, 2017 OWASP adds unprotected APIs, insufficient attack protection to Top Ten 2017 release Software Development Times, April 19, 2017 Operations Update The April Operations Update includes vital information about OWASP's infrastructure initiatives, project activity, and Chapters. Read it for an overview of what is happening in OWASP.

 

Project Releases OWASP Samm has released version 1.5 Updates to SAMM allow users to assess their programs with greater granularity. The new version also shares case studies to help departments plan how to handle their (matt what is the phrase?!) OWASP ZAP released API and browser extensions. The full release also includes a new JxBrowser add-on as well as platform specific webdrivers to make it easier to use ZAP on any web browser. OWASP would like to welcome our new incubator project, OWASP Threat Dragon, to the fold. Threat Dragon is an online threat modelling application which includes system diagramming and a rule engine to auto-generate threats/mitigations. The tool focuses on UX design, a powerful rule engine and integration with other development lifecycle tools. The Release Candidate for the OWASP Top 10 2017 is now available for Download. Please forward it to all the developers and development teams you know. The primary change is the addition of two new categories: 2017-A7: Insufficient Attack Protection 2017-A10: Underprotected APIs The final version of the OWASP Top 10 - 2017 is planned to be released in July or August 2017 after the public comment period ends June 30, 2017. Comments on this OWASP Top 10 - 2017 Release Candidate should be forwarded via email to OWASP-TopTen at lists.owasp.org. Private comments may be sent to dave.wichers at owasp.org. Anonymous comments are welcome. Your feedback is critical to the continued success of the OWASP Top 10 Project. Thank you all for your dedication to improving the security of the world’s software for everyone. Project Summit Belfast Activities Grow in 2017 The OWASP Project Summit at AppSec Europe in Belfast this year is shaping up to be an exciting event with nine projects already committed and several activities planned to improve projects. Project Summits at Global events include working sessions that allow project leaders and contributors to work together face to face in intense and productive environments to move their projects forward. This is a great opportunity for local contributors or those attending the conference to become more deeply involved in OWASP Projects. Project summits also include other working sessions such as the the Project Review session, where participants will help us review projects for advancement through our Incubator>Labs>Flagship structure, as well as sessions meant to gather feedback from project leaders to shape the growth of OWASP Projects as a whole. As a participant you will have a direct influence on the future of the OWASP Projects program. You can sign up today to join a project working session or see if you qualify for sponsorship as a project leader.

Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.

 

Free Training at the AppSec Eu Developer Summit The OWASP Developer Summit educates developers about common vulnerabilities present in web and mobile applications, including how to use tools like OWASP ZAP to implement a secure software development lifecycle. 2017 AppSec Eu Developer Summit sessions are free hands-on workshops where attendees will learn how to do actual penetration tests on vulnerable and real applications as well as implement a secure pipeline. This year, sessions will include on-deploy testing, hacking real mobile banking apps, and understanding vulnerabilities in your apps. The Developer Summit is in depth hands on training perfect for any developer regardless of background in security. Come by yourself or grab a couple of friends, but registration is necessary. What to Expect at AppSec Europe in Belfast AppSec Europe is just around the corner, where a number of experiences await you. Talks are the heart of every Global AppSec Sessions have been selected and include topics such as breaking CSPs, threat modeling, hacking configuration management systems, hacking contactless payments, GDPR, quantum safe crypto, securing Azure Cloud, Oauth2, bypassing XSS controls, pentesting voice biometrics and even printer security! In addition to that we'll have panels on diversity and hacking elections, along with interactive sessions allowing everyone to get out their laptop and hack a few websites. While this year's tracks are aimed at developers, ethical hackers, CSIOs and DevSecOps, we will also have 'Hallway Tracks' allowing anyone to setup their own talk or discussion session, as well as HackPra AllStars and lightning talks. Training at AppSec Europe is always top tier Training sessions are available from https://2017.appsec.eu/program/training and include Mario Heiderich on exploiting websites, Robert Seacord on secure Java, mobile, python, machine learning, IoT and SSO exploitation, web app security with Fabio Cerullo, and Docker and DevOps security sessions. ​Of course we are offering 100 euro off if you purchase training with your conference ticket. Spots are limited so register now. Summits provide you with satisfying pre-conference experiences The Project Summit brings contributors and project leaders together for face to face project work sessions. With additional listening sessions about Hot Topics, this is the place to make your voice heard when it comes to the OWASP Projects program. 2017 is also year we are hosting project reviews live. The Developer Summit is THE place to be to get free AppSec training tailored to developer’s needs. Two days and three sessions of stellar, hands on training will make you a stronger developer or begin the jump to security. Membership has its perks OWASP is glad to once again bring the Member Lounge to AppSec Europe. A quiet place set aside for members who need to host a meeting, charge their phones or laptops, or just sit and relax a while, the Member Lounge is all about your needs. Coffee, snacks, your membership T-Shirt, and other goodies await you in Belfast! Social events round out every phase of the conference AppSec EU Belfast comes with a full social calendar, with the main conference dinner taking place in the Titanic Suite of the Titanic Visitor Center, voted the best worldwide tourist attraction in 2016, including drinks, music and a bit of unique entertainment. This venue looks out onto the Game of Thrones studios here in Belfast. In addition there'll be a Pre-Conference drinks event on the Wednesday night, allowing everyone to settle in and mingle at the conference venue. Don't forget to play along in the AppSec Europe Pub crawl, Doors of Westoros tours, or AppSec Bingo The usual events that make OWASP events so special AppSec wouldn't be AppSec without CtFs, University Challenges, and project and developer summits. Many of which are free to attend, view our website at to see the free events or Register today. Register Now to Join Us in Belfast Call for Papers for AppSecUSA Open AppSec USA is proud to announce the Call for Papers and Call for Training are open. OWASP AppSec USA is a premier venue for web application security leaders, software engineers, researchers and visionaries from all over the world. OWASP AppSec USA gathers the application security community in a four day event to share and discuss novel ideas, initiatives, and advancements. The 2017 edition will take place in Orlando from September 19-22. We are looking for "the next", cutting edge research in the context of web applications, secure development, security management, and privacy. Our goal is to give academic researchers and industry practitioners an opportunity to share their latest findings with the rest of the community, including coverage via our media channels. All talks are 40 minutes in duration. For AppSec USA 2017 we encourage and prioritize submissions in the following themes: Web Application Security – Research and new work impacting the security of web applications. DevOps – Research and new work impacting the security of DevOps processes, architectures, and tools. Cloud Security – Research and new work impacting the security of applications designed for and/or deployed to cloud environments, especially public cloud environments. Our Call for Training topics are looser, but trainings should be of a practical nature, hands on training is strongly preferred. Trainings may be one or two days in duration. Please refrain from submitting marketing talks or including sales pitches within the training. To submit your talk or training please make sure to select the appropriate topic(s) from the form and submit: an abstract of your intended presentation (500 to 4000 characters) a brief biography (150 to 800 characters) a headshot signed copy of the speaker agreement Your submission packet will be judged in a blind reading so please make sure that your abstract is appropriately thorough. You may attach a preliminary version of your presentation if available. If accepted your biography will be printed 1:1 in the program. The same form is used to apply for both the CfT and the CfP, so please make sure to choose the correct application from the menu.  Talks without all required information may not be considered.

AppSec USA Sponsorships Nearly Soldout

There are only a few remaining sponsorships left for AppSec USA. The expo floor plan designed to maximize foot traffic to YOUR booth, you can be assured that you will maximize lead generation activities. Additionally, the planning team has several events planned to encourage a family friendly atmosphere to drive attendance numbers skyrocketing upwards, and what better place than Walt Disney World?
The vendor booths are located in high track areas so that you can be assured to get the attention of more than 1,000 security decision makers, influencers, and practitioners in the community. This is the opportunity for your company to recruit, generate business,and share ideas. Grab your booth today before space runs out.

---

Up Coming Events

Global AppSec Events

• AppSec Europe 2017  May 8–12, 2017; Belfast, Northern Ireland, UK
• AppSec USA 2017  September 19–22, 2017; Orlando, Florida, USA

Regional and Local Events

• Latam Tour 2017 April 3–28, 2017; South America
• OWASP New Zealand Day 2017  April 19-20, 2017; New Zealand
• OWASP Sibiu Event  June 8, 2017; Sibiu, Romania
• New York Metro Joint Cyber Security Conference  October 5, 2017; New York City, NY, USA

 

Project Summits

• OWASP Project Summit 2017 May 8-9, 2017; AppSec Europe, Belfast, UK
• OWASP Summit 2017  June 12-16, 2017; London, UK

 

Developer Summits

• OWASP Developer Summit   May 9–10, 2017; AppSecEu 2017; Belfast, UK

Partner and Promotional Events

• RiskSec NY 2017  May 2, 2017; New York City, NY, USA
• Software Assurance & Application Security Conference  May 12, 2017; Huntsville, AL, USA
• SECON 2017  May 25, 2017; Jersey City, NJ, USA
• Darkmira Tour PHP 2017  May 27-28, 2017; Brazil
• (ISC)2 Secure Summit Nordics  May 31–June 1, 2017; Stockholm, Sweden
• Techno Security & Digital Forensics Conference  June 4–7, 2017; Myrtle Beach, SC, USA (OWASP members save 30% by using discount code: OWASP17)
• Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt  June 6, 2017; Brussels, Belgium
• BSides London 2017  June 7, 2017; London, UK
• SANS Cyber Talent Fair  June 7, 2017; Virtual
• GOTO Amsterdam 2017  June 12–14, 2017; Amsterdam, Netherlands (OWASP members save 10% by using discount code: owasp17)
• SC Congress Toronto  June 13–14, 2017; Toronto, Canada
• Borderless Cyber USA  June 21–22, 2017; New York City, NY, USA (OWASP members save $100.00 by using discount code: OWASP)
• (ISC)2 Secure Summit DACH  June 27–28, 2017; Zürich, Switzerland
• (ISC)2 Secure Johannesburg 2017  October 5, 2017; Johannesburg, South Africa
• ISACA Ireland Conference 2017  October 20, 2017; Ireland
• IoT Tech Expo North America  November 29-30, 2017; Santa Clara, CA, USA

 

You are Invited to the Leadership Workshop Project and chapter leaders are invited to the Leader’s Workshop at AppSec Europe in Belfast. The Leader’s workshop is the place where leaders can give face to face feedback about the OWASP Chapter and Projects programs. This session will focus on upcoming changes in the OWASP association management tool (AMS) which will give leaders unprecedented control over their interactions with volunteers, the owasp volunteer program, and the new replacement for Mailing Lists through Mailman. Join us at 18.45 Wednesday night in room 1 of the Waterfront Center. Welcome New Chapters Senegal    Da Nang    Cordoba    Cali    Little Rock

 

April 2017 Corporate Members   April 2017 Corporate Members We would like to thank the following companies for supporting the OWASP Foundation.  The companies listed below have contributed this month by either renewing their existing Corporate Membership or joining OWASP as a new Corporate Member.  Details about Corporate Membership can be found here. Contributor Corporate Members   Denim Group is a custom software development firm skilled in large-scale development projects across multiple platforms, languages and applications. What makes Denim Group unique is that the company brings significant core competencies in software security to the table, offering an innovative blend of secure software development, testing and training capabilities that protect a company’s biggest asset, its data. Denim Group customers span an international client base of commercial and public sector organizations across the financial services, banking, insurance, healthcare and defense industries. Its depth of experience building large-scale software development systems in a secure fashion has made the company's leaders recognized experts in their fields. Denim Group has been recognized as one of the 5,000 Fastest Growing Company's by Inc. Magazine several years in a row, and has won multiple awards including its recent accolades as one of the best places to work in San Antonio. For more information, please visit: http://www.denimgroup.com Kiuwan provides an end-to-end Software Analytics platform that offers objective data to make informed decisions ro secure, analyze and control the entire SDLC of any application portfolio. With Kiuwan Code Security, the scope in threat mitigation is unparalleled, with over 4000+ custom rules, ability to suppress defects and create tailored action plans while meeting the most stringent industry standard requirements. In constant evolution, it boasts broad language support and integration with Jira, Jenkins and Github to name but a few of the possibilities brought about by the platform. For more information, please visit: https://www.kiuwan.com/ SpringCM delivers an innovative document workflow and management platform, powering the leading contract management application. SpringCM empowers companies to become more productive by reducing the time spent managing mission-critical business documents. Intelligent, automated workflows enable document collaboration across an organization from any desktop or mobile device. Delivered through a secure cloud platform, SpringCM’s document and contract management solutions work seamlessly with Salesforce or as a standalone solution. Every day, more than 600 companies use SpringCM to improve the customer experience and get more done, faster. For more information about SpringCM, visit www.springcm.com Symantec Corporation (SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings -- anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company's more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. To learn more go to www.symantec.comor connect with Symantec at: www.symantec.com/social/ Want your company name here?  Find out how by visiting our Corporate Member information page, or contact Kelly Santalucia, our Membership & Business Liaison today! Thank you to all of our Premier and Contributor Corporate Members for your support!

The OWASP Foundation, 1200C Agora Drive #232, Bel Air, Maryland, 21014, USA