Connector May 2017

FOLLOW US

COMMUNICATIONS |  PROJECTS |  EVENTS |  CHAPTERS |  MEMBERSHIP

Mon, May 29, 2017 OWASP CONNECTOR

Change to the Global Board of Directors Johanna Curiel has stepped down from her position on the Global Board of Directors. Following precedent, Martin Knobloch, who received the next highest vote count, was raised to the OWASP Board of Directors and the board will hold a vote for positions on the board. Operations Update The May Operations Update includes vital information about OWASP's infrastructure initiatives, project activity, and Chapters. Read it for an overview of what is happening in OWASP. 2017 Global Board of Directors Election The Call for Candidates for the Global Board of Directors ​is now open! The OWASP Global Board of Directors is an all-volunteer board dedicated to the organizational mission which directs the strategic direction of OWASP. This year there are 4 open positions for the board. Due to a vote on February 8th, 2017 which mandated that no board member may serve more than 2 2-year terms in a 10 year period there will be no incumbent board member up for election. To learn more about the Election and to submit your candidacy, please visit: https://www.owasp.org/index.php/2017_Global_Board_of_Directors_Election OWASP in the News OWASP top ten – Boring Security That Pays Off Malwarebytes Blog, May 4, 2017 Which of the OWASP Top 10 Caused the World’s Biggest Data Breaches? Snyk Blog, May 10, 2017 A Modern Villain Healthcare Informatics Institute, May 19, 2017 You Could Be WannaCry’s Next Victim, So Be Prepared Malaysian Digest, May 23, 2017

 

OWASP Code Sprint '17 The OWASP Code Sprint 2017 is a program that aims to provide incentives for students to contribute to OWASP projects. By participating in the OWASP Code Sprint 2017 a student can get real-life experience contributing to an open source project. A student who successfully completes the program will receive in total $1500. You can read more on the Code Sprint 2017 wiki page. How it works   Any code/tool project can participate in the OWASP Code Sprint. Each project will be guided by an OWASP mentor. Students are evaluated in the middle and at the end of the coding period, based on success criteria identified at the beginning of the project. Successful students will receive $750 after each evaluation, a total of $1500 per student. ALL STUDENTS PLEASE APPLY HERE Project Summit Belfast Recap OWASP had another successful project summit at AppSec Europe Belfast. The Project Summit is a combination project working session and program improvement session for OWASP Projects. In addition to presenting their projects to the summit, the leaders discussed ways for their projects to collaborate and there was a proposal from one leader to combine two existing projects with some additional work into a new third project. Project leaders were very excited about up coming improvements to OWASP and Projects, including Discourse, Project Handbook changes and gamification options that will be soon available. In addition to focusing on programmatic changes and their projects, leaders and other community members came together to review seven applications for projects wishing to graduate to the next level of project maturity. If you would like to attend the next AppSec Project Summit, see the below for details. Sign Up for the AppSec USA Project Summit! The AppSec USA Project summit is now accepting participants and suggestions for our Hot Topics. Project Summits at Global events include working sessions that allow project leaders and contributors to work together face to face in an intense and productive environment to move their projects forward. This is a great opportunity for local contributors or those attending the conference to become more deeply involved in OWASP Projects. Qualifying Project Leaders can receive grants to cover their attendance at the event. Requirements for Participation: Active OWASP Project started in the last 9 months. Complete and updated wiki page with a clear roadmap. Agenda and Deliverables for your project at the summit are required. Deadline on September 5th!   Funding Opportunities: (through the Reimbursement Process) $750.00 for Air Travel Assistance per OWASP Project Two Nights of accommodations for the days of the Project Summit USA OWASP Project Leaders (three leader max) receive a complimentary pass for AppSec USA 2017. Please use the Contact Us form for any questions or concerns. Contacts at OWASP Foundation: Matt Tesauro and Claudia Aviles Casanovas. OWASP Top 10 Release Candidate The OWASP Top 10 Release Candidate is now available for comment. Each edition of the OWASP Top 10 enters this phase of the project with plenty of controversy and this year is no different. You can still join the Top 10 Mailing List to contribute your thoughts or read OWASP’s Sr. Project Coordinator, Matt Tesauro’s thoughts on the topic.

Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.

 

AppSec USA Second Round CfP The AppSec USA Call for Presentations Round Two will be opened for two weeks starting on May 30th, 2017. Applications will be accepted until June 15th and applicants will be notified of their success shortly thereafter. Papers that did not make it in round one will need to reapply for round two as applications will not be forwarded automatically to the next round.   2017 OWASP Summit; The Woodstock of AppSec The OWASP Summit in London will be the largest concentration of AppSec and Security talent focused on solving problems in 2017. A 5-day, high-energy experience, the summit will allow attendees to work and collaborate intensively. Our villa set up means that you will have the opportunity to develop projects in our 10 tracks nearly around the clock! In order to attract as much talent as possible to the Summit, tickets were kept at a low price. A 5x 8h daily ticket costs £400 (i.e. without accommodation) and a 5x 24h daily ticket costs £1,200 (i.e. with 4-night accommodation), with a 10% discount (for 5 to 9 tickets) and a 20% discount (for 10+ tickets). 1x daily 8h tickets are also available at £100 and 24h tickets at £300. Learn more about your opportunity to bring your team to 2017’s biggest AppSec output focused event. AppSec USA Sponsorships Nearly Sold Out There are only a few remaining sponsorships left for AppSec USA. The expo floor plan designed to maximize foot traffic to YOUR booth, you can be assured that you will maximize lead generation activities. Additionally, the planning team has several events planned to encourage a family friendly atmosphere to drive attendance numbers skyrocketing upwards, and what better place than Walt Disney World? The vendor booths are located in high track areas so that you can be assured to get the attention of more than 1,000 security decision makers, influencers, and practitioners in the community. This is the opportunity for your company to recruit, generate business,and share ideas. Grab your booth today before space runs out. Please contact Kelly Santalucia for more information on how your company can participate! AppSec Europe Wrap Up AppSec Europe brought the craic this year! From the first ever outreach event to 200 teens to Keynotes packed with attendees, to nearly a dozen supplementary events, the conference was an unqualified success. Many thanks to the AppSec Eu Team, Gary Robison, Michelle Simson, Owen Pendlebury, Martin Knobloch, Erlend Oftedal, David Mathy, Mark Miller, Siobhan Gallagher, and Fiona Collins! You can read Owen Pendlebury's account of the event on the OWASP Blog and soon, watch all of the talks on the OWASP YouTube Channel. AppSec Europe Developer Summit Johanna Curiel hosted an interactive all day hands-on session on Day 1. A total of 16 people attended to learn about "Reverse Engineering Android Apps with Bytecodeviewer." Our Day 2 morning session topic was ​"​Automating On-Deploy Security Testing* of web applications with ZAP and Jen​"​ hosted by Spyros Gasteratos. We had 21 people attend this session. And last by certainly not least, our Day 2 afternoon session was hosted by Nicole Becher amd Mordecai Kraushar​. This session drew a total of 20 attendees who were eager to learn about "Attacking your web app." This was by far our biggest DevSummit attendee turnout to date! We are looking forward to doubling our DevSummit attendee numbers for our upcoming AppSec USA 2017 event in September!   Upcoming Events   Global AppSec Events AppSec USA 2017  September 19–22, 2017; Orlando, Florida, USA Regional and Local Events OWASP Sibiu Event  June 8, 2017; Sibiu, Romania New York Metro Joint Cyber Security Conference  October 5, 2017; New York City, NY, USA OWASP Bucharest AppSec Conference 2017  October 6, 2017; Bucharest, Romania OWASP AppSec Africa 2018  May 10-12, 2018; Morocco Project Summits OWASP Summit 2017  June 12-16, 2017; London, UK Partner and Promotional Events (ISC)2 Secure Summit Nordics  May 31–June 1, 2017; Stockholm, Sweden IoT Tech Expo Europe 2017  June 1–2, 2017; Berlin, Germany Techno Security & Digital Forensics Conference  June 4–7, 2017; Myrtle Beach, SC, USA (OWASP members save 30% by using discount code: OWASP17) Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt  June 6, 2017; Brussels, Belgium BSides London 2017  June 7, 2017; London, UK SANS Cyber Talent Fair  June 7, 2017; Virtual GOTO Amsterdam 2017  June 12–14, 2017; Amsterdam, Netherlands (OWASP members save 10% by using discount code: owasp17) SC Congress Toronto  June 13–14, 2017; Toronto, Canada Borderless Cyber USA  June 21–22, 2017; New York City, NY, USA (OWASP members save $100.00 by using discount code: OWASP) (ISC)2 Secure Summit DACH  June 27–28, 2017; Zürich, Switzerland BlackHat USA 2017  July 22–27, 2017; Las Vegas, NV, USA (OWASP members save $200 off Briefings by using discount code: OWASP17) (ISC)2 Secure Johannesburg 2017  October 5, 2017; Johannesburg, South Africa ISACA Ireland Conference 2017  October 20, 2017; Ireland IoT Tech Expo North America  November 29-30, 2017; Santa Clara, CA, USA

Chapter Leader Workshop Before every Global AppSec Event we host a Leaders’ Workshop. These workshops serve to allow the foundation staff (and board) to hear from Chapter and Project Leaders and to catch them up on big occurrences in the OWASP Foundation. This year there was an unusually large portion of the meeting dedicated to sharing information from the Foundation. The OWASP Staff have been analyzing the Foundation’s technical debt and engaged in deep listening activities to understand how to prioritize our actions. This activity has led to the staff prioritizing 4 large changes to our structure: The Website Reboot, the AMS update, a new system for mailing lists, and a volunteer management program. These new systems will bring more insight and control to Project and Chapter Leaders. The Leaders’ Workshop is recapped in three blog posts: OWASP Leaders’ Workshop Pt 1: 4 Major Changes and Leader Insight and Control, about the 4 major updates; OWASP Code Sprint 2017, answering the question about the code sprint; and Chapter Questions from the LW, discussing the other two questions leaders brought up: (1)Discussion on move from 2 to 4 meetings per year, (2)What does the foundation look at when judging if an event can be charged for or not? The final blog post is not yet up. We have also confirmed that future Leaders’ Workshops will attempt to include the webinar platform so that Leaders who are not attending the event can still participate in the meeting. Welcome New Chapters Albany Hokushinetsu Sofia Kyiv Akita

May 2017 Corporate Members May 2017 Corporate Members   We would like to thank the following companies for supporting the OWASP Foundation.   The companies listed below have contributed this month by either renewing their existing  Corporate Membership or joining OWASP as a new Corporate Member.     Details about Corporate Membership can be found here.     Premier Corporate Member   Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 8,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, Infosys, NTT, Optiv, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit www.qualys.com. Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies. For more information, please visit https://www.qualys.com.     Contributor Corporate Members       Oracle is shifting the complexity from IT, moving it out of the enterprise by engineering hardware and software to work together—in the cloud and in the data center. By eliminating complexity and simplifying IT, Oracle enables its customers—400,000 of them in more than 145 countries around the world—to accelerate innovation and create added value for their customers. By engineering out the complexity that stifles business innovation, Oracle is engineering in speed, reliability, security, and manageability. The result is best-in-class products throughout an integrated stack of hardware and software, with every layer designed and engineered to work together according to open industry standards. Oracle's complete, open, and integrated solutions offer extreme performance at the lowest cost—all from a single vendor. Encompassing every phase of the product development lifecycle, Oracle Software Security Assurance is Oracle's methodology for building security into the design, build, testing, and maintenance of its products. Oracle's goal is to ensure that Oracle's products, as well as the customer systems that leverage those products, remain as secure as possible. For more information, please visit https://www.oracle.com/support/assurance/index.html   Rakuten, Inc. and its consolidated subsidiaries and affiliates ("Rakuten Group") are full-line Internet services companies. Since its founding in 1997, Rakuten, Inc. ("Rakuten") has spent a decade evolving its business model centered on e-commerce, to create a market completely new to Japan. The Rakuten Group is focusing on two approaches in particular to target growth in the decade to come. The first is to empower people and society through continuous innovation and business operation based on our five concepts of success. The second is to establish a "Rakuten eco-system" which enables us to maximize our customers lifetime value and leverage synergies. Guided by the key phrase "more than Web", the Rakuten Group is taking on the challenge of creating new value by driving convergence between the Internet and traditional "bricks and mortar" businesses. For more information, please visit https://www.rakuten.com/   Want your company name here?    Find out how by visiting our Corporate Member information page, or contact Kelly Santalucia, our Membership & Business Liaison today!         Thank you to all of our Premier and Contributor Corporate Members for your support!

The OWASP Foundation, 1200C Agora Drive #232, Bel Air, Maryland, 21014, USA