Sunday, April 21, 2019

Call For Papers and Call For Trainers

Global AppSec DC September 9-13, 2019

#4 Of 5 Reasons To Attend Global AppSec Tel Aviv

View this email in your browser

#4: Attend the OWASP Project Showcase

The Project Showcase at Global AppSec Tel Aviv has received a great deal of interest.  Attendees will be in for a steady stream of information on 11 OWASP Projects.  Come meet and hear Project Leaders speak about their projects while also learning about the latest industry standards in application security.

Join hundreds of developers and security advocates like you May 26-30 at the Intercontinental David Tel Aviv Hotel.

Full Conference passes start at only $650 and OWASP Members save $50.

See the Full Program & Register
Our mailing address is:
OWASP Foundation
1200 C Agora Dr., #232
Bel Air, MD  21014

Want to stop receiving?
 unsubscribe from this list.


#5 Of 5 Reason To Attend Global AppSec Tel Aviv

View this email in your browser

#5: Learn About New Tools & Innovations

Over a dozen Training Classes are available on cutting edge tools and techniques that employers look for in candidates.  And the two full-day Conference includes sessions from leading speakers to help you stay current on industry trends and new innovations.

Join hundreds of developers and security advocates like you on May 26-31, 2019 @ Intercontinental David Tel Aviv Hotel.

Full Conference passes start for only $650 and OWASP Members save $50.

See the Full Program & Register
Our mailing address is:
OWASP Foundation
1200 C Agora Dr., #232
Bel Air, MD  21014

Want to stop receiving?
 unsubscribe from this list.


Tuesday, April 9, 2019

QRLJacker Exploitation Framework Project
QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on QR Code as an authentication and login method, Mainly it aims to raise the security awareness regarding all the services using the QR Code as a main way to login users to different services.

Project Leader:
Mohamed A. Baset (@SymbianSyMoh)

Project Contributor:
Karim Shoair (@D4Vinci)


QRLJacking Attack Vector
Description: QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, In a nutshell victim scans the attacker’s QR code results of session hijacking.
Project Leader:
Mohamed A. Baset (@SymbianSyMoh)

Tuesday, April 2, 2019

OWASP Serverless Top 10 aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them.

We are excited to announce the first OWASP Serverless Top 10 call for data. We will use it to better understand the security landscape of real-world serverless applications and to make the OWASP Serverless Top 10 report an go-to resource for developers.

How to contribute?

We are looking for data that represent the current state of security in serverless applications. To that end, today we are opening a survey to collect data about vulnerabilities found in serverless applications.

We want to be as data-driven as possible but the questionnaire includes qualitative questions that will allow you to report vulnerabilities and issues that were not previously identified.

The questionnaire can be accessed here:

We will use this data to improve the original report to make it more representative of vulnerabilities observed in the field.


The most important milestones of this project are:

  • April 1, 2019: call for data opened
  • July 31, 2019: call for data end and data processing starts
  • September 1, 2019: report Release Candidate is sent for review
  • October 1, 2019: the final report is officially published

Those are ambitious goals and we cannot do it without you!

Get involved

We collaborate on this project on GitHub ( and in the #project-sls-top-10 channel on the OWASP Slack (use this link to join). Your input and comments are very valuable to us and we encourage all interested to join the discussion!

Feel free to reach directly to one of the project leaders to get involved: Tal Melamed ( and Marcin Hoppe (

Also, if you’re planning to come to #OWASP #GlobalAppSec @OWASP_IL, don’t miss out the Serverless Top 10 talk!

Friday, March 22, 2019

March 2019 Connector

March 2019


Letter from the Chairman:

Dear OWASP Community,

OWASP, recently, has been working on maturing the Foundation into a more professional organization. We know, that a delay in any process is frustrating, for example, the temporary halt on accepting (re-) starting chapters.  This was necessary in order to create a baseline of functioning chapters, removing those that have not been active, creating an opportunity for new chapters to be stood up. This chapter review process has been a huge and unthankful, but necessary task. This process is now complete so requests to (re-) start chapters are up and running again. We are happy to share that this month we have already 24 new chapters registered!

Another big change is the retirement of mailman and migration to Google Groups. Retrospectively, the communication and transparency of the decision-making process could have been better, we are aware of that and would like to apologize for that. Nevertheless,  we would like to thank the community for the constructive feedback we received. This will eventually lead to the improvement of the Foundations process.

In relation to community participation, I would like to again, emphasize the necessity of community engagement at a global level. For this, we have reviewed and improved the committee policies and hope for volunteers to participate.

This month, several successful local events have taken place, namely, the Lascon, SnowFroc and OWASP SeaSide events, where more than 300 attendees received free training over 3 days. We would like to thank all the volunteers involved in making this happen!

Last, not least, don't forget to register or submit your paper for the upcoming Global AppSec-TLV.

More news and improvements are coming OWASPs way, stay tuned ;)

Kind regards,
Martin Knobloch
Chairman of the Board

Many of us in the northern hemisphere are eager for a change of seasons and I’m convinced 2019 will be a great year of positive changes for OWASP.

Global AppSec Tel Aviv
In May we are adding a Global Conference to the EMEA region with Global AppSec Tel Aviv. This event will be one of only three global conferences for OWASP in 2019. The local team has been hard at work on the agenda and speakers for the event. Please visit to learn more about the conference and we’re excited to see everyone for a great event.

Staff Projects
As we kick off projects outlined in our 2019 Operating Plan, staff wanted a way to be fully transparent about our projects and progress. Feel free to visit for more details. These are working documents so they are updated throughout the project lifecycle. Lastly, I do want to mention, the list provided is not the complete work product of staff; only those projects that incur significant focused time or resources to compete. 
Email Domain. Another side, yet visible project, has been to harmonize credentials and more clearly identify staff and members of the community. Over the past few weeks, we have migrated all staff to an email domain. The email address convention remains and our old addresses will continue work for the time being by forwarding mail to our new accounts. Historically it has been more complicated than necessary to detangle staff and members - especially when auditing credential management and this change should make that task more thorough and less prone to errors.

Thank you, Matt. 
And finally, please join me in thanking Matt Tesauro for his many years of service as both a volunteer and member of the OWASP Staff. In his staff role, Matt will be leaving OWASP at the end of the month. He assures me he will continue to be involved with our mission but just not working directly at the Foundation. Thanks, Matt.

Registration is open
Sponsorships are available

Save the Date for 2 more Global AppSec Conferences
Global AppSec DC Sept 9-13, 2019
Global AppSec Amsterdam Sept 23-27, 2019 


You may also be interested in one of our other affiliated events:

Latam Tour 2019Starting April 4, 2019Latin America
OWASP Portland Training DaySeptember 25, 2019Portland, OR
LASCON XOctober 24-25,2019Austin, TX
OWASP AppSec Day 2019Oct 30 - Nov 1, 2019Melbourne, Australia


Blackhat Asia 2019March 26-29, 2019Singapore
Cyber Security for Critical Assets USA 2019March 26-27, 2019Houston, TX
QuBit Conference PragueApril 10-11, 2019Prague
Cyber Security and Cloud Expo GlobalApril 25-26, 2019London
IoT Tech Expo GlobalApril 25-26, 2019London
Internet of Things WorldMay 13-16, 2019Santa Clara Conventional Center, CA
Hack in Paris 2019June 16-20, 2019Paris
Cyber Security and Cloud Expo EuropeJune 19-20, 2019Amsterdam
IoT Tech Expo EuropeJune 19-20, 2019Amsterdam


Google Summer of Code 2019:
OWASP was accepted to be a mentor organization for 2019.
Mentors for the projects have been sent invitations and students may start applying on March 25th.

Google Season of Docs 2019:
OWASP has applied to participate in the first Google Season of Docs.  If you would like to participate, please provide your project ideas on the wiki at Google Season of Docs 2019 page.

Global AppSec Tel Aviv 2019 Project Showcase:
We are off to a great start with 10 projects currently taking part in the showcase.
Glue ToolOmer Levi Hevroni
IoTAaron Guzman
Embedded AppSecAaron Guzman
Software Assurance Maturity Model (SAMM)John DiLeo
API SecurityErez Yalon, Inon Shkedy
Mod Security Core Rule SetChristian Folini, Tin Zaw
Automated ThreatsTin Zaw
Application Security Curriculum ProjectJohn DiLeo
Defect DojoAaron Weaver
Web Honeypot ProjectAdrian Winckles
The showcase schedule is still being developed.

If you are interested in having your project participate, please send an email to with the name of your project and the names of the presenter(s). Project leaders presenting at the showcase will be provided free admission to the conference.


24 New OWASP Chapter
Ahmedabad, Gujarat
Albuquerque, New Mexico
Amman, Jordan
Barranquilla, Colombia
Bikaner, India
Bilbao, Spain
Cape Coast, Ghana
Chattanooga, Tennessee
Detroit, Michigan
Doha, Qatar
Houston, Texas
Kuwait City, Kuwait
Port Louis, Mauritius
Pune, India
San Juan, Puerto Rico
Sofia, Bulgaria
Space Coast, Florida
Sydney, Australia
Tbilisi, Georgia
Tripoli, Lebanon
Vellore, India
Vienna, Austria
Worcestershire, United Kingdom
Zhytomyr, Ukraine

We are now accepting new submissions for the followings regions:
Latin America
Student Chapters
Please submit your request at OWASP Chapter Request Form


We welcome the following Contributor Corporate Members

Premier Corporate Members

Contributor Corporate Members

Join us
Our mailing address is:
OWASP Foundation
1200-C Agora Drive, # 232
Bel Air, MD 21014
Fax: 1-443-283-4021
Contact Us