Tuesday, February 12, 2019

OWASP Community

Our instance of mailman isn’t healthy this morning. Working to restore services and will keep the community informed. 

Thx for your patience.

Friday, February 8, 2019

May 26-30, 2019

Call for Papers:  First round of submission closes February 24, 2019

Call for Trainers:  Closes Saturday, February 16, 2019, end of the day.

Special Offer for OWASP Members:

Cyber Security for Critical Assets USA  
Redeem 1 of 10 Free VIP Passes
 While cybercrime continually increases in the US, organizations are still held back from strengthening their protection strategies because of cybersecurity’s perceived complexity. Let’s change this.
CS4CA USA unites 250+ C-level security professionals to collaborate in breaking down even the most complex cyber threats and discover innovative cybersecurity solutions.
Join them to strengthen your integration of ICS and Corporate Systems and discover how key players are combatting and recovering from cyber threats – through real-life case studies,  interactive on-stage interviews, panel discussions, roundtables, and more from an A-list line up of speakers

As a member of OWASP, you are eligible to claim 1 of 10 free VIP passes using the code AFVIP upon registration.

Your access-all-areas 2-Day conference pass includes unlimited access to:
All sessions in the first 2 days, including focus groups and roundtables,
A PDF copy of all presentations (post-summit)
Your CPD certificate of attendance & 12 CPD points
6+ hours networking sessions
Seated lunches & evening drinks reception

Request a brochure for a detailed agenda and full line-up of speakers.

Houston, USA. March 26th-27th 2019.

*Please note: discounted passes can only be redeemed by end-users. Registrations by vendors, consultants or members of the press will not be accepted.

Monday, February 4, 2019

An Update from the Global Board of Directors

Hi all,

Happy new year. With the new year comes a new OWASP Global Board of Directors (BoD). At the January board meeting, the board voted for its roles for the upcoming year. They are;
  • Chair - Martin Knobloch 
  • Vice-Chair - Owen Pendlebury 
  • Treasurer - Sherif Mansour 
  • Secretary - Ofer Maor 
  • Member at large - Gary Robinson 
  • Member at large - Richard Greenberg 
  • Member at large - Chenxi Wang 
We as a Board and as members of the OWASP community would like to thank our previous Board members Matt Konda and Andrew Van Der Stock who have stepped down, for their efforts over the last number of years within the Foundation and for the community.

Additionally, at this meeting we discussed a number of initiatives that form the Foundations strategy and what our goals should be for the coming year(s). This included:


We believe that the foundation needs to achieve a level of stability and with that stability we can work together with the community to achieve the following goals;

  • Marketing the OWASP brand 
  • Provide increased Membership benefits 
  • Increase developer outreach 
  • Focus on Projects and help them grow 
  • Improve the Foundations finances 
  • Improve the Foundations perception within the community 
  • Improve processes within the foundation 
  • Create staff stability and ensure a consistent Executive Director 
  • Empower the community, especially through the formation of committees, under the Committee 2.0 operating model 

Committee Creation

As you may be aware, the OWASP BoD on December 19th, voted and approved amendments to the Committee 2.0 operational model. At a recent board meeting we discussed that in order to drive the Foundation’s core strategic goals, the most crucial committees that are key to the future of the Foundation are:
  • Projects 
  • Chapters 
  • Marketing 
To that end, the Board would like to invite members from the community to submit proposals under the Committee 2.0 structure (linked below) for these committees.

The OWASP Global Committees empower members of the community to help shape OWASP and make the best decisions for the Foundation. The goal of the Global Committees 2.0 plan is to streamline the process for any member of the OWASP community who has an idea to improve the Foundation, to have a vehicle to act upon the idea and successfully implement it. More information about the updated Committee 2.0 operational model can be found here:https://www.owasp.org/index.php/Governance/OWASP_Committees.
In the past, the following committees were in operation (https://www.owasp.org/index.php/Global_Committee_Pages). We hope you will join in and help us.

Conference Naming Convention

At the July Board meeting 2018 the board voted on hosting three conferences in 2019. With the addition of the third conference we wanted to also not tie the conference to one particular region. With that, the naming convention of future global conferences will move from the traditional naming convention AppSec-Eu / AppSec-US and will now take the form of Global AppSec-<City>.

In line with this change we would like to announce that the three conferences in 2019 will be Global AppSec-Tel Aviv(May, 2019 https://telaviv.appsecglobal.org), Global AppSec-Amsterdam (September, 2019) and Global AppSec-Washington DC (October, 2019).

We look forward to serving the community and wish you the best for the upcoming year.

On behalf of the OWASP Global Board of Directors
Owen Pendlebury

Thursday, January 31, 2019

New Version of SAMM

We are very proud to announce a new version of SAMM!
This beta release of SAMM version 2.0 is the result of hard work including workshops, and input from practitioners and the OWASP community during summits in Europe and the US.
OWASP SAMM is an open source software assurance model and we consider the contributions from the community vital. Be a part of the summer release of version 2.0 by sending your feedback on the structure and content of the proposed maturity model.
The feedback period ends on 24-Feb-2019. Please, read our notes on how to provide feedback.

Thank you, Kind regards, The SAMM project team

Thursday, January 17, 2019

January 2019 Connector

January 2019


Letter from the Chairman:

Dear OWASP Community,

Best wishes for 2019, we are looking forward to another exciting year! 

As announced in the last OWASP Connector, December 2018, we are striving to make OWASP the foundation you expect it to be.  Some changes will be more visible than others.

First of all, we have been able to contract Mike McCamon as Interim Executive Director.  Please find information about Mike further down in this Connector.
In this path, you have received an invitation for the OWASP Membership Survey, the results of which will be presented during the first public  OWASP BoD meeting, January 23rd. For those who are following the public board meetings, as we have moved to Zoom for online meetings, the new meeting details will be updated soon possible.

Last but not least, please mark your agendas for the first global conference, the Global AppSec Tel Aviv, May 26th to 30th.

Kind regards,
Martin Knobloch
Chairman of the Board


Announcing Interim Executive Director Mike McCamon

In November Karen Staley chose to pursue other opportunities and the Board has contracted with Mike McCamon as an Interim Executive Director for OWASP. He started this role just after the New Year.

Mike has a long and distinguished reputation in the technology, standards, and nonprofit industries for consensus building, growth, and professionalism. He was the inaugural Executive Director for the Bluetooth Special Interest Group whose team put that initiative on the road to mainstream ubiquity. More recently he served on the leadership team that launched Matt Damon’s Water.org, a nonprofit that brings water and sanitation projects to the most vulnerable in the developing world. He is a seasoned technology executive also having led teams at companies like Apple, Intel, Iomega, and SpiderOak.

Over the coming weeks, Mike will be working with the Board along with Project and Chapter Leaders to chart the future of OWASP. At its core, the mission of OWASP is more timely and relevant than ever and we should all be hopeful and energetic about our prospects for the future. His email is mike.mccamon@owaspfoundation.org 


May 26-30, 2019 
Global AppSec Tel Aviv 2019 at 
David InterContinental Tel Aviv, Israel  


You may also be interested in one of our other affiliated events:


Event Date Location
AppSec California 2019 January 22- 25, 2019 Santa Monica, CA
OWASP New Zealand Day February 21-22, 2019 Auckland, New Zealand
OWASP Seasides February 27-28, 2019 GOA, India
Snow FROC 2019 March 14, 2019 Cable Center Denver, CO



Event Date Location
BSides Cairo Security Day February 1-2, 2019 Cairo, Egypt
QuBit Conference Belgrade February 7, 2019 Belgrade, Serbia
Day of Shecurity 2019 February 22, 2019 Boston, MA
Cyber Security for Critical Assets USA 2019 February 26-27, 2019 Houston, TX
QuBit Conference Prague April 10-11, 2019 Prague
Cyber Security and Cloud Expo Global April 25-26, 2019 London
IoT Tech Expo Global April 25-26, 2019 London
Hack in Paris 2019 June 16-20, 2019 Paris
Cyber Security and Cloud Expo Europe June 19-20, 2019 Amsterdam
IoT Tech Expo Europe June 19-20, 2019 Amsterdam


The following projects had new releases recently:

OWASP Internet of Things Top 10 for 2018 
Project Leaders: Daniel Miessler and Craig Smith

The OWASP Internet of Things Project was started in 2014 as a way help Developers, Manufacturers, Enterprises, and Consumers to make better decisions regarding the creation and use of IoT systems. This continues today with the 2018 release of the OWASP IoT Top 10, which represents the top ten things to avoid when building, deploying or managing IoT systems. The primary theme for the 2018 OWASP Internet of Things Top 10 is simplicity. Rather than having separate lists for risks vs. threats vs. vulnerabilities—or for developers vs. enterprises vs. consumers—the project team elected to have a single, unified list that captures the top things to avoid when dealing with IoT Security. 
The team recognized that there are now dozens of organizations releasing elaborate guidance on IoT Security—all of which are designed for slightly different audiences and industry verticals. We thought the most useful resource we could create is a single list that addresses the highest priority issues for manufacturers, enterprises, and consumers at the same time. 

Dependency-Track v3.4 released
Project Leader: Steve Springett      

This is the fifth major release this year and was a wonderful collaboration with the user community and partnership with both Kenna Security and Micro Focus Fortify, both of whom supported the Dependency-Track project’s efforts to provide native integration capabilities with their platforms. Special thanks to Ed Bellis (Kenna) and Scott Johnson (Fortify) and their respective teams. 

There’s a ton of other new stuff in this release as well including native support for NuGet and Pypi repositories for outdated version identification, improvements to Docker performance and configuration capabilities, and overall refinements and bug fixes. 

Changelog: https://docs.dependencytrack.org/changelog       
Website: https://dependencytrack.org

In addition please welcome to Incubator status the following new projects:
OWASP Serverless Goat by Ory Segal
OWASP DVSA by Tal Melamed
OWASP  API Security (Restart) by Erez Yalon
OWASP Blockchain Security Framework by  Deepak Pandey



Waterloo, Canada
Suffolk, UK
Buffalo, NY
Little Rock, AR
Memphis, TN
Miami, Florida
San Fernando Valley, CA 
OWASP Mentor and Mentee Program sponsored by WIA

OWASP Community encourages interested mentors and mentees to share your interest via the following Mentor and Mentee form.

Any question, please contact mentors@owasp.org


We welcome the following Contributor Corporate Members

Contributor Corporate Members

Join us
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, # 232
Bel Air, MD 21014  
Fax: 1-443-283-4021
Contact Us  

This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences