Thursday, August 10, 2017

OWASP World Tour



This year the strategic goal of OWASP is to raise awareness and spread application security knowledge world-wide by hosting a training world tour.  The 2017 world tour will have three, free mass application security training events.  Each one-day AppSec training course will teach 500 developers, software testers and entry level application security professionals core security topics. 

Our goal is that each training will combine general security principles such as the principle of least privilege, using secure defaults, reducing attack surface with AppSec specific topics such as parameterized queries to prevent SQLi and input validation and encoding.  We are also interested in teaching how OWASP Projects can assist in developing secure software. 

As part of the OWASP World Tour we are inviting all professional trainers to apply to the Call for Training for your opportunity to train in Tokyo, Boston, or Tel Aviv.  Training will close in this month, so apply today!  

If you are interested or know someone who is interested in attending the OWASP World Tour near you, please keep an eye on the OWASP Blog or OWASP World Tour Wiki Page for registration.  

Wednesday, August 9, 2017

OWASP Board of Directors Candidates and Questions

The OWASP Board of Directors are seven hardworking volunteers elected to direct the financial and outreach goals of the organization.  As a group the board members self organize into positions and guide the organization by defining our strategic goals.  You can follow the election on the Board of Directors Election wiki page.

This year we have seven candidates running for the four open board positions.  You can click on their names to read their bios and statements of purpose :






Additionally, during this time we request that our members submit questions to be asked of our candidates for the board during an interview that will be recorded and shared prior to the election.  The following are the winning questions from our community.

1. How do you make sure that the board's decisions won't be influenced by any personal favors or corruption?
2. OWASP does not have a great reputation internationally due what most people call "Politics", how do you intend to solve the "Politics" problem?
3. How do you intend to address bullying within OWASP? If someone is a repeat offender, will you enforce rules to expel or suspend offending parties?
4. How do you intend to empower the Compliance Committee? Currently all it has the power to do is mediate or make suggestions, it needs more than that.
5. What accomplishments related to OWASP Foundation's mission have you demonstrated in the last (5) years?
6. What kind of action plan do you have in mind to help motivate the participation of Developers into OWASP community?
7. What is your strategy to keep chapters active and motivated with OWASP and keep having meetings and organize local events?

Don’t forget that you must be a member by September 30th to vote for the OWASP Board of Directors.  Get your Membership Today!

Monday, August 7, 2017

OWASP Operations Update for August 2017

Welcome to the operations update for August 2017, the ongoing series of updates on what's happening at the OWASP Foundation.  Last month's post is available here.

In another departure from our normal format, I'd like to have a bit of a preamble to set expetations for the community.

With the staff reduced by 20% from 8 down to 6 FTE's, things are going to take longer then anyone would like.  Know that the OWASP staff is doing the best they can under difficult circumstances.  We currently do not have an ETA on any new hires at OWASP.  However, to offset the workload from Kate and Alison's departure (detailed last month), OWASP has:

  • contracted out the accounting functions Alison was doing.  She was doing more then just accounting but her former accounting functions have been covered.  We've had 1 month of transition and things are going fairly well.  We're still uncovering things that Alison did that haven't been handed off yet but we're nearly there.
  • started migrating some of our oldest and least user-friendly forms/processes from Google Docs 'apps' to Jira Service Desk.  The first of these is the funds reimbursement form which should be live by mid-August with more to come over the next couple of months.
So, while we've got items in motion to help streamline things going forward, those items haven't started to pay dividends yet.  We want the community to know that the staff feel your pain with some of the inevitable delays that will happen with a smaller staff.  We're doing what we can to build up the least amount of tech and operational dept as we go forward.

OWASP IT Infrastructure Hosting - Modernizing and migrating the OWASP infrastructure
  • Remaining hosts at Rackspace: OWASP Wiki, Mailman server, Virtual-host server which provides redirects and static content
    • These are on hold until staff is back to full strength
  • For the current status details, see the June 2017 update.
The Website Reboot - aka TWR - a major effort to update and modernize OWASP's web presence
  • Phase 1 is complete
    • Note: Due to lack of staff availability, the wiki is running the legacy LTS release not latest stable so Phase 1 will need to be repeated in future when this comes off hold.
  • Phase 2, 3 and 4 are in process
  • These are on hold until staff is back to full strength.
  • For the current status details, see the June 2017 update.
The OWASP Communication Plan 
  • Discourse as a replacement for Mailman
    • On a significantly reduced roll-out plan until staff is back to full strength
    • For the roll-out plan, see the Community section below.
  • Beta program for the Foundation's Global Meetup account continues
OWASP 2017 Strategic Goal aka The OWASP World Tour 
  • TLDR: Host 4 trainings worldwide of ~500 attendees geared toward developers and entry-level security professionals - further details on the wiki.
  • 4 locations reduced to 3 due to staff departures
    • Tokyo Bootcamp - September 30, 2017
    • Boston BOAST - October 9, 2017
    • Tel Aviv DevSec - October 17, 2017
  • Call for Trainers anticipated launch is mid-August
Association Management System (AMS) Upgrade 
  • Completed as of August 1st, 2017
Projects 
  • AppSec USA 2017
    • Final details and marketing plan in full force
    • Sponsor Expo Location Selection
      • Those sponsors who have paid in full have chosen their expo locations
      • Those who have not yet paid have not chosen their expo location and have not received their discount codes
  • AppSec EU 2018
    • Finalizing Gantt Chart
    • Conference budget built out
    • Multiple RFPs out for bid
  • AppSec APAC 2018 - proposal under review
Membership 
  • 55 Corporate Members
    • $185,000 (46% of yearly goal)
  • 2017 WASPY Awards
    • Nominees notified and winners posted plus announced to the community
    • Prepping for Award Ceremony at AppSec USA 2017
  • 2017 Global Board of Directors Elections
    • Candidates vetted and notified if they are eligible or not
    • Candidates will be posted the week of August 7th
    • Scheduling candidate group interviews to start August 25th to September 1st
  • Developer Summit at AppSec USA 2017
    • 3 trainers confirmed (1 full day presentation and two 1/2 day presentations)
  • BlackHat USA 2017
    • Kelly and Dawn represented the OWASP Foundation at our booth during the event along with several community volunteers
Community
As always, the OWASP Staff are here to make the OWASP community even stronger.  If you have a question, concern or need something, please let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage with the OWASP Foundation further at the August 9th Board Meeting.

Your friendly remaining neighborhood OWASP staff:
    Kelly, Laura, Claudia, Tiffany, Dawn and Matt

AppSec USA Speakers



A Senior Application Security Engineer for Verizon, the Director of Software Engineering for Capital One, and a Senior Cloud Security Engineer at Netflix walk into a bar …
No, this isn’t the start of a bad InfoSec joke. It’s a preview of the speakers you can expect to hear from at OWASP’s AppSecUSA Conference in Orlando, Florida from September 19 – 22, 2017. In addition to individual breakout sessions featuring security and application, and information technology leaders from companies such as Citrix Systems, Slack, PayPal, and USAA, you’ll also have direct access to daily keynote addresses showcasing the latest security ideas and technology advances.
AppSecUSA’s opening keynote kicks off with a not-to-be-missed session from educator and author Jim Manico and Cigital CTO John Steven. Jim will weave topics from his upcoming book from McGraw-Hill and Oracle-Press about Java web security with John’s expertise on threat modeling and architecture risk analysis to frame up today’s landscape in secure development and where the industry is going.
On day two, Runa Sandvik, Director of Information Security at The New York Times, delves deeper into how application and information security impacts a variety of industries, including journalism and the general population’s understanding of the news. And if that wasn’t enough, Jen Ellis, VP of Community and Public Affairs for Rapid7 , will wrap up the conference with her perspectives on how technology specialists and government agencies can work better together for a more secure information infrastructure in our world today.
AppSecUSA’s speakers tackle hot topics from government security to threat management, and from DevSecOps to cookie security and supply chain management across a wide array of industries. For a full list of announced speakers click here to learn more and register for AppSecUSA today: https://appsecusa2017.sched.com/directory/speakers. This is one lineup you don’t want to miss!
AppSecUSA’s speakers tackle hot topics from government security to threat management, and from DevSecOps to cookie security and supply chain management across a wide array of industries. For a full list of announced speakers click here to learn more and register for AppSecUSA today: https://appsecusa2017.sched.com/directory/speakers. This is one lineup you don’t want to miss!






Wednesday, August 2, 2017

OWASP Top 10 2017 Project Update

The OWASP Top 10 is the most heavily referenced, most heavily used, and most heavily downloaded document at OWASP. Therefore, it rightfully has a greater level of scrutiny and a greater level of review as befitting a Flagship project.


The previous Top 10 leaders have passed the baton for this project on to a new team and we will strive to address the feedback that has been provided over the past few months. We have discussed as a team and at the OWASP Summit what steps must be taken and what changes must be made to the OWASP Top 10.


A summary of changes is listed below, please read further to understand more of the why behind them:
  • The Top 10 will focus on Vulnerability Categories.
  • Feedback on the mailing list has been moved to the Issues List (https://github.com/OWASP/Top10/issues) in GitHub, please continue to contribute feedback there.
  • The content of the document will be extracted to provide easier translations.
  • Scoring for Top 10 entries is intended to be based on Common Weakness Scoring System (CWSS)
  • For the 2017 Edition, 8 of 10 vulnerabilities will be selected from data submitted via the call for data and 2 of 10 will be selected from an industry-ranked survey.
  • A ranked survey (https://goo.gl/forms/ltbKrdYrp4Qdl7Df2) is now available for industry professionals to select two new vulnerability categories for inclusion in the Top 10 2017. The deadline for the survey is 30 August, 2017.
  • The call for data (https://goo.gl/forms/tLgyvK9O74r7wMkt2) is now reopened to allow for additional data to be collected for analysis. The new deadline for the extended data call is 18 September, 2017.
  • The Top 10 2017 RC2 will released for review and feedback 9 October, 2017.
  • The final release of the Top 10 2017 is targeted for 18 November, 2017.


OWASP Top10 Timeline-v2.png


The OWASP Top 10 has always been about missing controls, flawed controls, or working controls that haven’t been used, which when present are commonly called vulnerabilities. We have traditionally linked the OWASP Top 10 into the Common Weakness Enumeration (CWE) list maintained by NIST / MITRE. We will continue to align with CWEs and utilize the CWSS scoring system to help provide an industry standard measurement.
For the Top 10 2017, we will be focusing on vulnerability categories. These categories will be mapped to one or more CWEs where possible. The scoring system for the Top 10 will be updated to leverage the CWSS as much as feasible. Like the Common Vulnerability Scoring System (CVSS) for specific Common Vulnerabilities & Exposures (CVEs), we are intending to use CWSS for vulnerability categories. In the scenario where there are multiple CWEs, we will use the high-water mark; if there is a vulnerability category without a matching CWE, we will do what we can to align a CWSS score.
Although the OWASP Top 10 is partially data-driven, there is also a need to be forward looking. At the OWASP Summit we agreed that for the 2017 Edition, eight of the Top 10 will be data-driven from the public call for data and two of the Top 10 will be forward looking and driven from a survey of industry professionals. The OWASP Top 10 will clearly identify which items are forward looking: we will use the CWSS score of these items (if a CWE for the issue exists) or our best judgement on where the issue will be ranked in the Top 10.


The extended call for data can be accessed here: https://goo.gl/forms/tLgyvK9O74r7wMkt2
The two items that are not data-driven will be supported by a qualitative survey. The survey is comprised of vulnerability categories that were identified as “on the cusp,” mailing list feedback, and previous call for data feedback. Respondents should rank the top four most important vulnerability categories from their knowledge and experience. The two vulnerability categories with the total highest ranking will be included in the Top 10 2017. The information will also help us develop a plan to better structure the call for data for the OWASP Top 10 2020.


The survey can be accessed here: https://goo.gl/forms/ltbKrdYrp4Qdl7Df2


Every single issue in the OWASP Top 10 should have a direct cause: either one or more missing or ineffective controls, or not using an in place control. Every issue should be precise in its language and view (as in not intermingling the terms “weakness,” “vulnerability,” “threat,” “risk,” or “defect”) so each issue can be theoretically testable. This will help us make a stronger and more defensible list of included items.
We aim to review and resolve ontological concerns, such as including issues that are not like the others. This means that in some circumstances, there should be a view from the Developer perspective (documented by the OWASP Proactive Controls) and a view for the Defending Blue Team (documented by the currently non-existent OWASP Defensive Controls).
Every issue should contain clear and effective advice on remediation, deterrence, delay and detection that can be adopted by any development team - no matter how small or how large. As the OWASP Top 10 are important vulnerability categories, we should strive to make our advice easy to follow and easily translatable into other languages.
From a methodology point of view, we are looking at taking lessons learned from 2017 and coming up with a better process for the OWASP Top 10 in 2020. We would like to coordinate with other teams to provide a staggered release of the other OWASP Top 10 efforts with sufficient time between each release to allow the industry to upgrade and adopt in a practical way.
Lastly, we are opening up the text to provide history and traceability. We need to ensure that all of the issues documented within any of the various Flagship projects, but particularly the OWASP Top 10, can be satisfied by developers and devops engineers without recourse to paid tools or services. There is value in the use of paid services and tools, but as an open (as in free and in liberty) organization, the OWASP Top 10 should have a low barrier of entry, and high effectiveness of any suggested remediations.
Thank you, and we look forward to working with you on the OWASP Top 10.


OWASP Top 10 Project Leaders
Andrew van der Stock
Neil Smithline
Torsten Gigler
Data Analyst

Brian Glas

Monday, July 31, 2017

July 2017 Connector

OWASP Connector

FOLLOW US


           
  COMMUNICATIONS |  PROJECTS |  EVENTS |  CHAPTERS |  MEMBERSHIP  
Mon, July 31, 2017
OWASP CONNECTOR
Communications

Operations Update

The June Operations Update includes vital information about OWASP's infrastructure initiatives, project activity, and Chapters. Read it for an overview of what is happening in OWASP.


Congratulations to our 2017 WASPY Award Winners!

The Web Application Security People of the Year awards are our community’s way of honoring the amazing volunteers who fly under the radar, but whose work makes OWASP the organization we know and love. This year we changed things up. Due to community feedback that the WASPYs were nearly useless and functioned largely as popularity contests we chose to invite the community to nominate the volunteers who make their OWASP experience amazing. Then rather than relying on [public voting which rewards large chapters, the staff and board members voted based on your nominating statements.

We also chose to get back to our roots and focus on three categories which best represent the ways that our members interact with us and each other.

The 2017 WASPY Award winners are:

Best Community Supporter - The WASPY for COMMUNITY honors members who create dynamic INTERACTION and LEARNING opportunities for the OWASP Community. Nominees to the Community WASPY Award create collaborative and inclusive environments and grow the OWASP Community.

A three way tie between:

Dinis Cruz Jeremy Long Nicole Becher

Best Mission Outreach - The WASPY for Mission Outreach honors community members who help the community GROW. Growth can happen inside the larger OWASP community or outside it in the broader AppSec and development communities.

Mark Miller

Best Innovator - The WASPY for Innovation is given to a community member who has contributed to the TECHNICAL advancement of OWASP in the past year. This advancement is usually through an OWASP Project and can be in the form of code, an application, or anything that materially makes the AppSec community better in a unique way.

Sebastian Deleersnyder

A huge thanks to our community for calling out these amazing volunteers! Please take the time to read the citations for all of our nominees.


2017 Global Board of Directors Election

The Call for Candidates for the Global Board of Directors closes TODAY! The OWASP Global Board of Directors is an all-volunteer board dedicated to the organizational mission which directs the strategic direction of OWASP. This year there are 4 open positions for the board.

Due to a vote on February 8th, 2017 which mandated that no board member may serve more than 2 2-year terms in a 10 year period there will be no incumbent board member up for election. To learn more about the Election and to submit your candidacy, please visit: https://www.owasp.org/index.php/2017_Global_Board_of_Directors_Election

The submission period questions to the candidate also closes today. You can submit your questions here:

https://app.sli.do/event/lx5yirva/ask


Changes in OWASP Accounting and Staff

As many of you know, the OWASP staff was reduced by 20% when Alison McNamee and Kate Hartmann moved on from OWASP. Both of these women have been with OWASP since nearly the beginning and will be dearly missed.

When it comes to our accounting, currently we have purchased accounting services from Virtual. We are also taking the opportunity to revamp our processes which were developed to serve our community when it was much smaller. In the coming weeks you can look forward to an easier and more transparent system--including the ability to track your reimbursement requests independently.

The first visible change, however, is that reimbursements will be sent out twice a month-- on or before the 15th of the month and on or before the last day of the month. Reimbursements must be approved at least 24 hrs before they are scheduled to be processed to be expected in either batch. Please keep this in mind when approving reimbursements.

We appreciate your patience as we move through these transitions.

Yours,

The OWASP Staff


OWASP Volunteer Platform

We are ready to begin the design stage for building the OWASP Volunteer Platform and we need your help! The first step of the design phase is a set of surveys. OWASP Leaders will receive a survey to explore your needs as volunteer managers via email. The survey will be active until September 22, 2017. The wider OWASP community will be encouraged to follow a link to the Volunteer Portal Survey for Community Members which explores the needs of prospective volunteers in a volunteer management platform. You do not need to be a paid member of OWASP to take the survey. If you are both a Leader who manages volunteers and a volunteer elsewhere in OWASP you are encouraged to take both surveys.

Your input is invaluable and we thank you for your time.

https://www.surveymonkey.com/r/OWASP-VolunteerSurvey-Communitymemeber

(estimated time to take: 4 min.)


OWASP in the News

 

 
Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.

Projects

OWASP Code Sprint '17

OWASP Foundation is pleased to announce the student selections for the OWASP Code Sprint 2017. There were 32 student proposals submitted and it was a very challenging decision to only select 14 Student Slots. You can see which students and projects won placement on the OWASP Blog

More Mentors Welcome:

Do you want to become a mentor for a student?

Choose a participating OWASP project from the OWASP Code Sprint 2017


Project Summit AppSec USA

The 179 AppSec USA Project Summit is now accepting participants and suggestions for our Hot Topics. Project Summits at Global events include working sessions that allow project leaders and contributors to work together face to face in an intense and productive environment to move their projects forward. This is a great opportunity for local contributors or those attending the conference to become more deeply involved in OWASP Projects. Qualifying Project Leaders can receive grants to cover their attendance at the event.

Requirements for Participation:

 

 

  • Active OWASP Project started in the last 9 months.
  • $750.00 for Air Travel Assistance per OWASP Project
  • Agenda and Deliverables for your project at the summit are required.
  • Deadline on September 5th!

Funding Opportunities(through the Reimbursement Process):

 

 

Please use the contact us form for any questions or concerns.

Contacts at OWASP Foundation: Matt Tesauro and Claudia Aviles Casanovas

  • $750.00 for Air Travel Assistance per OWASP Project
  • Two Nights of accommodations for the days of the Project Summit USA
  • OWASP Project Leaders (three leader max) receive a complimentary pass for AppSec USA 2017.



Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.
Events

Hands on training at AppSecUSA!

It’s one thing to hear from leading technology professionals and pioneers at an information and applications securities conference … but nothing beats hands on, immersive learning and training opportunities led by those same thought leaders and change makers. Imagine stepping away from your desk for two full days to explore application security automation alongside CTO of We45, Abhay Bhargav, or identifying security risks by hacking into IoT devices during an afternoon with Aditya Gupta, Founder and CEO of Attify. What if you could collaborate with global industry experts on open-source defensive security techniques and practice mitigating mobile app attacks in a real-life test environment?

During the first two days of OWASP’s 14th annual AppSecUSA conference in Orlando, Florida from September 19 – 22, 2017, you can. Guests will have the opportunity to participate in two full-day, self-guided training sessions with other attendees and speakers such as Sebastien Deleersnyder, Managing Partner and co-founder of Belgian securities company Toreon, and many more. These pre-conference training days will set the tone for OWASP’s signature AppSecUSA event, which showcases cutting edge lectures and keynote sessions featuring securities experts from around the world in a friendly, interactive environment.

Explore the full training and lecture schedule here: https://appsecusa2017.sched.com/, or preview the conference’s announced speakers list. The conference is just a month and a half away, with registration tickets going fast and hotel accommodations filling up even faster. Don’t miss OWASP’s exclusive opportunity to learn from and rub elbows with the most senior security developers and experts out there. No matter what industry you’re in, or where you live, this exciting, international conference is the place to be as a security and information leader.


AppSec USA Speakers are announced!

A Senior Application Security Engineer for Verizon, the Director of Software Engineering for Capital One, and a Senior Cloud Security Engineer at Netflix walk into a bar …

No, this isn’t the start of a bad information securities joke. It’s a preview of the speakers you can expect to hear from at OWASP’s AppSecUSA Conference in Orlando, Florida from September 19 – 22, 2017. In addition to individual breakout sessions featuring application security and information technology leaders from companies such as Citrix Systems, Slack, PayPal, and USAA, you’ll also have direct access to daily keynote addresses showcasing the latest security ideas and technology advances.

AppSecUSA’s opening keynote kicks off with a not-to-be-missed session from educator and author Jim Manico and Cigital CTO John Steven. Jim will weave topics from his upcoming book about Java web security with John’s expertise on threat modeling and architecture risk analysis to frame up today’s landscape in secure development and where the industry is going.

On day two, Runa Sandvik, Director of Information Security at The New York Times, delves deeper into how application and information security impacts a variety of industries, including journalism and the general population’s understanding of the news. And if that wasn’t enough, Jen Ellis, VP of Community and Public Affairs for Rapid7, will wrap up the conference with her perspectives on how technology specialists and government agencies can work better together for a more secure information infrastructure in our world today.

AppSecUSA’s speakers tackle hot topics from government security to threat management, and from DevOps security to cookie security and supply chain management across a wide array of industries. For a full list of announced follow the AppSec USA Schedule register for AppSecUSA today. This is one lineup you don’t want to miss!


Dragons, Pixis, & iOS!

Are you a developer interested in learning how to your code can be better? The OWASP Developer Summit is your FREE two day training opportunity! Qualified trainers will walk you through threat modeling with the OWASP Threat Dragon, attacking products through APIs, and everything you need to know to keep your iOS Apps safe.

Using OWASP Threat Dragon for Threat Modeling

OWASP Threat Dragon is a new OWASP project that introduces a threat modeling tool that is portable (able to be used on the web in various platforms), integrates well with build process, and is a great tool to introduce to developers and teams. This developer hands-on session will focus on introducing the Threat Dragon tool, best ways to use the tool in a day-to-day developer environment, and making it part of the CI implementation (including integration with Jenkins, etc.).

Hacking APIs and Web Services with OWASP DevSlop & PIXI!

Modern applications often use APIs and other micro services to deliver faster and better products and services. However, there are currently few training grounds for security testing in such areas. In comes DevSlop, OWASP's newest project, a collection of DevOps security disasters made as a vulnerable testing and proving ground for developers and security testers alike. DevSlop's Pixi, the first of many entries to come for this OWASP project, will be demonstrated and presenting for participant's hacking and learning pleasure. Pixi consists of vulnerable web services, and participants will be walked through how to exploit several of it's vulnerabilities so they can learn how to do better when they create their own web services and other types of APIs from now on.

Extreme iOS App Exploitation, Defense and ARM Exploitation

Detailed training contents: https://goo.gl/swp7F8 iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This training will show you how to conduct a wide range of penetration tests on iOS applications to uncover vulnerabilities and strengthen the system from attacks. Extreme iOS App Exploitation, Defense and ARM Exploitation is a 14 hrs session which will help you conduct end to end pentesting of iOS Applications and will also help you to understand the security measures which needs to be taken. This training will also have CTF challenge where attendees will use their skills learnt in session. To attend this hands-on session, all you have to do is bring your macbook with xcode installed on it.

Register to get your spot today!


OWASP World Tour

OWASP will be hosting three FREE Developer training events this year! These training events will feature paid professional trainers teaching ~500 people in three countries around the world. Keep an eye on the OWASP Blog, Facebook, and Twitter accounts for the CfT which will be opening soon.

Tokyo: September 30, 2017; Tokyo Institute of Technology

Boston: October 9, 2017; Boston University

Tel Aviv: October 17, 2017; The College of Management


Upcoming Events

Regional and Local Events

  • AppSec AU — September 7–9, 2017; Melbourne, Australia
  • OWASP Indonesia Day — September 9, 2017; Yogyakarta, Central Java, Indonesia
  • New York Metro Joint Cyber Security Conference — October 5, 2017;New York, NY
  • Cheat Sheet Workshop with Jim Manico — September 10–12, 2017; Frankfurt, Germany
  • OWASP Bucharest AppSec Conference 2017 — October 6, 2017; Bucharest, Romania
  • AppSec Israel 2017 — October 17–18, 2017; Tel Aviv, Israel
  • LASCON 2017 — October 26–27, 2017; Austin, TX, USA
  • OWASP AppSec Africa 2018 — May 10–12, 2018; Morocco

Training Events

  • OWASP World Tour (Details Coming Soon!) — October 9, 2017; Boston University, Boston, MA, USA

Developer Summits

Partner and Promotional Events


Chapters

OWASP Go Live?

We are looking for a chapter interested in live streaming its meetings to join OWASP London in testing this feature with us. If you are interested in trying this out with us please submit your interest via the Contact Us form (choose Chapters from the drop down menu). Please include the frequency of your meeting, whether your chapter has equiptment, and what your preferred platform is.


 


Membership

June 2017 Corporate Members

 
July 2017 Corporate Member
 
We would like to thank Peach for supporting the OWASP Foundation.  
Peach has contributed this month by joining OWASP as a new Corporate Member.  
 
Details about Corporate Membership can be found here.
 
 
Contributor Corporate Member
 
Peach Tech provides advanced security testing solutions and leading-edge products, such as the innovative + automated Peach APISecurity: Peach API Security intelligently executes a series of fuzz tests and passive security tests on your web APIs. Comprehensive test results empower your team to mitigate security vulnerabilities. Each uncovered vulnerability includes actionable data. Peach APISecurity supports many CI systems and test suites, and transforms unit tests into security tests. We also developed the robust fuzzing platform Peach Fuzzer. We customize testing strategies for security-minded clients engaged in all stages of development. Leverage the power of Peach Tech to secure your world.
 
For more information, please visit: https://www.peach.tech/
 
 
 
 
 
Want your company name here? 
 
Find out how by visiting our Corporate Member information page, or contact Kelly Santalucia, our Membership & Business Liaison today!  
 
 
 
Thank you to all of our Premier and Contributor Corporate Members for your support!
 

The OWASP Foundation, 1200C Agora Drive #232, Bel Air, Maryland, 21014, USA