Wednesday, October 14, 2020

OWASP Blog Moved to Website

This will be the last post from the OWASP Blogger. Moving forward all of our blog content can be found on our website under our News

Thursday, December 12, 2019

OWASP ZAP Project - Zed Attack Proxy team releases two initiatives

The Zed Attack Proxy team is pleased to announce two recently released initiatives:

ZAP In Ten

The team have just launched a new series of videos called 'ZAP in Ten' in conjunction with AllDayDevOps.

ZAP in Ten is a series of short form videos featuring Simon Bennetts, project lead of the OWASP Zed Attack Proxy (ZAP)  project. Each video highlights a specific feature or resource for ZAP.


As part of OWASP's participation in Google's Season of Docs, the ZAP project has had @sshniro working on API documentation. The first iteration of the documentation is now live It includes Java, Python, and shell example snippets all presented in a responsive and accessible design. Which we will continue to build on in the future.

Big thanks to Nirojan for his efforts on this wonderful initiative!  Congratulations and thanks to Google Open Source for helping to bring the open source and technical writer communities together!

Tuesday, November 26, 2019

November 2019 Connector

November 2019


Letter from the Vice-Chairman

Dear OWASP Community, 

Preparation for next year’s conferences is underway. I had the pleasure of meeting people from our community at a recent ISACA Ireland event where I had an OWASP stand. I also had lots of swag to give away, loads left which I plan to share out amongst the community. 

I was on a call recently with both WIA leadership and a number of individuals looking to broaden our diversity reach, forming DIA (diversity in AppSec). This was a positive call and I look forward to reviewing their proposal under the committee 2.0 operating model.

I’d like to thank our volunteers, chapter and project leaders for making OWASP what it is today. We wouldn’t have a foundation without you. We always want to make things better, to this end, it would be great if you could fill out the following feedback form.

Thank you, 
Owen Pendlebury, Vice-Chairman


As we wind down 2019, we are planning lots of new opportunities to get involved with OWASP next year. The current working draft of the 2020 Operating Plan can be found on our staging site for our new website which is planned to launch next month.
Some of the highlights for 2020:
  • Quarterly Town Hall meetings.
  • Two Project Summits - the first in February 2020
  • Pilot single-day AppSec Days worldwide to offer local training and community.
We are also set to further increase the transparency of the daily workings of OWASP through our Staff Projects page. The pages linked there will always be a work in progress; some of which today are still only templates but still a great resource to know what’s going on at OWASP.

All of this which adds to our Global and Regional Events, ongoing local chapter support, and other member activities. Our plans are ambitious and we look forward to your continued support this and every month as we look to better secure the web.

OWASP Foundation Global AppSec Event Dates for 2020

Global AppSec Dublin, June 15 - 19, 2020
(Formerly known as AppSec EU)
Sponsorship is now available
Call for Papers & Call for Training December 2019
Global AppSec San Francisco, October 19 - 23, 2020
(Formerly known as AppSec US)
CFP &  CFT February 2020

** Visit our website for future announcements.**
NEW OWASP Project Summit - Winter 2020
February 2020 in Cancun, Mexico

The OWASP Foundation will host a three-day working session for FIVE selected projects in Cancun, Mexico, February 2020. Arrival day will be Wednesday the 19th and departures will be the 23rd. Projects must apply and then get selected to participate. The application process will require project meeting goals, work plans, key contributors, and expected attendance. The OWASP Foundation Officers Group will make the final selection. For more information click here

You can also email Emily Berman Global Events Director or Harold Blankenship Director of Technology and Projects.
Announcing a New Opportunity to become part of a Global AppSec Program Team
Conference Program Teams are constituted for each Global AppSec event and consists of members of OWASP members and staff. The selection of team members is based on subject-matter expertise and a balanced representation of the OWASP community. For planning purposes, team members shall reside on the continent of the Global AppSec for which they serve. Teams are constituted no later than six months prior to the Global AppSec event.

To apply to become a member of the Conference Program Team click here.

We are so excited to announce that both the London OWASP and WIA community have been asked to speak at BlackHat Europe 2019 on Wednesday 4 December at the EXCEL London.   Andra Lezza is leading the panel of women to "Share insights gained at different stages of their careers to help other women in the field."  Thank you, Andra, for leading the initiative and also to Sonya Moisset, Bibi Sanjarani, Katy Anton and Lauren Chiesa for volunteering to be part of the panel.  Also from the OWASP Community and a London Chapter Leader Sam Stepanyan and Paul Harragan.  Sam and Pau will be presenting a more in-depth demo on the OWASP Nettacker.  Good luck to all the speakers have a great conference.

I would like to encourage all of the OWASP community that will be attending BlackHat Europe to please make every effort to attend and support our fellow OWASP members Wednesday, 4 December 2019. (Click to view the schedule details.)

OWASP Members don’t forget you are eligible for € 200.00 discount, email for code to use when registering.

BlackHat Europe has extended an invitation to our London WIA community  to  lead a panel to "Share insights gained at different stages of their careers that could help other women in the field."  Thank you to Andra Lezza for leading this initiative and Sonya Moisset, Bibi Sanjarani, Katy Anton and Lauren Chiesa for volunteering to be part of the panel and to contribute.  Good luck I am sure your session will be a huge success.

BlackHat Europe 2019 London at EXCEL London
2019 December 2-5 
The OWASP Booth 1015
Business Hall December 4 & 5 
December 4, 10:30 AM - 7:00 PM
December 5: 10:00 AM - 4:00 PM


You may also be interested in one of our other affiliated events:

Event Date Location
German OWASP Day 2019 December 10, 2019 Karlsruhe, Germany
AppSec California 2020 January 21 - 24, 2020 Santa Monica, CA
OWASP New Zealand Day 2020 February 20 - 21, 2020 Auckland, New Zealand
OWASP Seasides March 3 - 5, 2020 Panjim Goa, India
SnowFROC 2020 March 5, 2020 Denver, CO
AppSec Morocco & Africa 2020 June 4 - 5, 2020 Rabat, Morocco

Event Date Location
BlackHat Europe 2019 December 2 - 5, 2019 London


As the foundation moves toward the migration of the OWASP web presence from the old wiki site to our new Github-hosted home, some of you may still have questions regarding what to move and how to move it. Essentially, if you have a chapter page or project page and you have not migrated it to the new website, that would be first. Steps on what to do and what is needed can be found at There are also some minor instructions on the default project or chapter page itself. And if you are wondering where that page is located, you can go to and type your chapter name in the repository search bar. If your project or chapter is not there, contact me. Lastly, there are a number of excellent examples already done by other leaders (also linked on the migration page).

And, as a precaution, you should click over into the 'Settings' of your repository and then click the 'Collaborators & teams' link on the left menu and check to make sure that the usernames added to Collaborators match what you expect.  Having someone you do not know edit your web page without your knowledge is no longer the expected behavior.

Some resources, mostly for projects, have been uploaded to the OWASP Site Theme Repository and can be linked to via the /assets/image/common/<file> URL.

After your chapter or project page is done, there is a www-community repository which would include any files from the wiki that are not currently in a project or chapter or board/staff policy area.  For instance, there are pages there for GSoC and XSS and CSRF.  A list of the top pages that need to be migrated can be found attached to one of the TODO cards on our website migration Trello board which you are invited to join if you want to help migrate loose pages and/or perform some automation work.

Our current plan can be found on the Website Relaunch project page.


As part of OWASP's participation in Google's Season of Docs, the ZAP project has had Nirojan Selvanathan (@sshniro)  working on API documentation.  The first iteration of the documentation is now live.  It includes Java, Python, and shell
example snippets all presented in a responsive and accessible design which we will continue to build on in the future.

Big thanks to Nirojan for his efforts on this wonderful initiative!
Congratulations and thanks to Google Open Source for helping to bring the open-source and technical writer communities together!


Welcome to our New OWASP Chapters

Colombo, Sri Lanka
Des Moines, IA
Harrisburg, PA
Louisville, KY
Monterrey, Brazil
Moscow, Russia

Contributor Corporate Members

*Ads and logos are not endorsements and reflect the messages of the advertiser only. *
Join us
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, #232
Bel Air, MD 21014  
Contact Us

This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences