We would like to thank the South Korea chapter for putting on an excellent conference last week. Guests traveled from all parts of the globe to attend the AppSec APAC 2013 conference that took place on Jeju Island. Below are a few images taken by a handfull of our guests. To view the rest of our images for this conference, please visit our OWASP Photo Gallery Page.
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Thursday, February 28, 2013
AppSec APAC 2013
We would like to thank the South Korea chapter for putting on an excellent conference last week. Guests traveled from all parts of the globe to attend the AppSec APAC 2013 conference that took place on Jeju Island. Below are a few images taken by a handfull of our guests. To view the rest of our images for this conference, please visit our OWASP Photo Gallery Page.
Tuesday, February 26, 2013
OWASP iGoat Project: Thanks to iGoat lead developer, Sean Eidemiller, it gives me great pleasure to announce the immediate release of OWASP iGoat version 2.0! See the project web site at: https://www.owasp.org/index.php/OWASP_iGoat_Project for more information, or go directly to the source repository to download at: http://code.google.com/p/owasp-igoat/ The OWASP iGoat tool is a stand-alone iOS app (distributed solely in source code) designed to introduce iOS developers to many of the security pitfalls that plague poorly-written apps. Like its namesake, OWASP's WebGoat tool, iGoat is intended to teach software developers about these issues by stepping them through a series of exercises, each of which focuses on a single aspect of iOS security. OWASP iGoat is an ideal tool to use in a classroom setting to teach iOS developers (and technically minded IT Security staff with at least some exposure to object oriented programming). Exercises include many typical problem issues (and their solutions) including: - Securing sensitive data in transit - Securing sensitive data at rest - Securely connecting to back-end authentication services - Side channel data leakage (e.g., system screen shots, cut-and-paste, and keystroke logging via the autocorrection feature) - Making use of the system keychain to store small amounts of consumer-grade sensitive data New to version 2.0: - iGoat is now a true Universal app, so it builds and runs on iPhones, iPod Touches, as well as iPads. Full screen views are supported on all of these devices. (It also runs on the iPhone simulator included with XCode, of course -- which is ideal for a classroom environment.) - A few "behind the scenes" improvements were made to the iGoat platform itself, making it easier to work with and develop new exercises. These include: o Storyboards for main screen navigation. o ARC support for object memory management. - General code clean-ups. Requirements: To build and run iGoat, you'll need a Mac running OS X (real or virtual machine), with XCode installed. iGoat was built for Mountain Lion, but should run fine on any OS X newer than Snow Leopard. We recommend the latest XCode and built iGoat using XCode version 4.6. Similarly, iGoat was built on iOS 6.1, but should be backwards compatible with at least version 5.x. We invite the OWASP community to download and try iGoat, and we welcome your suggestions for improvements. We're always looking for willing participants to contribute to the project as well! Cheers, Ken van Wyk OWASP iGoat Project Leader
Monday, February 25, 2013
Wednesday, February 20, 2013
AppSecUSA 2013 Sponsorship Registration is NOW OPEN
OWASP AppSecUSA 2013 Sponsorship Registration is
NOW OPEN!
AppSecUSA 2013 is being held November 18th - 21st in New York City at the NY Marriott Marquis located in the heart of Times Square!
Conference sponsors will have access to over 2000 attendees exclusively focused on Software Security.
Space is limited, so don't wait! Complete the form now to be part of the action in the Big Apple.
Want to save on the price of your conference sponsorship? Become a Corporate Member today and take advantage of the Discounted Sponsorship Rates for OWASP Corporate Members!
Press Release
Tuesday, February 19, 2013
OWASP Connector February 19, 2013
|
Thursday, February 14, 2013
Moving to Global Initiatives Program & Retiring Committee Structure
OWASP has grown significantly over our 10+ years of existence. As we’ve grown the community has adapted and changed in many ways. Nearly five years ago at the first OWASP Summit we created the global committees. This structure created new channels where interested OWASP’ers could help shape and grow the OWASP organization. Over those five years we’ve seen many great results from the committees and many people have contributed countless hours to further OWASP.
As we’ve continued growing it is now time to make another pivot. The committee structure provided many successes but now there is a better structure that will accommodate a growing population of interested OWASP volunteers.
At this time we are retiring the committee structure and completely moving to the Global Initiatives Program (https://www.owasp.org/index. php/OWASP_Initiatives_Global_ Strategic_Focus). The Global Initiatives program will be the new way for any interested individual to find and volunteer to assist with OWASP activities. The Global Initiatives program is a single place where individuals can post new ideas to rally a team or can look for other activities that are in need of assistance.
This transition will allow for further involvement within OWASP by:
- Creating smaller, task focused objectives for OWASP’ers to volunteer
- Minimize barriers and red tape for OWASP’ers
- Create projects with natural end dates so OWASP’ers aren’t required to make multi-year commitments just to get involved
- Provides tasks that are short or long term commitments – OWASP’ers can match their availability and desired commitment with the best initiative in need of resources
- Enables easier recognition for all the great contributions from our OWASP’ers
The efforts put forth in the committees was truly valued. While the structure may be changing, we encourage and welcome all of the great volunteers from the former committees to continue growing OWASP through the Global Initiatives program.
We’re all excited about this new transition and hope to see many more OWASP’ers contributing and spreading application security.
Want to talk more about the OWASP global initiatives program? Join the monthly call. Next meeting is February 14th
.
REGISTER FOR THE UPCOMING WEBINARS
Want to talk more about the OWASP global initiatives program? Join the monthly call. Next meeting is February 14th
.
REGISTER FOR THE UPCOMING WEBINARS
--
Michael Coates | OWASP | @_mwc
Michael Coates | OWASP | @_mwc
OWASP Board
Wednesday, February 13, 2013
OWASP HR Information
OWASP Community Members,
I wanted to take a minute and share the OWASP hiring process for the IT Support Position. Although we need to work on our timing a bit, I'm comfortable that the process is fair and impartial.
In early November, two positions were posted on the OWASP jobs board and included in the OWASP Connector, and applications were submitted via the contact us form. The IT candidates information was forwarded to the Board for review.
Actual interviews were not conducted until late January and early February. During the delay, several additional candidates submitted their resumes for consideration.
I interviewed the candidates for their non-technical skills: management, interpersonal and communication skills, areas of interest, and general knowledge and passion for OWASP. Jim Manico interviewed the candidates for their technical ability and reported that to Sarah Baso and me.
The candidates were evaluated on all factors and a decision was promptly made. Those candidates who interviewed were notified of the decision prior to the announcement.
Tuesday, February 5, 2013
OWASP Connector February 5, 2013
|
OWASP at FOSDEM 2013
OWASP had a great presence this year at FOSDEM 2013 held in Brussels, Belgium. Dedicated members from Amsterdam, Belgium, and the United Kingdom attended on behalf of OWASP. Simon Bennetts spoke about OWASP ZAP at the event, and helped share our mission with Sebastien Deleersnyder and Martin Knobloch. Thank you for your dedication and support, gentlemen.
FOSDEM is a community driven event whose goal is to provide Free Software and Open Source developers a place to get together and share ideas. FOSDEM is a non-commercial, two-day event organized by volunteers to promote the widespread use of Open Source software.
Image via FOSDEM 2013
Monday, February 4, 2013
2014 Call for Global AppSec Conference Proposals
OWASP Leaders -
Are you interested in hosting a Global AppSec Conference for 2014? Now is the time to submit your proposal!
Each year OWASP hosts four international AppSec conferences that are aimed at raising money for the Foundation while fulfilling our mission of improving the security of software through awareness and education. OWASP Global AppSec Conferences include 2 days of pre-conference training, followed by 2 days of conference talks. For more information about Global AppSec conferences, see the How to Host a conference page (http://www.owasp.org/index. php/How_to_Host_a_Conference).
We are currently soliciting proposals for four Global AppSec conferences in 2014. Conferences will be selected to facilitate one Global AppSec conference in each quarter of the year with conferences held in North America, South America, Europe and the Asia Pacific regions. New for 2014, we will be moving the North American event to Q2!
· Global AppSec Asia Pacific - Q1 (Applications due by March 1st 2013)
· Global AppSec North America – Q2 (Applications due by April 1st 2013)
· Global AppSec Europe - Q3 (Applications due by July 1st 2013)
· Global AppSec Latin America - Q4 (Applications due by September 1st 2013)
Putting on a Global AppSec conference is a rewarding experience, but also a tremendous amount of work. Having a team of volunteers (or at least a core group of individuals) willing to lead the event planning efforts, with experience with a local or regional event is strongly recommended.
Some things to consider before sending in an application:
· First, review the How to Host a conference page (http://www.owasp.org/ index.php/How_to_Host_a_ Conference). This page hosts a variety of information about planning an OWASP event, as well as various requirements and policies that have been put in place by the foundation to govern Global AppSec Conferences.
· Gather a small team together who are interested in working the event. Trust us, you can’t do it all yourself.
· Work with your local planning team to acquire some basic information (location, tentative dates, possible venues, costs, theme, etc) about your event.
· Prepare a rough budget plan using the OWASP Budget Planning Tool (http://www.owasp.org/index. php/Conference_Budget_ Planning_Tool). We understand that you may not have quotes and good estimates for all of the budget items but please put forward the best information you have.
· Some events have chosen to put together a short presentation describing the organizing committee, previous conference experience, existing local supporting organizations, local attractions, access to transportation, local culture and more. In general, these are presentations to 'pitch' your city to the committee. Examples of successful presentations http://bit.ly/ i9rgA1 andhttp://bit.ly/gsA2wI .
We really appreciate every proposal we receive. Just by submitting an application, you are demonstrating your commitment to OWASP by offering to host one of its best public outreach initiatives. Please keep in mind that there are many factors that go into selecting Global AppSec Conference locations and not every proposal will be approved. We also realize that this could be very early in your planning process, and therefore challenging for you to provide detailed information, just provide the best available information.
If you have any questions or need assistance with your application, do not hesitate to contact Sarah Baso (sarah.baso@owasp.org) or the Global Conferences Committee (global_conference_committee@ lists.owasp.org).
We look forward to your proposals!
Subscribe to:
Posts (Atom)