Friday, May 31, 2013

OWASP Summer 2013 Membership Drive

MEMBERSHIP BANNER.jpg

OWASP Community Members -
Just in time for summer, OWASP is pleased announce 2 new individual membership options - purchase a two year membership for $95 USD, or a lifetime membership for $500 USD.  In addition to all the regular benefits of individual membership, when you purchase our new lifetime membership you will also receive a metal membership card to thank you for your contribution.

Some of the benefits you will receive as an individual member include a vote in our upcoming board election and WASPY Awards, discounted conference admission (including $50 off admission to our upcoming AppSec USA event), and an owasp.org email address. Learn more about membership benefits here: https://www.owasp.org/index.php/Membership

We are also launching our Summer Membership drive tomorrow (June 1).   When you sign up to become a new OWASP member or renew your OWASP membership during the first 10 days of June, you will also be entered into a drawing for one of the following donated prizes:



  • 2 OWASP Lifetime Memberships
  • 2 Full Conference Passes for OWASP AppSec USA, November 20-21, 2013 in New York City
  • 1 training class of the attendee choice + 1 full conference pass
  • 2 full conference passes
  • 1 training class of the attendee choice + 1 full conference pass
  • 2 full conference passes
  • 2 Full Conference Passes for (ISC)2 Secure Asia, Philippines - August 8-9, 2013
  • 2 Full Conference Passes for (ISC)2 Secure Brazil

More details about the membership drive can be found here:


http://owasp.com/index.php/Summer_2013_Membership_Drive

Ready to become a member or renew your membership?  Click here

Thank you for your support of the OWASP Foundation and please contact us at any time with questions:
http://owasp4.owasp.org/contactus.html

Wednesday, May 22, 2013

Planning on attending Black Hat USA this year? Are you a member of OWASP?

If you answered "yes" to both of these questions and would like to save 15% off on your registration fee please use discount code KobrLQ55.

Tuesday, May 21, 2013

OWASP Connector May 21, 2013




.

OWASP Connector May 21, 2013

   Standard OWASP Banner
                                         


imageproject



MAY FEATURED OWASP PROJECT

OWASP Mobile Security Project

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications.  The primary goal of this project is to classify mobile security risks, and provide developmental controls to reduce their impact our likelihood of exploitation.

The primary focus is at the application layer.  While consideration is taken into the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas where the average developer can make a difference.  Additionally, focus is placed not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with.  Focus is heavily aimed towards the integration between the mobile application, remote authentication services, and cloud platform-specific features.


NEW OWASP PROJECTS

OWASP Good Component Practices Project 

Project Leader:  Mark MillerLook up in Salesforce

Good Component Practice is one of the most overlooked silver bullets in the Open Source arsenal.  Due to business pressure, we have found that companies are willing to risk using unverified open source components, trading off security for enhanced speed in development.

This project will use community input to document an industry acceptable process for the creation, maintenance, and use of open source components.


OWASP Bywaf Project
Project Leader:  Rafael Gil LariosLook up in Salesforce

The aim of this project is to develop an application that makes the work of an auditor much easier when conducting a Pen Test.  The application's principal functions are to detect, evade, and give a vulnerability result utilizing known SQL injection, and other methods developed by professionals within the industry.  


PROJECT ANNOUNCEMENTS

2013 Mobile Top 10 Call For Data

We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more formal document.  We are encouraging everyone to get involved.  Right now we are looking for data that represents the current state of mobile application security.  We are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues.  The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions.  We will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project.

If you would like to et involved, please visit the OWASP Mobile Security Project wiki page.  Please direct any questions or concerns to the Top 10 Refresh leaders, Jason HaddixLook up in Salesforce, Jack ManninoLook up in Salesforce, and Mike ZusmanLook up in Salesforce.



Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)




 
 
 











imagemembership

Thank you to MStar Semiconductor, Inc, our newest Corporate Member

Thank you to AsTech Consulting for their Corporate Membership Renewal


GET READY FOR THE 2013 SUMMER

membership drive

Cool Prizes
New Membership Levels
Become a LIFETIME Member
Click the icon for all the details


Apply for an Honorary Membership

Get the Details and the Link to the form


imageconference
470x135



AppSec Research 2013

798px-Logo_AppSecEU2013-Nr3backg50

challenge
4th COUNTDOWN CHALLENGE RELEASED
There will be a challenge posted on the conference wiki page every month up until the event in August.  The winner of each challenge will get FREE entrance to the conference (a €420 value).  Be sure to sign up for the conference mailing list to get a monthly reminder.
CLICK HERE to access this challenge
Complete instructions on this challenge

OWASP is pleased to announce our upcoming Partner Events:


ICCS 2013 James R. Clapper, the Director of National Intelligence, will be the opening keynote speaker for the conference.

Blackhat 2013 (15% discount promo code for OWASP members is:  KobrLQ44 - case sensitive)

EC CouncilUse discount code TDCSTLOWASP for $99 conference passes





                   

OWASP Foundation


OWASP Blog

Do you have some news?  Submit your item to appear in the next connector HERE
       



     





imageglobas
MAY 23 GLOBAL WEBINARS SCHEDULED

TOPIC:  Unraveling the mysteries of the OWASP WIKI


Have you ever wondered how to find something on the wiki?  Where are the projects?  How do i volunteer?  How, and more importantly - Why, do I become a Member?  Join us for this webinar where the Ops team will walk through some of they mysterious links on the OWASP.org website.

May 23, 2013 at 10am EDT  

register

May 23, 2013 at 9pm EDT
(GMT -5)

register
Links to the recordings of previous meetings can be found on the Initiatives Page





its time

OWASP Global Board Elections

The call for candidates is OPEN!

2013 WASPY (Web Application Security People of the Year) Awards


It's time to submit your nominations for the 2013 WASPY (Web Application Security People of the Year) Awards!
This year's awards will recognize our community's best in 5 different OWASP related category:


  • Best Chapter Leader
  • Best Project Leader
  • Best community supporter - contributor to chapter, project or initiative
  • Best Mission Outreach - grow the OWASP community
  • Best Innovator - willingness to try new ideas
NOMINATIONS ARE OPEN
CLICK HERE TO ACCESS THE FORM!

OWASP would like to thank Qualys_Logo
for stepping up to be a Platinum Sponsor for these awards in 2013!  Additional sponsorship opportunities are available Here











--


Kate Hartmann
+1 301-275-9403

Monday, May 20, 2013

2013 OWASP Mobile Top 10 Call For Data


Hello All,

We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more formal publication. We are encouraging everyone to get involved.

The current Mobile Top Ten Risks are located here:


What do we need?

Right now we are looking for data that represents the current state of mobile application security. We are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues. The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions. We will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project.

How can you contribute?

Contributing data is easy. All we require is anonymized statistics on the vulnerabilities you’ve seen in 2012-Present. If you have data on real-world incidents and attacks to share, these will be of great value as well as they will allow real-world impact to be better assessed. This can be just aggregate percentages, no need to tell us how many apps you’re doing if you’re not comfortable with that. Something like the below:

  • Issue: Something related to geolocation
  • Percentage Affected: X%
  • Number Affected: Y (only if you are comfortable with this)
  • Brief Description: This is a problem because xyz and also, bad things.

The data you submit does not necessarily have to reflect the current Top 10, it has to reflect what you are observing in the applications you analyze. At the same time, we would certainly love feedback on what you believe is correct or incorrect about the current list.

What happens next?

After a 60 day period we will review all submissions and re-draft the Mobile Top Ten based on the prevalence and impact of data provided by participants. After the submission period ends, there will be follow-on discussions and work to analyze the data. Participation in this initiative may require up to 10 hours of efforts per week, so please take this into consideration before signing up.

Spread the word. Make a difference.

Also, any help spreading the word on the Mobile Security Project is immensely helpful.  A Tweet/Facebook/Linkedin post, blog entry, etc. This initiative will fail if people don't know about it.  Anyone that you can promote this initiative to will help the cause.

We thank all of you in advance for your participation and hard work in making this initiative a success. Your participation will be noted and recorded when compiling the list of contributors for the final release of the Mobile Top 10 Risks documentation.

Get in touch and get involved.

Please direct any questions or concerns to the Top 10 Refresh leaders, Jason Haddix (jason.haddix@owasp.org), Jack Mannino (jack.mannino@owasp.org), and Mike Zusman (mike.zusman@owasp.org).

We will be using a Google Group to collaborate on the Top 10 refresh: https://groups.google.com/a/owasp.org/forum/?hl=en&fromgroups#!forum/owasp-mobile-top-10-risks

The OWASP Mobile Security project’s mailing list is also another way to get in touch with other contributors (owasp-mobile-security-project@lists.owasp.org).

Wednesday, May 15, 2013

2013 Board Election Call For Candidates & Honorary Membership

On behalf of the OWASP Foundation, I am happy to announce the 2013 OWASP Foundation Call for Board Candidates.  This year there are three board seats open for election. We are now accepting Call for Candidates and Honorary Membership requests.

Individuals that are interested in running for the board are strongly encourage to read the International Board of Directors Primary Responsibilities as well as the Eligibility Requirements for Board Candidates before submitting your Candidate Submission form.  All candidates interested in running must be declared by August 16.

Honorary Membership is available for active project and active chapter leaders with their leadership positions on file prior to September 30. **ALL qualified individuals who wish to be granted Honorary Membership  MUST apply for Honorary Membership in order to vote in this years election.**  Deadline to submit your self nomination form for Honorary Membership is September 30.

For more information on this years Board Election including the Election Timeline, Call for Candidates form and the Honorary Membership form please see http://owasp.com/index.php/2013_Board_Elections.

Wednesday, May 8, 2013

AppSecUSA $445 before May 15th


Early Bird Special: AppSecUSA 2013 NYC

Pardon the interruption, we wanted to save you $500 before May 15th

In the city that never sleeps (NYC), what could possibly happen when you have over 2500 Builders, Breakers and Defenders from around the world get together? Collaboration that drives innovation and a recipe for another high energy cyber security conference not to be missed!

This year, located in the heart of New York in Time Square, at the Marriott Marquis, November 18th - 21st you will experience

* Briefings from industry experts on topics you care about
* Evolve OWASP projects at working sessions LIVE
* Meet hundreds of OWASP core contributors and project users
* Learn new skills from two-day hard core training classes.

If you have always wanted to see New York City this is your "ticket" -- bring the family or bring your team!

Additional activities
-----------------------------
* "Gringo WebHacker" in the Lockpick Village
* 5k NYC Run
* WIN the Capture the Flag for this years bragging rights and cash prizes!
* CareerFair
* Broadway Shows -- Helicopter Rides we have been hard at work!

....... and much much more we're just getting started!

Register BEFORE May 15th and get your 2-day all access badge for only $445.00 a saving of $500

FULL DETAILS ONLINE AT: http://www.appsecusa.org

=======

Not able to attend the full event but want to learn whats new from the sponsors or attend the CareerFair no problem OWASP has you covered - register now using the event code of: NYCOWASP! (A $50 value) and receive a limited access badge to the TechExpo, CareerFair and the Capture the Flag competition

Interested in being a sponsor and reaching key technical influencers and decision makers? Opportunities are available act today space is limited:http://appsecusa.org/2013/sponsors/become-a-sponsor/

========

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP online at http://www.owasp.org

OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide

Tuesday, May 7, 2013

OWASP Connector May 7, 2013




.

OWASP Connector May 7, 2013

   Standard OWASP Banner
                                         


imageproject



NEW OWASP PROJECTS

OWASP Scytale Project - Project Leader: Maxime LabelleLook up in Salesforce - Scytale is a database encryption proxy for modern DBMS and applications.  It supports multi-recipient, group encryption, and comes loaded with a strong RSA/AES crypto-system.  Scytale sits between your application and your favorite DBMS, adding automatic transparent encryption and decryption for your application's data at the table-level.  Scytale stores the encrypted data inside your preferred DBMS for storage.

OWASP iMAS - iOS Mobile Application Security Project - Project Leader:  Gregg GanleyLook up in Salesforce. iMAS - iOS is a secure application framework that reduces iOS application vulnerabilities and information loss.  iMAS has its first open source static security controls for download and use in iOS applications.  Visit and browse our project to find out more.   Download it, and give it a try.  Once you do, tell us what you think, or better yet, get involved and participate!


PROJECT ANNOUNCEMENTS

Technical Project Advisors Wanted - OWASP is currently recruiting 6 volunteers that will assist with technical project advisor duties for our OWASP Global Projects.  This is an excellent opportunity to be a part of an advisory group that aims to support the technical strategic direction of our global projects.  The Project Advisors should have experience with the technical area of our projects that they are applying to, and be able to contribute at least 5 hours per month to our global project initiatives.  Please apply to let us know of your interest HERE

imagemembership

Thank you to IMPERVA for renewing their membership:  



salemribbons
CONGRATULATIONS!!!!!

Andrew van der Stock has been selected as a finalist in the category of AusCERT's award for Individual Excellence in Information Security, as part of the 2013 AusCert Awards!  This award is presented to the individual who has provided a great contribution to information security in terms of their work in the areas of community service, innovation, education, liaison, law enforcement, governance or leadership.  Andrew is the Project Leader of the OWASP Development Guide Project, and has contributed to many other projects over the years.  Please join us in congratulating Andrew for his nomination and wishing him the best of luck at the awards ceremony later this month!








imageconference
470x135


AppSec USA 2013 will be OWASP's biggest event and fundraiser ever!  Join 2000+ attendees for over 50 sessions across 3 tracks to learn about the latest and greatest in software security in the heart of NYC.

Visit http://appsecusa.org to register for the event and save on your early hotel reservation.  This is an extraordinary rate to experience an amazing OWASP and NYC event.

In addition to the conference talks, you will have opportunities to practice lockpicking, compete in the CTF, discuss OWASP Projects, look for a new career opportunity, and shop around with all the latest and greatest security vendors.


Sponsors:  Sign up by May 15th to be included in pre-conference literature!

Sponsor Information 


AppSec Research 2013


798px-Logo_AppSecEU2013-Nr3backg50

Program Details and Registration Coming Soon!
visit https://appsec.eu for details or Follow us on Twitter to get all the latest news and announcements!

Information on the University Challenge for the AppSec EU 2013 can be found HERE

UPCOMING PARTNER EVENTS:

OWASP is pleased to announce our upcoming Partner Events:



Blackhat 2013 (15% discount promo code for OWASP members is:  KobrLQ44 - case sensitive)


EDUCATION BANNER SMALL

 OWASP Hacking-Lab Project will be releasing a new challenge soon!  Be sure to check out the Project Page and get ready for a new event containing the OWASP WebGoat Challenges!


                   

OWASP Foundation


OWASP Blog

Do you have some news?  Submit your item to appear in the next connector HERE
       



     





imageglobas
MAY 9th GLOBAL WEBINARS SCHEDULED

TOPIC:  WASPY awards and 2013 Global Board Election 


May 9, 2013 at 10am EDT  

register

May 9, 2013 at 9pm EDT
(GMT -5)

register

Links to the recordings of previous meetings can be found on the Initiatives Page





get ready

It's time to submit your nominations for the 2013 WASPY (Web Application Security People of the Year) Awards!
This year's awards will recognize our community's best in 5 different OWASP related category:


  • Best Chapter Leader
  • Best Project Leader
  • Best community supporter - contributor to chapter, project or initiative
  • Best Mission Outreach - grow the OWASP community
  • Best Innovator - willingness to try new ideas
NOMINATIONS ARE OPEN
CLICK HERE TO ACCESS THE FORM!

OWASP would like to thank Qualys_Logo
for stepping up to be a Platinum Sponsor for these awards in 2013!  Additional sponsorship opportunities are available Here



OWASP Global Board Elections

The call for candidates is OPEN!

Additional information on the time line and the process for participation in the Global Elections will be outlined during Thursday's Webinar, so be sure to sign up!



Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)









--


Kate Hartmann
+1 301-275-9403