The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Tuesday, May 21, 2013
OWASP Connector May 21, 2013
OWASP Connector May 21, 2013
MAY FEATURED OWASP PROJECT
OWASP Mobile Security Project The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. The primary goal of this project is to classify mobile security risks, and provide developmental controls to reduce their impact our likelihood of exploitation.
The primary focus is at the application layer. While consideration is taken into the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas where the average developer can make a difference. Additionally, focus is placed not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. Focus is heavily aimed towards the integration between the mobile application, remote authentication services, and cloud platform-specific features.
Good Component Practice is one of the most overlooked silver bullets in the Open Source arsenal. Due to business pressure, we have found that companies are willing to risk using unverified open source components, trading off security for enhanced speed in development.
This project will use community input to document an industry acceptable process for the creation, maintenance, and use of open source components.
The aim of this project is to develop an application that makes the work of an auditor much easier when conducting a Pen Test. The application's principal functions are to detect, evade, and give a vulnerability result utilizing known SQL injection, and other methods developed by professionals within the industry.
PROJECT ANNOUNCEMENTS 2013 Mobile Top 10 Call For Data
We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more formal document. We are encouraging everyone to get involved. Right now we are looking for data that represents the current state of mobile application security. We are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues. The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions. We will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project.
There will be a challenge posted on the conference wiki page every month up until the event in August. The winner of each challenge will get FREE entrance to the conference (a €420 value). Be sure to sign up for the conference mailing list to get a monthly reminder. CLICK HERE to access this challenge Complete instructions on this challenge
OWASP is pleased to announce our upcoming Partner Events:
ICCS 2013James R. Clapper, the Director of National Intelligence, will be the opening keynote speaker for the conference.
Blackhat 2013(15% discount promo code for OWASP members is: KobrLQ44 - case sensitive)
EC Council - Use discount code TDCSTLOWASP for $99 conference passes
Do you have some news? Submit your item to appear in the next connector HERE
MAY 23 GLOBAL WEBINARS SCHEDULED TOPIC: Unraveling the mysteries of the OWASP WIKI Have you ever wondered how to find something on the wiki? Where are the projects? How do i volunteer? How, and more importantly - Why, do I become a Member? Join us for this webinar where the Ops team will walk through some of they mysterious links on the OWASP.org website.
May 23, 2013 at 10am EDT
May 23, 2013 at 9pm EDT (GMT -5)
Links to the recordings of previous meetings can be found on the Initiatives Page
It's time to submit your nominations for the 2013 WASPY (Web Application Security People of the Year) Awards! This year's awards will recognize our community's best in 5 different OWASP related category:
Best Chapter Leader
Best Project Leader
Best community supporter - contributor to chapter, project or initiative