Tuesday, May 21, 2013

OWASP Connector May 21, 2013




.

OWASP Connector May 21, 2013

   Standard OWASP Banner
                                         


imageproject



MAY FEATURED OWASP PROJECT

OWASP Mobile Security Project

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications.  The primary goal of this project is to classify mobile security risks, and provide developmental controls to reduce their impact our likelihood of exploitation.

The primary focus is at the application layer.  While consideration is taken into the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas where the average developer can make a difference.  Additionally, focus is placed not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with.  Focus is heavily aimed towards the integration between the mobile application, remote authentication services, and cloud platform-specific features.


NEW OWASP PROJECTS

OWASP Good Component Practices Project 

Project Leader:  Mark MillerLook up in Salesforce

Good Component Practice is one of the most overlooked silver bullets in the Open Source arsenal.  Due to business pressure, we have found that companies are willing to risk using unverified open source components, trading off security for enhanced speed in development.

This project will use community input to document an industry acceptable process for the creation, maintenance, and use of open source components.


OWASP Bywaf Project
Project Leader:  Rafael Gil LariosLook up in Salesforce

The aim of this project is to develop an application that makes the work of an auditor much easier when conducting a Pen Test.  The application's principal functions are to detect, evade, and give a vulnerability result utilizing known SQL injection, and other methods developed by professionals within the industry.  


PROJECT ANNOUNCEMENTS

2013 Mobile Top 10 Call For Data

We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more formal document.  We are encouraging everyone to get involved.  Right now we are looking for data that represents the current state of mobile application security.  We are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues.  The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions.  We will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project.

If you would like to et involved, please visit the OWASP Mobile Security Project wiki page.  Please direct any questions or concerns to the Top 10 Refresh leaders, Jason HaddixLook up in Salesforce, Jack ManninoLook up in Salesforce, and Mike ZusmanLook up in Salesforce.



Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)




 
 
 











imagemembership

Thank you to MStar Semiconductor, Inc, our newest Corporate Member

Thank you to AsTech Consulting for their Corporate Membership Renewal


GET READY FOR THE 2013 SUMMER

membership drive

Cool Prizes
New Membership Levels
Become a LIFETIME Member
Click the icon for all the details


Apply for an Honorary Membership

Get the Details and the Link to the form


imageconference
470x135



AppSec Research 2013

798px-Logo_AppSecEU2013-Nr3backg50

challenge
4th COUNTDOWN CHALLENGE RELEASED
There will be a challenge posted on the conference wiki page every month up until the event in August.  The winner of each challenge will get FREE entrance to the conference (a €420 value).  Be sure to sign up for the conference mailing list to get a monthly reminder.
CLICK HERE to access this challenge
Complete instructions on this challenge

OWASP is pleased to announce our upcoming Partner Events:


ICCS 2013 James R. Clapper, the Director of National Intelligence, will be the opening keynote speaker for the conference.

Blackhat 2013 (15% discount promo code for OWASP members is:  KobrLQ44 - case sensitive)

EC CouncilUse discount code TDCSTLOWASP for $99 conference passes





                   

OWASP Foundation


OWASP Blog

Do you have some news?  Submit your item to appear in the next connector HERE
       



     





imageglobas
MAY 23 GLOBAL WEBINARS SCHEDULED

TOPIC:  Unraveling the mysteries of the OWASP WIKI


Have you ever wondered how to find something on the wiki?  Where are the projects?  How do i volunteer?  How, and more importantly - Why, do I become a Member?  Join us for this webinar where the Ops team will walk through some of they mysterious links on the OWASP.org website.

May 23, 2013 at 10am EDT  

register

May 23, 2013 at 9pm EDT
(GMT -5)

register
Links to the recordings of previous meetings can be found on the Initiatives Page





its time

OWASP Global Board Elections

The call for candidates is OPEN!

2013 WASPY (Web Application Security People of the Year) Awards


It's time to submit your nominations for the 2013 WASPY (Web Application Security People of the Year) Awards!
This year's awards will recognize our community's best in 5 different OWASP related category:


  • Best Chapter Leader
  • Best Project Leader
  • Best community supporter - contributor to chapter, project or initiative
  • Best Mission Outreach - grow the OWASP community
  • Best Innovator - willingness to try new ideas
NOMINATIONS ARE OPEN
CLICK HERE TO ACCESS THE FORM!

OWASP would like to thank Qualys_Logo
for stepping up to be a Platinum Sponsor for these awards in 2013!  Additional sponsorship opportunities are available Here











--


Kate Hartmann
+1 301-275-9403

No comments: