Tuesday, June 4, 2013

OWASP Connector June 4, 2013



.

OWASP Connector June 4, 2013

   Standard OWASP Banner
                                         


NEW-PROJECTS-BANNER2



FEATURED OWASP PROJECT

OWASP Xenotix XSS Exploit Framework Project

The OWASP Xenotix XSS Exploit Framework Project is a penetration testing tool that detects and exploits XSS vulnerabilities in Web Applications.  It is basically a payload list based XSS Scanner and XSS Exploitation kit.  The exploitation framework will help penetration testers create proof of concept attacks on vulnerable web applications.

For more information, please visit the OWASP Xenotix XSS Exploit Framework Project wiki page.


NEW OWASP PROJECTS

OWASP VaultDB Project

Project Leader:  Maxime Labelle


VaultDB is a secure NoSQL database management system (DBMS) for modern applications.  It supports multi-recipient encryption, table-level encryption, group encryption and comes loaded with a strong cryptosystem.

VaultDB adds automatic transparent encryption to your application's data at the table/document level.  Instead of using it's own internal storage engine, VaultDB stores the encrypted data inside your preferred DBMS for storage. 


OWASP WS-Amplification DoS Project

Project Leader:  Thomas VissersLook up in Salesforce

This project aims to explore the threat of an Amplification DoS attack that utilizes web services.  Currently, DNS servers are widely misused to amplify DoS traffic.  This is called a DNS Amplification or Reflective attack.  It appears that SOAP web services that implement WS-Addressing might be vulnerable to similar abuse, as stated in this paper.  The aim of the project is to develop tools to test this vulnerability and determine the threat magnitude on a global scale. 

OWASP Mutillidae 2 Project

Project Leader:  Jeremy DruinLook up in Salesforce

NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.  NOWASP (Mutillidae) can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a web server.  

election 2

OWASP Global Board Elections

The call for candidates is OPEN!


Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)



Do you have some news?  Submit your item to appear in the next connector HERE

 
 
                           








MEMBERSHIP-BANNER2

Thank you to Ping Identity, Riverbed Technology, and Sonatype, our newest Corporate Members

Thank you to Imperva and UPS for their Corporate Membership Renewals


THE Q2 2013 MEMBERSHIP DRIVE HAS BEGUN!!!!!!!

MEMBERSHIP DRIVE 1

Now is the time to make sure your membership is current and up to date!  Join or renew between now and June 10th and be eligible to receive one of 22 Cool Prizes!
                             New
Effective June 1st, you can now join for a 2 year membership or become a LIFETIME Member
Click the icon for all the details


Apply for an Honorary Membership

Get the Details and the Link to the form


CONFERENCES-BANNER2
470x135

Big announcements are coming soon!  Training sessions and talk schedule will be posted by June 14th.  Be sure to visit the website often for updates on sponsorship opportunities, conference activities, and more!


798px-Logo_AppSecEU2013-Nr3backg50


Registration is opening very soon!  Thanks to all for patiently waiting!  Check the AppSec Research site for details on the training sessions, talks, and link to registration within the next couple of days.


OWASP is pleased to announce our upcoming Partner Events:


Blackhat 2013 - OWASP Members receive $200 off using discount code:  Uurtcw0

SecAppDev - OWASP members receive 10% off using discount promo code:  owasp)  This code will need to be entered in the comments box to receive the 10% discount

EC Council - Use discount code TDCSTLOWASP for $99 conference passes

Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS)




                   


       



                                     

C_BANNER2
JUNE 6 GLOBAL WEBINARS SCHEDULED

Analyzing and Fixing Password Protection Schemes - John Steven

(Recorded at AppSec USA 2012 in Austin, TX)


June 6, 2013 at 10am EDT  

register


June 6, 2013 at 9pm EDT
(GMT -5)

register
Links to the recordings of previous meetings can be found on the Initiatives Page








WASPY 2013 WASPY (Web Application Security People of the Year) Awards


We all know someone who has made a difference in our industry.  Now is your chance to nominate them to be GLOBALLY recognized!  The 2013 categories are:

  • Best Chapter Leader
  • Best Project Leader
  • Best community supporter - contributor to chapter, project or initiative
  • Best Mission Outreach - grow the OWASP community
  • Best Innovator - willingness to try new ideas
NOMINATIONS ARE OPEN
CLICK HERE TO ACCESS THE FORM!

OWASP would like to thank Qualys_Logo
for stepping up to be a Platinum Sponsor for these awards in 2013!  Additional sponsorship opportunities are available Here




OWASP Foundation








No comments: