Thursday, June 20, 2013

OWASP Connector June 20, 2013

OWASP Connector June 20, 2013 

 Header Logo
 SummerOfCode

Last April, it was announced that OWASP would once again be participating in Google's Summer of code.  We received 82 proposals from around the world and were granted 11 slots by Google.  Our mentors carefuly reviewed and ranked the proposals, and today we are delighted to announce the students that will work with OWASP in the coming months.

The OWASP GSOC 2013 Winners are listed below - in no particular order

OWASP ZAP - Enhanced HTTP Session Handling and users/roles

Student: Cosmin Stefan
Mentor/s: Guifre Ruiz / Simon Bennetts
Brief description: Enhancing the HTTP Session handling of ZAP in order to add the capability to set up and/or identify users and roles and in order to add a series of various views, actions and scans that are dependent on a particular user/role.

OWASP ModSecurity CRS - Port to Java
Student: Mihai Pitu
Mentor/s: Breno Silva / Ryan Barnett
Brief description: The goal of this GSOC project is to have a ModSecurity version that can be used within Java servers (e.g. Tomcat). In order to achieve this, the standalone C code will be wrapped using the JNI framework and the resulting ModSecurity Java project will be used as a module for Tomcat server. Also, we will collaborate with the OWASP WebGoat team in order to integrate ModSecurity for Java into it.

OWASP OWTF - Inbound Proxy with MiTM & Caching Capabilities
Student: Bharadwaj Machiraju
Mentor/s: Krzysztof Kotowicz / Abraham Aranguren
Brief description: This project will create an inbound proxy module in the OWASP Offensive Web Testing Framework (OWTF) so that human navigation of a website can take advantage of the functionality in OWTF plugins in an automated fashion regardless of authentication, mandatory fields, client/server side redirects or HTTP response codes that might confuse automated tools. This will ensure increased efficiency in the security testing process and also help in complete identification of the attack surface of a website by identifying and automatically analysing all application entry points as soon as the user accesses them through the proxy.



OWASP OWTF - Multiprocessing
Student: Ankush Jindal
Mentor/s: Andres Riancho / Abraham Aranguren
Brief description: In this project, we will modify OWTF to use multiprocessing while scanning multiple URLs which is presently done sequentially (one after another). This will improve efficiency while scanning multiple URLs.



OWASP OWTF - Reporting 
Student: Assem Chelli
Mentor/s: Hani Benhabiles / Abraham Aranguren 
Brief Description: A common complaint about OWASP OWTF so far has been that the report is not very shiny. The intention here is to: Move as much of the HTML away from python files into template files, apply some nice web design to the report so that it is more nice and comfortable to work with, and improve the interactive report load time. 



OWASP OWTF - Unit Test Framework
Student: Alessandro Fanio González
Mentor/s: Andrés Morales / Abraham Aranguren 
Brief Description: As OWASP OWTF grows it makes sense to build custom unit tests to automatically re-test that existing functionality remains intact. In this project we would like to create a unit testing framework so that creating OWASP OWTF unit tests is as simple as possible. The goal of this project is to create the Unit Test Framework and as many unit tests as possible to verify OWASP OWTF functionality.



OWASP PHP Security Project
Student: Rahul Chaudhary
Mentor/s: Azeddine Islam Mennouchi / Andrew van der Stock
Brief description: To make some stand-alone libraries to strengthen security in PHP and to alleviate some of the security risks as cited in the OWASP Top 10 list. Then to extend the collection of these libraries into a basic framework which would evolve in time.



OWASP ZAP - SAML 2.0 Support
Student: Pulasthi Mahawithana
Mentor/s: Prasad Shenoy / Kevin Wall
Brief description: This project will enhance the ZAP's capabilities to be able to detect and fuzz various elements and attributes of a SAML Assertion.



OWASP Hackademic: Plugin api and actions interface in challenges
Student: Daniel Kvist
Mentor/s: Spyros Gasteratos / Kostas Papapanagiotou
Brief description: This project aims to develop a plugin API for the OWASP Hackademic Challenges CMS. The API will allow third party developers to use Actions, Filters and Themes to customise the system.



OWASP ZAP - Exploring Advanced reporting using BIRT
Student: Rauf Butt
Mentor/s: Johanna Curiel / Simon Bennetts
Brief description: The proposed project is to explore the current capabilities of ZAP reporting and enhance it with the help of BIRT integration with ZAP. The proposed outcome will use the existing ZAP result outputs and generate reports for the end-users to analyse the testing results in a productive way.



OWASP ZAP - CMS Scanner
Student: Abdelhadi Azouni
Mentor/s: Azeddine Islam Mennouchi / Simon Bennetts
Brief description: The Project is an Implementation of a ZAP extension to help in CMS Scanning (WordPress Joomla and Drupal as a first step)



If your proposal was not chosen, we would like to thank you for your participation. Please do not feel discouraged to participate in the OWASP community regardless of GSoC as there are plenty of opportunities to apply your knowledge.




OWASP Social Media
  


 


 


 


 


 












 imageconference
news
798px-Logo_AppSecEU2013-Nr3backg50
OWASP AppSec Research Registration NOW OPEN

Registration has just been opened!  Early Bird closes on July 1st, so hurry up!

register here

470x135

THE SCHEDULE OF TRAINING AND CONFERENCE TALKS HAS NOW BEEN PUBLISHED FOR AppSec USA

THE SCHEDULE

OWASP Project Workshop
Project Summit
Career Fair
3K run for Charity
Women in Security
CTF
Lockpick Village

usa 2014
The OWASP Foundation has received two great proposals for AppSec USA 2014.  We NEED your input!  The submissions are from the Denver, CO team and the Omaha, NE team.  Both proposals are posted and your input is requested.  JOIN THE DISCUSSION

UPCOMING PARTNER EVENTS

SecureRome-468x60 Banner
(ISC)2 SecureRome 2013:  Security in the 21st Century - Threats and Trends - July 9, 2013
Synopsis: With an increasing dependence on the internet, understanding current and potential future threats is crucial to security and business management as threat development moves with technology development. To stay ahead, we must understand the strategies of those who are driving the threats while keeping an eye on the proliferation of cyber weaponry. Join prominent industry experts at the SecureRome Conference to explore the latest Emerging Threats & Trends to help us get ahead of the attackers. The conference arms delegates with instincts for understanding how to anticipate and pre-empt attack, assess the adequacy of defenses and strategy behind them and clarify requirements for risk analysis. Network with your peers and earn 8 CPEs.

BlackHat 2013 - July 27-Aug 1, 2013 - $200 off discount promo code for OWASP members is:  Uurtcw00 (case sensitive)

ISSA International Conference - October 9-10, 2013 - OWASP members can register and take advantage of the partner rate by using Discount code:  confOWASP62c

EC Council - July 11-16, 2013 - OWASP members can register for $99 using discount code TDCSTLOWASP

Cloud Security Alliance Congress 2013 - December 4-5, 2013 - OWASP members receive a 10% discount using discount code:  CSA13/OWASP

(ISC)2 Security Congress - Sept 24-27, 2013 - OWASP Members save 20% off conference registration with the discount code:  OWASP


130511_OWASP_Euro_Tour_Dublin

OWASP EU TOUR 2013

The OWASP EU Tour is well underway.  There are 15 confirmed locations, 5 training sessions, and more than 30 speakers traveling around raising awareness about OWASP and application security in the European region.

Thank you to our Gold Sponsors:  7Safe and Cigital for supporting the tour.  Thank you, also to all of the universities who have provided us with a venue to host our events.

Of course, the biggest thank you is to Fabio Cerullo and all of the European Chapter leaders who are making this event such a HUGE success!

To learn more about the Tour, it's stops and how you can become a sponsor, visit the Tour page on the OWASP website.


OWASP FOUNDATION IS HIRING

We are currently accepting applications for a Global Event Manager.  Complete details can be found HERE.  Applications are being accepted through Friday, June 21, 2013.





















 imagemembership
We recognize Parasoft and Coverity, our newest corporate members!


Thank you to Acunteix for renewing their corporate membership!

MEMBERSHIP DRIVE 1

Thank you to everyone who participated in the 2013 Q2 Membership Drive

92 individuals became new members or renewed their memberships



election 2  The Call for candidates closes on August 16, 2013, so be sure to submit your candidacy today!
 WASPY  The call for Nominees closes on August 16, 2013.  To get more information (including how to sponsor the awards), CLICK HERE
 imageglobas

​OWASP Initiatives can help you earn your CPEs!

Volunteering with an initiative or working on an OWASP Project can often be counted towards CPEs for some organizations!  Be sure to check with your professional organization for clarification!

OWASP Global Webinar Series to begin next week!

The OWASP Global Webinars will now become a platform to present some great archived presentations and to run some live presentations as well.  These webinars will - in most cases - provide CPE credit.

Upcoming Webinars

Wednesday, June 26, 2013
Mobile applications and Proxy Shenanigans - Dan Amodio and David Linder (recorded AppSec USA 2012)

10 am EDT

9 pm EDT

Wednesday, July 10, 2013
AppSec Training, Securing the SDLC, WebGoat.NET, and the Meaning of Life - Jerry Hoff (recorded AppSec USA 2012)


10 am EDT
register

9 pm EDT
register


Wednesday, July 24, 2013
Four Axes of Evil - HD Moore (recorded AppSec USA 2012)


10 am EDT
register

9 pm EDT
register



University Challenge at the AppSec EU in Hamburg:



​OWASP AooSec Research 2013 announces the University Challenge!  The University Challenge is a competition among teams comprised of university students that will be held on August 20-21 during the training days of the conference.  There is no admission fee for the University challenge AND participation in the conference is possible at the student rate - if applicable.  During the Unversity Challenge, teams will defend a vulnerable web application while solving Capture the Flag type challenges.



This year, the OWASP University Challenge will be limited to 8 teams.  Teams will consist of 4-8 students with one team per university.  Team openings are on a first come/first served basis.  if multiple teams are received from teh same university, the second team will be put on a wait list.  All team members must be registered.  Registration for the University challenge event is free.  Food and beverages will be provided during the challenge and all participants will get an OWASP University Challenge t-shirt.  Of course, the first three winnings teams will get some awesome prizes (to be announced)

OWASP Village at OHM2013:

OWASP has a Village at OHM2013:  https://ohm2013.org/wiki/village:owasp
About OHM2013:  OHM2013 - observe, hack, make.  A five day outdoor international camping festival for hackers and makers, and tohowe with an inquisitive mind.  On 31 July 2013, 3000 of those minds will decent upon an assuming patch of land, at the Geestmerambacht festival grounds, 30KM north of Amsterdam 

 
















No comments: