Thursday, July 4, 2013

OWASP Connector July 4, 2013




 OWASP Connector July 4, 2013
 Header Logo
 imageproject

FEATURED OWASP PROJECT

OWASP DEVELOPMENT GUIDE

The OWASP Development guide 2013 is a dramatic re-write of one of OWASP's first and most downloaded projects.  The focus moves from countermeasures and weaknesses to secure software engineering.

In this edition, architects, project leads, and developers can reference a massive text book covering all aspects of modern application security architecture, secure design, and detailed design patterns.  This edition aligns with the syllabus outcomes of the Undergraduate Software Assurance degree and Masters of Software Assurance.

NEW OWASP PROJECTS


OWASP Skanda - SSRF Exploitation Framework

The Skanda is a SSRF Vulnerability Exploitation Framework.  The current version performs Cross Site Port Attack on vulnerable application, and discovers open ports.  Future versions will perform advanced attacks like network host discovery, service discovery, and service level vulnerability detection and exploitation through SSRF.  For more information, please contact the project leader, Jayesh Singh ChauhanLook up in Salesforce


OWASP RBAC Project

The RBAC project aims to port and promote standard NIST Level 2 RBAC implementations, currently the PHP version is available as a separate project.  For more information, please contact the project leader, Abbas NaderiLook up in Salesforce.

OWASP PHP Security Project

The OWASP PHP Security project plans to gather around secure PHP libraries, and provide a full featured framework of libraries for secure web applications in PHP, both as separate de-coupled libraries and as a whole secure web application framework.  many aspects of this project are already handled, and are being added to OWASP.  For more information, please contact the project leader, Abbas NaderiLook up in Salesforce.

PROJECT ANNOUNCEMENTS

OWASP Top Ten Project

We are pleased to announce that the 2013 version of the OWASP Top Ten is now available for download and for purchase.  Please visit the OWASP Top Ten Project wiki page for more information.

Download the 2013 OWASP Top Ten
Purchase the 2013 OWASP Top Ten

The Top Ten has already been translated into French, German, Indonesian, Italian, Japanese, Korean, Spanish, Chinese, and Vietnamese.  Current translations in process are:  Portuguese, Greek, Turkish, Malay, Czech, and Dutch.  Thank you to all the contributors to the translation effort.


Global Initiatives - Chapter

GOT OWASP?


THE OWASP FOUNDATION IS MAKING ROOM FOR SOME NEW AND EXCITING SCHWAG.  THIS MEANS WE'RE HAVING A FIRE SALE!

CHAPTER LEADERS:  STOCK UP ON APPAREL ITEMS, MERCHANDISE, ELECTRONIC EQUIPMENT, AND MEETING SUPPLIES FOR YOUR CHAPTER

MORE INFORMATION COMING SOON!  PURCHASING LINKS WILL BE DISTRIBUTED VIA THE CHAPTER LEADER MAILING LIST, THE CHAPTERS PAGE, AND THROUGH SOCIAL MEDIA CHANNELS
 imageconference

GLOBAL AppSec CONFERENCE ANNOUNCEMENTS
798px-Logo_AppSecEU2013-Nr3backg50
OWASP AppSec EU 2013
20 Speakers and Talks have been announced!  Click Here for a catalogue of the amazing speakers and dynamic presentations on the docket for this years' OWASP Research Event.

Please plan on arriving to beautiful Hamburg, Germany prior to the event to take advantage of the world class training being offered.  Click Here for the list of the catalogue of training classes.

Banner_Peru
OWASP AppSec LATAM 2013
Call for Training and Call for Papers are now open (Deadline is August 2, 2013) - Click Here to submit your training or your talk

AppSec USA 2013 - Simple Banner
OWASP AppSec USA 2013
Click Here for the full schedule of Talks and Training Classes
Contact Us to secure your sponsorship opportunity for the exhibit hall or for the career fair
Click Here to find out about all the awesome activities planned for the conference (Lockpick Village, Career Fair, OWASP Project Summit, Project and Chapter Workshops, 3K for Charity, and more ...)

Looking Ahead to 2014

AppSec APAC 2014 - March 17-20 Tokyo, Japan

AppSec Research 2014 - June 2014 Cambridge UK

AppSec USA 2014 September 2014 Denver, CO


LOCAL AND REGIONAL EVENTS

OWASP China 2013 Forum - July 12-22;
Bejing, Shanghai, and Guangzhou -

OWASP India Conference 2013 - Aug 30-31; New Delhi, India

Ghana Cyber Security - September 5-6; This event is looking for speakers to help grow the OWASP presence in Africa!  Contact Theodore SagoeLook up in Salesforce for details

OWASP New Zealand Day 2013 - Sept 11-12; Auckland, New Zealand - Call for Presentations, Training, and Sponsorship is OPEN!

LASCON 2013 - Oct 24-25, Austin, TX
Call for proposals is open until July 31 - Submit your proposal!


PARTNER AND PROMOTIONAL EVENTS
OWASP has partnered with these great events in the latter half of 2013 to grow our community and build awareness around software security.  If you want to learn more about OWASP's involvement or will be attending and want to participate, please CONTACT US





 imagemembership

CORPORATE MEMBERSHIPS

Thank you to: Axran, Cloud Passage, and Netsparker for joining as corporate members

Thank you to:  RedSpin and Security Innovation for their annual renewal

2013 OFFICIAL BOARD ELECTION UPDATES

The deadline to submit your candidacy is August 16, 2013.

We would like the community to submit interview questions.  These questions will be posed to the candidates during the pre election interviews.
SUBMIT YOUR QUESTIONS


Voting is limited to paid/honorary members who are in good standing as of September 30, 2013.  Be sure to join or renew your membership

2013 WASPY AWARDS

The WASPY (Web Application Security Person of the Year) Awards were started in 2012 with the assistance and sponsorship of Qualys and Trustwave.  This year, the awards will recognize 5 different individuals in 5 different categories.

Take advantage of this opportunity to help OWASP globally recognize members of our community for their efforts to drive awareness of software security through leadership, outreach, and innovation.


SUBMIT YOUR NOMINEE
SPONSOR THE AWARDS

GET YOUR CREDITS!

Register to participate in the OWASP Webinar Series.  This provides an opportunity to review some of the top security talks AND earn CPE credits!

the Next Webinar is scheduled for Wednesday July 10, 2013.  The talk title is:  "AppSec Training, Securing the SDLC, WebGoat.NET, and the meaning of life" by Jerry Hoff.  This is a showing of Jerry's AppSec USA 2012 presentation.

at 10am EDT 

register here
and
at 9pm EDT

register here


Wednesday July 24
Four Axes of Evil:  HD Moore


at 10am EDT
register here
and
at 9pm EDT

register here

If you are interested in giving a live presentation during the webinar series, please contact us.

imageconference

FEATURED PARTNER EVENTS

RSACE static-justlogo-150x150
The information security issues that matter, the expertise to help.  Enjoy 60 track sessions plus debates and keynotes.  Build your knowledge and further your career at RSA Conference Europe

ISC2 Security Congress - OWASP Banner (1)

Join us for the Third Annual (ISC)2 Security Congress!  Co-located with ASIS 2013 59th Annual Seminar and Exhibits.  September 24-27, 2013; McCormick Place, Chicago, IL; OWASP Members Save 20% off conference registration with the discount code:  OWASP

The (ISC)2 Security Congress event offers invaluable education to all levels of information security professionals.  The impressive lineup includes speakers from the Department of Homeland Security, Prudential, Humana, TSA, University of Maryland, DAS Global, Excelon and more with 9 different tracks and over 80 sessions.  tracks include:  Application Security, Cloud Security, Government Security, GRC, Malware, Mobile Security/Social Networking, Software Assurance, Swiss Army Knife, and Threats.  
Register Now!





--


Kate Hartmann
+1 301-275-9403

No comments: