OWASP Connector July 4, 2013
FEATURED OWASP PROJECT
OWASP DEVELOPMENT GUIDE
The OWASP Development guide 2013 is a dramatic re-write of one of OWASP's first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering.
In this edition, architects, project leads, and developers can reference a massive text book covering all aspects of modern application security architecture, secure design, and detailed design patterns. This edition aligns with the syllabus outcomes of the Undergraduate Software Assurance degree and Masters of Software Assurance.
NEW OWASP PROJECTS
OWASP Skanda - SSRF Exploitation Framework
The Skanda is a SSRF Vulnerability Exploitation Framework. The current version performs Cross Site Port Attack on vulnerable application, and discovers open ports. Future versions will perform advanced attacks like network host discovery, service discovery, and service level vulnerability detection and exploitation through SSRF. For more information, please contact the project leader, Jayesh Singh Chauhan
OWASP RBAC Project
The RBAC project aims to port and promote standard NIST Level 2 RBAC implementations, currently the PHP version is available as a separate project. For more information, please contact the project leader, Abbas Naderi.
OWASP PHP Security Project
The OWASP PHP Security project plans to gather around secure PHP libraries, and provide a full featured framework of libraries for secure web applications in PHP, both as separate de-coupled libraries and as a whole secure web application framework. many aspects of this project are already handled, and are being added to OWASP. For more information, please contact the project leader, Abbas Naderi.
OWASP Top Ten Project
We are pleased to announce that the 2013 version of the OWASP Top Ten is now available for download and for purchase. Please visit the OWASP Top Ten Project wiki page for more information.
Download the 2013 OWASP Top Ten
Purchase the 2013 OWASP Top Ten
The Top Ten has already been translated into French, German, Indonesian, Italian, Japanese, Korean, Spanish, Chinese, and Vietnamese. Current translations in process are: Portuguese, Greek, Turkish, Malay, Czech, and Dutch. Thank you to all the contributors to the translation effort.
THE OWASP FOUNDATION IS MAKING ROOM FOR SOME NEW AND EXCITING SCHWAG. THIS MEANS WE'RE HAVING A FIRE SALE!
CHAPTER LEADERS: STOCK UP ON APPAREL ITEMS, MERCHANDISE, ELECTRONIC EQUIPMENT, AND MEETING SUPPLIES FOR YOUR CHAPTER
MORE INFORMATION COMING SOON! PURCHASING LINKS WILL BE DISTRIBUTED VIA THE CHAPTER LEADER MAILING LIST, THE CHAPTERS PAGE, AND THROUGH SOCIAL MEDIA CHANNELS
GLOBAL AppSec CONFERENCE ANNOUNCEMENTS
OWASP AppSec EU 2013
20 Speakers and Talks have been announced! Click Here for a catalogue of the amazing speakers and dynamic presentations on the docket for this years' OWASP Research Event.
Please plan on arriving to beautiful Hamburg, Germany prior to the event to take advantage of the world class training being offered. Click Here for the list of the catalogue of training classes.
OWASP AppSec LATAM 2013
Call for Training and Call for Papers are now open (Deadline is August 2, 2013) - Click Here to submit your training or your talk
OWASP AppSec USA 2013
Click Here for the full schedule of Talks and Training Classes
Contact Us to secure your sponsorship opportunity for the exhibit hall or for the career fair
Click Here to find out about all the awesome activities planned for the conference (Lockpick Village, Career Fair, OWASP Project Summit, Project and Chapter Workshops, 3K for Charity, and more ...)
Looking Ahead to 2014
AppSec APAC 2014 - March 17-20 Tokyo, Japan
AppSec Research 2014 - June 2014 Cambridge UK
AppSec USA 2014 September 2014 Denver, CO
LOCAL AND REGIONAL EVENTS
OWASP China 2013 Forum - July 12-22;
Bejing, Shanghai, and Guangzhou -
OWASP India Conference 2013 - Aug 30-31; New Delhi, India
Ghana Cyber Security - September 5-6; This event is looking for speakers to help grow the OWASP presence in Africa! Contact Theodore Sagoe for details
OWASP New Zealand Day 2013 - Sept 11-12; Auckland, New Zealand - Call for Presentations, Training, and Sponsorship is OPEN!
LASCON 2013 - Oct 24-25, Austin, TX
Call for proposals is open until July 31 - Submit your proposal!
PARTNER AND PROMOTIONAL EVENTS
OWASP has partnered with these great events in the latter half of 2013 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to participate, please CONTACT US
Thank you to: Axran, Cloud Passage, and Netsparker for joining as corporate members
Thank you to: RedSpin and Security Innovation for their annual renewal
2013 OFFICIAL BOARD ELECTION UPDATES
The deadline to submit your candidacy is August 16, 2013.
We would like the community to submit interview questions. These questions will be posed to the candidates during the pre election interviews.
SUBMIT YOUR QUESTIONS
Voting is limited to paid/honorary members who are in good standing as of September 30, 2013. Be sure to join or renew your membership
2013 WASPY AWARDS
The WASPY (Web Application Security Person of the Year) Awards were started in 2012 with the assistance and sponsorship of Qualys and Trustwave. This year, the awards will recognize 5 different individuals in 5 different categories.
Take advantage of this opportunity to help OWASP globally recognize members of our community for their efforts to drive awareness of software security through leadership, outreach, and innovation.
SUBMIT YOUR NOMINEE
SPONSOR THE AWARDS
GET YOUR CREDITS!
Register to participate in the OWASP Webinar Series. This provides an opportunity to review some of the top security talks AND earn CPE credits!
the Next Webinar is scheduled for Wednesday July 10, 2013. The talk title is: "AppSec Training, Securing the SDLC, WebGoat.NET, and the meaning of life" by Jerry Hoff. This is a showing of Jerry's AppSec USA 2012 presentation.
at 10am EDT
at 9pm EDT
Wednesday July 24
Four Axes of Evil: HD Moore
at 10am EDT
at 9pm EDT
If you are interested in giving a live presentation during the webinar series, please contact us.
FEATURED PARTNER EVENTS
The information security issues that matter, the expertise to help. Enjoy 60 track sessions plus debates and keynotes. Build your knowledge and further your career at RSA Conference Europe
Join us for the Third Annual (ISC)2 Security Congress! Co-located with ASIS 2013 59th Annual Seminar and Exhibits. September 24-27, 2013; McCormick Place, Chicago, IL; OWASP Members Save 20% off conference registration with the discount code: OWASP
The (ISC)2 Security Congress event offers invaluable education to all levels of information security professionals. The impressive lineup includes speakers from the Department of Homeland Security, Prudential, Humana, TSA, University of Maryland, DAS Global, Excelon and more with 9 different tracks and over 80 sessions. tracks include: Application Security, Cloud Security, Government Security, GRC, Malware, Mobile Security/Social Networking, Software Assurance, Swiss Army Knife, and Threats. Register Now!
Thursday, July 4, 2013
OWASP Connector July 4, 2013