Tuesday, September 3, 2013

Global OWASP Connector September 3, 2013

 Global OWASP Connector September 3, 2013
 Project Updates
Membership Updates
Global CTF
Translation Efforts
new project banner

Featured OWASP Project

OWASP Periodic Table of Vulnerabilities

There are many anthologies of vulnerabilities and weaknesses (including CWE - 25, TCv2, and OWASP Top 10), but there is no attempt to classify these issues based on how they should be best solved.  In the past, we have tried to teach developers how to avoid introducing these problems, but it appears, via the lesson of Buffer Overflow, that the only way we'll ever eliminate them is to make it impossible for developers to write vulnerable code.  The periodic table classifies issues based on the most scalable solution, whether that be in frameworks, perimeter technologies, custom code, or fixing the browsers and standards responsible.  If you would like to contribute, please visit the OWASP Periodic Table of Vulnerabilities page or contact the project leader, James Landis.

New OWASP Projects

OWASP Framework Security Project

The OWASP Framework Security Project focuses on understanding missing security controls within popular frameworks, and coordinating with developers and the framework leaders to effectively integrate the missing security controls.  This project requires the collaboration between security experts, security minded developers, and framework developers and leaders.  The primary deliverable of this project is source code that is accepted into frameworks.  The OWASP Framework Security Project will maintain documentation to indicate with security controls have been accepted, and links to code and documentation at each framework.  For more information, please contact the Project leader, Michael Coates.

OWASP SecLists Project

SecLists is a collection of multiple types of lists used during security assessments.  List types include usernames, passwords, URLs, sensitive data group strings, fuzzing payloads, and many more.  The goal is to enable a security tester to pull this repo onto a new testing box, and have access to every type of list that may be needed.  For more information, please contact the project leader, Daniel Miessler.

Project Announcements

New "ESAPI for Java" release - 2.1.0

A new version of ESAPI, release 2.1.0, has been uploaded to both the Google Code downloads list as well as being made available via Maven Central.  The full release notes are available with the Google Code download here.  Most importantly, if fixes Google Issue #306 which is closed with this release.  If you want more information on the release, or the OWASP ESAPI Project, please visit the project wiki page.  Alternatively, you may contact Kevin Wall or Chris Schmidt directly.

OWASP Top 10 2013:  Korean Version Released

A big thank you to Yune Sung, Johnny Cho, and all those involved in the effort to translate the OWASP Top 10 2013 version into Korean.  The document can be downloaded here, and both the document and the contributors list can be found here.  Please reach out to Yune Sung or Johnny Cho if you have any questions about the translation.

OWASP ByWaf Project

The OWASP ByWaf Project is looking for Python developers to help with the final stages of the project.  The project is a tool that bypasses WAFs, and its main function is to detect, evade, and display vulnerabilities.  If you are interested in contributing to the project, please contact the project leader, Rafael Gil Larios.

2013 OWASP Mobile Top 10 Call for Data

The project leaders for the OWASP Mobile Security Project are looking for data that represents the current state of mobile application security.  They are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues.  The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions.  They will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project.  If you are interested in contributing data to the project, please contact Project leaders Jason Haddix, Jack Mannino, and Mike Zusman.


Global Capture The Flag Competition is LIVE!!!!!!!

Are you ready for the First Global CTF?  The Irish Honeynet project:  @honeyn3t, in cooperation with OWASP have built a CTF designed to engage first time CTF players while also challenging the experienced.  Places for the games are limited - and you must register to play.

The competition will run now until the end of September.  The winners will be announced and recognized during AppSec USA 2013 in New York, NY.

The purpose of the games is to provide an environment for people to have fun and learn about security!

Read more about the Global CTF Here
Register for the Global CTF Here

 new membership banner

Thank you to our newest Corporate Member:
Lynx Technology Partners

Thank you to
Information Builders
for their renewal

Thank you to
Information Security Buzz
A New Media Supporter

The Membership Deadline to participate in the 2013 Global Board Election AND the 2013 WASPY awards is September 30, 2013.  Please visit the Membership Page to get information on how to renew or how to join.

new conf banner


Registration is now LIVE!  Click here to register and take advantage of early bird pricing.

AppSec USA 2013 - Simple Banner
OWASP AppSec USA 2013

Click Here for the full schedule of Talks and Training Classes


Ghana Cyber Security - Sept 5-6
OWASP New Zealand Day 2013 - Sept 11-12; Auckland, New Zealand
LASCON 2013 - Oct 24-25, Austin, TX

new project banner

Meet our New Technical Project Advisors

As the OWASP Projects Inventory continues to grow, we continue to work towards improving the operations side of OWASP Projects.  One of the major items on the agenda for 2013 is to review and update the current project assessment criteria and graduation process.  The update is needed as there are now over 100 OWASP Projects, and the assessment criteria and process must be able to meet the demand for quality reviews.  This is why the Technical Project Advisors were brought together.  Please help me in welcoming our new Technical Project Advisors.  Read our blog post for more information


OWASP Webinar Series


Register to participate in the OWASP Webinar Series.  This provides an opportunity to review some of the top security talks AND earn CPE credits!

 Wednesday September 11, 2013. 
LIVE - Ken Johnson
Rails Goat Project Webinar
RailsGoat project provides training for developers and security professionals - all specific to the Ruby on Rails framework

10am EDT (Live Webinar)
smaller register
at 9pm EDT (replay of the Live Webinar)
smaller register

Wednesday September 25, 2013. 
LIVE - Josh Sokol
SimpleRisk Webinar
SimpleRisk is an open source tool designed to help better manage and facilitate enterprise risk management.

10am EDT (Live Webinar)
smaller register
9pm EDT (replay of the Live Webinar)

smaller register

Wednesday October 9, 2013. 
LIVE - Global Board Candidate Question and Answers

Interactive question and answer format for the Global Foundation Board Candidates.  Facilitated by Kelly Santalucia

at 10am EDT
smaller registerand
9pm EDT
smaller register

Wednesday November 6, 2013. 
LIVE - Kiran Karnad
OWASP Top Ten & Burp
information and registration coming soon

We want to highlight projects and research!  If you have a topic that you would like to present, please submit an abstract here:  Contact us


Review the Candidates
Review the Election Timeline


Review the Nominees

No comments: