Thursday, October 10, 2013

OWASP Global Connector October 9, 2013


OWASP_CONNECTOR_BANNER_TOP%202
Global OWASP Connector - October 9, 2013
PROJECT_SHORT_BANNER CON_SHORT_BANNER 2013_Board_ELECTION-BANNER2_SHORT

Featured OWASP Project

OWASP CSRFGuard Project

OWASP CSRFGurard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks.  The OWASP CSRFGuard library is integrated through the use of JavaEE Filter, and exposes various automated and manual ways to integrate per-session or pseudo-per-request tokens into HTML.  When a user interacts with this HTML, CSRF prevention tokens (i.e. cryptrgraphically random synchronizer tokens) are submitted with the corresponding HTTP request.  It is the responsibility of OWASP CSRFGuard to ensure the token is present and is valid for the current HTTP request.  For more information on the CSRFGuard project, please contact the project leander, Eric Sheridan.

NEW OWASP Projects

OWASP Node.js Goat Project

Node.js is a widely adopted platform for developing web applications.  This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js, and how to effectively address them. For more information, please contact the project leader, Chetan Karande.

OWASP Pygoat Project

The Pygoat Project is similar to the WebGoat or RailsGoat projects in that it is an application specifically designed to be insecure in hopes of teaching others about code flaws in web applications.  In this specific context, it will focus mainly on Python and Django code libraries.  For more information, please contact the project leader, Kyle Rippee.

OWASP Python Security Project

Python Security is a free, open source project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.

The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:  Security in python:  white-box analysis, structural and functional analysis, Security in python:  black box analysis, identify and address security-related issues, Security with python:  develop security hardened python suitable for high-risk and high-security environments.  For more information, please contact the project leader, Enrico Branca.

3 New Project Releases!

OWASP Broken Web Applications Version 1.1.1 Released

From Chuck Willis, project leader:  I'm proud to announce the release of version 1.1.1 of the OWASP BWA VM.  This release is relatively minor, but there were a couple of items that I wanted to address:

Fixed issue with Tomcat not starting in some circumstances.  Thanks to the individuals who reported this issue (that I did not experience) and confirmed the fix.
Updated Mutillidae and transitioned to use its new Git repository.
VM is now available for download in .ova format, which should make it easier to use in virtualization packages other than VMware products.


OWASP Java HTML Sanitizer Project v209 Released

The OWASP Java HTML Sanitizer project is a fast and easy to configure HTML Sanitizer written in Java.  This project is a secure coding library that lets you include HTML authored by third-parties in your web application while protecting against XSS.  The OWASP Java HTML Sanitizer was authored by and is actively maintained by Mike Samuel from the Google application security team.
Version 209 was recently released.  Change-log information can be found here.  If you have questions about this project, please join the project mailing list.


OWASP Zed Attack Proxy 2.2.0 Released

Zap 2.2.0 is now available HERE.

This includes support for scripts embedded in ZAP components like the active and passive scanners as well as support for Zest - a new security focused scripting language from the Mozilla security team.  It also supports Mozilla Plun-n-Hack, locailization in 20 languages, various minor enhancements and lots of bug fixes.  For more details see the release notes.
Additionally, if you use ZAP, then please fill in the ZAP user questionnaire linked off the ZAP homepage.  This will help us prioritize features for future releases.  For more information, please contact the project leader, Simon Bennetts.



Message from Project Leader, Shruti Kulkarni:  Seeking Contributors

Legacy applications are a reality.  I would like to present vulnerabilities and threats of legacy web applications, and the countermeasures for the same, in my project.  I have listed down a few.  I would like contributions in these areas, and also pointers on anything else assiciated with legacy web applications.  The project is the OWASP Supporting Legacy Web Applications in the Current Environment Project.  For more information, please contact the project leader, Shruti Kulkarni.

New Support email is now available.  To reach a staff member, email:  support@owasp.org

appsec-horizontal-logo 3

OWASP AppSec USA 2013
www.appsecusa.org/2013/


The *draft* schedule is now published
OWASP Project and Leader Summit
Press Releases

Local and Regional Events

OWASP China 2013 Forum - July 12 - Dec 31, Bejing, Shanghai, and Guangzhou

LASCON 2013 - Oct 24-25, Austin, TX

Houston November Mini-Con - Nov 15, Houston, TX

OWASP BeNeLux - Nov 28-Nov 29, Netherlands

BASC 2013 - Dec 14, Cambridge, MA

AppSec California 2014 - Jan 27-Jan 28, Santa Monica, CA

Partner and Promotional Events

Hack in the Box - October 14-17;  Discount code for OWASP Members:  OWASP2013
Nullcon - India, Feb 12-15, 2014.  Call for papers is OPEN

MEM_SHORT_BANNER 2

Thank you to our Newest Corporate Member

Bank of NY Mellon


Thank you to our Renewed Corporate Members

ADP
FICO

globe

OWASP Webinar Series

Wednesday, October 9, 2013
Live - Global Board Candidate Question and Answers

Interactive question and answer format for the Global Foundation Board Candidates.  Facilitated by Kelly Santalucia.

9pm EDT

smaller register 8


Wednesday, October 23, 2013

Live - Jason Johnson, Project leader - OWASP Hive Project:  Welcome to the Grid

Jason will walk us through the OWASP Hive Project - the HIVE project started out as an idea for a learning platform created by using some small, capable pc to do our bidding - now look at the progress!

10 am EDT


smaller register 8

9 pm EDT


smaller register 8

Wednesday November 6, 2013

Live - Kiran Karnan, Project Leader - OWASP Top Ten & BURP

Kiran will demonstrate the Top Ten using BURP

10 am EDT

smaller register 8

9 pm EDT


smaller register 8

Wednesday December 4, 2013

Live - Abbas Naderi, Project leader - OWASP PHP Security Project

Abbas will demonstrate the existing and planned features of his project

10 am EDT


smaller register 8

9 pm EDT


smaller register 8

The Global Webinar Series wants to feature your Project.  Please contact Kate Hartmann or Samantha Groves to schedule your project webinar.


Women in AppSec Selection Finalized

After careful consideration, the Women in AppSec selection team chose two winners this year for the Woman in AppSec fund.  They will each receive a free conference pass to AppSec USA 2013, a seat in the training class of their choice along with travel and accommodations to attend.  Please join in our congratulations to this year's winners, Nancy Lornston and Carrie Schaper.


THE ELECTION PAGE

Be sure to review the available materials and become an informed voter.


Upcoming Dates

October 9 - Q&A Webinar
October 14 - Voting Begins
October 25 - Voting Ends
October 29 - Election Result Announced

WASPY-BANNER_SHORT

The Web Application Security Persons of the Year (WASPY) award nominees are POSTED

Show your support for the community by becoming a Sponsor of the awards.

Corporate sponsors AND Chapter sponsors are encouraged to participate

FULL SPONSORSHIP INFORMATION CAN BE FOUND HERE

In case you missed it ...


ctf

The Global CTF was an outstanding success.  Initiatlly the honeynet had capacity for 200 active players, however,  the potential to scale up was quicly recognized.  With the assistance of the Instutute of Technology Blanchardstown, who provided additional servers and bandwidth, we ere able to extend the CTF capacity by and additional 25% with active players from all over the world from a variety of time zones.  Although everyone who took part, including teh organizers, learned lots and had fun - there can only be one winner ...

Top 10 Places & Scores

aaaaaa [1665]
reaver2121991 [1640
Orbiter [1539]
y0y0Hon3ySinghJ1 [1524]
ietians [1302]
cybercruiser [1290]
Mutantinmate [1284]
bannedXD [1278]
ntyeil [1277]
cia403 [1274]



INI_SHORT_BANNER

Global Initiatives Metrics

504 unique volunteers

Volunteer Sign ups over Time



overtime

Leadership Status of New Volunteers

leaders

by canpaign



OUTREACH_SHORT_BANNER

OWASP Ghana recognized in the fight against cyber crime!

Theo Sagoe and the OWASP Ghana team was recently recognized on national television news.  The spot highlights the need in the African Region for increased villigance and attention to cyber security.  Watch the youtube segment

OWASP_CONNECTOR_BANNER_BOTTOM

No comments: