Tuesday, January 14, 2014

OWASP Global Connector January 14, 2014



OWASP Global Connector
January 14, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
owasp projects

Featured OWASP Project


OWASP Xenotix XSS Exploit Framework


The OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world's 2nd largest XSS Payloads of about 1500 + distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation
For more information, please contact the Project Leader, Ajin Abraham.


New OWASP Project



OWASP Reverse Engineering and Code Modification Prevention Project

For more information, please contact the Project Leader, Jonathan Carter.


Project Announcements

OWASP Projects voted Top Security Tools by ToolsWatch.org Readers


Three OWASP tool projects were voted as the top security tools of 2013 by users and readers of ToolsWatch.org. OWASP ZAP ranked number one on the top ten list with OWASP Xenotix XSS Exploit Framework ranking number 5 and OWASP O-Saft SSL Advanced Forensic Tool ranking number 10. Congratulations to the project leaders and all of the contributors that helped make these OWASP tools so amazing.

Message from Project Leader, Mark Miller.
We just released a new OWASP podcast episode:
AppSec USA 2013 - Larry Conklin and the Code Review Book Project
Visit the OWASP 24/7 Podcast series wiki page for more information, or contact Project Leader Mark Miller directly


OWASP OWTF 0.45.0 "Winter Blizzard" Released!


This release contains many features such as the continued integrated work from the 4 OWASP OWTF Google Summer of Code projects (including post - GSoC improvements), and the initial work of "OWTF bonnet mode" a BruCon 5X5 project by Marios Kourtesis. Please contact Project Leader Abraham Aranguren for more information

OWASP ESAPI Hackathon Update!

There are only 7 days left until the OWASP ESAPI Hackathon Contest closes. Contribute for a chance to win some great prizes. The ESAPI team is in need of more contributors. Spread the word or add some content yourself. Visit our OWASP blog page for more information on what and how to contribute.

Project Review Assistance Required!

The OWASP Technical Advisors and the OWASP PM are in the process of reviewing our projects and we would like to ask for your assistance with this assessment. We would like to ask that you take a bit of time to fill in a short survey that we will use to assess the Usability and Value of each project to its users and to the community
You can find the assessment survey here: Project Usability and Value Assessment. For more detailed instructions on how to submit your comments, please contact Samantha Groves
membership

Thank you to our newest Corporate Member: Ipswitch, Inc.

Thank you to NetSPI, SCSK Corporation, and Twitter for continuing to support the OWASP Foundation

conferences

Global AppSec Events in 2014


AppSec APAC 2014 (March 17 - 20, Tokyo Japan)

English Website
Japanese Website

  • Training March 17-18, Conference March 19-20
  • Conference Training and Talks have been posted
  • Early Registration deadline is February 1
AppSec LATAM 2014 - LATAM Tour (April 21 - May 12)


In 2014, instead of holding an AppSec LATAM Conference, we are working on organizing a LATAM Tour. Building on the success of 2012 and 2013, the tour will empower the entire LATAM region to collaborate and to raise software security awareness in their region. This year's tour will be held between April 21st and May 9th.
Please find additional information regarding the tour and on the scheduled stops by visiting the Tour Wiki Page.


AppSec EU 2014 (June 23 - 26, Cambridge, UK)

  • Training - June 23-24, Conference - June , 25-26
  • Sponsorship details are now available
  • Call for papers - Coming Soon
AppSec USA 2014 (September 16 - 19, Denver, CO)

  • Save the date for Training - September 16-17, Conference - September 18-19
  • More information on the call for papers and training - Coming Soon

Upcoming Regional Events



AppSec California 2014 (January 27 - 28, Santa Monica, CA)

  • There is still time to register!
LASCON 2014 (October 21 - 24, Austin, TX)


Partner and Promotional Events


OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us


Nullcon (February 12 - 15, Goa, India)OWASP Members receive a 20% discount off of the general event registration fee by using


Security, Management, Audit Forum 2014 (February 19 - 20, Poland)


InfoSec World Conference & Expo 2014, April 7-9, 2014. OWASP Members receive a 10% discount off the standard conference registration fee by using discount code: OS14/OWASP


Cyber Security Summit, April 9-10, 2014. Prague, Czech Republic. OWASP Members receive a 20% discount off of the general event registration fee by using THIS LINK
initiatives
new year

Upcoming for 2014


2013 is behind us and 2014 lies ahead. Our collective accomplishments in 2013 are just a hint of what we will achieve as an organization in the coming year. We would like to give you a peek at a couple of new opportunities on the road map for the beginning of the year.

Global Volunteer Opportunities

Cybersecurity Center of Excellence Proposal (NCCoE): Contributors Wanted

A volunteer is needed to assist and determine the level of the foundation's involvement with the National Cybersecurity Center of Excellence regarding a recent call for public comments. A few dedicated individuals are needed to lead the foundation's involvement in this initiative. For more information, please contact Bev Corwin

2014 Operational Goals for OWASP Projects

These goals have been put together based on Leader requests, and the need to continue work on other optional tasks from the previous year. They will be the goals and milestones for 2014. Please visit our OWASP Blog for a detailed list of the goals and milestones.

Global Training Initiative

The goal of this initiative is to set the roadmap for an OWASP Training Program. Objectives include baseline knowledge, increasingly challenging courses, various educational tools, costs, revenue, and application for available grant or sponsorship funding.This initiative will begin in February. Estimated planning period will require a 60 day commitment. The initiative will transition to an implementation phase in Q2.

Quarterly Research Journal

The Foundation would like to create a professionally designed and published Journal on a Quarterly Basis. The content of this journal will focus on research and new solutions to software security challenges. A team will be needed to review the paper submissions for content and applicability.

OWASP Site

The Foundation is exploring the web capabilities that exist within the Salesforce Platform: specifically around the creation of communities and web presence using site.com. Individuals who have knowledge of site.com and Salesforce communities are invited to share their knowledge and assist with the creation of the collaboration platform.
Social Media

OWASP Foundation Social Media


LinkedIn


Twitter


Google +


Facebook


Ning


StackOverflow


No comments: