Thursday, February 13, 2014

OWASP Global Connector



OWASP Global Connector
February 12, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
owasp projects

Featured OWASP Project

OWASP OWTF Project
OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES project focused on trying to unite great tools to make pen testing more efficient. OWASP OWTF is a project focused in the area of offensive security testing where the goal is to unite a vast set of the greatest pen-test tools, PoC code and custom tests, and to organize this information in an interactive way to make testing as efficient as possible for pen-testers.
For more information, please contact the Project Leader, Abraham Aranguren.

New OWASP Projects

OWASP Encoder Comparison Reference Project
The OWASP Encoder Comparison Reference Project is a quick reference for how ESAPI and other frameworks and native language encoding methods work against ASCII characters. It is a Web 2.0 web application that allows users to choose which encoder libraries to compare. It should compare ESAPI as well as others. Deliverable includes the source code to the web application hosted version so that users can access this tool without needing to download, install, configure, etc.
For more information, please contact the Project Leader, Stephanie Tan.
OWASP Ultimatum Project
The OWASP Ultimatum Project will be an all in one vulnerability testing tool that will automatically keep updating so that it has the latest vulnerability information on which it can work on. The product can also be used to pen-test different web server applications. It will be a web application testing tool that will be able to identify spam, malware embedded in an email attachment, or any of the pdf or doc sent over e-mail, etc.
For more information, please contact the Project Leader, Robin Nayak.
OWASP Book Project
The OWASP Book Project will b a consolidated publication with a collection of research papers that will be donated to OWASP. The Leader aims to assemble research focused on web application penetration testing into one book to give contributors an opportunity to share their knowledge and experience.
For more information, please contact the Project Leader, Ahmed Neil.
OWASP Open Cyber Security Project
The OWASP Open Cyber Security Framework Project's aim is to create a practical framework for cyber security. Currently there are some frameworks from NIST or from ISACA for example and other paid or local frameworks, but there is no open framework that any governments or organization are able to adopt.
For more information, please contact the Project Leader, Mateo Martinez.

Project Announcements

OWASP CISO Survey Report 1.0
The OWASP CISO Survey provides tactical intelligence about security risks and best practices to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs. Project Leader, Tobias Gondrom, has released the report today.
For more information, please contact Tobias Gondrom.
OWASP Java Encoder 1.1.1 Released!
The OWASP Java Encoder is a Java 1.5 simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
A huge thank you to Jeremy Long and Jeff Ichnowski for their gracious volunteer time and expertise in working on this project. Happy Encoding from the OWASP Java Encoder Team: Jim Manico, Jeff Ichnowski, and Jeremy Long - OWASP Java Encoder Project
OWASP iGoat Project looking for help!

Are you an objective C programmer? The short-term need for OWASP iGoat is basic code maintenance. There are a couple of deprecated (in iOS 7) methods that are used in OWASP iGoat. We need a developer to read through those (2 instances) and decide how to replace them. The project is also looking for a developer to help implement a couple new exercises.
If you are able to help, please contact Ken van Wyk.
Project Review Assistance Required!
We would like to ask the OWASP Project user community to take a bit of time to fill in a short survey that we will use to assess the Usability and Value of our projects. We are currently focusing on the following projects. If you are a user, please fill out the survey below. Thank you, Leaders.
OWASP Cheat Sheets Project
OWASP Java HTML Sanitizer Project
OWASP Xenotix XSS Exploit Framework Project
OWASP Cornucopia Project
OWASP Java Encoder Project
You can find the assessment survey here: Project Usability and Value Assessment. For more detailed instructions on how to submit your comments, please contact Samantha Groves.
conferences

Global AppSec Events in 2014

AppSec APAC 2014 (March 17 - 20, Tokyo Japan)
English Website
Japanese Website
Training March 17-18, Conference March 19-20
Full Schedule of conference training and talks is now available
Sponsorship opportunities are still available

  • Training March 17-18, Conference March 19-20
  • Conference Training and Talks have been posted
  • Early Registration deadline is February 1
AppSec LATAM 2014 - LATAM Tour (April 21 - May 12)
In 2014, instead of holding an AppSec LATAM Conference, we organizing a LATAM Tour which we hope will bering together LATAM community members together to spread the OWASP mission. Here are the sheduled stops for the tour:

  • April 21-22, Costa Rica (San Jose)
  • April 22-23, Chile (Santiago)
  • April 23-24 Ecuador (Quito & Guayaquil)
  • April 25-26 Peru (Lima)
  • April 28-29 Panama (Panama)
  • April 29-30 Uruguay (Montevideo)
  • May 5-6 Venezuela (Caracas)
  • May 6-7 Colombia (Bogota)
  • May 8-9 Argentina (Buenos Aires)
Sponsorship Opportunities are available as well. Please find further information on the Tour Wiki Page.
AppSec EU 2014 (June 23 - 26, Cambridge, UK)

AppSec USA 2014 (September 16 - 19, Denver, CO)

  • Training - September 16-17, Conference - September 18-19
  • Sponsorship packages are now available.
  • More information on the call for papers and training - Coming Soon

Upcoming Regional Events

OWASP is offering a FREE Developer Bootcamp in San Francisco on Monday, Feb 24, 2014. Register now to secure your seat!
LASCON 2014 (October 21 - 24, Austin, TX)

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
Nullcon (February 12 - 15, Goa, India)OWASP Members receive a 20% discount off of the general event registration fee by using
Confoo 2014 - Montreal, Canada (February 24-28)
Security, Management, Audit Forum 2014 (February 19 - 20, Poland)
InfoSec World Conference & Expo 2014, April 7-9, 2014. OWASP Members receive a 10% discount off the standard conference registration fee by using discount code: OS14/OWASP
Cyber Security Summit, April 9-10, 2014. Prague, Czech Republic. OWASP Members receive a 20% discount off of the general event registration fee by using THIS LINK
THOTCON - Chicago's Hacking Conference, April 25, 2014, Chicago IL. Tickets
initiatives

OWASP Quarterly Journal Initiative

The OWASP community contains many of the most brilliant minds in software security. One of the challenges we face is that, despite our global scope, there are many concepts, research, tools, and techniques that are often not circulated as broadly as they should be.
A suggestion was made by several to create a quarterly publication that would further meet the needs of the software security professional, and help spread our mission and our resources beyond current limitations.
Through the initiatives, a task force has formed to work on accomplishing this. The team, in their wisdom, has asked that the community provide input on what we feel is missing from other industry publications, and what direction this team should take.
Please take a few seconds to provide your input to the team. Submit your comments HERE
membership

Thank you to our newest Corporate Members: OneConsult GmbH and BCC Risk Advisory

Thank you to Oracle for their renewal!

communication

OWASP is Hiring!

OWASP is looking for a talented professional to fill each of the following positions:
OWASP Community Manager; Full Time; Salaried
The OWASP Community Manager is responsible for coordination and oversight of volunteer opportunities and initiatives for the OWASP community. Furthermore, this position will focus on providing operational support to OWASP Chapters globally and is responsible overseeing and disseminating the organization’s policies, objectives, and initiatives as they relate to OWASP Chapters.
Details about the position
Graphic Designer; Part time; hourly; contractor

The Graphic Designer is responsible for oversight and development of company promotional materials both for print and for the web. The OWASP Graphic Designer will be responsible for the visual identity and visual brand consistency of all materials and graphic content created and used by the OWASP Foundation.
Details about the position
Complete information on the hiring process, including application deadlines, please visit the complete Blog Post

Just for Fun

We would like to congratulate David Smolikhagen for submitting the first correct response to last issue's puzzle. Here is the question followed by David's response. Thank you to everyone who submitted your response. If you missed the question, you can find it on the OWASP Blog
Alice still won the race. Alice would have caught up to Bob at the 95 yd mark and since she is running a little bit faster than Bob, she would have covered the remaining 5 yds faster than Bob (unless he's some super macho guy who wasn't gonna be beat by a girl twice, and he dug deep and poured on something extra for those last 5 yards! ;-D ).
This issue's challenge
The Blue Knight usually rides to the World’s End Pub after a long day, and walks back to the castle. It takes her an hour and a half. When she rides both ways it takes 30 minutes. How long would it take her to make the round trip on foot?
Please submit your answers HERE
Membership

OWASP Member Spotlight - Oana Cornea, Bucharest, Romania

As an organization driven by it's membership community, it's high time we dedicate some space to recognizing YOU!

Oana Cornea got involved in OWASP in January2013 when she wrote an iOS Cheat Sheet for the Cheat Sheet series. It's been full steam ahead since then for Oana and the team in Romania.
Oana says: "I am working as an application security analyst at Electronic Arts, in Bucharest, Romania. I am a Computer Science graduate with a Master in Information Technology Security and I have been working in the field of IT security for almost 4 years.
I've learned a lot from the Owasp docummentation available on the website so, I've decided to give something back and get involved. I've decided to be active in this community, to learn more and to promote software security.
The first Owasp event in Romania was part of the Europe Tour (May 2013). Since then, I organized another one day conference event in October 2013 and we started to have regular chapter meetings.
Over the past months we evolved and I've managed to get more people involved in the local Owasp Chapter to promote software security. Many people volunteered, together with the board members Dan Vasile and Ionel Chirita, and helped organizing these events and meetings.
It is a great experience and I am very happy to be part of the Owasp community!"

No comments: