The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
OWASP OWTF Project OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES project focused on trying to unite great tools to make pen testing more efficient. OWASP OWTF is a project focused in the area of offensive security testing where the goal is to unite a vast set of the greatest pen-test tools, PoC code and custom tests, and to organize this information in an interactive way to make testing as efficient as possible for pen-testers. For more information, please contact the Project Leader, Abraham Aranguren.
New OWASP Projects
OWASP Encoder Comparison Reference Project The OWASP Encoder Comparison Reference Project is a quick reference for how ESAPI and other frameworks and native language encoding methods work against ASCII characters. It is a Web 2.0 web application that allows users to choose which encoder libraries to compare. It should compare ESAPI as well as others. Deliverable includes the source code to the web application hosted version so that users can access this tool without needing to download, install, configure, etc. For more information, please contact the Project Leader, Stephanie Tan. OWASP Ultimatum Project The OWASP Ultimatum Project will be an all in one vulnerability testing tool that will automatically keep updating so that it has the latest vulnerability information on which it can work on. The product can also be used to pen-test different web server applications. It will be a web application testing tool that will be able to identify spam, malware embedded in an email attachment, or any of the pdf or doc sent over e-mail, etc. For more information, please contact the Project Leader, Robin Nayak. OWASP Book Project The OWASP Book Project will b a consolidated publication with a collection of research papers that will be donated to OWASP. The Leader aims to assemble research focused on web application penetration testing into one book to give contributors an opportunity to share their knowledge and experience. For more information, please contact the Project Leader, Ahmed Neil. OWASP Open Cyber Security Project The OWASP Open Cyber Security Framework Project's aim is to create a practical framework for cyber security. Currently there are some frameworks from NIST or from ISACA for example and other paid or local frameworks, but there is no open framework that any governments or organization are able to adopt. For more information, please contact the Project Leader, Mateo Martinez.
OWASP CISO Survey Report 1.0 The OWASP CISO Survey provides tactical intelligence about security risks and best practices to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs. Project Leader, Tobias Gondrom, has released the report today. For more information, please contact Tobias Gondrom. OWASP Java Encoder 1.1.1 Released! The OWASP Java Encoder is a Java 1.5 simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting! A huge thank you to Jeremy Long and Jeff Ichnowski for their gracious volunteer time and expertise in working on this project. Happy Encoding from the OWASP Java Encoder Team: Jim Manico, Jeff Ichnowski, and Jeremy Long - OWASP Java Encoder Project OWASP iGoat Project looking for help! Are you an objective C programmer? The short-term need for OWASP iGoat is basic code maintenance. There are a couple of deprecated (in iOS 7) methods that are used in OWASP iGoat. We need a developer to read through those (2 instances) and decide how to replace them. The project is also looking for a developer to help implement a couple new exercises. If you are able to help, please contact Ken van Wyk. Project Review Assistance Required! We would like to ask the OWASP Project user community to take a bit of time to fill in a short survey that we will use to assess the Usability and Value of our projects. We are currently focusing on the following projects. If you are a user, please fill out the survey below. Thank you, Leaders. OWASP Cheat Sheets Project OWASP Java HTML Sanitizer Project OWASP Xenotix XSS Exploit Framework Project OWASP Cornucopia Project OWASP Java Encoder Project You can find the assessment survey here: Project Usability and Value Assessment. For more detailed instructions on how to submit your comments, please contact Samantha Groves.
AppSec LATAM 2014 - LATAM Tour (April 21 - May 12) In 2014, instead of holding an AppSec LATAM Conference, we organizing a LATAM Tour which we hope will bering together LATAM community members together to spread the OWASP mission. Here are the sheduled stops for the tour:
The OWASP community contains many of the most brilliant minds in software security. One of the challenges we face is that, despite our global scope, there are many concepts, research, tools, and techniques that are often not circulated as broadly as they should be. A suggestion was made by several to create a quarterly publication that would further meet the needs of the software security professional, and help spread our mission and our resources beyond current limitations. Through the initiatives, a task force has formed to work on accomplishing this. The team, in their wisdom, has asked that the community provide input on what we feel is missing from other industry publications, and what direction this team should take. Please take a few seconds to provide your input to the team. Submit your comments HERE
Thank you to our newest Corporate Members: OneConsult GmbH and BCC Risk Advisory
Thank you to Oracle for their renewal!
OWASP is Hiring!
OWASP is looking for a talented professional to fill each of the following positions: OWASP Community Manager; Full Time; Salaried The OWASP Community Manager is responsible for coordination and oversight of volunteer opportunities and initiatives for the OWASP community. Furthermore, this position will focus on providing operational support to OWASP Chapters globally and is responsible overseeing and disseminating the organization’s policies, objectives, and initiatives as they relate to OWASP Chapters. Details about the position Graphic Designer; Part time; hourly; contractor The Graphic Designer is responsible for oversight and development of company promotional materials both for print and for the web. The OWASP Graphic Designer will be responsible for the visual identity and visual brand consistency of all materials and graphic content created and used by the OWASP Foundation. Details about the position Complete information on the hiring process, including application deadlines, please visit the complete Blog Post
Just for Fun
We would like to congratulate David Smolikhagen for submitting the first correct response to last issue's puzzle. Here is the question followed by David's response. Thank you to everyone who submitted your response. If you missed the question, you can find it on the OWASP Blog Alice still won the race. Alice would have caught up to Bob at the 95 yd mark and since she is running a little bit faster than Bob, she would have covered the remaining 5 yds faster than Bob (unless he's some super macho guy who wasn't gonna be beat by a girl twice, and he dug deep and poured on something extra for those last 5 yards! ;-D ). This issue's challenge The Blue Knight usually rides to the World’s End Pub after a long day, and walks back to the castle. It takes her an hour and a half. When she rides both ways it takes 30 minutes. How long would it take her to make the round trip on foot? Please submit your answers HERE
OWASP Member Spotlight - Oana Cornea, Bucharest, Romania
As an organization driven by it's membership community, it's high time we dedicate some space to recognizing YOU!
Oana Cornea got involved in OWASP in January2013 when she wrote an iOS Cheat Sheet for the Cheat Sheet series. It's been full steam ahead since then for Oana and the team in Romania. Oana says: "I am working as an application security analyst at Electronic Arts, in Bucharest, Romania. I am a Computer Science graduate with a Master in Information Technology Security and I have been working in the field of IT security for almost 4 years. I've learned a lot from the Owasp docummentation available on the website so, I've decided to give something back and get involved. I've decided to be active in this community, to learn more and to promote software security. The first Owasp event in Romania was part of the Europe Tour (May 2013). Since then, I organized another one day conference event in October 2013 and we started to have regular chapter meetings. Over the past months we evolved and I've managed to get more people involved in the local Owasp Chapter to promote software security. Many people volunteered, together with the board members Dan Vasile and Ionel Chirita, and helped organizing these events and meetings. It is a great experience and I am very happy to be part of the Owasp community!"