Tuesday, April 22, 2014

OWASP Connector - April 22

OWASP Global Connector
April 22, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
owasp projects

Featured OWASP Project

SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and it doesn't need to reverse engineer the original SQL request (using only function calls). The Project is currently under the process of porting from Perl to Python.
For more information, please contact the Project Leader, Anirudh Anand.

New OWASP Projects

OWASP Code Pulse Project
The OWASP Code Pulse Project is a tool that provides insight into the real-time code coverage of black box testing activities. It is a crosCos-platform desktop application that runs on most major platforms. The pre-release beta for the Code Pulse Project was released earlier this month.
For more information, please contact the Project Leader, Hassan Radwan.
OWASP Secure Headers Project
The OWASP Secure Headers Project involves setting headers from the server is easy and often doesn't require any code changes. Once set, they can restrict modern browsers from running into easily preventable vulnerabilities. Secure Headers intends to raise awareness and use of these headers.
For more information, please contact the Project Leader, Josh Matz.
OWASP Sting Game Project
The OWASP STING Game Project is a card game that will be developed in a downloadable format in the style of Magic the Gathering to teach application security attack and defense. Players will simultaneously attack other players apps while defending their own and supporting game business objectives.
For more information, please contact the Project Leader, Tony Turner.

Project Announcements

iGoat Project New Release
Some big news coming out of the OWASP iGoat Project! First, the OWASP iGoat Project has just released version 2.1, with the new release providing support for iOS 7.1.
To go along with the new release, OWASP iGoat has also announced their new lead developer, Jonathan Carter. Along with the new lead developer, the prospect of new iGoat lessons is eminent. Volunteers are always encouraged to develop their own lessons and donate them to the iGoat Project.
Download the newest version of iGoat Here
Learn how to create your own iGoat lesson Here
Open Source Showcase
The Open Source Showcase, being held at AppSec EU, is a unique event module that allows project leaders and/or project contributors to showcase their work in a demo setting gaining exposure for their projects. The Showcase affords a more personal view of project between attendees.
The guidelines for submitting to the Open Source Showcase are simple: the Open Source Showcase is open to ANY project - not just OWASP projects. The only requirement for submission is that the project must be licensed under an approved Open Source License. All open source projects are encouraged to apply to take part in the Open Source Showcase at AppSec EU 2014 in Cambridge, UK.
Apply Here to be part of the OSS
OWASP Top 10 Privacy Risks Project is gaining momentum in Europe
European Data Protection Supervisory, Internet Privacy Engineering Network (IPEN)division, aims to develop solutions to improve privacy on the internet. They have approached the OWASP Top 10 Privacy Risks Project Leaders for input on the content of their upcoming workshops. The project, which now has over 80 volunteers participating will have the opportunity to shape Internet Security policies.
ZAP 2.3.0 released!

Thank you to our newest Corporate Members:


Thank you to our renewed Corporate Member:

Accuvant Labs

Global AppSec Events in 2014

LATAM Tour 2014 (April 23 - May 9)
It isn't too late to sign up for our free conference at one of our 8 stops!

AppSec EU 2014 (June 23 - 26, Cambridge, UK)

AppSec USA 2014 (September 16 - 19, Denver, CO)

Upcoming Regional Events

OWASP Extended AppSec Algeria (May 5-6) Algeria
NYC Security Training
LASCON 2014 (October 21 - 24, Austin, TX)

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
Hacker's IDOL - A Cyber Safety Campaign, April 1-October 17, India.
NorthSec 2014, April 25-27, Montreal, Canada.
Thotcon 2014, April 25, Chicago, IL.
National CCDC, April 25-27, San Antonio, TX.
Fraud Summit San Francisco, April 28, San Francisco, CA.
Security B-Sides London 2014, April 29, London, UK.
Fraud Summit Chicago, May 13, Chicago, IL.
ISSA-LA Security Summit, May 16, Los Angeles, CA.
Kansas City Developer Conference, May 15-17, Kansas City, KS.
HITB, May 28-29, Amsterdam, NL.
BSides LV, August 5-6, Las Vegas, NV.
Social Media

OWASP Foundation Social Media

Google +
webinar globe

OWASP Global Webinar

Thursday, April 24th at 10AM EST
Join us for this month's OWASP Project Webinar lead by Project Leader Cam Morris. Cam will be discussing the OWASP Passfault Project. OWASP Passfault evaluates the strength of passwords accurately enough to predict the time to crack. It makes creating passwords and password policies significantly more intuitive and simple.
Register for the 10 am EST Presentation

Register for the 9 pm EST Presentation

A Message from Michael Coates

One area we can improve on is communication - amazing things happen throughout OWASP and we often don't even know about it. Let's change that.
I want to change this by highlighting activity and events every 2 weeks. On Tuesday 4/22 we held the first OWASP Community Update at 9am pacific.

  • We'll use a google hangout event - this allows streaming video and multiple speakers
  • The event is live streamed on youtube & recorded for anyone to review
  • Using Q&A features in google hangouts, twitter (#owasp), and the wiki page we can take questions & answers
  • This update is from all of us. So please add items to the Update page even if you aren't able to make the event!

Check out the updates and announcements from April 22!

Just for Fun

Congratulations to Gerald Miller who was the first person to solve last week's challenge: 3 large + 59 medium + 40 small = 102 total empty
Click here to view last week's puzzle
How fast can you solve this puzzle?
Distances from you to certain cities are written below.
BERLIN: 200 miles
PARIS: 300 miles
ROME: 400 miles
AMSTERDAM: 300 miles
CARDIFF: ??? miles
How far should it be to Cardiff ?
Send your answers to our comment desk for a chance to win a really cheezy prize. Winners will be announced in the next connector.

New OWASP Portal and Community

The new OWASP portal is now live. Since it's launch on April 7, 836 unique people have logged in. In total, over 1300 logins have been recorded.
The portal is the place to go to manage memberships and register for events.
Part of what the portal offers is a community platform. Here owaspers can connect with other owaspers via groups, can submit new ideas, can participate in community polls, and find out what other owaspers are working on. This functionality is in Beta testing, so give it a try and let us know what you think.
To get information on how to get login access to the portal, follow the link below:

2014 OWASP Annual Report will be released this week!

Members will be emailed a link to the report. The link will be made available on the OWASP wiki

1 comment:

Simon Bennetts said...
This comment has been removed by a blog administrator.