The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
OWASP STING Game Project The OWASP STING Game Project is a card game in downloadable format or if funded, printed and distributed at OWASP events. STING is a combative card game in the style of Magic the Gathering designed to teach application security attack and defense. Players will simultaneously attack other players apps while defending their own and supporting game business objectives. For more information, please contact the Project Leader, Tony Turner OWASP GoatDroid OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform. For more information, please contact the Project Leader, Jack Mannino
New OWASP Projects
OWASP PHP Security Training Project The goal of this project is to create an interactive training system, consisting of several units, for PHP developers. Every unit is divided in an attack and a defense part. For more information, please contact the Project Leader, Timo Pagel. OWASP Hardened Phalcon Project The Phalcon Framework is the world's fastest PHP Framework, however, like most frameworks it is not 'hardened' by default. OWASP Hardened Phalcon aims to help developers harden their Phalcon applications in-line with the published OWASP guidelines. For more information, please contact the Project Leader, Rhodry Korb.
Project Summit We are just a little over a month away from AppSec EU and the 2014 Project Summit. So far we have some great projects signed up to participate, but we need more projects participating. The Project Summit is a fantastic opportunity to workshop your project and gather new volunteers for your project. The Project Summit will be taking place June 23-24 Anglia Ruskin University in Cambridge, UK and is free and open to the Community. You do not need a conference pass to attend the Project Summit. Don't have a project? No problem, we can still use your help at the Project Summit. Sign up to participate in the Project Summit by contacting Samantha Groves or Kait Disney-Leugers. Check out the current lineup of projects and add your project to the list. This page will be updating regularly until the start of the Project Summit: Project Summit Home Page. Webinar Opportunities There are still plenty of open dates available to record your webinar. We are changing the format of our webinars, and now we are giving Leaders an opportunity to reach out to us and let us know when they are available. The Ops Team will then work to accomodate your schedule. The final webinar will be posted on our official YouTube channel. Please reach out to Samantha Groves if you are interested in giving a 45 minute webinar on your OWASP Project. Join us at AppSec EU in Support of Projects There are many event activities directly aimed at promoting our OWASP Projects taking place at AppSec EU 2014 in Cambridge UK. We are having the 2014 Project Summit taking place on Monday, June 23rd and Tuesday, June 24th from 9am to 6pm on both days. Here, our project leaders will have an opportunity to work on participating projects. On Wednesday, June 25th we will be having the Open Source Showcase where participating projects will demo their work to conference attendees. On Thursday, June 26th we will be having the Project Leader Workshop lead by Simon Bennetts, OWASP ZAP Project Leader. Join us and support our OWASP Project Leaders at AppSec EU 2014. To register, please visit the AppSec EU 2014 registration page.
Thank you to our recently renewed Corporate Members:
Honorary Membership applications now being accepted. Be sure to review the requirements for Honorary Membership before you submit your form. Deadline for Honorary Membership is September 30, 2014 **Please note: Chapters and Projects MUST be active. Your leadership position MUST be on file prior to September 30, 2014 in order to be eligible for 2014 Honorary Membership. ALL qualified individuals MUST apply for Honorary Membership in order to vote by completing the Honorary Membership Form
LASCON 2014 (October 21 - 24, Austin, TX) Keynotes confirmed include: Kelley Misata (Director Of Outreach and Communications, The Tor Project), Jeff Williams (CTO, Contrast Security), Zane Lackey (Founder/CSO @ signal sciences), Marcus Carey, and Chris Nickerson
OWASP is an organization that has been built on collaboration and community involvement. I also hope that OWASP is an organization that can support and innovation - encouraging the community to try new things and be willing to look frequently and assess what is working and what isn't. We have grown to the point where an improved process needs to be implemented where our leaders can lead and those who wish to participate can do so easily and productively. In 2008, the Foundation created committees. These committees were successful in that they pushed forward some much needed guidelines and put some structure around areas that were undefined. Unfortunately, over time, there were built in flaws with the committee design that created roadblocks and eventually their failure. We would like to propose a revamped committee structure based on a solid foundation that provides the voice and opportunities to the community. This structure will depend on a high level of community engagement. Wiki page outlining structure for the committees 2.0 Most importantly - We want your input! not just leaders, or individuals with an owasp.org email, anyone in the community is encouraged to participate in this poll of both the general idea of the committees 2.0 and particular features of the new model. Participate here - anyone can view, you must be logged into a google account (not just owasp.org) to vote or submit a suggestion.
2014 Global Board of Directors Election
Each year The OWASP Foundation holds its annual Global Board of Directors election. This October, OWASP members will be voting to fill 3 of the 7 seats available. If you are interested in learning more about the election and what the requirements are to run for a seat, please visit our 2014 Board Elections page. Our Call for Candidates is now open! Please submit your candidacy here. Call for Candidates will close August 15, 2014. During the candidates recorded interview, each candidate will be asked a series of questions provided by our OWASP Community. Anyone can submit a question(s), vote up or vote down existing questions. The top 5 to 6 questions will then be used for each candidate's interview. If you have a question you would like to submit, please do so here. Deadline to submit your question is August 25, 2014. For a complete Election Time line, Click Here
Just for Fun
Congratulations to Ben Dechrai who was the first person to solve last week's challenge: The missing pages are 291 to 322 included Click here to view last issue's puzzle Let's see who has the fastest solution this week ... Five pirates have obtained 100 gold coins and have to divide up the loot. The pirates are all extremely intelligent, treacherous and selfish (especially the captain). The captain always proposes a distribution of the loot. All pirates vote on the proposal, and if half the crew or more go "Aye", the loot is divided as proposed, as no pirate would be willing to take on the captain without superior force on their side. If the captain fails to obtain support of at least half his crew (which includes himself), he faces a mutiny, and all pirates will turn against him and make him walk the plank. The pirates start over again with the next senior pirate as captain. What is the maximum number of coins the captain can keep without risking his life? Send your answers to our comment desk for a chance to win a prize. Winners will be announced in the next connector.
OWASP Global Webinars
In case you've missed any of our past webinars, you can replay them from the OWASP YouTube channel. All of our webinars as well as conference talks and the tutorial series have all been posted. If you have content that should be on the OWASP channel, contact Jonathan Marcil