Tuesday, May 13, 2014

May 12 OWASP Connector

OWASP Global Connector
May 12, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
owasp projects

Featured OWASP Project

OWASP Bricks
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP. OWASP Bricks provides a platform for learning web application security and a test bed for analyzing the performance of web application security scanners.
For more information, please contact the Project Leader, Abhi Balakrishnan

New OWASP Projects

OWASP Code Pulse 2.0
The OWASP Code Pulse team is proud to announce version 1.0 of their real-time coverage tool! Are you a penetration tester or a user of tools like ZAP? Then we think we have something that is going to make your life as a pen-tester easier. Code Pulse is a real-time code coverage tool that lets you visually see coverage gaps in your testing activity. To find out more about it and to download it please visit Code Pulse
For more information, please contact the Project Leader, Hassan Radwan.

Project Announcements

Open Source Showcase
The AppSec EU Conference Team is happy to announce that there will be ten projects participating in this year's Open Source Showcase at AppSec EU this summer. The Open Source Showcase is an unique event module that allows project leaders and/or project contributors to showcase their work in a demo setting and gain exposure for their projects without to conduct a full session. The Showcase affords a more personal view of project between attendees.
Throughout the conference, these project will be demoing at the Open Source Showcase space within the conference venue. Join us at the Open Source Showcase June 23-26. Demo times to be announced closer to the conference.
See you in Cambridge!
Below is a list of all the participating projects.
Bywaf - ByWaf is a web application penetration testing framework (WAPTF). It consists of a command-line interpreter and a set of plugins.
OWASP Python Security Project - Python Security aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.
OWASP Ninja PingU Project - is a high performance network scanner tool for large scale analyses. It has been designed with performance as its primary goal and developed as a framework to allow easy plugin integration.
OWASP PCI Toolkit - OWASP PCI toolkit is a c# Windows form project, that will help you to scope the PCI-DSS requirements for your System Components. Beta version of this tool will be released May 2014.
WPScan - WPScan is a black box WordPress vulnerability scanner.
OWASP Hackademic Challenges Project - The Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective. Currently, there are 10 web application security scenarios available.
OWASP OWTF - OWASP OWTF is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.
OWASP WTE - The OWASP WTE project is an enhancement of the original OWASP Live CD Project and expands the offering from a static Live CD ISO image to a collection of sub-projects. Its primary goal is to make application security tools and documentation easily available and easy to use.
OWASP ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
ThreadFixThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.
Project Summit
We are just a little over a month away from AppSec EU and the 2014 Project Summit. So far we have some great projects signed up to participate, but we need more projects participating. The Project Summit is a fantastic opportunity to workshop your project and gather new volunteers for your project. The Project Summit will be taking place June 23-24 Anglia Ruskin University in Cambridge, UK and is free and open to the Community. You do not need a conference pass to attend the Project Summit. Don't have a project? No problem, we can still use your help at the Project Summit. Sign up to participate in the Project Summit by contacting Samantha Groves or Kait disney-Leugers

Thank you to our newest Corporate Member: Moki Mobility

Honorary Membership applications now being accepted.
Be sure to review the requirements for Honorary Membership before you submit your form. Deadline for Honorary Membership is September 30, 2014 **Please note: Chapters and Projects MUST be active. Your leadership position MUST be on file prior to September 30, 2014 in order to be eligible for 2014 Honorary Membership. ALL qualified individuals MUST apply for Honorary Membership in order to vote by completing the Honorary Membership Form

Global AppSec Events in 2014

LATAM Tour Wrap Up
Congratulations to all of the chapter leaders and organizers who participated in the 2014 LATAM Tour
The tour resulted in
  • Organized events in 7 countries
  • Over 650 attendees
  • 8 sponsors, and
  • 16 educational and community supporters
AppSec EU 2014 (June 23 - 26, Cambridge, UK)

AppSec USA 2014 (September 16 - 19, Denver, CO)

Upcoming Regional Events

LASCON 2014 (October 21 - 24, Austin, TX)
Keynotes confirmed include: Kelley Misata (Director Of Outreach and Communications, The Tor Project), Jeff Williams (CTO, Contrast Security), Zane Lackey (Founder/CSO @ signal sciences), Marcus Carey, and Chris Nickerson

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
Hacker's IDOL - A Cyber Safety Campaign, April 1-October 17, India.
Information Security Media Group, Inc. Fraud Summit, May 14, Chicago IL, Discount code for OWASP Members: OWASPFraud2014
ISSA-LA Security Summit, May 16, Universal City, CA. OWASP Members receive a 25% discount with the code: Ow@spIssaLA25
Suits & Spooks, June 20-21, NY, NY.
BlackHat August 2-7, Las Vegas, NV. OWASP Members receive $200 off BH briefings with code: owaBR200off.
BSides LV, August 5-6, Las Vegas, NV.
EC-Council TakeDown Con, August 14-19, Huntsville, AL.
EC-Council Hacker Halted, October 12-17, Atlanta, GA.
Suits & Spooks, December 14, Singapore.

National Cyber Security Awareness Month

Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure. That's what National Cyber Security Awareness Month—observed in October —is all about! Join OWASP on this important effort. To learn more, please visit: Stay Safe Online
Social Media

OWASP Foundation Social Media

Google +
webinar globe

OWASP Global Webinar

Wednesday, May 21st at 10AM EST
Join us for this month's OWASP Project Webinar lead by Project Leader Jonathan Carter. Jonathan will be explaining his project OWASP Reverse Engineering and Code Modification Project.
OWASP Reverse Engineering and Code Modification Project educates security professionals about the risks of reverse engineering and how to ensure that code cannot be reverse engineered or modified.
Register for the 10 am EST Presentation

Register for the 9 pm EST Presentation

2014 Global Board of Directors Election

Each year The OWASP Foundation holds its annual Global Board of Directors election. This October, OWASP members will be voting to fill 3 of the 7 seats available. If you are interested in learning more about the election and what the requirements are to run for a seat, please visit our 2014 Board Elections page. Our Call for Candidates is now open! Please submit your candidacy here. Call for Candidates will close August 15, 2014.
During the candidates recorded interview, each candidate will be asked a series of questions provided by our OWASP Community. Anyone can submit a question(s), vote up or vote down existing questions. The top 5 to 6 questions will then be used for each candidate's interview. If you have a question you would like to submit, please do so here. Deadline to submit your question is August 25, 2014.
For a complete Election Time line, Click Here

Bi-Weekly Community Call

Bi-Weekly OWASP Town Hall meetings have been started by Michael Coates. The next one is scheduled for May 20th at 9am Pacific time.
If you have any updates or announcements regarding OWASP that you would like to share with the world, please add it to the wiki page
The meetings are held using google hangouts and live broadcast. They are always recorded and publicly posted via YouTube
This is NOT a slide presentation. Items posted on the wiki will be discussed, and questions will be accepted over twitter or hang out chat.
Check out the updates and announcements from May 6!

OWASP Projects Framework - INPUT REQUESTED

After many discussions over the current OWASP Project Program model, the Board of Directors have agreed to change the direction of OWASP Projects. We would like to give the community an opportunity to voice their opinion, and help us decide how to move projects forward.
We want leaders to comment and debate various project program models to help us better serve you, the OWASP community.
Please review the project program models

2014 OWASP Annual Report is completed

Click here to view the Report

Just for Fun

Congratulations to Dusty Evanoff who was the first person to solve last week's challenge: The answer is 100 miles. (Vowels worth 300, consonants worth -100.)
Click here to view last issue's puzzle
This puzzle is a short but really tricky one. Good Luck
From a book, a number of consecutive pages are missing. The sum of the page numbers of these pages is 9808. Which pages are missing?
Send your answers to our comment desk for a chance to win a prize. Winners will be announced in the next connector.

No comments: