The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
OWASP Bricks OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP. OWASP Bricks provides a platform for learning web application security and a test bed for analyzing the performance of web application security scanners. For more information, please contact the Project Leader, Abhi Balakrishnan
New OWASP Projects
OWASP Code Pulse 2.0 The OWASP Code Pulse team is proud to announce version 1.0 of their real-time coverage tool! Are you a penetration tester or a user of tools like ZAP? Then we think we have something that is going to make your life as a pen-tester easier. Code Pulse is a real-time code coverage tool that lets you visually see coverage gaps in your testing activity. To find out more about it and to download it please visit Code Pulse For more information, please contact the Project Leader, Hassan Radwan.
Open Source Showcase The AppSec EU Conference Team is happy to announce that there will be ten projects participating in this year's Open Source Showcase at AppSec EU this summer. The Open Source Showcase is an unique event module that allows project leaders and/or project contributors to showcase their work in a demo setting and gain exposure for their projects without to conduct a full session. The Showcase affords a more personal view of project between attendees. Throughout the conference, these project will be demoing at the Open Source Showcase space within the conference venue. Join us at the Open Source Showcase June 23-26. Demo times to be announced closer to the conference. See you in Cambridge! Below is a list of all the participating projects. Bywaf - ByWaf is a web application penetration testing framework (WAPTF). It consists of a command-line interpreter and a set of plugins. OWASP Python Security Project - Python Security aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations. OWASP Ninja PingU Project - is a high performance network scanner tool for large scale analyses. It has been designed with performance as its primary goal and developed as a framework to allow easy plugin integration. OWASP PCI Toolkit - OWASP PCI toolkit is a c# Windows form project, that will help you to scope the PCI-DSS requirements for your System Components. Beta version of this tool will be released May 2014. WPScan - WPScan is a black box WordPress vulnerability scanner. OWASP Hackademic Challenges Project - The Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective. Currently, there are 10 web application security scenarios available. OWASP OWTF - OWASP OWTF is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient. OWASP WTE - The OWASP WTE project is an enhancement of the original OWASP Live CD Project and expands the offering from a static Live CD ISO image to a collection of sub-projects. Its primary goal is to make application security tools and documentation easily available and easy to use. OWASP ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. ThreadFixThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems. Project Summit We are just a little over a month away from AppSec EU and the 2014 Project Summit. So far we have some great projects signed up to participate, but we need more projects participating. The Project Summit is a fantastic opportunity to workshop your project and gather new volunteers for your project. The Project Summit will be taking place June 23-24 Anglia Ruskin University in Cambridge, UK and is free and open to the Community. You do not need a conference pass to attend the Project Summit. Don't have a project? No problem, we can still use your help at the Project Summit. Sign up to participate in the Project Summit by contacting Samantha Groves or Kait disney-Leugers
Thank you to our newest Corporate Member: Moki Mobility
Honorary Membership applications now being accepted. Be sure to review the requirements for Honorary Membership before you submit your form. Deadline for Honorary Membership is September 30, 2014 **Please note: Chapters and Projects MUST be active. Your leadership position MUST be on file prior to September 30, 2014 in order to be eligible for 2014 Honorary Membership. ALL qualified individuals MUST apply for Honorary Membership in order to vote by completing the Honorary Membership Form
Global AppSec Events in 2014
LATAM Tour Wrap Up Congratulations to all of the chapter leaders and organizers who participated in the 2014 LATAM Tour The tour resulted in
LASCON 2014 (October 21 - 24, Austin, TX) Keynotes confirmed include: Kelley Misata (Director Of Outreach and Communications, The Tor Project), Jeff Williams (CTO, Contrast Security), Zane Lackey (Founder/CSO @ signal sciences), Marcus Carey, and Chris Nickerson
Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure. That's what National Cyber Security Awareness Month—observed in October —is all about! Join OWASP on this important effort. To learn more, please visit: Stay Safe Online
Wednesday, May 21st at 10AM EST Join us for this month's OWASP Project Webinar lead by Project Leader Jonathan Carter. Jonathan will be explaining his project OWASP Reverse Engineering and Code Modification Project. OWASP Reverse Engineering and Code Modification Project educates security professionals about the risks of reverse engineering and how to ensure that code cannot be reverse engineered or modified. Register for the 10 am EST Presentation Register for the 9 pm EST Presentation
2014 Global Board of Directors Election
Each year The OWASP Foundation holds its annual Global Board of Directors election. This October, OWASP members will be voting to fill 3 of the 7 seats available. If you are interested in learning more about the election and what the requirements are to run for a seat, please visit our 2014 Board Elections page. Our Call for Candidates is now open! Please submit your candidacy here. Call for Candidates will close August 15, 2014. During the candidates recorded interview, each candidate will be asked a series of questions provided by our OWASP Community. Anyone can submit a question(s), vote up or vote down existing questions. The top 5 to 6 questions will then be used for each candidate's interview. If you have a question you would like to submit, please do so here. Deadline to submit your question is August 25, 2014. For a complete Election Time line, Click Here
Bi-Weekly Community Call
Bi-Weekly OWASP Town Hall meetings have been started by Michael Coates. The next one is scheduled for May 20th at 9am Pacific time. If you have any updates or announcements regarding OWASP that you would like to share with the world, please add it to the wiki page The meetings are held using google hangouts and live broadcast. They are always recorded and publicly posted via YouTube This is NOT a slide presentation. Items posted on the wiki will be discussed, and questions will be accepted over twitter or hang out chat. Check out the updates and announcements from May 6!
OWASP Projects Framework - INPUT REQUESTED
After many discussions over the current OWASP Project Program model, the Board of Directors have agreed to change the direction of OWASP Projects. We would like to give the community an opportunity to voice their opinion, and help us decide how to move projects forward. We want leaders to comment and debate various project program models to help us better serve you, the OWASP community. Please review the project program models
Congratulations to Dusty Evanoff who was the first person to solve last week's challenge: The answer is 100 miles. (Vowels worth 300, consonants worth -100.) Click here to view last issue's puzzle This puzzle is a short but really tricky one. Good Luck From a book, a number of consecutive pages are missing. The sum of the page numbers of these pages is 9808. Which pages are missing? Send your answers to our comment desk for a chance to win a prize. Winners will be announced in the next connector.