Monday, June 30, 2014
TODAY is the DEADLINE to submit your NOMINEES for the WASPY AWARDS!! https://www.owasp.org/index.php/WASPY_Awards_2014
Sunday, June 29, 2014
WASPY Awards Nominee Deadline is Tomorrow!
Tomorrow is the LAST DAY to submit your nominee(s) for the 2014 WASPY Awards. https://www.owasp.org/index.php/WASPY_Awards_2014
Thursday, June 26, 2014
Important Deadlines Are Rapidly Approaching!
Board Members, Chapter and Project Leaders,
I am sure you all know at least one person who contributes and does
amazing things for OWASP, yet flies under the radar. This is the perfect
time to nominate them for the WASPY Awards so they receive the global
recognition and thanks they deserve.
ALL nominees for the WASPY Awards need
ALL nominees for the WASPY Awards need
to be submitted no later than EOD June 30
. To learn more and to submit your nominees please see
WASPY Awards. We are also looking for companies to sponsor these awards. If you are interested in sponsoring please let us know!
Board of Elections candidates need to submit their candidacy by August 15!
Honorary Membership closes September 30! To see if you qualify and to request Honorary Membership please refer to our Board Election page.
Regards,
--
Kelly Santalucia
Membership and Business Liaison
OWASP Foundation
1200-C Agora Drive, #232
Bel Air, MD 21014
USA
Direct: 1+ 973-670-5784
Fax: 1+ 443-283-4021
Skype: kelly.santalucia
Tuesday, June 24, 2014
AppSecEU 2014 live streaming
OWASP AppSec Europe 2014 will be presenting six (6) tracks of live content directly from the conference's main rooms. Event will start on June 25 and June 26 at 9:15AM GMT+1. And if you miss it, keep calm and watch later on since all the recorded content will be available into the following playlist:
Check out the official OWASP YouTube channel for live events notifications
This has been made possible by the AppSecEU 2014 Conference Team,
OWASP Media Project and Münster University of Applied Sciences IT Security Lab.
Labels: appsec europe, videos
Monday, June 23, 2014
2014 Global Board of Directors Election
2014 Global Board of Directors Election
You have until August 15, 2014 to submit your candidacy. To learn more please visit https://www.owasp.org/index.php/2014_Board_Elections#Election_Timeline
Honorary Membership - To see if you qualify please visit our Election page and submit your request NOW! Honorary Membership will close on September 30, 2014.
OWASP WASPY Awards
Nominations close June 30. Submit your nominee NOW!
https://www.owasp.org/index.php/WASPY_Awards_2014
Thursday, June 19, 2014
Code Review Guide Summit Session at AppSecEU
Join us at the Code Review Guide code collection summit session at AppSecEU, on Monday 23rd June at 2pm.
During
the session we aim to create a gathering of software developers sharing
good and bad coding examples, with the goal of educating everyone
reading the code review guide on what to do (and what not to do) when
coding web sites.
In the session we will be looking for code examples on topics such as:
Authentication
Authorization
SSL/TLS Implementations
JSON
HTTP headers
SQL Injection
Secure communications
Frameworks (Spring, Struts, Drupal, Ruby on Rails, Django, etc)
See the flyer for more information on the session, and come along to share ideas,
(Posted on behalf of Gary Robinson, co-leader for the OWASP Code Review Guide v2.0)
Tuesday, June 17, 2014
OWASP Global Connector
|
OWASP Cornucopia Project
The OWASP Cornucopia project has been shortlisted for an award in a competition run by the .UK registrar.
What is the OWASP Cornucopia Project?
OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic.
The idea behind Cornucopia is to help development teams, especially those using Agile methodologies, to identify application security requirements and develop security-based user stories. Although the idea had been waiting for enough time to progress it, the final motivation came when SAFECode published its Practical Security Stories and Security Tasks for Agile Development Environments in July 2012.
Further details on the project's mailing list:
http://lists.owasp.org/
This is quite local (national) publicity, but does increase OWASP's profile, especially within the UK government.
Thank you to all the project's volunteers. Please join the project's mailing list to keep updated with news, to provide feedback, or to help in other ways:
https://lists.owasp.org/
Many thanks to everyone involved and also the project leader, Colin Watson
Thursday, June 12, 2014
OWASP - What's Next - Community Discussion
Sarah Baso has been an amazing addition to the OWASP community and helped us advance our mission through her role as Executive Director. She's recently announced that she'll be stepping down in August. We wanted to provide additional information on what's next for OWASP.
OWASP Community,
Many thanks again to Sarah for her time and dedication to OWASP. Sarah and the entire operations team has made tremendous strides for OWASP over the years. We’re sad to see Sarah go, but at the same time we feel very happy for her and the exciting events in her future.
While OWASP is made up of many great individuals, we are more than just a collection of individuals. Focused on the mission, we donate countless hours in our volunteer efforts just to make the world a better place. For us at OWASP we pursue this through advancing and bringing awareness to application security.
As we’ve seen over the past week there are many changes at OWASP. This is a natural evolution of an organization and also an opportunity for new leaders to step forward.
What’s next? With every transition we have the opportunity to pause and ask, “what should we do to move forward?” Sometimes this is to continue along the same path as before. Other times it is to shift into a new direction. There are several changes happening here at OWASP and we should evaluate what move is best for our growing community. This could be a straight backfill or this could be something new. As a community, let’s have that discussion.
A few specific items:
Open
There are many different paths forward for OWASP. As a community let’s determine where we want to go. The discussion and process will be open to all. Though we may have different ideas ultimately the community as a whole will reach a path forward and we can all rally around the next steps.
Focus on Community
We must continue to look at how we advance OWASP to empower community. OWASP is a unique organization and we need to build structures that are cognizant of our volunteers and their contributions, and also work in the distributed world wide organization that we are. This is more than just talk too. We need to address the hard questions so we can build a well functioning system that is exciting and welcoming for our community.
Two areas are already under discussion and I encourage you all to get involved, committees 2.0 and the upcoming board elections.
The business side of OWASP
The business side of OWASP is no small task. We have legal entities in US and Europe, income from events around the world, tax and legal obligations and more. In the interim we will be hiring a third party firm that specializes in the business operations of non-profits. This will enable OWASP to focus on what we do best, application security. In addition, the third party will also ensure the business side of the house is in order. This is a short term engagement that will be re-evaluated as part of our larger discussion.
OWASP Operations Team
The operations team works tirelessly to advance OWASP. We are truly grateful for their efforts. The business group mentioned above will augment our operations team. Every member of the operations team plays a critical role and we need them to be able to focus on their areas of expertise.
Although things will be changing in some areas of OWASP as we all evaluate the best structure, it is still crucial to provide a single point of contact for the operations team. In the interim the operations team will report directly to the chairman of the board, Michael Coates.
Continuing the conversation
This is only the beginning of the conversation. Here are several ways to continue sharing ideas.
1. Open Town Hall
A google hangout is scheduled for next week at Monday, June 16, 7am Pacific (hangout link & world time conversions). The call will be recorded and streamed live. You can join the call in real time or submit your questions ahead of time via google moderator.
2. Google Moderator
Have an idea to share? Want to dive into a different proposal? Use the google moderator to have a free form conversation with just enough structure in the tool so good ideas can rise up.
3. Mailing lists
The age old mailing lists (the OWASP leaders list and the OWASP community list) are still there and will of course be used. But, sometimes good ideas get lost here in long threads. So please consider capturing important items within google moderator too.
4. Run for the board
Change can sometimes feel a bit uncomfortable, but at the same time it can be a great opportunity. Let’s embrace this opportunity to develop the future of OWASP together.
We are wishing our Sarah all the best for the future and looking forward to all of your feedback, ideas, and energy that made OWASP the great organization it is today and which will lead OWASP into the future.
- The OWASP Board
Michael Coates,
Tom Brennan,
Josh Sokol,
Tobias Gondrom,
Fabio Cerullo,
Eoin Keary,
Jim Manico
OWASP Executive Director Update
Dear OWASP Community Members,
On Friday May 23, 2014, I gave notice to the Board of Directors that I will be resigning as Executive Director of OWASP. As some of you already know, I am pregnant with my first child and, now, have decided to take this opportunity to stay at home with the baby after she is born in late August. This has been a difficult and bittersweet decision, as I am sad to leave OWASP but very excited for this new chapter in my life full of its own challenges and experiences.
In the past three and a half years since I started working with the OWASP community on the 2011 Global Summit, I have had the great fortune of working with many volunteers around the world both virtually and in person. I will treasure that work and all of the efforts and enthusiasm I have experienced first hand in the community. Thank you to each and every one of you for your continued contributions to support OWASP as an organization and, most importantly, for your hard work improving the security of software.
The Board will be following up shortly with the community to provide more details on next steps for OWASP. I plan to continue working to support the ongoing efforts and initiatives of the Foundation over the next couple of months, enabling a smooth transition of my responsibilities upon my departure in August.
As we work through this transition, if you have questions and comments I encourage you to share them with me, the Board of Directors, and other community leaders via the owasp-leaders and owasp-community mailing lists.
Sincerely,
Sarah Baso
Executive Director
OWASP Foundation
OWASP Foundation
AppSec EU Call for Volunteers is now OPEN!!
It's that time! The Call For Volunteers (CFV) for AppSec EU is now live! For just 8 hours of your time and effort, we'll provide you with a full conference pass (£500.00). We need folks to work registration desk as well as room proctors, speaker liaisons, ticket takers for the conference dinner, and more! Shifts start on Monday for the Trainings and run through Thursday, so there's plenty of opportunity for you to get in your required time and still see the talks you want to attend.
Sign up today! https://docs.google.com/forms/ d/1ZoM34- yIqRb9WaninluuHZzx2pb1kmzLbrML ic4BXNw/viewform?usp=send_form
We hope to see you in Cambridge at AppSec EU 2014. Cheers!
Friday, June 6, 2014
OWASP Honorary Membership
Don't wait! Submit you application for Honorary Membership NOW!! To find out if you qualify visit https://www.owasp.org/index.php/2014_Board_Elections#Honorary_Membership
Applications for Board Candidates
Board Candidate applications are still being accepted! To learn more or to submit your candidacy visit
https://www.owasp.org/index.php/2014_Board_Elections
https://www.owasp.org/index.php/2014_Board_Elections
Wednesday, June 4, 2014
The call for presentations (CFP) is currently closed. Review your submitted talks here.
Dates and deadlines
- April 27th, 2014: Submission deadline
May 30th, 2014: Notification of acceptance- June 13th, 2014: Notification of acceptance (our apologies for the delay)
- August 4th, 2014: Final materials due for review
- September 18th – 19th, 2014: Conference proceedings
Visit the main conference site for additional information about AppSec USA.
Tuesday, June 3, 2014
OWASP Project Manager - Resignation
OWASP Community Members -
Our Program Manager for OWASP Projects, Samantha Groves, shared with us on May 27, 2014, that she would be leaving the OWASP Foundation. Samantha’s last day with the Foundation will be Tuesday, June 10, 2014.
Samantha has been an amazing employee, relentless in supporting the Foundation, providing a platform for community decisions and collaboration. She has had a tremendous workload, which includes support of more than 150 active projects, responding to a constant influx of inquiries from project leaders asking for help with mediawiki templates, new project requests, and general advice on how to proceed with anything OWASP. Additionally, she has oversight of our project related grants and google ad-words account, manages a project intern and a graphic designer, and facilitates platforms for project related initiatives such as the current project task force. Last but not least Samantha has taken on the monumentally time consuming task of ensuring OWASP Projects not only have a presence at the Global AppSec conferences, but play an active role in engaging the community to learn and get involved in the projects. This includes project modules such as the open source showcase, project track (project talks), project leader workshop, and project summit.
Samantha will be sorely missed by me and the rest of the staff, and surely many people in the community.
On behalf of the Foundation, thank you Samantha for all you have done for us to support the mission and the community. We wish you all the best in your future endeavors.
Best Regards,
Sarah Baso
Executive Director
OWASP Foundation
###########################
For those of you who missed it, here is Samantha's email to OWASP Leader's from earlier today:
Dear OWASP Leaders,
I am writing to inform you that I have resigned my post, and I will be concluding my staff work with OWASP on Tuesday, June 10th, 2014. My original last day was meant to be August 8th, 2014, but circumstances have changed and I have had to depart sooner.
I feel sad to leave OWASP as this is one of the best communities I have ever had the pleasure of working with. I consider many of you, family, and I am truly sad to be leaving.
I am confident that this is the best decision for me, and I wish you all the best of luck. If you need me, you know where to find me. :-)
Thank you for the opportunity to get to know you. Keep being amazing! :-)
Best Regards,
Samantha Groves
Monday, June 2, 2014
OWASP Flagship Project Announcement
OWASP Community,
On April 30 2014, the OWASP Board voted to change all projects with Flagship Status to Labs status. This message is intended to explain why we did this and what the future of OWASP projects and project evaluation is.
It's critical that the OWASP Foundation is sincere about the classification of our project inventory. Our "customers" depend upon these projects to provide a wide variety of critical security services. These include discovery of security vulnerabilities, cryptographic services, developer security education and a number of critical security controls. Some OWASP projects are used in the very heart of our customers infrastructure!
Our current methodology of project classification is based on three categories: Incubator Projects, Labs Projects and Flagship Projects. Let's take a moment to explore what these categories mean as they stand today.
OWASP Incubator Projects are "proofs of concept, experimental, and classified as prototypes" in their current state.
OWASP Labs Projects represent projects that have produced a deliverable of significant value but are not guaranteed to be production ready.
OWASP Flagship Projects clearly denote production quality projects that organizations can trust and depend on.
Evaluating almost 200 projects is no small task. The OWASP project list has not changed much over the last 2 years. Unfortunately, some of our flagship projects have not been active and have languished to a point where flagship status may not be appropriate. Also, as OWASP continues to mature its project management and review capabilities, these categories may go away.
In an effort to present a more accurate and up-to-date status of OWASP projects, the OWASP Board has voted to reduce all Flagships projects to LABS status and will require projects to go through an evaluation process in order to be deemed flagship once again. This message states that current flagship projects are still important projects that deliver significant value, but may not be production ready or up to date.
OWASP is in the midst of building a new project review infrastructure and the processes to go with that. Our new project review mechanism is not finalized yet, but members of the OWASP Community are working to build that new strategy. But we need to realize that while many of our projects are great ideas, not all of them are "production quality projects". Please look for a proposal with options for comment and a community vote in the upcoming days.
We know this may upset some in our community, but we want to emphasize that we felt that several OWASP Flagship projects (which are of great value) were languishing in a variety of ways. Our goal was to present OWASP projects in a more honest light. OWASP Labs status again denotes great value.
Thanks you for your consideration over this matter. We are eager to hear any feedback from the community to help make OWASP projects better in the future.
Regards,
The OWASP Board and Staff
On April 30 2014, the OWASP Board voted to change all projects with Flagship Status to Labs status. This message is intended to explain why we did this and what the future of OWASP projects and project evaluation is.
It's critical that the OWASP Foundation is sincere about the classification of our project inventory. Our "customers" depend upon these projects to provide a wide variety of critical security services. These include discovery of security vulnerabilities, cryptographic services, developer security education and a number of critical security controls. Some OWASP projects are used in the very heart of our customers infrastructure!
Our current methodology of project classification is based on three categories: Incubator Projects, Labs Projects and Flagship Projects. Let's take a moment to explore what these categories mean as they stand today.
OWASP Incubator Projects are "proofs of concept, experimental, and classified as prototypes" in their current state.
OWASP Labs Projects represent projects that have produced a deliverable of significant value but are not guaranteed to be production ready.
OWASP Flagship Projects clearly denote production quality projects that organizations can trust and depend on.
Evaluating almost 200 projects is no small task. The OWASP project list has not changed much over the last 2 years. Unfortunately, some of our flagship projects have not been active and have languished to a point where flagship status may not be appropriate. Also, as OWASP continues to mature its project management and review capabilities, these categories may go away.
In an effort to present a more accurate and up-to-date status of OWASP projects, the OWASP Board has voted to reduce all Flagships projects to LABS status and will require projects to go through an evaluation process in order to be deemed flagship once again. This message states that current flagship projects are still important projects that deliver significant value, but may not be production ready or up to date.
OWASP is in the midst of building a new project review infrastructure and the processes to go with that. Our new project review mechanism is not finalized yet, but members of the OWASP Community are working to build that new strategy. But we need to realize that while many of our projects are great ideas, not all of them are "production quality projects". Please look for a proposal with options for comment and a community vote in the upcoming days.
We know this may upset some in our community, but we want to emphasize that we felt that several OWASP Flagship projects (which are of great value) were languishing in a variety of ways. Our goal was to present OWASP projects in a more honest light. OWASP Labs status again denotes great value.
Thanks you for your consideration over this matter. We are eager to hear any feedback from the community to help make OWASP projects better in the future.
Regards,
The OWASP Board and Staff
Hi all,
AppSecEU 2014 is approaching quickly and we have lots of great speakers and exciting presentations and trainings for you.
Your opportunity to discuss with the best in our field, hear the latest security tech presentations and learn and have a lot of fun.
This year AppSecEU will be in Cambridge, just a short 1-hour train ride from London.
We got a great venue at Anglia Ruskin University’s Cambridge campus and will on June-25 have a stylish conference dinner in the Victorian Gothic style Great Hall at Homerton College. An evening event not to miss. :-)
AppSecEU 2014
Date: June 23-26
Venue: Cambridge, Anglia Ruskin University
Program:
Conference (June-25/26)
The main conference will be on June 25th and 26th with lots of amazing keynote speakers flying in, and tech talks about the latest on mobile security, hacking web applications and how to defend them, to management topics like lots of best practices and stuff that works. And while there, you'll have the opportunity to meet and discuss with your peers and industry experts and also visit tables from our sponsors in the hallway, who will show their latest tools and products at the exhibition hall.
Trainings (June-23/24)
Before that on June-23th and 24th we have 1- and 2-day training classes and bootcamps where you can dive deep into the technical problems and learn from the leading experts in the field (and see how deep the rabbit hole goes). The classes will be about mobile app security, injection flaws, WebHacking, defensive programming and writing secure code, up to management trainings about openSAMM and a CISO training about managing application security for senior managers.
Here the link to the conference page:
https://2014.appsec.eu
And for your registration:
https://2014.appsec.eu/
(For your convenience, we also secured a block of very affordable rooms close to the venue - but better book quickly as they go fast.)
Please spread the word among your colleagues and friends and looking forward to seeing you all end of June in Cambridge!
Cheers,
Tobias Gondrom
OWASP Global Board Member