The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
OWASP .NET Project The OWASP.NET Project is the clearinghouse for all information related to building secure .NET web applications and services. The goal of the project is to provide deep content for all roles related to .NET web applications and services. The focus of the project is on guidance for developers using the framework, OWASP Components that use .NET. The wiki page for the OWASP.NET Project can be found HERE For more information, please contact the Project Leader, Bill Sempf
New OWASP Projects
OWASP Project Metrics The goal of this project is to create an automated tool able to connect to the majority of distributed version control systems (DVCS) and generate data to measure project activity and quality using metrics and standard practices. For more information, please contact the Project Leader, Federico Figus. OWASP iOSForensic iosForensic is a python tool to help in forensics analysis on iOS. It get files, logs, extract sqlite3 databases and uncompress .plist files in xml. For more information, please contact the Project Leader, Florian Pradines. OWASP Secure Development Training Produce an open source training curriculum for secure development training. This training material can be used freely by trainers to be delivered in person and in commercial settings or accessed directly by students in video recorded format. For more information, please contact the Project Leader, Tobias Gondrom. OWASP PHP Security Training Project The goal of this project is to create an interactive training system, consisting of several units, for PHP developers. Every unit is divided in an attack and a defense part. Every unit shall be divided in an attack and a defense part. When working through the attack part, the developers will have to strike against a vulnerable application. Through this, they will learn to think like a hacker. Weaknesses to detect and exploit might be XSS, CSRF or SQL Injection, which are listed in the OWASP top 10. For more information, please contact the Project Leader, Timo Pagel.
Cyber Security Startup Initiative The latest OWASP Global Initiative will be participating in this year's Project Summit at AppSec EU. The aim of the Cyber Security Startup Initiative is to create opportunities for innovation in application security by promoting the creation of open source prototype tools produced by teams looking to form a startup. More information can be found ON THE WIKI PAGE The initiative's Project Summit session will take place on June 24, 2:00pm - 6:00pm. To sign up to take part in the session, sign up to attend HERE Any questions about the initiative can be directed to the initiative leaders: Neill Gernon and Marco Morana. Project Summit 2014 We are just a few weeks away from AppSec EU and the Project Summit. There are some great sessions planned for the two days. The full session schedule can be found HERE. The Project Summit is a fantastic opportunity to workshop your project and gather new volunteers for your project. The Project Summit will be taking place June 23-24 Anglia Ruskin University in Cambridge, UK and is free and open to the Community. You do not need a conference pass to attend the Project Summit. The full conference schedule can be found HERE and you can add Project Summit session to SCHED.org.
Please visit our 2014 Board Elections page for frequent updates. Our Call for Candidates is only open until August 15! Please submit your candidacy here. Once confirmed, the candidates will conduct individual interviews answering questions from the community. Anyone can submit a question(s), vote up or vote down existing questions. The top 5 to 6 questions will then be used for each candidate's interview. If you have a question you would like to submit, please do so here. For a complete Election Time line, Click Here
Bi-Weekly Community Call
Bi-Weekly OWASP Town Hall meetings have been started by Michael Coates. The next one is scheduled for June 17th at 9am Pacific time. If you have any updates or announcements regarding OWASP that you would like to share with the world, please add it to the wiki page The meetings are held using google hangouts and live broadcast. They are always recorded and publicly posted via YouTube This is NOT a slide presentation. Items posted on the wiki will be discussed, and questions will be accepted over twitter or hang out chat.
Call For Volunteers (CFV) for AppSec EU
For just 8 hours of your time and effort, we'll provide you with a full conference pass. We need folks to work registration desk as well as room proctors, speaker liaisons, ticket takers for the conference dinner, and more! Shifts start on Monday for the Trainings and run through Thursday, so there's plenty of opportunity for you to get in your required time and still see the talks you want to attend. Sign Up Today
Just for Fun
Congratulations to Calle Svensson who was the first person to solve last week's challenge: 98 coins Click here to view last issue's puzzle Here is this issue's challenge... The government pays farmers a specific fee for each row of four trees that they plant. An enterprising, but dishonest farmer found a way of planting five rows of four trees using only ten trees. How did he do it? Send your answers to our comment desk for a chance to win a prize. Winners will be announced in the next connector.
On Air Hangout in Spanish
June 26, 2014, 4PM ART (UTC -3) Titulo: "DevOps, continuous deployment, PaaS y... seguridad?" Descripcion: Los equipos de desarrollo aumentan su velocidad utilizando automatización y nuevas metodologías de desarrollo, deployan nuevas versiones de las Web applications de nuestra empresa una o más veces por dia y utilizan nuevas tecnologías como PaaS. ¿Qué puede hacer el área de seguridad informática para reducir el riesgo sin reducir la velocidad de los equipos de desarrollo? Como afrontar estos nuevos desafios?