Tuesday, June 17, 2014

OWASP Global Connector


OWASP Global Connector
June 9, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
owasp projects

Featured OWASP Project

OWASP .NET Project
The OWASP.NET Project is the clearinghouse for all information related to building secure .NET web applications and services. The goal of the project is to provide deep content for all roles related to .NET web applications and services. The focus of the project is on guidance for developers using the framework, OWASP Components that use .NET. The wiki page for the OWASP.NET Project can be found HERE
For more information, please contact the Project Leader, Bill Sempf

New OWASP Projects

OWASP Project Metrics
The goal of this project is to create an automated tool able to connect to the majority of distributed version control systems (DVCS) and generate data to measure project activity and quality using metrics and standard practices. For more information, please contact the Project Leader, Federico Figus.
OWASP iOSForensic
iosForensic is a python tool to help in forensics analysis on iOS. It get files, logs, extract sqlite3 databases and uncompress .plist files in xml. For more information, please contact the Project Leader, Florian Pradines.
OWASP Secure Development Training
Produce an open source training curriculum for secure development training. This training material can be used freely by trainers to be delivered in person and in commercial settings or accessed directly by students in video recorded format. For more information, please contact the Project Leader, Tobias Gondrom.
OWASP PHP Security Training Project
The goal of this project is to create an interactive training system, consisting of several units, for PHP developers. Every unit is divided in an attack and a defense part. Every unit shall be divided in an attack and a defense part. When working through the attack part, the developers will have to strike against a vulnerable application. Through this, they will learn to think like a hacker. Weaknesses to detect and exploit might be XSS, CSRF or SQL Injection, which are listed in the OWASP top 10. For more information, please contact the Project Leader, Timo Pagel.

Project Announcements

Cyber Security Startup Initiative
The latest OWASP Global Initiative will be participating in this year's Project Summit at AppSec EU. The aim of the Cyber Security Startup Initiative is to create opportunities for innovation in application security by promoting the creation of open source prototype tools produced by teams looking to form a startup.
More information can be found ON THE WIKI PAGE
The initiative's Project Summit session will take place on June 24, 2:00pm - 6:00pm. To sign up to take part in the session, sign up to attend HERE
Any questions about the initiative can be directed to the initiative leaders: Neill Gernon and Marco Morana.
Project Summit 2014

We are just a few weeks away from AppSec EU and the Project Summit. There are some great sessions planned for the two days. The full session schedule can be found HERE. The Project Summit is a fantastic opportunity to workshop your project and gather new volunteers for your project. The Project Summit will be taking place June 23-24 Anglia Ruskin University in Cambridge, UK and is free and open to the Community. You do not need a conference pass to attend the Project Summit.
The full conference schedule can be found HERE and you can add Project Summit session to SCHED.org.
Social Media

OWASP Foundation Social Media

LinkedIn
Twitter
Google +
Facebook
Ning
StackOverflow
membership

Thank you to our recently renewed Corporate Members:

  • Cloud Passage
  • Imperva, and
  • Protiviti
Honorary Membership applications now being accepted.
CLICK HERE to find out if you qualify for Honorary Membership Deadline to submit your application is September 30, 2014.
.
conferences

Global AppSec Events in 2014

AppSec Eurpoe 2014 (June 23 - 26, Cambridge, UK)

  • Keynotes announced! Lorenzo Cavallaro, Tobias Gondrom, Dr. Steven J. Murdoch, Wendy Seltzer, and Jacob West - see the entire schedule HERE
  • Get all the details on the speakers, the training, and activities HERE
  • This is the last week to register for the event.Register Here
AppSec USA 2014 (September 16 - 19, Denver, CO)

Upcoming Regional Events

OWASP Korea Day 2014 Workshop (June 17, 2014, Seoul, South Korea)
LASCON 2014 (October 21 - 24, Austin, TX)

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
Condition Zebra InfoRisk 360 (June 17-19)
Suits & Spooks (June 20-21, 2014) NY, NY.
Secure Asia 2014, (July 23-24), Bejing, China.
BlackHat (August 2-7), Las Vegas, NV. OWASP Members receive $200 off BH briefings with code: owaBR200off.
BSides LV, (August 5-6), Las Vegas, NV.
EC-Council TakeDown Con, (August 14-19), Huntsville, AL.
Fraud Summit Toronto, (Sept 8, 2014) Toronto, Canada.
(ISC)2 Security Congress, (Sept 22 - Oct 2), Today's employers are seeking software developers that have the knowledge and expertise to build secure, hacker-resistant software. Do you have what it takes? Prove it with a Certified Secure Software Lifecycle Professional (CSSLP®) certification from (ISC)2 . Validate your competence in secure software development in new and evolving environments, including the cloud, mobile and more. Watch the CSSLP webcast series to get started. Atlanta, GA.
EC-Council Hacker Halted(October 12-17, 2014) Atlanta, GA
ISSA International Conference (October 22-23), 2014, Orlando, FL

Suits & Spooks, (December 14), Singapore.
conferences
communication

2014 WASPY (Web Application Security People of the Year)

Call for Nominees is NOW OPEN!

The third annual WASPY awards is now taking nominations in the categories listed below. This is YOUR opportunity to recognize another in our community for their outstanding efforts.

  • Best Chapter Leader
  • Best Project Leader
  • Best Mission Outreach
  • Best New Community Supporter "Rookie of the Year"
  • Best Platform Supporter
Submit your nominationsHERE

2014 Global Board of Directors Election


Please visit our 2014 Board Elections page for frequent updates. Our Call for Candidates is only open until August 15! Please submit your candidacy here.
Once confirmed, the candidates will conduct individual interviews answering questions from the community. Anyone can submit a question(s), vote up or vote down existing questions. The top 5 to 6 questions will then be used for each candidate's interview. If you have a question you would like to submit, please do so here.
For a complete Election Time line, Click Here

Bi-Weekly Community Call

Bi-Weekly OWASP Town Hall meetings have been started by Michael Coates. The next one is scheduled for June 17th at 9am Pacific time. If you have any updates or announcements regarding OWASP that you would like to share with the world, please add it to the wiki page The meetings are held using google hangouts and live broadcast. They are always recorded and publicly posted via YouTube This is NOT a slide presentation. Items posted on the wiki will be discussed, and questions will be accepted over twitter or hang out chat.

Call For Volunteers (CFV) for AppSec EU

For just 8 hours of your time and effort, we'll provide you with a full conference pass. We need folks to work registration desk as well as room proctors, speaker liaisons, ticket takers for the conference dinner, and more! Shifts start on Monday for the Trainings and run through Thursday, so there's plenty of opportunity for you to get in your required time and still see the talks you want to attend.
Sign Up Today

Just for Fun

Congratulations to Calle Svensson who was the first person to solve last week's challenge: 98 coins
Click here to view last issue's puzzle
Here is this issue's challenge...
The government pays farmers a specific fee for each row of four trees that they plant. An enterprising, but dishonest farmer found a way of planting five rows of four trees using only ten trees. How did he do it?
Send your answers to our comment desk for a chance to win a prize. Winners will be announced in the next connector.

On Air Hangout in Spanish

June 26, 2014, 4PM ART (UTC -3)
Titulo: "DevOps, continuous deployment, PaaS y... seguridad?"
Descripcion: Los equipos de desarrollo aumentan su velocidad utilizando automatización y nuevas metodologías de desarrollo, deployan nuevas versiones de las Web applications de nuestra empresa una o más veces por dia y utilizan nuevas tecnologías como PaaS. ¿Qué puede hacer el área de seguridad informática para reducir el riesgo sin reducir la velocidad de los equipos de desarrollo? Como afrontar estos nuevos desafios?
conferences



No comments: