The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
OWASP Cornucopia OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic. The idea behind Cornucopia is to help development teams, especially those using Agile methodologies, to identify application security requirements and develop security-based user stories. For more information, please contact the Project Leader, Colin Watson.
O-Saft Project Graduates to LAB status The O-Saft Project, an exemplary OWASP project has just graduated from incubator to LAB status. O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people. Read more about the O-Saft project on the project wiki page. If you have any questions about the project summit, please contact Jonathan Marcil Mantra OS: Dharma The OWASP Mantra OS Project has just released it's third version, Dharma. OWASP Mantra OS is a secure sandboxed operating system built for application testing and fast secure computing, built on a Ubuntu Core. Check out the Mantra OS project page HERE. The new version can be downloaded via Sourceforge OWASP iGoat 2.2 released The OWASP iGoat project is a security learning tool for iOS developers to learn about security weaknesses in iOS -- by breaking things as well as fixing them. New in 2.2 is a certificate pinning exercise. Download Page OWASP Reverse Engineering and Code Modification Prevention Project Apple's release of the iPhone 6 featuring its support for Near Field Communications (NFC) the release of Android 4.4's host-based card emulator reveal a growing trend towards allowing mobile code to do very sensitive things all within the mobile device.
There are very real risks of moving sensitive transactions to a mobile device. Within mobile environments, developers have no control over who can see their code or what the hacker can do with it.The notion that you should not allow developers to do sensitive things (like financial transactions) in mobile environments just won't cut it anymore. Offline availability requirements and usability requirements are winning over traditional security principles. The good news is that there are ways of doing risky things in these types of uncontrollable environments. The OWASP Reverse Engineering and Code Modification Prevention project is one project that empowers software developers to think about new ways of safely doing sensitive things within mobile environments. View the OWASP Projects Page to find other projects that address mobile security risks.
CLICK HERE for information on advertising in the next connector
Candidate Interviews are available Voting will begin October 13, 2014! Be sure to review the candidate information and interviews before then. OWASP Winter Of Code Sprint Is Underway The first selection stage of the Winter Code Sprint has finished in September and we are proud to announce 10 new university students around the world will work on OWASP projects during this semester while earning university credits. The second and final stage selection is set for 15th October.
OWASP Webcast en Español: Cómo ganar siempre al Poker usando OWASP ZAP Descripción: WebSocket es parte de la iniciativa de HTML5 que define una API que permite a las páginas web, la comunicación full-duplex y bidereccional a través de un solo conector TCP/HTTP para proporcionar una enorme la reducción del tráfico de red. Se analizará este nuevo protocolo y la foma de analizar el tráfico a través del proxy web OWASP ZAP. Orador: Cristian Borghello Time: Monday 6th October at 5pm GMT CLICK HERE for more information.
Just for Fun
This weeks puzzle How many people do you need to have the odds be in favor (at least 50% chance) of two people having the same birthday? Submit your answers here