Wednesday, October 1, 2014

OWASP Foundation Global Connector

OWASP Global Connector
October 1, 2014 | | | Contact Us | Brought to you by the OWASP Foundation
owasp projects

Featured OWASP Project

OWASP Cornucopia
OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic. The idea behind Cornucopia is to help development teams, especially those using Agile methodologies, to identify application security requirements and develop security-based user stories.
For more information, please contact the Project Leader, Colin Watson.

Project Announcements

O-Saft Project Graduates to LAB status
The O-Saft Project, an exemplary OWASP project has just graduated from incubator to LAB status. O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.
It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people. Read more about the O-Saft project on the project wiki page.
If you have any questions about the project summit, please contact Jonathan Marcil
Mantra OS: Dharma

The OWASP Mantra OS Project has just released it's third version, Dharma. OWASP Mantra OS is a secure sandboxed operating system built for application testing and fast secure computing, built on a Ubuntu Core. Check out the Mantra OS project page HERE.
The new version can be downloaded via Sourceforge
OWASP iGoat 2.2 released
The OWASP iGoat project is a security learning tool for iOS developers to learn about security weaknesses in iOS -- by breaking things as well as fixing them. New in 2.2 is a certificate pinning exercise.
Download Page
OWASP Reverse Engineering and Code Modification Prevention Project
Apple's release of the iPhone 6 featuring its support for Near Field Communications (NFC) the release of Android 4.4's host-based card emulator reveal a growing trend towards allowing mobile code to do very sensitive things all within the mobile device.

There are very real risks of moving sensitive transactions to a mobile device. Within mobile environments, developers have no control over who can see their code or what the hacker can do with it.
The notion that you should not allow developers to do sensitive things (like financial transactions) in mobile environments just won't cut it anymore. Offline availability requirements and usability requirements are winning over traditional security principles. The good news is that there are ways of doing risky things in these types of uncontrollable environments. The OWASP Reverse Engineering and Code Modification Prevention project is one project that empowers software developers to think about new ways of safely doing sensitive things within mobile environments.
View the OWASP Projects Page to find other projects that address mobile security risks.
CLICK HERE for information on advertising in the next connector

Thank you to our new Corporate Member:

  • NetSuite, Inc.

Global AppSec Events in 2014

europe 2015AppSec EU/Research 2015 (May 18 - 21, 2015, Amsterdam, NL)
CALL FOR PAPERS IS NOW OPEN - Submission Deadline is December 31, 2014

Upcoming Regional Events

Boston Application Security Conference (BASC) (October 18, 2014, Cambridge, MA)

OWASP Romania InfoSec Conference 2014 (October 24, Bucharest, Romania)
Ghana Cybersecurity 2014 (December 10, Acra, Ghana)
German OWASP Day (December 9, Hamburg, Germany)
AppSec California (January 26-29, 2015, Santa Monica, CA)

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
3rd International Conference on Forensic Research & Technology(October 6-8, 2014) San Antonio, TX
BSides Colombia(October 8-10, 2014) Bogota, Colombia
EC-Council Hacker Halted(October 12-17, 2014) Atlanta, GA
BlackHat Europe(October 14-17, 2014) Amsterdam,, The Netherlands
Fraud Summit - New York(October 21, 2014) New York, NY
Global APT Defense Summit(October 22, 2014) New York, NY
ISSA International Conference (October 22-23), 2014, Orlando, FL
SECUREAMSTERDAM 2014, (Nov 6), Amsterdam, NE
3rd Annual CISO Asia Summit & Roundtable(November 5-7) Singapore
Fraud Summit - Orlando, (November 6) Orlando, FL
Fraud Summit - Dallas, (December 18) Dallas, TX
Suits & Spooks, (December 14), Singapore.
ICCS(January 5-8, 2015) New York, NY
Social Media

OWASP Foundation Social Media

OWASP YouTube Channel
Google +

2014 Global Board of Directors Election

Candidate Interviews are available
Voting will begin October 13, 2014! Be sure to review the candidate information and interviews before then.
winter of codeOWASP Winter Of Code Sprint Is Underway
The first selection stage of the Winter Code Sprint has finished in September and we are proud to announce 10 new university students around the world will work on OWASP projects during this semester while earning university credits. The second and final stage selection is set for 15th October.


OWASP en Español

OWASP Webcast en Español: Cómo ganar siempre al Poker usando OWASP ZAP
Descripción: WebSocket es parte de la iniciativa de HTML5 que define una API que permite a las páginas web, la comunicación full-duplex y bidereccional a través de un solo conector TCP/HTTP para proporcionar una enorme la reducción del tráfico de red. Se analizará este nuevo protocolo y la foma de analizar el tráfico a través del proxy web OWASP ZAP.
Orador: Cristian Borghello
Time: Monday 6th October at 5pm GMT
CLICK HERE for more information.

Just for Fun

This weeks puzzle
How many people do you need to have the odds be in favor (at least 50% chance) of two people having the same birthday?
Submit your answers here


  • Belfast, Ireland - Europe
  • State College, PA - North America


  • Sacramento, CA - North America
  • Birmingham, AL - North America

No comments: