The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Noreen Whysel Please help us in welcoming the new OWASP Community Manager Noreen started earlier this month and will be focusing on Community engagement with projects, chapter initiatives and volunteer recruitment. You can review Noreen's wiki bio HERE
OWASP Bug Week
OWASP Bug Week is coming soon! This week long online competition will kick off December 8th 00:00:01 PST. Find vulnerabilities in the web applications of well known companies through the bug bounty programs hosted on Bugcrowd and win cash bounties! Best bug wins a trip to AppSecUSA or AppSecEU. www.bugcrowd.com/bugbash
Thank you to our New Corporate Members:
Are you Game?
During the 2014 Waspy Award election, the leaders began a discussion focusing on awarding merits and recognizing participation that can be used to award our active leaders for their contributions. We will be introducing gamification in the new OWASP Portal. The updated portal will allow peer recognition for industry accomplishments as well as badge recognition for participation in various initiatives, projects, or chapters. Stay Tuned - More Information on this will be distributed soon!
NEW OWASP CHAPTERS
Kanpur - India
Patagonia, Argentina - LATAM
Northeastern University Student Chapter - North America
CLICK HERE for information on advertising in the next connector
Global AppSec Events in 2014
LATAM Tour 2015 ATTN LATAM Chapter Leaders - The deadline to ensure your as a stop on the tour is November 30, 2014! Please submit your venue confirmation to Laura Grau
Fixed Reported false positives.
The Maven plugin now uses the dependencies GAV as declared in the project/POM being scanned (thanks Erik!).
Resolved issue #156 to ensure consistent results rather then cycling removed and added issues in Jenkins.
The CLI now accepts Ant style paths for the '--scan' argument.
The CLI now accepts an '--exclude' argument that accepts Ant style exclusions.
When using the CLI you can now specify a file name for the output file (as long as the --format is not set to ALL). The file extension must be xml when --format is set to xml or '.htm' or '.html' for either of the HTML formated reports.
The Nexus Analyzer has been disabled and replaced with the Central Analyzer.
Having a training session, party or celebration with software developers, or with those learning to code at college, at school or at home? Print out a copy and play the new OWASP board game where application security controls are the virtuous behaviours (ladders), and vulnerabilities are the vices (snakes). Available for web applications in Chinese, Dutch, English, French, German and Spanish. The similar board game for mobile apps is just available in English currently. To find out more or to download a copy, visit Snakes & Ladders. You may also contact the project Colin Watson directly.