Monday, November 24, 2014

OWASP Connector November 24

OWASP Global Connector
November 24, 2014 | | | Contact Us | Brought to you by the OWASP Foundation

OWASP Community Manager

Noreen Whysel
Please help us in welcoming the new OWASP Community Manager
Noreen started earlier this month and will be focusing on Community engagement with projects, chapter initiatives and volunteer recruitment.
You can review Noreen's wiki bio HERE

OWASP Bug Week

OWASP Bug Week is coming soon! This week long online competition will kick off December 8th 00:00:01 PST. Find vulnerabilities in the web applications of well known companies through the bug bounty programs hosted on Bugcrowd and win cash bounties! Best bug wins a trip to AppSecUSA or AppSecEU.


Thank you to our New Corporate Members:

  • eLearn Security
  • Trend Micro

Are you Game?

During the 2014 Waspy Award election, the leaders began a discussion focusing on awarding merits and recognizing participation that can be used to award our active leaders for their contributions.
We will be introducing gamification in the new OWASP Portal.
The updated portal will allow peer recognition for industry accomplishments as well as badge recognition for participation in various initiatives, projects, or chapters.
Stay Tuned - More Information on this will be distributed soon!


  • Kanpur - India
  • Patagonia, Argentina - LATAM
  • Northeastern University Student Chapter - North America
CLICK HERE for information on advertising in the next connector

Global AppSec Events in 2014

LATAM Tour 2015
ATTN LATAM Chapter Leaders - The deadline to ensure your as a stop on the tour is November 30, 2014! Please submit your venue confirmation to Laura Grau
EU 2015 thumbnail
AppSec EU/Research 2015 (May 18 - 21, 2015, Amsterdam, NL)

AppSec USA 2015 (September 22 - 25, 2015, San Francisco, CA)

Upcoming Regional Events

OWASP Asia Tour 2014(October 22 - December 19, 2014) 8 stops across Asia
German OWASP Day (December 9, Hamburg, Germany)
OWASP - ISACA Conference (December 11-12, 2014) Rome, Italy
AppSec California (January 26-29, 2015, Santa Monica, CA)
OWASP London Cyber Security Week (January 26-30) London, UK
OWASP New Zeland Day (February 26 - 27) New Zeland
NYC OWASP HACKNYC 2015 (March 18 - 19, 2015, NYC, NY)
LASCON 2015 (October 19 - 22, 2015, Austin, TX)
AppSec Rio de la Plata 2015 November 17-20, 2015) Montevideo, Uruguay

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us
International Conference on Corporate Espionage & Industrial Security (December 1 - 2, 2014) Ottawa, Canada
Suits and Spooks (December 14, 2014) Singapore
ICCS (January 5 - 8, 2015) New York, NY
CodeMash Conference (January 6 - 9, 2015) Sandusky, OH
SC Congress London (March 3, 2015) London, UK
Financial Services Cyber Security Summit, MENA (March 9-10, 2015) Mena, Dubai
Blackhat Asia (March 24-27, 2015) Singapore
Cyber Security Summit Europe (April 14-15, 2015) Prague, Czech Republic
Cloud Security World 2015 (May 19-21, 2015) New Orleans, LA
SC Congress Toronto (June 10 - 12, 2015) Toronto, Canada

OWASP Dependency Check Project Release

OWASP Dependency Check Project

The Dependency Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java and .NET dependencies are supported; however, support for Node.JS, client side JavaScript libraries, etc. is planned. This tool can be part of a solution to the OWASP Top 10 2013 A9 - Using Components with Known Vulnerabilities.
The project team is pleased to announce the release of 1.2.6
Here is a summary of the updates:

  1. Fixed Reported false positives.
  2. The Maven plugin now uses the dependencies GAV as declared in the project/POM being scanned (thanks Erik!).
  3. Resolved issue #156 to ensure consistent results rather then cycling removed and added issues in Jenkins.
  4. The CLI now accepts Ant style paths for the '--scan' argument.
  5. The CLI now accepts an '--exclude' argument that accepts Ant style exclusions.
  6. When using the CLI you can now specify a file name for the output file (as long as the --format is not set to ALL). The file extension must be xml when --format is set to xml or '.htm' or '.html' for either of the HTML formated reports.
  7. The Nexus Analyzer has been disabled and replaced with the Central Analyzer.
  8. Updated the URLs to download the NVD CVE data to use the gzip version. The current URLs can be obtained from the file

OWASP Snakes and Ladders

Having a training session, party or celebration with software developers, or with those learning to code at college, at school or at home? Print out a copy and play the new OWASP board game where application security controls are the virtuous behaviours (ladders), and vulnerabilities are the vices (snakes). Available for web applications in Chinese, Dutch, English, French, German and Spanish. The similar board game for mobile apps is just available in English currently.
To find out more or to download a copy, visit Snakes & Ladders.
You may also contact the project Colin Watson directly.

Social Media

OWASP Foundation Social Media

OWASP YouTube Channel
Google +

No comments: