Wednesday, December 30, 2015

December 2015 Connector

OWASP Global Connector
December 30, 2015 | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
Communications

OWASP 2015 - A Year of Milestone Achievements

OWASP in the News

OWASP Podcasts

projects

Project Updates

Call for ASVS Translators

Conference

Global AppSec Events

Local and Regional Events

Partner and Promotional Events

chapters

New OWASP Chapters

Chapter Restarts

Chapter Transitions

New Student Chapters

New Academic Supporters

Chapter Activities

membership

Contributing Corporate Members

Social Media

OWASP Foundation Social Media


Communications

OWASP 2015 - A Year of Milestone Achievements

Sometimes an open source, community driven, volunteer resourced group like OWASP feels like a bunch of individuals, all working separately without a great deal of coordination. BUT, then the magic of the OWASP curiosity, innovation and 'team-work' kick in, and great things happen. Did you know that OWASP Achieved the following milestones in 2015?


  • Held 2 of our most successful Global AppSec Events ever with record breaking attendance in both Amsterdam & San Francisco.
     
  • Held 2 Project Summits during AppSec 2015 that allowed 100's to jump in with 'hands-on' work on a variety of OWASP Projects.
     
  • Reached a new Individual Membership high of over 2,500 voting members who contributed to the OWASP Foundation.
     
  • Grew our Chapters significantly in 2015 including new chapters in India, Africa, Asia and eastern Europe.
     
  • Produced some major public releases of new Project content including Security Shephard v3.0, Application Verification Standard, Mobile Security, and Seraphimdroid v2.0 to name just a few!
     
  • Increased funding support for our Chapters & Projects with the hiring of a Full-Time Project Coordinator, as well a new policy on providing 'seed-money' funding to all Projects & Chapters that qualify.
There are so many more achievements in 2015 and all can be found in back issues of our OWASP NewsFlash & Connector newsletters.
On behalf of the entire Operations team, we look forward to making 2016 an exciting and productive year for OWASP.

Best Regards, Paul Ritchie
OWASP Executive Director
paul.ritchie@owasp.org

OWASP in the NEWS!

Hacker Earns 50k Miles by Exposing Vulnerability in United Airlines Website - HackRead.com

OWASP Proactive Tips for Coding Securely - DZone.com.

Toolswatch '2015 Best Security Tool' survey: Please vote for your favorite OWASP security tools! - Toolswatch.com

OWASP Podcasts

OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.

Mark Miller - OWASP 24/7 Podcast Series

projects

Project Updates

Claudia Aviles-Casanovas, our Projects Coordinator, has shared her latest Project Task Force Update. The task force is still seeking volunteers to review the OWASP SeraphimDroid Project:

https://docs.google.com/a/owasp.org/presentation/d/10zCyCtcJbU9Gf4TdQ4GKJG7vvfbhb_Lhk1rt6PW7S3M/edit?usp=sharing
Maura Van Der Linden has been contracted by Simon Bennetts to help with the new intro document to get users who are new to pen testing started in ZAP.

Thank you to Gabriel Gumbs for the donation: https://www.owasp.org/index.php/OWASP_Application_Security_Program_Quick_Start_Guide_Project

For anyone who wants to help with our Free Training initiative, Gabriel personally welcomes more contributions. Visit: https://www.owasp.org/index.php/Education/Free_Training

Call for Translators

Andrew van der Stock has issued a call for translations for the ASVS project! https://github.com/OWASP/ASVS

As such, we've committed v3.0.1 into GitHub and uploaded it to Crowd In: https://crowdin.com/project/owasp-asvs/

You don't HAVE to use Crowd In, but it would be nice to indicate to other native speakers of your language that you are willing to work together. This is a 70 page document, and in all honesty, will take a dedicated person a week or more to translate, so please please please work together rather than apart. You have full access to the original document and the original images.

In the next month or so, Andrew would like to close out all the issues logged in GitHub, so he will give active translators a heads up of any changes to the master document, so again, a good reason to use Crowd In so we know who you are.

If there are any incomprehensible English idiom or phrases in there, please don't hesitate to ask for clarification, because if it's hard to translate, it's almost certainly wrong in English as well. You can reach Andrew at vanderaj@owasp.org

Conference

Global AppSec Events


OWASP AppSecEU - CALL for PAPERS

Don't miss the opportunity to present your Paper!
27 June - 1 July 2016


The next OWASP AppSecEU (http://2016.appsec.eu/) will take place at the Marriott Park Hotel in Rome, Italy.

The Open Web Application Security Project is an open-source project for application security.
Don't miss the opportunity to share and discuss your ideas and knowledge with other experts and practitioners. Present your paper now!!

Spread the knowledge of this big opportunity within your chapter and push towards Universities, Research Centers, Industries, asking to present papers in order to make this conference a unique one!!

Topics of interest include, but are not limited to:
  • Novel web vulnerabilities and countermeasures
  • New technologies, paradigms, tools
  • OWASP tools or projects in practice
  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Browser security
  • Mobile security and security for the mobile web
  • REST/SOAP security
  • Security of frameworks
  • Large-scale security assessments of web applications and services
  • Privacy risks in the web and the cloud
  • Management topics in Application Security: Business Risks, Awareness Programs, Project Management, Managing SDLC
To submit a proposal use EasyChair.

The program committee will review your submission based on a descriptive abstract of your intended presentation. Feel free to attach a preliminary version of your presentation if available, or any other supporting materials. Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly as accepted abstract and bio submitted will be published 1:1 on our site. If your presentation is accepted for inclusion in the conference program, you are free to submit a white paper describing your work, which will be added to the website.

Important dates:
  • Submission deadline: January 15th, 2016
  • Notification of acceptance: February 29th, 2016
  • Conference date: June 30th - July 1st, 2016
Call for Training:
https://2016.appsec.eu/important-dates/call-for-training


Call for Presentation:
https://2016.appsec.eu/important-dates/call-for-papers


Sponsorship Document:
http://2016.appsec.eu/wp-content/uploads/2015/10/AppSecEU-2016-Rome-Sponsorship-Document.pdf


Regarding sponsorship, please let us know if you are interested in one of the options because we have already received several requests and we would like to sign all the contracts as soon as possible (within 31 Dec. 2015).

Other Global AppSec Events

We are still accepting sponsorships for AppSec Cali 2016 to be held in Santa Monica, California on January 25-27, 2016. Visit the website for details.

AppSecUSA 2016 will be held on 11-14 October 2016 in Washington DC. Mark your calendars!

Regional and Local Events

AppSec Cali 2016, Jan. 25, 2016 - Jan. 27, 2016, Santa Monica, CA

New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand

Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America

CyberSecurity 2016, May 16, 2016 - May 20, 2016, New York, NY, USA

AppSec ASIA 2016, May 19, 2016 - May 22, 2016, Wuhan, China

Partner and Promotional Events

CodeMash January 5 - 8, 2016 Sandusky, Ohio, USA

BSides Lagos January 22, 2016 Nigeria

SC Congress London, February 10, 2016 ILEC Conference Centre London, UK

Blackhat Asia 2016, March 31 - April 1, 2016 Marina Bay Sands, Singapore. OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316

SC Congress Toronto, June 1, 2016 - June 2, 2016 Metro Convention Center Toronto, CN

Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements
with other organizations in support of the OWASP Community. CLICK HERE for more information on advertising.
Black Hat Asia 2016, Singapore, March 29- April 1, 2016, USD$200 Discount: OWBR0316Black Hat Asia 2016, Singapore, March 29- April 1, 2016, USD$200 Discount: OWBR0316

chapters

New Chapters

Chapters Restarts

Transitions

New Student Chapter

New Academic Supporters

  • University of Ngaoundèré, Ngaoundèré, Camaroon
    Faculty Contact: Franklin Tchakounté, tchafros@owasp.org
    http://www.univ-ndere.cm/
     
  • Mannheim University of Applied Sciences, Mannheim, Germany
    Faculty Contact: Sachar Paulus, s.paulus@hs-mannheim.de
    http://hs-mannheim.de/
Learn more about our Academic Supporter program

Notable Chapter Activity

Here is a summary of chapter activity in 2015. Thanks to all our new and veteran leaders for making this an outstanding year:
  • 35 new chapters started
  • 14 chapters restarted
  • 9 new student chapters
  • 9 new academic supporters
  • 68 new leaders added, including restarts

2015 AppSec Summer School in Croatia

Vlatko Kosturjak sent us photos from OWASP Croatia's OWASP Application Security Summer School held in September at Fakultet Organiazacije Informatike (FOI). The program included speakers from industry and academia, who are experts in the field of web application security. The program presented students with practical, industrial problems focusing on attacks against web applications and protect against those attacks. The Summer School is an intensive program that includes 8h lectures and training sessions over 4 days, plus an additional, independent student project. The event was free for all students of FOI, and provided a certificate of completion.



We at the OWASP Global Foundation are looking forward to hearing about more such events in future.

Share your chapter's successes! Submit your stories here

Membership

New Contributing Corporate Members

  • Veracode
Thanks to all of our Premier and Contributing Corporate Members for your support in 2015!

Social Media

OWASP Social Media Site

Wednesday, December 16, 2015

December 2015 - Community News Flash


December 2015 Community News Flash

Happy Holidays!

As we enter the holiday season, I am reminded that I have just passed my one year mark as your Community Manager with the OWASP Foundation. I have been happy and honored to meet everyone in our community and help get your chapter and project activity running smoothly.

A lot has happened over the year. We hired a Projects Coordinator, Claudia Aviles-Casanovas to provide additional guidance and support for project teams. We have successfully hosted dozens of events worldwide, including sell-out AppSecUSA and AppSec Europe events as well as LATAM, Project Summits and many major regional events. We have added 35 new chapters and welcomed nearly 70 new chapter leaders. We have 142 active projects and a newly updated review process currently evaluating several projects for graduation to incubator and lab status.

As we say goodbye to 2015 and look to the future, please share your OWASP New Year's Resolutions by using hashtag #OWASPYNewYear on Twitter. We will be looking for good ones to share with our community, and hope to find some ideas to support worldwide for 2016.

We would like to thank all of our project and chapter leaders and volunteers for all of your hard work and dedication to making the OWASP Community shine. Thank you and we look forward to sharing further successes in 2016.

Noreen Whysel
Community Manager
OWASP Foundation

In this Issue:
  • FEATURE: Chapter/Project Budgets and Funding Update
  • PROJECT UPDATES: ToolsWatch Survey 2015, Project Activity, Latest Releases
  • CHAPTER ACTIVITY: New Chapters, New Academic Supporters, Leader Transitions
  • VOLUNTEERING: Call for Translations
  • EVENTS: Upcoming Local and Regional Events
  • RESOURCES: List of Resources in this Issue
FEATURE: Chapter/Project Budgets and Funding Update

Over the past month we held online sessions to go over the new budgeting rules for chapters with more than $5000 and those with less than $500 available in their funding allocations. Thanks to all chapters who submitted budgets for 2016 by the Dec 1 deadline. If anyone is still having difficulty with their budgets, please reach out ot me or to Paul Ritchi for guidance.

For those Chapters and Projects with <$500, if you were not able to attend any of our calls to discuss the new funding rules, these meetings were recorded and can be viewed at the following link: https://drive.google.com/open?id=0ByZ3H0-PMUGuNW1PNXZtbE54cDA

See the results of several board proposals affecting funding for 2016: https://www.owasp.org/index.php/OWASP_Board_Votes#Voting_Records

You may check your account balance and funding history here:

Chapters:
Projects
PROJECT UPDATES: ToolsWatch Survey 2015, Latest Releases

ToolsWatchSurvey 2015

Simon Bennetts asks you to please vote for you favorite OWASP security tools in the Toolswatch '2015 Best Security Tool' survey: http://www.toolswatch.org/2015/11/vote-for-2015-best-security-tool/

In 2014 OWASP tools came in at number:

2. ZAP
5. Xenotix
7. OWTF

and in 2013:

1. ZAP
5. Xenotix
10. O-SAFT

Project Activity

Claudia Aviles-Casanovas, our Projects Coordinator, has shared her latest Project Task Force Update. The task force is still seeking volunteers to review the OWASP SeraphimDroid Project:
https://docs.google.com/a/owasp.org/presentation/d/10zCyCtcJbU9Gf4TdQ4GKJG7vvfbhb_Lhk1rt6PW7S3M/edit?usp=sharing

Maura Van Der Linden has been contracted by Simon Bennetts to help with the new intro document to get users who are new to pen testing started in ZAP.

Thank you to Gabriel Gumbs for the donation:
https://www.owasp.org/index.php/OWASP_Application_Security_Program_Quick_Start_Guide_Project

For anyone who wants to help with our Free Training initiative, Gabriel personally welcomes more contributions. Visit:
https://www.owasp.org/index.php/Education/Free_Training

Latest Releases

OWASP Mth3l3m3nt Framework User Guide
Project Leader: Munir Njiru
Download: https://github.com/alienwithin/OWASP-mth3l3m3nt-framework/wiki
Project Page: https://www.owasp.org/index.php/OWASP_Mth3l3m3nt_Framework_Project
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots, say no to runaway web shells and yes to centrally managed herds in large penetration testing engagements.
OWASP 24/7 PodCasts

Created by Mark Miller, OWASP 24/7 Podcasts offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.
CHAPTER ACTIVITY

New Chapters
Leader Transitions
There are many leader openings for chapters that have gone inactive, particularly in the Middle East and Africa. Go to the Volunteer page for a listing of open positions:http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing

New Student Chapters
New Academic Supporters
  • Chelyabinsk State University, Chelyabinsk, Russia
    Faculty Contact: Elena Feldman, fr221a@gmail.com
    http://www.csu.ru/en/
  • Competency Center for Applied Security Technology, Darmstadt, Germany
    Faculty Contact: Andreas Heinnemann, andreas.heinemann@cast-forum.de
    http://www.cast-forum.de/
  • Mannheim University of Applied Sciences, Mannheim, Germany
    Faculty Contact: Sachar Paulus, s.paulus@hs-mannheim.de
    http://www.hs-mannheim.de/
  • Ngaoundèré University
    Faculty Contact: Franklin Tchakounté, tchafros@gmail.com
    http://www.univ-ndere.cm/
Learn more about our Academic Supporter program.

Notable Chapter Activity

The Charlottesville, Virginia chapter is planning to expand to include the Lynchburg and Roanoke areas. The new chapter will be renamed OWASP Southwest Virginia and will be led by Jeffrey Collyers and Phil Offield. The expansion is expected to leverage the large number of universities in the region. Details coming in January. Thanks to both for recharging application security in Southwest Virginia!

Vlatko Kosturjak sent us photos from OWASP Croatia's OWASP Application Security Summer School held in September at Fakultet Organiazacije Informatike (FOI). The program included speakers from industry and academia, who are experts in the field of web application security. The program presented students with practical, industrial problems focusing on attacks against web applications and protect against those attacks. The Summer School is an intensive program that includes 8h lectures and training sessions over 4 days, plus an additional, independent student project. The event was free for all students of FOI, and provided a certificate of completion.

 
OWASP Delhi NCR will be prsenting a meeting this Saturday, December 19 from 11am to 3pm IST. Featured talks will include "Cyber Security in NextGen Air Transportation System" presented by Vippan Raj Dutt, "Hardware Trojans" by Anupam Tiwari, and Part 1 of "CTI & Incident Response - A Love Story" with Sandeep Singh.

OWASP Panay, Philippines continues to be active spreading application security knowledge among university campuses this December. Chapter leader, Francis Victoriano was invited as Resource Speaker in West Visayas State University's Janiuay Campus, to introduce the OWASP Foundation and present on Web Application Security Risks and Countermeasures. 415 student attended. Francis hosted a question and answer session and Hacking Demo. He was also invited as Resource Speaker at Capiz State University's Pontevedra Campus to Talk about Web Applications with SQL Injection Demo. More than 200+ students attended this event. Take a look at photos from these events on OWASP Panay's Facebook page.


If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:
https://docs.google.com/spreadsheets/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html


VOLUNTEERING: Call for Translators

Andrew van der Stock has issued a call for translations for the ASVS project!
https://github.com/OWASP/ASVS


As such, we've committed v3.0.1 into GitHub and uploaded it to Crowd In:
https://crowdin.com/project/owasp-asvs/

You don't HAVE to use Crowd In, but it would be nice to indicate to other native speakers of your language that you are willing to work together. This is a 70 page document, and in all honesty, will take a dedicated person a week or more to translate, so please please please work together rather than apart. You have full access to the original document and the original images.

In the next month or so, Andrew would like to close out all the issues logged in GitHub, so he will give active translators a heads up of any changes to the master document, so again, a good reason to use Crowd In so we know who you are.

If there are any incomprehensible English idiom or phrases in there, please don't hesitate to ask for clarification, because if it's hard to translate, it's almost certainly wrong in English as well. You can reach Andrew at vanderaj@owasp.org
EVENTS: Upcoming Local and Regional Events
OWASP AppSec Europe 2016: First Time in Rome!


OWASP AppSecEU - CALL for PAPERS

Don't miss the opportunity to present your Paper!
27 June - 1 July 2016

The next OWASP AppSecEU (http://2016.appsec.eu/) will take place at the Marriott Park Hotel in Rome, Italy.

The Open Web Application Security Project is an open-source project for application security.

To all Country Chapters Leaders:

Don't miss the opportunity to share and discuss your ideas and knowledge with other experts and practitioners. Present your paper now!!

Spread the knowledge of this big opportunity within your chapter and push towards Universities, Research Centers, Industries, asking to present papers in order to make this conference a unique one!!

Topics of interest include, but are not limited to:
  • Novel web vulnerabilities and countermeasures
  • New technologies, paradigms, tools
  • OWASP tools or projects in practice
  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Browser security
  • Mobile security and security for the mobile web
  • REST/SOAP security
  • Security of frameworks
  • Large-scale security assessments of web applications and services
  • Privacy risks in the web and the cloud
  • Management topics in Application Security: Business Risks, Awareness Programs, Project Management, Managing SDLC

To submit a proposal use EasyChair.

The program committee will review your submission based on a descriptive abstract of your intended presentation. Feel free to attach a preliminary version of your presentation if available, or any other supporting materials. Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly as accepted abstract and bio submitted will be published 1:1 on our site. If your presentation is accepted for inclusion in the conference program, you are free to submit a white paper describing your work, which will be added to the website.

Important dates:
  • Submission deadline: January 15th, 2016
  • Notification of acceptance: February 29th, 2016
  • Conference date: June 30th - July 1st, 2016


Call for Training:
https://2016.appsec.eu/important-dates/call-for-training

Call for Presentation:
https://2016.appsec.eu/important-dates/call-for-papers

Sponsorship Document:
http://2016.appsec.eu/wp-content/uploads/2015/10/AppSecEU-2016-Rome-Sponsorship-Document.pdf

Regarding sponsorship, please let us know if you are interested in one of the options because we have already received several requests and we would like to sign all the contracts as soon as possible (within 31 Dec. 2015).

More Upcoming Events
  • AppSec Cali 2016, January 25, 2016 - January 27, 2016, Santa Monica, CA
  • New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand
  • CyberSecurity 2016, May 16, 2016 - May 20, 2016, New York, NY, USA
  • AppSec ASIA 2016, May 19 2016 - May 22, 2016, Wuhan, China
Partner and Promotional Events
  • ACSAC 2015 Conference: December 7 - 11, 2015, Los Angeles, CA
  • CyberSecure: December 15 - 16, 2015, The Sheraton Times Square New York, NY
    OWASP members receive 20% by using their @owasp email account and discount code: OWASP15
  • CodeMash: January 5 - 8, 2016, Sandusky, Ohio.
  • BSides Lagos: January 22, 2016, Nigeria
  • SC Congress London: February 10, 2016, ILEC Conference Centre London, UK
    Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
  • Blackhat Asia 2016: March 31 - April 1, 2016, Marina Bay Sands Singapore
    OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316
  • SC Congress Toronto: June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN
    Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
RESOURCES
2015 Global Board of Directors Election
https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election

OWASP Tool Projects:
http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000tflX

OWASP Code Project(s):
http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000tfn4

Chapter Leader Handbook:
https://www.owasp.org/index.php/Chapter_Leader_Handbook

Funding Resources:
https://www.owasp.org/index.php/Funding

Donation Scoreboard - Current Chapter and Project Funding Allocations:
https://docs.google.com/spreadsheets/u/2/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html

AppSecEU 2016:
http://2016.appsec.eu
CONTACT ME

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.

Noreen Whysel
Community Manager
OWASP Foundation

Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.
https://owasp.slack.com/messages/askthecm/

Wednesday, November 25, 2015

OWASP Connector Newsletter - November 25, 2015

Communications

OWASP in the News

OWASP Podcasts

projects

ToolsWatch Survey

Status of Reviews

Latest Releases

Conference

Global AppSec Events

Local and Regional Events

Partner and Promotional Events

chapters

New OWASP Chapters

Chapter Restarts

Chapter Transitions

New Academic Supporters

Chapter Activities

membership

Contributing Corporate Members

Social Media

OWASP Foundation Social Media



Communications

OWASP in the NEWS!

Toolswatch '2015 Best Security Tool' survey: Please vote for your favorite OWASP security tools!

AppSec California Application and Web Security Training Sessions Announced, PR.com

Test-Aankoop: helft webwinkels niet goed beveiligd (Half of ecommerce websites tested not properly secured), Het Niewsblad (Belgium).

OWASP Podcasts

OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.

Mark Miller interviews Board members Tom Brennan and Josh Sokol about an upcoming event in NYC: OWASP Shark Tank - Could You Convince Someone to Invest in Your Project?

Mark Miller - OWASP 24/7 Podcast Series


projects

ToolsWatchSurvey

Simon Bennetts asks you to please vote for you favorite OWASP security tools in the Toolswatch '2015 Best Security Tool' survey: http://www.toolswatch.org/2015/11/vote-for-2015-best-security-tool/

In 2014 OWASP tools came in at number:

2. ZAP
5. Xenotix
7. OWTF

and in 2013:

1. ZAP
5. Xenotix
10. O-SAFT

Project Reviewers Needed

Thank you for volunteering!

Timo Pagel, Munir Njiru, Ricardo Campo and Jorge Stephan and Nikola Milosevic

The Volunteer Board has a number of openings:

OWASP Security Shepherd - Project Reviews will be available on the Leader List the week of 12/7 OWASP Security Logging Project - One Volunteer still needed
OWASP Security Knowledge Framework - One Volunteer still needed
OWASP SeraphimDroid Project - Needs Two Volunteers
OWASP Java Encoder Project - Needs Two Volunteers
OWASP Jave HTML Sanitizer Projects - Needs Two Volunteers
OWASP API Security Project - New Incubator needs Two Volunteers

Thank you in advance for your efforts and time.

Project Task Force

Initiative Leader:
Claudia Aviles-Casanovas
Project Coordinator
claudia.aviles-casanovas@owasp.org
Phone:973-288-1697

OWASP PodCasts created by Mark Miller offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.

Latest Releases

OWASP Mth3l3m3nt Framework User Guide
Project Leader: Munir Njiru
Download: https://github.com/alienwithin/OWASP-mth3l3m3nt-framework/wiki
Project Page: https://www.owasp.org/index.php/OWASP_Mth3l3m3nt_Framework_Project
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots, say no to runaway web shells and yes to centrally managed herds in large penetration testing engagements.


Conference

Global AppSec Events

AppSecEU 2016, 27 June to 1 July 2016, Rome, Italy

AppSec EU 2016 is coming to Rome, Italy on 27 June to 1 July 2016!

The Call for Trainings is Now Available! Deadline for proposals: 31 December, 2015.

The Call For Papers is open until 15 January 2016. Submit yours soon.

We are now accepting sponsorships for AppSec EU 2016. For information visit the AppSec EU Sponsor Information Page and Download the Flyer.

Other Global AppSec Events

We are still accepting sponsorships for AppSec Cali 2016 to be held in Santa Monica, California on January 25-27, 2016. Visit the website for details.

We are pleased to announce that AppSecUSA 2016 will be held on 11-14 October 2016 in Washington DC. Mark your calendars!

Regional and Local Events

AppSec Rio de la Plata 2015, December 1, 2015 - December 3, 2015, Montevideo, Uruguay

German OWASP Day, December 1, 2015 - December 3, 2015

OWASP Gothenburg Day, December 8, 2015, Gothenburg, Sweden

AppSec Cali 2016, Jan. 25, 2016 - Jan. 27, 2016, Santa Monica, CA

New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand

CyberSecurity 2016, May 16, 2016 - May 20, 2016, New York, NY, USA

The first Conference Videos Videos from LASCON, (Lonestar Application Security Conference) in Austin, TX, USA, are now available on Vimeo.

Partner and Promotional Events

CyberSecure December 15 - 16, 2015 The Sheraton Times Square New York, NY, USA

CodeMash January 5 - 8, 2016 Sandusky, Ohio, USA

BSides Lagos January 22, 2016 Nigeria

SC Congress London, February 10, 2016 ILEC Conference Centre London, UK

Blackhat Asia 2016, March 31 - April 1, 2016 Marina Bay Sands, Singapore. OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316

SC Congress Toronto, June 1, 2016 - June 2, 2016 Metro Convention Center Toronto, CN


Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements
with other organizations in support of the OWASP Community. CLICK HERE for more information on advertising.

Black Hat Asia 2015, Singapore, March 29- April 1, 2016, USD$200 Discount: OWBR0316Black Hat Asia 2015, Singapore, March 29- April 1, 2016, USD$200 Discount: OWBR0316

chapters

New Chapters

Chapters Restarts

Transitions

New Academic Supporters

Learn more about our Academic Supporter program

Notable Chapter Activity

Ashwini Paranjpe of the OWASP Pune chapter reported they completed their second chapter discussion at PTC. She would like to thank Manish and Sumita for a wonderful presentation on OWASP top 5 issues. And thanks to Sajith and PTC folks for arranging venue and tea/coffee for our chapter discussion. Note that presentation slide deck is uploaded at https://www.owasp.org/index.php/Pune#tab=Presentations

The next Pune chapter meeting is scheduled for 17th December and will cover remaining 5 OWASP vulnerability issued, followed by a technical presentation on any security topic. Visit the Pune chapter wiki page for details or to volunteer.

The NYC/NJ Chapters are trying something new at the December 7th meeting: two projects will make pitches to a crowd of 300, with two angel investors in attendance. They address questions such as "What does it take to get a project funded with limited resources?" How to fund of projects and how to allocate your personal time. Mark Miller interviewed Tom Brennan, OWASP Board member and event organizer, and OWASP Board member Josh Sokol as well as two people who will be pitching their projects. Listen in to see if this is something you might want to do for your chapter or project.
http://www.trustedsoftwarealliance.com/2015/11/25/owasp-shark-tank-could-you-convince-someone-to-invest-in-your-project/

We at the OWASP Global Foundation are looking forward to hearing about more such events in future.

Share your chapter's successes! Submit your stories here


Membership

Contributing Corporate Members

  • Optiv
  • Ernst & Young
  • Fortinet

Social Media

OWASP Social Media Site

Friday, November 13, 2015

November 2015 - Community News Flash


November 2015 Community News Flash In this Issue:
  • FEATURE: New Funding Rules and What They Mean For Chapters and Projects
  • ELECTION: Election Results: 2016 Global Board of Directors!
  • PROJECT UPDATES: Call for Project Reviewers
  • CHAPTER ACTIVITY: New Chapters, Leader Transitions
  • EVENTS: Upcoming Local and Regional Events
  • RESOURCES: List of Resources in this Issue
FEATURE: New Funding Rules and What They Mean For Chapters and Projects

The Global Board has voted on several proposals affecting funding rules for chapters and projects. A summary of the voting record is available on the wiki. The rule changes that may affect your activities are as follows:
  • Chapters and projects with more than a $5000 allocation as of October 1 are required to submit a budget for 2016 by December 1, 2015 (November 1 beginning in 2016 and thereafter). Affected leaders have already been notified.
     
  • All chapter accounts with less than $500 will be brought to $500 on Jan 1 as long as they have two active leaders.
     
  • Similarly, a $500 starting budget will be applied for projects newly reaching Lab Status. Projects newly reaching Flagship Status with an account balance less than $1000 will be brought to $1000. Both Lab and Flagship status projects will need to have at least two active leaders at that time.
Over the past week, Executive Director Paul Ritchie has reached out to leaders who have more than $5000 in their budgets and held a series of Go2Meeting sessions for Q&A. We will do a second series for those with allocations under $500. Any leader is welcome to join these calls.

We will review the original purpose & objective, then I'll talk about the tools & Timeline. I'm happy to take any and all questions.

Please join my Go-To-Meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/529205341

--  Thursday, Nov. 19  08:00 Pacific / 11:00 EST / 16:00 GMT / 17:00 CET
--  Monday, Nov. 23    09:00 Pacific / 12:00 EST / 17:00 GMT / 18:00 CET
--  Tuesday, Nov. 23   07:00 EST     /  Noon GMT / 21:00 JST / 17:30 IST

You can also dial in using your phone.
United States +1 (224) 501-3412
Access Code: 529-205-341

Please RSVP for the meeting that works best for your timezone.

See the results of several board proposals affecting funding for 2016: https://www.owasp.org/index.php/OWASP_Board_Votes#Voting_Records

You may check your account balance and funding history here:

Chapters:
Projects
ELECTION: Election Results: Global Board of Directors

Congratulations to the winners of the 2015 Global Board of Directors. Tom Brennan joins Tobias Gondrom, Michael Coates, and Josh Sokol who were elected for second terms. They join Matt Konda, Andrew van der Stock, and Jim Manico who each have another year of their terms left. Fabio Cerullo has finished his board term and is stepping down. We thank him for his service. Thanks as well to all nominees, Jonathan Carter, Abbas Naderi Afooshteh, Bil Corry, Nigel Phair, and Milton Smith for putting yourselves forward. The new board term begins on January 1, 2016.

You may view the complete 2015 Global Board Election Results on the OWASP wiki.
PROJECT UPDATES: Call for Project Reviewers

The Project Task Force needs your help with project reviews to graduate projects from Incubator to Lab, and from Lab to Flagship status. Please join in the efforts and participate in supporting the OWASP Foundation, Global Projects division.

The following are the OWASP Tool and Code Projects that require your expertise volunteer time:

Three OWASP Tool Projects for Graduation Review
One OWASP Code Project for Graduation Review

Please click on the links below if you are interested in adding your name to our list of reviewers.

Volunteer participation from the OWASP Community is critical to the growth and development of OWASP Projects since it provides an effective way to for project leaders to have their projects tested and validated based on the extensive professional advice and support of the OWASP community.

We have the following incentives for your help in kick starting our Project Review Call Out for Volunteers:

Amazon Gift Cards:
$5 for Any Incubator New Project
$15 for one Tool, Code, or Documentation Project Review
$30 for two Tool, Code, or Documentation Project Review
$40 for three Tool, Code or Documentation Project Review
$50 for four Tool, Code or Documentation Project Review
$60 for five Tool, Code or Documentation Project Review

Subscribe to our Project Task Force Google list.

Thank you in advance for your efforts and time.

Project Task Force

Initiative Leader:
Claudia Aviles-Casanovas
Project Coordinator
claudia.aviles-casanovas@owasp.org
Phone:973-288-1697

OWASP PodCasts created by Mark Miller offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.
CHAPTER ACTIVITY

New Chapters
Chapter Restarts
New Leaders
New Academic Supporters
Notable Chapter Activity

The new Taguig has hit the ground running, having already concluded five-day Microsoft System Administration training conducted at Fort Bonifacio, Taguig City. The attendees were from Philippine Institute of Cyber Security Professionals, OWASP Manila and Cagayan Valley, TCON and Philippine Army personnel. OWASP Taguig Chapter organized the event for the members of the community.

OWASP Qatar's first meeting will be November 23 from 9am-1pm at the InterContinental Doha. Visit their wiki page for details.

If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:

https://docs.google.com/spreadsheets/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html
EVENTS: Upcoming Local and Regional Events

OWASP AppSecEU 2016 in Rome: talks, trainings and sponsorships opportunities

We are beginning to contact all the possible speakers, trainers and sponsors for the next OWASP AppSecEU that will be held in Rome from 27th June to 1st July 2016. More than 800 attendees are expected at the event with 3 days of training followed by the 2-day conference that includes:
  • Five-talks in parallel with a focus on the core mission OWASP (Dev Ops Hack, CISO and Research);
  • Key notes of security experts;
  • Exhibition spaces that offer innovative solutions to the new needs of the companies.
You can now submit your training or talk!

Call for Training:
https://2016.appsec.eu/important-dates/call-for-training

Call for Presentation:
https://2016.appsec.eu/important-dates/call-for-papers

Sponsorship Document:
http://2016.appsec.eu/wp-content/uploads/2015/10/AppSecEU-2016-Rome-Sponsorship-Document.pdf

Regarding sponsorship, please let us know if you are interested in one of the options because we have already received several requests and we would like to sign all the contracts as soon as possible (within 31 Dec. 2015).

More Upcoming Events
RESOURCES

2015 Global Board of Directors Election
https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election

OWASP Tool Projects:
http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000tflX

OWASP Code Project(s):
http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000tfn4

Chapter Leader Handbook:
https://www.owasp.org/index.php/Chapter_Leader_Handbook

Funding Resources:
https://www.owasp.org/index.php/Funding

Donation Scoreboard - Current Chapter and Project Funding Allocations:
https://docs.google.com/spreadsheets/u/2/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html

AppSecEU:
http://2016.appsec.eu
CONTACT ME

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.

Noreen Whysel
Community Manager
OWASP Foundation
Community Manager Open Hours on Slack:

Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.
https://owasp.slack.com/messages/askthecm/

CORRECTION: Deadline for 2016 budgets for chapters with more than $5,000 in their account was originally listed as November 1, 2015. Given the delay of the announcement, the deadline has been extended to December 1, 2015 for the 2016 budget. Subsequent years will have a November 1 deadline.