Thursday, January 29, 2015

Chapter Leader News Flash #1 January 2015

OWASP Chapters News Flash

Welcome and Introduction

Happy New Year from your new Community Manager!

Here’s to 2015! I am thrilled to join this amazing community and am ready to help you all make the best of your local chapters. I am based in New York City (currently under a lot of snow!) and have attended OWASP chapter meetings since early last year after being introduced to OWASP by a friend. I have to say what a great group of people. Thanks for making me feel so welcome!

I have a long history of formally and informally managing and engaging with online tech communities, from online groups and listservs (yes, pre-www, too) to established professional associations and international working groups. I have a few ideas from my past experiences, but your experiences and ideas are what count the most. While I am getting myself accustomed to the OWASP systems and processes, please feel free to reach out to me.

I’d love to know about your chapter’s interests, activities and plans for 2015, and am hoping to feature some of you in an upcoming issue of the OWASPChapter Leader News Flash.

All the best,
Noreen Whysel

Latest News

In September 2014, the board approved changes to the profit sharing model that allows chapters to keep 90% of profits from local and regional, non-AppSec events beginning in 2015. The approval removed the $5000 cap, meaning that 90% of all funds you raise for local and regional, non-AppSec events are allocated to the chapter account. We are updating the wiki to reflect this change.

Please keep in mind that this applies to special events and conferences. General chapter meetings should be free. Check the Donation Scoreboard for your chapter’s current available funds, and the Chapter Leader Handbook and How to Host a Conference site for more ideas.

Chapter Communication

We are reviewing options for conducting online meetings for chapter and project events. You all should know that we have a GoToMeeting account, but it only has a capacity of 25 persons on a call. Are you finding this sufficient for online sessions? Do you ever reach capacity? Do you use other OWASP channels like this mailing list or OWASP's IRC channels? Are there other services like Google Hangouts, Skype or Facetime that work for you? Any you would recommend or our younger & new chapters just starting out?

If you would like to try out GotoMeeting, OWASP has an account available forchapter leaders (paid by the Foundation and provided for free for the chapters). If you would like to set up a meeting or need the GotoMeeting login credentials, contact us at

2015 Strategic Goals

We recently sent out a broad communication about the 2015 Strategic Goals for OWASP Foundation. If you have not had a chance to fill out the 2015 Strategic Goals survey, please do so. We are leaving the collector open until February 2, so there is still time:


Chapter Leader Handbook: 

How to Host a Conference: 

Donation Scoreboard (what’s in your chapter’s wallet?):

OWASP IRC Channels:

Contact Me

We have a lot in store for 2015, including trainings, updated chapter leaderhandbook, revised branding guidelines and more. Please let us know how I can help you!

Noreen Whysel
Community Manager
OWASP Foundation

Wednesday, January 28, 2015

OWASP Foundation Connector

OWASP Global Connector
January 28, 2015 | | | Contact Us | Brought to you by the OWASP Foundation

OWASP Foundation 2015 Strategic Goals

Updated Profit Sharing Model for Events


Corporate Members

Individual Members


Global AppSec Events in 2014

Upcoming Regional Events

Partner and Promotional Events


New OWASP Chapters

Chapter Activities


2015 Project Summit

ToolsWatch Top 10 Security tools of 2014

OWASP Global Translation

Social Media

OWASP Foundation Social Media

OWASP Communications

OWASP Foundation 2015 Strategic Goals

Our leadership team has been working on the OWASP Strategic Goals for 2015 and we would love to have your input. OWASP is Community supported and volunteer-driven so it is important that your input is included in our planning.
Our draft strategic goals are outlined in a brief survey. We encourage you to give us your thoughts on how valuable each goal statement is to you and the community. You may also suggest new goals.
Lets get started! Please follow this link and take our survey:
Strategic Goals Survey

Updated Profit Sharing Model for Events

2015 is going to be a great year to host an event! Did you know that as of 2015, the profit share for all non-AppSec local and events is now 10/90 with no cap? That means when you host a chapter event, chapters can keep 90% of profits regardless of the total revenue. This change was approved by the Board during the September meeting.
Events are a great way to raise funds for your chapter. Let us know how we can help. Visit the Chapter Leader Handbook and the How to Host a Conference page for ideas.
Return To Top

OWASP Membership

New Corporate Members

Renewed Corporate Members

1933 Individual Members

  • 1190 Individual One Year Members
  • 324 Individual Two Year Members
  • 270 Regional One Year Members
  • 66 Honorary Members
  • 64 Lifetime Members
Return To Top

OWASP Conferences

Global AppSec Events


LATAM Tour 2015

  • Santiago, Chile: April 8-9, 2015
  • Patagonia, Argentina: April 10, 2015
  • Bucaramanga, Colombia: April 14, 2015
  • Montevideo, Uruguay: April 15-16, 2015
  • Lima, Peru: April 17-18, 2015
  • Santa Cruz, Bolivia: April 17-18, 2015
  • San Jose, Costa Rica: April 21, 2015
  • Guatemala, Guatemala: April 21-22, 2015
  • Buenos Aires, Argentina: April 23-24, 2015
  • Caracas, Venezuela: April 23-24, 2015
    Additional Information
  • Call for Papers AND Training are now open. Submission deadline February 15, 2015
  • Sponsorship Opportunities are Available

AppSec EU/Research 2015 (May 18 - 21, 2015, Amsterdam, NL)

Call For research. Submission deadline extended to Feburary 15, 2015
Please check the respective calls for prerequisites and submission instructions.
USA 2015 AppSec USA 2015 (September 22 - 25, 2015, San Francisco, CA)

Upcoming Local and Regional Events

OWASP London Cyber Security Week (January 26-30, 2015, London, UK)
OWASP New Zealand Day (February 26-27, 2015, New Zealand)

NYC OWASP HACKNYC 2015 (March 18 - 19, 2015, NYC, NY)
LASCON 2015 (October 19 - 22, 2015, Austin, TX)
AppSec Rio de la Plata 2015 (November 17-20, 2015, Montevideo, Uruguay)

Partner and Promotional Events

SecAppDev 2015 (February 23-27, 2015) Lueven, Belgium
SC Congress London (March 3, 2015) London, UK
Financial Services Cyber Security Summit Middle East & North Africa (March 9-10, 2015) Mena, Dubai
BlackHat Asia 2015 (March 24027, 2015) Singapore
Cyber Security Summit Europe - Financial Sector (April 14-15, 2015) Prague, Czech Republic
Cloud Security World 2015 (May 19-21, 2015) New Orleans, LA
Hack In the Box (May 26-29, 2015) OWASP members receive 20% off by using discount code OWASP-HITB2015AMS
SC Congress Toronto (June 10 - 12, 2015) Toronto, Canada
bh europe contrast january intel environ axiom

CLICK HERE for information on advertising in the next connector
Return To Top

OWASP Chapters

New Chapters

OWASP Brooklyn - OWASP Brooklyn will be hosting its inaugural meeting on February 3, 2014. Chapter Leaders - Bev Corwin and Donald Gooden

Chapter Activity

OWASP London - hosts a Cyber Startup Summit
This event which is being held January 28-30 helps to promote, highlight, and bring spotlight to cyber security innovation and new cyber startups in the UK. Some of the planned activities include:

  • Secure Startup Event - talks and workshops to help startups understand how to develop and secure existing and new products
  • Cyber Innovation Event - talks and interactive workshops on the critical role new cyber startups play in new security innovation
  • Hackathon Event - a two day hackathon for developers, students, and the community focusing on innovative security concepts.
For more information and to get your FREE ticket, please view the event's website.
Share your chapter's successes! Submit your stories here
Return To Top

OWASP Project Summit

Project Summit

This is where application security experts meet to discuss plans, projects and solutions for the future of application security. The Summit is not a conference - there are no talks or training seminars - this is an opportunity to do actual work to further the field of application security. We are holding the summit as part of our AppSec EU 2015 conference, but it is a separate activity from the conference itself. Participants will collaborate to produce tangible progress towards influencing standards, establishing roadmaps, and setting the tone for OWASP and application security for the coming years. The Summit will consist of Summit Working Sessions with a variety of topics set by our community. Participants are free to attend any working session, but we encourage everyone to select working sessions for topics where they have the most to contribute. Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, contact Johanna Curiel.

Project Leader Information

Participant Information

    Where - Amsterdam RAI
  • When - May 20-22, 2015
  • Who - Open to anyone
  • Why? - Contribute to the future road map for Application Security
For more information check out the Summit Wiki Pages or contact a member of the organizational team:

ToolsWatch Top 10 Security tools of 2014 published

3 OWASP Tools are included in the ToolsWatch Top 10 Security tools of 2014! Congratulations to the projects and to the project leaders!<.

OWASP Global Translations

Since it's release in June 2013, The OWASP Top 10 has been translated into 12 different languages.
Visit the Top Ten Project Page to view all of the available translations.
There are other projects in need of translators and proofreaders, including The OWASP Testing Guide 4.0. Please help us in keeping OWASP a truly international organization!
Return To Top

Social Media
OWASP Foundation Social Media
Return To Top

Wednesday, January 14, 2015

SC Congress - London


3 March 2015
8:30 am – 6:30 pm
ILEC Conference Centre
London SW 6, 1UD

Answer: Everything you need to know. 

As a seasoned cybersecurity professional, you recognize that your job is only as sound as your insider knowledge and your foresight.

So much to know. So much to learn.

Yet so much to be gained in just one day. The not-to-be-missed SC Congress London conference and expo – offering delegates an opportunity to earn up to 8 CPE credits – is your complimentary ticket to the latest insights on:

·       The Internet of Things: Experience it firsthand with our keynote demo

·       Big Data vs. Privacy Regulation – Hear from both sides of the debate

·       Cyber crime and public/private cooperation – Get in on the conversation

·       BYOD – The opportunities and threats that arise with personal mobile access in enterprise

·       The cyber solutions your company needs in our unique Exhibition Hall

·       The newest luminaries in the industry – and a chance to network face to face

Register today to reserve your space at no cost!

And that’s not all we have to offer. Check out SC Magazine’s website to download our mobile app, follow us on Twitter, and see all that SC has to offer. Stay informed with a print or digital subscription to our magazine, sign up for our newsletters, or attend an upcoming virtual event!

Tuesday, January 13, 2015

OWASP Foundation Welcomes Contrast Security as Premier Corporate Member


OWASP Foundation Welcomes Contrast Security as Premier Corporate Member

With a Mission to Empower Any Organization to Secure Themselves, Contrast Security Contributes to OWASP to Make the World’s Software More Secure

Bel Air, MD – January 13, 2015 – The Open Web Application Security Project (OWASP), a worldwide not­for­profit charitable organization focused on improving the security of software, is pleased to welcome Contrast Security, creator of the world’s fastest application security software as a sponsor.

OWASP is an open community of over 42,000 participants dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. OWASP does not endorse or recommend commercial products or services. Instead, we allow our community to remain vendor neutral with the collective wisdom of the best individual minds in application security worldwide.

“11 years ago we helped found OWASP to spur innovation and eliminate application security risks, which is now the single greatest risk to enterprises today,” said Jeff Williams, co­founder of both OWASP and Contrast Security. “Contrast is proud to continue this effort on two major fronts by both supporting the OWASP community directly and delivering effective technologies that empower organizations to quickly and accurately protect themselves against attacks on the software that drives their business.”

In addition to their membership, Contrast Security supports several OWASP conferences, including our recent OWASP AppSec USA 2014 Conference in Denver, CO and the upcoming OWASP AppSec California in Santa Monica, CA. All of our AppSec USA 2014 conference talks are available for free on our conference site here:­streaming/. Contrast also supports and participates in various OWASP projects, chapters, and activities.

“Our Corporate members provide significant commitment to the OWASP mission with volunteer support as well as one­third of our funding. We are thrilled to have Contrast Security as a Premier Corporate member,” stated Kelly Santalucia, Membership & Business Liaison of the OWASP Foundation. “Contrast Security’s contributions toward our AppSec USA 2014 event demonstrated strong support for our global initiatives, and we are hopeful that others will follow their lead in giving back to the community.”

Contrast Security delivers the world’s fastest application security software that enables organizations to find and eliminate application security flaws faster, more accurately, and at a

greater scale than ever before. Unlike traditional tools, Contrast instruments applications with real­time sensors to instantly identify vulnerabilities.

The Open Web Application Security Project (OWASP) is dedicated to making application security visible by empowering individuals and organizations to make informed decisions about true software security risks. For more information, visit: Follow us on Twitter at: @owasp

About Contrast Security
Contrast Security delivers the world’s fastest application security software that eliminates the single greatest security risk to enterprises today. Industry research shows that application security flaws are the leading source of data breaches. Contrast can be deployed, automatically discover applications and identify vulnerabilities within seven minutes. Relying on sensors instead of expensive security experts, Contrast runs continuously and is up to 10 times more accurate than the competition. Unlike tedious, painful and slow legacy approaches, Contrast analyzes a complete portfolio of running applications simultaneously in real time at any scale. As a result, organizations can act faster against threats and immediately reduce risk. More information on Contrast Security can be found at

Kelly Santalucia
OWASP Foundation