Friday, February 27, 2015

OWASP Community Manager News Flash – February 2015

OWASP Community Manager News Flash #2 – February 2015

Latest News – Updated Branding Guidelines

Whats New?We have completed a review of the Branding Guidelines and posted updates to the wiki and a new downloadable PDF. The main changes were to include clear links to downloadable content, including information about file type and size and to add some clarification to identity customizations. Some of the downloadable content, particularly brochures, did not include the high-resolution version of the download, and some of this content needs to be updated. We have located and provided links to this content where possible and are working on updated versions of some materials. Keep your eye out for those.

Can I Customize the OWASP logo for my Chapter or Project?We also added an OWASP brand use case for events and conferences, which had not been included previously. In addition, we have expanded information regarding “allowable customization” of the OWASP logo for event promotion, chapter pages and social media. While the original marketing recommendations strictly limited customization to changes in color, many current customizations, including the addition of a country flag in the background and similar modifications add personality and local color to the chapter and project identity without obscuring the overall OWASP brand.

Here are examples of some customizations we liked:

Inline image 1Chapter: OWASP Atlanta
Inline image 2Chapter: OWASP Argentina
Inline image 3Events: AppSecUSA

We aren't going to post examples that don’t meet guidelines, but do ask that each chapter and project review their current social media avatars and wiki page logos and make an honest evaluation of whether your images meet the guidelines.

Please read these new branding rules carefully, and let me know if you have any comments, suggestions or questions.

OWASP On the Move - Recent Chapter Activity

Congratulations to John Patrick Lita and the OWASP Manilla Chapter. Manila hosted 900 attendees at Bulacan State University and is planning a workshop for 60 students and faculty members in March. Manila’s school tour continues on February 27 with San Sebastian College in Ca vite City. John Patrick was recently invited by DZIQ 990AM Radyo Inquirer to discuss how @OWASP can help the Philippine Government promote awareness about cyber security.

OWASP Lucknow reported hosting the biggest OWASP / DEFCON Security Meet ever held in India successfully with a record 379 Attendees! Congrats!
New Chapter OWASP Brooklyn launched on February 3rd at a maker lab in Williamsburg. Their next event will be held on Saturday, February 28th at NYU Poly and will feature Technology Transfer: Creating Cultures of Innovation. Speakers from USCENTCOM innovation office.

OWASP Cluj, another new chapter in Romania, launched on January 29 with over 100 in attendance and many interested in contributing further!

New Chapters

This month, we launched new chapters in Dehradun and Jaipur, India, Sharjah, UAE, and Sheffield, UK, as well as a student chapter in Busan, South Korea. For information or to join these communities, please visit their chapter wiki pages:

TIP: Add Your Meetings to the OWASP Event Calendar

We have noticed that the OWASP Event Calendar has been pretty quiet. Please be sure to post your events to this calendar so all can see what is going on. Visit All leaders should have a shared copy available. Just click the checkbox next to “OWASP Event Calendar” under “My Calendars” in the left column. Let me know if you are having trouble adding it to your Google Calendar.

Academic Supporters

Universities are wonderful resources for local chapters. Our Academic Supporter program allows universities to support OWASP by providing space for chapters to meet and promotion and development of OWASP education materials. If you have connections with local universities and faculty members in your area, reach out to them and encourage them to join OWASP as an Academic Supporter.

We have launched a new Academic Supporter application process. The application form is now available online at Do let your local universities know that this opportunity exists.

2015 Strategic Goals

Thanks to all who participated in our 2015 Strategic Goals Survey. We are tabulating responses and will continue that discussion soon. Stay tuned!

Other Resources

Academic Supporter Information and Application (application)

Contact Me

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at

Noreen Whysel
Community Manager

OWASP Foundation

Labels: , ,

Friday, February 13, 2015

AppSecUSA 2015 Call For Papers

OWASP 2015 Call For Papers now open! Submit now -

Wednesday, February 11, 2015

OWASP Connector, February 11, 2015

OWASP Global Connector
February 11, 2015 | | | Contact Us | Brought to you by the OWASP Foundation

OWASP Project Coordinator Position

Election Working Group Forming


Corporate Members

Individual Members


CodeMash: OWASP reaches nearly 1000 developers

Global AppSec Events in 2014

Upcoming Regional Events

Partner and Promotional Events


New OWASP Chapters

Chapter Activities


Google Summer of Code 2015

AppSensor 2.0.0 Released

OWASP Global Translation

Social Media

OWASP Foundation Social Media


OWASP Communications

OWASP Project Coordinator - Open for applications

Are you interested in working for OWASP and supporting volunteer efforts around the world? Or, do you know someone who is looking for a job like this?
We encourage you to consider applying for our Project Coordinator Position.
Full Time, Salaried
The OWASP Project Coordinator is responsible for the oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enables OWASPs Project Leaders and contributors to successfully run their open source software projects.
This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.
Details about the position and how to apply:
Please help us spread the word about the position by posting to your chapter/project lists, adding to applicable job boards, or forwarding to any individuals that you think would be interested.

Election Procedure Working Group

It may seem early, but we have just begun our planning for the 2015 Board of Director election process and we would like Community participation.
We realize that many community members had expressed strong opinions about the past Global Board of Directors election and the platform the election followed.
To help strengthen and improve our election process, an "election working group" will be forming. The working group will consist of community members that have a strong focus on improving our election procedure for this coming year.
The group will meet bi-weekly on Tuesdays at 11amET starting on Feb 17. If you are interested in joining the call please contact Kelly Santalucia
As a reminder, in past elections we provided the following steps, and we look to your suggested improvements.
  • 90 Day window for Call for Candidates
  • 90 Day window for Community questions to be submitted to Candidates
  • Vetting of candidates to ensure eligibility
  • Broad communication of Candidates after window closes via OWASP Connector and Social Media
  • Audio recordings of Candidate statements and recommendations for Community review
  • Live teleconference with candidates to handle Community Questions
  • Multiple email reminders (3-5) to 'paid members' to ensure renewal & eligibility to vote.
  • Multiple email reminders (4-6) to voting members to ensure maximum voting participation
Return To Top

OWASP Membership

Renewed Corporate Members

1933 Individual Members

  • 1216 Individual One Year Members
  • 335 Individual Two Year Members
  • 228 Regional One Year Members
  • 68 Honorary Members
  • 64 Lifetime Members
Return To Top

OWASP Conferences

OWASP reaches nearly 1000 Developers

by Bill Sempf, Columbus, Ohio Chapter Leader

The time is the dead of winter, the first week of January 2015. The place, a waterpark in Cleveland Ohio. The scene is 2200 developers from all over the world, wearing shorts and sandals, talking about everything from programming drones to enterprise cloud deployment. This is where OWASP brought 24 hours of security content, with a total impressions approaching 950 developers. This is a success story of remarkable proportions.
Building on the 2013 and 2014 CodeMash events, Jim Manico, Wolfgang Goelrich, Eric Lawrence, and a star studded cast of security speakers brought in 12 hours of training and 12 hours of sessions to developers hanging on every word. The feedback was universally positive and next year's security track is on pace to be even bigger!
If OWASP's primary mission is to 'make software visible' then events like CodeMash are one of the linchpins upon which this mission succeeds.
Encourage your local or regional conferences to start a security track. Offer to proctor that track. Submit security talks to developer conferences.
Get involved outside of the security sounding chamber, and get the developers involved. If CodeMash 2015 showed us anything, it was that developers no longer are dismissive of application security. At OWASP, we should stand up to the thirst for knowledge, and get involved!

Global AppSec Events


LATAM Tour 2015

  • Santiago, Chile: April 8-9, 2015
  • Patagonia, Argentina: April 10, 2015
  • Bucaramanga, Colombia: April 14, 2015
  • Montevideo, Uruguay: April 15-16, 2015
  • Lima, Peru: April 17-18, 2015
  • Santa Cruz, Bolivia: April 17-18, 2015
  • San Jose, Costa Rica: April 21, 2015
  • Guatemala, Guatemala: April 21-22, 2015
  • Buenos Aires, Argentina: April 23-24, 2015
  • Caracas, Venezuela: April 23-24, 2015

AppSec EU/Research 2015 (May 19 - 22, 2015, Amsterdam, NL)

Limited Sponsorships are available. Please contact Kelly Santalucia today to make sure your company is represented!
Call For research. Submission deadline extended to Feburary 15, 2015
Registration is open! Early Bird pricing expires February 28. CLICK HERE to register today.
USA 2015

AppSec USA 2015 (September 22 - 25, 2015, San Francisco, CA)

Only a few sponsorships are available for this event. CLICK HERE to see the available sposnorships for this event as well as other events.
Tickets Sales Now Open! CLICK HERE to register!

Upcoming Local and Regional Events

OWASP New Zealand Day (February 26-27, 2015, New Zealand)
NYC OWASP HACKNYC 2015 (March 18 - 19, 2015, NYC, NY)
LASCON 2015 (October 19 - 22, 2015, Austin, TX)
AppSec Rio de la Plata 2015 (November 17-20, 2015, Montevideo, Uruguay)

Partner and Promotional Events

SecAppDev 2015 (February 23-27, 2015) Lueven, Belgium
SC Congress London (March 3, 2015) London, UK
Financial Services Cyber Security Summit Middle East & North Africa (March 9-10, 2015) Mena, Dubai
BlackHat Asia 2015 (March 24027, 2015) Singapore
Cyber Security Summit Europe - Financial Sector (April 14-15, 2015) Prague, Czech Republic
Cloud Security World 2015 (May 19-21, 2015) New Orleans, LA
Hack In the Box (May 26-29, 2015) OWASP members receive 20% off by using discount code OWASP-HITB2015AMS
SC Congress Toronto (June 10 - 12, 2015) Toronto, Canada
axiom bh europe contrast january coalfire
CLICK HERE for information on advertising in the next connector
Return To Top

OWASP Chapters

New Chapters

Kyushu, Japan - Chapter Leader - Yuichi Hattori
Sheffield, UK - Chapter Leader - Yousif Hussin

Chapter Activity

OWASP Cluj held it's initial Meeting January 29th.
OWASP Manila is working together on the OWASP Online Academy Project and would like community support and input. To get involved, please contact the chapter leader John Patrick Lita
Share your chapter's successes! Submit your stories here
Return To Top

OWASP Projects

GSoC 2015

Google is now accepting applications for mentoring organizations for GSoC 2015.
For those of you that have participated in the program, this is the time of the year to start outlining your ideas for projects here:
For the rest of you the Google Summer of Code is an amazing opportunity to get some work done on your project.
Last year we got 16 slots for 7 OWASP projects. This year we are looking forward to having even more OWASP projects participating in the program.
For more information, please contact Konstantinos Papapanagiotou.

AppSensor 2.0.0 released

The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into applications.
The project offers 1) a comprehensive guide and 2) a reference implementation. These resources can be used by architects, developers, security analyst and system administrators to plan, implement and monitor an AppSensor system.
This is a code release, which comes after a recent (Summer 2014) release of version 2 of the AppSensor book.
For more informaiton on the release and to get your copy of the AppSensor Book, please visit the AppSensor project page. Congratulations to John Melton and his team!
Return To Top

Social Media
OWASP Foundation Social Media


We've all had our moments when we've been on the giving or receiving end of application security advice, and sometimes, you could say, that advice was a bit "off the mark."
Share the funniest/craziest advice you've ever heard by using the following hashtag: #AppSecGuruSaid
We will gather the comments and post a selection of them in the next issue of the Connector

OWASP Social Media Sites

Return To Top