The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Are you interested in working for OWASP and supporting volunteer efforts around the world? Or, do you know someone who is looking for a job like this? We encourage you to consider applying for our Project Coordinator Position. Full Time, Salaried The OWASP Project Coordinator is responsible for the oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enables OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure. Details about the position and how to apply: https://www.owasp.org/index.php/OWASP_Jobs Please help us spread the word about the position by posting to your chapter/project lists, adding to applicable job boards, or forwarding to any individuals that you think would be interested.
Election Procedure Working Group
It may seem early, but we have just begun our planning for the 2015 Board of Director election process and we would like Community participation. We realize that many community members had expressed strong opinions about the past Global Board of Directors election and the platform the election followed. To help strengthen and improve our election process, an "election working group" will be forming. The working group will consist of community members that have a strong focus on improving our election procedure for this coming year. The group will meet bi-weekly on Tuesdays at 11amET starting on Feb 17. If you are interested in joining the call please contact Kelly Santalucia As a reminder, in past elections we provided the following steps, and we look to your suggested improvements.
90 Day window for Call for Candidates
90 Day window for Community questions to be submitted to Candidates
Vetting of candidates to ensure eligibility
Broad communication of Candidates after window closes via OWASP Connector and Social Media
Audio recordings of Candidate statements and recommendations for Community review
Live teleconference with candidates to handle Community Questions
Multiple email reminders (3-5) to 'paid members' to ensure renewal & eligibility to vote.
Multiple email reminders (4-6) to voting members to ensure maximum voting participation
The time is the dead of winter, the first week of January 2015. The place, a waterpark in Cleveland Ohio. The scene is 2200 developers from all over the world, wearing shorts and sandals, talking about everything from programming drones to enterprise cloud deployment. This is where OWASP brought 24 hours of security content, with a total impressions approaching 950 developers. This is a success story of remarkable proportions. Building on the 2013 and 2014 CodeMash events, Jim Manico, Wolfgang Goelrich, Eric Lawrence, and a star studded cast of security speakers brought in 12 hours of training and 12 hours of sessions to developers hanging on every word. The feedback was universally positive and next year's security track is on pace to be even bigger! If OWASP's primary mission is to 'make software visible' then events like CodeMash are one of the linchpins upon which this mission succeeds. Encourage your local or regional conferences to start a security track. Offer to proctor that track. Submit security talks to developer conferences. Get involved outside of the security sounding chamber, and get the developers involved. If CodeMash 2015 showed us anything, it was that developers no longer are dismissive of application security. At OWASP, we should stand up to the thirst for knowledge, and get involved!
Google is now accepting applications for mentoring organizations for GSoC 2015. For those of you that have participated in the program, this is the time of the year to start outlining your ideas for projects here: https://www.owasp.org/index.php/GSoC2015_Ideas. For the rest of you the Google Summer of Code is an amazing opportunity to get some work done on your project. Last year we got 16 slots for 7 OWASP projects. This year we are looking forward to having even more OWASP projects participating in the program. For more information, please contact Konstantinos Papapanagiotou.
AppSensor 2.0.0 released
The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into applications. The project offers 1) a comprehensive guide and 2) a reference implementation. These resources can be used by architects, developers, security analyst and system administrators to plan, implement and monitor an AppSensor system. This is a code release, which comes after a recent (Summer 2014) release of version 2 of the AppSensor book. For more informaiton on the release and to get your copy of the AppSensor Book, please visit the AppSensor project page. Congratulations to John Melton and his team! Return To Top
OWASP Foundation Social Media
We've all had our moments when we've been on the giving or receiving end of application security advice, and sometimes, you could say, that advice was a bit "off the mark." Share the funniest/craziest advice you've ever heard by using the following hashtag: #AppSecGuruSaid We will gather the comments and post a selection of them in the next issue of the Connector