Wednesday, October 28, 2015

OWASP Connector Newsletter - October 28, 2015

Communications

2015 Global Board Election Results

OWASP in the News

2015 WASPY Award Winners

OWASP Translations: ASVS

Women in AppSec: Diversity Leads to Success

NEW Tool: Trello

projects

Project Summit at AppSecUSA

Latest Releases

ZAP Scripting Competition Results

OWASP Code Review Guide Survey

NEW Initiative: OWASP Research

Conference

Global AppSec Events

Local and Regional Events

Partner and Promotional Events

chapters

New OWASP Chapters

Chapter Transitions

New Student Chapters

New Academic Supporters

Chapter Activities

membership

Premier Corporate Members

Contributing Corporate Members

Social Media

OWASP Foundation Social Media



Communications

2015 Global Board Election Results

Turnout 855 (33.0%) of 2587 electors voted in this ballot

As a % of 855

Tobias Gondrom

459

53.7%

Michael Coates

414

48.4%

Tom Brennan

312

36.5%

Josh Sokol

304

35.6%

Jonathan Carter

226

26.4%

Abbas Naderi Afooshteh

178

20.8%

Bil Corry

175

20.5%

Milton Smith

172

20.1%

Nigel Phair

125

14.6%

VOTER SUMMARY

Total

855

Abstain

36

4.2%

OWASP in the NEWS!

OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.

Simon Bennetts - OWASP ZAP Q&A session

ZAP, Xenotix XSS Exploit Framework, O-Saft and OWTF - 2015 BOSSIE Awards

OWASP Top 10 - "Don't Let Your SMB Get Caught With Its Pants Down," Huffington Post

Mark Miller - OWASP 24/7 Podcast Series

WASPY Award Winners

The results of the OWASP WASPY Awards have been announced and posted to our website. Thanks to all who made a nomination and congratulations to the winners.

Open/Leading Category
European Region: Eoin Keary
United States Region: Jeremiah Grossman
Latin American Region: Mateo Martinez
Caribbean Region: Johanna Curiel

Integrity/Learning Category
European Region: Antonis Manaras & Mateo Martinez (OWASP Student Chapters Program Leaders)
United States Region: Pedro Peralta
Asia/Pacific/Middle East Region: John Patrick Lita
Caribbean Region: Johanna Curiel

Innovation/Sharing Category
African Region: Munir Njiru
European Region: Fiona Collins
Latin American Region: Diego Ademir
United States Region: Jeremy Long

Global/Growing
African Region: Munir Njiru
Asia/Pacific/Middle East Region: John Patrick Lita
European Region: Jason Alexander
Latin American Region: John Vargas
United States Region: Jerry Hoff

View the complete results and vote counts at https://www.owasp.org/index.php/WASPY_Awards_2015#Results.

OWASP Translations: ASVS

OWASP ASVS — Translation Project has been added to Crowdin. Crowd In is a community translation platform. If you speak another language other than English, we would really appreciate it if you could join Crowd In, and become a member of the ASVS project page and commit some time to developing a translation into your local language.Help us translate OWASP ASVS and bring it to the world! https://crowdin.com/project/owasp-asvs.

Women in AppSec: Diversity Leads to Success

Study after study has shown that diverse teams are more successful. Forbes reports that diversity is key driver of internal innovation and business growth. McKinsey & Company study showed that diverse organizations are more likely to have financial returns above their respective national industry medians.

The OWASP Women in AppSec (WIA) diversity initiative aims to increase the participation and visibility of women in the applications security field. WIA is seeking volunteers to help with projects in 2016 now! Fill out the WIA planning survey at https://www.surveymonkey.com/r/SRNLD7H and get involved today. Increasing diversity is an effort that relies on all of us to be successful, so all genders are welcome and encouraged to participate.

NEW Tool: Trello

Trello is a collaboration tool that organizes your projects into boards. In one glance, Trello tells you what's being worked on, who's working on what, and where something is in a process. The OWASP Foundation has obtained a free premium Trello account for our community. If you are interested in having your own board for your project or chapter, please ping Fabio Cerullo at fcerullo@owasp.org.

Some of the projects and chapters using the Trello board are Campinas/Sao Paulo, Delhi, CSRFGuard, ZAP as well as the global Board and the AppSecUSA Chapter Leader Workshop. Visit these boards for ideas on how to use them for collaboration in your group:

https://trello.com/owaspfoundation


projects

Project Summit at AppSecUSA

Several OWASP Projects participated in the AppSecUSA Project Summit. A lot of good feedback, Github updates and new documentation served to level up all participating projects.

Visit the project pages for updates or contact the leaders to find out how you can get involved:

OWASP Security Shepherd Project
Mark Denihan, Pol McCana, Philip Payne, Ryan Foushee

  1. Updated Github Wiki
  2. Created new levels
  3. New Specifications made in version 3
  4. Created new level templates
  5. Project up for review to Flagship phase
  6. Eliminated issues that were blocking the progress of the docker file.
OWASP Code Review
Gary Robinson, Larry Coklin
  1. Editing doc for Release
  2. Gained a new contributor
  3. Prepared Community Survey: “OWASP is interested in the ownership perception of security controls effectiveness”. Results will be posted on the next board meeting.
OWASP Cheatsheet Series & Proactive Controls
Jim Manico & Andrew Van Der Stock
  1. Open Discussion and collaboration
  2. Great discusssions and was much needed
OWASP Python Security
Enrico Branca
  1. Received Feedback from the other project leaders and attendees.
  2. Found how to share technical documents and how to organize issues by using ASVS/SKF.
  3. Gained valuable information to move the project forward.
OWASP Security Knowledge Framework
Glenn Tate Cate
  1. Shared knowledge, got some some feedback.
  2. Helping review ASVS Project
  3. Checking with Python Security Project
OWASP WAFEC
Tony Turner, Rafael Chiles
  1. Restart the Project
  2. Updating the wiki content and Github
  3. Great was a great experience as this was my first Project Summit
OWASP O2 Platform
Michael Hidalgo
  1. Restart the Project
  2. Updating the wiki content and Github
  3. Great was a great experience and enjoyed the open forum

OWASP PodCasts created by Mark Miller offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.

Latest Releases

OWASP Security Shepherd Project
Mark Denihan
Download: https://github.com/OWASP/SecurityShepherd/releases/tag/v3.0
Project Page: https://www.owasp.org/index.php/OWASP_Security_Shepherd
Just a heads up that the Security Shepherd Team have dotted the i's and crossed the t's on our latest version. Please share, tweet, blog, smoke signal the milestone and check out the latest release yourself.

OWASP Application Security Verification Standard
Jim Manico, Andrew Van der Stock, Daniel Cutbert
Project Page: https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project#Version_3_.282015.29
I'm really proud to announce that the latest Application Security Verification Standard (ASVS) 3.0 is ready.

OWASP Mobile Security Project
Milan Singh Thakur, Jonathan Carter
Project Page: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Guide_Development_Project
Download: https://drive.google.com/file/d/0BxOPagp1jPHWczhwYjRQNzZIekU/view?usp=sharing
The APPSEC Approach - Download OWASP-Mobile Security Testing Guide BETA

OWASP Seraphimdroid v.2 Nikola Milosevec
Download: https://play.google.com/store/apps/details?id=org.owasp.seraphimdroid
Project Page: https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project
OWASP Seraphimdroid V2 has been released as a result of OWASP Summer Code Sprint. The mission of OWASP Seraphimdroid is to create, as a community, an open platform for education and protection of Android users against privacy and security threats. OWASP Searaphimdroid is an Android privacy and security protection application with secondary aim to make mobile security, threats and risks visible to users.

ZAP Scripting Competition Results

ZAP Scripting Competition results are now available at https://www.owasp.org/index.php/2015-08-ZAP-ScriptingCompetition.

For more information about OWASP Projects, please visit the Project Wiki Page

OWASP Code Review Guide Survey

The OWASP Code Review Guide team surveyed attendees at AppSec USA to find out how attendees rated the effectiveness of various security tools/reviews at finding issues, such as business logic problems, or each of the OWASP Top 10. Our intention was to evaluate if Secure Code Review (the topic of our guide) is seen as an effective security process in an organizations SDLC. The Survey results will be included in the next version of the guide.

New Initiative: OWASP Research

OWASP Research is an initiative to start developing OWASP projects in the field of innovative research,specifically new ways to protect web applications by applying out of the box concepts and technological developments. Contact Johanna Curiel for details or visit http://www.owasp.org/index.php/Global Initiatives#Research.


Conference

Global AppSec Events

AppSecEU 2016, 27 June to 1 July 2016, Rome, Italy

Mark your Calendar! AppSECEU 2016 is coming to Rome, Italy on 27 June to 1 July 2016!

The Call for Trainings is Now Available! Deadline for proposals: 31 December, 2015.

The Call For Papers is open until January 15, 2016. Submit yours soon.

Regional and Local Events

AppSec Rio de la Plata 2015, December 1, 2015 - December 3, 2015, Montevideo, Uruguay

German OWASP Day, December 1, 2015 - December 3, 2015

OWASP Gothenburg Day, December 8, 2015, Gothenburg, Sweden

AppSec Cali 2016, Jan. 25, 2016 - Jan. 27, 2016, Santa Monica, CA

New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand

Conference Videos

AppSecUSA Videos from 21 of our sessions and keynotes are now available on YouTube. Look for more uploads to come featuring keynotes, special panels and talks.

Videos from our OWASP Eastern European Conference are also available on YouTube.

Stay tuned for videos from last week's LASCON (Lonestar Application Security Conference) event in Austin, TX, USA.

Partner and Promotional Events

OSCON Amsterdam, October 26 - October 28, 2015 Amsterdam, The Netherlands

SecureWorld Expo - Bay Area, November 4, 2015, San Jose Marriott, CA, USA

4th Annual CISO ASIA Summit & Roundtable, November 2, 2015 - November 4, 2015 Harbour Grand Kowloon, Hong Kong

Blackhat Europe 2015, November 10, 2015 - November 13, 2015 Amsterdam, The Netherlands

SC Congress Boston, November 12, 2015 Metro Metting Centers Boston, MA, USA

SC Congress Chicago, November 17, 2015 Revel @ Fulton Market Chicago, IL, USA

SANS CyberTalent Fair, November 19, 2015, Virtual On-line

CyberSecure December 15 - 16, 2015 The Sheraton Times Square New York, NY, USA

CodeMash January 5 - 8, 2016 Sandusky, Ohio, USA

BSides Lagos January 22, 2016 Nigeria

SC Congress London, February 10, 2016 ILEC Conference Centre London, UK

SC Congress Toronto, June 1, 2016 - June 2, 2016 Metro Convention Center Toronto, CN


Ads are not endorsements and reflect the messages of the advertiser only.They represent co-marketing arrangements
with other organizations in support of the OWASP Community.   CLICK HERE for more information on advertising.

Qualys CD Networks Rapid 7
Rapid 7 Black Hat Europe 2015, Amsterdam, 10-13 November, €200 Discount Owa2Br

chapters

We had a lot of activity in our chapters since our April 21 Connector: 18 New Chapters (red), 13 Leadership Transitions (pink), two New Student Chapters (blue) and six new Academic Supporters (light blue). Click on the map to see our newest chapters.

OWASP Chapter Activity Map, as of October 2015

New Chapters

Atlantic Canada: Leader, Scott Deveaux, scott.deveaux@owasp.org

Bhopal, India: Leader, Akshay Sharma, akshay.sharma@owasp.org

Bulawayo, Zimbabwe: Trevor Sibanda leader, trevor.sibanda@owasp.org

Cagayan Valley, Philippines: Leader, Charmagne Cumigad,charmagne.cumigad@owasp.org

Cape Town, South Africa: Leader, Timo Goosen, timo.goosen@owasp.org

Colorado Springs: Leader, Mike Forgione, mike.forgione@owasp.org

Cotonou, Benin: Leader, Apollin Moyo, apollin.moyo@owasp.org

Columbia, SC, USA: Leader, Frank Catucci, frank.catucci@owasp.org

El Salvador: Leader, Nelson Chacon, nelson.chacon@owasp.org

Gwalior, India: Sumit Ojha leader,sumit.ojha@owasp.org

Kern County, CA, USA: John Stampfli leader, john.stampfli@owasp.org

Madurai, India: Leader, M.S. Siva Kumar

Odessa, Ukraine: Leader, Vladimir Garbuz, vladimir.garbuz@owasp.org

Panay, Philippines: Francis AI Victoriano leader,francis.victoriano@owasp.org

Southern New Hampshire, USA: Leaders, James Burroughs, Edmond Holohan and Garrett Klok

Spotsylvania, VA, USA: Leader Arnold Webster arnold.webster@owasp.org

Stamford, CT, USA: Maria Sette leader,maria.sette@owasp.org

Taguig, Philippines: Gil Tario II leader, gil.tario@owasp.org

Trinidad and Tobago: Laura Bigram leader, laura.bigram@owasp.org

Chapter Transitions

Bhopal, India: New Leader added Nandan Yadav, Nandan.Yadav@owasp.org

Bristol, UK: Katy Anton and Sash Rigby, katy.anton@owasp.org,sash.rigby@owasp.org

Brooklyn, NY, USA: Added leaders Emily Wicki and Nicole Becher,emily.wicki@owasp.org,nicole.becher@owasp.org; Loren Davie is stepping down.

Charlotte, NC, USA: New leader Rob Taylor rob.taylor@owasp.org

Cyprus: New leaders, Christos Papadopoulos,christos.papadopoulos@owasp.org and Yiannis Ioannides,yiannis.ioannides@owasp.org

Iceland: New Leaders, Þröstur Spörri Jónasson, Sigmundur Jónsson, Thorlaug Agustsdóttir, Sverrir Davíðsson, Theodor Gíslason,throstur.sporri.jonasson@owasp.org,sigmundur.jonsson@owasp.org,thorlaug.agustsdottir@owasp.org, ,sverrir.davidsson@owasp.org,theodor.gislason@owasp.org

Khartoum, Sudan: New leaders added, Ahmed Abbas ahmed.abbas@owasp.org, Asim Jaweesh asim.jaweesh@owasp.org, and Obay Albadri obay.albadri@owasp.org

Kenya/Nairobi: The inactive Nairobi chapter will merge with Kenya. Kenya team is incorporating historical info on past Nairobi meetings on their page. Nairobi leaders have been invited to join Kenya leadership team.

Kolkata, India: Added leader Dibyendu Sikdar, dibyendu.sikdar@owasp.org

Manila, Philippines: Jan Jancosin (jan.jancosin@owasp.org) added to leadership team

Orange County, CA, USA: New leader, Haral Tsitsivas, haral.tsitsivas@owasp.org

Pune, India: New leader, Ashwini Paranjpe, ashwini.paranjpe@owasp.org

New Zealand: New leader added in Wellington, Kirk Jacksonkirk.jackson@owasp.org

New Student Chapters

IIT Kanpur Student Chapter, Kanpur, India

University Lucian Blaga of Sitiu, Romania

New Academic Supporters

Anglia Ruskin University, Cambridge, UK

De La Salle University, Philippines

Masinde Muliro University of Science and Technology, Kenya

Philippine Institute of Cyber Security Professionals, Manila, Philippines

Rotterdam University of Applied Sciences, Rottterdam, Netherlands

Universiti Tecknologi Malaysia, Kuala Lumpur, Malaysia

Chapter Activities

On October 12 2015, OWASP Panay chapter leader Francis Victoriano presented OWASP Top 10 at Aklan State University and at Filamer Christian University, a future academic supporter, on October 21. Almost 300 students attended the latter event, and they are planning to invite OWASP Panay next year.

On October 7, OWASP Kerala hosted sessions at PRS College with an amazing turn out of more than 150 students from various semesters of Computer Science and Electronics Department - organized in multiple sessions throughout the day with back to back non stop sessions. It was a great event and was so exciting to interact with the students. The engineering schools in Kerala, India under the Kerala State University system have signed on as OWASP Academic Supporters.

Kerala PRS College

We at the OWASP Global Foundation are looking forward to hearing about more such events in future.

Share your chapter's successes! Submit your stories here


Membership

Premier Corporate Members

  • Salesforce
  • Qualys

Contributing Corporate Members

  • Autodesk
  • Veracode
  • Sonatpe
  • Checkmarx
  • Protiviti
  • HERE North America
  • Thoughtworks
  • UPS
  • Rapid 7
  • Brocade
  • SMARTRAC TECHNOLOGY GMBH
  • CD Networks
  • Information Builders
  • Security Compass
  • Synopsys NE
  • GoSecure
  • AsTech Consulting
  • Imperva
  • Johnson Controls
  • ClassDojo

Social Media

OWASP Social Media Site

No comments: