Open Web Application Security Project: OWASP Connector Newsletter

Partner and Promotional Events

Contributing Corporate Members

OWASP in the NEWS!

Toolswatch '2015 Best Security Tool' survey: Please vote for your favorite OWASP security tools!

AppSec California Application and Web Security Training Sessions Announced, PR.com

Test-Aankoop: helft webwinkels niet goed beveiligd (Half of ecommerce websites tested not properly secured), Het Niewsblad (Belgium).

OWASP Podcasts

OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.

Mark Miller interviews Board members Tom Brennan and Josh Sokol about an upcoming event in NYC: OWASP Shark Tank - Could You Convince Someone to Invest in Your Project?

Mark Miller - OWASP 24/7 Podcast Series

OWASP Projects

ToolsWatchSurvey

Simon Bennetts asks you to please vote for you favorite OWASP security tools in the Toolswatch '2015 Best Security Tool' survey: http://www.toolswatch.org/2015/11/vote-for-2015-best-security-tool/

In 2014 OWASP tools came in at number:

2. ZAP
5. Xenotix
7. OWTF

and in 2013:

1. ZAP
5. Xenotix
10. O-SAFT

Project Reviewers Needed

Thank you for volunteering!

Timo Pagel, Munir Njiru, Ricardo Campo and Jorge Stephan and Nikola Milosevic

The Volunteer Board has a number of openings:

OWASP Security Shepherd - Project Reviews will be available on the Leader List the week of 12/7 OWASP Security Logging Project - One Volunteer still needed
OWASP Security Knowledge Framework - One Volunteer still needed
OWASP SeraphimDroid Project - Needs Two Volunteers
OWASP Java Encoder Project - Needs Two Volunteers
OWASP Jave HTML Sanitizer Projects - Needs Two Volunteers
OWASP API Security Project - New Incubator needs Two Volunteers

Thank you in advance for your efforts and time.

Project Task Force

Initiative Leader:
Claudia Aviles-Casanovas
Project Coordinator
claudia.aviles-casanovas@owasp.org
Phone:973-288-1697

OWASP PodCasts created by Mark Miller offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.

Latest Releases

OWASP Mth3l3m3nt Framework User Guide
Project Leader: Munir Njiru
Download: https://github.com/alienwithin/OWASP-mth3l3m3nt-framework/wiki
Project Page: https://www.owasp.org/index.php/OWASP_Mth3l3m3nt_Framework_Project
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots, say no to runaway web shells and yes to centrally managed herds in large penetration testing engagements.

	OWASP Events
Global AppSec Events
	AppSec EU 2016 is coming to Rome, Italy on 27 June to 1 July 2016! The Call for Trainings is Now Available! Deadline for proposals: 31 December, 2015. The Call For Papers is open until 15 January 2016. Submit yours soon. We are now accepting sponsorships for AppSec EU 2016. For information visit the AppSec EU Sponsor Information Page and Download the Flyer. Other Global AppSec Events We are still accepting sponsorships for AppSec Cali 2016 to be held in Santa Monica, California on January 25-27, 2016. Visit the website for details. We are pleased to announce that AppSecUSA 2016 will be held on 11-14 October 2016 in Washington DC. Mark your calendars!
Regional and Local Events AppSec Rio de la Plata 2015, December 1, 2015 - December 3, 2015, Montevideo, Uruguay German OWASP Day, December 1, 2015 - December 3, 2015 OWASP Gothenburg Day, December 8, 2015, Gothenburg, Sweden AppSec Cali 2016, Jan. 25, 2016 - Jan. 27, 2016, Santa Monica, CA New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand CyberSecurity 2016, May 16, 2016 - May 20, 2016, New York, NY, USA The first Conference Videos Videos from LASCON, (Lonestar Application Security Conference) in Austin, TX, USA, are now available on Vimeo. Partner and Promotional Events CyberSecure December 15 - 16, 2015 The Sheraton Times Square New York, NY, USA CodeMash January 5 - 8, 2016 Sandusky, Ohio, USA BSides Lagos January 22, 2016 Nigeria SC Congress London, February 10, 2016 ILEC Conference Centre London, UK Blackhat Asia 2016, March 31 - April 1, 2016 Marina Bay Sands, Singapore. OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316 SC Congress Toronto, June 1, 2016 - June 2, 2016 Metro Convention Center Toronto, CN

Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements
with other organizations in support of the OWASP Community. CLICK HERE for more information on advertising.

Black Hat Asia 2015, Singapore, March 29- April 1, 2016, USD$200 Discount: OWBR0316

OWASP Chapters

New Chapters

Indore, India: Rani Jha rani.jha@owasp.organd Gagan Shrivastavagagan.shrivastava@owasp.org, leaders
https://www.owasp.org/index.php/Indore

Chitwan, Nepal: Sachin Karki sachin.karki@owasp.org, leader
https://www.owasp.org/index.php/Chitwan

Chapters Restarts

Albany, NY, USA: Steve Thomas steve.thomas@owasp.org is the new leader. Many thanks to Susanna Bresold for her many years of service as chapter leader.
https://www.owasp.org/index.php/Albany

Maine, USA: Casey Dunham leader, casey.dunham@owasp.org
https://www.owasp.org/index.php/Maine

Milwaukee, MN, USA: Doug Rogahn doug.rogahn@owasp.org, Zach Grace zach.grace@owasp.org, and Ryan Kane ryan.kane@owasp.org leaders
https://www.owasp.org/index.php/Milwaukee

Qatar: Mohamed Hassan Mohamed.hassan@owasp.org and Mostafa Siraj mostafa.siraj@owasp.org
https://www.owasp.org/index.php/Qatar

Transitions

Nigeria: New leaders in Lagos, Nigeria - Damilare Fagbeni damilare.fagbeni@owasp.org, Ayodeji Okikiolu ayodeji.okikiolu@owasp.org, and Olufuwa Tayo olufuwa.tayo@owasp.org
https:www.owasp.org/index.php/Nigeria

New Academic Supporters

Chelyabinsk State University, Chelyabinsk, Russia
Faculty Contact: Elena Feldman, fr221a@gmail.com
http://www.csu.ru/en/

Competency Center for Applied Security Technology, Darmstadt, Germany
Faculty Contact: Andreas Heinnemann, andreas.heinemann@cast-forum.de
http://www.cast-forum.de/

Kharkiv National University of Radio Electronics: Faculty Member, Arkadii Snigurov tkvt@kture.kharkov.ua
http://www.nure.ua

Learn more about our Academic Supporter program

Notable Chapter Activity

Ashwini Paranjpe of the OWASP Pune chapter reported they completed their second chapter discussion at PTC. She would like to thank Manish and Sumita for a wonderful presentation on OWASP top 5 issues. And thanks to Sajith and PTC folks for arranging venue and tea/coffee for our chapter discussion. Note that presentation slide deck is uploaded at https://www.owasp.org/index.php/Pune#tab=Presentations

The next Pune chapter meeting is scheduled for 17th December and will cover remaining 5 OWASP vulnerability issued, followed by a technical presentation on any security topic. Visit the Pune chapter wiki page for details or to volunteer.

The NYC/NJ Chapters are trying something new at the December 7th meeting: two projects will make pitches to a crowd of 300, with two angel investors in attendance. They address questions such as "What does it take to get a project funded with limited resources?" How to fund of projects and how to allocate your personal time. Mark Miller interviewed Tom Brennan, OWASP Board member and event organizer, and OWASP Board member Josh Sokol as well as two people who will be pitching their projects. Listen in to see if this is something you might want to do for your chapter or project.
http://www.trustedsoftwarealliance.com/2015/11/25/owasp-shark-tank-could-you-convince-someone-to-invest-in-your-project/

We at the OWASP Global Foundation are looking forward to hearing about more such events in future.

Share your chapter's successes! Submit your stories here

OWASP Membership