Wednesday, December 16, 2015

December 2015 - Community News Flash

December 2015 Community News Flash

Happy Holidays!

As we enter the holiday season, I am reminded that I have just passed my one year mark as your Community Manager with the OWASP Foundation. I have been happy and honored to meet everyone in our community and help get your chapter and project activity running smoothly.

A lot has happened over the year. We hired a Projects Coordinator, Claudia Aviles-Casanovas to provide additional guidance and support for project teams. We have successfully hosted dozens of events worldwide, including sell-out AppSecUSA and AppSec Europe events as well as LATAM, Project Summits and many major regional events. We have added 35 new chapters and welcomed nearly 70 new chapter leaders. We have 142 active projects and a newly updated review process currently evaluating several projects for graduation to incubator and lab status.

As we say goodbye to 2015 and look to the future, please share your OWASP New Year's Resolutions by using hashtag #OWASPYNewYear on Twitter. We will be looking for good ones to share with our community, and hope to find some ideas to support worldwide for 2016.

We would like to thank all of our project and chapter leaders and volunteers for all of your hard work and dedication to making the OWASP Community shine. Thank you and we look forward to sharing further successes in 2016.

Noreen Whysel
Community Manager
OWASP Foundation

In this Issue:
  • FEATURE: Chapter/Project Budgets and Funding Update
  • PROJECT UPDATES: ToolsWatch Survey 2015, Project Activity, Latest Releases
  • CHAPTER ACTIVITY: New Chapters, New Academic Supporters, Leader Transitions
  • VOLUNTEERING: Call for Translations
  • EVENTS: Upcoming Local and Regional Events
  • RESOURCES: List of Resources in this Issue
FEATURE: Chapter/Project Budgets and Funding Update

Over the past month we held online sessions to go over the new budgeting rules for chapters with more than $5000 and those with less than $500 available in their funding allocations. Thanks to all chapters who submitted budgets for 2016 by the Dec 1 deadline. If anyone is still having difficulty with their budgets, please reach out ot me or to Paul Ritchi for guidance.

For those Chapters and Projects with <$500, if you were not able to attend any of our calls to discuss the new funding rules, these meetings were recorded and can be viewed at the following link:

See the results of several board proposals affecting funding for 2016:

You may check your account balance and funding history here:

PROJECT UPDATES: ToolsWatch Survey 2015, Latest Releases

ToolsWatchSurvey 2015

Simon Bennetts asks you to please vote for you favorite OWASP security tools in the Toolswatch '2015 Best Security Tool' survey:

In 2014 OWASP tools came in at number:

2. ZAP
5. Xenotix

and in 2013:

1. ZAP
5. Xenotix
10. O-SAFT

Project Activity

Claudia Aviles-Casanovas, our Projects Coordinator, has shared her latest Project Task Force Update. The task force is still seeking volunteers to review the OWASP SeraphimDroid Project:

Maura Van Der Linden has been contracted by Simon Bennetts to help with the new intro document to get users who are new to pen testing started in ZAP.

Thank you to Gabriel Gumbs for the donation:

For anyone who wants to help with our Free Training initiative, Gabriel personally welcomes more contributions. Visit:

Latest Releases

OWASP Mth3l3m3nt Framework User Guide
Project Leader: Munir Njiru
Project Page:
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots, say no to runaway web shells and yes to centrally managed herds in large penetration testing engagements.
OWASP 24/7 PodCasts

Created by Mark Miller, OWASP 24/7 Podcasts offer a great forum for getting an update on projects. Listen to interviews with project leaders at

New Chapters
Leader Transitions
There are many leader openings for chapters that have gone inactive, particularly in the Middle East and Africa. Go to the Volunteer page for a listing of open positions:

New Student Chapters
New Academic Supporters
  • Chelyabinsk State University, Chelyabinsk, Russia
    Faculty Contact: Elena Feldman,
  • Competency Center for Applied Security Technology, Darmstadt, Germany
    Faculty Contact: Andreas Heinnemann,
  • Mannheim University of Applied Sciences, Mannheim, Germany
    Faculty Contact: Sachar Paulus,
  • Ngaoundèré University
    Faculty Contact: Franklin Tchakounté,
Learn more about our Academic Supporter program.

Notable Chapter Activity

The Charlottesville, Virginia chapter is planning to expand to include the Lynchburg and Roanoke areas. The new chapter will be renamed OWASP Southwest Virginia and will be led by Jeffrey Collyers and Phil Offield. The expansion is expected to leverage the large number of universities in the region. Details coming in January. Thanks to both for recharging application security in Southwest Virginia!

Vlatko Kosturjak sent us photos from OWASP Croatia's OWASP Application Security Summer School held in September at Fakultet Organiazacije Informatike (FOI). The program included speakers from industry and academia, who are experts in the field of web application security. The program presented students with practical, industrial problems focusing on attacks against web applications and protect against those attacks. The Summer School is an intensive program that includes 8h lectures and training sessions over 4 days, plus an additional, independent student project. The event was free for all students of FOI, and provided a certificate of completion.

OWASP Delhi NCR will be prsenting a meeting this Saturday, December 19 from 11am to 3pm IST. Featured talks will include "Cyber Security in NextGen Air Transportation System" presented by Vippan Raj Dutt, "Hardware Trojans" by Anupam Tiwari, and Part 1 of "CTI & Incident Response - A Love Story" with Sandeep Singh.

OWASP Panay, Philippines continues to be active spreading application security knowledge among university campuses this December. Chapter leader, Francis Victoriano was invited as Resource Speaker in West Visayas State University's Janiuay Campus, to introduce the OWASP Foundation and present on Web Application Security Risks and Countermeasures. 415 student attended. Francis hosted a question and answer session and Hacking Demo. He was also invited as Resource Speaker at Capiz State University's Pontevedra Campus to Talk about Web Applications with SQL Injection Demo. More than 200+ students attended this event. Take a look at photos from these events on OWASP Panay's Facebook page.

If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:

VOLUNTEERING: Call for Translators

Andrew van der Stock has issued a call for translations for the ASVS project!

As such, we've committed v3.0.1 into GitHub and uploaded it to Crowd In:

You don't HAVE to use Crowd In, but it would be nice to indicate to other native speakers of your language that you are willing to work together. This is a 70 page document, and in all honesty, will take a dedicated person a week or more to translate, so please please please work together rather than apart. You have full access to the original document and the original images.

In the next month or so, Andrew would like to close out all the issues logged in GitHub, so he will give active translators a heads up of any changes to the master document, so again, a good reason to use Crowd In so we know who you are.

If there are any incomprehensible English idiom or phrases in there, please don't hesitate to ask for clarification, because if it's hard to translate, it's almost certainly wrong in English as well. You can reach Andrew at
EVENTS: Upcoming Local and Regional Events
OWASP AppSec Europe 2016: First Time in Rome!


Don't miss the opportunity to present your Paper!
27 June - 1 July 2016

The next OWASP AppSecEU ( will take place at the Marriott Park Hotel in Rome, Italy.

The Open Web Application Security Project is an open-source project for application security.

To all Country Chapters Leaders:

Don't miss the opportunity to share and discuss your ideas and knowledge with other experts and practitioners. Present your paper now!!

Spread the knowledge of this big opportunity within your chapter and push towards Universities, Research Centers, Industries, asking to present papers in order to make this conference a unique one!!

Topics of interest include, but are not limited to:
  • Novel web vulnerabilities and countermeasures
  • New technologies, paradigms, tools
  • OWASP tools or projects in practice
  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Browser security
  • Mobile security and security for the mobile web
  • REST/SOAP security
  • Security of frameworks
  • Large-scale security assessments of web applications and services
  • Privacy risks in the web and the cloud
  • Management topics in Application Security: Business Risks, Awareness Programs, Project Management, Managing SDLC

To submit a proposal use EasyChair.

The program committee will review your submission based on a descriptive abstract of your intended presentation. Feel free to attach a preliminary version of your presentation if available, or any other supporting materials. Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly as accepted abstract and bio submitted will be published 1:1 on our site. If your presentation is accepted for inclusion in the conference program, you are free to submit a white paper describing your work, which will be added to the website.

Important dates:
  • Submission deadline: January 15th, 2016
  • Notification of acceptance: February 29th, 2016
  • Conference date: June 30th - July 1st, 2016

Call for Training:

Call for Presentation:

Sponsorship Document:

Regarding sponsorship, please let us know if you are interested in one of the options because we have already received several requests and we would like to sign all the contracts as soon as possible (within 31 Dec. 2015).

More Upcoming Events
  • AppSec Cali 2016, January 25, 2016 - January 27, 2016, Santa Monica, CA
  • New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand
  • CyberSecurity 2016, May 16, 2016 - May 20, 2016, New York, NY, USA
  • AppSec ASIA 2016, May 19 2016 - May 22, 2016, Wuhan, China
Partner and Promotional Events
  • ACSAC 2015 Conference: December 7 - 11, 2015, Los Angeles, CA
  • CyberSecure: December 15 - 16, 2015, The Sheraton Times Square New York, NY
    OWASP members receive 20% by using their @owasp email account and discount code: OWASP15
  • CodeMash: January 5 - 8, 2016, Sandusky, Ohio.
  • BSides Lagos: January 22, 2016, Nigeria
  • SC Congress London: February 10, 2016, ILEC Conference Centre London, UK
    Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
  • Blackhat Asia 2016: March 31 - April 1, 2016, Marina Bay Sands Singapore
    OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316
  • SC Congress Toronto: June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN
    Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
2015 Global Board of Directors Election

OWASP Tool Projects:

OWASP Code Project(s):

Chapter Leader Handbook:

Funding Resources:

Donation Scoreboard - Current Chapter and Project Funding Allocations:

AppSecEU 2016:

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at

Noreen Whysel
Community Manager
OWASP Foundation

Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.

No comments: