Tuesday, June 30, 2015

FINAL REMINDER HONORARY MEMBERSHIP DEADLINE IS TODAY!

=== FINAL REMINDER === DEADLINE IS TODAY ===


TODAY, TUESDAY JUNE 30, 2015 IS THE LAST DAY TO SUBMIT YOUR REQUEST FOR HONORARY MEMBERSHIP!  


IF YOU HAVE NOT SUBMITTED YOUR REQUEST TO APPLY FOR AN HONORARY MEMBERSHIP YOU MUST DO SO TODAY!



Monday, June 29, 2015

HONORARY MEMBERSHIP DEADLINE IS TOMORROW!

TOMORROW, TUESDAY JUNE 30, 2015 IS THE LAST DAY TO SUBMIT YOUR REQUEST FOR HONORARY MEMBERSHIP.

TO SEE IF YOU ARE ELIGIBLE AND TO SUBMIT YOUR REQUEST, VISIT
https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election#Honorary_Membership

Friday, June 26, 2015

June 2015 Community News Flash

Greetings OWASP Community,

It seems that Fabio Cerullo's guest article last month on creative uses for chapter money made a big impact on at least one project. Due to an outpouring of support, the ASVS project is now fully funded. We will be in touch with leaders who offered to make donations about alternative projects and initiatives that need support.

Please review last month's article to find more ideas for using your funds to support our mission to keep application security visible. There are many more projects, events, and underfunded chapters that could use support. You can use the donation form to make a direct donation to the projects or submit a request to donate some of your chapter allocation to another chapter or project.

A few deadlines: 
  • The 2015 Summer Code Sprint is accepting applications through July 3. This is a great opportunity for a student to get hands on skills as an "intern" on an OWASP project.
  • The WASPY Awards, recognizing unsung heroes of Web Application Security, is now seeking nominations through July 20.
So, read on for this month's News Flash and as always let me know if there is anything I can help with.

Cheers!

Noreen Whysel
Community Manager
OWASP Foundation


In This Issue:
  • FEATURE: Making Chapter Leadership Changes
  • Recent Chapter Activity
  • New OWASP.org Email Policy
  • Open Hours on Slack
  • AppSecUSA
  • Resources

FEATURE: Making Chapter Leadership Changes

Leadership Transitions

Chapter leaders serve as the main point of contact for the local chapter, and are responsible for ensuring that the local chapter fulfills its requirements. When it is time to make a change, we want to help ensure a smooth transition so the new leaders have all the information and resources they need to continue the mission.

When adding a new leader, this can be as simple as contacting us and telling us that you want to add a new leader. We will make sure the new leader gets an OWASP.org email account and is signed up for the leaders' mailing lists and that the chapter and member record indicates the new status.

Sometimes finding a new leader can be a challenge. While some chapters hold elections, others may struggle to find someone to step forward. Use your chapter mailing list or social media to announce open positions.The OWASP-Community mailing list is also a good way to reach a broader group for ideas on developing your leadership team. We are happy to help with ideas.

Social Media Accounts

Transitioning to a new leadership involves more than just opening an email account and subscribing to a mailing list. Leaders hold administrative passwords to social media accounts, events management systems, Github accounts and other resources that Foundation staff may not have access to. Remember to pass on login details to new leaders!

We have seen chapters that appear to have more than one Twitter and Facebook accounts. If a password is lost or a new leader has no access to the account, social media groups can end up abandoned or encourage spammers. Abandoned accounts can seem like ghost towns to potential new members and adding a new account is just confusing. Our options in this case are to try to reach the account holders to transfer admin rights or request that the provider shut down the account, which is a shame since we risk losing an important archive of chapter activities.

If you are aware of a legacy account on social media that you do not have access to, please let us know. We can try to reach past leaders by looking up alternate contact information in our member directory. Merging accounts may be possible on some platforms. As a last resort, we can attempt to get the provider to shut the account down. As owners of the OWASP Brand, we all have an interest in ensuring that all online OWASP presences are a vibrant and current reflection our ongoing mission.


NEW: OWASP.org Email Policy

The board has released an updated policy document regarding the use of owasp.org email accounts, including terms of use and a suggested signature format for highlighting projects. As before, owasp.org emails are a benefit of paid and honorary OWASP members. Chapter and project leaders may also request an account.

Please review the policy:


RECENT CHAPTER ACTIVITY

OWASP Morocco is curating a security track at DEVOXX Maroc 2015 on 16th-18th November 2015 (www.devoxx.ma). Devoxx Morocco is a rendezvous for learning, networking and sharing developer experiences about java and related technologies, software craftsmanship, technology trends and more! If would like to present, the call for presentations is open. Visit http://cfp.devoxx.ma for details.

Developer conferences such as DEVOXX Maroc 2015 are great ways to get the OWASP message out beyond our community. If you have information about a developer conference that OWASP members should present at or partner with, let us know!

New Chapters

Bhopal, India: Leader, Akshay Sharma, akshay.sharma@owasp.org
https://www.owasp.org/index.php/Bhopal

New Academic Supporters:

Universiti Tecknologi Malaysia, Kuala Lumpur
http://www.utm.my/

Academic Activities: Summer Code Sprint 2015

As part of our 2015 Summer Code Sprint, which just launched, I have completed an audit of the contacts at nearly 60 academic institutions that have been or currently are serving as Academic Supporters. We are reaching out to these institutions to help promote the visibility of application security in computer science curricula worldwide. If you know of a professor or teacher who might be interested in becoming an Academic Supporter, please forward a link to our application and program details.

If you know of any academic program or students who might be interested in teh Summer Code Sprint, please let them know about it. The deadline for Summer Code Sprint proposals is July 3. All students who complete the program will receive a grant of $1,500. Apply today!


TOOLS: OWASP-Community Open Hours on Slack

As you know, we have launched a Slack as a resource to discuss project and chapter activity. We recently added an owasp-community channel that will serve as a virtual Open Hours. I have selected Tuesdays from 10am-11am Eastern time as a weekly open hours slot. You can also suggest a time. Sign up at http://owasp.herokuapp.com.


EVENTS: AppSecUSA

The full agenda for speakers and lightning training sessions is now available for AppSecUSA to he held in San Francisco from September 22-25, 2015. View a recently released Highlights Video from last year's conference. We will also have a career fair and a fabulous dinner cruise on Thursday for all registered attendees. Register soon! http://www.appsecusa.org.

Plans are being made for a panel and workshop on Women in AppSec with a goal to introduce application security as a career option for women. For details, visit https://www.owasp.org/index.php/Women_In_AppSec and join the OWASP Women in AppSec Community Group, at https://myowasp.force.com.


RESOURCES

Funding Resources:
https://www.owasp.org/index.php/Funding

Donation Scoreboard - Current Chapter Funding Amounts:
https://docs.google.com/spreadsheets/u/2/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html

OWASP-Community Slack Channel:
https://owasp.slack.com/messages/owasp-community/

AppSecUSA:
http://2015.appsecusa.org/

Women in AppSec:
https://www.owasp.org/index.php/Women_In_AppSec

Chapter Leader Handbook: 
https://www.owasp.org/index.php/Chapter_Leader_Handbook


CONTACT ME

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case (Customer service request),please use the contact us form at http://www.tfaforms.com/308703.

Nominate your WASPY Candidates today!

2015 WASPY Awards

Everyone knows of at least one person who goes unrecognized for their contributions to the OWASP Foundation.  By nominating them for the 2015 WASPY Awards, is your chance to try and give them the recognition they deserve.  

For the Rules, Categories and Timeline of the Awards please visit our 2015 WASPY page and nominate some individuals today!

Tuesday, June 30 is the last day to submit your request for Honorary Membership

***REMINDER***

This Tuesday, June 30 is the LAST DAY to submit your request for Honorary Membership

If you would like to apply for a Honorary Membership and you meet the requirements, please submit your request here.

In order to vote in this years election, you need to be a current paid individual member with your membership on file prior to September 30, 2015 -OR- have a current Honorary Membership -OR- be a current Corporate Member of OWASP.

Tuesday, June 23, 2015

2015 WASPY Award Nominations



It’s that time of year again to start thinking about those individuals who go the extra mile, yet they never seem to receive the recognition they deserve. 


This year’s categories incorporate both our core values and our annual report theme. Hoping to identify more people within our community who “fly under the radar” individuals may nominate 1 person per category from each of our 7 regions.  Although you may, you do not have to nominate a person for each category or region. 

To learn more about the 2015 WASPY Awards including the timeline and rules, please visit https://www.owasp.org/index.php/WASPY_Awards_2015

Categories for WASPY Awards
1. Open/Leading -  This award goes to a member of the OWASP community who has supported the OWASP mission of transparency through their influence, management, and leadership in the community. This might be a chapter or project leader or may be someone who has worked within the community.
 
2. Integrity/Learning - OWASP is an honest and truthful, vendor neutral, global community. This award goes to an individual who recognizes the benefits of the power of the collective community within OWASP, who challenges the status quo, and generates an excitement in the learning community.

3. Innovation/Sharing - OWASP encourages and supports innovation and experiments for solutions to software security challenges. This award goes to an individual who has inspired and encouraged others in the arena of software security with innovative and cutting edge solutions to software security challenges.

4. Global/Growing - Around the world, OWASP encourages and supports innovation and experiments for solutions to software security challenges. This award goes to an individual who truly represents the OWASP Global scope and recognizes the importance of growth. The nominee reaches out beyond the OWASP circle to raise awareness of software security in locations outside of the OWASP comfort zone. 

Does that sound like someone you know? Nominate them now!

Thursday, June 18, 2015

OWASP Chapter & Project Leaders

Dear Leaders,

Please take a few moments and share the information below about the upcoming election on all of your chapters or projects preferred social media channels. 


Dear OWASP Community Members,

The 2015 Election is coming quick! I wanted to share some important information and deadline dates with you.  Please take the time to read this email and use the links provided.

  • Honorary Membership DEADLINE is June 30, 2015
To vote in this years election, you must have a membership that is in good standing on file with the Foundation prior to September 30, 2015.  You can purchase a membership or you can learn more about Honorary Membership and the qualifications here.  Not sure if you are a member? 

  • Call for Candidates is open until July 31, 2015
There are 4 seats up for this election.  To learn more about what it means to be a Global Board Member, please visit the Global Board of Directors Primary Responsibilities and be sure to check the Eligibility Requirements.

  • JUST OPENED! Call of Questions from the Community is open until July 31, 2015
Each year our candidates are interviewed and the recordings are posted to the election page. They are asked a series of questions that have been submitted by our community members.  We are NOW accepting these questions! You have the option to submit as many questions as you would like. You can also "vote up" an existing.  By checking a box on the form, your question can be submitted anonymously, so go ahead and ask! The top 4-5 questions will be used in this years candidate interviews. 

​Have a question about the election?
Please contact us 

Wednesday, June 17, 2015

Important Election Information Including Honorary Membership Deadline


The 2015 Election is coming quick! I wanted to share some important information and deadline dates with you.  Please take the time to read this and use the links provided. 
  • Honorary Membership DEADLINE is June 30, 2015
To vote in this years election, you must have a membership that is in good standing on file with the Foundation prior to September 30, 2015.  You can purchase a membership or you can learn more about Honorary Membership and the qualifications here.  Not sure if you are a member? 

  • Call for Candidates is open until July 31, 2015
There are 4 seats up for this election.  To learn more about what it means to be a Global Board Member, please visit the Global Board of Directors Primary Responsibilities and be sure to check the Eligibility Requirements.

  • JUST OPENED! Call of Questions from the Community is open until July 31, 2015
Each year our candidates are interviewed and the recordings are posted to the election page. They are asked a series of questions that have been submitted by our community members.  We are NOW accepting these questions! You have the option to submit as many questions as you would like. You can also "vote up" an existing.  By checking a box on the form, your question can be submitted anonymously, so go ahead and ask! The top 4-5 questions will be used in this years candidate interviews. 

    ​Have a question about the election? Please contact us!  

    Thursday, June 11, 2015

    Honorary Membership & Call for Candidates

    Don't forgot to submit your Honorary Membership request form.  All submissions MUST be received by June 30https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election#Honorary_Membership

    Our Call For Candidates is also OPEN!  There are 4 Global Board of Directors seats 
    available in this years election. If you are interested in running please visit our election page https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 



    Tuesday, June 2, 2015

    May 2015 Community Manager News Flash

    Greetings OWASP Community,

    This month, I offered my News Flash lead section to board member, Fabio Cerullo, who reported on the Chapter Leaders meeting at AppSecEU, held last week in Amsterdam. Fabio reports on the many ways that chapter leaders can use their funding. Remember, we are a nonprofit foundation and we do have a responsibility to spend our funding to further our mission. If your chapter is sitting on a lot of funds, read through the following ideas for spending them.

    Noreen Whysel
    Community Manager
    OWASP Foundation


    HOW TO: Spending OWASP Chapter Funds

    Last week the OWASP AppSec EU conference was held in gorgeous Amsterdam. I wanted to highlight the outstanding job done by the team... not only the event was amazing from start to finish and we set a new record in number of attendees for Europe (580+ to the conference / 140+ to the trainings) but also the energy shown by fellow OWASP leaders was truly contagious.

    One of the topics covered during the OWASP Chapter Leader workshop, that was attended by 20+ chapter leaders from all over the world, was on how to spend chapter funds according to OWASP rules a.k.a. The OWASP Chapter Handbook


    Here are some ideas:

    1) We are thinking on creating an initiative such as Brucon 5x5. 
    In case you haven't heard about it, I'm attaching an overview of this program. https://docs.google.com/file/d/0BzX1KEAVrdrCOHRBck9fZUhkMU0/edit

    it is basically an initiative that allocates 5K Euro/USD for 5 security research projects that could help to build a bridge between security researchers, students, hackers and professionals in the IT and security industry. You could run it at a local level among projects in your chapter or you could extend it to the rest of the world. Ideally, these projects when finished would then be presented at an OWASP AppSec conference.

    If you are interested in supporting this kind of activity, please get in touch. 

    2) Support/Adopt an OWASP Project to develop it further. In this case, you could pick a project and donate funds for translation efforts, write documentation, implement a new feature, bug fixes, etc. For translation efforts, you could hire professional translators to get it translated into any language using our official translation platform Crowdin. 


    For bug fixes, we have a platform called Bountysource that you basically allocate funds to a project of your choice and then developers earn "bounties" to fix those bugs in the code.


    For new features, on 1st June we are going to launch the OWASP Summer Code Sprint that allow students to work on OWASP projects during the summer and get paid a nominal amount (USD1500). The OWASP Foundation is funding 8 students to work on various projects but if you want to purchase a student slot for a particular project you could do so as well.


    3) Reward an active leader/member of your chapter to attend an OWASP Conference or Summit. Next AppSec conference: 


    4) Organise a Project Summit in your city to bring together academia, industry and professionals. For example: The very successful OWASP OpenSAMM Summit has been co-organised/sponsored by the OWASP Belgium & London chapters plus other industry organisations. 


    So I would encourage to check your chapter funds below and support these sort of activities:


    Also, if you don't currently have funds in your chapter but want to organise an activity there are funds available to do so.. please check out the type of activities below that you could request funding:


    Have a great day,

    Fabio


    CHAPTER ACTIVITY

    A new region has been set up for Caribbean countries to more accurately reflect chapters in that area. CuraƧao, Dominican Republic and Puerto Rico are now listed in the Caribbean list on the main chapter page. Puerto Rico, which is currently listed as an inactive chapter, will also appear in the United States list. Contact me if you are interested in restarting this chapter, or view a list of inactive chapters in the Volunteer page of our wiki: http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing

    OWASP Sydney's infosec community has hosted a number of interesting events, and are working with other industry organisations on collaborative content, first with Sectalks, and then with their local AISA chapter. Next up they plan to host a newbie night, called "Pentest 101." Chapter Leader, Norman Yue offered to share resources and bring this kind of event both across Australia and overseas. Visit OWASP Sydney's Meetup Group for details:

    Tom Brennan of OWASP NYC/Northern NJ reports that OWASP projects were featured as part of a Cybersecurity & Compliance panel discussion at the East Coast Gaming Congress on May 28th in Atlantic City. The event addressed the growing threat of cyber attacks in the context of online gaming:
    http://www.eastcoastgamingcongress.com/news/view/23/. The OWASP NYC also invited members to attend a June 11 screening of  "The Security Brief," a new show on Bravo, hosted by Paul Viollis.


    New Chapters

    Cape Town, South Africa: Leader, Timo Goosen, timo.goosen@owasp.org

    Columbia, SC, USA: Leader, Frank Catucci, frank.catucci@owasp.org

    El Salvador: Leader, Nelson Chacon, nelson.chacon@owasp.org

    Madurai, India (In Process): Leader, M.S. SivaKumar

    Southern New Hampshire, USA: The Kick-Off meeting has been scheduled for June 1 in Salem, NH. Visit the chapter page for details:


    Restarted Chapters

    Bristol, UK: Leader, Jason Alexander, jason.alexander@owasp.org. First meeting will be July 2. Visit the wiki page for details.

    Saint Louis, MO, USA: Leader, Justin Wood, justin.wood@owasp.org

    Vitoria, Brasil: Leader, Ulysses Monteiro, ulysses.monteiro@owasp.org
    Student Chapters and Academic Supporters:

    Anglia Ruskin, Cambridge, UK - Renewed academic supporter role and student chapter

    Kharkiv National University of Radio Electronic, Kharkiv, Ukraine - New mailing list

    Leeds Beckett University, Leeds, UK - NEW student chapter


    HONORARY MEMBERSHIPS for 2015-16

    The form to submit your Honorary Membership request is now available thru June 30 To be sure you qualify, please see https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election#Honorary_Membership


    TOOLS: OWASP Slack Now Available

    We have launched a Slack as a resource to discuss project and chapter activity. We now have 38 channels. sign up at http://owasp.herokuapp.com.


    COMMUNITY HANGOUT - April 30 Recording

    A recording of the April 30 Community Hangout, hosted by Tobias Gondrom, is available athttp://youtu.be/vffjs8Xbfjg. We discussed new #OWASP updates, #AppSec, our ops team and OWASP projects. Stay tuned for the next update announcement via Twitter and the owasp-community mailing list.


    EVENT: AppSecUSA

    AppSecUSA registration has launched. Visit http://2015.appsecusa.org/ for conference information and the registration form and follow us @AppSecUSA on Twitter. Please look for a separate mailing with information about accessing the Leader discount code. In the meantime, here is our press release announcing our Keynote lineup.


    EVENT: AppSecEU Slidedecks and Recordings

    The AppSecEU Team is gathering slides and videos from the event last week in Amsterdam. Some have already been posted to the @AppSecEU Twitter feed. Watch the AppSec.eu website for details.


    RESOURCES: In this Issue

    Funding Resources:
    Chapter Funding - Current Allocation (Donation Scoreboard):
    Chapter Leader Handbook: 

    Volunteer Opportunities:

    Honorary Membership Form:

    OWASP Slack Channels:

    April 30 Community Hangout:

    AppSecUSA:


    Contact Me

    Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.

    OWASP's AppSec USA 2015 Announces Keynote Speakers Yahoo CISO, Microsoft MVP

    Yahoo CISO and Microsoft MVP Join Web Application Experts Worldwide to Examine State of Security at Leading AppSec Conference in San Francisco Sept. 22-25


    SAN FRANCISCO, CA--(Marketwired - Jun 2, 2015) - The Open Web Application Security Project (OWASP), the worldwide nonprofit organization focused on improving the security of software, today announced Yahoo CISO Alex Stamos and Microsoft MVP Troy Hunt as the first two keynotes for AppSec USA 2015. The four-day security conference in San Francisco on Sept. 22-25, 2015 is where experts gather to discuss new research in application, DevOps and cloud security.
    "In an environment where advanced security threats are impacting businesses of all sizes, OWASP's mission is to make software security visible and at the forefront of business conversations," said OWASP Global Board Member and Twitter TISO Michael Coates. "We are excited to feature a keynote lineup of trusted industry experts who can speak to software security risks and best practices for the hands on practitioners and the C-suite."
    Microsoft MVP for Developer Security Troy Hunt: Troy is a Microsoft Most Valuable Professional for Developer Security and Author for Pluralsight. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distil complex subjects into relatable explanations. He has become an industry thought leader in the security space and produced many top-rated courses for Pluralsight.
    Yahoo CISO Alex Stamos: Alex was the co-founder of iSEC Partners and founder of Artemis Internet, two companies that continue to make the Internet a safer place. Alex has spent his career building or improving secure, trustworthy systems, and is a noted expert in Internet infrastructure, cloud computing and mobile security.
    AppSec USA 2015 will bring together the brightest minds in security technology innovation for attendees to hear about cutting edge approaches to secure web applications from developers, security experts and technologists and to discuss key challenges and priorities across development, security and the C-Suite.
    To participate in AppSec USA 2015, please register here. Discounted prices are available for early bird purchase. For more information about AppSec USA 2015, please visit the website.
    Additional keynotes will be published this summer and a full list of talks can be found here. Check back here for updates.
    About OWASPThe OWASP Foundation was founded in 2001 and was established as a nonprofit organization in the United States in 2004 to ensure the ongoing availability and support for our work at OWASP. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at www.owasp.org.