|The 2016 OWASP Strategic Goals are available to review. Five goals will guide our programs in the coming year:
Security Innovation Making Splash OWASP AppSec California - BusinessWire 1/25/2016
OWASP's Revamped Developer Guide will Help You Pass Pen Tests (Interview with Andrew Van der Stock on OWASP Application Security Verification Standard 3.0)- The Register 1/12/2016
Security Brief - Protecting Against the OWASP Mobile Top 10 - App Developer Magazine 1/7/2016
OWASP AppSec EU made list of the Top 11 Security Conferences in the world! - Tripwire 1/5/2016
OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.
What's in Store for the OWASP 24/7 Podcast Series in 2016
|We are happy to announce that we have formed a team of volunteers for the Project Review Committee to relaunch the Project review team and incentives for projects.|
Main changes to this committee goals will be:
If you want to be part of the team and would like to provide feedback. We are looking for:
We just released the OWASP Proactive Controls Top Ten v2. (Download PDF). Big thanks Jim Bird and Katy Anton for their dedication in making this release a reality. This document is a "developer centric" answer to the OWASP Top Ten. It's meant to be an awareness document to inform developers about the basics of building secure software. As a process, we made the document "world editable" and fielded literally hundreds of community change requests (many from anonymous sources) from to hopefully represent consensus in our community.
Thanks to everyone who helped make this happen. We hope it helps serve the cause in some way.
A new release of the OWASP Security Knoledge Framework project is available! https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework
OWASP Cornucopia project co-leader Darío De Filippis conceived, created and published a wiki version of "OWASP Cornucopia - Ecommerce Website Edition", the web application security training and threat modeling card game. The wiki deck, comprising 91 new pages, complements the existing print versions and provides a single place to easily browse around the suits and cards, jump to the relevant cross-references, and most importantly includes an extra technical note for each card. The technical notes supplement the card text, providing additional information on each threat and attack. It also aids game play by providing some clarification between cards which at first might seem similar.
The project team welcomes any contributions to correct, extend, and improve the technical notes for each card.
The wiki deck can be found at:
The main project page, including FAQs, how to play video, presentation, and how to obtain the decks of cards is at https://www.owasp.org/index.php/OWASP_Cornucopia
Have you heard about X-ChrOmeLogger-Data (XCOLD) Information leaks? No?? Then you better read the latest ZAP Newsletter!
An updated version of our Transaction Authorization Cheat Sheet available:
The ZSC Tool project needs volunteers. For details, visit https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
The European OWASP Conference is going to be one of the best ever.
Do not miss this opportunity!
7 June - 1 July 2016
Thanks to the impressive number of paper submissions received, the qualified organisations and people that submitted them and the important sponsors, this will be one of the best OWASP conferences ever. Do not miss the opportunity to hear and share ideas and knowledge with a wide number of experts!
The next OWASP AppSecEU (http:
The Open Web Application Security Project is an open-source project for
It boasts a strong global community with more than 45,000 participants, more than 55 corporate members and 20 academic supporters through 249 active local chapters in 6 continents and 97 countries.
More than 800 people are expected at the event, with 3 days of training followed by the 2-day conference that includes:
More details on registration, program and speakers will be sent in a forthcoming communication.
Please contact us with any questions or comments you may have at the following address:
Other Global AppSec Events
AppSecUSA 2016 will be held on 11-14 October 2016 in Washington DC. Mark your calendars!
AppSec Cali 2016, Jan. 25, 2016 - Jan. 27, 2016, Santa Monica, CA
New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand
Snow FROC 2016, February 18, 2016, Denver, CO
Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America
CyberSecurity 2016, May 16, 2016 - May 20, 2016, New York, NY, USA
AppSec ASIA 2016, May 19, 2016 - May 22, 2016, Wuhan, China
IoT Evolution Expo, January 25 - 28 , 2016 Ft. Lauderdale, FL - OWASP Members receive 25% off the list ticket cost by using discount code: OWASP
SC Congress London, February 10, 2016 ILEC Conference Centre London, UK
Blackhat Asia 2016, March 31 - April 1, 2016 Marina Bay Sands, Singapore. OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316
SC Congress Toronto, June 1, 2016 - June 2, 2016 Metro Convention Center Toronto, CN
Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements
with other organizations in support of the OWASP Community. CLICK HERE for more information on advertising.
Some of our chapters and projects that ended the year with less than $500 will be seeing an increase in their funding allocations. It is our hope that these addition will help active chapters to jumpstart their activities for the new year without worry that they will not be able to afford to host a meeting. Chapters and projects with current activity and at least two leaders got an increase and we will soon announce a series of calls to discuss ideas for renewed activities.
One of the best ways for our projects and chapters to raise funds is to recruit new, paid memberships and local sponsors. Individual memberships are a low $50 per year (pro rated in some countries) and corporate memberships are available at $5,000, $20,000 and $50,000, a portion of which can be allocated to a chapter and/or project. Local sponsorships are available in smaller amounts and can be allocated directly to a project or chapter, making a valuable contribution to their activities. Interested local sponsors can make a contribution via the "Donate" button on your favorite chapter or project's wiki page.
Please show your support for OWASP Projects and Chapters by becoming an Individual or Corporate member today!
We at the OWASP Global Foundation are looking forward to hearing about more such events in future.
Share your chapter's successes! Submit Your Stories