Thursday, January 14, 2016

January 2016 - Community News Flash

January 2016 Community News Flash
In this Issue:
  • FEATURE: OWASP Global AppSec 2017 - Call for Proposals!
  • FUNDING: Updated Balances, Time to Plan for 2016
  • PROJECTS: What's Right, What's Wrong & What Needs to Change
  • CHAPTERS: New Chapters, Leader Transitions, Meeting Ideas for 2016
  • EVENTS: Upcoming Local and Regional Events
  • RESOURCES: List of Resources in this Issue
FEATURE: OWASP Global AppSec 2017 - Call for Proposals!

OWASP encourages any community member interested in hosting an OWASP Global Conference to submit a proposal.

The dates of each OWASP Global AppSec conference (or Tour) vary somewhat each year but ideally the conference is held:
  • Latin America (this may be a Latam Tour instead) - Q1
  • Europe - Q2
  • North America - Q3
  • Asia Pacific (this may be an Asia Tour instead) - Q4
To bid for a 2017 OWASP Global AppSec please complete the OCMS form with the following information before February 29th, 2016.
  1. The proposed city and host chapter.
  2. The name of the intended local organizer and his/her team committed to the task for 2016 along with a brief explanation on why the conference committee wants to organize an OWASP Global AppSec.
  3. Previous conferences or local/regional events experience of the conference committee.
  4. The intended dates for the conference. (Typically includes 2 days of pre-conference training, followed by 2 days of conference talks).
  5. Venue recommendations. If possible, assurance that the following will be available:
    • Green room, storage room, breakout rooms, etc.
    • A large auditorium. Other lecture rooms near the main auditorium.
    • Projection facilities in all rooms up to modern standards.
    • A suitable mixing space near the rooms for registration, breaks and other activities.
    • A hall near the rooms for sponsor exhibitions.
    • If possible, attach a tentative floor plan design.
  6. Budget. Please use the Application Form on google docs (Since many of the categories of expenses are optional, consider this a check list. You can add as many items as you want and you do not need to fill in every box if you do not want it to be included in your event.)
  7. Possible "big name" speakers in AppSec who might be plenary speakers with low travel costs.
  8. Any other relevant information.
By submitting an application, you are already demonstrating your commitment to OWASP. Hosting a conference requires both a commitment and a great deal of responsibility. A lot of time, energy and effort are needed during the proposing, planning and implementing phases of hosting a conference. For more information see the How to Host a Conference page. We really appreciate every proposal we receive. The selection process that will be made by the OWASP operations team.

Application submission begins January 1st. The deadline for applications isFebruary 29th. Applicants will be notified by March 18th.

Should you have any questions concerning the proposal process or need assistance with you application, please do not hesitate to contact me.

We are looking forward to your proposals!

Laura Grau
Global Conference Manager
OWASP Foundation

FUNDING: Updated BalancesPer recent changes to our funding procedures some of our chapters and projects that ended the year with less than $500 will be seeing an increase in their funding allocations. Only those with current activity and at least two leaders will see the increase. Please watch for a notice of your new funding balance. If you do not see an increase, be sure that your wiki page reflects your current activity and has contact information for at least two leaders. If you need assistance, let Community Manager, Noreen Whysel know at

Keep in mind also that one of the best ways to raise funds is to recruit new, paid memberships and local sponsors. Individual memberships are a low $50 per year (pro rated in some countries) and corporate memberships are available at $5,000, $20,000 and $50,000, a portion of which can be allocated to a chapter and/or project. Local sponsorships can also be allocated directly to your project or chapter. Direct prospective sponsors to the "Donate" button on your chapter or project's wiki page.

See the results of several board proposals affecting funding for 2016:

You may check your account balance and funding history here:

PROJECTS: What's Right, What's Wrong & What Needs to Change

OWASP Projects are the CORE of the Foundation. As we kick off 2016 join together with your peers to discuss PROJECTS: What's Right, What's Wrong & What Needs to Change.

When: Wed, Jan 27, 2016 3:00 PM - 4:00 PM EST

Volunteer Agenda
  • Source Legal Considerations for OWASP Project Leaders
  • Current Workflow (End-To-End / Lab - Flagship)
  • Identified Areas of Improvement
  • Establishing Regional Representation
    • Asia-Pacific Security Council (APSC)
    • North America Security Council (NASC)
    • Europe Middle East and Africa Security Council (ESC)
    • Latin America Security Council (LASC)
  • Sprints, Sabbaticals & Summits
You can be part of the problem or the solution... that choice is yours - forward as appropriate.

Moderator: Tom Brennan, Volunteer

Call for Comments: OWASP Projects Handbook

What makes a good project great? We know you want to make great projects. The OWASP Projects Handbook can help. And now that we have come together as a community to discuss making great projects, it's time to give us your feedback.

A Call for Comments on the OWASP Projects Handbook update is now open. We invite project participants to visit the OWASP Projects Handbook draft on Google Docs and enter comments. You can also download a PDF version from the OWASP Projects wiki page and forward comments to Claudia Aviles-Casanovas at

Project Updates

OWASP Security Knowledge Framework: A new release of the OWASP-SKF project is now available!

This new release contains a lot of new features such as:
  • User management and project assignment
  • The implementation of the new ASVS 3.0 version
  • New knowledge base items

ASVS: The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls. Jim Manico will host a call on March 22 to discuss new features in ASVS. Save the date to your calendar and sign up be reminded as we get closer:

For more information about the ASVS project, read this latest interview with Andrew van der Stock from The Register:

ASVS v3.0.1 has been committed into GitHub and uploaded to our translation platform on Crowd In. The call for translations for the ASVS project remains open.

You can reach Andrew van der Stock about volunteering at

OWASP 24/7 PodCasts

Created by Mark Miller, OWASP 24/7 Podcasts offer a great forum for getting an update on projects. Listen to interviews with project leaders at

CHAPTERS: New Chapters, Leader Transitions, Meeting Ideas for 2016
New Chapters
Restarted Chapters
Leader Transitions
  • Charlottesville/Southwest Virginia: Jeffrey Collyer and Phil Offield expanding the Charlottesville chapter to include Lynchburg and area colleges. The new chapter will be renamed Southwest Virginia
  • London: Sam Stepanyan and Sherif Mansour Farag, new leaders. Huge thanks to Justin Clarke, Tobias Gondrom, and Dennis Groves who are stepping down as London leaders.
There are many leader openings for chapters that have gone inactive, particularly in the Middle East and Africa. Go to the Volunteer page for a listing of open positions:

New Student Chapters
  • Information Technology Institute, Cairo, Egypt
    Faculty Advisor: Mrs. Lamia Mostafa (
  • National School of Business Management, Sri Lanka
    Leader: Ruwan Ranganath (
Learn more about our Student Chapters and Academic Supporter programs.

Notable Chapter Activity

OWASP Delhi submitted a comprehensive year end report for chapter activities since its restart in January 2014 complete with photographs and a summary of expenses. Also a Video from the March 2015 meeting was sent by the CISO of Sapient who served as host for that meeting. Chapter Leader Sandeep Singh would like to offer this reporting structure as a model for other chapters to adopt in planning the year's activities. You can View the Report in Google Docs.

While you are planning for 2016, here is a great idea that Tom Brennan passed along. This year, Tom will be serving as the Chairman of the NYMJCSC: New York Metro Joint Computer Security Conference, an annual event that is in its third year in NYC. Last year's event included the following organizations:
  • InfraGard (New York Metro)
  • ISACA (New York Metro, New Jersey and Greater Hartford Connecticut)
  • (ISC)2 (New Jersey)
  • ISSA (New York)
  • OWASP (New York Metro, Long Island, Brooklyn)
  • HTCIA (North East Region)
  • ACFE (New Jersey)
The New York City chapter advertises this event as a multi-track meeting for October. Wouldn't it be great for all OWASP Chapters to collaborate with other industry peer groups in October (which is Cyber Security Awareness Month in the US)?

The NYMJCSC 2016 website is in the planning stage, but you can visit the NYMJCSC 2015 event website at: for details. If you are in the New York City area this Fall, the Save the Date is October 5th.

Restarting an Inactive Chapter

If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:

EVENTS: Upcoming AppSec Events

Global AppSec Events

The Call for Papers for AppSec Europe 2016 ends on the 15th of January. That's TOMORROW! Be sure to send in your abstracts today:

Did you know that OWASP's AppSec Europe event made TripWire's Top 11 Security Conferences? Read more at OWASP AppSec EU made TripWire's list of the Top 11 Security Conferences in the world? We are very proud of our AppSec Europe team.
  • AppSec Europe 2016, 30 June - 1 July, 2016, Rome, Italy
  • AppSec USA 2016, 11 October - 14 October 2016, Washington
Regional and Local Events

The Call for Papers for AppSec Asia 2016 is open through 15th of February. Be sure to send in your abstracts:
Partner and Promotional Events
  • BSides Lagos: January 22, 2016, Nigeria
  • SC Congress London: February 10, 2016, ILEC Conference Centre London, UK
    Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
  • Blackhat Asia 2016: March 31 - April 1, 2016, Marina Bay Sands Singapore
    OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316
  • SC Congress Toronto: June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN
    Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
Watch the AppSec Conference page for updated event listings. Be sure to enter your upcoming event into the OWASP Conference Management System so we can promote it and provide assistance.


Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at

Noreen Whysel
Community Manager
OWASP Foundation

Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.

No comments: