Wednesday, January 27, 2016

OWASP Connector Newsletter - January 27, 2016

January 27, 2016 | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
Communications

2016 OWASP Strategic Goals

OWASP in the News

OWASP Podcasts

projects

Project Review Team Members Announced

OWASP Proactive Controls Top
Ten V2 Release

OWASP Security Knowledge Framework Project Release

New Cornucopia Web Edition

ZAP: XCOLD Information Leaks

Transaction Authorization Cheat Sheet Update

ZSC Tools Volunteers Needed

Conference

Global AppSec Events

Local and Regional Events

Partner and Promotional Events

chapters

New OWASP Chapters

Chapter Restarts

Chapter Transitions

New Student Chapters

Chapter Activities

membership

Corporate Members: Why Not
You?

Social Media

OWASP Foundation Social Media


Communications

2016 OWASP Strategic Goals Announced

The 2016 OWASP Strategic Goals are available to review. Five goals will guide our programs in the coming year:
  1. Education & Training
  2. Expand Outreach, specifically to the Developer Community
  3. Mature the OWASP Projects Platform
  4. Community & Chapter Support
  5. Enhance the OWASP Infrastructure
Look for an update shortly on the OWASP Blog from the board for further details.

OWASP in the NEWS!

Security Innovation Making Splash OWASP AppSec California - BusinessWire 1/25/2016

OWASP's Revamped Developer Guide will Help You Pass Pen Tests (Interview with Andrew Van der Stock on OWASP Application Security Verification Standard 3.0)- The Register 1/12/2016

Security Brief - Protecting Against the OWASP Mobile Top 10 - App Developer Magazine 1/7/2016

OWASP AppSec EU made list of the Top 11 Security Conferences in the world! - Tripwire 1/5/2016

OWASP Podcasts

OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.

What's in Store for the OWASP 24/7 Podcast Series in 2016

projects

Project Review a Team Members Announced

We are happy to announce that we have formed a team of volunteers for the Project Review Committee to relaunch the Project review team and incentives for projects.

  • Timo Goosen
  • Christo Goosen
  • Enrico Branca
  • Johanna Curiel
  • Tom Brennan ==> As part of the Board members and now leading Projects
We are redefining the goals of the Project Review Team (mostly known as the Project task force) but we want to create clear goals by redefining some of the original committee goals launched almost 2 years ago.

Main changes to this committee goals will be:

  • Handling the process for starting new projects and reviewing submitted proposals
  • Guide new leaders to take that idea into a feasible and realizable project
  • Create webinars/meetings with regional leaders to promote guidelines
  • Create a Handbook & Guidelines for starting a new project and maintaining the project guidelines
  • Implement a portal for project reviews & reporting through Github which Enrico has already worked on Automation and monitoring of new projects and existing projects
  • Implement a fixed QA review for project graduation with professional testers as we did back in 2014 major reviews
  • Look for sponsors and create specific budget for the committees activities
  • Create incentives for projects as explained on this proposal: https://docs.google.com/document/d/1PvNeEWgoO1w51VhHLwqqSgo0mBh-RvmSFUKMTz4QrYg/edit#heading=h.lw77ixr6kxi

If you want to be part of the team and would like to provide feedback. We are looking for:

  • Evaluators of new projects
  • Season Reviewers for quarterly major reviews
  • Help monitor the wiki pages and alerts
Keep in mind you can always provide feedback anytime through: https://groups.google.com/a/owasp.org/forum/#!forum/owasp-project-reviews


OWASP Proactive Controls Top Ten V2 Release

We just released the OWASP Proactive Controls Top Ten v2. (Download PDF). Big thanks Jim Bird and Katy Anton for their dedication in making this release a reality. This document is a "developer centric" answer to the OWASP Top Ten. It's meant to be an awareness document to inform developers about the basics of building secure software. As a process, we made the document "world editable" and fielded literally hundreds of community change requests (many from anonymous sources) from to hopefully represent consensus in our community. 

Thanks to everyone who helped make this happen. We hope it helps serve the cause in some way.


OWASP Security Knowlege Framework Project Release

A new release of the OWASP Security Knoledge Framework project is available! https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework
https://www.securityknowledgeframework.org


Cornucopia Web Edition Released

OWASP Cornucopia project co-leader Darío De Filippis conceived, created and published a wiki version of "OWASP Cornucopia - Ecommerce Website Edition", the web application security training and threat modeling card game. The wiki deck, comprising 91 new pages, complements the existing print versions and provides a single place to easily browse around the suits and cards, jump to the relevant cross-references, and most importantly includes an extra technical note for each card. The technical notes supplement the card text, providing additional information on each threat and attack. It also aids game play by providing some clarification between cards which at first might seem similar.


The project team welcomes any contributions to correct, extend, and improve the technical notes for each card. 

The wiki deck can be found at:
https://www.owasp.org/index.php/Cornucopia_-_Ecommerce_Website_Edition_-_Wiki_Deck


The main project page, including FAQs, how to play video, presentation, and how to obtain the decks of cards is at https://www.owasp.org/index.php/OWASP_Cornucopia

ZAP: XCOLD Information Leaks

Have you heard about X-ChrOmeLogger-Data (XCOLD) Information leaks? No?? Then you better read the latest ZAP Newsletter!
http://zaproxy.blogspot.co.uk/2016/01/zap-newsletter-2016-january.html


Transaction Authorization Cheat Sheet Update

An updated version of our Transaction Authorization Cheat Sheet available:
https://www.owasp.org/index.php/Transaction_Authorization_Cheat_Sheet


ZSC Tools Volunteers Needed

The ZSC Tool project needs volunteers. For details, visit https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project



Conference

Global AppSec Events

OWASP AppSecEU

The European OWASP Conference is going to be one of the best ever.
Do not miss this opportunity!
7 June - 1 July 2016


Thanks to the impressive number of paper submissions received, the qualified organisations and people that submitted them and the important sponsors, this will be one of the best OWASP conferences ever. Do not miss the opportunity to hear and share ideas and knowledge with a wide number of experts!

The next OWASP AppSecEU (http://2016.appsec.eu/) will take place at the Marriott Park Hotel in Rome, Italy.

The Open Web Application Security Project is an open-source project for application security. OWASP provides advice on the creation of secure Internet applications and testing guides.

It boasts a strong global community with more than 45,000 participants, more than 55 corporate members and 20 academic supporters through 249 active local chapters in 6 continents and 97 countries.

More than 800 people are expected at the event, with 3 days of training followed by the 2-day conference that includes:
  • Five parallel talks with focus on the OWASP core mission (Dev, Ops, Hack, CISO and Research);
  • Keynotes from industry leaders;
  • Exhibition spaces that offer innovative solutions for the needs of companies.
Do not miss the opportunity to participate as SPONSOR to this high level conference, mentioned in Tripwire as a TOP 11 SECURITY CONFERENCE IN 2016.

More details on registration, program and speakers will be sent in a forthcoming communication.

Please contact us with any questions or comments you may have at the following address:
appseceu2016@owasp.org


Other Global AppSec Events

AppSecUSA 2016 will be held on 11-14 October 2016 in Washington DC. Mark your calendars!

Regional and Local Events

AppSec Cali 2016, Jan. 25, 2016 - Jan. 27, 2016, Santa Monica, CA

New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand

Snow FROC 2016, February 18, 2016, Denver, CO

Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America

CyberSecurity 2016, May 16, 2016 - May 20, 2016, New York, NY, USA

AppSec ASIA 2016, May 19, 2016 - May 22, 2016, Wuhan, China

Partner and Promotional Events

IoT Evolution Expo, January 25 - 28 , 2016 Ft. Lauderdale, FL - OWASP Members receive 25% off the list ticket cost by using discount code: OWASP

SC Congress London, February 10, 2016 ILEC Conference Centre London, UK

Blackhat Asia 2016, March 31 - April 1, 2016 Marina Bay Sands, Singapore. OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316

SC Congress Toronto, June 1, 2016 - June 2, 2016 Metro Convention Center Toronto, CN



Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements
with other organizations in support of the OWASP Community. CLICK HERE for more information on advertising.

chapters

New Chapters

Chapters Restarts

Transitions

New Student Chapter

  • Amity University Rajasthan-Jaipur
    Contact: Harsh Bothra (hani22499@gmail.com), student leader
     
  • Information Technology Institute, Cairo, Egypt
    Faculty Advisor: Mrs. Lamia Mostafa, (lmostafa@mcit.gov.eg)
Learn more about our Student Chapters and Academic Supporter programs.

Notable Chapter Activity

Funding Updates

Some of our chapters and projects that ended the year with less than $500 will be seeing an increase in their funding allocations. It is our hope that these addition will help active chapters to jumpstart their activities for the new year without worry that they will not be able to afford to host a meeting. Chapters and projects with current activity and at least two leaders got an increase and we will soon announce a series of calls to discuss ideas for renewed activities.

One of the best ways for our projects and chapters to raise funds is to recruit new, paid memberships and local sponsors. Individual memberships are a low $50 per year (pro rated in some countries) and corporate memberships are available at $5,000, $20,000 and $50,000, a portion of which can be allocated to a chapter and/or project. Local sponsorships are available in smaller amounts and can be allocated directly to a project or chapter, making a valuable contribution to their activities. Interested local sponsors can make a contribution via the "Donate" button on your favorite chapter or project's wiki page.

Please show your support for OWASP Projects and Chapters by becoming an Individual or Corporate member today!

We at the OWASP Global Foundation are looking forward to hearing about more such events in future.

Share your chapter's successes! Submit Your Stories


Membership

New Contributing Corporate Members

Thanks to all of our Premier and Contributing Corporate Members for your support in 2015!

Social Media

OWASP Social Media Site

No comments: