|The Toolswatch 2015 Surveyresults are in:|
ZAP is #1
OWTF is #10
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.
Download these tools at:
Thank you to everyone who voted for OWASP tools! And congratulations to our ZAP and OWFT project teams
Surf to Snow in January!
#2 of our 2016 Strategic Goals is to become more involved in the Developer community. We are pleased to report tremendous turnout for our recent outreach events, Codemash in chilly Ohio and AppSec California in sunny Santa Monica.
CodeMash is a unique event that seeks to educate developers on current practices, methodologies, and technology trends in a variety of platforms and development languages such as Java, .NET, Ruby, Python and PHP.
A breakdown of this tremendous event:
OWASP Foundation participated as a Gold level sponsor. Bill Sempf, the project leader of the OWASP .NET Project and chapter leader for OWASP Columbus, served on the Session Committee helping to review over 1000 submissions. We have been proud to partner with Codemash over the past two years and are seeking similar opportunities worldwide.
AppSec California is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies. The third annual event taking place last month fulfilled all expectations bridging the local application security and developer communities for a beautiful weekend on the California coast.
Tell Us About Your Favorite Developer Events!
We are looking for developer events to attend. Please Rate the top Developer Conferences where you would like to see OWASP participate. The survey will be open until EOD Feb, 29, 2016.
Be sure to register for our upcoming events, such as Blackhat Asia 2016 on March 31 - April 1, 2016 at Marina Bay Sands, Singapore and invite your colleagues.
OWASP in the NEWS!
Match.com Learns that Encryption Alone Isn't Enough - ComputerWorld 2/19/2016
Severe Glibc Flaw Puts Every Linux Machine in Danger - CIO Today 2/17/2016
OWASP In Depth: An Interveiw with Jim Manico - SysCon Media 2/9/2016
OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.
OWASP Top 10 Proactive Controls Project with Jim Manico and Katy Anton
The OWASP WebGoat Project, version 7.0, with Bruce Mayhew
What's in Store for the OWASP 24/7 Podcast Series in 2016
Webgoat v.7 released. Listen to our podcast as Bruce Mayhew explains the new version. The WebGoat Project started 10 years ago and has had over 1,000,000 downloads. Version 7.0 is being released this week. Matt Miller caught with Bruce Mayhew, project lead, to talk about the history of the project, what has been updated in version 7, and what he foresees as the future of this project. Project Page: http://www.owasp.org/index.php/CategorY:OWASP_WebGoat_Project.
OWASP ZSC Project
OWASP ZSC is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. Shellcodes are small codes in assembly which could be use as the payload in software exploiting. Other usages are in malwares, bypassing anti viruses, obfuscated codes and etc. Obfuscate codes can be use for bypassing antiviruses, code protections, same stuff, etc. This software can be run on Windows/Linux/OSX under python.
Why use OWASP ZSC?
According to other shellcode generators such as metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shellcodes with random encodes that lets you to get thousands of new dynamic shellcodes with the same job in just a second, it means you will not get a same code if you use random encodes with same commands, and that makes OWASP ZSC one of the bests! otherwise it's going to generate shellcodes for other operation systems in the next versions. It's the same story for the code obfuscation.
Learn more at: https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project.
ESAPI project co-leader, Kevin Wall announced his team has just tagged (and signed) a new ESAPI release. The tag name is esapi-22.214.171.124. There are 36 GitHub issues that were closed. You can find full details at: https://github.com/ESAPI/esapi-java-legacy/blob/master/documentation/esapi4java-core-126.96.36.199-release-notes.txt. Note that there are also some important changes made to the GitHub repo itself. Specifically, we have chosen to adopt a git workflow based on this blog: http://nvie.com/posts/a-successful-git-branching-model/, where all the new development work will be done on the 'develop' branch and the 'master' branch will henceforth reflect the latest official ESAPI release.
Please help us to make @owasp ZAP even better for you by answering the ZAP User Questionnaire.
AppSec Europe 2016, 30 June - 1 July, 2016, Rome, Italy. Call for Lightning Trainings closes April 30. Call for Activities closes April 30.
AppSec USA 2016, 11 October - 14 October 2016, Washington, DC
Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America
AppSec ASIA 2016, May 19, 2016 - May 22, 2016, Wuhan, China
ONE2ONE SUMMIT, February 27 - February, 29, 2016, Parc 55 San Francisco, CA
CISO Middle East Summit & Roundtable, February 29 - March 3, 2016, Habtoor Grand Hotel Dubai, The UAE. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016
Blackhat Asia 2016: March 31 - April 1, 2016, Marina Bay Sands Singapore, OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316
Connected Security Expo, April 6 - April 8, 2016, Sands Expo Las Vegas, NV
QuBit Conference, April 12 - April 14, 2016, Grandior Hotel Prague. OWASP members can save 10% by using their OWASP email address and discount code: OWASP*2016
13th Annual CISO Europe Summit & Roundtable 2016, May 10 - May 13, 2016, Copenhagen Marriott, Denmark. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016
ONE2ONE SUMMIT, May 23 - May 25, 2016, Hotel Monteleone, New Orleans, LA
Hack in the Box: May 26-27, 2016, Amsterdam, The Netherlands
SC Congress Toronto: June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN. Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
Techno Security & Forensics Investigations Conference / Mobile Forensics World: June 5 - June 8, 2016, Myrtle Beach, SC, OWASP Members save 30% by using your @owasp email address and discount code: OWASP16
ICCS 2016: July 25 - July 28, 2016, Fordham University at Lincoln Center, New York, NY
Black Hat USA 2016: July 30 - August 4, 2016, Las Vegas, NV
BSides Las Vegas: August 2 - August 3, 2016, Las Vegas, NV
ONE2ONE SUMMIT: September 14 - September 16, 2016, Boca Beach Club, Boca Raton, FL
(ISC)2 Security Congress EMEA 2016: October 18-19, 2016, Croke Park Stadium Dublin, Ireland
Ads are not endorsements and reflect the messages of the advertiser only.They represent co-marketing arrangements
with other organizations in support of the OWASP Community. CLICK HERE for more information on advertising.
OWASP New Zealand and the University of Aukland presented its seventh annual OWASP New Zealand Day on February 4. The OWASP New Zealand Day conference is a free, one-day event dedicated to application security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications. The conference was preceded by a training event on February 3. Slide decks are posted to the 2016 OWASP New Zealand Day website.
A Cozy Evening at Snow FROC 2016
Snow FROC 2016, took place this past week on February 18 in Denver, Colorado. The OWASP Colorado chapters hosted 200 developers, business owners, and security professionals for a day of presentations, training, and bonding. Jeremiah Grossman, Founder of WhiteHat Security, gave the keynote address, followed by a 2-track session and a parallel hands-on course.
Lunch and Learn with OWASP NYC/NJ
The OWASP NYC chapter has begun a series of virtual lunch and learn sessions about projects. The first call on February 23 featured the OWASP Benchmark project with Dave Wichers. Next month they will feature ASVS with Jim Manico. Full details for the 2016 program is available online at: http://www.meetup.com/metrocsc/. Raising appsec visibility one meeting at a time locally and globally, join us!
Share Your Stories!
We at the OWASP Global Foundation are looking forward to hearing about more such events in future. Share your chapter's successes! Submit your stories to firstname.lastname@example.org.
OWASP Membership is a great way to contribute to our local chapters and projects. A portion of your membership can be allocated to teh chapter and/or project of your choice. Please show your support for OWASP Projects and Chapters by becoming an Individual or Corporate member today!