Thursday, February 25, 2016

OWASP Connector Newsletter - February 25, 2016

OWASP Global Connector
Communications

ZAP Tops Toolswatch 2015 Survey!

OWASP Outreach - Surf to Snow in January

OWASP in the News

OWASP Podcasts

projects

New Project Releases

ZAP User Survey

Conference

Global AppSec Events

Local and Regional Events

Partner and Promotional Events

chapters

New OWASP Chapters

Chapter Restarts

Chapter Transitions

New Student Chapters


Chapter Activities

membership

New Contributing Corporate Members

Renewing Premier Corporate Members

Renewing Contributing Corporate Members

Social Media

OWASP Foundation Social Media


Communications

ZAP Tops Toolswatch 2015 Survey!

The Toolswatch 2015 Surveyresults are in:

ZAP is #1
OWTF is #10

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.

Download these tools at:
ZAP: https://www.owasp.org/index.php/ZAP
OWTF: https://www.owasp.org/index.php/OWASP_OWTF

Thank you to everyone who voted for OWASP tools! And congratulations to our ZAP and OWFT project teams

Surf to Snow in January!

#2 of our 2016 Strategic Goals is to become more involved in the Developer community. We are pleased to report tremendous turnout for our recent outreach events, Codemash in chilly Ohio and AppSec California in sunny Santa Monica.

CodeMash is a unique event that seeks to educate developers on current practices, methodologies, and technology trends in a variety of platforms and development languages such as Java, .NET, Ruby, Python and PHP.

A breakdown of this tremendous event: 
  • 2500 attendees
  • 1000 kids
  • 202 speakers
  • 84 staff
  • 280 sessions
    Sessions included 40 hours of security content, with 2 days of training by Jim Manico and Bill Sempf.

    OWASP Foundation participated as a Gold level sponsor. Bill Sempf, the project leader of the OWASP .NET Project and chapter leader for OWASP Columbus, served on the Session Committee helping to review over 1000 submissions. We have been proud to partner with Codemash over the past two years and are seeking similar opportunities worldwide.


    AppSec California is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies. The third annual event taking place last month fulfilled all expectations bridging the local application security and developer communities for a beautiful weekend on the California coast.


    Tell Us About Your Favorite Developer Events!


    We are looking for developer events to attend. Please Rate the top Developer Conferences where you would like to see OWASP participate. The survey will be open until EOD Feb, 29, 2016.

    Be sure to register for our upcoming events, such as Blackhat Asia 2016 on March 31 - April 1, 2016 at Marina Bay Sands, Singapore and invite your colleagues.


    OWASP in the NEWS!

    Match.com Learns that Encryption Alone Isn't Enough - ComputerWorld 2/19/2016

    Severe Glibc Flaw Puts Every Linux Machine in Danger - CIO Today 2/17/2016


    OWASP In Depth: An Interveiw with Jim Manico - SysCon Media 2/9/2016



    OWASP Podcasts

    OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.

    OWASP Top 10 Proactive Controls Project with Jim Manico and Katy Anton


    The OWASP WebGoat Project, version 7.0, with Bruce Mayhew


    What's in Store for the OWASP 24/7 Podcast Series in 2016


    projects

    New Project Releases

    WebGoat V.7

    Webgoat v.7 released. Listen to our podcast as Bruce Mayhew explains the new version. The WebGoat Project started 10 years ago and has had over 1,000,000 downloads. Version 7.0 is being released this week. Matt Miller caught with Bruce Mayhew, project lead, to talk about the history of the project, what has been updated in version 7, and what he foresees as the future of this project. Project Page: http://www.owasp.org/index.php/CategorY:OWASP_WebGoat_Project.

    OWASP ZSC Project

    OWASP ZSC is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. Shellcodes are small codes in assembly which could be use as the payload in software exploiting. Other usages are in malwares, bypassing anti viruses, obfuscated codes and etc. Obfuscate codes can be use for bypassing antiviruses, code protections, same stuff, etc. This software can be run on Windows/Linux/OSX under python.

    Why use OWASP ZSC?
    According to other shellcode generators such as metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shellcodes with random encodes that lets you to get thousands of new dynamic shellcodes with the same job in just a second, it means you will not get a same code if you use random encodes with same commands, and that makes OWASP ZSC one of the bests! otherwise it's going to generate shellcodes for other operation systems in the next versions. It's the same story for the code obfuscation.


    Learn more at: https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project.

    ESAPI

    ESAPI project co-leader, Kevin Wall announced his team has just tagged (and signed) a new ESAPI release. The tag name is esapi-2.1.0.1. There are 36 GitHub issues that were closed. You can find full details at: https://github.com/ESAPI/esapi-java-legacy/blob/master/documentation/esapi4java-core-2.1.0.1-release-notes.txt. Note that there are also some important changes made to the GitHub repo itself. Specifically, we have chosen to adopt a git workflow based on this blog: http://nvie.com/posts/a-successful-git-branching-model/, where all the new development work will be done on the 'develop' branch and the 'master' branch will henceforth reflect the latest official ESAPI release.

    ZAP User Survey

    Please help us to make @owasp ZAP even better for you by answering the ZAP User Questionnaire.

    Conference

    Global AppSec Events

    AppSec Europe 2016, 30 June - 1 July, 2016, Rome, Italy. Call for Lightning Trainings closes April 30. Call for Activities closes April 30.

    AppSec USA 2016, 11 October - 14 October 2016, Washington, DC

    Regional and Local Events

    Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America

    AppSec ASIA 2016, May 19, 2016 - May 22, 2016, Wuhan, China

    Partner and Promotional Events

    ONE2ONE SUMMIT, February 27 - February, 29, 2016, Parc 55 San Francisco, CA

    CISO Middle East Summit & Roundtable, February 29 - March 3, 2016, Habtoor Grand Hotel Dubai, The UAE. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016

    Blackhat Asia 2016: March 31 - April 1, 2016, Marina Bay Sands Singapore, OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316

    Connected Security Expo, April 6 - April 8, 2016, Sands Expo Las Vegas, NV

    QuBit Conference, April 12 - April 14, 2016, Grandior Hotel Prague. OWASP members can save 10% by using their OWASP email address and discount code: OWASP*2016

    13th Annual CISO Europe Summit & Roundtable 2016, May 10 - May 13, 2016, Copenhagen Marriott, Denmark. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016

    ONE2ONE SUMMIT, May 23 - May 25, 2016, Hotel Monteleone, New Orleans, LA

    Hack in the Box: May 26-27, 2016, Amsterdam, The Netherlands

    SC Congress Toronto: June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN. Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM

    Techno Security & Forensics Investigations Conference / Mobile Forensics World: June 5 - June 8, 2016, Myrtle Beach, SC, OWASP Members save 30% by using your @owasp email address and discount code: OWASP16

    ICCS 2016: July 25 - July 28, 2016, Fordham University at Lincoln Center, New York, NY

    Black Hat USA 2016: July 30 - August 4, 2016, Las Vegas, NV

    BSides Las Vegas: August 2 - August 3, 2016, Las Vegas, NV

    ONE2ONE SUMMIT: September 14 - September 16, 2016, Boca Beach Club, Boca Raton, FL

    (ISC)2 Security Congress EMEA 2016: October 18-19, 2016, Croke Park Stadium Dublin, Ireland



    Ads are not endorsements and reflect the messages of the advertiser only.They represent co-marketing arrangements
    with other organizations in support of the OWASP Community.   CLICK HERE for more information on advertising.
    ICCS 2016, July 25-28, 2016, Fordham University, New York, NY, USA Black Hat Asia 2016, March 29-April 1, 2015, Marina Bay Sands, Singapore
    CISO Middle East, 1-3 March 2016, Habtoor Grand Hotel, Dubai, UAE


    chapters

    New Chapters

    Chapter Restarts

    Transitions


    New Student Chapter

    Learn more about our Student Chapters and Academic Supporter programs.

    Notable Chapter Activity

    OWASP New Zealand and the University of Aukland presented its seventh annual OWASP New Zealand Day on February 4. The OWASP New Zealand Day conference is a free, one-day event dedicated to application security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications. The conference was preceded by a training event on February 3. Slide decks are posted to the 2016 OWASP New Zealand Day website.

    Who attended?

    • Web Developers: The morning sessions introduced attendees to application security. Afternoon sessions took a deeper dive into technical topics, building on the morning sessions.
    • Management: After an introduction to web application security, one of the afternoon streams focused on informational and defensive topics.
    • Security Professionals and Enthusiasts: Technical sessions later in the day showcased new and interesting attack and defense topics.



    A Cozy Evening at Snow FROC 2016


    Snow FROC 2016, took place this past week on February 18 in Denver, Colorado. The OWASP Colorado chapters hosted 200 developers, business owners, and security professionals for a day of presentations, training, and bonding. Jeremiah Grossman, Founder of WhiteHat Security, gave the keynote address, followed by a 2-track session and a parallel hands-on course.

     


    Lunch and Learn with OWASP NYC/NJ


    The OWASP NYC chapter has begun a series of virtual lunch and learn sessions about projects. The first call on February 23 featured the OWASP Benchmark project with Dave Wichers. Next month they will feature ASVS with Jim Manico. Full details for the 2016 program is available online at: http://www.meetup.com/metrocsc/. Raising appsec visibility one meeting at a time locally and globally, join us!

    Share Your Stories!

    We at the OWASP Global Foundation are looking forward to hearing about more such events in future. Share your chapter's successes! Submit your stories to support@owasp.org.

    OWASP Membership is a great way to contribute to our local chapters and projects. A portion of your membership can be allocated to teh chapter and/or project of your choice. Please show your support for OWASP Projects and Chapters by becoming an Individual or Corporate member today!


    Membership

    New Contributing Corporate Members

    • Onward Security Corporation

    Renewed Corporate Members (Premier Level)

    • Adobe
    • Contrast Security

    Renewed Corporate Members (Contributor Level)

    • Aspect Security
    • CA Technology
    • NetSPI
    • Oneconsult AG
    • WhiteHat Security
    Your name here? Find out how by visiting our Corporate Supporters information page. Thanks to all of our Premier and Contributing Corporate Members for your support in 2015!


    Social Media

    OWASP Social Media Site

    1 comment:

    Be the one said...
    This comment has been removed by a blog administrator.