Friday, March 11, 2016

March 2016 Community News Flash

March 2016 Community News Flash
In this Issue:
  • MENTORS WANTED: Google Summer of Code 2016!
  • PROJECTS: SAMM Summit in NYC, Plus More Project News and Releases
  • CHAPTERS: New Chapters, Leader Transitions, Latest Chapter Activity
  • EVENTS: AppSec Europe and Other Upcoming Local and Regional Events
  • RESOURCES: List of Resources in this Issue

MENTORS WANTED: Google Summer of Code 2016!

OWASP has been selected as a Mentor Organization for
Google Summer of Code 2016!

We need your help in a making this program a success and the more mentors the more slots for OWASP!

Students will start applying for projects on March 14th but a lot of them are already exploring ideas on our corresponding wiki page:

How you can get involved:
If you are a project leader and would like for your project to participate add your idea on our GSOC 2016 Idea wiki page ASAP!

Become a Mentor:
Do you want to become a mentor for a student?

Choose a participating OWASP project from the wiki page listed below preferably the one you are most familiar with.


Touch base with the project leader and ask one of the org admins (Claudia, Kostas or Fabio) to send you an invitation and get you started today.

Help OWASP Invite Students:
Are you somehow affiliated with a university? Get in touch with students, inform them about the program and how they can participate with OWASP. Please direct students to the wiki page for details:

Please let us know if you need help or supporting material.

Thank you in advance for your time and look forward to your participation.

Konstantinos Papapanagiotou
Initiative Leader

Fabio Cerullo
Initiative Leader

Claudia Aviles-Casanovas
Project Coordinator

PROJECTS: SAMM Summit in NYC, Plus More Project News and Releases
SAMM Summit in NYC, April 20-21

We are excited to announce our second SAMM Summit on April 20-21 in New York!

The SAMM Summit is not a regular conference with speaking slots, but a summit "in OWASP Style (!)". We will work together in a 2-day sprint on SAMMv2.

If you are interested to contribute, you are most welcome!
  1. Either you bring in your knowledge of SAMM or other secure development methodology experience.
  2. Or as OWASP Project leader/contributor you research how we can better integrate SAMM with your project (and the other way around).
This is an excellent opportunity to influence the direction of SAMM and exchange experiences with your peers!

Testimonial from 2015:

"The SAMM summit provided an opportunity to breathe new life into a framework that I use to facilitate my day-to-day work and support my customers." Bruce C Jenkins, Fortify Security Lead, Hewlett-Packard Company

In the next weeks/months before the Summit we will create the SAMMv2 Product Backlog as basis towards the on-site Summit 2-day sprint (keep an eye on our mailing list -

For more information - check out the cool venue in SoHo! - and registration (free), goto:
Looking forward to see you in the Big Apple!

Kind regards,
SebaSAMM project

PS - feel free to forward this to people you think should participate! Or bring them in contact with me.

PPS - we are looking for sponsors for the Summit and SAMMv2 - feel free to contact Seba at for details.

Code Review Guide 2.0 Alpha Released

The alpha release for the Code Review Guide 2.0 has been released. Please see the project page for more details. plus a shout out to the Long Island OWASP group for helping with a working session.

Mobile Top Ten 2016 Released

The OWASP Mobile Top Ten 2016 has now been released for review and commentary. We are asking OWASP members to briefly look at the list and fill out a quick survey to give feedback on what should change. Check out the release candidate here -- Fill out the anonymous survey here -- After ~30 days, we will review the survey responses, update the list, and release it along with the final content for each item.

Follow OWASP Mobile Top Ten on Twitter at

OWASP Dependency Check v.1.3.5 Released

The OWASP dependency-check team is pleased to announce the release of version 1.3.5! Thanks to all those who have used the tool and provided feedback via the discussion group and issues in github. A special thanks goes out to those that have submitted pull requests! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Gradle Plugin, Jenkins Plugin).

OWASP 24/7 PodCasts

We now have 75 podcasts for your listening pleasure. Check these out!

DevOps, Security and Engineering at Slack with Slack's Senior Staff Security Engineers Leigh Honeywell And Ari Rubenstein

Security War Games with Sam Guckenheimer at Rugged DevOps RSAC 2016

Guns, Germs and Steel at RSAC 2016 with John Willis

Equal Respect: Women in Technology with Chenxi Wang

Created by Mark Miller, OWASP 24/7 Podcasts offer a great forum for getting an update on projects. Listen to interviews with project leaders at

CHAPTERS: New Chapters, Leader Transitions, Meeting Ideas for 2016

Notable Chapter Activity

On the heels of the recent Bsides event in Lagos, Nigeria, our OWASP Nigeria chapter held its first local chapter meeting in Lagos on February 13. The team posted some pictures on the OWASP Lagos Facebook page:

OWASP Nigeria plans to hold another event in Lagos this April with a goal toward inviting more external speakers, growing participation via social media and finding additional ways to contribute to application security awareness outside Nigeria. Keep an eye on this chapter!

OWASP Kerala has been conducting regular awareness talks for students and public. Enjoy some pictures from the past 4 events we organized in the past month at:
  • Institution of Engineers, Kerala State Centre
  • Trivandrum Tamil Sangham
  • Sarabhai Institute of Science and Technology
  • TKM College of Engineering

The audience varied from students ( in the engineering Colleges ) to senior and retired engineers ( at Institution of Engineers ) to general public ( at Trivandrum Tamil Sangham ). We are happy to see that people are receptive to security awareness and there's great response from their side and repeated requests.

New Chapters

Restarted Chapters
Leader Transitions
There are many leader openings for chapters that have gone inactive, particularly in the Middle East and Africa. Go to the Volunteer page for a listing of open chapter leader positions:

New Academic Supporters
New Student Chapters
Learn more about our Student Chapters and Academic Supporter programs.

Restarting an Inactive Chapter

If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:

EVENTS: Upcoming AppSec Events

Registration for the European OWASP Conference 2016 NOW OPEN!

Be ready to register for this not to be missed event on security!

27 June - 1 July 2016

Registration for the European OWASP conference in Roma is now open.

Visit and Register on the OWASP AppSecEU conference site:
Remember that if you are interested in hosting an activity at OWASP AppSec-Eu 2016 in Rome, now's your time to submit your idea.

The OWASP AppSec Europe is interested in considering a variety of potential activities during and around the conference.

Host an activity, tech-and no-tech / social activities are welcome!
Here are some ideas: Capture the flag, Lockpick village, Bug Bounty event, or something else…

Submission Process
Submit your activity below. The conference team will review submissions on a rolling basis. Activities do not have to be free to be considered, however, the total cost and value of the activity will be a part of the review process.

The call for activities is open until April the 30th!

Link to submission form:

Keep up to date on the latest news on the next OWASP AppSecEU. Visit the conference site:

The Open Web Application Security Project is an open-source project for application security. It boasts a strong global community with more than 45,000 participants, more than 55 corporate members and 20 academic supporters through 249 active local chapters in 6 continents and 97 countries.

More than 800 people are expected at the event, with 3 days of training followed by the 2-day conference.

More details on program and speakers will be sent in a forthcoming communication.

Global AppSec Events
Regional and Local Events
Project Summits
Partner and Promotional Events
Watch the AppSec Conference page for updated event listings. Be sure to enter your upcoming event into the OWASP Conference Management System so we can promote it and provide assistance.


Project Inventory:

Google Summer of Code 2016 Ideas:

Chapter Leader Handbook:

Funding Resources:

Donation Scoreboard - Current Chapter and Project Funding Allocations:

OWASP Conference Management System:


Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at

Noreen Whysel
Community Manager
OWASP Foundation

Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.

No comments: