- MENTORS WANTED: Google Summer of Code 2016!
- PROJECTS: SAMM Summit in NYC, Plus More Project News and Releases
- CHAPTERS: New Chapters, Leader Transitions, Latest Chapter Activity
- EVENTS: AppSec Europe and Other Upcoming Local and Regional Events
- RESOURCES: List of Resources in this Issue
Google Summer of Code 2016!
We need your help in a making this program a success and the more mentors the more slots for OWASP!
Students will start applying for projects on March 14th but a lot of them are already exploring ideas on our corresponding wiki page: https://www.owasp.org/index.php/GSOC2016_Ideas
How you can get involved:
If you are a project leader and would like for your project to participate add your idea on our GSOC 2016 Idea wiki page ASAP!
Become a Mentor:
Do you want to become a mentor for a student?
Choose a participating OWASP project from the wiki page listed below preferably the one you are most familiar with.
Touch base with the project leader and ask one of the org admins (Claudia, Kostas or Fabio) to send you an invitation and get you started today.
Help OWASP Invite Students:
Are you somehow affiliated with a university? Get in touch with students, inform them about the program and how they can participate with OWASP. Please direct students to the wiki page for details: https://www.owasp.org/index.php/GSoC
Please let us know if you need help or supporting material.
Thank you in advance for your time and look forward to your participation.
We are excited to announce our second SAMM Summit on April 20-21 in New York!
The SAMM Summit is not a regular conference with speaking slots, but a summit "in OWASP Style (!)". We will work together in a 2-day sprint on SAMMv2.
If you are interested to contribute, you are most welcome!
- Either you bring in your knowledge of SAMM or other secure development methodology experience.
- Or as OWASP Project leader/contributor you research how we can better integrate SAMM with your project (and the other way around).
Testimonial from 2015:
"The SAMM summit provided an opportunity to breathe new life into a framework that I use to facilitate my day-to-day work and support my customers." Bruce C Jenkins, Fortify Security Lead, Hewlett-Packard Company
In the next weeks/months before the Summit we will create the SAMMv2 Product Backlog as basis towards the on-site Summit 2-day sprint (keep an eye on our mailing list - https://lists.owasp.org/mailman/listinfo/samm).
For more information - check out the cool venue in SoHo! - and registration (free), goto: https://www.owasp.org/index.php/OWASP_SAMM_Summit_2016
Looking forward to see you in the Big Apple!
PS - feel free to forward this to people you think should participate! Or bring them in contact with me.
PPS - we are looking for sponsors for the Summit and SAMMv2 - feel free to contact Seba at email@example.com for details.
Code Review Guide 2.0 Alpha Released
The alpha release for the Code Review Guide 2.0 has been released. Please see the project page for more details. plus a shout out to the Long Island OWASP group for helping with a working session.
Mobile Top Ten 2016 Released
The OWASP Mobile Top Ten 2016 has now been released for review and commentary. We are asking OWASP members to briefly look at the list and fill out a quick survey to give feedback on what should change. Check out the release candidate here -- https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10. Fill out the anonymous survey here -- https://goo.gl/1evB4e%7Cthis. After ~30 days, we will review the survey responses, update the list, and release it along with the final content for each item.
Follow OWASP Mobile Top Ten on Twitter at https://twitter.com/MobileTop10.
OWASP Dependency Check v.1.3.5 Released
The OWASP dependency-check team is pleased to announce the release of version 1.3.5! Thanks to all those who have used the tool and provided feedback via the discussion group and issues in github. A special thanks goes out to those that have submitted pull requests! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Gradle Plugin, Jenkins Plugin).
OWASP 24/7 PodCasts
We now have 75 podcasts for your listening pleasure. Check these out!
DevOps, Security and Engineering at Slack with Slack's Senior Staff Security Engineers Leigh Honeywell And Ari Rubenstein
Security War Games with Sam Guckenheimer at Rugged DevOps RSAC 2016
Guns, Germs and Steel at RSAC 2016 with John Willis
Equal Respect: Women in Technology with Chenxi Wang
Created by Mark Miller, OWASP 24/7 Podcasts offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.
Notable Chapter Activity
On the heels of the recent Bsides event in Lagos, Nigeria, our OWASP Nigeria chapter held its first local chapter meeting in Lagos on February 13. The team posted some pictures on the OWASP Lagos Facebook page: on.fb.me/1TsBofq
OWASP Nigeria plans to hold another event in Lagos this April with a goal toward inviting more external speakers, growing participation via social media and finding additional ways to contribute to application security awareness outside Nigeria. Keep an eye on this chapter!
OWASP Kerala has been conducting regular awareness talks for students and public. Enjoy some pictures from the past 4 events we organized in the past month at:
- Institution of Engineers, Kerala State Centre
- Trivandrum Tamil Sangham
- Sarabhai Institute of Science and Technology
- TKM College of Engineering
The audience varied from students ( in the engineering Colleges ) to senior and retired engineers ( at Institution of Engineers ) to general public ( at Trivandrum Tamil Sangham ). We are happy to see that people are receptive to security awareness and there's great response from their side and repeated requests.
- Okinawa: Shinichi Fuchigami (firstname.lastname@example.org) and Nobuho Matayoshi (email@example.com), leaders
- Medellin: Fernando Quintero (firstname.lastname@example.org) and Alejandro Vanegas (email@example.com), leaders
- Bogotá, Colombia: Giovanni Cruz Forero (firstname.lastname@example.org) leader
- Fukushima, Japan: Masato Kaneko (email@example.com), leader
- Iran: Ali Razmjoo (firstname.lastname@example.org) and Reza Espargham (email@example.com), leaders
- Cotonou: Emmanuel Fandjinou (firstname.lastname@example.org) joins board members Apollin Moyo and CharolotteBinam as leader
- Dallas: New Chapter leader Denis Sheridan (Denis.email@example.com) joins board members Matthew Parsons (firstname.lastname@example.org and Steve Horstman (email@example.com)
- Gothenburg: Gothenburg: Mikael Falkvidd and Viktor Hedberg will join Jonas Magazinius as chapter leaders. Many thanks to Mattias Jidhage and Ulf Larson who are stepping down.
- Lucknow, India: Deep Yadav joins Nitin Pandey as chapter leader
- Saint Louis, USA: John Eto joins Justin Wood as leader
- Sendai, Japan: Jun Sato and Yosuke Sato join Takaharu Ogasa as chapter leaders
New Academic Supporters
- Higher Colleges of Technology, UAE:
Faculty Contact: Ayman Ahmed
- Universidad ORT, Uruguay (Renewal):
Faculty Contact: Roberto Ambrosoni
- Universidad Pontificia Bolivariana, Colombia:
Faculty Contact: Diego Ademir Duarte Santana
- University of Central Florida, Orlando, FL:
Faculty Contact: Thomas Nedorost
- Mumbai Student Chapter: President: Dhiraj Mishra, Treasurer: Vipin Pal, Faculty Advisor: Archana Bhide
Restarting an Inactive Chapter
If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.
Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:
Be ready to register for this not to be missed event on security!
Registration for the European OWASP conference in Roma is now open.
Visit and Register on the OWASP AppSecEU conference site: http://2016.appsec.eu.
Remember that if you are interested in hosting an activity at OWASP AppSec-Eu 2016 in Rome, now's your time to submit your idea.
The OWASP AppSec Europe is interested in considering a variety of potential activities during and around the conference.
Host an activity, tech-and no-tech / social activities are welcome!
Here are some ideas: Capture the flag, Lockpick village, Bug Bounty event, or something else…
Submit your activity below. The conference team will review submissions on a rolling basis. Activities do not have to be free to be considered, however, the total cost and value of the activity will be a part of the review process.
The call for activities is open until April the 30th!
Link to submission form:
Keep up to date on the latest news on the next OWASP AppSecEU. Visit the conference site: http://2016.appsec.eu/
The Open Web Application Security Project is an open-source project for application security. It boasts a strong global community with more than 45,000 participants, more than 55 corporate members and 20 academic supporters through 249 active local chapters in 6 continents and 97 countries.
More than 800 people are expected at the event, with 3 days of training followed by the 2-day conference.
More details on program and speakers will be sent in a forthcoming communication.
Global AppSec Events
- AppSec Europe 2016, 30 June - 1 July, 2016, Rome, Italy
- AppSec USA 2016, 11 October - 14 October 2016, Washington, DC
- Benelux OWASP Day 2016, March 17, 2016 - March 18, 2016, Luxembourg
- Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America (multiple sites)
- AppSec ASIA 2016, May 19 2016 - May 22, 2016, Wuhan, China
- AppSec PH 2016, August 26-28 2016, Philippines
- OWASP SAMM Summit 2016, April 20-21, 2016, New York, US
- ONE2ONE SUMMIT, February 27 - February, 29, 2016, Parc 55 San Francisco, CA
- CISO Middle East Summit & Roundtable, February 29 - March 3, 2016, Habtoor Grand Hotel Dubai, The UAE. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016
- Blackhat Asia 2016: March 31 - April 1, 2016, Marina Bay Sands Singapore
- Connected Security Expo, April 6 - April 8, 2016, Sans Expo Las Vegas, NV
- QuBit Conference, April 12 - April 14, 2016, Grandior Hotel Prague. OWASP members can save 10% by using their OWASP email address and discount code: OWASP*2016
- 13th Annual CISO Europe Summit & Roundtable 2016, May 10 - May 13, 2016, Copenhagen Marriott, Denmark. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016
- ONE2ONE SUMMIT, May 23 - May 25, 2016, Hotel Monteleone, New Orleans, LA. OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316
- Hack in the Box, May 26-27, 2016, Amsterdam, The Netherlands
- SC Congress Toronto: June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN. Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
- Techno Security & Forensics Investigations Conference / Mobile Forensics World: June 5 - June 8, 2016, Myrtle Beach, SC, OWASP Members save 30% by using your @owasp email address and discount code: OWASP16
- ICCS 2016: July 25 - July 28, 2016, Fordham University at Lincoln Center, New York, NY
- Black Hat USA 2016: July 30 - August 4, 2016, Las Vegas, NV
- BSides Las Vegas: August 2 - August 3, 2016, Las Vegas, NV
- ONE2ONE SUMMIT: September 14 - September 16, 2016, Boca Beach Club, Boca Raton, FL
- (ISC)2 Security Congress EMEA 2016: October 18-19, 2016, Croke Park Stadium Dublin, Ireland
Google Summer of Code 2016 Ideas:
Chapter Leader Handbook:
Donation Scoreboard - Current Chapter and Project Funding Allocations:
OWASP Conference Management System:
Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.
Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.