Monday, September 26, 2016

ISSA Names OWASP the Security Organization of the Year

ISSA has named OWASP their Organization of the Year for 2016.  We humbly thank our incredible volunteers for making this possible through all of their hard work on OWASP Projects and in OWASP Chapters.  With such great people helping us create a more secure world we can't go wrong!

Congratulations to all of the other amazing winners, some of whom are also wonderful OWASP volunteers:

Chapter of the Year (100-200 Members):  ISSA Minnesota Chapter

Chapter of the Year (200+ Members): ISSA Capitol of Texas Chapter

Honor Roll: Richard Greenberg & Joel Weise

Organization of the Year: OWASP

Security Professional of the Year: Albert Marcella

Volunteer of the Year: Constance Matthews & Colleen Murphy

Hall of Fame: Gerald Combs & Jim Reavis

President’s Award for Public Service: Howard Schmidt

We cannot wait to see you in November at the Awards Luncheon  and ISSA Conference in Dallas. 

If you are interested in joining our thriving global community to drive visibility and evolution in the safety and security of the world’s software become a member and check out our projects or find your local chapter.

Labels: , ,

OWASP Bucharest AppSec Conference 2016 - October 6th

OWASP Bucharest team is happy to announce the OWASP Bucharest AppSec Conference 2016, a one day Security and Hacking Conference dedicated to the application security.
It will take place on 6th of October, 2016 - Bucharest, Romania at Sheraton Bucharest Hotel.
  • Conference talks are free however, you need to register.
The event will be in English, with cutting-edge topics presented by renowned security professionals: Daniel Kefer, Adrian Hada, Jacco van Tujil, Andrei Daniel Oprisan.

  • Workshops:
OWASP Top 10 vulnerabilities – discover, exploit, remediate
Increase the participants’ awareness on the most common web application vulnerabilities and their associated risks.
Each type of vulnerability will be discussed and the attendees will practice manual discovery and exploitation techniques.

Secure Web Applications in Java
Learning how to build secure coding and secure code review skills, uncover and protect against some of the most common vulnerabilities in Java code.

Shellcode Development and Exploiting
Learn how to create shellcodes and how to construct basic attack vectors using shellcodes. Obtain a better understanding about how programs and processes work.
Trainers:  Razvan Deaconescu; Mihai Țigănuș

Practical Cryptography on the Internet
The training will feature many guided hands-on activities such as creating certificate hierarchies, configuring custom certificates on clients and servers, modifying security policies, impersonating “seemingly secure” identities, downgrading connections, and extracting information from secure HTTPS sessions
Trainers: Sergiu Costea

  • CTF (Capture The Flag)
Capture The Flag contests are popular ways to hone your practical security skills by solving challenges on topics such as web, crypto, reverse, exploiting.
We invite everyone passionate about practical security at the OWASP AppSec 2016 CTF, where you and your team will solve challenges on web, reverse and exploiting.
In order to participate in the CTF competition, please register here: https://owasp-ctf.security.cs.pub.ro/home
The prizes will be as follows:
  • 1st place: 1024 euros
  • 2nd place: 512 euros
  • 3rd place: 256 euros
More information about the agenda can be found at:
You can register at:

We look forward to seeing you at this event!

Labels: , , , , , , , , , , , , ,

Friday, September 16, 2016

Interview with the Board Candidates Pts 1&2 of 4 ETA: All four parts are now available.



Every year as part of the OWASP Board of Directors election OWASP holds a call for questions from the community.  The top four questions are then selected to be recorded in individual interviews on the OWASP Podcast to give members insight into the candidate's priorities and philosophies.  This year the most requested questions were:
1. What kind of action plan do you have in mind to help motivate the participation of Developers into OWASP community?
2. What would you do to improve OWASP's image regarding vendor neutrality?
3. What has been the greatest accomplishment of OWASP Foundation and what is its biggest failure?
4. What is more important to you as a candidate 1) Members 2) Projects 3) Conferences 4) Chapters and why?
Each episode of the podcast will be released on our Soundcloud account and then linked on the elections page.  Parts one and two are available now, as are the can candidates' biographies and statements of intent.

Don't forget that only paid and honorary members can vote, so join before September 30, 2015!

Edited to add Parts three and four.

Labels: , , ,

Tuesday, September 13, 2016

Why we Need Women in Security Careers

Cross-posted from the AppSec USA blog
Security is one of the largest and most critical industries right now. In 2015, more than $75 billion was pumped into the industry to solve the most pressing security challenges – that’s up from $3.5 billion only 10 years prior, and is expected to reach $1 trillion by 2020. Yet, as the industry grows exponentially the workforce gap continues to widen. According to a recent study published by (ISC)2 and Frost & Sullivan, the workforce gap in the security industry is expected to reach 1.5 billion people by 2020. Even more alarming is the small percentage of women currently in the field – 10 percent!
The solution to filling the workforce gap seems simple – hire more women. It’s not that easy though. There are multiple barriers that prevent women from entering the field, including lack of education in primary schools and college, insufficient communication about job opportunities, and minimal internal training to encourage women to learn the skills needed for career changes and advancements.
OWASP’s Women in AppSec (WIA) initiative is aware of these barriers and is actively changing the status quo about women in security through research, education and mentorships. WIA encourages female students at the undergraduate and graduate levels, instructors, military personnel transitioning out of service, and professional working women to expand their skills and pursue a career in application and/or information security.
How You Can be Part of the Initiative
WIA has exciting events in store for AppSecUSA 2016 taking place in Washington, DC, October 11-14. Join us for unique opportunities to network with like-minded industry professionals and discuss the future of WIA events around the globe. Events include:
  • Networking Reception: Meet like-minded industry professionals and make connections to help launch or expand your career in the security industry
    October 12 @ 5:00pm
    Renaissance Hotel
  • Mentoring Luncheon: Engage with mentors in the field and learn from experts what it takes to develop your career
    October 13 @ 12:00pm
    Renaissance Hotel
  • Planning Meeting: Join forces with others committed to the WIA initiative and share ideas for events at future conferences
    October 14 @9:30am
    Renaissance Hotel
WIA is offering sponsorships for women transitioning from development and security-based jobs in the military to attend AppSecUSA 2016. To be eligible, you must be leaving the military within the next six months or have been out of the military for less than one year. To apply for a sponsorship, click HERE.
To register for WIA-hosted events at AppSecUSA 2016 visit the website at:https://2016.appsecusa.org/woman-in-appsec/
We hope you’ll join us in breaking barriers for women at AppSecUSA 2016!

Labels: , , , , , , ,