Thursday, August 25, 2016

Results of the 2016 WASPY Awards



Thank you to everyone who voted in the 2016 WASPY Awards!  The voting for the 2016 WASPY Awards has closed. The winners have been notified, and the results are posted here

Congratulations to all of the individuals who were nominated, and a special Congratulations to our winners: 

Jeremy Long Open/Leading Category
Eoin Keary Integrity/Learning Category
Owen Pendlebury Innovation/Sharing Category
Kathy Thaxton Global/Growing Category

The award ceremony will be held at the AppSecUSA 2016 conference in Washington, DC. More specific details will be posted to the conference site, so please check back frequently. 

As always, thank you for your support!

Friday, August 19, 2016

OWASP Calls for Papers

Summer is a HOT time for OWASP!  Check out these active CFPs:


OWASP Cyber Security Conference in Morocco
The first OWASP regional conference in Africa, this two day conference in No includes a day of training and will take place in Marrakesh. Submissions are due by September 17th.


They encourage and prioritize submissions covering research and new work impacting:
  • Secure Engineering: secure coding, static analysis, intelligent application threat modelling with real use case, web frameworks security, countermeasures, SDLC, DevOps, etc.
  • Cognitive Security (Machine Learning and Big Data applied to find cyber security threats with high accuracy precision)
  • Mobile security: Development and/or testing devices and the mobile web
  • Cloud security: Offensive and defensive considerations for cloud-based web applications
  • Infrastructure security: Database security, VoIP, hardware, identity management
  • Penetration testing: Methodologies, tools, exploit development, evasion techniques, OSINT, etc.
  • Emerging web technologies and associated security considerations
  • Applied Cryptography: Relevant research, new models, algorithm usage, interesting attacks, and other applications.
  • Incident response: Threat detection, triage, malware analysis, forensics, rootkit detection
  • OWASP tools and projects in practice
  • Policy and legal: Legislation, privacy, regulations and compliance, C-level considerations, etc.
  • Cool hacks and other fun stuff: cryptography, social engineering, etc.


To submit a proposal, please submit an abstract of your intended presentation (500 to 4000 characters), a brief biography (150 to 800 characters), a head shot, and a signed copy of the speaker agreement. Talks without all required information may not be considered. Your planned presentation time is limited to a maximum of 15 minutes (excluding ~5 minutes for discussion and change of speaker). Feel free to attach a preliminary version of your presentation if available. Any proposal submitted is subject to a democratic vote by the program committee. Keep in mind: The better your description of the talk, the better picture the program committee will have to review your submission. Please proofread your submission; after approval your abstract, biography, and head shot will be published verbatim into the program and website.


OWASP Bucharest AppSec Conference 2016
This annual one day security and hacking conference is FREE.  It takes place on October 6th at the Sheridan Bucharest hotel.  You can register and submit your presentation here.  


Their audience includes:
  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals interested in improving IT Security
  • Anyone interested in learning about or promoting Web Application Security


Rugged DevOps
The CFP for Rugged DevOps closed on the 18th, but their presentations will be hosted as part of AppSecUSA 2016 in Washington DC.   If you are a security practitioner interested in working with DevOps automation concepts and methodologies as part of the software development lifecycle this event is for you!                                                        Washington DC, October 11 - 14


ARMSec
OWASP Armenia is hosting their annual conference September 16- 17th in Yerevan at the American University of Armenia.  You can apply to their CFP here they are accepting talks from 20 min to 1 hour as well as 2 or 4 hour trainings.


BeNeLux OWASP Day
The annual event will host trainings on the 24th, and the conference on the 25th of November in Leuven, Belgium. Submissions close September 11th and can be made here. Topics should focus on the technical and social aspects of security, they will encourage and prioritize submissions covering research and new work impacting:


  • Secure development of web applications.
  • Security testing of web applications.
  • Security of DevOps processes, architectures, and tools.
  • Security of applications designed for mobile devices.
  • Security of Internet of Things devices and platforms.
  • Cloud platform security
  • Browser security
  • HTML5 security
  • OWASP tools or projects in practice


To submit a proposal, please submit an abstract of your intended presentation (500 to 4000 characters), a brief biography (150 to 800 characters) and a head shot (combine multiple files in one zip file). Your planned presentation time is 40 minutes (excluding ~5 minutes for discussion and change of speaker). Feel free to attach a preliminary version of your presentation if available. Any proposal submitted is subject to a democratic vote by the program committee. Keep in mind: The better your description of the talk, the better picture the program committee will have to review your submission.

ASC Mobile & IoT Security Summit 2016
The OWASP China Chapter is co-hosting the  ASC Mobile & IoT Security Summit 2016 October 25th-26th, 2016 in Shenzhen, China.  Submissions close Aug. 31st.  The event will have three focus areas:
Part One-- Mobile & IoT Security Forum
  • Mobile device & Mobile connectivity platform Security Technology
  • Mobile, Web and Cloud Security
  • Application Security Testing and Latest Attacks and Protection
  • Privacy Protection in web based apps
  • Chip Security
Part Two-- Incident Response Sub Forum
  • Incident Response Tools and Procedures
  • Data Protection
  • Vulnerabilities Handing Solutions
  • Incident Response System Building
  • Automatic Security Operation
Part Three—S-SDLC Sub Forum
  • S-SDLC processes, architectures, and tools
  • Security assessment in S-SDLC (Code review, penetration testing, etc.)
  • Security development processes
  • S-SDLC in Agile Development


Events Looking for OWASP Presentations:


HackFest∞
OWASP Quebec and OWASP Montreal will be hosting a booth at the annual HackFest∞ November 1st through 5th.  They are looking for a speaker to talk about OWASP.  You can apply to HackFest∞ here.


Rochester Security Summit
A general InfoSec conference taking place October 5th and 6th. RSS features a keynote by Jeremiah Grossman and a dedicated OWASP Track.  They are looking for great OWASP AppSec presentations  The CFP has been extended, you can follow up here.

Friday, August 12, 2016

Dear OWASP Members,

Wednesday we sent out the ballots for the 2016 WASPY Awards to all members who were current prior to June 20, 2016.  Some of you received a ballot addressed with an incorrect first name.

During the process of collecting and uploading the individual contact information into the voting platform, there was a mail merge glitch when the de-dupe function was triggered. This resulted in some members receiving an email which was not addressed to them. Immediate action was taken to corrected the issue.

The incorrect names did not affect your ballot as ballots are associated with the member’s email address not their name. None of the votes have been compromised and members only received one email with a link to their ballot. The link to the ballot is a unique link specifically generated for each individual and is NOT to be shared with anyone.

On behalf of the OWASP Foundation we apologize for any inconvenience this may have caused you.  

Sincerely, OWASP Staff

Wednesday, August 10, 2016

Your 2016 Global Board Candidates have been Announced!





Dear OWASP Board, Leaders and Community Members,

Please visit the official 2016 election page for a complete list of the 11 individuals that have chosen to run in this years 2016 OWASP Global Board of Directors election.  https://www.owasp.org/index.php/2016_Global_Board_of_Directors_Election#The_2016_Candidates_Are...  To learn more about each candidate, their bio's and "why me" can be found by clicking on the specific candidates name. 

Candidate interviews will begin next week, and the recorded interviews will be publicly posted by September 15, 2016. Voting will begin October 7, 2016 and will close October 28, 2016.