Thursday, April 20, 2017

OWASP Project Reviews at APPSEC Belfast 2017 Update:

OWASP is reviewing projects who wish to graduate from Incubator to Lab to Flagship at this workshop.  The purpose of these assessments is to determine whether a project meets the minimum criteria to graduate as outlined in the Project Health Assessment Criteria Document.  The review process begins with an initial self-assessment done by the project leader and reviewed by Matt Tesauro.  Next, the assessment enters the peer review phase where we ask volunteers in our OWASP Community to participate and finalize the results. Here's a Sample of a Project Assessment to give you an idea what these look like.

We are still looking for more volunteers to help in this mission. Sign up!

OWASP Project Reviews @ APPSEC Belfast 2017

  • Johanna Curiel (Program Leader)
  • Matt Tesauro (Sr. Project Coordinator)
  • Claudia Aviles Casanovas (Project Coordinator)
  • Azzeddine Ramrami
  • Talal Albach
  • Kuai Hinojosa
  • Nabin Kc
Description of Scope of Work: Additional Information here.
Tool Projects
Code Projects:
Documentation Projects:
The newly addeded OWASP Incubator Project Health Checks will also be covered during this workshop

Monday, April 17, 2017

April 2017 Corporate Members

April 2017 Corporate Members

We would like to thank the following companies for supporting the OWASP Foundation.  
The companies listed below have contributed this month by either renewing their existing 
Corporate Membership or joining OWASP as a new Corporate Member.  

Details about Corporate Membership can be found here.


Contributor Corporate Members

Denim Group is a custom software development firm skilled in large-scale development projects across multiple platforms, languages and applications. What makes Denim Group unique is that the company brings significant core competencies in software security to the table, offering an innovative blend of secure software development, testing and training capabilities that protect a company’s biggest asset, its data. Denim Group customers span an international client base of commercial and public sector organizations across the financial services, banking, insurance, healthcare and defense industries. Its depth of experience building large-scale software development systems in a secure fashion has made the company's leaders recognized experts in their fields. Denim Group has been recognized as one of the 5,000 Fastest Growing Company's by Inc. Magazine several years in a row, and has won multiple awards including its recent accolades as one of the best places to work in San Antonio.
For more information, please visit: http://www.denimgroup.com


Kiuwan provides an end-to-end Software Analytics platform that offers objective data to make informed decisions to secure, analyze and control the entire SDLC of any application portfolio. With Kiuwan Code Security, the scope in threat mitigation is unparalleled, with over 4000+ custom rules, ability to suppress defects and create tailored action plans while meeting the most stringent industry standard requirements. In constant evolution, it boasts broad language support and integration with Jira, Jenkins and Github to name but a few of the possibilities brought about by the platform.
For more information, please visit: https://www.kiuwan.com/



SpringCM delivers an innovative document workflow and management platform, powering the leading contract management application. SpringCM empowers companies to become more productive by reducing the time spent managing mission-critical business documents. Intelligent, automated workflows enable document collaboration across an organization from any desktop or mobile device. Delivered through a secure cloud platform, SpringCM’s document and contract management solutions work seamlessly with Salesforce or as a standalone solution. Every day, more than 600 companies use SpringCM to improve the customer experience and get more done, faster. For more information about SpringCM, visit www.springcm.com


Symantec Corporation (SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings -- anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company's more than 20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. To learn more go to www.symantec.comor connect with Symantec at: www.symantec.com/social/






Want your company name here? 
Find out how by visiting our Corporate Member information page, or contact Kelly Santalucia, our Membership & Business Liaison today!  

Thank you to all of our Premier and Contributor Corporate Members for your support!

Saturday, April 15, 2017

OWASP Project Summit Belfast 2017 Update: Extended Deadline until April 19th!


Let's make this a success Sign up!

We are excited to announce the OWASP Projct Summit 2017 OWASP is providing a platform for project leaders on the two full days prior to AppSec Europe 2017.  Project Summits are a place for project leaders and contributors to collaborate as well as provide feedback to OWASP. The platform provides an open forum setting for ideas, discussing innovations, gaining project contributors and sharing feedback for projects with the goal of helping them advance to the next level. Use this opportunity to demo your project to others at the summit, promote for sponsorship, gain feedback, or simply brainstorm some ideas and add a few features.

Current Projects Participating:
  • OWASP Juice Shop Project
  • OWASP OWTF Project
  • OWASP Embedded Application Security
  • OWASP Podcast
  • OWASP Virtual Village Project
  • OWASP Automated Threats to Web Applications
  • OWASP Node js Goat Project
  • OWASP Vicnum Project
  • OWASP WebGoat Project
    Great Sponsorship Opportunities.
         
Requirements for Participation:
  • Active OWASP Project started in the last 9 months.
  • Complete and updated wiki page with a clear roadmap.
  • Agenda and Deliverables for your project at the summit are required.
  • Deadline on April 19th
Funding Opportunities: (through the Reimbursement Process)
  • $750.00 for Travel Assistance per OWASP Project
  • Two Nights of accommodations for the days of the Project Summit EU.
  • OWASP Project Leaders (three leader max) receive a complimentary pass for AppSec EU


Please use our contact us form with any questions or concerns.

Contacts at OWASP Foundation: Matt Tesauro and Claudia Aviles Casanovas

Thursday, April 13, 2017

 









 
AppSec USA is proud to announce the Call for Papers and Call for Training are open until April 30th. OWASP AppSec USA is a premier venue for web application security leaders, software engineers, researchers and visionaries from all over the world. OWASP AppSec USA gathers the application security community in a four day event to share and discuss novel ideas, initiatives, and advancements. The 2017 edition will take place in Orlando from September 19-22.
We are looking for "the next", cutting edge research in the context of web applications, secure development, security management, and privacy. Our goal is to give academic researchers and industry practitioners an opportunity to share their latest findings with the rest of the community, including coverage via our media channels.
All talks are 40 minutes in duration. For AppSec USA 2017 we encourage and prioritize submissions in the following themes:
Web Application Security – Research and new work impacting the security of web applications.
DevOps – Research and new work impacting the security of DevOps processes, architectures, and tools.
Cloud Security – Research and new work impacting the security of applications designed for and/or deployed to cloud environments, especially public cloud environments.
Our Call for Training topics are looser, but trainings should be of a practical nature, hands on training is strongly preferred. Trainings may be one or two days in duration. Please refrain from submitting marketing talks or including sales pitches within the training.
To submit your talk or training please make sure to select the appropriate topic(s) from the form and submit:
Your submission packet will be judged in a blind reading so please make sure that your abstract is appropriately thorough. You may attach a preliminary version of your presentation if available. If accepted your biography will be printed 1:1 in the program. The same form is used to apply for both the CfT and the CfP, so please make sure to choose the correct application from the menu.  Talks without all required information may not be considered.

Monday, April 10, 2017

OWASP Operations Update for April 2017

Welcome to the operations update for April 2017, part of our ongoing updates about what's happening at the OWASP Foundation. The previous post is available here.

Major efforts, status of those efforts and important changes from last time:

OWASP IT Infrastructure hosting.  Rackspace ended the donation of hosting for the OWASP Foundation, migrations and updates continue.

  • 6 hosts remain at Rackspace, 2 hosts targeted for migration week of April 10th
    • Migrations temporarily paused to migrate the AppSec EU hosts to Foundation infrastructure.
  • POC install on AWS for the wiki is scheduled to complete by end of April
    • Migration to AWS will also include an update to 1.28.x branch of the wiki source moving OWASP from LTS to the latest stable branch
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.

  • Completed Phase 1 - Updating the wiki source to 1.27.1
    • Wiki source was updated to 1.27.1 and a Visual Editor (WYSIWYG) added to the wiki beating the March 20 deploy deadline.  Here's my post to the leaders list with the details
    • On April 9th, the wiki was updated again to 1.27.2 to address 9 security issues - see the release notes if you're curious.
      • Updates also included an update to Parsoid - the service that powers the Visual Editor
    • Several new Wiki extensions are planned for the wiki including CAPTCHAs for account requests and several to assist staff manage the wiki more efficiently.  More on those as they are added over April and May
  • Phase 2 - wiki style updates
    • RFP creation pushed to April due to unplanned AppSec EU server migrations.  RFP is expected by end of April
    • RFP will include a MediaWiki theme, CSS and other styling guidelines to use across the OWASP Foundation's web presences including:
      • The new web pages available after the Association Management System (AMS) migration
      • The new Discourse installation
      • The OWASP Blog
  • Phase 3 (Single Sign-on) and Phase 4 (Wiki content and organization) have begun to be further researched.  
    • Single Sign-on using @owasp.org identities will be tested during the AWS POC.
    • Initial research into the current organization of the wiki found over 500 categories across the wiki - may with a single page for the entire category.  Reorganization will represent a significant effort.
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.

  • Migration from Mailman to Discourse - migration paused and re-prioritized as part of the migration from Rackspace hosting since Mailman is currently hosted there.
  • Beta program for the Foundation's Global Meetup account continues.
Other Major Efforts in progress

  • OWASP Staff Summit - the in-person planning meeting for OWASP staff
    • Staff Summit was very successful and resulted in multiple internal and external system and process optimizations
    • Planning for the Foundation Board's 2017 Strategic Goal was created during the staff summit
  • Association Management System (AMS)
    • Kate has begun the migration/upgrade to a new AMS for the Foundation
    • This is a highly complex, multi-step process covering 8 to 12 weeks
      • Completed accounting module and associated workflows
      • Membership and events are next
    • Goal and outcome
      • An updated version of the AMS software used with Salesforce allowing for greater interactions with the community, OWASP leaders engagement, improved event registration, multi-currency handling and a host of other improvements rolling out during 2017.
  • Foundation Boards 2017 Strategic Goal
    • In brief:  Hosting 4 Free 500 person training events worldwide targeted at developers and entry level security professionals
    • 2017 target cities: Boston, Delhi, Tel Aviv and Tokyo
    • Looking for a good name for the training series, twitter suggestions include variations of "No Goat" and "Anti-Goat"
Projects
Events
  • AppSec USA 2017
    • CFP & CFT Open
    • 2 keynotes confirmed
    • Sponsors selling well
    • Working on advertising the conference, CFP & CFT
    • Working with the venue (discounted Disney tickets and daycare/nursery room)
  • AppSec EU 2017
    • Finalizing the brochure
    • Working on the conference signs
    • Placing orders for swag
    • Over 300 people registered
  • LATAM Tour 2017
    • 5 events so far (Manizales & Bogotá, Colombia. Montevideo, Uruguay. República Dominicana. Quito, Ecuador)
    • Over 500 attendees so far
Membership and Outreach
  • OWASP Foundation membership continues to be strong
    • 2,501 active individual members 
      • $34,075 or 31% of yearly goal
    • 68 active corporate members
      • $150,000 or 38% of yearly goal
  • Work continues on the design of the new membership flyer with Hugo which will cover the recently updated and approved model for individual memberships.
  • AppSec EU 2017
    • Sponsorships sold to date €169,233.00
      • Sold out sponsor opportunities - Diamond, Pre-conf Reception, CTF, University Challenge, Lanyards
    • Developer Summit at AppSec EU 2017
      • All 3 sessions have been filled with trainers!
    • Membership lounge at AppSec EU - planning in progress
  • AppSec USA 2017
    • Sponsorships sold to date: $312,500.00
      • 7 Platinum, 9 Gold, 1 Silver, 1 Bag, 1 Lanyard
Community
  • 25 potential new chapters
  • New Chapter Orientation Meetings
    • Well received and helpful to new and long-time leaders alike
    • Can be tricky for LATAM and Japan leaders due to language barriers
    • Presentation planned to help leaders run the meeting when there are language barriers so the leaders don't have to be translators for those meetings
Per the request of the OWASP board, we've included a chart of the staff's interaction with the broader OWASP community via submitted cases to staff:



As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need please let us know using the 'Contact Us form.  Also, feel free to attend, suggest or otherwise engage with the OWASP Foundation further at the April 12th Board Meeting.

Your friendly neighborhood OWASP staff:
    Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt



Thursday, April 6, 2017

OWASP Project Releases


3/29/2017

This release contains a large number of changes, in particular to the ZAP API. We have added a significant number of new API endpoints, working towards our goal of making ZAP completely controllable via the API. We have also changed some of the existing endpoints and in all cases these changes are backwards compatible.

The full release also includes a new JxBrowser add-on as well as platform specific webdrivers to make it even easier to interact with ZAP through a wide variety of browsers. There are a set of new API options related to security: For more information click here  

 Would like to include nice work done by Security Researchers from the Bug Bounty Program. Great example of  the OWASP Bug Bounty Pogram and OWASP Poject working together!



Tuesday, April 4, 2017

Join Us at the 2017 AppSec Europe Developer Summit

OWASP AppSecEu 2017 Developer Summit
May 9th -10th, 2017 Belfast, UK

The OWASP Developer Summit educates developers about common vulnerabilities present in web and mobile applications, including how to use tools like OWASP ZAP to implement a secure software development lifecycle. 2017 AppSec Europe Developer Summit sessions are free hands-on workshops where attendees will learn how to do actual penetration tests on vulnerable and real applications as well as implement a secure pipeline.

On-Deploy Security Testing* of web applications with ZAP and Jenkins will provide insights on how to introduce continuous delivery through dynamic security testing. ZAP is an attack proxy and one of the most high-profile OWASP projects; Jenkins is a highly used solution to automate deployments, both help create the ideal combination. Attendees will have the opportunity to learn how to use these tools during this session.

During Reverse engineering APKs attendees will use real banking apps to explore mobile vulnerabilities. The session will discuss two important OWASP Top Ten mobile vulnerabilities and demonstrate how vulnerable APKs (Android Package Kits) are to reverse engineering and code modification. During the workshop, students will exploit vulnerable methods even when the APK is obfuscated and learn how to bypass certificate pinning.

Last but not least, for developers looking to learn and understand how to find web vulnerabilities, Attacking Your Web App provides understanding and insights on how pentesters find them. In this session you will:
  • Use automated scanning tools against a vulnerable web application
  • Learn to use OWASP ZAP  
  • Use sqlmap to enumerate and inject into databases
  • Create strategies for non-technical web app vulnerabilities

With these free sessions, OWASP provides developers with better insights into web and mobile vulnerabilities including, how to use very well known tools to implement automated testing and continuous integration.


For more details on the sessions and where you can sign up, please visit: https://2017.appsec.eu/program/developer-summit

Thursday, March 30, 2017

OWASP SAMM v1.5 Release

According to recent research published by SANS: 23% of respondents said that applications were the source of actual breach, data loss and attacks on others and only 25% of the respondents believe they have a mature application security program.

The OWASP Software Assurance Maturity Model (SAMM) enables organizations to formulate and implement a strategy for software security that is tailored to organization-specific risks. With SAMM, organizations can accurately evaluate their existing software security practices and steadily improve their security posture over time in well defined iterations designed to meet their unique needs. The SAMM scoring model also helps demonstrate concrete improvements to security related activities throughout an organization. SAMM is one of the very few mature and open resources available to assist organizations measure and build software security programs.

Example SAMM Scorecard
 The new additions to OWASP SAMM are a direct response to the relentless occurrence of security breaches where vulnerable software allowed attackers to gain access to private, corporate data. Bart De Win, co-project leader of OWASP SAMM, says "Our main goal for version 1.5 was to support our large user community by incorporating their feedback and improving the measurement system of the model."

Anyone who has filled out a SAMM assessment has had a discussion on whether to mark an answer “yes” or “no”, when the answer is honestly something in between. By replacing the Yes/No answers with four graduated steps, SAMM v1.5 improves the granularity of scoring, allowing partial credit for achieving maturity benchmarks.This coupled with the matching scoring system, makes it easy to see maturity improvements from projects and initiatives on a dashboard. One of the main benefits of the updated scoring model is that you can visibly see improvement to your maturity score on the dashboard as initiatives are completed. This can go a long way in building support for your Application Security Program.

Example Worksheet

SAMM v1.5 has enhanced explanations of the maturity model with worksheets and guidance containing example case studies which allows organizations not only understand where they are, but to understand what has worked (and hasn't) for others in similar scenarios. This is a continuing effort with more improvements expected in v2.0. Implementing SAMM is easier with a new Quick Start guide and Tool Box that includes interview forms and the ability to generate road maps, charts, and graphs.


For more information you can visit https://www.owasp.org/index.php/SAMM, watch the SAMM v1.5 Webinar on YouTube, or download the slide deck on SlideShare.


Follow OWASP SAMM on twitter. For additional info email owasp.foundation@owasp.org

Monday, March 27, 2017

March 2017 Connector

OWASP Connector

FOLLOW US


           
  COMMUNICATIONS |  PROJECTS |  EVENTS |  CHAPTERS |  MEMBERSHIP  
Tue. March 28, 2017
OWASP CONNECTOR
Communications

Operations Update

The March operations update includes vital information about OWASP's infrastructure initiatives, membership models, project activity, and the Project Leader handbook. Read it for an overview of what is happening in OWASP.


Project and Chapter Leader Handbooks

OWASP is updating  our Project Leader and Chapter Leader Handbooks as part of periodic maintenance. We are interested in your feedback on the changes as well as hearing any changes you would like to see. The Handbooks are a mixture of core regulations and best practices meant to guide your project or chapter to success.

You can see the changes and suggestions to the Chapter Leader handbook in these shared Google Docs. You can make your own contributions by signing in with your OWASP email address. This is the final request for input into the Chapter Leader handbook.

The Project Handbook is beginning its public review this week. You can follow the previous link to make pull requests to include your suggested text and open conversations. The Project Handbook repository is held under the new Operational Github organization.


Strategic Objective

OWASP has announced our 2017 Strategic Objective. This year instead of holding multiple strategic objectives we will aim for a single ambitious goal meant to drive OWASP forward. This will help us bring all of our resources to bear in ways competing strategic goals prevent.

This year OWASP will host four FREE 500-person training events worldwide targeted towards developers and entry level application security professionals. Each event will be delivered by professional security trainers and cover core application security topics. The purpose is to have the most impact and attract the most number of attendees.

This year the target cities are: Boston, Delhi, Israel, and Tokyo.  

You can follow the progress on the OWASP blog through Staff Operations Updates and keep an eye out for the Call for Trainers coming very soon. 


Free Book to OWASP Members

Essential Node.js Security by Liran Tal is being gifted to OWASP members by the author.



Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.

Projects

Project Review Session at AppSec Europe

OWASP is once again providing a platform for project leaders on the two full days prior to AppSec Eu 2017. Project Summits are a place for project leaders and contributors to collaborate as well as provide feedback to OWASP.

This year we are also including a session dedicated project reviews. The purpose of this assessment is to determine whether a project meets the minimum criteria to graduate from Incubator to Lab and Lab to Flagship. You can help us review other projects or submit your project to be reviewed. To learn more check out our blog post on the subject.


Attending the free Conference Project Summit is a great opportunity to have face to face work time.                        The Conference Project Summit is a great place to give feed back to OWASP Staff.



Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.

Events

appsec eu banner
Get Training at AppSec Europe!

Are you looking to combine hands-on training with your conference experience? We have a whopping eleven training courses to choose from.  Attendance for these two or three day classes is is limited and uses interactive activities to ensure you obtain a thorough understanding of the topic. You can choose from: 
 


You can learn more about our amazing conference line up at the AppSec EU website to learn more: https://2017.appsec.eu/

See you in Belfast!


Developer Summit is coming to AppSec Europe

Once again we are excited to bring the OWASP Developer Summit to AppSec Europe 2017. OWASP will provide two full days of training for developers prior to the AppSec EU 2017 conference.

The Developer Summit will start with a full-day, hands-on developer session followed by two half day sessions geared towards learning about security vulnerabilities.

Registration is required and spots are limited so share this opportunity with developers you know as soon as possible.


Appsec usa 2017 logo 33pct

AppSec USA CFP and Sponsorships are open!

CFP

The OWASP AppSec conference in USA is an established and premier venue for web applications leaders, software engineers, and researchers and visionaries from all over the world. OWASP AppSec USA gathers the application security community in a 4-days event to share and discuss novel ideas, initiatives and advancements. The 2017 edition will take place in Orlando from September 19-22.

We are looking for "the next", cutting edge research in the context of web applications, secure development, security management and privacy. Our goal is to give both academic researchers and industry practitioners the opportunity to share their latest findings with the rest of the community; including coverage via our media channels.

Please remember when you submit your proposal that the program committee will review your submission based on a descriptive abstract of your intended presentation. Feel free to attach a preliminary version of your presentation if available, or any other supporting materials. Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly as accepted abstract and bio submitted will be published 1:1 on our site. If your presentation is accepted for inclusion in the conference program, you are free to submit a white paper describing your work, which will be added to the website.

Sponsorships

The planning committee for AppSec USA 2017 is excited to present many exciting changes to enhance sponsor value and improve ROI. With an expo floor plan designed for expo purposes and sponsor placement and event activities structured to maximize foot traffic to YOUR booth, you can be assured that you will maximize lead generation activities.

Additionally, the planning team has several events planned to encourage a family friendly atmosphere to drive attendance numbers skyrocketing upwards, and what better place than Walt Disney World?

The vendor booths are located in high track areas so that you can be assured to get the attention of more than 1,000 security decision makers, influencers, and practitioners in the community. This is the opportunity for your company to recruit, generate business, and share ideas.  


 


Upcoming Events

Global AppSec Events

 

Regional and Local Events

 

Project Summits

 

Developer Summits

 

Partner and Promotional Events



Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.

Chapters

Chapter Handbook Updates

The Chapter Leader handbook updates are going to go live on April 2nd. Please add any pertinent comments to the documents by Friday March 31st.


Brag on Your Chapter!

Is your chapter hosting a cool series of talks or training? Are you running innovative meetings? I would like to feature your chapter on the blog and in the connector. Pitch your story for this ongoing series. Selected chapters will receive a donation from the foundation to their chapter as well as broader publicity.


Welcome New Chapters!

 

 



Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
support of the OWASP Community.  CLICK HERE for more information on Advertising.

Membership

March 2017 Corporate Members

We would like to thank the following companies for supporting the OWASP Foundation. The companies listed below have contributed this month by either renewing their existing Corporate Membership or joining OWASP as a new Corporate Member.

Details about Corporate Membership can be found here.

 

Premiere Corporate Members

Adobe

Adobe is the global leader in digital marketing and digital media solutions. Our tools and services allow our customers to create groundbreaking digital content, deploy it across media and devices, measure and optimize it over time, and achieve greater business success. We help our customers make, manage, measure, and monetize their content across every channel and screen. For more information, please visit: http://www.adobe.com/

 

Contributor Corporate Members

Aspect Security

Aspect Security, founded in 2002, is a consulting firm focused exclusively on application security products and services. We help ensure that the software that drives business is protected against hackers. Aspect’s Security Engineers analyze, test and validate approximately 5,000,000 lines of code a month, most of which are critical to the national infrastructure. Our work unearths over 10,000 vulnerabilities every year across a wide range of technologies and architectures. Our recommendations dramatically improve our clients’ security posture. We support a worldwide clientele with critical applications in the government, defense, financial, healthcare, services and retail sectors. Our educational division has taught tens of thousands of people around the world how to build, test, and deploy secure applications, making us a world leader in application security training. Flexible delivery options include instructor-led training either in-person or via webcast, or, on-demand through our innovative eLearning curriculum. Aspect Security’s principals are pioneers in the field, having started one of the world’s first application security practices in 1998. They conceived of several industry-leading standards, such the OWASP Top Ten, WebGoat, the Application Security Verification Standard (ASVS), Risk Rating Methodology and Enterprise Security API (ESAPI). These free and open materials are downloaded over 50,000 times a month. We are a founding member of the Open Web Application Security Project (OWASP) in support of educating organizations about the ever-changing threat landscape and how to properly build and secure applications. Headquartered in Columbia, MD, our personnel are located throughout the United States serving our worldwide clientele. For more information, please visit: https://www.aspectsecurity.com/

Contrast Security

Contrast Security delivers the world’s fastest application security software that eliminates the single greatest security risk to enterprises today. Industry research shows that application security flaws are the leading source of data breaches. Contrast can be deployed, automatically discover applications and identify vulnerabilities within seven minutes. Relying on sensors instead of expensive security experts, Contrast runs continuously and is 10 times more accurate than the competition. Unlike tedious, painful and slow legacy approaches, Contrast analyzes a complete portfolio of running applications simultaneously in real time at any scale. As a result, organizations can act faster against threats and immediately reduce risk. More information on Contrast Security can be found at http://www.contrastsecurity.com/

.
Jscrambler

Jscrambler is the leader in JavaScript Application Integrity and the only to offer RASP capabilities to your JS applications. As JavaScript becomes the standard for building websites, hybrid mobile applications, or other application types, most of the code is still completely exposed. With Jscrambler you can make your application self-defensive and resilient to both tampering and reverse-engineering attempts. Jscrambler is trusted by hundreds of companies (including Fortune 500) around more than 130 countries and is supported by a team of JS experts. For more information, please visit: https://jscrambler.com/en/


Want your name here?

Find out how by visiting our Corporate Member information page, or contact our Membership & Business Liaison, Kelly Santalucia today!

Thank you to all of our Premier and Contributor Corporate Members for your support!

 

The OWASP Foundation, 1200C Agora Drive #232, Bel Air, Maryland, 21014, USA