Monday, January 30, 2017

OWASP Connector January 2017

OWASP Connector | December 21, 2016
Communications

OWASP Operations Update

OWASP in the News!

projects

Project Graduation Updates

Combating the Vulnerability Chaos with OWASP DefectDojo

Google Summer of Code Program

Conference

Global AppSec Events

Local and Regional Events

Project Summits

Partner and Promotional Events

chapters

New Chapters!

Ottawa Chapter on Becoming a Community

membership

New and Renewing Corporate Members

New Membership Proposal

Social Media

OWASP Foundation Social Media


Communications
OWASP Communications

OWASP Operations Update

Operations updates are posted on the blog before each month's board meeting.  This update is from January 6, 2017
Welcome to the first operations update for 2017. We started monthly blogs about what's happening at the OWASP Foundation back in December.
Here's our major efforts and status of those in process starting with updates from last time:
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence. Since last month, we've
  • Made progress on Phase 1 - updating the wiki to 1.27.x
    • Got the wiki source and all extensions in Git repos
    • Started coding Ansible to automate our deploys and updates
    • Production roll-out - mid-January
  • Next up Phase 2 - Updating the look and feel of the OWASP Wiki
    • Blocked: waiting for the 2017 Budget to get approved by the OWASP Board
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large. There’s a ton of moving parts to this effort but here’s what we focusing on currently:
  • Migration to Discourse
    • Evaluation of Discourse showed it would fit our needs
    • Worked with/reverse engineered the Discourse API to ensure we can automate:
      • Migration from Mailman
      • Future operational tasks
    • An empty production site is expected mid-January
  • Beta program for the Foundation's Global Meetup account is continuing.
Two new major, interlinked efforts
Two major efforts are starting this month - a significant upgrade to OWASP's Association Management System (AMS) and the proposed plan for updating our membership models.
  • Association Management System
    • Planned for February 2017
    • Runs atop the OWASP Foundation's Salesforce account
    • Handles many operational aspects: membership, conference registrations, etc
    • New AMS allows us to re-think our past membership model
    • Beginning the first week of February, we'll start the migration to the new AMS
    • Blocked: Board did not vote on the membership changes below during the Jan 11th Board Meeting; on hold until the February 8 board meeting.
  • Updating Membership Models
    • New plans created by staff based on past community, board and staff discussions
    • Account for diverse membership
    • Developed to optimize accessibility and growth
    • Request to the OWASP Community: Please provide feedback prior to the Jan 11th Board Meeting when staff is asking for approval of the new membership plans. The links above allow for public comments.
Projects
  • New projects
    • 2 Documentation projects
    • 5 Tool projects
    • 2 New Code Projects
    • Project Reviews
    • Multiple projects under review - look for requests for feedback this month!
Updates on Events for 2017
  • AppSec EU 2017
    • CFP & CFT Final Review
  • AppSec USA 2017
    • CFP and CFT planned to open by the end of January - look for announcements soon!
  • AppSec California 2017 happens January 23 - 25 in lovely Santa Monica CA
Membership and Outreach
  • Member numbers for December
    • 2048 Individual members
    • 70 Corporate members
  • Membership drive planning begins - tentative June launch
Community
  • Claudia and Tiffany have started the planning for an updated OWASP Volunteer program
    • Planned enhancements include searchable descriptions of opportunities, details including expected time commitment and volunteer profiles
  • Women in AppSec (WIA) Committee has been formed - Congrats!
  • Chapter Leader Handbook updates continue - draft version tentatively available at Feb Board Meeting
  • Pending a board vote: Request for a committee to be invite only as an exception to the Committee 2.0 rules
As always, the OWASP staff are here to help make the OWASP community even stronger. If you have any question, concern or need, let us know by using the ‘Contact Us’ form here.
Your friendly neighborhood OWASP staff:
Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt


OWASP in the NEWS!

OWASP AppSec California Brings Diversity to the Beach – ITSP Magazine, January 27, 2017
Cyber security career has massive potential – Belfast Telegraph, January 3, 2017

projects
OWASP Projects

Project Graduation Updates

Graduation is the process by which Projects move between Incubator, Labs, and Flagship levels. It includes a self review, followed by a review by our Senior Project Coordinator Matt Tesauro, and finally certified by our community through peer review. You can read about our recent Project Graduates or sign up to be a peer reviewer.


Combating the Vulnerability Chaos with OWASP DefectDojo

Greg Anderson invites you streamline your entire application security process by exploring DefectDojo with a live demo of the vulnerability aggregation tool.


OWASP is Once Again Participating in the Google Summer of Code Program

It is that time of year again! OWASP will participate in the Google Summer of Code (GSoC). We love that GSoC is a great vehicle to introduce students to both open source projects and application security with real, hands on projects. Long time Project Leader Konstantinos Papapanagiotou notes “GSoC is an amazing opportunity for projects to make significant progress in terms of code and attract new, enthusiastic contributors. On a personal basis I enjoy GSoC because it gives me the opportunity to interact with numerous students around the world and participate in one of the largest open source initiatives.”
To read more about this event and sign up to participate check out our blog post.

Conference
OWASP Events

Global AppSec Events

AppSec Europe 2017  8–12 May, 2017, Belfast, UK
AppSec USA 2017   September 19–22, 2017, Orlando, Florida, USA


Local and Regional Events

AppSec Africa 2017   February 1–2, 2017, Casablanca, Morocco
SnowFROC 2017   March 16, 2017, Denver, CO, USA
Latam Tour 2017   April 3–28, 2017, South America
OWASP Middle East Cyber Security Conference 2017   May 3–4, 2017, Dubai, UAE


Project Summits

OWASP Project Summit 2017 June12–16, 2017, London, UK


Partner and Promotional Events

Cyber Resilience & InfoSec 2017  February 6-7, 2017   Abu Dhabi, U.A.E.
SC Congress London   February 23, 2017   London, UK
CyberCentral   April 4-6, 2017   Prague, Czech Republic
QuBit Conference 2017   April 4-6, 2017   Prague, Czech Republic   OWASP members save 10% by using discount code: QB17OWASP
Cyber Security North Africa Summit   April 26-27, 2017   Cairo, Egypt  
SC Congress New York   May 2, 2017   New York, NY
Techno Security & Digital Forensics Conference  June 4-7, 2017   Myrtle Beach, SC
SC Congress Toronto   June 13-14, 2017   Toranto, Canada

AppSec EU 2017

chapters
OWASP Chapters

New Chapters!

Welcome to our new chapters in January!
Trichirappalli New Jersey Central
Chattanooga Surat
Vellore Iowa City
Ankara  
In 2016 OWASP grew in 2016—especially in Asia and the Middle East.
Jakarta Haryana
Mexicali Cebu
Malta Tallahassee
Varanasi Botswana
Richmond Punjab
Jodhpur Riviera Maya
Pondicherry Gandhinagar
Tripoli Sāo José dos Campos
Durgapur Medellin
Okinawa Fukushima
Burkina Faso Visakhapatnam
Alexandria Jalandhar
Cuttack  


From uni-directional to vibrant and dynamic: Ottawa Chapter on becoming a community

There are two challenges that consume most chapters: getting speakers and growing their community. The Ottawa Chapter documented their approach to growing 450% in one year. The key to their success was diversity of activities and actively courting a diverse membership. You can read more about their experiments on the blog.


Request for Blog Content

OWASP would like to start spotlighting chapter activity on our blog. If your chapter hosted and recorded an amazing talk that just NEEDS to be shared, or perhaps you ran a great event and would like to help other chapter follow suite think about writing a blog post to be shared on the OWASP Blog. Contact our community manager, Tiffany Long for more details.

Membership
OWASP Membership
We would like to thank the following companies for supporting the OWASP Foundation. The companies listed below have contributed this month by either renewing their existing Corporate Membership or joining OWASP as a new Corporate Member. Details about Corporate Membership can be found here.
 
Contributor Corporate Members
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
 
Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.
 
Cybozu%2BLogo%2B2017
Cybozu is a Japanese cloud computing vendor founded in 1997. Its service supports effective team collaboration hence our services are widely used from large-scaled teams like multinational enterprises to small-scaled teams like volunteer groups, clubs even families. “kintone” is one of the Cybozu’s key products released in 2011.
It is called "no-code application platform" which makes work more productive through business applications. It is recognized as one of the leading vendors in” Gartner 2016 Enterprise application Platform as a Service (aPaaS), Worldwide Magic Quadrant”.
Cybozu has been focusing on security enhancement. It has started "bug bounty project" in 2013 to find any vulnerabilities which may exist in its product in order to provide its customers with the most secure service possible.
For more information about Cybozu, please visit https://www.cybozu.com/jp/.
 
Want your name here? Find out how by visiting our Corporate Member information page, or contact or contact our Membership & Business Liaison Kelly Santalucia today! Thank you to all of our Premier and Contributor Corporate Members for your support in 2017!


New Membership Proposal

Over the last several months there have been a number of ideas put forth for how to modernize our membership plan from simply adjusting the cost to developing an entirely new membership organization. Our current membership plan is in need of optimization. This proposal includes back end system integration upgrades and modern price tier structures.
Concurrently, OWASP is upgrading our Association Management System (AMS) this spring; some of the improvements in the AMS will allow us to think about membership in a host of new ways. To this end our Operations and Membership team have put together a Flexible Individual Membership plan and updated our Corporate Membership plan. These plans account for our diverse membership are developed to optimize accessibility and growth. We are asking for the Community to provide feedback and the Board to vote on them at the February 8 meeting so that they may be included in the February AMS migration.

Feedback can be submitted via the board list or by attending the board meeting

Social Media
OWASP Social Media

OWASP Social Media Sites

Thursday, January 26, 2017

From uni-directional to vibrant and dynamic; Ottawa Chapter on becoming a community

Today's guest post is by Tanya Janca Co leader of OWASP Ottawa


OWASP Ottawa used to be like most tech meetups, presentation-style meetings with 15-20 techies in the room for a 45 minutes presentation, followed by your typical Q&A. For the Ottawa chapter all of this changed when the Chapter Leadership decided to re-imagine OWASP into the kind of meetup that they would really want to attend for themselves.  What followed was a membership increase of 450%, with female membership up by 5700% (yes, you read that right!), new types of events, a mentoring program, more talks, pre and post meeting social time, and a feeling of real community. 

The first thing the Ottawa Chapter decided to look at was the lack of diversity in their membership; because diversity breeds innovation, and, it turns out, a great social atmosphere.  To try to address this, one of the leaders started attending all the female-only tech events around town, as well as regular tech meet ups and conferences, and personally inviting everyone, especially women, to OWASP.  Then she started doing technical talks as well, ending all the talks with an invite to join.  This has gotten big results for the chapter, with new members signing up on Meetup.com after each outreach engagement.  In 2015 the Ottawa Chapter also started an annual Capture the Flag (CTF) contest, which is a beginner level event that involves solving security puzzles.  They put on the CTF because it's the type of experience that they want to have.  The CTF is wildly popular, and is now the best-attended event of the year.  The leaders were onto something, and having a great time doing it.

The next thing was finding a reliable, comfortable and awesome venue; and in Ottawa, this meant Shopify.  Shopify is extremely supportive of the technical meetup ‘scene’ in Ottawa, and partnered with the OWASP chapter to provide a stylish, trendy and fully wi-fi enabled location for all of their meetups for the last two years.  The chapter also switched over to using Meetup.com at this point, instead of the email list, to make keeping tracking of RSVPs 1000 times easier, and to enable people who do attend to reach other to each other and communicate more easily.  Plus, it helps with remembering names.  

During 2016, OWASP Ottawa decided to step it up a notch; they started having two speakers per night instead of one, they had their first beginner-style talks about application security (for newcomers), had their first two female speakers. They also single handedly launched a mentoring program from scratch.  The entire atmosphere of the meetings has changed.  The previous curious smiles and furtive glances has turned into people shaking hands when they walk in.  The monthly get-togethers are no longer just a professional networking opportunity.

For 2017, the Ottawa chapter plans to continue their momentum.   They started by adding 5 new volunteers, and creating a pre-committee to evaluate if Ottawa is capable of hosting the first ‘AppSec North’.   Many brand new events and initiatives for 2017 were also rolled out, including an OWASP Ottawa slack channel, video taping and uploading of all new talks, as well as a more-aggressive recruitment program for new members.   

You may be wondering at this point if you can get results like this for your chapter.  The answer is you can, you just need to start doing something new.  You probably have a list of ideas in the back of your mind, which is a good place to start.   You can also survey your membership and listen to their ideas, check out what other chapters are doing, or even use any of the ideas from this article (list below) and try them out for your chapter! The point is, if you want to  see  some changes you need to  make  some changes.   If the old way isn’t working, why not try something new?  

Potential ideas for your chapter:
  • If the leadership of your chapter is not diverse you are potentially limiting your viewpoint.  Add a woman, a student, an immigrant, an ethnic minority and/or someone else new and different to your organizing team in order to gain new perspectives.
  • Team up with other community focused groups such as the public library, student associations or other IT groups.
  • Branch out in the types of events that you offer, consider running a Capture the Flag, a workshop or some other hands-on type of event.
  • Start hosting “intro to AppSec” events, as well as slightly "off topic” lectures that may draw in a different crowd.
  • If someone gives a really great talk about Application Security and they mention OWASP, as them if they would consider giving that same talk to other meet ups and groups, and help them arrange it.

If you’d like further details on how the Ottawa chapter has revitalized the scene, you can write the Ottawa chapter leaders,  Sherif.Koussa@owasp.org  or  Tanya.Janca@owasp.org, for details. The point is, if you want to  see  some changes you need to  make  some changes.   If the old way isn’t working, why not try something new?  

With these ideas and tools in mind, we wish you great success in running your chapter!

Monday, January 23, 2017

OWASP is Once Again Participating in the Google Summer of Code Program


It is that time of year again!  OWASP will participate in the Google Summer of Code (GSoC).  We love that GSoC is a great vehicle to introduce students to both open source projects and application security with real, hands on projects. Through GSoC students will apply to work with you on your project.  Once an OWASP Mentor has "hired" a student, the mentor will guide them through coding tasks they set to improve their OWASP Project.  Both the project and the student will receive a small grant to compensate for their time, but Leaders tend to love spending time working with students who are able to focus on their project for three months most.  

The program is completed entirely online and students and mentors from more than 100 countries have participated in past years. Students who have worked with OWASP often become long term volunteers and Project Leaders in their own rights!

How you can get involved:
If you are a project leader and would like for your project to participate add your idea on our GSOC 2017 Idea wiki page ASAP!  The deadline to be involved is Feb 6th.

Become a Mentor: 
Do you want to become a mentor for a student?
Choose a participating OWASP project from the wiki page, preferably the one you are most familiar with.

Touch base with the project leader and ask one of the OWASP Organizational Administrators (Konstantinos Papapanagiotou, Claudia Aviles Casanovas, & Fabio Cerullo) to send you an invitation to get started today.

Help OWASP Invite Students: 
Are you somehow affiliated with a university? Get in touch with students, inform them about the program and how they can participate with OWASP.  Please direct students to the wiki page for details: https://www.owasp.org/index.php/GSOC_2017_for_Students

If you need help or supporting material you can email one of the admins.

 Let's make this OWASP-GSoC event the best ever and a success!





Monday, January 16, 2017

OWASP 2017 Graduation Reviews - Volunteers Needed!

OWASP is reviewing projects who wish to graduate from Incubator to Lab.  The purpose of this assessment is to determine whether a project meets the minimum criteria to graduate as outlined in the Project Health Assessment Criteria Document.  The review process begins with an initial self-assessment done by the project leader and reviewed by Matt Tesauro.  Next the the assessment enters the peer review phase where we ask volunteers in our OWASP Community to participate and finalize the results.   


It is our goal to have at least two or three reviewers per project to provide their expertise and feedback for each OWASP Project listed below.  If you would like to help sign up by February 15th.

I have included a Sample of a Project Assessment for your review and consideration.


 



Type of Project:  Tool
Project Leader: Bjoern Kimminich
Project Name: OWASP Juice Shop Project
Wiki Page:  https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
Github Linkhttps://github.com/bkimminich/juice-shop

Description:​
OWASP Juice Shop is a professionally developed application using all sorts of quality assurance tools and automation processes to ensure it is working as intended. The project is in development since October 2014 and just recently joined the OWASP project inventory. It would be unfortunate to leave it in "Incubator" state longer that absolutely necessary given the maturity the project gained over the last 2 years.





Type of Project:  Code
Project Name: OWASP DefectDojo Project
Project Leader:  Greg Anderson
Project Web Page:  https://www.owasp.org/index.php/OWASP_DefectDojo_Project
Project Github: https://github.com/OWASP/django-DefectDojo

Description:
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.  DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.




Type of Project: Tool 
Project Name: OWASP Benchmark Project
Project Leader:  Dave Wichers
Project Web Page:  https://www.owasp.org/index.php/Benchmark
Project Github: https://github.com/google/benchmark

Description:
An enormous amount of work has gone into this project already and we are planning to do a lot more. The ability to run the Benchmark in just a few minutes, and then score a large set of tools automatically once their results files have been produced is a significant capability that required a huge amount of work to produce. There is nothing else like it in the industry and the quality of the scorecard output is very high.






Project Type: Code
Project Name: OWASP Node.js Goat Project
Project Leader:  Chetan Karande
Project Web Page:  https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project
Project Github: https://github.com/OWASP/NodeGoat

Description:
Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.






Project Type: Documentation
Project Name: OWASP Automated Threats to Web Application
Project Leader (s):  Colin Watson & Tin Zaw
Project Web Page: https://www.owasp.org/index.php/OWASP_Automated_Threats_to_Web_Applications
PDF Doc Link: https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf

Description:
Web applications are subjected to unwanted automated usage – day in, day out. Often these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities. Also, excessive misuse is commonly mistakenly reported as application denial-of-service (DoS) like HTTP-flooding, when in fact the DoS is a side-effect instead of the primary intent. Frequently these have sector-specific names. Most of these problems seen regularly by web application owners are not listed in any OWASP Top Ten or other top issue list. Furthermore, they are not enumerated or defined adequately in existing dictionaries. These factors have contributed to inadequate visibility, and an inconsistency in naming such threats, with a consequent lack of clarity in attempts to address the issues.




January 2017 Corporate Members


January 2017 Corporate Members

We would like to thank the following companies for supporting the OWASP Foundation.  
The companies listed below have contributed this month by either renewing their existing 
Corporate Membership or joining OWASP as a new Corporate Member.  

Details about Corporate Membership can be found here.

Contributor Corporate Members


Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.


Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.



Cybozu is a Japanese cloud computing vendor founded in 1997.
Its service supports effective team collaboration hence our services are widely used from large-scaled teams like multinational enterprises to small-scaled teams like volunteer groups, clubs even families. “kintone” is one of the Cybozu’s key products released in 2011.
It is called "no-code application platform" which makes work more productive through business applications. It is recognized as one of the leading vendors in” Gartner 2016 Enterprise application Platform as a Service (aPaaS), Worldwide Magic Quadrant”.

Cybozu has been focusing on security enhancement. It has started "bug bounty project" in 2013 to find any vulnerabilities which may exist in its product in order to provide its customers with the most secure service possible.
For more information about Cybozu, please visit https://www.cybozu.com/jp/


Want your name here? Find out how by visiting our Corporate Member information page, or contact our Membership & Business Liaison, Kelly Santalucia today!  Thank you to all of our Premier and Contributor Corporate Members for your support in 2016!


Monday, January 9, 2017

OWASP Project Graduation Update


Congratulations to Project Leaders below on moving your project forward to the next level!

New Flagship Project:
Lab to Flagship Status
Project Name: OWASP Security Shepherd
Project Leader:  Mark Denihan
Project Web Page:  https://www.owasp.org/index.php/OWASP_Security_Shepherd


New Lab Projects:

Project Name: OWASP Seraphimdroid
Project Leaders: Nikola Milosevic, Kartik Kholi


Incubator to Lab Status Project Review Report
Project Name: OWASP Security Logging Project

Project Leader:  Sytze van Koningsveld


-- 

Friday, January 6, 2017

OWASP Operations Update for January 2017

Welcome to the first operations update for 2017.  We started monthly blogs about what's happening at the OWASP Foundation back in December.

Here's our major efforts and status of those in process starting with updates from last time:

The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.  Since last month, we've

  • Made progress on Phase 1 - updating the wiki to 1.27.x
    • Got the wiki source and all extensions in Git repos
    • Started coding Ansible to automate our deploys and updates
    • Production roll-out - mid-January
  • Next up Phase 2 - Updating the look and feel of the OWASP Wiki
    • Blocked: waiting for the 2017 Budget to get approved by the OWASP Board
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.  There’s a ton of moving parts to this effort but here’s what we focusing on currently:

  • Migration to Discourse
    • Evaluation of Discourse showed it would fit our needs
    • Worked with/reverse engineered the Discourse API to ensure we can automate:
      • Migration from Mailman
      • Future operational tasks
    • An empty production site is expected mid-January
  • Beta program for the Foundation's Global Meetup account is continuing.
Two new major, interlinked efforts

Two major efforts are starting this month - a significant upgrade to OWASP's Association Management System (AMS) and the proposed plan for updating our membership models.
  • Association Management System
    • Runs atop the OWASP Foundation's Salesforce account
    • Handles many operational aspects: membership, conference registrations, etc
    • New AMS allows us to re-think our past membership model
    • Beginning the first week of February, we'll start the migration to the new AMS
  • Updating Membership Models
    • New plans created by staff based on past community, board and staff discussions
    • Account for diverse membership 
    • Developed to optimize accessibility and growth
    • Request to the OWASP Community: Please provide feedback prior to the Jan 11th Board Meeting when staff is asking for approval of the new membership plans.  The links above allow for public comments.
Projects
  • New projects
    • 2 Documenation projects
    • 5 Tool projects
    • 2 New Code Projects
  • Project Reviews
    • Multiple projects under review - look for requests for feedback this month!
Updates on Events for 2017
  • AppSec EU 2017
    • CFP & CFT Final Review
  • AppSec USA 2017
    • CFP and CFT planned to open by the end of January - look for announcements soon!
  • AppSec California 2017 happens January 23 - 25 in lovely Santa Monica CA
Membership and Outreach
  • Member numbers for January
    • 2048 Individual members
    • 70 Corporate members
  • Membership drive planning begins - tentative June launch
Community
  • Claudia and Tiffany have started the planning for an updated OWASP Volunteer program
    • Planned enhancements include searchable descriptions of opportunities, details including expected time commitment and volunteer profiles
  • Women in AppSec (WIA) Committee has been formed - Congrats!
  • Chapter Leader Handbook updates continue - draft version tentatively available at Feb Board Meeting
  • Pending a board vote: Request for a committee to be invite only as an exception to the Committee 2.0 rules
As always, the OWASP staff are here to help make the OWASP community even stronger.  If you have any question, concern or need, let us know by using the ‘Contact Us’ form here.

Your friendly neighborhood OWASP staff:
          Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt