Friday, July 27, 2018

Thursday, July 26, 2018

Call for Candidates for OWASP Global Board of Directors 2018

Ends on August 31, 2018
Welcome to the call for candidates for the OWASP Foundation Global Board of Directors.  If you are unsure or new to the OWASP Foundation Board elections, the full details of the 2018 election can be found on the OWASP wiki.
After reading that wiki page and checking that you meet the eligibility requirements, we encourage interested community members to complete this form to let the OWASP Foundation know your intent to be a candidate.
Thanks to all the current, past and future Board members for helping to grow the OWASP Foundation.

Tuesday, July 24, 2018

July 2018 Connector

July 2018


Letter from the Chairman  

Dear OWASP Community,

Thank you again those who attended, spoke, volunteered and trained at AppSec EU 2018.  We had a great conference in the heart of London.  With almost 600 attendees we enjoyed exclusive and very innovative talks, many students benefited from the variety of hands-on training, and mostly we enjoyed seeing everyone.  As an open source community, it is vital and very important that the community comes together at the OWASP Events and we found connecting and meeting new members very rewarding. So thank you all again.  

Now we look forward to several busy months preparing for the next premier conference in Application / Information Security- AppSec USA!  This conference will begin to take place from October 8-12.  There are many hands-on training sessions and a large number of talks that span a variety of topics and issues.  

The conference is also a great location for project leaders to meet the members of the community to discuss the many opportunities to support and engage in a project.  

These events are prepared for you the community.  We hope you will join us (Register Now)  in San Jose for some training, talks, and networking!

Martin Knobloch
OWASP Chairman of the Board

Ads are not endorsements and reflect the messages of the advertiser only.


What a fantastic conference we had in London thanks to all the great sponsors, speakers, trainers, volunteers, and attendees. 

The project reviews begun at AppSec EU 2018 are still on-going. We had a decent turn out of reviewers; thanks to all of you that showed up!
We also had a great leader meeting.  Some of the project specific items from the meeting include the addition of the Amass project which has now been added to the project inventory, the use of JIRA for more project requests beyond funding (new project, graduation, etc.), and the ongoing effort to connect our CRM to the front-end to provide up-to-date, vital information for our project leaders.  In addition, we also discussed ideas around separating the Project Summits from the conferences and providing an area for services such as tech writing, development, and translation where project leaders can find the talent needed to help round out or complete the project.  Be on the lookout for the video and slide deck that was presented at the conference; it will be posted soon.

Our mentors continue to work with their students on the Google Summer of Code projects.
Important GSoC Dates:
August 6-14: Students wrap up their projects and submit the final evaluation of their mentor
August 14-21: Mentors submit final evaluations of students
Early October: Packages with t-shirts and stickers are shipped to students who pass the program.

Project Highlight: Mobile Security Testing Guide

"Define the industry standard for mobile application security." This was the goal of the OWASP Mobile Security Testing Guide (MSTG) when the project was started 2 years back. Now the project is proud to announce that version 1.0 of the MSTG was released in June 2018.

The MSTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS).

There are various ways to get the first release, see the Github Repo for more details:

✓ Download it
✓ Read it
✓ Use it
Give Feedback and create an issue! 
Other Project News: Dependency-Track v3.1.0 is now available.

Dependency-Track is a Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components. Version 3.1.0 incorporates a number of enhancements including an advanced auditing workflow engine, support for outdated dependency version detection, additional metrics, and a host of other improvements.





You may also be interested in one of our other affiliated events:

Event Type Date Location
AppSec Israel Regional September 5-6 Tel Aviv, Israel
OWASP Portland 2018 Training Day Regional October 3 Portland, OR
AppSec Morocco 2018 Regional October 4-5 Morocco
OWASP Poland Day 2018 Regional October 10 Poland
OWASP AppSec Day 2018 Regional October 19 Melbourne, Australia
LASCON 2018 Regional October 23-26 Austin, TX
OWASP AppSec Bucharest 2018 Regional October 25-26 Bucharest, Romania
OWASP BASC 2018 Local October 27 Boston, MA
OWASP AppSec Indonesia 2018 Regional November 1-3 Indonesia
German OWASP Day Regional November 19-20 Münster, Germany
OWASP Norway Day 2018 Regional November 29 Norway
AppSec California 2019 Regional January 22-25, 2019 Santa Monica, CA
Event Date Location
(ISC)² EMEA Secure Webinars June 26, 2018 - Weekly Virtual
Black Hat USA 2018 August 4-9 Las Vegas
DEF CON 26 August 9-12 Las Vegas
44CON September 12-14 London
DevSecCon Boston September 13-14 Boston
Cyber Resilience Summit October 16 Arlington, VA
DevSecCon London October 18-19 London
Infosecurity North America New York November 14-15 New York

Ads are not endorsements and reflect the messages of the advertiser only.
Click to see all the pictures of AppSec EU 2018 in London  




During a call with Chapter Leader Aaron Weaver, I asked him what are the things that he knows now that he wished he knew when he started the Philadelphia chapter.  Here are two from that list and my answers:

(1) How do you get a reimbursement for a chapter expense?

First, make sure your expense is a valid one per the Chapter Handbook - ideally before you spend anything.  Once you’ve made a valid expense, you’ll submit it to the OWASP Service Desk or OSD.  There’s an established workflow for OSD requests and status + updates to your request are always available and emailed to keep you updated on its progress.  Chapter expenses must be approved by a chapter leader (not the one that submitted - of course) and two leaders are required for expenses greater than $500 USD. (one reason why we suggest 3 leaders for a chapter) We’ve got all the details including step-by-step screenshots on the wiki here.

If you lose the link above, don’t worry, a quick Google of “OWASP reimburse” will get you there.

(2) Do I need to update the chapter wiki page if I’m part of the OWASP Foundation’s Meetup Pro account?

No - but that’s not entirely true.

You do have to update the wiki page once - to add the wiki tag that automagically keeps your chapter wiki page updated.  After that, any meeting on your chapter Meetup page will be displayed on the chapter wiki page.  ONE AND DONE!

To get this magic in your chapter life, you’ll need to do a couple of things:

(1) To have your chapter on the OWASP Foundation’s Meetup Pro account.  If you don’t, submit a request to “Contact Us” and we can set that up for you.

(2) Add the wiki tag “ to your chapter’s wiki page

That’s it.  If you want to see an example of this working, you can look at the OWASP Ottawa Chapter page and the wiki source for that page where you’ll see “” do its magic.

That’s all for July - look for more questions answered in future Connectors.

-- Matt Tesauro, Director of Community and Operations


 Premier Corporate Members: 

Corporate Contributors

join us
make a donation
view this email in your browser
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, # 232
Bel Air, MD 21014  US
Fax: 1-443-283-4021
Contact Us

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.