The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
Thank you again those who attended, spoke, volunteered and trained at AppSec EU 2018. We had a great conference in the heart of London. With almost 600 attendees we enjoyed exclusive and very innovative talks, many students benefited from the variety of hands-on training, and mostly we enjoyed seeing everyone. As an open source community, it is vital and very important that the community comes together at the OWASP Events and we found connecting and meeting new members very rewarding. So thank you all again.
Now we look forward to several busy months preparing for the next premier conference in Application / Information Security- AppSec USA! This conference will begin to take place from October 8-12. There are many hands-on training sessions and a large number of talks that span a variety of topics and issues.
The conference is also a great location for project leaders to meet the members of the community to discuss the many opportunities to support and engage in a project.
These events are prepared for you the community. We hope you will join us (Register Now) in San Jose for some training, talks, and networking!
OWASP Chairman of the Board
Ads are not endorsements and reflect the messages of the advertiser only.
What a fantastic conference we had in London thanks to all the great sponsors, speakers, trainers, volunteers, and attendees.
The project reviews begun at AppSec EU 2018 are still on-going. We had a decent turn out of reviewers; thanks to all of you that showed up!
We also had a great leader meeting. Some of the project specific items from the meeting include the addition of the Amass project which has now been added to the project inventory, the use of JIRA for more project requests beyond funding (new project, graduation, etc.), and the ongoing effort to connect our CRM to the front-end to provide up-to-date, vital information for our project leaders. In addition, we also discussed ideas around separating the Project Summits from the conferences and providing an area for services such as tech writing, development, and translation where project leaders can find the talent needed to help round out or complete the project. Be on the lookout for the video and slide deck that was presented at the conference; it will be posted soon.
Our mentors continue to work with their students on the Google Summer of Code projects. Important GSoC Dates: August 6-14: Students wrap up their projects and submit the final evaluation of their mentor August 14-21: Mentors submit final evaluations of students
Early October: Packages with t-shirts and stickers are shipped to students who pass the program.
Project Highlight: Mobile Security Testing Guide
"Define the industry standard for mobile application security." This was the goal of the OWASP Mobile Security Testing Guide (MSTG) when the project was started 2 years back. Now the project is proud to announce that version 1.0 of the MSTG was released in June 2018.
The MSTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS).
There are various ways to get the first release, see the Github Repo for more details:
Other Project News: Dependency-Track v3.1.0 is now available.
Dependency-Track is a Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components. Version 3.1.0 incorporates a number of enhancements including an advanced auditing workflow engine, support for outdated dependency version detection, additional metrics, and a host of other improvements.
During a call with Chapter Leader Aaron Weaver, I asked him what are the things that he knows now that he wished he knew when he started the Philadelphia chapter. Here are two from that list and my answers:
(1) How do you get a reimbursement for a chapter expense?
First, make sure your expense is a valid one per the Chapter Handbook - ideally before you spend anything. Once you’ve made a valid expense, you’ll submit it to the OWASP Service Desk or OSD. There’s an established workflow for OSD requests and status + updates to your request are always available and emailed to keep you updated on its progress. Chapter expenses must be approved by a chapter leader (not the one that submitted - of course) and two leaders are required for expenses greater than $500 USD. (one reason why we suggest 3 leaders for a chapter) We’ve got all the details including step-by-step screenshots on the wiki here.
If you lose the link above, don’t worry, a quick Google of “OWASP reimburse” will get you there.
(2) Do I need to update the chapter wiki page if I’m part of the OWASP Foundation’s Meetup Pro account?
No - but that’s not entirely true.
You do have to update the wiki page once - to add the wiki tag that automagically keeps your chapter wiki page updated. After that, any meeting on your chapter Meetup page will be displayed on the chapter wiki page. ONE AND DONE!
To get this magic in your chapter life, you’ll need to do a couple of things:
(1) To have your chapter on the OWASP Foundation’s Meetup Pro account. If you don’t, submit a request to “Contact Us” and we can set that up for you.
(2) Add the wiki tag “ to your chapter’s wiki page