Monday, November 12, 2018

The 2019 OWASP Board has been elected

Your 2019 Board has been elected

Thank you to everyone who voted in the Board of Directors election!

The OWASP Board consists of seven volunteers elected on alternating years to serve a two year term. These unpaid volunteers dedicate themselves to the organizational mission and playing a pivotal role in the software security community.  Members of the Global Board of Directors are responsible for setting the strategic direction of the organization and ensuring the financial integrity of the Foundation.

Our thanks to everyone who stood for the board this year, your willingness to take on time consuming duties to further OWASP's mission is greatly appreciated.  OWASP is fortunate to have such talented and active volunteers and we look forward to continuing to work with you.

Please help me in welcoming your new board members:
Martin Knobloch    
Richard Greenberg    
Gary Robinson

To listen to the newly chosen board member interviews click on their names or please visit our Election page.

Come January 1, 2019 these three new board members will begin their two year term. 

Full Election results:

Friday, November 2, 2018

Serverless Top 10 added to the Project Inventory

Included among the recent projects added to the OWASP Projects inventory, is the Incubator project Serverless Top 10, headed by Tal Melamed.  Please read on to find out more about the project from Tal himself.

The Serverless Top 10 project has launched a report, designed to be a first look into the leading risks in serverless security and to serve as a baseline for the project. We would like to thank everyone who participated in the project and made it possible with special thanks to our project sponsor, Protego Labs.

Shedding Light on Serverless
The aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most common and most important web application security weaknesses. The Serverless Top 10 report examines the differences in attack vectors, security weaknesses, and business impact of successful attacks on applications in the serverless world, and, most importantly, how to prevent them. This report will evaluate the famous OWASP Top 10 project risk listing by “running” them through a serverless environment, shedding light on serverless by demonstrating them from both the attacker’s and the defender’s points of view.

Changing AppSec with Changing App Design
“The OWASP Top 10 2017 report focused on traditional application security. Since applications on ey serverless architectures are vastly different, security risks have changed,” said Tal Melamed, Serverless Top 10 project lead. “With serverless, hackers must try different vectors and approaches for attacks; developers cannot employ traditional perimeter protections and need to change their way of thinking, as almost none of the mitigations suggested for traditional systems would fit in the serverless world, which is why we’re working on the serverless Top 10 project.”

 The Serverless Top 10 will also be based on data collected from real industry input through an open call and it is scheduled for a first, official, release in Q2 2019.

Visit our official project page for more information about the roadmap and how to get involved.

Tal Melamed,
OWASP Serverless Top 10 Project Lead