Monday, May 6, 2019

OWASP Announcement

🕬  OWASP Announcement:

The OWASP Foundation has been chosen to be 1 of 50 Open Source Organizations to participate in the inaugural year of the Google Season of Docs program.

The goal of Season of Docs is to provide a framework for technical writers and open source projects to work together towards the common goal of improving an open source project's documentation. For technical writers who are new to open source, the program provides an opportunity to gain experience in contributing to open source projects. For technical writers who're already working in open source, the program provides a potentially new way of working together. Season of Docs also gives open source projects an opportunity to engage more of the technical writing community.

We would like to thank the OWASP members that donate their time and knowledge as administrators and mentors. It would not be possible if not for these individuals:
Spyros, Fabio, and Konstantinos 

Friday, May 3, 2019

OWASP Web 2.0 Project Update

Some of you likely recall the talk back in 2016 or so of updating the OWASP Foundation website to not appear so much like a...well, a wiki.  That talk was carried forward into 2017 and 2018 and, with each year, the proposal got pushed ahead as there were other, deeper projects to tackle.  With the arrival of 2019 and a firm project plan under the guidance of Mike McCamon, Executive Director, we are finally moving toward a functioning, modern website that will be a whole lot  The journey has been circuitous and, while we are not anywhere near complete, we have a set plan in place to bring it to fruition within the calendar year (second quarter of the year, actually).

TLDR: How Can You Help? 

There are certainly ways in which you can get involved now.  For instance, we are looking for a clean way to get wiki pages into GitHub markdown format for archival.  I have done some work here but there are parsing issues with some of the tools.  Do you know a good tool or have you done similar work?  Also, are you or do you know a good designer, someone familiar with GitHub pages that can provide some useful help and feedback along the way?  A Jekyll expert to help code a theme with a handful of templates would be a great addition.  In addition, we could use website server admins who could help with assigning redirects to maintain search integrity.  Finally, there will be a great many pages to move that we will also eventually need community involvement in.  

So, What Have We Done? 

Thus far we have researched various ideas for standing up a new site, including modifying the current wiki, spinning up our own web server, contracting a third party to host and build a new site, and also using existing infrastructure with our own content to launch a new face for OWASP.  Our discussions led us to a familiar place, one that nearly every developer in the OWASP space is familiar with: GitHub.   

In our conversations with GitHub, it became readily apparent that using the platform would be a win for the Foundation as well as GitHub.  Nearly everyone who runs a project at OWASP (documentation or otherwise) uses GitHub.  Because our target audience is also mostly developers we know that they are also very comfortable with the platform.  And while GitHub has a number of high profile companies using their GitHub Pages, the use of the platform as the basis for the entire website of the number one non-profit foundation in the application security sector is a big draw.

We have run with that GitHub Pages idea and have spent internal manpower on a proof of concept.  This proof of concept is less about the UX of the site than the functionality, the ability to utilize the authentication systems, and the ability to utilize automation to push out changes quickly.

Where Are We Now?

We are doing the final stages of website architecture. We are also planning what needs to be in the site, how the pieces will integrate with current projects and chapters, and how we might utilize the community to integrate the pieces so that we have a visually and functionally cohesive website that spans across multiple repositories.

What Is Next?

We will soon be looking for a modern website design that is responsive and clean.  We will begin using the knowledge gained from our proof of concept to build out the internals of the website and then we will start implementing the highest traffic pages and administrative areas into the new platform.  Once we have the big-ticket items moved we will start looking at what is left and moving over those pieces.  The eventual goal would be to have a new, modern website for the future of OWASP while keeping the wiki as an archive of really useful information.

We hope you are as excited as we are about the future of the OWASP Foundation website and will join us as we move toward a modern web presence.  If you have any questions or would like to volunteer your time, experience or knowledge, please contact me at

Monday, April 29, 2019

Global AppSec Tel Aviv 2019- Call for Volunteers
(limited space available)
Active paid OWASP members have priority
If any slots remain will open to the general public.
Please email for volunteer-related questions.
 Link to volunteer:

Thursday, April 25, 2019

Global AppSec Tel Aviv 2019 Keynote Speakers

Michal Braverman-Blumenstyk
CTO, Cloud and Al Security Division, Microsoft
Title: "The Importance of the Cloud and the Developers Communities in Fighting Cyber Crime"

Astha Singhal
Engineering Manager, Application Security, Netflex
Title: "The Evolving Community of AppSec"

Register now to secure your seat at the 2 amazing Keynote Speakers talks! 

Tuesday, April 23, 2019

April 2019 Connector

April 2019


Letter from the Vice Chairman:

Dear OWASP Community,

Over the past number of months the Board of Directors has been working on the feedback received from the community. This feedback aligned with our key strategic goals for the year. One of our key goals was to further strengthen the “P” in OWASP. To this end we have been working with the Open Security Summit to put more of a focus on improving project development and growth and hope to enable projects through events such as this.

Another goal is to strengthen our student outreach. One idea I had was to work with colleges all over the world to support our projects development as part of their internships. I wonder if there would be anyone in the community to assist in this effort by creating a Committee under the revised Committee 2.0 model - To simplify things I have added a quick start guide at the beginning of the document.

Diversity is something that we hold dear to our hearts. There are a number of people in our community that have driven this initiative to enable OWASP to be a more diverse community, without naming any names, we would like to thank them and encourage more of those in and outside of the OWASP community to get involved and help OWASP grow.

Last but not least, planning for our global conferences is well under way with OWASP Global AppSec Tel Aviv coming up at the end of May – one small ask is that everyone share information on this conference in your communities,

Thanks for all your hard work.

Owen Pendlebury
OWASP Vice Chairman


For these first few months I have been focused on business operations retooling. As you know, Mailman was recently retired. There is now an online static archive of historical messages. Our goal before Q3 is to have most of our tools on managed, trusted hosted services.

We have increased our use of JIRA to manage inbound requests and last month the team closed 98.6% of service tickets within their prescribed SLA. In January it was 20.4%. This is a very big accomplishment and demonstrates our progress on this work effort. There have also been a number of back office changes that most members won’t notice, but we’re focused on stronger business continuity for the long term.

In addition to all our upcoming events, the staff along with some members of the community are actively prototyping how we will completely update the website this summer. This effort will not be simply cosmetic, it will be a foundational change in how we manage and publish content that we believe will better connect with our community - and more importantly help us grow. Expect more updates on this in the coming months.

Be safe out there,

Mike McCamon
OWASP, Interim Executive Director
Have you Registered yet? 
Sponsorship for Global AppSec Tel Aviv is still available.  
Global AppSec DC September 9-13, 2019
submit to the Call for Papers and Call for Training


You may also be interested in one of our other affiliated events:


Event Date Location
Latam Tour 2019 Starting April 4, 2019 Latin America
OWASP Portland Training Day September 25, 2019 Portland, OR
LASCON X October 24-25,2019 Austin, TX
OWASP AppSec Day 2019 Oct 30 - Nov 1, 2019 Melbourne, Australia

Event Date Location
Cyber Security and Cloud Expo Global April 25-26, 2019 London
IoT Tech Expo Global April 25-26, 2019 London
Internet of Things World May 13-16, 2019 Santa Clara Conventional Center, CA
Hack in Paris 2019 June 16-20, 2019 Paris
Cyber Security and Cloud Expo Europe June 19-20, 2019 Amsterdam
IoT Tech Expo Europe June 19-20, 2019 Amsterdam
it-sa-IT Security Expo and Congress October 8-10, 2019 Germany


The Project Showcase at Global AppSec Tel Aviv has received a great deal of interest.  Anyone attending will be in for a steady stream of information on OWASP Projects.  The following projects are proposed for the showcase (the actual schedule has not been developed so the order is not indicative of time slots):

Project Presenter(s)
Glue Tool Omer Levi Hevroni
Internet of Things Aaron Guzman
Embedded AppSec Aaron Guzman
Software Assurance Maturity Model (SAMM) John DiLeo
API Security Erez Yalon, Inon Shkedy
Mod Security Core Rule Set Christian Folini, Tin Zaw
Automated Threats Tin Zaw
Application Security Curriculum Project John DiLeo
Defect Dojo Aaron Weaver
Web Honeypot Project Adrian Winckles
Damned Vulnerable Serverless Application Tal Melamed

The scheduled for project reviews at Global AppSec Tel Aviv are the following:
Project Review Level Leaders
Snakes and Ladders Lab Colin Watson, Katy Anton
Amass Lab Jeff Foley
Attack Surface Detector Lab Ken Prole
SecureTea Tool Lab Ade Yoseman Putra, Bambang Rahmadi KP, Rejah Rehim.AA
Serverless-Goat Lab Ory Segal
Cheat Sheet Series Flagship Dominique Righetto, Jim Manico
Mobile Security Testing Guide Flagship Sven Schleier, Jeroen Willemsen

If you are attending Global AppSec Tel Aviv 2019 and can participate in the project reviews (to be held on Monday and Tuesday prior to the conference, schedule pending), then please send an email to


New OWASP Chapters
Amaravathi, India
Belo Horizonte, Brazil
Bhopal, India
Cusco, Peru
Dindigul, India
Kharkiv, Ukraine 
Meerut, India
Rio de Janeiro, Brazil
San Jacinto College, Texas
San Pedro Sula, Honduras
Seoul, Korea
West Delhi, Delhi


We welcome the following Contributor Corporate Members

Premier Corporate Members

Contributor Corporate Members
Join us
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, # 232
Bel Air, MD 21014  
Contact Us

This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences