Friday, March 22, 2019

March 2019 Connector

March 2019


Letter from the Chairman:

Dear OWASP Community,

OWASP, recently, has been working on maturing the Foundation into a more professional organization. We know, that a delay in any process is frustrating, for example, the temporary halt on accepting (re-) starting chapters.  This was necessary in order to create a baseline of functioning chapters, removing those that have not been active, creating an opportunity for new chapters to be stood up. This chapter review process has been a huge and unthankful, but necessary task. This process is now complete so requests to (re-) start chapters are up and running again. We are happy to share that this month we have already 24 new chapters registered!

Another big change is the retirement of mailman and migration to Google Groups. Retrospectively, the communication and transparency of the decision-making process could have been better, we are aware of that and would like to apologize for that. Nevertheless,  we would like to thank the community for the constructive feedback we received. This will eventually lead to the improvement of the Foundations process.

In relation to community participation, I would like to again, emphasize the necessity of community engagement at a global level. For this, we have reviewed and improved the committee policies and hope for volunteers to participate.

This month, several successful local events have taken place, namely, the Lascon, SnowFroc and OWASP SeaSide events, where more than 300 attendees received free training over 3 days. We would like to thank all the volunteers involved in making this happen!

Last, not least, don't forget to register or submit your paper for the upcoming Global AppSec-TLV.

More news and improvements are coming OWASPs way, stay tuned ;)

Kind regards,
Martin Knobloch
Chairman of the Board

Many of us in the northern hemisphere are eager for a change of seasons and I’m convinced 2019 will be a great year of positive changes for OWASP.

Global AppSec Tel Aviv
In May we are adding a Global Conference to the EMEA region with Global AppSec Tel Aviv. This event will be one of only three global conferences for OWASP in 2019. The local team has been hard at work on the agenda and speakers for the event. Please visit to learn more about the conference and we’re excited to see everyone for a great event.

Staff Projects
As we kick off projects outlined in our 2019 Operating Plan, staff wanted a way to be fully transparent about our projects and progress. Feel free to visit for more details. These are working documents so they are updated throughout the project lifecycle. Lastly, I do want to mention, the list provided is not the complete work product of staff; only those projects that incur significant focused time or resources to compete. 
Email Domain. Another side, yet visible project, has been to harmonize credentials and more clearly identify staff and members of the community. Over the past few weeks, we have migrated all staff to an email domain. The email address convention remains and our old addresses will continue work for the time being by forwarding mail to our new accounts. Historically it has been more complicated than necessary to detangle staff and members - especially when auditing credential management and this change should make that task more thorough and less prone to errors.

Thank you, Matt. 
And finally, please join me in thanking Matt Tesauro for his many years of service as both a volunteer and member of the OWASP Staff. In his staff role, Matt will be leaving OWASP at the end of the month. He assures me he will continue to be involved with our mission but just not working directly at the Foundation. Thanks, Matt.

Registration is open
Sponsorships are available

Save the Date for 2 more Global AppSec Conferences
Global AppSec DC Sept 9-13, 2019
Global AppSec Amsterdam Sept 23-27, 2019 


You may also be interested in one of our other affiliated events:

Latam Tour 2019Starting April 4, 2019Latin America
OWASP Portland Training DaySeptember 25, 2019Portland, OR
LASCON XOctober 24-25,2019Austin, TX
OWASP AppSec Day 2019Oct 30 - Nov 1, 2019Melbourne, Australia


Blackhat Asia 2019March 26-29, 2019Singapore
Cyber Security for Critical Assets USA 2019March 26-27, 2019Houston, TX
QuBit Conference PragueApril 10-11, 2019Prague
Cyber Security and Cloud Expo GlobalApril 25-26, 2019London
IoT Tech Expo GlobalApril 25-26, 2019London
Internet of Things WorldMay 13-16, 2019Santa Clara Conventional Center, CA
Hack in Paris 2019June 16-20, 2019Paris
Cyber Security and Cloud Expo EuropeJune 19-20, 2019Amsterdam
IoT Tech Expo EuropeJune 19-20, 2019Amsterdam


Google Summer of Code 2019:
OWASP was accepted to be a mentor organization for 2019.
Mentors for the projects have been sent invitations and students may start applying on March 25th.

Google Season of Docs 2019:
OWASP has applied to participate in the first Google Season of Docs.  If you would like to participate, please provide your project ideas on the wiki at Google Season of Docs 2019 page.

Global AppSec Tel Aviv 2019 Project Showcase:
We are off to a great start with 10 projects currently taking part in the showcase.
Glue ToolOmer Levi Hevroni
IoTAaron Guzman
Embedded AppSecAaron Guzman
Software Assurance Maturity Model (SAMM)John DiLeo
API SecurityErez Yalon, Inon Shkedy
Mod Security Core Rule SetChristian Folini, Tin Zaw
Automated ThreatsTin Zaw
Application Security Curriculum ProjectJohn DiLeo
Defect DojoAaron Weaver
Web Honeypot ProjectAdrian Winckles
The showcase schedule is still being developed.

If you are interested in having your project participate, please send an email to with the name of your project and the names of the presenter(s). Project leaders presenting at the showcase will be provided free admission to the conference.


24 New OWASP Chapter
Ahmedabad, Gujarat
Albuquerque, New Mexico
Amman, Jordan
Barranquilla, Colombia
Bikaner, India
Bilbao, Spain
Cape Coast, Ghana
Chattanooga, Tennessee
Detroit, Michigan
Doha, Qatar
Houston, Texas
Kuwait City, Kuwait
Port Louis, Mauritius
Pune, India
San Juan, Puerto Rico
Sofia, Bulgaria
Space Coast, Florida
Sydney, Australia
Tbilisi, Georgia
Tripoli, Lebanon
Vellore, India
Vienna, Austria
Worcestershire, United Kingdom
Zhytomyr, Ukraine

We are now accepting new submissions for the followings regions:
Latin America
Student Chapters
Please submit your request at OWASP Chapter Request Form


We welcome the following Contributor Corporate Members

Premier Corporate Members

Contributor Corporate Members

Join us
Our mailing address is:
OWASP Foundation
1200-C Agora Drive, # 232
Bel Air, MD 21014
Fax: 1-443-283-4021
Contact Us  

Tuesday, March 12, 2019


Check out the training program at OWASP Global AppSec Tel Aviv 2019

Friday, March 8, 2019

Happy Woman's Day 

from OWASP and WIA 

Thursday, March 7, 2019

Retiring Mailman

Greetings. I am Mike McCamon the new Interim Executive Director for OWASP. For the past eight weeks I've been getting up to speed and learning about the culture and potential of OWASP and our extended community.

Last month I approved a project to move forward with the retirement of mailman. I myself have been a longtime fan of this open source mail list manager, however it is creating a good number of challenges for our community. Several notable points include:

  1. mailman sends password requests in plain-text email,
  2. requires additional spam filtering services to manage inbound unwanted email,
  3. requires knowledgeable sysadmin expertise to manage,
  4. and there are free alternatives that provide near identical user story functionality.

As I've been told, this retirement/migration has been discussed on/off since October 2016 when it was first suggested to the OWASP Board. It was a topic at the Leaders Meetings of 2018 and more recently in our blog, Connector, and emails to list owners and other members of the community. There is likely no volume of communication that will satisfy every community members' thirst for notice on these types of decisions.

While staff has been getting some negative feedback about this decision, it is also noteworthy we have also been getting a great number of praise and thanks from others - and on balance the positives outweigh the negatives. I take full responsibility for the decision and see this as a unexpected opportunity to learn about decision-making culture of the OWASP community. I am sorry if I have frustrated you. Our staff is already brainstorming ways we can make future policy/process changes more open and predictable. One first step is that we now host Staff Project Plans on the wiki. This project can be reviewed at

In a perfect world we would have extended this migration out over several months time ensuring better community awareness and more opportunities for feedback along the way. Unfortunately recent licensing changes with a service provider, and the impending cancellation of that service on March 22nd, we believe would have rendered our mailing lists on mailman unusable and therefore warranted swift action on a very accelerated timeline. I'm sure in your own work you have faced similar challenging decisions.

Together we are in an enviable position - our community is growing, our work is more relevant than ever, and we have thousands of passionate volunteers working for our cause. However, we cannot sit still. We must look to continuously improve and change to fit our times. It is my most sincere commitment that I, our staff, and the Board does everything in our power to enable the mission of OWASP and showcase your hard work. Thank you for your ongoing commitment toward that endeavor.